uqmi: inherit firewall zone membership to virtual sub interfaces
authorJo-Philipp Wich <jo@mein.io>
Wed, 14 Nov 2018 11:49:45 +0000 (12:49 +0100)
committerKoen Vandeputte <koen.vandeputte@ncentric.com>
Tue, 5 Mar 2019 12:19:43 +0000 (13:19 +0100)
Fix an issue where subinterfaces were not added to the same
firewall zone as their parent.

Fixes: FS#2122
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
package/network/utils/comgt/files/ncm.sh
package/network/utils/uqmi/files/lib/netifd/proto/qmi.sh

index 60b39655ec7d008fadfd55bc79d6a40c5b4db20c..9aaaa25f37f1ae4e38fdfb83cc5a14089fed6cc6 100644 (file)
@@ -146,12 +146,18 @@ proto_ncm_setup() {
        proto_close_data
        proto_send_update "$interface"
 
+       local zone="$(fw3 -q network "$interface" 2>/dev/null)"
+
        [ "$pdptype" = "IP" -o "$pdptype" = "IPV4V6" ] && {
                json_init
                json_add_string name "${interface}_4"
                json_add_string ifname "@$interface"
                json_add_string proto "dhcp"
                proto_add_dynamic_defaults
+               [ -n "$zone" ] && {
+                       json_add_string zone "$zone"
+               }
+               json_close_object
                ubus call network add_dynamic "$(json_dump)"
        }
 
@@ -162,6 +168,10 @@ proto_ncm_setup() {
                json_add_string proto "dhcpv6"
                json_add_string extendprefix 1
                proto_add_dynamic_defaults
+               [ -n "$zone" ] && {
+                       json_add_string zone "$zone"
+               }
+               json_close_object
                ubus call network add_dynamic "$(json_dump)"
        }
 
index 1da98db5ac7b35d39143b8393bff8b1bdcf06d59..f4b30b87eb7970451ab8a638f6c7383d7ce37495 100755 (executable)
@@ -298,6 +298,9 @@ proto_qmi_setup() {
        }
        proto_close_data
        proto_send_update "$interface"
+
+       local zone="$(fw3 -q network "$interface" 2>/dev/null)"
+
        [ -n "$pdh_6" ] && {
                if [ -z "$dhcpv6" -o "$dhcpv6" = 0 ]; then
                        json_load "$(uqmi -s -d $device --set-client-id wds,$cid_6 --get-current-settings)"
@@ -318,6 +321,11 @@ proto_qmi_setup() {
                                proto_add_dns_server "$dns1_6"
                                proto_add_dns_server "$dns2_6"
                        }
+                       [ -n "$zone" ] && {
+                               proto_add_data
+                               json_add_string zone "$zone"
+                               proto_close_data
+                       }
                        proto_send_update "$interface"
                else
                        json_init
@@ -328,6 +336,7 @@ proto_qmi_setup() {
                        proto_add_dynamic_defaults
                        # RFC 7278: Extend an IPv6 /64 Prefix to LAN
                        json_add_string extendprefix 1
+                       [ -n "$zone" ] && json_add_string zone "$zone"
                        json_close_object
                        ubus call network add_dynamic "$(json_dump)"
                fi
@@ -340,6 +349,7 @@ proto_qmi_setup() {
                json_add_string proto "dhcp"
                [ -n "$ip4table" ] && json_add_string ip4table "$ip4table"
                proto_add_dynamic_defaults
+               [ -n "$zone" ] && json_add_string zone "$zone"
                json_close_object
                ubus call network add_dynamic "$(json_dump)"
        }