/*
* firewall3 - 3rd OpenWrt UCI firewall implementation
*
- * Copyright (C) 2013 Jo-Philipp Wich <jow@openwrt.org>
+ * Copyright (C) 2013 Jo-Philipp Wich <jo@mein.io>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
if (strcmp(s->type, "forwarding"))
continue;
- forward = malloc(sizeof(*forward));
-
+ forward = calloc(1, sizeof(*forward));
if (!forward)
continue;
- memset(forward, 0, sizeof(*forward));
-
forward->enabled = true;
- fw3_parse_options(forward, fw3_forward_opts, s);
+ if (!fw3_parse_options(forward, fw3_forward_opts, s))
+ warn_elem(e, "has invalid options");
if (!forward->enabled)
{
continue;
}
else if (forward->src.set && !forward->src.any &&
- !(forward->_src = fw3_lookup_zone(state, forward->src.name, false)))
+ !(forward->_src = fw3_lookup_zone(state, forward->src.name)))
{
warn_elem(e, "refers to not existing zone '%s'", forward->src.name);
fw3_free_forward(forward);
continue;
}
else if (forward->dest.set && !forward->dest.any &&
- !(forward->_dest = fw3_lookup_zone(state, forward->dest.name, false)))
+ !(forward->_dest = fw3_lookup_zone(state, forward->dest.name)))
{
warn_elem(e, "refers to not existing zone '%s'", forward->dest.name);
fw3_free_forward(forward);
continue;
}
+ list_add_tail(&forward->list, &state->forwards);
+ continue;
+ }
+
+ list_for_each_entry(forward, &state->forwards, list)
+ {
/* NB: forward family... */
if (forward->_dest)
{
- setbit(forward->_dest->flags[0], FW3_FLAG_ACCEPT);
- setbit(forward->_dest->flags[1], FW3_FLAG_ACCEPT);
-
- if (forward->_src &&
- (forward->_src->conntrack || forward->_dest->conntrack))
- {
- forward->_src->conntrack = forward->_dest->conntrack = true;
- }
+ fw3_setbit(forward->_dest->flags[0], FW3_FLAG_ACCEPT);
+ fw3_setbit(forward->_dest->flags[1], FW3_FLAG_ACCEPT);
}
-
- list_add_tail(&forward->list, &state->forwards);
- continue;
}
}
static void
-print_chain(struct fw3_forward *forward)
+append_chain(struct fw3_ipt_rule *r, struct fw3_forward *forward)
{
if (forward->src.any || !forward->src.set)
- fw3_pr("-A delegate_forward");
+ fw3_ipt_rule_append(r, "FORWARD");
else
- fw3_pr("-A zone_%s_forward", forward->src.name);
+ fw3_ipt_rule_append(r, "zone_%s_forward", forward->src.name);
}
-static void print_target(struct fw3_forward *forward)
+static void set_target(struct fw3_ipt_rule *r, struct fw3_forward *forward)
{
if (forward->dest.any || !forward->dest.set)
- fw3_pr(" -j ACCEPT\n");
+ fw3_ipt_rule_target(r, "ACCEPT");
else
- fw3_pr(" -j zone_%s_dest_ACCEPT\n", forward->dest.name);
+ fw3_ipt_rule_target(r, "zone_%s_dest_ACCEPT", forward->dest.name);
}
static void
-print_forward(enum fw3_table table, enum fw3_family family,
- struct fw3_forward *forward)
+print_forward(struct fw3_ipt_handle *handle, struct fw3_forward *forward)
{
const char *s, *d;
+ struct fw3_ipt_rule *r;
- if (table != FW3_TABLE_FILTER)
+ if (handle->table != FW3_TABLE_FILTER)
return;
- if (!fw3_is_family(forward, family))
+ if (!fw3_is_family(forward, handle->family))
return;
s = forward->_src ? forward->_src->name : "*";
info(" * Forward '%s' -> '%s'", s, d);
- if (!fw3_is_family(forward->_src, family) ||
- !fw3_is_family(forward->_dest, family))
+ if (!fw3_is_family(forward->_src, handle->family) ||
+ !fw3_is_family(forward->_dest, handle->family))
{
info(" ! Skipping due to different family of zone");
return;
}
- print_chain(forward);
- fw3_format_comment("forwarding ", s, "->", d);
- print_target(forward);
+ r = fw3_ipt_rule_new(handle);
+ fw3_ipt_rule_comment(r, "forwarding %s -> %s", s, d);
+ set_target(r, forward);
+ append_chain(r, forward);
}
void
-fw3_print_forwards(enum fw3_table table, enum fw3_family family,
- struct fw3_state *state)
+fw3_print_forwards(struct fw3_ipt_handle *handle, struct fw3_state *state)
{
struct fw3_forward *forward;
list_for_each_entry(forward, &state->forwards, list)
- print_forward(table, family, forward);
+ print_forward(handle, forward);
}
projects / project / firewall3.git / blobdiff