Пример #1
0
static int __noinline
npf_mk_natlist(npf_ruleset_t *nset, prop_array_t natlist,
    prop_dictionary_t errdict)
{
	prop_object_iterator_t it;
	prop_dictionary_t natdict;
	int error;

	/* NAT policies - array. */
	if (prop_object_type(natlist) != PROP_TYPE_ARRAY) {
		NPF_ERR_DEBUG(errdict);
		return EINVAL;
	}

	error = 0;
	it = prop_array_iterator(natlist);
	while ((natdict = prop_object_iterator_next(it)) != NULL) {
		npf_rule_t *rl = NULL;
		npf_natpolicy_t *np;

		/* NAT policy - dictionary. */
		if (prop_object_type(natdict) != PROP_TYPE_DICTIONARY) {
			NPF_ERR_DEBUG(errdict);
			error = EINVAL;
			break;
		}

		/*
		 * NAT policies are standard rules, plus additional
		 * information for translation.  Make a rule.
		 */
		error = npf_mk_singlerule(natdict, NULL, &rl, errdict);
		if (error) {
			break;
		}
		npf_ruleset_insert(nset, rl);

		/* If rule is named, it is a group with NAT policies. */
		if (prop_dictionary_get(natdict, "name") &&
		    prop_dictionary_get(natdict, "subrules")) {
			continue;
		}

		/* Allocate a new NAT policy and assign to the rule. */
		np = npf_nat_newpolicy(natdict, nset);
		if (np == NULL) {
			NPF_ERR_DEBUG(errdict);
			error = ENOMEM;
			break;
		}
		npf_rule_setnat(rl, np);
	}
	prop_object_iterator_release(it);
	/*
	 * Note: in a case of error, caller will free entire NAT ruleset
	 * with assigned NAT policies.
	 */
	return error;
}
Пример #2
0
static int
npf_insert_nat_rule(prop_dictionary_t natdict, prop_dictionary_t errdict) {
	int error;
	npf_natpolicy_t *np;
	npf_rule_t *rl;
	
	printf("npf_insert_nat_rule\n");
	if (prop_object_type(natdict) != PROP_TYPE_DICTIONARY) {
		printf("rossz tipus!\n");
		NPF_ERR_DEBUG(errdict);
		return EINVAL;
	}

	/*
	 * NAT policies are standard rules, plus additional
	 * information for translation.  Make a rule.
	 */
	error = npf_mk_singlerule(natdict, NULL, &rl, errdict);
	if (error) {
		printf("hiba a mksinglerule alatt\n");
		return error;
	}

	npf_core_enter();
	printf("most ruleset inserteljuk\n");
	npf_ruleset_insert(npf_core_natset(), rl);

	/* Allocate a new NAT policy and assign to the rule. */
	np = npf_nat_newpolicy(natdict, npf_core_natset());
	if (np == NULL) {
		printf("hiba a newpolicy alatt\n");
		NPF_ERR_DEBUG(errdict);
		return ENOMEM;
	}
	npf_rule_setnat(rl, np);

	npf_core_exit();
	
	return 0;
}