Changeset 8955

Timestamp:

02/06/08 19:28:17 (5 years ago)

Author:

BrainSlayer

Message:

now multicast works for multiple separated interfaces

Location:

src/router

Files:

• services/networking/firewall.c (modified) (11 diffs)
• services/services/igmp.c (modified) (1 diff)
• shared/utils.c (modified) (1 diff)
• shared/utils.h (modified) (1 diff)

src/router/services/networking/firewall.c

@@ -634 +634 @@
           char *nmask = nvram_safe_get ("lan_netmask"); //assuming lan_netmask is valid
 
-          loopmask = getmask(nmask);
-
-          save2file("-A POSTROUTING -o %s -m pkttype --pkt-type broadcast -j RETURN\n",lanface);
-          save2file("-A POSTROUTING -o %s -s %s0/%d -d %s0/%d -j MASQUERADE\n",lanface, lan_cclass, loopmask, lan_cclass, loopmask);
+          loopmask = getmask (nmask);
+
+          save2file
+            ("-A POSTROUTING -o %s -m pkttype --pkt-type broadcast -j RETURN\n",
+             lanface);
+          save2file
+            ("-A POSTROUTING -o %s -s %s0/%d -d %s0/%d -j MASQUERADE\n",
+             lanface, lan_cclass, loopmask, lan_cclass, loopmask);
+          char *next;
+          char dev[16];
+          char var[80];
 #ifdef HAVE_MSSID
 
