DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity

Revert "Remove support for IPv6 for rules shared with IPv4"

Browse Source 
This reverts commit d33c240070db98888bb960fe89fc5542f67f6fed.
This commit is contained in:
Pierre Pronchery 2018-08-08 19:16:03 +02:00
parent d28d1cb12d
commit f97214bcfc
1 changed files with 21 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
server/fw_util_iptables.c
View File

@ -187,7 +187,7 @@ rule_exists_no_chk_support(const fko_srv_options_t * const opts,
static int static int
rule_exists_chk_support(const fko_srv_options_t * const opts, rule_exists_chk_support(const fko_srv_options_t * const opts,
const char * const chain, const char * const rule) const char * const chain, const char * const rule, int ipv6)
{ {
int rule_exists = 0; int rule_exists = 0;
int res = 0; int res = 0;
@ -195,7 +195,7 @@ rule_exists_chk_support(const fko_srv_options_t * const opts,
zero_cmd_buffers(); zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_CHK_RULE_ARGS, snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_CHK_RULE_ARGS,
opts->fw_config->fw_command, ipv6 ? opts->fw_config->fw_command6 : opts->fw_config->fw_command,
chain, rule); chain, rule);
res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE, res = run_extcmd(cmd_buf, err_buf, CMD_BUFSIZE,
@ -239,7 +239,7 @@ rule_exists(const fko_srv_options_t * const opts,
int rule_exists = 0; int rule_exists = 0;
if(have_ipt_chk_support == 1) if(have_ipt_chk_support == 1)
rule_exists = rule_exists_chk_support(opts, fwc->to_chain, rule); rule_exists = rule_exists_chk_support(opts, fwc->to_chain, rule, ipv6);
else else
rule_exists = rule_exists_no_chk_support(opts, fwc, proto, srcip, rule_exists = rule_exists_no_chk_support(opts, fwc, proto, srcip,
(opts->fw_config->use_destination ? dstip : NULL), port, (opts->fw_config->use_destination ? dstip : NULL), port,
@ -400,14 +400,14 @@ comment_match_exists(const fko_srv_options_t * const opts, int ipv6)
} }
static int static int
add_jump_rule(const fko_srv_options_t * const opts, const int chain_num) add_jump_rule(const fko_srv_options_t * const opts, const int chain_num, int ipv6)
{ {
int res = 0, rv = 0; int res = 0, rv = 0;
zero_cmd_buffers(); zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_ADD_JUMP_RULE_ARGS, snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_ADD_JUMP_RULE_ARGS,
fwc.fw_command, ipv6 ? fwc.fw_command6 : fwc.fw_command,
fwc.chain[chain_num].table, fwc.chain[chain_num].table,
fwc.chain[chain_num].from_chain, fwc.chain[chain_num].from_chain,
fwc.chain[chain_num].jump_rule_pos, fwc.chain[chain_num].jump_rule_pos,
@ -435,14 +435,14 @@ add_jump_rule(const fko_srv_options_t * const opts, const int chain_num)
} }
static int static int
chain_exists(const fko_srv_options_t * const opts, const int chain_num) chain_exists(const fko_srv_options_t * const opts, const int chain_num, int ipv6)
{ {
int res = 0; int res = 0;
zero_cmd_buffers(); zero_cmd_buffers();
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_CHAIN_EXISTS_ARGS, snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_CHAIN_EXISTS_ARGS,
fwc.fw_command, ipv6 ? fwc.fw_command6 : fwc.fw_command,
fwc.chain[chain_num].table, fwc.chain[chain_num].table,
fwc.chain[chain_num].to_chain fwc.chain[chain_num].to_chain
); );
@ -466,7 +466,7 @@ chain_exists(const fko_srv_options_t * const opts, const int chain_num)
} }
static int static int
jump_rule_exists_chk_support(const fko_srv_options_t * const opts, const int chain_num) jump_rule_exists_chk_support(const fko_srv_options_t * const opts, const int chain_num, int ipv6)
{ {
int exists = 0; int exists = 0;
char rule_buf[CMD_BUFSIZE] = {0}; char rule_buf[CMD_BUFSIZE] = {0};
