diff options
| author | Erik Fonnesbeck <efonnes@gmail.com> | 2012-04-15 17:50:15 -0600 |
|---|---|---|
| committer | Erik Fonnesbeck <efonnes@gmail.com> | 2012-04-20 00:20:29 -0600 |
| commit | 112f56029d5663ffda3a7b8c83c473fd19bb281c (patch) | |
| tree | f78bbd7e34fff5cfb1f4109c8486682f92c3934c /etc | |
| parent | 868cd12c52210b519b7ea150927cf820bfb63677 (diff) | |
| download | pfsense-112f56029d5663ffda3a7b8c83c473fd19bb281c.zip pfsense-112f56029d5663ffda3a7b8c83c473fd19bb281c.tar.gz | |
Use filter_get_direct_networks_list instead of dumping a copy of the routing table. Ticket #2240
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/filter.inc | 34 |
1 files changed, 17 insertions, 17 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index f01c01b..c204266 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -996,22 +996,22 @@ function filter_generate_reflection_nat($rule, &$route_table, $nat_ifs, $protoco if(!is_array($route_table)) { $route_table = array(); - /* create a route table we can search */ - exec("netstat -rnWf inet", $route_table); - foreach($route_table as $rt_key => $line) { - if(preg_match("/^[0-9]+(?:\.[0-9]+){3}\/[0-9]+[ ]+(?:[0-9]+(?:\.[0-9]+){3}|link[#])/", $line)) - $route_table[$rt_key] = preg_split("/[ ]+/", $line); - else + /* get a simulated IPv4-only route table based on the config */ + $route_table = filter_get_direct_networks_list(false); + foreach($route_table as $rt_key => $rt_ent) { + if(!is_subnetv4($rt_ent['subnet'])) unset($route_table[$rt_key]); + if(isset($route_table[$rt_key])) + $route_table[$rt_key]['if'] = get_real_interface($rt_ent['if']); } } /* Check if the target is accessed through a static route */ - foreach($route_table as $fields) { - if(is_subnet($fields[0]) && is_ipaddr($fields[1])) { - $subnet_split = explode("/", $fields[0]); - if(in_array($fields[6], $nat_ifs) && check_subnets_overlap($target_ip, $target_subnet, $subnet_split[0], $subnet_split[1])) { - $target_ip = $fields[1]; + foreach($route_table as $route) { + if(is_subnet($route['subnet']) && is_ipaddr($route['gateway'])) { + $subnet_split = explode("/", $route['subnet']); + if(in_array($route['if'], $nat_ifs) && check_subnets_overlap($target_ip, $target_subnet, $subnet_split[0], $subnet_split[1])) { + $target_ip = $route['gateway']; $target_subnet = 32; break; } @@ -1019,11 +1019,11 @@ function filter_generate_reflection_nat($rule, &$route_table, $nat_ifs, $protoco } /* Search for matching subnets in the routing table */ - foreach($route_table as $fields) { - if(is_subnet($fields[0])) { - $subnet = $fields[0]; + foreach($route_table as $route) { + if(is_subnet($route['subnet'])) { + $subnet = $route['subnet']; $subnet_split = explode("/", $subnet); - $subnet_if = $fields[6]; + $subnet_if = $route['if']; if(in_array($subnet_if, $nat_ifs) && check_subnets_overlap($target_ip, $target_subnet, $subnet_split[0], $subnet_split[1])) { $ifsubnet_ip = ""; foreach ($FilterIflist as $ifent => $ifname) { @@ -1043,8 +1043,8 @@ function filter_generate_reflection_nat($rule, &$route_table, $nat_ifs, $protoco if(!empty($ifsubnet_ip)) { $subnets = array($subnet); foreach($route_table as $rtentry) { - if(is_subnet($rtentry[0]) && is_ipaddr($rtentry[1]) && ip_in_subnet($rtentry[1], $subnet) && $rtentry[6] == $subnet_if) - $subnets[] = $rtentry[0]; + if(is_subnet($rtentry['subnet']) && is_ipaddr($rtentry['gateway']) && ip_in_subnet($rtentry['gateway'], $subnet) && $rtentry['if'] == $subnet_if) + $subnets[] = $rtentry['subnet']; } if(count($subnets) > 1) $subnet = "{ " . implode(" ", $subnets) . " }"; |
