diff options
Diffstat (limited to 'src/nat.c')
| -rw-r--r-- | src/nat.c | 62 |
1 files changed, 33 insertions, 29 deletions
@@ -35,19 +35,20 @@ static GHashTable *nat_hash; struct connman_nat { char *address; unsigned char prefixlen; + struct firewall_context *fw; char *interface; }; -static int enable_ip_forward(connman_bool_t enable) +static int enable_ip_forward(bool enable) { FILE *f; f = fopen("/proc/sys/net/ipv4/ip_forward", "r+"); - if (f == NULL) + if (!f) return -errno; - if (enable == TRUE) + if (enable) fprintf(f, "1"); else fprintf(f, "0"); @@ -65,7 +66,7 @@ static int enable_nat(struct connman_nat *nat) g_free(nat->interface); nat->interface = g_strdup(default_interface); - if (nat->interface == NULL) + if (!nat->interface) return 0; /* Enable masquerading */ @@ -73,33 +74,23 @@ static int enable_nat(struct connman_nat *nat) nat->address, nat->prefixlen, nat->interface); - err = __connman_iptables_append("nat", "POSTROUTING", cmd); + + err = __connman_firewall_add_rule(nat->fw, "nat", + "POSTROUTING", cmd); g_free(cmd); if (err < 0) return err; - return __connman_iptables_commit("nat"); + return __connman_firewall_enable(nat->fw); } static void disable_nat(struct connman_nat *nat) { - char *cmd; - int err; - - if (nat->interface == NULL) + if (!nat->interface) return; /* Disable masquerading */ - cmd = g_strdup_printf("-s %s/%d -o %s -j MASQUERADE", - nat->address, - nat->prefixlen, - nat->interface); - err = __connman_iptables_delete("nat", "POSTROUTING", cmd); - g_free(cmd); - if (err < 0) - return; - - __connman_iptables_commit("nat"); + __connman_firewall_disable(nat->fw); } int __connman_nat_enable(const char *name, const char *address, @@ -109,18 +100,18 @@ int __connman_nat_enable(const char *name, const char *address, int err; if (g_hash_table_size(nat_hash) == 0) { - err = enable_ip_forward(TRUE); + err = enable_ip_forward(true); if (err < 0) return err; } nat = g_try_new0(struct connman_nat, 1); - if (nat == NULL) { - if (g_hash_table_size(nat_hash) == 0) - enable_ip_forward(FALSE); + if (!nat) + goto err; - return -ENOMEM; - } + nat->fw = __connman_firewall_create(); + if (!nat->fw) + goto err; nat->address = g_strdup(address); nat->prefixlen = prefixlen; @@ -128,6 +119,18 @@ int __connman_nat_enable(const char *name, const char *address, g_hash_table_replace(nat_hash, g_strdup(name), nat); return enable_nat(nat); + +err: + if (nat) { + if (nat->fw) + __connman_firewall_destroy(nat->fw); + g_free(nat); + } + + if (g_hash_table_size(nat_hash) == 0) + enable_ip_forward(false); + + return -ENOMEM; } void __connman_nat_disable(const char *name) @@ -135,7 +138,7 @@ void __connman_nat_disable(const char *name) struct connman_nat *nat; nat = g_hash_table_lookup(nat_hash, name); - if (nat == NULL) + if (!nat) return; disable_nat(nat); @@ -143,7 +146,7 @@ void __connman_nat_disable(const char *name) g_hash_table_remove(nat_hash, name); if (g_hash_table_size(nat_hash) == 0) - enable_ip_forward(FALSE); + enable_ip_forward(false); } static void update_default_interface(struct connman_service *service) @@ -162,7 +165,7 @@ static void update_default_interface(struct connman_service *service) g_hash_table_iter_init(&iter, nat_hash); - while (g_hash_table_iter_next(&iter, &key, &value) == TRUE) { + while (g_hash_table_iter_next(&iter, &key, &value)) { const char *name = key; struct connman_nat *nat = value; @@ -184,6 +187,7 @@ static void cleanup_nat(gpointer data) { struct connman_nat *nat = data; + __connman_firewall_destroy(nat->fw); g_free(nat->address); g_free(nat->interface); g_free(nat); |