[OpenWrt-Devel] [PATCH 2/2] ipv6/tayga: move static mappings to 'firewall' config

Mon, 13 Feb 2012 09:17:46 -0800 

From: "Alexey I. Froloff" <[email protected]>

Static NAT64 entries should really belong to firewall config and could
be also processed by firewall code.

Currently tayga only processes ipv4_addr and ipv6_addr options, this is
the mapping itself.  ipv4_addr is taken from dynamic pool and is not
accessable from anywhere.  In addition, firewall code may add DNAT/SNAT
rules to map it to address from WAN interface and permit access from WAN
zone using selected ports/protocols.  Furthermore, firewall may allow or
deny access to ipv6_addr from 4-to-6 translated addresses.

Example:

config nat64
        option ipv4_addr 192.0.2.31
        option ipv6_addr 2001:db8::31

Signed-off-by: Alexey I. Froloff <[email protected]>
---
 ipv6/tayga/files/tayga.sh |   29 ++++++++++++++++++++---------
 1 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/ipv6/tayga/files/tayga.sh b/ipv6/tayga/files/tayga.sh
index 36c33de..96d132d 100644
--- a/ipv6/tayga/files/tayga.sh
+++ b/ipv6/tayga/files/tayga.sh
@@ -32,14 +32,25 @@ coldplug_interface_tayga() {
        setup_interface_tayga "tayga-$1" "$1"
 }
 
-conf_rule_add() {
-       local cfg="$1"
-       local tmpconf="$2"
-       local ipv4_addr ipv6_addr
-       config_get ipv4_addr "$cfg" ipv4_addr ""
-       config_get ipv6_addr "$cfg" ipv6_addr ""
-       [ -n "$ipv4_addr" ] && [ -n "$ipv6_addr" ] &&
-               echo "map $ipv4_addr $ipv6_addr" >>$tmpconf
+tayga_add_static_mappings() {
+       local tmpconf="$1"
+
+       (
+               . /etc/functions.sh
+               config_load firewall
+
+               tayga_map_rule_add() {
+                       local cfg="$1"
+                       local tmpconf="$2"
+                       local ipv4_addr ipv6_addr
+                       config_get ipv4_addr "$cfg" ipv4_addr ""
+                       config_get ipv6_addr "$cfg" ipv6_addr ""
+                       [ -n "$ipv4_addr" ] && [ -n "$ipv6_addr" ] &&
+                               echo "map $ipv4_addr $ipv6_addr" >>$tmpconf
+               }
+
+               config_foreach tayga_map_rule_add nat64 "$tmpconf"
+       )
 }
 
 setup_interface_tayga() {
@@ -96,7 +107,7 @@ setup_interface_tayga() {
        [ -n "$prefix" ] &&
                echo "prefix $prefix" >>$tmpconf
 
-       config_foreach conf_rule_add map_rule "$tmpconf"
+       tayga_add_static_mappings "$tmpconf"
 
        [ -n "$dynamic_pool" ] &&
                echo "dynamic-pool $dynamic_pool" >>$tmpconf
-- 
1.7.7.5

_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Reply via email to