From 39104fdf740a2e3900aec03129d2e57cce4e4638 Mon Sep 17 00:00:00 2001 From: Ravinder Konka Date: Mon, 23 Mar 2015 22:03:20 +0530 Subject: [PATCH] port-pinhole-desc Change-Id: I1f574e7206eb5dde7f4887cff291c3935ab9ee92 --- commonrdr.h | 15 +++++++++++---- netfilter/iptcrdr.c | 6 +++++- netfilter/iptpinhole.c | 32 +++++++++++++++++++++----------- netfilter/iptpinhole.h | 12 +++++++++--- 4 files changed, 46 insertions(+), 19 deletions(-) diff --git a/commonrdr.h b/commonrdr.h index 7c0bd7c..eba60f4 100755 --- a/commonrdr.h +++ b/commonrdr.h @@ -9,6 +9,7 @@ #include "config.h" + /* init and shutdown functions */ /* init_redirect() return values : * 0 : OK @@ -30,8 +31,11 @@ get_redirect_rule(const char * ifname, u char * iaddr, int iaddrlen, unsigned short * iport, char * desc, int desclen, char * rhost, int rhostlen, - unsigned int * timestamp, - u_int64_t * packets, u_int64_t * bytes); + unsigned int * timestamp +#ifndef QCMAP + ,u_int64_t * packets, u_int64_t * bytes +#endif + ); /* get_redirect_rule_by_index() * return values : @@ -43,8 +47,11 @@ get_redirect_rule_by_index(int index, char * iaddr, int iaddrlen, unsigned short * iport, int * proto, char * desc, int desclen, char * rhost, int rhostlen, - unsigned int * timestamp, - u_int64_t * packets, u_int64_t * bytes); + unsigned int * timestamp +#ifndef QCMAP + ,u_int64_t * packets, u_int64_t * bytes +#endif + ); /* return an (malloc'ed) array of "external" port for which there is * a port mapping. number is the size of the array */ diff --git a/netfilter/iptcrdr.c b/netfilter/iptcrdr.c index a93c1cf..cfa24e5 100755 --- a/netfilter/iptcrdr.c +++ b/netfilter/iptcrdr.c @@ -4,7 +4,9 @@ * (c) 2006-2015 Thomas Bernard * This software is subject to the conditions detailed * in the LICENCE file provided within the distribution */ +#include "../config.h" #include +#ifndef QCMAP #include #include #include @@ -101,7 +103,7 @@ static int snprintip(char * dst, size_t "%u.%u.%u.%u", ip >> 24, (ip >> 16) & 0xff, (ip >> 8) & 0xff, ip & 0xff); } - +#endif /* netfilter cannot store redirection descriptions, so we use our * own structure to store them */ struct rdr_desc { @@ -211,6 +213,7 @@ get_redirect_desc_by_index(int index, un } #endif +#ifndef QCMAP /* add_redirect_rule2() */ int add_redirect_rule2(const char * ifname, @@ -1595,3 +1598,4 @@ list_redirect_rule(const char * ifname) return 0; } #endif +#endif diff --git a/netfilter/iptpinhole.c b/netfilter/iptpinhole.c index e96a7d3..1df62cc 100755 --- a/netfilter/iptpinhole.c +++ b/netfilter/iptpinhole.c @@ -9,6 +9,7 @@ #include #include #include +#include #include #include @@ -18,8 +19,11 @@ #ifdef ENABLE_UPNPPINHOLE +#ifndef QCMAP #include #include +#endif + #include "tiny_nf_nat.h" #define IP6TC_HANDLE struct ip6tc_handle * @@ -39,16 +43,19 @@ struct pinhole_t { unsigned short sport; unsigned short dport; unsigned short uid; +#ifdef QCMAP + int qcmap_handle; +#endif unsigned char proto; char desc[]; }; -void init_iptpinhole(void) +static void init_iptpinhole(void) { LIST_INIT(&pinhole_list); } -void shutdown_iptpinhole(void) +static void shutdown_iptpinhole(void) { /* TODO empty list */ } @@ -57,7 +64,11 @@ void shutdown_iptpinhole(void) static int add_to_pinhole_list(struct in6_addr * saddr, unsigned short sport, struct in6_addr * daddr, unsigned short dport, - int proto, const char *desc, unsigned int timestamp) + int proto, const char *desc, unsigned int timestamp +#ifdef QCMAP + ,int qcmap_handle +#endif + ) { struct pinhole_t * p; @@ -72,6 +83,17 @@ add_to_pinhole_list(struct in6_addr * sa memcpy(&p->daddr, daddr, sizeof(struct in6_addr)); p->dport = dport; p->timestamp = timestamp; +#ifdef QCMAP + p->qcmap_handle= qcmap_handle; + if(qcmap_handle == -4) + { + return --next_uid; + } + if (qcmap_handle < 0) + { + return -1; + } +#endif p->proto = (unsigned char)proto; LIST_INSERT_HEAD(&pinhole_list, p, entries); while(get_pinhole(next_uid) != NULL) { @@ -83,6 +105,7 @@ add_to_pinhole_list(struct in6_addr * sa next_uid++; if(next_uid > 65535) next_uid = 1; + return p->uid; } @@ -101,6 +124,7 @@ get_pinhole(unsigned short uid) /* new_match() * Allocate and set a new ip6t_entry_match structure * The caller must free() it after usage */ +#ifndef QCMAP static struct ip6t_entry_match * new_match(int proto, unsigned short sport, unsigned short dport) { @@ -194,7 +218,7 @@ miniupnpd_forward_chain, line_number, pr ip6tables -t raw -I PREROUTING %d -p %s -i %s -s %s --sport %hu -d %s --dport %hu -j TRACE ip6tables -t raw -I PREROUTING %d -p %s -i %s --sport %hu -d %s --dport %hu -j TRACE */ -int add_pinhole(const char * ifname, +static int add_pinhole(const char * ifname, const char * rem_host, unsigned short rem_port, const char * int_client, unsigned short int_port, int proto, const char * desc, unsigned int timestamp) @@ -262,7 +286,7 @@ int add_pinhole(const char * ifname, return uid; } -int +static int delete_pinhole(unsigned short uid) { struct pinhole_t * p; @@ -320,8 +344,9 @@ error: ip6tc_free(h); return -1; } +#endif -int +static int update_pinhole(unsigned short uid, unsigned int timestamp) { struct pinhole_t * p; @@ -334,8 +359,8 @@ update_pinhole(unsigned short uid, unsig return -2; /* Not found */ } } - -int +#ifndef QCMAP +static int get_pinhole_info(unsigned short uid, char * rem_host, int rem_hostlen, unsigned short * rem_port, @@ -400,8 +425,8 @@ get_pinhole_info(unsigned short uid, } return 0; } - -int get_pinhole_uid_by_index(int index) +#endif +static int get_pinhole_uid_by_index(int index) { struct pinhole_t * p; @@ -411,7 +436,7 @@ int get_pinhole_uid_by_index(int index) return -1; } -int +static int clean_pinhole_list(unsigned int * next_timestamp) { unsigned int min_ts = UINT_MAX; @@ -425,11 +450,24 @@ clean_pinhole_list(unsigned int * next_t if(p->timestamp <= (unsigned int)current_time) { unsigned short uid = p->uid; syslog(LOG_INFO, "removing expired pinhole with uid=%hu", uid); - p = p->entries.le_next; + #ifndef QCMAP if(delete_pinhole(uid) == 0) + { + #else + if(DeleteFirewallEntryWrapper(p->qcmap_handle)==0) + { + LIST_REMOVE(p, entries); + #endif n++; - else + } + else { + + #ifdef QCMAP + LIST_REMOVE(p, entries); + #endif break; + } + p = p->entries.le_next; } else { if(p->timestamp < min_ts) min_ts = p->timestamp; diff --git a/netfilter/iptpinhole.h b/netfilter/iptpinhole.h index a858ead..31c81db 100755 --- a/netfilter/iptpinhole.h +++ b/netfilter/iptpinhole.h @@ -10,16 +10,22 @@ #ifdef ENABLE_UPNPPINHOLE #include -int add_pinhole(const char * ifname, + +static void init_iptpinhole(void); + +static void shutdown_iptpinhole(void); + + +static int add_pinhole(const char * ifname, const char * rem_host, unsigned short rem_port, const char * int_client, unsigned short int_port, int proto, const char *desc, unsigned int timestamp); -int update_pinhole(unsigned short uid, unsigned int timestamp); +static int update_pinhole(unsigned short uid, unsigned int timestamp); -int delete_pinhole(unsigned short uid); +static int delete_pinhole(unsigned short uid); -int +static int get_pinhole_info(unsigned short uid, char * rem_host, int rem_hostlen, unsigned short * rem_port, char * int_client, int int_clientlen, @@ -28,9 +34,9 @@ get_pinhole_info(unsigned short uid, unsigned int * timestamp, u_int64_t * packets, u_int64_t * bytes); -int get_pinhole_uid_by_index(int index); +static int get_pinhole_uid_by_index(int index); -int clean_pinhole_list(unsigned int * next_timestamp); +static int clean_pinhole_list(unsigned int * next_timestamp); #endif /* ENABLE_UPNPPINHOLE */ -- 1.8.2.1