iptables: Add in and out interface option support

diff --git a/src/iptables.c b/src/iptables.c
index 8c3a096431ffad16aafc5ad16f3338e30ddc5004..ce06f255a05f876b9e7f3b1409565493026d350c 100644 (file)
--- a/src/iptables.c
+++ b/src/iptables.c
@@ -424,7 +424,7 @@ err:
 }
 
 static struct ipt_entry *
-new_rule(struct connman_iptables *table,
+new_rule(struct connman_iptables *table, struct ipt_ip *ip,
                char *target_name, struct xtables_target *xt_t,
                char *match_name, struct xtables_match *xt_m)
 {
@@ -447,6 +447,8 @@ new_rule(struct connman_iptables *table,
        if (new_entry == NULL)
                return NULL;
 
+       memcpy(&new_entry->ip, ip, sizeof(struct ipt_ip));
+
        new_entry->target_offset = sizeof(struct ipt_entry) + match_size;
        new_entry->next_offset = sizeof(struct ipt_entry) + target_size +
                                                                match_size;
@@ -500,7 +502,8 @@ new_rule(struct connman_iptables *table,
 }
 
 static int
-iptables_add_rule(struct connman_iptables *table, char *chain_name,
+iptables_add_rule(struct connman_iptables *table,
+                               struct ipt_ip *ip, char *chain_name,
                                char *target_name, struct xtables_target *xt_t,
                                char *match_name, struct xtables_match *xt_m)
 {
@@ -511,7 +514,7 @@ iptables_add_rule(struct connman_iptables *table, char *chain_name,
        if (chain_tail == NULL)
                return -EINVAL;
 
-       new_entry = new_rule(table,
+       new_entry = new_rule(table, ip,
                                target_name, xt_t,
                                match_name, xt_m);
        if (new_entry == NULL)
@@ -850,8 +853,9 @@ static int iptables_command(int argc, char *argv[])
        struct connman_iptables *table;
        struct xtables_match *xt_m;
        struct xtables_target *xt_t;
+       struct ipt_ip ip;
        char *table_name, *chain, *new_chain, *match_name, *target_name;
-       int c, ret;
+       int c, ret, in_len, out_len;
        size_t size;
        gboolean dump, invert;
 
@@ -861,6 +865,7 @@ static int iptables_command(int argc, char *argv[])
        dump = FALSE;
        invert = FALSE;
        table_name = chain = new_chain = match_name = target_name = NULL;
+       memset(&ip, 0, sizeof(struct ipt_ip));
        table = NULL;
        xt_m = NULL;
        xt_t = NULL;
@@ -883,6 +888,17 @@ static int iptables_command(int argc, char *argv[])
                        new_chain = optarg;
                        break;
 
+               case 'i':
+                       in_len = strlen(optarg);
+
+                       if (in_len + 1 > IFNAMSIZ)
+                               break;
+
+                       strcpy(ip.iniface, optarg);
+                       memset(ip.iniface_mask, 0xff, in_len + 1);
+
+                       break;
+
                case 'j':
                        target_name = optarg;
                        xt_t = xtables_find_target(target_name, XTF_TRY_LOAD);
@@ -910,9 +926,6 @@ static int iptables_command(int argc, char *argv[])
 
                        break;
 
-               case 'i':
-                       break;
-
                case 'm':
                        match_name = optarg;
 
@@ -939,6 +952,14 @@ static int iptables_command(int argc, char *argv[])
                        break;
 
                case 'o':
+                       out_len = strlen(optarg);
+
+                       if (out_len + 1 > IFNAMSIZ)
+                               break;
+
+                       strcpy(ip.outiface, optarg);
+                       memset(ip.outiface_mask, 0xff, out_len + 1);
+
                        break;
 
                case 't':
@@ -1007,7 +1028,7 @@ static int iptables_command(int argc, char *argv[])
                DBG("Adding %s to %s (match %s)",
                                target_name, chain, match_name);
 
-               ret = iptables_add_rule(table, chain, target_name, xt_t,
+               ret = iptables_add_rule(table, &ip, chain, target_name, xt_t,
                                        match_name, xt_m);
 
                goto out;