[ -n "$psidlen" ] && rule="$rule,psidlen=$psidlen"
[ -n "$offset" ] && rule="$rule,offset=$offset"
[ -n "$ealen" ] && rule="$rule,ealen=$ealen"
- rule="$rule,br=$peeraddr"
+ if [ "$type" = "map-t" ]; then
+ rule="$rule,dmr=$peeraddr"
+ else
+ rule="$rule,br=$peeraddr"
+ fi
fi
+ echo "rule=$rule" > /tmp/map-$cfg.rules
RULE_DATA=$(mapcalc ${tunlink:-\*} $rule)
if [ "$?" != 0 ]; then
proto_notify_error "$cfg" "INVALID_MAP_RULE"
return
fi
+ echo "$RULE_DATA" >> /tmp/map-$cfg.rules
eval $RULE_DATA
if [ -z "$RULE_BMR" ]; then
fi
proto_close_tunnel
+ elif [ "$type" = "map-t" -a -f "/proc/net/nat46/control" ]; then
+ proto_init_update "$link" 1
+ local style="MAP"
+ [ "$LEGACY" = 1 ] && style="MAP0"
+
+ echo add $link > /proc/net/nat46/control
+ local cfgstr="local.style $style local.v4 $(eval "echo \$RULE_${k}_IPV4PREFIX")/$(eval "echo \$RULE_${k}_PREFIX4LEN")"
+ cfgstr="$cfgstr local.v6 $(eval "echo \$RULE_${k}_IPV6PREFIX")/$(eval "echo \$RULE_${k}_PREFIX6LEN")"
+ cfgstr="$cfgstr local.ea-len $(eval "echo \$RULE_${k}_EALEN") local.psid-offset $(eval "echo \$RULE_${k}_OFFSET")"
+ cfgstr="$cfgstr remote.v4 0.0.0.0/0 remote.v6 $(eval "echo \$RULE_${k}_DMR") remote.style RFC6052 remote.ea-len 0 remote.psid-offset 0"
+ echo config $link $cfgstr > /proc/net/nat46/control
+
+ for i in $(seq $RULE_COUNT); do
+ [ "$(eval "echo \$RULE_${i}_FMR")" != 1 ] && continue
+ local cfgstr="remote.style $style remote.v4 $(eval "echo \$RULE_${i}_IPV4PREFIX")/$(eval "echo \$RULE_${i}_PREFIX4LEN")"
+ cfgstr="$cfgstr remote.v6 $(eval "echo \$RULE_${i}_IPV6PREFIX")/$(eval "echo \$RULE_${i}_PREFIX6LEN")"
+ cfgstr="$cfgstr remote.ea-len $(eval "echo \$RULE_${i}_EALEN") remote.psid-offset $(eval "echo \$RULE_${i}_OFFSET")"
+ echo insert $link $cfgstr > /proc/net/nat46/control
+ done
else
proto_notify_error "$cfg" "UNSUPPORTED_TYPE"
proto_block_restart "$cfg"
[ "$zone" != "-" ] && json_add_string zone "$zone"
json_add_array firewall
- for portset in $(eval "echo \$RULE_${k}_PORTSETS"); do
- for proto in icmp tcp udp; do
- json_add_object ""
- json_add_string type nat
- json_add_string target SNAT
- json_add_string family inet
- json_add_string proto "$proto"
- json_add_boolean connlimit_ports 1
- json_add_string snat_ip $(eval "echo \$RULE_${k}_IPV4ADDR")
- json_add_string snat_port "$portset"
- json_close_object
- done
- done
+ if [ -z "$(eval "echo \$RULE_${k}_PORTSETS")" ]; then
+ json_add_object ""
+ json_add_string type nat
+ json_add_string target SNAT
+ json_add_string family inet
+ json_add_string snat_ip $(eval "echo \$RULE_${k}_IPV4ADDR")
+ json_close_object
+ else
+ for portset in $(eval "echo \$RULE_${k}_PORTSETS"); do
+ for proto in icmp tcp udp; do
+ json_add_object ""
+ json_add_string type nat
+ json_add_string target SNAT
+ json_add_string family inet
+ json_add_string proto "$proto"
+ json_add_boolean connlimit_ports 1
+ json_add_string snat_ip $(eval "echo \$RULE_${k}_IPV4ADDR")
+ json_add_string snat_port "$portset"
+ json_close_object
+ done
+ done
+ fi
+ if [ "$type" = "map-t" ]; then
+ json_add_object ""
+ json_add_string type rule
+ json_add_string family inet6
+ json_add_string proto all
+ json_add_string direction in
+ json_add_string dest "$zone"
+ json_add_string src "$zone"
+ json_add_string src_ip $(eval "echo \$RULE_${k}_IPV6ADDR")
+ json_add_string target ACCEPT
+ json_close_object
+ json_add_object ""
+ json_add_string type rule
+ json_add_string family inet6
+ json_add_string proto all
+ json_add_string direction out
+ json_add_string dest "$zone"
+ json_add_string src "$zone"
+ json_add_string dest_ip $(eval "echo \$RULE_${k}_IPV6ADDR")
+ json_add_string target ACCEPT
+ json_close_object
+ proto_add_ipv6_route $(eval "echo \$RULE_${k}_IPV6ADDR") 128
+ fi
json_close_array
proto_close_data
proto_map_teardown() {
local cfg="$1"
ifdown "${cfg}_local"
+ rm -f /tmp/map-$cfg.rules
}
proto_map_init_config() {