X-Git-Url: http://git.archive.openwrt.org/?p=project%2Ffirewall3.git;a=blobdiff_plain;f=redirects.c;h=be1bfcb463de7099aff28b3f30b8abba07af9f7e;hp=89b3ad939de4193ceaec7229bd9b3730fec19b01;hb=47b23946cb2d51c486cd01596744955f850e2060;hpb=10b9190c9d846ae0f9cfd0b0af3d93a99136a40a diff --git a/redirects.c b/redirects.c index 89b3ad9..be1bfcb 100644 --- a/redirects.c +++ b/redirects.c @@ -1,7 +1,7 @@ /* * firewall3 - 3rd OpenWrt UCI firewall implementation * - * Copyright (C) 2013-2014 Jo-Philipp Wich + * Copyright (C) 2013-2014 Jo-Philipp Wich * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -136,7 +136,7 @@ resolve_dest(struct uci_element *e, struct fw3_redirect *redir, list_for_each_entry(zone, &state->zones, list) { - addrs = fw3_resolve_zone_addresses(zone); + addrs = fw3_resolve_zone_addresses(zone, NULL); if (!addrs) continue; @@ -166,45 +166,13 @@ static bool check_local(struct uci_element *e, struct fw3_redirect *redir, struct fw3_state *state) { - struct fw3_zone *zone; - struct fw3_device *net; - struct fw3_address *addr, *tmp; - if (redir->target != FW3_FLAG_DNAT) return false; if (!redir->ip_redir.set) redir->local = true; - if (redir->local) - return true; - - list_for_each_entry(zone, &state->zones, list) - { - list_for_each_entry(net, &zone->networks, list) - { - LIST_HEAD(addrs); - - fw3_ubus_address(&addrs, net->name); - list_for_each_entry_safe(addr, tmp, &addrs, list) - { - if (!redir->local && compare_addr(&redir->ip_redir, addr)) { - warn_elem(e, "refers to a destination address on this router, " - "assuming port redirection"); - - redir->local = true; - } - - list_del(&addr->list); - free(addr); - } - - if (redir->local) - return true; - } - } - - return false; + return redir->local; } void @@ -312,20 +280,20 @@ fw3_load_redirects(struct fw3_state *state, struct uci_package *p) set(redir->_src->flags, FW3_FAMILY_V4, redir->target); redir->_src->conntrack = true; valid = true; - } - if (!check_local(e, redir, state) && !redir->dest.set && - resolve_dest(e, redir, state)) - { - warn_elem(e, "does not specify a destination, assuming '%s'", - redir->dest.name); - } + if (!check_local(e, redir, state) && !redir->dest.set && + resolve_dest(e, redir, state)) + { + warn_elem(e, "does not specify a destination, assuming '%s'", + redir->dest.name); + } - if (redir->reflection && redir->_dest && redir->_src->masq) - { - set(redir->_dest->flags, FW3_FAMILY_V4, FW3_FLAG_ACCEPT); - set(redir->_dest->flags, FW3_FAMILY_V4, FW3_FLAG_DNAT); - set(redir->_dest->flags, FW3_FAMILY_V4, FW3_FLAG_SNAT); + if (redir->reflection && redir->_dest && redir->_src->masq) + { + set(redir->_dest->flags, FW3_FAMILY_V4, FW3_FLAG_ACCEPT); + set(redir->_dest->flags, FW3_FAMILY_V4, FW3_FLAG_DNAT); + set(redir->_dest->flags, FW3_FAMILY_V4, FW3_FLAG_SNAT); + } } } else @@ -593,8 +561,8 @@ expand_redirect(struct fw3_ipt_handle *handle, struct fw3_state *state, if (!redir->_dest || !redir->_src->masq) return; - ext_addrs = fw3_resolve_zone_addresses(redir->_src); - int_addrs = fw3_resolve_zone_addresses(redir->_dest); + ext_addrs = fw3_resolve_zone_addresses(redir->_src, &redir->ip_dest); + int_addrs = fw3_resolve_zone_addresses(redir->_dest, NULL); if (!ext_addrs || !int_addrs) goto out;