Changeset 8815

Timestamp:

01/22/08 05:01:10 (5 years ago)

Author:

BrainSlayer

Message:

add masquerading rule for unbridged vifs

Location:

src/router/services

Files:

• networking/firewall.c (modified) (4 diffs)
• services/anchorfree.c (modified) (2 diffs)

src/router/services/networking/firewall.c

@@ -51 +51 @@
 #include <code_pattern.h>
 #include <utils.h>
+#include <wlutils.h>
 #include <cy_conf.h>
 #endif /* DEVELOPE_ENV */
@@ -633 +634 @@
           char *nmask = nvram_safe_get ("lan_netmask"); //assuming lan_netmask is valid
 
-          int ip[4] = { 0, 0, 0, 0 };
-
-          sscanf (nmask, "%d.%d.%d.%d", &ip[0], &ip[1], &ip[2], &ip[3]);
-
-          int n = 8;
-
-          for (--n; n >= 0; --n)        //test all 4 bytes in one pass
-            {
-              if (ip[0] & 1 << n)
-                loopmask++;
-              if (ip[1] & 1 << n)
-                loopmask++;
-              if (ip[2] & 1 << n)
-                loopmask++;
-              if (ip[3] & 1 << n)
-                loopmask++;
-            }
-
-          save2file
-            ("-A POSTROUTING -o %s -m pkttype --pkt-type broadcast -j RETURN\n",
-             lanface);
-          save2file
-            ("-A POSTROUTING -o %s -s %s0/%d -d %s0/%d -j MASQUERADE\n",
-             lanface, lan_cclass, loopmask, lan_cclass, loopmask);
+          loopmask = getmask(nmask);
+
+          save2file("-A POSTROUTING -o %s -m pkttype --pkt-type broadcast -j RETURN\n",lanface);
+          save2file("-A POSTROUTING -o %s -s %s0/%d -d %s0/%d -j MASQUERADE\n",lanface, lan_cclass, loopmask, lan_cclass, loopmask);
+#ifdef HAVE_MSSID
+
+#ifdef HAVE_MADWIFI
+  int i;
+
+  char *next;
+  char dev[16];
+  char var[80];
+  char wifivifs[16];
+  int devcount = getdevicecount ();
+  for (i = 0; i < devcount; i++)
+    {
+      sprintf (wifivifs, "ath%d_vifs", i);
+      if (nvram_nmatch("0","ath%d_bridged",i))
+      {
+          save2file("-A POSTROUTING -o ath%d -m pkttype --pkt-type broadcast -j RETURN\n",i);
+          save2file("-A POSTROUTING -o ath%d -s %s/%d -d %s/%d -j MASQUERADE\n",i, nvram_nget("ath%d_ipaddr",i), getmask(nvram_nget("ath%d_netmask",i)), nvram_nget("ath%d_ipaddr",i), getmask(nvram_nget("ath%d_netmask",i)));
+      }
+      char *vifs = nvram_safe_get (wifivifs);
+      if (vifs != NULL)
+        foreach (var, vifs, next)
+        {
+        if (nvram_nmatch("0","%s_bridged",var))
+          {
+          save2file("-A POSTROUTING -o %s -m pkttype --pkt-type broadcast -j RETURN\n",var);
+          save2file("-A POSTROUTING -o %s -s %s/%d -d %s/%d -j MASQUERADE\n",var, nvram_nget("%s_ipaddr",var), getmask(nvram_nget("%s_netmask",var)), nvram_nget("%s_ipaddr",var), getmask(nvram_nget("%s_netmask",var)));
+          }
+        }
+    }
+#else
+  int i;
+  char *next;
+  char dev[16];
+  char var[80];
+  char wifivifs[16];
+  int devcount = get_wl_instances ();
+  for (i = 0; i < devcount; i++)
+    {
+      sprintf (wifivifs, "wl%d_vifs", i);
+      char *iname = get_wl_instance_name (i);
+      if (nvram_nmatch("0","%s_bridged",iname))
+      {
+          save2file("-A POSTROUTING -o %s -m pkttype --pkt-type broadcast -j RETURN\n",iname);
+          save2file("-A POSTROUTING -o %s -s %s/%d -d %s/%d -j MASQUERADE\n",iname, nvram_nget("%s_ipaddr",iname), getmask(nvram_nget("%s_netmask",iname)), nvram_nget("%s_ipaddr",iname), getmask(nvram_nget("%s_netmask",iname)));
+      }
+      char *vifs = nvram_safe_get (wifivifs);
+      if (vifs != NULL)
+        foreach (var, vifs, next)
+        {
+        if (nvram_nmatch("0","%s_bridged",var))
+          {
+          save2file("-A POSTROUTING -o %s -m pkttype --pkt-type broadcast -j RETURN\n",var);
+          save2file("-A POSTROUTING -o %s -s %s/%d -d %s/%d -j MASQUERADE\n",var, nvram_nget("%s_ipaddr",var), getmask(nvram_nget("%s_netmask",var)), nvram_nget("%s_ipaddr",var), getmask(nvram_nget("%s_netmask",var)));
+          }
+        }
+    }
+#endif
+
+
+#endif
 
