status-im
/
miniupnp
mirror of https://github.com/status-im/miniupnp.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

use the same name for all three tables, like sshguard does

This commit is contained in:
Paul Chambers 2019-09-30 11:20:16 -07:00
parent 13b63da3fb
commit 6a53e6e765
3 changed files with 20 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
miniupnpd/netfilter_nft/nftnlrdr.c
View File

@ -77,27 +77,27 @@ init_redirect(void) {
/* 'ip' family */ /* 'ip' family */
if (result == 0) { if (result == 0) {
result = table_op(NFT_MSG_NEWTABLE, NFPROTO_IPV4, nft_table4); result = table_op(NFT_MSG_NEWTABLE, NFPROTO_IPV4, nft_table);
} }
if (result == 0) { if (result == 0) {
result = chain_op(NFT_MSG_NEWCHAIN, NFPROTO_IPV4, nft_table4, result = chain_op(NFT_MSG_NEWCHAIN, NFPROTO_IPV4, nft_table,
nft_prerouting_chain, NAT_CHAIN_TYPE, NF_INET_PRE_ROUTING, NF_IP_PRI_NAT_DST); nft_prerouting_chain, NAT_CHAIN_TYPE, NF_INET_PRE_ROUTING, NF_IP_PRI_NAT_DST);
} }
if (result == 0) { if (result == 0) {
result = chain_op(NFT_MSG_NEWCHAIN, NFPROTO_IPV4, nft_table4, result = chain_op(NFT_MSG_NEWCHAIN, NFPROTO_IPV4, nft_table,
nft_postrouting_chain, NAT_CHAIN_TYPE, NF_INET_POST_ROUTING, NF_IP_PRI_NAT_SRC); nft_postrouting_chain, NAT_CHAIN_TYPE, NF_INET_POST_ROUTING, NF_IP_PRI_NAT_SRC);
} }
/* 'ip6' family */ /* 'ip6' family */
if (result == 0) { if (result == 0) {
result = table_op(NFT_MSG_NEWTABLE, NFPROTO_IPV6, nft_table6); result = table_op(NFT_MSG_NEWTABLE, NFPROTO_IPV6, nft_table);
} }
if (result == 0) { if (result == 0) {
result = chain_op(NFT_MSG_NEWCHAIN, NFPROTO_IPV6, nft_table6, result = chain_op(NFT_MSG_NEWCHAIN, NFPROTO_IPV6, nft_table,
nft_prerouting_chain, NAT_CHAIN_TYPE, NF_INET_PRE_ROUTING, NF_IP_PRI_NAT_DST); nft_prerouting_chain, NAT_CHAIN_TYPE, NF_INET_PRE_ROUTING, NF_IP_PRI_NAT_DST);
} }
if (result == 0) { if (result == 0) {
result = chain_op(NFT_MSG_NEWCHAIN, NFPROTO_IPV6, nft_table6, result = chain_op(NFT_MSG_NEWCHAIN, NFPROTO_IPV6, nft_table,
nft_postrouting_chain, NAT_CHAIN_TYPE, NF_INET_POST_ROUTING, NF_IP_PRI_NAT_SRC); nft_postrouting_chain, NAT_CHAIN_TYPE, NF_INET_POST_ROUTING, NF_IP_PRI_NAT_SRC);
