Add support for device and direction parameters

author Steven Barth <steven@midlink.org>

Sun, 13 Apr 2014 16:41:06 +0000 (18:41 +0200)

committer Steven Barth <steven@midlink.org>

Mon, 14 Apr 2014 06:50:21 +0000 (08:50 +0200)
author Steven Barth <steven@midlink.org>
Sun, 13 Apr 2014 16:41:06 +0000 (18:41 +0200)
committer Steven Barth <steven@midlink.org>
Mon, 14 Apr 2014 06:50:21 +0000 (08:50 +0200)
diff --git a/iptables.c b/iptables.c

index 694dd4f..58ec752 100644 (file)
--- a/iptables.c
+++ b/iptables.c
@@ -744,6 +744,16 @@ fw3_ipt_rule_sport_dport(struct fw3_ipt_rule *r,
  }
  
  void
  }
  
  void
+fw3_ipt_rule_device(struct fw3_ipt_rule *r, const char *device, bool out)
+{
+       if (device) {
+               struct fw3_device dev = { .any = false };
+               strncpy(dev.name, device, sizeof(dev.name) - 1);
+               fw3_ipt_rule_in_out(r, (out) ? NULL : &dev, (out) ? &dev : NULL);
+       }
+}
+
+void
  fw3_ipt_rule_mac(struct fw3_ipt_rule *r, struct fw3_mac *mac)
  {
         char buf[sizeof("ff:ff:ff:ff:ff:ff\0")];
  fw3_ipt_rule_mac(struct fw3_ipt_rule *r, struct fw3_mac *mac)
  {
         char buf[sizeof("ff:ff:ff:ff:ff:ff\0")];
diff --git a/iptables.h b/iptables.h

index d0b42d8..872ee33 100644 (file)
--- a/iptables.h
+++ b/iptables.h
@@ -143,6 +143,8 @@ void fw3_ipt_rule_src_dest(struct fw3_ipt_rule *r,
  void fw3_ipt_rule_sport_dport(struct fw3_ipt_rule *r,
                                struct fw3_port *sp, struct fw3_port *dp);
  
  void fw3_ipt_rule_sport_dport(struct fw3_ipt_rule *r,
                                struct fw3_port *sp, struct fw3_port *dp);
  
+void fw3_ipt_rule_device(struct fw3_ipt_rule *r, const char *device, bool out);
+
  void fw3_ipt_rule_mac(struct fw3_ipt_rule *r, struct fw3_mac *mac);
  
  void fw3_ipt_rule_icmptype(struct fw3_ipt_rule *r, struct fw3_icmptype *icmp);
  void fw3_ipt_rule_mac(struct fw3_ipt_rule *r, struct fw3_mac *mac);
  
  void fw3_ipt_rule_icmptype(struct fw3_ipt_rule *r, struct fw3_icmptype *icmp);
diff --git a/options.c b/options.c

index 4c42be0..1dbdca8 100644 (file)
--- a/options.c
+++ b/options.c
@@ -854,6 +854,22 @@ fw3_parse_setmatch(void *ptr, const char *val, bool is_list)
         return true;
  }
  
         return true;
  }
  
+bool
+fw3_parse_direction(void *ptr, const char *val, bool is_list)
+{
+       bool *is_out = ptr;
+       bool valid = true;
+
+       if (!strcmp(val, "in") || !strcmp(val, "ingress"))
+               *is_out = false;
+       else if (!strcmp(val, "out") || !strcmp(val, "egress"))
+               *is_out = true;
+       else
+               valid = false;
+
+       return valid;
+}
+
  
  bool
  fw3_parse_options(void *s, const struct fw3_option *opts,
  
  bool
  fw3_parse_options(void *s, const struct fw3_option *opts,
diff --git a/options.h b/options.h

index f0a759a..30c0a95 100644 (file)
--- a/options.h
+++ b/options.h
@@ -328,6 +328,9 @@ struct fw3_rule
         struct fw3_zone *_src;
         struct fw3_zone *_dest;
  
         struct fw3_zone *_src;
         struct fw3_zone *_dest;
  
+       const char *device;
+       bool direction_out;
+
         struct fw3_device src;
         struct fw3_device dest;
         struct fw3_setmatch ipset;
         struct fw3_device src;
         struct fw3_device dest;
         struct fw3_setmatch ipset;
@@ -408,6 +411,7 @@ struct fw3_snat
  
         struct fw3_device src;
         struct fw3_setmatch ipset;
  
         struct fw3_device src;
         struct fw3_setmatch ipset;
+       const char *device;
  
         struct list_head proto;
  
  
         struct list_head proto;
  
