firewall: fix nat reflection after netifd switch (#11460)
authorJo-Philipp Wich <jow@openwrt.org>
Wed, 16 May 2012 13:03:54 +0000 (13:03 +0000)
committerJo-Philipp Wich <jow@openwrt.org>
Wed, 16 May 2012 13:03:54 +0000 (13:03 +0000)
SVN-Revision: 31754

package/firewall/Makefile
package/firewall/files/reflection.hotplug

index 373baae5f88955b701301a3acf3570429fb1eebd..e7a308f3c541c21787b22f8b650b7442343bb097 100644 (file)
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=firewall
 
 PKG_VERSION:=2
-PKG_RELEASE:=49
+PKG_RELEASE:=50
 
 include $(INCLUDE_DIR)/package.mk
 
index 1feb21075afcb0aa30ef86032ff43764ae424257..73d9c61df8d49a756bc645e91baed9b505c12f25 100644 (file)
@@ -1,9 +1,38 @@
 #!/bin/sh
 
 . /etc/functions.sh
+. /usr/share/libubox/jshn.sh
+
+find_iface_address()
+{
+       local iface="$1"
+       local ipaddr="$2"
+       local prefix="$3"
+
+       local tmp="$(ubus call network.interface."$iface" status 2>/dev/null)"
+
+       json_load "${tmp:-{}}"
+       json_get_type tmp address
+
+       if [ "$tmp" = array ]; then
+
+               json_select address
+               json_get_type tmp 1
+
+               if [ "$tmp" = object ]; then
+
+                       json_select 1
+                       [ -n "$ipaddr" ] && json_get_var "$ipaddr" address
+                       [ -n "$prefix" ] && json_get_var "$prefix" mask
+
+               fi
+       fi
+}
 
 if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "wan" ]; then
-       local wanip=$(uci -P/var/state get network.wan.ipaddr)
+       local wanip
+       find_iface_address wan wanip
+       [ -n "$wanip" ] || return
 
        iptables -t nat -F nat_reflection_in 2>/dev/null || {
                iptables -t nat -N nat_reflection_in
@@ -60,8 +89,9 @@ if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "wan" ]; then
 
                        local net
                        for net in $(find_networks "$dest"); do
-                               local lanip=$(uci -P/var/state get network.$net.ipaddr)
-                               local lanmk=$(uci -P/var/state get network.$net.netmask)
+                               local lanip lanmk
+                               find_iface_address "$net" lanip lanmk
+                               [ -n "$lanip" ] || return
 
                                local proto
                                config_get proto "$cfg" proto