} }
@ -116,27 +116,27 @@ shutdown_redirect(void) {
} }
/* 'ip' family */ /* 'ip' family */
result = chain_op(NFT_MSG_DELCHAIN, NFPROTO_IPV4, nft_table4, result = chain_op(NFT_MSG_DELCHAIN, NFPROTO_IPV4, nft_table,
nft_prerouting_chain, NAT_CHAIN_TYPE, NF_INET_PRE_ROUTING, NF_IP_PRI_NAT_DST); nft_prerouting_chain, NAT_CHAIN_TYPE, NF_INET_PRE_ROUTING, NF_IP_PRI_NAT_DST);
if (result == 0) { if (result == 0) {
result = chain_op(NFT_MSG_DELCHAIN, NFPROTO_IPV4, nft_table4, result = chain_op(NFT_MSG_DELCHAIN, NFPROTO_IPV4, nft_table,
nft_postrouting_chain, NAT_CHAIN_TYPE, NF_INET_POST_ROUTING, NF_IP_PRI_NAT_SRC); nft_postrouting_chain, NAT_CHAIN_TYPE, NF_INET_POST_ROUTING, NF_IP_PRI_NAT_SRC);
} }
if (result == 0) { if (result == 0) {
result = table_op(NFT_MSG_DELTABLE, NFPROTO_IPV4, nft_table4); result = table_op(NFT_MSG_DELTABLE, NFPROTO_IPV4, nft_table);
} }
/* 'ip6' family */ /* 'ip6' family */
if (result == 0) { if (result == 0) {
result = chain_op(NFT_MSG_DELCHAIN, NFPROTO_IPV6, nft_table6, result = chain_op(NFT_MSG_DELCHAIN, NFPROTO_IPV6, nft_table,
nft_prerouting_chain, NAT_CHAIN_TYPE, NF_INET_PRE_ROUTING, NF_IP_PRI_NAT_DST); nft_prerouting_chain, NAT_CHAIN_TYPE, NF_INET_PRE_ROUTING, NF_IP_PRI_NAT_DST);
} }
if (result == 0) { if (result == 0) {
result = chain_op(NFT_MSG_DELCHAIN, NFPROTO_IPV6, nft_table6, result = chain_op(NFT_MSG_DELCHAIN, NFPROTO_IPV6, nft_table,
nft_postrouting_chain, NAT_CHAIN_TYPE, NF_INET_POST_ROUTING, NF_IP_PRI_NAT_SRC); nft_postrouting_chain, NAT_CHAIN_TYPE, NF_INET_POST_ROUTING, NF_IP_PRI_NAT_SRC);
} }
if (result == 0) { if (result == 0) {
result = table_op(NFT_MSG_DELTABLE, NFPROTO_IPV6, nft_table6); result = table_op(NFT_MSG_DELTABLE, NFPROTO_IPV6, nft_table);
} }
finish_batch(); finish_batch();
@ -157,12 +157,6 @@ set_rdr_name(rdr_name_type param, const char *string) {
case TABLE_NAME: case TABLE_NAME:
nft_table = string; nft_table = string;
break; break;
case TABLE4_NAME:
nft_table4 = string;
break;
case TABLE6_NAME:
nft_table6 = string;
break;
case NAT_CHAIN_NAME: case NAT_CHAIN_NAME:
nft_prerouting_chain = string; nft_prerouting_chain = string;
break; break;

