helpers: make the proto field as a list rather than one option

The field proto in the struct fw3_cthelper should be implemented
as a list in order to support multiple protocols.

For example, the helper for SIP should be able to support both
TCP and UDP within only one entry in the config file.

config helper
        option name 'sip'
        option description 'SIP VoIP connection tracking'
        option module 'nf_conntrack_sip'
        option family 'any'
        option proto 'tcpudp'
        option port '5060'

Signed-off-by: Pierre Lebleu <[email protected]>

Author: pticon

helpers.c

@@ -25,7 +25,7 @@ const struct fw3_option fw3_cthelper_opts[] = {
 	FW3_OPT("module",      string,   cthelper, module),
 	FW3_OPT("description", string,   cthelper, description),
 	FW3_OPT("family",      family,   cthelper, family),
-	FW3_OPT("proto",       protocol, cthelper, proto),
+	FW3_LIST("proto",      protocol, cthelper, proto),
 	FW3_OPT("port",        port,     cthelper, port),
 
 	{ }
@@ -46,6 +46,23 @@ test_module(struct fw3_cthelper *helper)
 	return true;
 }
 
+static bool
+check_cthelper_proto(const struct fw3_cthelper *helper)
+{
+	struct fw3_protocol	*proto;
+
+	if (list_empty(&helper->proto))
+		return false;
+
+	list_for_each_entry(proto, &helper->proto, list)
+	{
+		if (!proto->protocol || proto->any || proto->invert)
+			return false;
+	}
+
+	return true;
+}
+
 static bool
 check_cthelper(struct fw3_state *state, struct fw3_cthelper *helper, struct uci_element *e)
 {
@@ -57,7 +74,7 @@ check_cthelper(struct fw3_state *state, struct fw3_cthelper *helper, struct uci_
 	{
 		warn_section("helper", helper, e, "must have a module assigned");
 	}
-	else if (!helper->proto.protocol || helper->proto.any || helper->proto.invert)
+	else if (!check_cthelper_proto(helper))
 	{
 		warn_section("helper", helper, e, "must specify a protocol");
 	}
@@ -84,6 +101,7 @@ fw3_alloc_cthelper(struct fw3_state *state)
 
 	helper->enabled = true;
 	helper->family  = FW3_FAMILY_ANY;
+	INIT_LIST_HEAD(&helper->proto);
 
 	list_add_tail(&helper->list, &state->cthelpers);
 
@@ -157,6 +175,20 @@ fw3_lookup_cthelper(struct fw3_state *state, const char *name)
 	return NULL;
 }
 
+bool
+fw3_cthelper_check_proto(const struct fw3_cthelper *h, const struct fw3_protocol *proto)
+{
+	struct fw3_protocol	*p;
+
+	list_for_each_entry(p, &h->proto, list)
+	{
+		if (p->protocol == proto->protocol)
+			return true;
+	}
+
+	return false;
+}
+
 struct fw3_cthelper *
 fw3_lookup_cthelper_by_proto_port(struct fw3_state *state,
                                   struct fw3_protocol *proto,
@@ -178,7 +210,7 @@ fw3_lookup_cthelper_by_proto_port(struct fw3_state *state,
 		if (!h->enabled)
 			continue;
 
-		if (h->proto.protocol != proto->protocol)
+		if (!fw3_cthelper_check_proto(h, proto))
 			continue;
 
 		if (h->port.set && (!port || !port->set))
@@ -198,11 +230,11 @@ fw3_lookup_cthelper_by_proto_port(struct fw3_state *state,
 
 static void
 print_helper_rule(struct fw3_ipt_handle *handle, struct fw3_cthelper *helper,
-                  struct fw3_zone *zone)
+                  struct fw3_zone *zone, struct fw3_protocol *proto)
 {
 	struct fw3_ipt_rule *r;
 
-	r = fw3_ipt_rule_create(handle, &helper->proto, NULL, NULL, NULL, NULL);
+	r = fw3_ipt_rule_create(handle, proto, NULL, NULL, NULL, NULL);
 
 	if (helper->description && *helper->description)
 		fw3_ipt_rule_comment(r, helper->description);
@@ -215,6 +247,16 @@ print_helper_rule(struct fw3_ipt_handle *handle, struct fw3_cthelper *helper,
 	fw3_ipt_rule_replace(r, "zone_%s_helper", zone->name);
 }
 
+static void
+expand_helper_rule(struct fw3_ipt_handle *handle, struct fw3_cthelper *helper,
+                  struct fw3_zone *zone)
+{
+	struct fw3_protocol *proto;
+
+	list_for_each_entry(proto, &helper->proto, list)
+		print_helper_rule(handle, helper, zone, proto);
+}
+
 void
 fw3_print_cthelpers(struct fw3_ipt_handle *handle, struct fw3_state *state,
                     struct fw3_zone *zone)
@@ -249,7 +291,7 @@ fw3_print_cthelpers(struct fw3_ipt_handle *handle, struct fw3_state *state,
 			if (!test_module(helper))
 				continue;
 
-			print_helper_rule(handle, helper, zone);
+			expand_helper_rule(handle, helper, zone);
 		}
 	}
 	else
@@ -271,7 +313,7 @@ fw3_print_cthelpers(struct fw3_ipt_handle *handle, struct fw3_state *state,
 				continue;
 			}
 
-			print_helper_rule(handle, helper, zone);
+			expand_helper_rule(handle, helper, zone);
 		}
 	}
 }

helpers.h

@@ -41,6 +41,9 @@ void
 fw3_print_cthelpers(struct fw3_ipt_handle *handle, struct fw3_state *state,
                     struct fw3_zone *zone);
 
+bool
+fw3_cthelper_check_proto(const struct fw3_cthelper *h, const struct fw3_protocol *proto);
+
 static inline void fw3_free_cthelper(struct fw3_cthelper *helper)
 {
 	list_del(&helper->list);

options.h

@@ -526,7 +526,7 @@ struct fw3_cthelper
 	const char *module;
 	const char *description;
 	enum fw3_family family;
-	struct fw3_protocol proto;
+	struct list_head proto;
 	struct fw3_port port;
 };
 

redirects.c

@@ -576,7 +576,7 @@ print_redirect(struct fw3_ipt_handle *h, struct fw3_state *state,
 	case FW3_TABLE_RAW:
 		if (redir->target == FW3_FLAG_DNAT && redir->helper.ptr)
 		{
-			if (redir->helper.ptr->proto.protocol != proto->protocol)
+			if (!fw3_cthelper_check_proto(redir->helper.ptr, proto))
 			{
 				info("     ! Skipping protocol %s since helper '%s' does not support it",
 				     fw3_protoname(proto), redir->helper.ptr->name);

rules.c

@@ -436,15 +436,15 @@ print_rule(struct fw3_ipt_handle *handle, struct fw3_state *state,
 	}
 
 	if (rule->helper.ptr &&
-	    rule->helper.ptr->proto.protocol != proto->protocol)
+	    !fw3_cthelper_check_proto(rule->helper.ptr, proto))
 	{
 		info("     ! Skipping protocol %s since helper '%s' does not support it",
 		     fw3_protoname(proto), rule->helper.ptr->name);
 		return;
 	}
 
 	if (rule->set_helper.ptr &&
-	    rule->set_helper.ptr->proto.protocol != proto->protocol)
+	    !fw3_cthelper_check_proto(rule->set_helper.ptr, proto))
 	{
 		info("     ! Skipping protocol %s since helper '%s' does not support it",
 		     fw3_protoname(proto), rule->helper.ptr->name);