2020-11-09 05:23:58 +01:00
|
|
|
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
2015-01-13 13:44:30 +01:00
|
|
|
|
2015-12-03 21:13:37 +01:00
|
|
|
#include <errno.h>
|
|
|
|
#include <stddef.h>
|
|
|
|
#include <string.h>
|
2015-01-13 13:44:30 +01:00
|
|
|
|
2015-10-27 03:01:06 +01:00
|
|
|
#include "alloc-util.h"
|
2015-06-15 13:50:43 +02:00
|
|
|
#include "firewall-util.h"
|
2020-06-25 15:00:54 +02:00
|
|
|
#include "firewall-util-private.h"
|
2015-01-13 13:44:30 +01:00
|
|
|
|
2020-06-25 15:00:54 +02:00
|
|
|
enum FirewallBackend {
|
|
|
|
FW_BACKEND_NONE,
|
|
|
|
#if HAVE_LIBIPTC
|
|
|
|
FW_BACKEND_IPTABLES,
|
|
|
|
#endif
|
|
|
|
};
|
2015-01-13 13:44:30 +01:00
|
|
|
|
2020-06-25 15:00:54 +02:00
|
|
|
static enum FirewallBackend FirewallBackend;
|
2017-02-19 19:19:50 +01:00
|
|
|
|
2020-06-25 15:00:54 +02:00
|
|
|
static enum FirewallBackend firewall_backend_probe(void) {
|
|
|
|
#if HAVE_LIBIPTC
|
|
|
|
return FW_BACKEND_IPTABLES;
|
|
|
|
#else
|
|
|
|
return FW_BACKEND_NONE;
|
|
|
|
#endif
|
2015-01-13 13:44:30 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
int fw_add_masquerade(
|
|
|
|
bool add,
|
|
|
|
int af,
|
|
|
|
const union in_addr_union *source,
|
2020-06-19 12:41:49 +02:00
|
|
|
unsigned source_prefixlen) {
|
2015-01-13 13:44:30 +01:00
|
|
|
|
2020-06-25 15:00:54 +02:00
|
|
|
if (FirewallBackend == FW_BACKEND_NONE)
|
|
|
|
FirewallBackend = firewall_backend_probe();
|
2015-01-13 13:44:30 +01:00
|
|
|
|
2020-06-25 15:00:54 +02:00
|
|
|
switch (FirewallBackend) {
|
|
|
|
case FW_BACKEND_NONE:
|
2015-03-13 14:08:00 +01:00
|
|
|
return -EOPNOTSUPP;
|
2020-06-25 15:00:54 +02:00
|
|
|
#if HAVE_LIBIPTC
|
|
|
|
case FW_BACKEND_IPTABLES:
|
|
|
|
return fw_iptables_add_masquerade(add, af, source, source_prefixlen);
|
|
|
|
#endif
|
2015-01-13 13:44:30 +01:00
|
|
|
}
|
|
|
|
|
2020-06-25 15:00:54 +02:00
|
|
|
return -EOPNOTSUPP;
|
2015-01-13 13:44:30 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
int fw_add_local_dnat(
|
|
|
|
bool add,
|
|
|
|
int af,
|
|
|
|
int protocol,
|
|
|
|
uint16_t local_port,
|
|
|
|
const union in_addr_union *remote,
|
|
|
|
uint16_t remote_port,
|
|
|
|
const union in_addr_union *previous_remote) {
|
|
|
|
|
2020-06-25 15:00:54 +02:00
|
|
|
if (FirewallBackend == FW_BACKEND_NONE)
|
|
|
|
FirewallBackend = firewall_backend_probe();
|
2015-01-13 13:44:30 +01:00
|
|
|
|
2020-06-25 15:00:54 +02:00
|
|
|
switch (FirewallBackend) {
|
|
|
|
case FW_BACKEND_NONE:
|
2015-03-13 14:08:00 +01:00
|
|
|
return -EOPNOTSUPP;
|
2020-06-25 15:00:54 +02:00
|
|
|
#if HAVE_LIBIPTC
|
|
|
|
case FW_BACKEND_IPTABLES:
|
|
|
|
return fw_iptables_add_local_dnat(add, af, protocol, local_port, remote, remote_port, previous_remote);
|
|
|
|
#endif
|
2015-01-13 13:44:30 +01:00
|
|
|
}
|
|
|
|
|
2020-06-25 15:00:54 +02:00
|
|
|
return -EOPNOTSUPP;
|
2015-01-13 13:44:30 +01:00
|
|
|
}
|