 #ifndef HAVE_MAGICBOX
@@ -1738 +1779 @@
     {
       sprintf (wifivifs, "ath%d_vifs", i);
+      if (nvram_nmatch("0","ath%d_bridged",i))
+      {
       save2file ("-A INPUT -i ath%d -j ACCEPT\n", i);
       save2file ("-A FORWARD -i ath%d -j ACCEPT\n", i);
+      }
       char *vifs = nvram_safe_get (wifivifs);
       if (vifs != NULL)
         foreach (var, vifs, next)
         {
+        if (nvram_nmatch("0","%s_bridged",var))
+          {
           save2file ("-A INPUT -i %s -j ACCEPT\n", var);
           save2file ("-A FORWARD -i %s -j ACCEPT\n", var);
+          }
         }
     }
@@ -1759 +1806 @@
       sprintf (wifivifs, "wl%d_vifs", i);
       char *iname = get_wl_instance_name (i);
+      if (nvram_nmatch("0","%s_bridged",iname))
+      {
       save2file ("-A INPUT -i %s -j ACCEPT\n", iname);
       save2file ("-A FORWARD -i %s -j ACCEPT\n", iname);
-
+      }
       char *vifs = nvram_safe_get (wifivifs);
       if (vifs != NULL)
         foreach (var, vifs, next)
         {
+        if (nvram_nmatch("0","%s_bridged",var))
+          {
           save2file ("-A INPUT -i %s -j ACCEPT\n", var);
           save2file ("-A FORWARD -i %s -j ACCEPT\n", var);
+          }
         }
     }

src/router/services/services/anchorfree.c

@@ -1 +1 @@
 /*
- * igmp.c
- *
- * Copyright (C) 2007 Sebastian Gottschall <gottschall@dd-wrt.com>
+ * AnchorFree.c
+ *
+ * Copyright (C) 2008 Sebastian Gottschall <gottschall@dd-wrt.com>
  *
  * This program is free software; you can redistribute it and/or
@@ -93 +93 @@
 }
 
-int
-getmask (char *nmask)
-{
-
-  int loopmask = 0;
-  int ip[4] = { 0, 0, 0, 0 };
-
-  sscanf (nmask, "%d.%d.%d.%d", &ip[0], &ip[1], &ip[2], &ip[3]);
-
-  int n = 8;
-
-  for (--n; n >= 0; --n)        //test all 4 bytes in one pass
-    {
-      if (ip[0] & 1 << n)
-        loopmask++;
-      if (ip[1] & 1 << n)
-        loopmask++;
-      if (ip[2] & 1 << n)
-        loopmask++;
-      if (ip[3] & 1 << n)
-        loopmask++;
-    }
-  return loopmask;
-}
 
 void