@@ -550,6 +554,7 @@ bool fw3_parse_weekdays(void *ptr, const char *val, bool is_list);
  bool fw3_parse_monthdays(void *ptr, const char *val, bool is_list);
  bool fw3_parse_mark(void *ptr, const char *val, bool is_list);
  bool fw3_parse_setmatch(void *ptr, const char *val, bool is_list);
  bool fw3_parse_monthdays(void *ptr, const char *val, bool is_list);
  bool fw3_parse_mark(void *ptr, const char *val, bool is_list);
  bool fw3_parse_setmatch(void *ptr, const char *val, bool is_list);
+bool fw3_parse_direction(void *ptr, const char *val, bool is_list);
  
  bool fw3_parse_options(void *s, const struct fw3_option *opts,
                         struct uci_section *section);
  
  bool fw3_parse_options(void *s, const struct fw3_option *opts,
                         struct uci_section *section);
diff --git a/rules.c b/rules.c

index 8ecefb0..b41dfac 100644 (file)
--- a/rules.c
+++ b/rules.c
@@ -28,6 +28,9 @@ const struct fw3_option fw3_rule_opts[] = {
         FW3_OPT("src",                 device,    rule,     src),
         FW3_OPT("dest",                device,    rule,     dest),
  
         FW3_OPT("src",                 device,    rule,     src),
         FW3_OPT("dest",                device,    rule,     dest),
  
+       FW3_OPT("device",              string,    rule,     device),
+       FW3_OPT("direction",           direction, rule,     direction_out),
+
         FW3_OPT("ipset",               setmatch,  rule,     ipset),
  
         FW3_LIST("proto",              protocol,  rule,     proto),
         FW3_OPT("ipset",               setmatch,  rule,     ipset),
  
         FW3_LIST("proto",              protocol,  rule,     proto),
@@ -350,6 +353,7 @@ print_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
  
         r = fw3_ipt_rule_create(handle, proto, NULL, NULL, sip, dip);
         fw3_ipt_rule_sport_dport(r, sport, dport);
  
         r = fw3_ipt_rule_create(handle, proto, NULL, NULL, sip, dip);
         fw3_ipt_rule_sport_dport(r, sport, dport);
+       fw3_ipt_rule_device(r, rule->device, rule->direction_out);
         fw3_ipt_rule_icmptype(r, icmptype);
         fw3_ipt_rule_mac(r, mac);
         fw3_ipt_rule_ipset(r, &rule->ipset);
         fw3_ipt_rule_icmptype(r, icmptype);
         fw3_ipt_rule_mac(r, mac);
         fw3_ipt_rule_ipset(r, &rule->ipset);
diff --git a/snats.c b/snats.c

index c7f29c6..1e01192 100644 (file)
--- a/snats.c
+++ b/snats.c
@@ -26,6 +26,7 @@ const struct fw3_option fw3_snat_opts[] = {
         FW3_OPT("family",              family,    snat,     family),
  
         FW3_OPT("src",                 device,    snat,     src),
         FW3_OPT("family",              family,    snat,     family),
  
         FW3_OPT("src",                 device,    snat,     src),
+       FW3_OPT("device",              string,    snat,     device),
  
         FW3_OPT("ipset",               setmatch,  snat,     ipset),
  
  
         FW3_OPT("ipset",               setmatch,  snat,     ipset),
  
@@ -308,6 +309,7 @@ print_snat(struct fw3_ipt_handle *h, struct fw3_state *state,
  
                 r = fw3_ipt_rule_create(h, proto, NULL, NULL, src, dst);
                 fw3_ipt_rule_sport_dport(r, spt, dpt);
  
                 r = fw3_ipt_rule_create(h, proto, NULL, NULL, src, dst);
                 fw3_ipt_rule_sport_dport(r, spt, dpt);
+               fw3_ipt_rule_device(r, snat->device, true);
                 fw3_ipt_rule_ipset(r, &snat->ipset);
                 fw3_ipt_rule_limit(r, &snat->limit);
                 fw3_ipt_rule_time(r, &snat->time);
                 fw3_ipt_rule_ipset(r, &snat->ipset);
                 fw3_ipt_rule_limit(r, &snat->limit);
                 fw3_ipt_rule_time(r, &snat->time);
author	Steven Barth <steven@midlink.org>
	Sun, 13 Apr 2014 16:41:06 +0000 (18:41 +0200)
committer	Steven Barth <steven@midlink.org>
	Mon, 14 Apr 2014 06:50:21 +0000 (08:50 +0200)
iptables.c		patch \| blob \| history
iptables.h		patch \| blob \| history
options.c		patch \| blob \| history
options.h		patch \| blob \| history
rules.c		patch \| blob \| history
snats.c		patch \| blob \| history