From 01ecb49d0ec355d047a8cf9ad184208f8d7f0fec Mon Sep 17 00:00:00 2001 From: Tomofumi Hayashi Date: Mon, 16 Mar 2015 17:28:03 +0900 Subject: [PATCH] Add egress if index val and rename ifidx to ingress_ifidx. --- miniupnpd/netfilter_nft/nftnlrdr.c | 4 ++-- miniupnpd/netfilter_nft/nftnlrdr_misc.c | 14 ++++++++++---- miniupnpd/netfilter_nft/nftnlrdr_misc.h | 4 +++- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/miniupnpd/netfilter_nft/nftnlrdr.c b/miniupnpd/netfilter_nft/nftnlrdr.c index 3c8b3db..b08d754 100644 --- a/miniupnpd/netfilter_nft/nftnlrdr.c +++ b/miniupnpd/netfilter_nft/nftnlrdr.c @@ -199,7 +199,7 @@ get_peer_rule_by_index(int index, if (index == i) { r = peer_cache[i]; if (ifname != NULL) { - if_indextoname(r->ifidx, ifname); + if_indextoname(r->ingress_ifidx, ifname); } if (eport != NULL) { *eport = r->eport; @@ -281,7 +281,7 @@ get_redirect_rule_by_index(int index, if (index == i) { r = redirect_cache[i]; if (ifname != NULL) { - if_indextoname(r->ifidx, ifname); + if_indextoname(r->ingress_ifidx, ifname); } if (eport != NULL) { *eport = r->eport; diff --git a/miniupnpd/netfilter_nft/nftnlrdr_misc.c b/miniupnpd/netfilter_nft/nftnlrdr_misc.c index 2e61910..ad12065 100644 --- a/miniupnpd/netfilter_nft/nftnlrdr_misc.c +++ b/miniupnpd/netfilter_nft/nftnlrdr_misc.c @@ -115,7 +115,7 @@ print_rule(rule_t *r) "%s:%d (%s)\n", r->handle, r->table, r->chain, - if_indextoname(r->ifidx, ifname_buf), + if_indextoname(r->ingress_ifidx, ifname_buf), get_family_string(r->family), get_proto_string(r->proto), r->eport, iaddr_str, r->iport, @@ -127,7 +127,7 @@ print_rule(rule_t *r) "proto:%d, iaddr: %s, " "iport:%d, rhost:%s rport:%d (%s)\n", r->handle, r->table, r->chain, - r->nat_type, r->family, r->ifidx, + r->nat_type, r->family, r->ingress_ifidx, eaddr_str, r->eport, r->proto, iaddr_str, r->iport, rhost_str, r->rport, @@ -138,7 +138,7 @@ print_rule(rule_t *r) "eaddr: %s, eport:%d, " "proto:%d, iaddr: %s, iport:%d, rhost:%s (%s)\n", r->handle, r->table, r->chain, - r->nat_type, r->family, r->ifidx, + r->nat_type, r->family, r->ingress_ifidx, eaddr_str, r->eport, r->proto, iaddr_str, r->iport, rhost_str, r->desc); @@ -268,6 +268,12 @@ parse_rule_meta(struct nft_rule_expr *e, rule_t *r) reg_type = RULE_REG_IIF; set_reg(r, dreg, reg_type, 0); return ; + + case NFT_META_OIF: + reg_type = RULE_REG_IIF; + set_reg(r, dreg, reg_type, 0); + return ; + } syslog(LOG_DEBUG, "parse_rule_meta :Not support key %d\n", key); @@ -377,7 +383,7 @@ parse_rule_cmp(struct nft_rule_expr *e, rule_t *r) { switch (r->reg1_type) { case RULE_REG_IIF: if (data_len == sizeof(uint32_t) && op == NFT_CMP_EQ) { - r->ifidx = *(uint32_t *)data_val; + r->ingress_ifidx = *(uint32_t *)data_val; r->reg1_type = RULE_REG_NONE; return; } diff --git a/miniupnpd/netfilter_nft/nftnlrdr_misc.h b/miniupnpd/netfilter_nft/nftnlrdr_misc.h index 383701e..e04403e 100644 --- a/miniupnpd/netfilter_nft/nftnlrdr_misc.h +++ b/miniupnpd/netfilter_nft/nftnlrdr_misc.h @@ -14,6 +14,7 @@ enum rule_reg_type { RULE_REG_NONE, RULE_REG_IIF, + RULE_REG_OIF, RULE_REG_IP_SRC_ADDR, RULE_REG_IP_DEST_ADDR, RULE_REG_IP_SD_ADDR, /* source & dest */ @@ -41,7 +42,8 @@ typedef struct rule_ { uint32_t nat_type; uint32_t filter_action; uint32_t family; - uint32_t ifidx; + uint32_t ingress_ifidx; + uint32_t egress_ifidx; in_addr_t eaddr; in_addr_t iaddr; in_addr_t rhost;