X-Git-Url: http://git.archive.openwrt.org/?p=project%2Ffirewall3.git;a=blobdiff_plain;f=forwards.c;h=5911732799969a9f14d1d1686bf28adc178fafd4;hp=d3750b53cd6c61e2fdac8b5ed61af5203d909ad5;hb=47b23946cb2d51c486cd01596744955f850e2060;hpb=ea1e5c25c1c4c8c82b51c0440d033944ccb4e2e2

diff --git a/forwards.c b/forwards.c
index d3750b5..5911732 100644
--- a/forwards.c
+++ b/forwards.c
@@ -1,7 +1,7 @@
 /*
  * firewall3 - 3rd OpenWrt UCI firewall implementation
  *
- *   Copyright (C) 2013 Jo-Philipp Wich <jow@openwrt.org>
+ *   Copyright (C) 2013 Jo-Philipp Wich <jo@mein.io>
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -19,12 +19,16 @@
 #include "forwards.h"
 
 
-static struct fw3_option forward_opts[] = {
+const struct fw3_option fw3_forward_opts[] = {
+	FW3_OPT("enabled",             bool,     forward,     enabled),
+
 	FW3_OPT("name",                string,   forward,     name),
 	FW3_OPT("family",              family,   forward,     family),
 
 	FW3_OPT("src",                 device,   forward,     src),
 	FW3_OPT("dest",                device,   forward,     dest),
+
+	{ }
 };
 
 
@@ -44,14 +48,19 @@ fw3_load_forwards(struct fw3_state *state, struct uci_package *p)
 		if (strcmp(s->type, "forwarding"))
 			continue;
 
-		forward = malloc(sizeof(*forward));
-
+		forward = calloc(1, sizeof(*forward));
 		if (!forward)
 			continue;
 
-		memset(forward, 0, sizeof(*forward));
+		forward->enabled = true;
 
-		fw3_parse_options(forward, forward_opts, ARRAY_SIZE(forward_opts), s);
+		fw3_parse_options(forward, fw3_forward_opts, s);
+
+		if (!forward->enabled)
+		{
+			fw3_free_forward(forward);
+			continue;
+		}
 
 		if (forward->src.invert || forward->dest.invert)
 		{
@@ -74,9 +83,11 @@ fw3_load_forwards(struct fw3_state *state, struct uci_package *p)
 			continue;
 		}
 
+		/* NB: forward family... */
 		if (forward->_dest)
 		{
-			forward->_dest->has_dest_target |= (1 << FW3_TARGET_ACCEPT);
+			setbit(forward->_dest->flags[0], FW3_FLAG_ACCEPT);
+			setbit(forward->_dest->flags[1], FW3_FLAG_ACCEPT);
 
 			if (forward->_src &&
 			    (forward->_src->conntrack || forward->_dest->conntrack))
@@ -92,55 +103,57 @@ fw3_load_forwards(struct fw3_state *state, struct uci_package *p)
 
 
 static void
-print_chain(struct fw3_forward *forward)
+append_chain(struct fw3_ipt_rule *r, struct fw3_forward *forward)
 {
 	if (forward->src.any || !forward->src.set)
-		fw3_pr("-A delegate_forward");
+		fw3_ipt_rule_append(r, "FORWARD");
 	else
-		fw3_pr("-A zone_%s_forward", forward->src.name);
+		fw3_ipt_rule_append(r, "zone_%s_forward", forward->src.name);
 }
 
-static void print_target(struct fw3_forward *forward)
+static void set_target(struct fw3_ipt_rule *r, struct fw3_forward *forward)
 {
 	if (forward->dest.any || !forward->dest.set)
-		fw3_pr(" -j ACCEPT\n");
+		fw3_ipt_rule_target(r, "ACCEPT");
 	else
-		fw3_pr(" -j zone_%s_dest_ACCEPT\n", forward->dest.name);
+		fw3_ipt_rule_target(r, "zone_%s_dest_ACCEPT", forward->dest.name);
 }
 
 static void
-print_forward(enum fw3_table table, enum fw3_family family,
-              struct fw3_forward *forward)
+print_forward(struct fw3_ipt_handle *handle, struct fw3_forward *forward)
 {
 	const char *s, *d;
+	struct fw3_ipt_rule *r;
 
-	if (table != FW3_TABLE_FILTER)
+	if (handle->table != FW3_TABLE_FILTER)
 		return;
 
-	if (!fw3_is_family(forward, family) ||
-	    (forward->_src && !fw3_is_family(forward->_src, family)) ||
-		(forward->_dest && !fw3_is_family(forward->_dest, family)))
+	if (!fw3_is_family(forward, handle->family))
 		return;
 
 	s = forward->_src  ? forward->_src->name  : "*";
 	d = forward->_dest ? forward->_dest->name : "*";
 
-	if (forward->name)
-		info("   * Forward '%s'", forward->name);
-	else
-		info("   * Forward %s->%s", s, d);
+	info("   * Forward '%s' -> '%s'", s, d);
+
+	if (!fw3_is_family(forward->_src, handle->family) ||
+	    !fw3_is_family(forward->_dest, handle->family))
+	{
+		info("     ! Skipping due to different family of zone");
+		return;
+	}
 
-	print_chain(forward);
-	fw3_format_comment("forwarding ", s, "->", d);
-	print_target(forward);
+	r = fw3_ipt_rule_new(handle);
+	fw3_ipt_rule_comment(r, "forwarding %s -> %s", s, d);
+	set_target(r, forward);
+	append_chain(r, forward);
 }
 
 void
-fw3_print_forwards(enum fw3_table table, enum fw3_family family,
-                   struct fw3_state *state)
+fw3_print_forwards(struct fw3_ipt_handle *handle, struct fw3_state *state)
 {
 	struct fw3_forward *forward;
 
 	list_for_each_entry(forward, &state->forwards, list)
-		print_forward(table, family, forward);
+		print_forward(handle, forward);
 }