 #ifdef HAVE_MADWIFI
-  int i;
-
-  char *next;
-  char dev[16];
-  char var[80];
-  char wifivifs[16];
-  int devcount = getdevicecount ();
-  for (i = 0; i < devcount; i++)
-    {
-      sprintf (wifivifs, "ath%d_vifs", i);
-      if (nvram_nmatch("0","ath%d_bridged",i))
-      {
-          save2file("-A POSTROUTING -o ath%d -m pkttype --pkt-type broadcast -j RETURN\n",i);
-          save2file("-A POSTROUTING -o ath%d -s %s/%d -d %s/%d -j MASQUERADE\n",i, nvram_nget("ath%d_ipaddr",i), getmask(nvram_nget("ath%d_netmask",i)), nvram_nget("ath%d_ipaddr",i), getmask(nvram_nget("ath%d_netmask",i)));
-      }
-      char *vifs = nvram_safe_get (wifivifs);
-      if (vifs != NULL)
-        foreach (var, vifs, next)
-        {
-        if (nvram_nmatch("0","%s_bridged",var))
-          {
-          save2file("-A POSTROUTING -o %s -m pkttype --pkt-type broadcast -j RETURN\n",var);
-          save2file("-A POSTROUTING -o %s -s %s/%d -d %s/%d -j MASQUERADE\n",var, nvram_nget("%s_ipaddr",var), getmask(nvram_nget("%s_netmask",var)), nvram_nget("%s_ipaddr",var), getmask(nvram_nget("%s_netmask",var)));
-          }
-        }
-    }
+          int i;
+
+          char wifivifs[16];
+          int devcount = getdevicecount ();
+          for (i = 0; i < devcount; i++)
+            {
+              sprintf (wifivifs, "ath%d_vifs", i);
+              if (nvram_nmatch ("0", "ath%d_bridged", i))
+                {
+                  save2file
+                    ("-A POSTROUTING -o ath%d -m pkttype --pkt-type broadcast -j RETURN\n",
+                     i);
+                  save2file
+                    ("-A POSTROUTING -o ath%d -s %s/%d -d %s/%d -j MASQUERADE\n",
+                     i, nvram_nget ("ath%d_ipaddr", i),
+                     getmask (nvram_nget ("ath%d_netmask", i)),
+                     nvram_nget ("ath%d_ipaddr", i),
+                     getmask (nvram_nget ("ath%d_netmask", i)));
+                }
+              char *vifs = nvram_safe_get (wifivifs);
+              if (vifs != NULL)
+                foreach (var, vifs, next)
+                {
+                  if (nvram_nmatch ("0", "%s_bridged", var))
+                    {
+                      save2file
+                        ("-A POSTROUTING -o %s -m pkttype --pkt-type broadcast -j RETURN\n",
+                         var);
+                      save2file
+                        ("-A POSTROUTING -o %s -s %s/%d -d %s/%d -j MASQUERADE\n",
+                         var, nvram_nget ("%s_ipaddr", var),
+                         getmask (nvram_nget ("%s_netmask", var)),
+                         nvram_nget ("%s_ipaddr", var),
+                         getmask (nvram_nget ("%s_netmask", var)));
+                    }
+                }
+            }
 #else
-  int i;
-  char *next;
-  char dev[16];
-  char var[80];
-  char wifivifs[16];
-  int devcount = get_wl_instances ();
-  for (i = 0; i < devcount; i++)
-    {
-      sprintf (wifivifs, "wl%d_vifs", i);
-      char *iname = get_wl_instance_name (i);
-      if (nvram_nmatch("0","%s_bridged",iname))
-      {
-          save2file("-A POSTROUTING -o %s -m pkttype --pkt-type broadcast -j RETURN\n",iname);
-          save2file("-A POSTROUTING -o %s -s %s/%d -d %s/%d -j MASQUERADE\n",iname, nvram_nget("%s_ipaddr",iname), getmask(nvram_nget("%s_netmask",iname)), nvram_nget("%s_ipaddr",iname), getmask(nvram_nget("%s_netmask",iname)));
-      }
-      char *vifs = nvram_safe_get (wifivifs);
-      if (vifs != NULL)
-        foreach (var, vifs, next)
-        {
-        if (nvram_nmatch("0","%s_bridged",var))
-          {
-          save2file("-A POSTROUTING -o %s -m pkttype --pkt-type broadcast -j RETURN\n",var);
-          save2file("-A POSTROUTING -o %s -s %s/%d -d %s/%d -j MASQUERADE\n",var, nvram_nget("%s_ipaddr",var), getmask(nvram_nget("%s_netmask",var)), nvram_nget("%s_ipaddr",var), getmask(nvram_nget("%s_netmask",var)));
-          }
-        }
-    }
-#endif
-
-
-#endif
+          int i;
+          char wifivifs[16];
+          int devcount = get_wl_instances ();
+          for (i = 0; i < devcount; i++)
+            {
+              sprintf (wifivifs, "wl%d_vifs", i);
+              char *iname = get_wl_instance_name (i);
+              if (nvram_nmatch ("0", "%s_bridged", iname))
+                {
+                  save2file
+                    ("-A POSTROUTING -o %s -m pkttype --pkt-type broadcast -j RETURN\n",
+                     iname);
+                  save2file
+                    ("-A POSTROUTING -o %s -s %s/%d -d %s/%d -j MASQUERADE\n",
+                     iname, nvram_nget ("%s_ipaddr", iname),
+                     getmask (nvram_nget ("%s_netmask", iname)),
+                     nvram_nget ("%s_ipaddr", iname),
+                     getmask (nvram_nget ("%s_netmask", iname)));
+                }
+              char *vifs = nvram_safe_get (wifivifs);
+              if (vifs != NULL)
+                foreach (var, vifs, next)
+                {
+                  if (nvram_nmatch ("0", "%s_bridged", var))
+                    {
+                      save2file
+                        ("-A POSTROUTING -o %s -m pkttype --pkt-type broadcast -j RETURN\n",
+                         var);
+                      save2file
+                        ("-A POSTROUTING -o %s -s %s/%d -d %s/%d -j MASQUERADE\n",
+                         var, nvram_nget ("%s_ipaddr", var),
+                         getmask (nvram_nget ("%s_netmask", var)),
+                         nvram_nget ("%s_ipaddr", var),
+                         getmask (nvram_nget ("%s_netmask", var)));
+                    }
+                }
+            }
+#endif
+
+
+#endif
+          char *vifs = nvram_safe_get ("lan_ifnames");
+          if (vifs != NULL)
+            foreach (var, vifs, next)
+            {
+              if (nvram_nmatch ("0", "%s_bridged", var))
+                {
+                  save2file
+                    ("-A POSTROUTING -o %s -m pkttype --pkt-type broadcast -j RETURN\n",
+                     var);
+                  save2file
+                    ("-A POSTROUTING -o %s -s %s/%d -d %s/%d -j MASQUERADE\n",
+                     var, nvram_nget ("%s_ipaddr", var),
+                     getmask (nvram_nget ("%s_netmask", var)),
+                     nvram_nget ("%s_ipaddr", var),
+                     getmask (nvram_nget ("%s_netmask", var)));
+                }
+            }
 
