summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2012-05-16 13:03:54 +0000
committerJo-Philipp Wich <jow@openwrt.org>2012-05-16 13:03:54 +0000
commit82fc13d3c2c9456607ac83885615c07a2c994240 (patch)
tree5d6c816bacc6f1935569749fbeb0966f7a10e80c
parenteb2fe5e86392b404c21354c5f3600c0892ccc143 (diff)
downloadmaster-31e0f0ae-82fc13d3c2c9456607ac83885615c07a2c994240.tar.gz
master-31e0f0ae-82fc13d3c2c9456607ac83885615c07a2c994240.tar.bz2
master-31e0f0ae-82fc13d3c2c9456607ac83885615c07a2c994240.zip
firewall: fix nat reflection after netifd switch (#11460)
SVN-Revision: 31754
-rw-r--r--package/firewall/Makefile2
-rw-r--r--package/firewall/files/reflection.hotplug36
2 files changed, 34 insertions, 4 deletions
diff --git a/package/firewall/Makefile b/package/firewall/Makefile
index 373baae5f8..e7a308f3c5 100644
--- a/package/firewall/Makefile
+++ b/package/firewall/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=firewall
PKG_VERSION:=2
-PKG_RELEASE:=49
+PKG_RELEASE:=50
include $(INCLUDE_DIR)/package.mk
diff --git a/package/firewall/files/reflection.hotplug b/package/firewall/files/reflection.hotplug
index 1feb21075a..73d9c61df8 100644
--- a/package/firewall/files/reflection.hotplug
+++ b/package/firewall/files/reflection.hotplug
@@ -1,9 +1,38 @@
#!/bin/sh
. /etc/functions.sh
+. /usr/share/libubox/jshn.sh
+
+find_iface_address()
+{
+ local iface="$1"
+ local ipaddr="$2"
+ local prefix="$3"
+
+ local tmp="$(ubus call network.interface."$iface" status 2>/dev/null)"
+
+ json_load "${tmp:-{}}"
+ json_get_type tmp address
+
+ if [ "$tmp" = array ]; then
+
+ json_select address
+ json_get_type tmp 1
+
+ if [ "$tmp" = object ]; then
+
+ json_select 1
+ [ -n "$ipaddr" ] && json_get_var "$ipaddr" address
+ [ -n "$prefix" ] && json_get_var "$prefix" mask
+
+ fi
+ fi
+}
if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "wan" ]; then
- local wanip=$(uci -P/var/state get network.wan.ipaddr)
+ local wanip
+ find_iface_address wan wanip
+ [ -n "$wanip" ] || return
iptables -t nat -F nat_reflection_in 2>/dev/null || {
iptables -t nat -N nat_reflection_in
@@ -60,8 +89,9 @@ if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "wan" ]; then
local net
for net in $(find_networks "$dest"); do
- local lanip=$(uci -P/var/state get network.$net.ipaddr)
- local lanmk=$(uci -P/var/state get network.$net.netmask)
+ local lanip lanmk
+ find_iface_address "$net" lanip lanmk
+ [ -n "$lanip" ] || return
local proto
config_get proto "$cfg" proto