[OpenWrt-Devel] problems with virtual sub interfaces in firewall zones
Martin Schiller
ms at dev.tdt.de
Thu May 28 06:43:44 EDT 2020
On 2020-05-07 07:39, Martin Schiller wrote:
> On 2020-05-07 06:47, Martin Schiller wrote:
>> Hi Jo,
>> Hi all,
>>
>> I've encountered a problem with the change you made with commit
>> 64bb88841fbc ("uqmi: inherit firewall zone membership to virtual sub
>> interfaces") which was introduced to fix FS#2122.
>>
>> This change makes it impossible to move an interface from one zone to
>> another without a reconnect of that interface, because the related
>> zone is stored during interface setup and fw3 will use this value
>> even if the parent interface is already in another zone.
>>
>> I have a case here, where the target zone of an (wwan/qmi) interface
>> is decided by an iface-hotplug script on an if-up event and i don't
>> want / can't reconnect the interface right after it's coming up.
>>
>> Is there a possibility to get this working again?
>
> What about storing the information (name) of the parent interface
> instead of the zone and let fw3 dynamically take the zone of the
> parent interface?
>
OK, so please have a look at the patch below. It works as expected
for me.
If there is a "parent" information (name of the parent interface)
in the data section of an interface, then let's check if this
parent interface is a member the current zone.
Of course, the proto handler(s) also need to be patched to save the
parent information instead of the zone.
---
ubus.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/ubus.c b/ubus.c
index cf5c8b1..d77807c 100644
--- a/ubus.c
+++ b/ubus.c
@@ -228,6 +228,7 @@ void
fw3_ubus_zone_devices(struct fw3_zone *zone)
{
struct blob_attr *c, *cur, *dcur;
+ struct fw3_device *net;
unsigned r, rem, drem;
const char *name;
bool matches;
@@ -239,10 +240,20 @@ fw3_ubus_zone_devices(struct fw3_zone *zone)
blobmsg_for_each_attr(cur, c, rem) {
if (!strcmp(blobmsg_name(cur), "interface"))
name = blobmsg_get_string(cur);
- else if (!strcmp(blobmsg_name(cur), "data"))
- blobmsg_for_each_attr(dcur, cur, drem)
+ else if (!strcmp(blobmsg_name(cur), "data")) {
+ blobmsg_for_each_attr(dcur, cur, drem) {
if (!strcmp(blobmsg_name(dcur), "zone"))
matches = !strcmp(blobmsg_get_string(dcur), zone->name);
+ /* check, if the parent interface is in this zone */
+ else if (!strcmp(blobmsg_name(dcur), "parent")) {
+ list_for_each_entry(net, &zone->networks, list)
+ {
+ if (!strcmp(blobmsg_get_string(dcur), net->name))
+ matches = true;
+ }
+ }
+ }
+ }
}
if (name && matches)
--
>>
>> Regards,
>> Martin
>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list