 #ifndef HAVE_MAGICBOX
@@ -1705 +1751 @@
   /* IGMP query from WAN interface */
   save2file ("-A INPUT -p igmp -j %s\n",
-             nvram_match ("block_multicast", "1") ? log_drop : TARG_PASS);
+             doMultiCast()==0 ? log_drop : TARG_PASS);
 
 #ifdef HAVE_TFTP
@@ -1736 +1782 @@
     save2file ("-A INPUT -i %s -m state --state NEW -j logaccept\n", buff);
   }
+  char dev[16];
+  char var[80];
 #ifdef HAVE_MSSID
 
@@ -1741 +1789 @@
   int i;
 
-  char dev[16];
-  char var[80];
   char wifivifs[16];
   int devcount = getdevicecount ();
@@ -1748 +1794 @@
     {
       sprintf (wifivifs, "ath%d_vifs", i);
-      if (nvram_nmatch("0","ath%d_bridged",i))
-      {
-      save2file ("-A INPUT -i ath%d -j ACCEPT\n", i);
-      }
+      if (nvram_nmatch ("0", "ath%d_bridged", i))
+        {
+          save2file ("-A INPUT -i ath%d -j ACCEPT\n", i);
+        }
       char *vifs = nvram_safe_get (wifivifs);
       if (vifs != NULL)
         foreach (var, vifs, next)
         {
-        if (nvram_nmatch("0","%s_bridged",var))
-          {
-          save2file ("-A INPUT -i %s -j ACCEPT\n", var);
-          }
+          if (nvram_nmatch ("0", "%s_bridged", var))
+            {
+              save2file ("-A INPUT -i %s -j ACCEPT\n", var);
+            }
         }
     }
 #else
   int i;
-  char dev[16];
-  char var[80];
   char wifivifs[16];
   int devcount = get_wl_instances ();
@@ -1772 +1816 @@
       sprintf (wifivifs, "wl%d_vifs", i);
       char *iname = get_wl_instance_name (i);
-      if (nvram_nmatch("0","%s_bridged",iname))
-      {
-      save2file ("-A INPUT -i %s -j ACCEPT\n", iname);
-      }
+      if (nvram_nmatch ("0", "%s_bridged", iname))
+        {
+          save2file ("-A INPUT -i %s -j ACCEPT\n", iname);
+        }
       char *vifs = nvram_safe_get (wifivifs);
       if (vifs != NULL)
         foreach (var, vifs, next)
         {
-        if (nvram_nmatch("0","%s_bridged",var))
-          {
+          if (nvram_nmatch ("0", "%s_bridged", var))
+            {
+              save2file ("-A INPUT -i %s -j ACCEPT\n", var);
+            }
+        }
+    }
+#endif
+
+
+#endif
+  char *vifs = nvram_safe_get ("lan_ifnames");
+  if (vifs != NULL)
+    foreach (var, vifs, next)
+    {
+      if (nvram_nmatch ("0", "%s_bridged", var))
+        {
           save2file ("-A INPUT -i %s -j ACCEPT\n", var);
-          }
         }
     }
-#endif
-
-
-#endif
 
