X-Git-Url: http://git.archive.openwrt.org/?p=project%2Ffirewall3.git;a=blobdiff_plain;f=redirects.c;h=b42201f91f79b868308e1b1e8aec3233590bf45f;hp=627438b3232b553088966a74fa6e9199645a6784;hb=ff9d5e13c9150c62fe698e4bc5541e6f92b241d0;hpb=275a37dbf280bd471ebb2c673267c49a81071bbb diff --git a/redirects.c b/redirects.c index 627438b..b42201f 100644 --- a/redirects.c +++ b/redirects.c @@ -19,32 +19,46 @@ #include "redirects.h" -static struct fw3_option redirect_opts[] = { - FW3_OPT("name", string, redirect, name), - FW3_OPT("family", family, redirect, family), +const struct fw3_option fw3_redirect_opts[] = { + FW3_OPT("enabled", bool, redirect, enabled), - FW3_OPT("src", device, redirect, src), - FW3_OPT("dest", device, redirect, dest), + FW3_OPT("name", string, redirect, name), + FW3_OPT("family", family, redirect, family), - FW3_OPT("ipset", device, redirect, ipset), + FW3_OPT("src", device, redirect, src), + FW3_OPT("dest", device, redirect, dest), - FW3_LIST("proto", protocol, redirect, proto), + FW3_OPT("ipset", device, redirect, ipset), - FW3_OPT("src_ip", address, redirect, ip_src), - FW3_LIST("src_mac", mac, redirect, mac_src), - FW3_OPT("src_port", port, redirect, port_src), + FW3_LIST("proto", protocol, redirect, proto), - FW3_OPT("src_dip", address, redirect, ip_dest), - FW3_OPT("src_dport", port, redirect, port_dest), + FW3_OPT("src_ip", address, redirect, ip_src), + FW3_LIST("src_mac", mac, redirect, mac_src), + FW3_OPT("src_port", port, redirect, port_src), - FW3_OPT("dest_ip", address, redirect, ip_redir), - FW3_OPT("dest_port", port, redirect, port_redir), + FW3_OPT("src_dip", address, redirect, ip_dest), + FW3_OPT("src_dport", port, redirect, port_dest), - FW3_OPT("extra", string, redirect, extra), + FW3_OPT("dest_ip", address, redirect, ip_redir), + FW3_OPT("dest_port", port, redirect, port_redir), - FW3_OPT("reflection", bool, redirect, reflection), + FW3_OPT("extra", string, redirect, extra), - FW3_OPT("target", target, redirect, target), + FW3_OPT("utc_time", bool, redirect, time.utc), + FW3_OPT("start_date", date, redirect, time.datestart), + FW3_OPT("stop_date", date, redirect, time.datestop), + FW3_OPT("start_time", time, redirect, time.timestart), + FW3_OPT("stop_time", time, redirect, time.timestop), + FW3_OPT("weekdays", weekdays, redirect, time.weekdays), + FW3_OPT("monthdays", monthdays, redirect, time.monthdays), + + FW3_OPT("reflection", bool, redirect, reflection), + FW3_OPT("reflection_src", reflection_source, + redirect, reflection_src), + + FW3_OPT("target", target, redirect, target), + + { } }; @@ -121,9 +135,16 @@ fw3_load_redirects(struct fw3_state *state, struct uci_package *p) INIT_LIST_HEAD(&redir->proto); INIT_LIST_HEAD(&redir->mac_src); + redir->enabled = true; redir->reflection = true; - fw3_parse_options(redir, redirect_opts, ARRAY_SIZE(redirect_opts), s); + fw3_parse_options(redir, fw3_redirect_opts, s); + + if (!redir->enabled) + { + fw3_free_redirect(redir); + continue; + } if (redir->src.invert) { @@ -165,18 +186,18 @@ fw3_load_redirects(struct fw3_state *state, struct uci_package *p) continue; } - if (redir->target == FW3_TARGET_UNSPEC) + if (redir->target == FW3_FLAG_UNSPEC) { warn_elem(e, "has no target specified, defaulting to DNAT"); - redir->target = FW3_TARGET_DNAT; + redir->target = FW3_FLAG_DNAT; } - else if (redir->target < FW3_TARGET_DNAT) + else if (redir->target < FW3_FLAG_DNAT) { warn_elem(e, "has invalid target specified, defaulting to DNAT"); - redir->target = FW3_TARGET_DNAT; + redir->target = FW3_FLAG_DNAT; } - if (redir->target == FW3_TARGET_DNAT) + if (redir->target == FW3_FLAG_DNAT) { if (redir->src.any) warn_elem(e, "must not have source '*' for DNAT target"); @@ -184,16 +205,16 @@ fw3_load_redirects(struct fw3_state *state, struct uci_package *p) warn_elem(e, "has no source specified"); else { - setbit(redir->_src->dst_flags, redir->target); + set(redir->_src->flags, FW3_FAMILY_V4, redir->target); redir->_src->conntrack = true; valid = true; } if (redir->reflection && redir->_dest && redir->_src->masq) { - setbit(redir->_dest->dst_flags, FW3_TARGET_ACCEPT); - setbit(redir->_dest->dst_flags, FW3_TARGET_DNAT); - setbit(redir->_dest->dst_flags, FW3_TARGET_SNAT); + set(redir->_dest->flags, FW3_FAMILY_V4, FW3_FLAG_ACCEPT); + set(redir->_dest->flags, FW3_FAMILY_V4, FW3_FLAG_DNAT); + set(redir->_dest->flags, FW3_FAMILY_V4, FW3_FLAG_SNAT); } } else @@ -206,7 +227,7 @@ fw3_load_redirects(struct fw3_state *state, struct uci_package *p) warn_elem(e, "has no src_dip option specified"); else { - setbit(redir->_dest->dst_flags, redir->target); + set(redir->_dest->flags, FW3_FAMILY_V4, redir->target); redir->_dest->conntrack = true; valid = true; } @@ -228,20 +249,20 @@ fw3_load_redirects(struct fw3_state *state, struct uci_package *p) static void print_chain_nat(struct fw3_redirect *redir) { - if (redir->target == FW3_TARGET_DNAT) + if (redir->target == FW3_FLAG_DNAT) fw3_pr("-A zone_%s_prerouting", redir->src.name); else fw3_pr("-A zone_%s_postrouting", redir->dest.name); } static void -print_snat_dnat(enum fw3_target target, +print_snat_dnat(enum fw3_flag target, struct fw3_address *addr, struct fw3_port *port) { const char *t; char s[sizeof("255.255.255.255 ")]; - if (target == FW3_TARGET_DNAT) + if (target == FW3_FLAG_DNAT) t = "DNAT --to-destination"; else t = "SNAT --to-source"; @@ -264,7 +285,7 @@ print_snat_dnat(enum fw3_target target, static void print_target_nat(struct fw3_redirect *redir) { - if (redir->target == FW3_TARGET_DNAT) + if (redir->target == FW3_FLAG_DNAT) print_snat_dnat(redir->target, &redir->ip_redir, &redir->port_redir); else print_snat_dnat(redir->target, &redir->ip_dest, &redir->port_dest); @@ -273,7 +294,7 @@ print_target_nat(struct fw3_redirect *redir) static void print_chain_filter(struct fw3_redirect *redir) { - if (redir->target == FW3_TARGET_DNAT) + if (redir->target == FW3_FLAG_DNAT) { /* XXX: check for local ip */ if (!redir->ip_redir.set) @@ -294,7 +315,7 @@ static void print_target_filter(struct fw3_redirect *redir) { /* XXX: check for local ip */ - if (redir->target == FW3_TARGET_DNAT && !redir->ip_redir.set) + if (redir->target == FW3_FLAG_DNAT && !redir->ip_redir.set) fw3_pr(" -m conntrack --ctstate DNAT -j ACCEPT\n"); else fw3_pr(" -j ACCEPT\n"); @@ -305,7 +326,7 @@ print_redirect(enum fw3_table table, enum fw3_family family, struct fw3_redirect *redir, int num) { struct list_head *ext_addrs, *int_addrs; - struct fw3_address *ext_addr, *int_addr; + struct fw3_address *ext_addr, *int_addr, ref_addr; struct fw3_device *ext_net, *int_net; struct fw3_protocol *proto; struct fw3_mac *mac; @@ -338,7 +359,7 @@ print_redirect(enum fw3_table table, enum fw3_family family, return; } - setbit(redir->_ipset->flags, family); + set(redir->_ipset->flags, family, family); } fw3_foreach(proto, &redir->proto) @@ -350,7 +371,7 @@ print_redirect(enum fw3_table table, enum fw3_family family, fw3_format_ipset(redir->_ipset, redir->ipset.invert); fw3_format_protocol(proto, family); - if (redir->target == FW3_TARGET_DNAT) + if (redir->target == FW3_FLAG_DNAT) { fw3_format_src_dest(&redir->ip_src, &redir->ip_dest); fw3_format_sport_dport(&redir->port_src, &redir->port_dest); @@ -362,6 +383,7 @@ print_redirect(enum fw3_table table, enum fw3_family family, } fw3_format_mac(mac); + fw3_format_time(&redir->time); fw3_format_extra(redir->extra); fw3_format_comment(redir->name); print_target_nat(redir); @@ -374,6 +396,7 @@ print_redirect(enum fw3_table table, enum fw3_family family, fw3_format_src_dest(&redir->ip_src, &redir->ip_redir); fw3_format_sport_dport(&redir->port_src, &redir->port_redir); fw3_format_mac(mac); + fw3_format_time(&redir->time); fw3_format_extra(redir->extra); fw3_format_comment(redir->name); print_target_filter(redir); @@ -381,7 +404,7 @@ print_redirect(enum fw3_table table, enum fw3_family family, } /* reflection rules */ - if (redir->target != FW3_TARGET_DNAT || !redir->reflection) + if (redir->target != FW3_FLAG_DNAT || !redir->reflection) return; if (!redir->_dest || !redir->_src->masq) @@ -412,6 +435,12 @@ print_redirect(enum fw3_table table, enum fw3_family family, if (!proto || (proto->protocol != 6 && proto->protocol != 17)) continue; + if (redir->reflection_src == FW3_REFLECTION_INTERNAL) + ref_addr = *int_addr; + else + ref_addr = *ext_addr; + + ref_addr.mask = 32; ext_addr->mask = 32; if (table == FW3_TABLE_NAT) @@ -420,16 +449,18 @@ print_redirect(enum fw3_table table, enum fw3_family family, fw3_format_protocol(proto, family); fw3_format_src_dest(int_addr, ext_addr); fw3_format_sport_dport(NULL, &redir->port_dest); + fw3_format_time(&redir->time); fw3_format_comment(redir->name, " (reflection)"); - print_snat_dnat(FW3_TARGET_DNAT, + print_snat_dnat(FW3_FLAG_DNAT, &redir->ip_redir, &redir->port_redir); fw3_pr("-A zone_%s_postrouting", redir->dest.name); fw3_format_protocol(proto, family); fw3_format_src_dest(int_addr, &redir->ip_redir); fw3_format_sport_dport(NULL, &redir->port_redir); + fw3_format_time(&redir->time); fw3_format_comment(redir->name, " (reflection)"); - print_snat_dnat(FW3_TARGET_SNAT, ext_addr, NULL); + print_snat_dnat(FW3_FLAG_SNAT, &ref_addr, NULL); } else if (table == FW3_TABLE_FILTER) { @@ -437,6 +468,7 @@ print_redirect(enum fw3_table table, enum fw3_family family, fw3_format_protocol(proto, family); fw3_format_src_dest(int_addr, &redir->ip_redir); fw3_format_sport_dport(NULL, &redir->port_redir); + fw3_format_time(&redir->time); fw3_format_comment(redir->name, " (reflection)"); fw3_pr(" -j zone_%s_dest_ACCEPT\n", redir->dest.name); } @@ -465,11 +497,3 @@ fw3_print_redirects(enum fw3_table table, enum fw3_family family, list_for_each_entry(redir, &state->redirects, list) print_redirect(table, family, redir, num++); } - -void -fw3_free_redirect(struct fw3_redirect *redir) -{ - fw3_free_list(&redir->proto); - fw3_free_list(&redir->mac_src); - free(redir); -}