Skip to content

Commit 719a6f2

Browse files
Merge pull request #66 from jaredhendrickson13/outbound_nat_protocol_fix
Outbound NAT mapping protocol fix
2 parents 754096d + bd92adf commit 719a6f2

4 files changed

Lines changed: 49 additions & 13 deletions

File tree

pfSense-pkg-API/files/etc/inc/api/models/APIFirewallNATOutboundMappingCreate.inc

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ class APIFirewallNATOutboundMappingCreate extends APIModel {
2828
parent::__construct();
2929
$this->change_note = "Added outbound NAT mapping via API";
3030
$this->privileges = ["page-all", "page-firewall-nat-outbound-edit"];
31-
$this->protocols = ["tcp", "udp", "tcp/udp", "icmp", "esp", "ah", "gre", "ipv6", "igmp", "pim", "ospf"];
31+
$this->protocols = ["any", "tcp", "udp", "tcp/udp", "icmp", "esp", "ah", "gre", "ipv6", "igmp", "pim", "ospf"];
3232
$this->pool_options = ["round-robin", "round-robin sticky-address", "random", "random sticky-address", "source-hash", "bitmask"];
3333
$this->port_supported = false;
3434
$this->pool_source_hash_supported = false;
@@ -65,10 +65,13 @@ class APIFirewallNATOutboundMappingCreate extends APIModel {
6565
if (isset($this->initial_data['protocol'])) {
6666
# Require protocol to be a known/supported protocol
6767
if (in_array($this->initial_data['protocol'], $this->protocols)) {
68-
$this->validated_data["protocol"] = $this->initial_data['protocol'];
69-
# Set our port supported toggle to true if our protocol uses ports
70-
if (in_array($this->validated_data["protocol"], ["tcp", "udp", "tcp/udp"])) {
71-
$this->port_supported = true;
68+
# Only add the protocol if it is not any (XML expects no entry for any)
69+
if ($this->initial_data["protocol"] !== "any") {
70+
$this->validated_data["protocol"] = $this->initial_data['protocol'];
71+
# Set our port supported toggle to true if our protocol uses ports
72+
if (in_array($this->validated_data["protocol"], ["tcp", "udp", "tcp/udp"])) {
73+
$this->port_supported = true;
74+
}
7275
}
7376
} else {
7477
$this->errors[] = APIResponse\get(4089);

pfSense-pkg-API/files/etc/inc/api/models/APIFirewallNATOutboundMappingUpdate.inc

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ class APIFirewallNATOutboundMappingUpdate extends APIModel {
2828
parent::__construct();
2929
$this->change_note = "Modified outbound NAT mapping via API";
3030
$this->privileges = ["page-all", "page-firewall-nat-outbound-edit"];
31-
$this->protocols = ["tcp", "udp", "tcp/udp", "icmp", "esp", "ah", "gre", "ipv6", "igmp", "pim", "ospf"];
31+
$this->protocols = ["any", "tcp", "udp", "tcp/udp", "icmp", "esp", "ah", "gre", "ipv6", "igmp", "pim", "ospf"];
3232
$this->pool_options = ["", "round-robin", "round-robin sticky-address", "random", "random sticky-address", "source-hash", "bitmask"];
3333
$this->port_supported = false;
3434
$this->pool_source_hash_supported = false;
@@ -76,7 +76,12 @@ class APIFirewallNATOutboundMappingUpdate extends APIModel {
7676
if (isset($this->initial_data['protocol'])) {
7777
# Require protocol to be a known/supported protocol
7878
if (in_array($this->initial_data['protocol'], $this->protocols)) {
79-
$this->validated_data["protocol"] = $this->initial_data['protocol'];
79+
# Unset the protocol value if it is any (XML expects no entry for any). Otherwise update value.
80+
if ($this->initial_data["protocol"] === "any") {
81+
unset($this->validated_data["protocol"]);
82+
} else {
83+
$this->validated_data["protocol"] = $this->initial_data['protocol'];
84+
}
8085
} else {
8186
$this->errors[] = APIResponse\get(4089);
8287
}

pfSense-pkg-API/files/etc/inc/api/models/APIInterfaceUpdate.inc

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -53,11 +53,13 @@ class APIInterfaceUpdate extends APIModel {
5353

5454
private function __validate_if() {
5555
if (isset($this->initial_data["if"])) {
56-
$this->validated_data["if"] = trim($this->initial_data["if"]);
57-
// Check that our interface exists and is not in use
58-
if (!array_key_exists($this->initial_data["if"], $this->if_list)) {
56+
$if_info = $this->if_list[$this->initial_data["if"]];
57+
# Return an error if the requested physical interface does not exist
58+
if (empty($if_info)) {
5959
$this->errors[] = APIResponse\get(3000);
60-
} elseif (isset($this->if_list[$this->initial_data["if"]]["in_use"])) {
60+
}
61+
# Return an error if the physical interface is already in use by a different interface object
62+
elseif (isset($if_info["in_use"]) and $if_info["in_use"] !== $this->id) {
6163
$this->errors[] = APIResponse\get(3001);
6264
}
6365
$this->validated_data["if"] = $this->initial_data["if"];

tests/test_api_v1_firewall_nat_outbound_mapping.py

Lines changed: 28 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -31,28 +31,54 @@ class APIUnitTestFirewallNATOutboundMapping(unit_test_framework.APIUnitTest):
3131
"descr": "Unit Test",
3232
"nosync": True,
3333
"top": True
34+
},
35+
{
36+
"interface": "WAN",
37+
"protocol": "any",
38+
"src": "any",
39+
"dst": "1.1.1.1",
40+
"target": "192.168.1.123/24",
41+
"poolopts": "round-robin",
42+
"descr": "Unit Test 2",
43+
"nosync": True,
44+
"top": True
3445
}
3546
]
3647
put_payloads = [
3748
{
3849
"id": 0,
3950
"interface": "WAN",
51+
"protocol": "any",
52+
"src": "any",
53+
"dst": "1.1.1.1",
54+
"target": "192.168.1.123/24",
55+
"poolopts": "round-robin",
56+
"descr": "Updated Unit Test",
57+
"nonat": True,
58+
"disabled": True,
59+
"nosync": True,
60+
"top": True
61+
},
62+
{
63+
"id": 1,
64+
"interface": "WAN",
4065
"protocol": "udp",
4166
"src": "any",
4267
"srcport": "433",
4368
"dst": "1.1.1.1",
4469
"dstport": "443",
4570
"target": "192.168.1.123/24",
46-
"natstaticport": True,
71+
"staticnatport": True,
4772
"poolopts": "round-robin",
4873
"descr": "Updated Unit Test",
49-
"nonat": True,
74+
"nonat": False,
5075
"disabled": True,
5176
"nosync": True,
5277
"top": True
5378
}
5479
]
5580
delete_payloads = [
81+
{"id": 0},
5682
{"id": 0}
5783
]
5884

0 commit comments

Comments
 (0)