From def69a96e91d70ea3721776c6e9355db3cc31da7 Mon Sep 17 00:00:00 2001 From: Steven Barth Date: Thu, 2 Oct 2014 19:15:38 +0000 Subject: [PATCH] map: fix portsets starting with 0 and use regular NAT for 1:1 MAP Signed-off-by: Steven Barth SVN-Revision: 42741 --- package/network/ipv6/map/Makefile | 4 +-- package/network/ipv6/map/files/map.sh | 35 ++++++++++++++++---------- package/network/ipv6/map/src/mapcalc.c | 11 +++++--- 3 files changed, 31 insertions(+), 19 deletions(-) diff --git a/package/network/ipv6/map/Makefile b/package/network/ipv6/map/Makefile index 0f64ebef94..3e010493a8 100644 --- a/package/network/ipv6/map/Makefile +++ b/package/network/ipv6/map/Makefile @@ -8,8 +8,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=map -PKG_VERSION:=1 -PKG_RELEASE:=2 +PKG_VERSION:=2 +PKG_RELEASE:=1 include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/cmake.mk diff --git a/package/network/ipv6/map/files/map.sh b/package/network/ipv6/map/files/map.sh index fceeb8a641..83de4cc4dc 100755 --- a/package/network/ipv6/map/files/map.sh +++ b/package/network/ipv6/map/files/map.sh @@ -122,19 +122,28 @@ proto_map_setup() { [ "$zone" != "-" ] && json_add_string zone "$zone" json_add_array firewall - for portset in $(eval "echo \$RULE_${k}_PORTSETS"); do - for proto in icmp tcp udp; do - json_add_object "" - json_add_string type nat - json_add_string target SNAT - json_add_string family inet - json_add_string proto "$proto" - json_add_boolean connlimit_ports 1 - json_add_string snat_ip $(eval "echo \$RULE_${k}_IPV4ADDR") - json_add_string snat_port "$portset" - json_close_object - done - done + if [ -z "$(eval "echo \$RULE_${k}_PORTSETS")" ]; then + json_add_object "" + json_add_string type nat + json_add_string target SNAT + json_add_string family inet + json_add_string snat_ip $(eval "echo \$RULE_${k}_IPV4ADDR") + json_close_object + else + for portset in $(eval "echo \$RULE_${k}_PORTSETS"); do + for proto in icmp tcp udp; do + json_add_object "" + json_add_string type nat + json_add_string target SNAT + json_add_string family inet + json_add_string proto "$proto" + json_add_boolean connlimit_ports 1 + json_add_string snat_ip $(eval "echo \$RULE_${k}_IPV4ADDR") + json_add_string snat_port "$portset" + json_close_object + done + done + fi if [ "$type" = "map-t" ]; then json_add_object "" json_add_string type rule diff --git a/package/network/ipv6/map/src/mapcalc.c b/package/network/ipv6/map/src/mapcalc.c index 03f8165be0..afce6d24d7 100644 --- a/package/network/ipv6/map/src/mapcalc.c +++ b/package/network/ipv6/map/src/mapcalc.c @@ -343,14 +343,17 @@ int main(int argc, char *argv[]) } - if (psidlen == 0) { - printf("RULE_%d_PORTSETS=0-65535\n", rulecnt); - } else if (psid >= 0) { + if (psidlen > 0 && psid >= 0) { printf("RULE_%d_PORTSETS='", rulecnt); for (int k = (offset) ? 1 : 0; k < (1 << offset); ++k) { int start = (k << (16 - offset)) | (psid >> offset); int end = start + (1 << (16 - offset - psidlen)) - 1; - printf("%d-%d ", start, end); + + if (start == 0) + start = 1; + + if (start <= end) + printf("%d-%d ", start, end); } printf("'\n"); } -- 2.34.1