fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2025-12-20 23:20:06 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

firewall: add "topic" enum to NMFirewallConfig

Browse source 
We will use firewall config for different purposes. Currently we have
the "topic" to configure IPv4 sharing (NAT).
This commit is contained in:
Thomas Haller 2022-05-03 08:04:03 +02:00
parent 14ad50f710
commit c9326fbb92
No known key found for this signature in database
GPG key ID: 29C2366E4DFC5728
3 changed files with 59 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/core/devices/nm-device.c
View file

@ -12141,7 +12141,7 @@ _dev_ipshared4_start(NMDevice *self)
goto out_fail; goto out_fail;
priv->ipshared_data_4.v4.firewall_config = priv->ipshared_data_4.v4.firewall_config =
nm_firewall_config_new(ip_iface, ip4_addr.address, ip4_addr.plen); nm_firewall_config_new_ip4_shared(ip_iface, ip4_addr.address, ip4_addr.plen);
nm_firewall_config_apply(priv->ipshared_data_4.v4.firewall_config, TRUE); nm_firewall_config_apply(priv->ipshared_data_4.v4.firewall_config, TRUE);
priv->ipshared_data_4.v4.l3cd = nm_l3_config_data_ref(l3cd); priv->ipshared_data_4.v4.l3cd = nm_l3_config_data_ref(l3cd);

76
src/core/nm-firewall-utils.c
View file

@ -15,6 +15,10 @@
#include "nm-config.h" #include "nm-config.h"
#include "NetworkManagerUtils.h" #include "NetworkManagerUtils.h"
typedef enum _nm_packed {
FIREWALL_TOPIC_IP4_SHARED,
} FirewallTopic;
/*****************************************************************************/ /*****************************************************************************/
static const struct { static const struct {
@ -599,7 +603,7 @@ _fw_nft_call_sync(GBytes *stdin_buf, GError **error)
/*****************************************************************************/ /*****************************************************************************/
static void static void
_fw_nft_set(gboolean up, const char *ip_iface, in_addr_t addr, guint8 plen) _fw_nft_set_ip4_shared(gboolean up, const char *ip_iface, in_addr_t addr, guint8 plen)
{ {
nm_auto_str_buf NMStrBuf strbuf = NM_STR_BUF_INIT(NM_UTILS_GET_NEXT_REALLOC_SIZE_1000, FALSE); nm_auto_str_buf NMStrBuf strbuf = NM_STR_BUF_INIT(NM_UTILS_GET_NEXT_REALLOC_SIZE_1000, FALSE);
gs_unref_bytes GBytes *stdin_buf = NULL; gs_unref_bytes GBytes *stdin_buf = NULL;
@ -686,13 +690,18 @@ _fw_nft_set(gboolean up, const char *ip_iface, in_addr_t addr, guint8 plen)
/*****************************************************************************/ /*****************************************************************************/
struct _NMFirewallConfig { struct _NMFirewallConfig {
char *ip_iface; FirewallTopic topic;
in_addr_t addr; char *ip_iface;
guint8 plen; union {
struct {
in_addr_t addr;
guint8 plen;
} ip4_shared;
};
}; };
NMFirewallConfig * NMFirewallConfig *
nm_firewall_config_new(const char *ip_iface, in_addr_t addr, guint8 plen) nm_firewall_config_new_ip4_shared(const char *ip_iface, in_addr_t addr, guint8 plen)
{ {
NMFirewallConfig *self; NMFirewallConfig *self;
@ -702,9 +711,13 @@ nm_firewall_config_new(const char *ip_iface, in_addr_t addr, guint8 plen)
self = g_slice_new(NMFirewallConfig); self = g_slice_new(NMFirewallConfig);
*self = (NMFirewallConfig){ *self = (NMFirewallConfig){
.topic = FIREWALL_TOPIC_IP4_SHARED,
.ip_iface = g_strdup(ip_iface), .ip_iface = g_strdup(ip_iface),
.addr = addr, .ip4_shared =
.plen = plen, {
.addr = addr,
.plen = plen,
},
}; };
return self; return self;
} }
@ -715,6 +728,13 @@ nm_firewall_config_free(NMFirewallConfig *self)
if (!self) if (!self)
return; return;
switch (self->topic) {
case FIREWALL_TOPIC_IP4_SHARED:
goto out;
}
nm_assert_not_reached();
out:
g_free(self->ip_iface); g_free(self->ip_iface);
nm_g_slice_free(self); nm_g_slice_free(self);
} }
@ -722,20 +742,36 @@ nm_firewall_config_free(NMFirewallConfig *self)
void void
nm_firewall_config_apply(NMFirewallConfig *self, gboolean up) nm_firewall_config_apply(NMFirewallConfig *self, gboolean up)
{ {
switch (nm_firewall_utils_get_backend()) { nm_assert(self);
case NM_FIREWALL_BACKEND_IPTABLES:
_share_iptables_set_masquerade(up, self->ip_iface, self->addr, self->plen); switch (self->topic) {
_share_iptables_set_shared(up, self->ip_iface, self->addr, self->plen); case FIREWALL_TOPIC_IP4_SHARED:
break; switch (nm_firewall_utils_get_backend()) {
case NM_FIREWALL_BACKEND_NFTABLES: case NM_FIREWALL_BACKEND_IPTABLES:
_fw_nft_set(up, self->ip_iface, self->addr, self->plen); _share_iptables_set_masquerade(up,
break; self->ip_iface,
case NM_FIREWALL_BACKEND_NONE: self->ip4_shared.addr,
break; self->ip4_shared.plen);
default: _share_iptables_set_shared(up,
nm_assert_not_reached(); self->ip_iface,
break; self->ip4_shared.addr,
self->ip4_shared.plen);
return;
case NM_FIREWALL_BACKEND_NFTABLES:
_fw_nft_set_ip4_shared(up,
self->ip_iface,
self->ip4_shared.addr,
self->ip4_shared.plen);
return;
case NM_FIREWALL_BACKEND_NONE:
return;
case NM_FIREWALL_BACKEND_UNKNOWN:
goto out_bug;
}
goto out_bug;
} }
out_bug:
nm_assert_not_reached();
} }
/*****************************************************************************/ /*****************************************************************************/

3
src/core/nm-firewall-utils.h
View file

@ -20,7 +20,8 @@ NMFirewallBackend nm_firewall_utils_get_backend(void);
typedef struct _NMFirewallConfig NMFirewallConfig; typedef struct _NMFirewallConfig NMFirewallConfig;
NMFirewallConfig *nm_firewall_config_new(const char *ip_iface, in_addr_t addr, guint8 plen); NMFirewallConfig *
nm_firewall_config_new_ip4_shared(const char *ip_iface, in_addr_t addr, guint8 plen);
void nm_firewall_config_free(NMFirewallConfig *self); void nm_firewall_config_free(NMFirewallConfig *self);