static int __noinline npf_mk_natlist(npf_ruleset_t *nset, prop_array_t natlist, prop_dictionary_t errdict) { prop_object_iterator_t it; prop_dictionary_t natdict; int error; /* NAT policies - array. */ if (prop_object_type(natlist) != PROP_TYPE_ARRAY) { NPF_ERR_DEBUG(errdict); return EINVAL; } error = 0; it = prop_array_iterator(natlist); while ((natdict = prop_object_iterator_next(it)) != NULL) { npf_rule_t *rl = NULL; npf_natpolicy_t *np; /* NAT policy - dictionary. */ if (prop_object_type(natdict) != PROP_TYPE_DICTIONARY) { NPF_ERR_DEBUG(errdict); error = EINVAL; break; } /* * NAT policies are standard rules, plus additional * information for translation. Make a rule. */ error = npf_mk_singlerule(natdict, NULL, &rl, errdict); if (error) { break; } npf_ruleset_insert(nset, rl); /* If rule is named, it is a group with NAT policies. */ if (prop_dictionary_get(natdict, "name") && prop_dictionary_get(natdict, "subrules")) { continue; } /* Allocate a new NAT policy and assign to the rule. */ np = npf_nat_newpolicy(natdict, nset); if (np == NULL) { NPF_ERR_DEBUG(errdict); error = ENOMEM; break; } npf_rule_setnat(rl, np); } prop_object_iterator_release(it); /* * Note: in a case of error, caller will free entire NAT ruleset * with assigned NAT policies. */ return error; }
static int npf_insert_nat_rule(prop_dictionary_t natdict, prop_dictionary_t errdict) { int error; npf_natpolicy_t *np; npf_rule_t *rl; printf("npf_insert_nat_rule\n"); if (prop_object_type(natdict) != PROP_TYPE_DICTIONARY) { printf("rossz tipus!\n"); NPF_ERR_DEBUG(errdict); return EINVAL; } /* * NAT policies are standard rules, plus additional * information for translation. Make a rule. */ error = npf_mk_singlerule(natdict, NULL, &rl, errdict); if (error) { printf("hiba a mksinglerule alatt\n"); return error; } npf_core_enter(); printf("most ruleset inserteljuk\n"); npf_ruleset_insert(npf_core_natset(), rl); /* Allocate a new NAT policy and assign to the rule. */ np = npf_nat_newpolicy(natdict, npf_core_natset()); if (np == NULL) { printf("hiba a newpolicy alatt\n"); NPF_ERR_DEBUG(errdict); return ENOMEM; } npf_rule_setnat(rl, np); npf_core_exit(); return 0; }