18
miniupnpd/netfilter_nft/nftnlrdr_misc.c
View File

@ -64,8 +64,6 @@
#define RULE_CACHE_VALID 1 #define RULE_CACHE_VALID 1
const char * nft_table = "miniupnpd"; const char * nft_table = "miniupnpd";
const char * nft_table4 = "miniupnpd4";
const char * nft_table6 = "miniupnpd6";
const char * nft_prerouting_chain = "prerouting"; const char * nft_prerouting_chain = "prerouting";
const char * nft_postrouting_chain = "postrouting"; const char * nft_postrouting_chain = "postrouting";
const char * nft_forward_chain = "forward"; const char * nft_forward_chain = "forward";
@ -656,7 +654,7 @@ table_cb(const struct nlmsghdr *nlh, void *data)
void void
refresh_nft_cache_filter(void) { refresh_nft_cache_filter(void) {
if (rule_list_filter_validate != RULE_CACHE_VALID) { if (rule_list_filter_validate != RULE_CACHE_VALID) {
refresh_nft_cache(&head_filter, nft_table4, nft_forward_chain, NFPROTO_INET); refresh_nft_cache(&head_filter, nft_table, nft_forward_chain, NFPROTO_INET);
rule_list_filter_validate = RULE_CACHE_VALID; rule_list_filter_validate = RULE_CACHE_VALID;
} }
} }
@ -664,7 +662,7 @@ refresh_nft_cache_filter(void) {
void void
refresh_nft_cache_peer(void) { refresh_nft_cache_peer(void) {
if (rule_list_peer_validate != RULE_CACHE_VALID) { if (rule_list_peer_validate != RULE_CACHE_VALID) {
refresh_nft_cache(&head_peer, nft_table4, nft_postrouting_chain, NFPROTO_IPV4); refresh_nft_cache(&head_peer, nft_table, nft_postrouting_chain, NFPROTO_IPV4);
rule_list_peer_validate = RULE_CACHE_VALID; rule_list_peer_validate = RULE_CACHE_VALID;
} }
} }
@ -673,7 +671,7 @@ void
refresh_nft_cache_redirect(void) refresh_nft_cache_redirect(void)
{ {
if (rule_list_redirect_validate != RULE_CACHE_VALID) { if (rule_list_redirect_validate != RULE_CACHE_VALID) {
refresh_nft_cache(&head_redirect, nft_table4, nft_prerouting_chain, NFPROTO_IPV4); refresh_nft_cache(&head_redirect, nft_table, nft_prerouting_chain, NFPROTO_IPV4);
rule_list_redirect_validate = RULE_CACHE_VALID; rule_list_redirect_validate = RULE_CACHE_VALID;
} }
} }
@ -935,9 +933,9 @@ rule_set_snat(uint8_t family, uint8_t proto,
return NULL; return NULL;
} }
nftnl_rule_set(r, NFTNL_RULE_TABLE, family == NFPROTO_IPV6 ? nft_table6 : nft_table4);
nftnl_rule_set(r, NFTNL_RULE_CHAIN, nft_postrouting_chain);
nftnl_rule_set_u32(r, NFTNL_RULE_FAMILY, family); nftnl_rule_set_u32(r, NFTNL_RULE_FAMILY, family);
nftnl_rule_set(r, NFTNL_RULE_TABLE, nft_table);
nftnl_rule_set(r, NFTNL_RULE_CHAIN, nft_postrouting_chain);
if (descr != NULL) { if (descr != NULL) {
descr_len = strlen(descr); descr_len = strlen(descr);
@ -1021,9 +1019,9 @@ rule_set_dnat(uint8_t family, const char * ifname, uint8_t proto,
return NULL; return NULL;
} }
nftnl_rule_set(r, NFTNL_RULE_TABLE, family == NFPROTO_IPV6 ? nft_table6 : nft_table4);
nftnl_rule_set(r, NFTNL_RULE_CHAIN, nft_prerouting_chain);
nftnl_rule_set_u32(r, NFTNL_RULE_FAMILY, family); nftnl_rule_set_u32(r, NFTNL_RULE_FAMILY, family);
nftnl_rule_set(r, NFTNL_RULE_TABLE, nft_table);
nftnl_rule_set(r, NFTNL_RULE_CHAIN, nft_prerouting_chain);
if (descr != NULL) { if (descr != NULL) {
descr_len = strlen(descr); descr_len = strlen(descr);
@ -1183,9 +1181,9 @@ rule_set_filter_common(struct nftnl_rule *r, uint8_t family, const char * ifname
uint32_t descr_len; uint32_t descr_len;
UNUSED(eport); UNUSED(eport);
nftnl_rule_set_u32(r, NFTNL_RULE_FAMILY, family);
nftnl_rule_set(r, NFTNL_RULE_TABLE, nft_table); nftnl_rule_set(r, NFTNL_RULE_TABLE, nft_table);
nftnl_rule_set(r, NFTNL_RULE_CHAIN, nft_forward_chain); nftnl_rule_set(r, NFTNL_RULE_CHAIN, nft_forward_chain);
nftnl_rule_set_u32(r, NFTNL_RULE_FAMILY, family);
if (descr != NULL) { if (descr != NULL) {
descr_len = strlen(descr); descr_len = strlen(descr);

2
miniupnpd/netfilter_nft/nftnlrdr_misc.h
View File

@ -9,8 +9,6 @@
#include <sys/queue.h> #include <sys/queue.h>
extern const char * nft_table; extern const char * nft_table;
extern const char * nft_table4;
extern const char * nft_table6;
extern const char * nft_prerouting_chain; extern const char * nft_prerouting_chain;
extern const char * nft_postrouting_chain; extern const char * nft_postrouting_chain;
extern const char * nft_forward_chain; extern const char * nft_forward_chain;