@ -476,7 +476,7 @@ jump_rule_exists_chk_support(const fko_srv_options_t * const opts, const int cha
fwc.chain[chain_num].to_chain fwc.chain[chain_num].to_chain
); );
if(rule_exists_chk_support(opts, fwc.chain[chain_num].from_chain, rule_buf) == 1) if(rule_exists_chk_support(opts, fwc.chain[chain_num].from_chain, rule_buf, ipv6) == 1)
{ {
log_msg(LOG_DEBUG, "jump_rule_exists_chk_support() jump rule found"); log_msg(LOG_DEBUG, "jump_rule_exists_chk_support() jump rule found");
exists = 1; exists = 1;
@ -518,12 +518,12 @@ jump_rule_exists_no_chk_support(const fko_srv_options_t * const opts,
} }
static int static int
jump_rule_exists(const fko_srv_options_t * const opts, const int chain_num) jump_rule_exists(const fko_srv_options_t * const opts, const int chain_num, int ipv6)
{ {
int exists = 0; int exists = 0;
if(have_ipt_chk_support == 1) if(have_ipt_chk_support == 1)
exists = jump_rule_exists_chk_support(opts, chain_num); exists = jump_rule_exists_chk_support(opts, chain_num, ipv6);
else else
exists = jump_rule_exists_no_chk_support(opts, chain_num); exists = jump_rule_exists_no_chk_support(opts, chain_num);
@ -696,7 +696,7 @@ delete_all_chains(const fko_srv_options_t * const opts, int ipv6)
* is there. * is there.
*/ */
cmd_ctr = 0; cmd_ctr = 0;
while(cmd_ctr < CMD_LOOP_TRIES && (jump_rule_exists(opts, i) == 1)) while(cmd_ctr < CMD_LOOP_TRIES && (jump_rule_exists(opts, i, ipv6) == 1))
{ {
zero_cmd_buffers(); zero_cmd_buffers();
@ -834,7 +834,7 @@ delete_all_chains(const fko_srv_options_t * const opts, int ipv6)
} }
static int static int
create_chain(const fko_srv_options_t * const opts, const int chain_num) create_chain(const fko_srv_options_t * const opts, const int chain_num, int ipv6)
{ {
int res = 0, rv = 0; int res = 0, rv = 0;
@ -843,7 +843,7 @@ create_chain(const fko_srv_options_t * const opts, const int chain_num)
/* Create the custom chain. /* Create the custom chain.
*/ */
snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_NEW_CHAIN_ARGS, snprintf(cmd_buf, CMD_BUFSIZE-1, "%s " IPT_NEW_CHAIN_ARGS,
fwc.fw_command, ipv6 ? fwc.fw_command6 : fwc.fw_command,
fwc.chain[chain_num].table, fwc.chain[chain_num].table,
fwc.chain[chain_num].to_chain fwc.chain[chain_num].to_chain
); );
@ -866,18 +866,18 @@ create_chain(const fko_srv_options_t * const opts, const int chain_num)
} }
static int static int
mk_chain(const fko_srv_options_t * const opts, const int chain_num) mk_chain(const fko_srv_options_t * const opts, const int chain_num, int ipv6)
{ {
int err = 0; int err = 0;
/* Make sure the required chain and jump rule exist /* Make sure the required chain and jump rule exist
*/ */
if(! chain_exists(opts, chain_num)) if(! chain_exists(opts, chain_num, ipv6))
if(! create_chain(opts, chain_num)) if(! create_chain(opts, chain_num, ipv6))
err++; err++;
if (! jump_rule_exists(opts, chain_num)) if (! jump_rule_exists(opts, chain_num, ipv6))
if(! add_jump_rule(opts, chain_num)) if(! add_jump_rule(opts, chain_num, ipv6))
err++; err++;
return err; return err;
@ -898,7 +898,7 @@ create_fw_chains(const fko_srv_options_t * const opts, int ipv6)
if(fwc.chain[i].target[0] == '\0') if(fwc.chain[i].target[0] == '\0')
continue; continue;
got_err += mk_chain(opts, i); got_err += mk_chain(opts, i, ipv6);
} }
#if USE_LIBNETFILTER_QUEUE #if USE_LIBNETFILTER_QUEUE
@ -1301,7 +1301,7 @@ ipt_rule(const fko_srv_options_t * const opts,
/* Check to make sure that the chain and jump rule exist /* Check to make sure that the chain and jump rule exist
*/ */
mk_chain(opts, chain->type); mk_chain(opts, chain->type, ipv6);
if(rule_exists(opts, chain, rule_buf, proto, srcip, if(rule_exists(opts, chain, rule_buf, proto, srcip,
dstip, port, nat_ip, nat_port, exp_ts, ipv6) == 0) dstip, port, nat_ip, nat_port, exp_ts, ipv6) == 0)