diff --git a/source/firewall/firewall_ipv6.c b/source/firewall/firewall_ipv6.c index 57f4a705..57421e0c 100644 --- a/source/firewall/firewall_ipv6.c +++ b/source/firewall/firewall_ipv6.c @@ -187,10 +187,6 @@ int numifs = sizeof(ifnames) / sizeof(*ifnames); #define V6_PORTSCANPROTECT "v6_PortScanProtect" #define V6_IPFLOODDETECT "v6_IPFloodDetect" -#ifdef _ONESTACK_PRODUCT_REQ_ -#define COSA_DML_DHCPV6_CLIENT_IFNAME "erouter0" -#define COSA_DML_DHCPV6C_PREF_SYSEVENT_NAME "tr_"COSA_DML_DHCPV6_CLIENT_IFNAME"_dhcpv6_client_v6pref" -#endif /* **************************************************************** * IPv6 Firewall * @@ -496,6 +492,10 @@ void do_ipv6_filter_table(FILE *fp){ char request[256], response[256], cm_ipv6addr[40]; unsigned int a[16] = {0}; #endif +#if defined (_ONESTACK_PRODUCT_REQ_) + char current_wan_interface[64] = {0}; + char sysevent_name[128] = {0}; +#endif fprintf(fp, "*filter\n"); fprintf(fp, ":INPUT ACCEPT [0:0]\n"); @@ -1263,14 +1263,16 @@ void do_ipv6_filter_table(FILE *fp){ #ifdef _ONESTACK_PRODUCT_REQ_ if(isFeatureSupportedInCurrentMode(FEATURE_IPV6_DELEGATION)) { - sysevent_get(sysevent_fd, sysevent_token, COSA_DML_DHCPV6C_PREF_SYSEVENT_NAME, prefix, sizeof(prefix)); + sysevent_get(sysevent_fd, sysevent_token, "current_wan_ifname", current_wan_interface, sizeof(current_wan_interface)); + snprintf(sysevent_name, sizeof(sysevent_name), "tr_%s_dhcpv6_client_v6pref", current_wan_interface); + sysevent_get(sysevent_fd, sysevent_token, sysevent_name, prefix, sizeof(prefix)); } else { - sysevent_get(sysevent_fd, sysevent_token, "ipv6_prefix", prefix, sizeof(prefix)); + sysevent_get(sysevent_fd, sysevent_token, "ipv6_prefix", prefix, sizeof(prefix)); } #else - sysevent_get(sysevent_fd, sysevent_token, "ipv6_prefix", prefix, sizeof(prefix)); + sysevent_get(sysevent_fd, sysevent_token, "ipv6_prefix", prefix, sizeof(prefix)); #endif } @@ -1278,7 +1280,10 @@ void do_ipv6_filter_table(FILE *fp){ #ifdef _ONESTACK_PRODUCT_REQ_ if(isFeatureSupportedInCurrentMode(FEATURE_IPV6_DELEGATION)) { - sysevent_get(sysevent_fd, sysevent_token, COSA_DML_DHCPV6C_PREF_SYSEVENT_NAME, prefix, sizeof(prefix)); + sysevent_get(sysevent_fd, sysevent_token, "current_wan_ifname", current_wan_interface, sizeof(current_wan_interface)); + snprintf(sysevent_name, sizeof(sysevent_name), "tr_%s_dhcpv6_client_v6pref", current_wan_interface); + sysevent_get(sysevent_fd, sysevent_token, sysevent_name, prefix, sizeof(prefix)); + } else { @@ -1300,7 +1305,7 @@ void do_ipv6_filter_table(FILE *fp){ #if defined (_COSA_FOR_BCI_) || defined (_ONESTACK_PRODUCT_REQ_) /* adding forward rule for PD traffic */ #ifdef _ONESTACK_PRODUCT_REQ_ - if(isFeatureSupportedInCurrentMode(FEATURE_IPV6_DELEGATION)) + if (isFeatureSupportedInCurrentMode(FEATURE_IPV6_DELEGATION)) { fprintf(fp, "-A FORWARD -s %s -i %s -j ACCEPT\n", prefix, lan_ifname); if (strncasecmp(firewall_levelv6, "Custom", strlen("Custom")) == 0) @@ -2134,6 +2139,10 @@ typedef enum{ void applyRoutingRules(FILE* fp,ipv6_type type) { FIREWALL_DEBUG("Entering applyRoutingRules, ipv6_type is %d \n" COMMA type); +#if defined (_ONESTACK_PRODUCT_REQ_) + char current_wan_interface[64] = {0}; + char sysevent_name[128] = {0}; +#endif char prefix[64] ; memset(prefix,0,sizeof(prefix)); int i ; @@ -2143,20 +2152,37 @@ void applyRoutingRules(FILE* fp,ipv6_type type) } else { -#ifdef _ONESTACK_PRODUCT_REQ_ - if(isFeatureSupportedInCurrentMode(FEATURE_IPV6_DELEGATION)) + #ifdef _ONESTACK_PRODUCT_REQ_ + if(isFeatureSupportedInCurrentMode(FEATURE_IPV6_DELEGATION)) { - sysevent_get(sysevent_fd, sysevent_token, COSA_DML_DHCPV6C_PREF_SYSEVENT_NAME, prefix, sizeof(prefix)); + sysevent_get(sysevent_fd, sysevent_token, "current_wan_ifname", current_wan_interface, sizeof(current_wan_interface)); + if (current_wan_interface[0] != '\0') + { + snprintf(sysevent_name, sizeof(sysevent_name), "tr_%s_dhcpv6_client_v6pref", current_wan_interface); + sysevent_get(sysevent_fd, sysevent_token, sysevent_name, prefix, sizeof(prefix)); + } + else + { + sysevent_get(sysevent_fd, sysevent_token, "ipv6_prefix", prefix, sizeof(prefix)); + } } else { sysevent_get(sysevent_fd, sysevent_token, "ipv6_prefix", prefix, sizeof(prefix)); } -#else + #else sysevent_get(sysevent_fd, sysevent_token, "ipv6_prefix", prefix, sizeof(prefix)); -#endif + #endif } - if (strlen(prefix) != 0 ) + /* Add firewall rules only if prefix is non-empty and, when IPv6 delegation is enabled, current_wan_interface is also non-empty */ + #ifdef _ONESTACK_PRODUCT_REQ_ + if ((strlen(prefix) != 0) && + (!isFeatureSupportedInCurrentMode(FEATURE_IPV6_DELEGATION) || + (ULA_IPV6 == type) || + (strlen(current_wan_interface) != 0))) + #else + if (strlen(prefix) != 0) + #endif { char *token_pref =NULL; token_pref = strtok(prefix,"/");