Add egress if index val and rename ifidx to ingress_ifidx.

2015-03-16 17:28:03 +09:00 · 2015-03-16 17:28:03 +09:00 · 01ecb49d0e
parent ad1e380d10
commit 01ecb49d0e
3 changed files with 15 additions and 7 deletions
--- a/miniupnpd/netfilter_nft/nftnlrdr.c
+++ b/miniupnpd/netfilter_nft/nftnlrdr.c
@ -199,7 +199,7 @@ get_peer_rule_by_index(int index,
 		if (index == i) {
 			r = peer_cache[i];
 			if (ifname != NULL) {
-				if_indextoname(r->ifidx, ifname);
+				if_indextoname(r->ingress_ifidx, ifname);
 			}
 			if (eport != NULL) {
 				*eport = r->eport;
@ -281,7 +281,7 @@ get_redirect_rule_by_index(int index,
 		if (index == i) {
 			r = redirect_cache[i];
 			if (ifname != NULL) {
-				if_indextoname(r->ifidx, ifname);
+				if_indextoname(r->ingress_ifidx, ifname);
 			}
 			if (eport != NULL) {
 				*eport = r->eport;
--- a/miniupnpd/netfilter_nft/nftnlrdr_misc.c
+++ b/miniupnpd/netfilter_nft/nftnlrdr_misc.c
@ -115,7 +115,7 @@ print_rule(rule_t *r)
 			       "%s:%d (%s)\n",
 			       r->handle,
 			       r->table, r->chain, 
-			       if_indextoname(r->ifidx, ifname_buf),
+			       if_indextoname(r->ingress_ifidx, ifname_buf),
 			       get_family_string(r->family),
 			       get_proto_string(r->proto), r->eport, 
 			       iaddr_str, r->iport,
@ -127,7 +127,7 @@ print_rule(rule_t *r)
 			       "proto:%d, iaddr: %s, "
 			       "iport:%d, rhost:%s rport:%d (%s)\n",
 			       r->handle, r->table, r->chain,
-			       r->nat_type, r->family, r->ifidx,
+			       r->nat_type, r->family, r->ingress_ifidx,
 			       eaddr_str, r->eport,
 			       r->proto, iaddr_str, r->iport, 
 			       rhost_str, r->rport,
@ -138,7 +138,7 @@ print_rule(rule_t *r)
 			       "eaddr: %s, eport:%d, "
 			       "proto:%d, iaddr: %s, iport:%d, rhost:%s (%s)\n",
 			       r->handle, r->table, r->chain,
-			       r->nat_type, r->family, r->ifidx,
+			       r->nat_type, r->family, r->ingress_ifidx,
 			       eaddr_str, r->eport,
 			       r->proto, iaddr_str, r->iport, rhost_str,
 			       r->desc);
@ -268,6 +268,12 @@ parse_rule_meta(struct nft_rule_expr *e, rule_t *r)
 		reg_type = RULE_REG_IIF;
 		set_reg(r, dreg, reg_type, 0);
 		return ;
+		
+	case NFT_META_OIF:
+		reg_type = RULE_REG_IIF;
+		set_reg(r, dreg, reg_type, 0);
+		return ;
+		
 	}
 	syslog(LOG_DEBUG, "parse_rule_meta :Not support key %d\n", key);

@ -377,7 +383,7 @@ parse_rule_cmp(struct nft_rule_expr *e, rule_t *r) {
 	switch (r->reg1_type) {
 	case RULE_REG_IIF:
 		if (data_len == sizeof(uint32_t) && op == NFT_CMP_EQ) {
-			r->ifidx = *(uint32_t *)data_val;
+			r->ingress_ifidx = *(uint32_t *)data_val;
 			r->reg1_type = RULE_REG_NONE;
 			return;
 		}
--- a/miniupnpd/netfilter_nft/nftnlrdr_misc.h
+++ b/miniupnpd/netfilter_nft/nftnlrdr_misc.h
@ -14,6 +14,7 @@
 enum rule_reg_type { 
 	RULE_REG_NONE,
 	RULE_REG_IIF,
+	RULE_REG_OIF,
 	RULE_REG_IP_SRC_ADDR,
 	RULE_REG_IP_DEST_ADDR,
 	RULE_REG_IP_SD_ADDR, /* source & dest */
@ -41,7 +42,8 @@ typedef struct rule_ {
 	uint32_t nat_type;
 	uint32_t filter_action;
 	uint32_t family;
-	uint32_t ifidx;
+	uint32_t ingress_ifidx;
+	uint32_t egress_ifidx;
 	in_addr_t eaddr;
 	in_addr_t iaddr;
 	in_addr_t rhost;