 
@@ -1821 +1874 @@
 {
 
-
-#ifdef HAVE_MSSID
-
-#ifdef HAVE_MADWIFI
-  int i;
-
   char *next;
   char dev[16];
   char var[80];
+
+#ifdef HAVE_MSSID
+
+#ifdef HAVE_MADWIFI
+  int i;
   char wifivifs[16];
   int devcount = getdevicecount ();
@@ -1835 +1887 @@
     {
       sprintf (wifivifs, "ath%d_vifs", i);
-      if (nvram_nmatch("0","ath%d_bridged",i))
-      {
-      save2file ("-A FORWARD -i ath%d -j ACCEPT\n", i);
-      }
+      if (nvram_nmatch ("0", "ath%d_bridged", i))
+        {
+          save2file ("-A FORWARD -i ath%d -j ACCEPT\n", i);
+        }
       char *vifs = nvram_safe_get (wifivifs);
       if (vifs != NULL)
         foreach (var, vifs, next)
         {
-        if (nvram_nmatch("0","%s_bridged",var))
-          {
-          save2file ("-A FORWARD -i %s -j ACCEPT\n", var);
-          }
+          if (nvram_nmatch ("0", "%s_bridged", var))
+            {
+              save2file ("-A FORWARD -i %s -j ACCEPT\n", var);
+            }
         }
     }
 #else
   int i;
-  char *next;
-  char dev[16];
-  char var[80];
   char wifivifs[16];
   int devcount = get_wl_instances ();
@@ -1860 +1909 @@
       sprintf (wifivifs, "wl%d_vifs", i);
       char *iname = get_wl_instance_name (i);
-      if (nvram_nmatch("0","%s_bridged",iname))
-      {
-      save2file ("-A FORWARD -i %s -j ACCEPT\n", iname);
-      }
+      if (nvram_nmatch ("0", "%s_bridged", iname))
+        {
+          save2file ("-A FORWARD -i %s -j ACCEPT\n", iname);
+        }
       char *vifs = nvram_safe_get (wifivifs);
       if (vifs != NULL)
         foreach (var, vifs, next)
         {
-        if (nvram_nmatch("0","%s_bridged",var))
-          {
+          if (nvram_nmatch ("0", "%s_bridged", var))
+            {
+              save2file ("-A FORWARD -i %s -j ACCEPT\n", var);
+            }
+        }
+    }
+#endif
+
+
+#endif
+  char *vifs = nvram_safe_get ("lan_ifnames");
+  if (vifs != NULL)
+    foreach (var, vifs, next)
+    {
+      if (nvram_nmatch ("0", "%s_bridged", var))
+        {
           save2file ("-A FORWARD -i %s -j ACCEPT\n", var);
-          }
         }
     }
-#endif
-
-
-#endif
   /* Accept the redirect, might be seen as INVALID, packets */
   save2file ("-A FORWARD -i %s -o %s -j ACCEPT\n", lanface, lanface);
@@ -2001 +2059 @@
     }
   /* ACCEPT packets for Multicast pass through */
-  if (nvram_match ("block_multicast", "0"))
+  if (doMultiCast()>0)
     save2file ("-A FORWARD -i %s -p udp -m udp --destination %s -j %s\n",
                wanface, IP_MULTICAST, log_accept);
@@ -2842 +2900 @@
 stop_firewall (void)
 {
-  stop_anchorfree();
+  stop_anchorfree ();
   /* Make sure the DMZ-LED is off (from service.c) */
   diag_led (DMZ, STOP_LED);

src/router/services/services/igmp.c

@@ -27 +27 @@
 #include <syslog.h>
 #include <signal.h>
+
+
 int
 start_igmp_proxy (void)

src/router/shared/utils.c

@@ -3978 +3978 @@
   return loopmask;
 }
+int doMultiCast(void)
+{
+ char name[80], *next;
+ int ifcount;
+  if (nvram_match ("wan_proto", "disabled"))
+    return 0;
+  if (nvram_match ("block_multicast", "0"))
+    {
+      ifcount++;
+    }
+  foreach (name, nvram_safe_get ("lan_ifnames"), next)
+  {
+    if (nvram_nmatch ("0", "%s_bridged", name)
+        && nvram_nmatch ("1", "%s_multicast", name))
+      {
+        ifcount++;
+      }
+  }
+ return ifcount;
+}

src/router/shared/utils.h

@@ -524 +524 @@
 
 int getmask(char *netmask);
+int doMultiCast(void);
+
 #define MAX_WDS_DEVS 10
 #endif