Use filter_get_direct_networks_list instead of dumping a copy of the routing table. Ticket #2240

1 files changed, 17 insertions, 17 deletions

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index f01c01b..c204266 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -996,22 +996,22 @@ function filter_generate_reflection_nat($rule, &$route_table, $nat_ifs, $protoco
 
 	if(!is_array($route_table)) {
 		$route_table = array();
-		/* create a route table we can search */
-		exec("netstat -rnWf inet", $route_table);
-		foreach($route_table as $rt_key => $line) {
-			if(preg_match("/^[0-9]+(?:\.[0-9]+){3}\/[0-9]+[ ]+(?:[0-9]+(?:\.[0-9]+){3}|link[#])/", $line))
-				$route_table[$rt_key] = preg_split("/[ ]+/", $line);
-			else
+		/* get a simulated IPv4-only route table based on the config */
+		$route_table = filter_get_direct_networks_list(false);
+		foreach($route_table as $rt_key => $rt_ent) {
+			if(!is_subnetv4($rt_ent['subnet']))
 				unset($route_table[$rt_key]);
+			if(isset($route_table[$rt_key]))
+				$route_table[$rt_key]['if'] = get_real_interface($rt_ent['if']);
 		}
 	}
 
 	/* Check if the target is accessed through a static route */
-	foreach($route_table as $fields) {
-		if(is_subnet($fields[0]) && is_ipaddr($fields[1])) {
-			$subnet_split = explode("/", $fields[0]);
-			if(in_array($fields[6], $nat_ifs) && check_subnets_overlap($target_ip, $target_subnet, $subnet_split[0], $subnet_split[1])) {
-				$target_ip = $fields[1];
+	foreach($route_table as $route) {
+		if(is_subnet($route['subnet']) && is_ipaddr($route['gateway'])) {
+			$subnet_split = explode("/", $route['subnet']);
+			if(in_array($route['if'], $nat_ifs) && check_subnets_overlap($target_ip, $target_subnet, $subnet_split[0], $subnet_split[1])) {
+				$target_ip = $route['gateway'];
 				$target_subnet = 32;
 				break;
 			}
@@ -1019,11 +1019,11 @@ function filter_generate_reflection_nat($rule, &$route_table, $nat_ifs, $protoco
 	}
 
 	/* Search for matching subnets in the routing table */
-	foreach($route_table as $fields) {
-		if(is_subnet($fields[0])) {
-			$subnet = $fields[0];
+	foreach($route_table as $route) {
+		if(is_subnet($route['subnet'])) {
+			$subnet = $route['subnet'];
 			$subnet_split = explode("/", $subnet);
-			$subnet_if = $fields[6];
+			$subnet_if = $route['if'];
 			if(in_array($subnet_if, $nat_ifs) && check_subnets_overlap($target_ip, $target_subnet, $subnet_split[0], $subnet_split[1])) {
 				$ifsubnet_ip = "";
 				foreach ($FilterIflist as $ifent => $ifname) {
@@ -1043,8 +1043,8 @@ function filter_generate_reflection_nat($rule, &$route_table, $nat_ifs, $protoco
 				if(!empty($ifsubnet_ip)) {
 					$subnets = array($subnet);
 					foreach($route_table as $rtentry) {
-						if(is_subnet($rtentry[0]) && is_ipaddr($rtentry[1]) && ip_in_subnet($rtentry[1], $subnet) && $rtentry[6] == $subnet_if)
-							$subnets[] = $rtentry[0];
+						if(is_subnet($rtentry['subnet']) && is_ipaddr($rtentry['gateway']) && ip_in_subnet($rtentry['gateway'], $subnet) && $rtentry['if'] == $subnet_if)
+							$subnets[] = $rtentry['subnet'];
 					}
 					if(count($subnets) > 1)
 						$subnet = "{ " . implode(" ", $subnets) . " }";