static int __noinline
npf_mk_rules(npf_ruleset_t *rlset, prop_array_t rules, npf_rprocset_t *rpset,
prop_dictionary_t errdict)
{
prop_object_iterator_t it;
prop_dictionary_t rldict;
int error;
if (prop_object_type(rules) != PROP_TYPE_ARRAY) {
NPF_ERR_DEBUG(errdict);
return EINVAL;
}
error = 0;
it = prop_array_iterator(rules);
while ((rldict = prop_object_iterator_next(it)) != NULL) {
npf_rule_t *rl = NULL;
/* Generate a single rule. */
error = npf_mk_singlerule(rldict, rpset, &rl, errdict);
if (error) {
break;
}
npf_ruleset_insert(rlset, rl);
}
prop_object_iterator_release(it);
/*
* Note: in a case of error, caller will free the ruleset.
*/
return error;
}
static int __noinline
npf_mk_natlist(npf_ruleset_t *nset, prop_array_t natlist,
prop_dictionary_t errdict)
{
prop_object_iterator_t it;
prop_dictionary_t natdict;
int error;
/* NAT policies - array. */
if (prop_object_type(natlist) != PROP_TYPE_ARRAY) {
NPF_ERR_DEBUG(errdict);
return EINVAL;
}
error = 0;
it = prop_array_iterator(natlist);
while ((natdict = prop_object_iterator_next(it)) != NULL) {
npf_rule_t *rl = NULL;
npf_natpolicy_t *np;
/* NAT policy - dictionary. */
if (prop_object_type(natdict) != PROP_TYPE_DICTIONARY) {
NPF_ERR_DEBUG(errdict);
error = EINVAL;
break;
}
/*
* NAT policies are standard rules, plus additional
* information for translation. Make a rule.
*/
error = npf_mk_singlerule(natdict, NULL, &rl, errdict);
if (error) {
break;
}
npf_ruleset_insert(nset, rl);
/* If rule is named, it is a group with NAT policies. */
if (prop_dictionary_get(natdict, "name") &&
prop_dictionary_get(natdict, "subrules")) {
continue;
}
/* Allocate a new NAT policy and assign to the rule. */
np = npf_nat_newpolicy(natdict, nset);
if (np == NULL) {
NPF_ERR_DEBUG(errdict);
error = ENOMEM;
break;
}
npf_rule_setnat(rl, np);
}
prop_object_iterator_release(it);
/*
* Note: in a case of error, caller will free entire NAT ruleset
* with assigned NAT policies.
*/
return error;
}
static int __noinline
npf_mk_rules(npf_ruleset_t *rlset, prop_array_t rules, prop_array_t rprocs,
prop_dictionary_t errdict)
{
prop_object_iterator_t it;
prop_dictionary_t rldict, rpdict;
int error;
/* Rule procedures and the ruleset - arrays. */
if (prop_object_type(rprocs) != PROP_TYPE_ARRAY ||
prop_object_type(rules) != PROP_TYPE_ARRAY) {
NPF_ERR_DEBUG(errdict);
return EINVAL;
}
it = prop_array_iterator(rprocs);
while ((rpdict = prop_object_iterator_next(it)) != NULL) {
if (prop_dictionary_get(rpdict, "rproc-ptr")) {
prop_object_iterator_release(it);
NPF_ERR_DEBUG(errdict);
return EINVAL;
}
}
prop_object_iterator_release(it);
error = 0;
it = prop_array_iterator(rules);
while ((rldict = prop_object_iterator_next(it)) != NULL) {
prop_array_t subrules;
npf_ruleset_t *rlsetsub;
npf_rule_t *rl;
/* Generate a single rule. */
error = npf_mk_singlerule(rldict, rprocs, &rl, errdict);
if (error) {
break;
}
npf_ruleset_insert(rlset, rl);
/* Check for sub-rules and generate, if any. */
subrules = prop_dictionary_get(rldict, "subrules");
if (subrules == NULL) {
/* No subrules, next.. */
continue;
}
rlsetsub = npf_rule_subset(rl);
error = npf_mk_subrules(rlsetsub, subrules, rprocs, errdict);
if (error)
break;
}
prop_object_iterator_release(it);
/*
* Note: in a case of error, caller will free the ruleset.
*/
return error;
}
static int
npf_insert_nat_rule(prop_dictionary_t natdict, prop_dictionary_t errdict) {
int error;
npf_natpolicy_t *np;
npf_rule_t *rl;
printf("npf_insert_nat_rule\n");
if (prop_object_type(natdict) != PROP_TYPE_DICTIONARY) {
printf("rossz tipus!\n");
NPF_ERR_DEBUG(errdict);
return EINVAL;
}
/*
* NAT policies are standard rules, plus additional
* information for translation. Make a rule.
*/
error = npf_mk_singlerule(natdict, NULL, &rl, errdict);
if (error) {
printf("hiba a mksinglerule alatt\n");
return error;
}
npf_core_enter();
printf("most ruleset inserteljuk\n");
npf_ruleset_insert(npf_core_natset(), rl);
/* Allocate a new NAT policy and assign to the rule. */
np = npf_nat_newpolicy(natdict, npf_core_natset());
if (np == NULL) {
printf("hiba a newpolicy alatt\n");
NPF_ERR_DEBUG(errdict);
return ENOMEM;
}
npf_rule_setnat(rl, np);
npf_core_exit();
return 0;
}
static int __noinline
npf_mk_subrules(npf_ruleset_t *rlset, prop_array_t rules, prop_array_t rprocs,
prop_dictionary_t errdict)
{
prop_object_iterator_t it;
prop_dictionary_t rldict;
int error = 0;
if (prop_object_type(rules) != PROP_TYPE_ARRAY) {
NPF_ERR_DEBUG(errdict);
return EINVAL;
}
it = prop_array_iterator(rules);
while ((rldict = prop_object_iterator_next(it)) != NULL) {
npf_rule_t *rl;
error = npf_mk_singlerule(rldict, rprocs, &rl, errdict);
if (error) {
break;
}
npf_ruleset_insert(rlset, rl);
}
prop_object_iterator_release(it);
return error;
}
