luci-app-firewall: add SNAT config migration

Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit f1771d14aa)
2020-01-19 19:37:28 +01:00 · 2020-01-19 19:37:28 +01:00 · a2e9e45c6d
commit a2e9e45c6d
parent 03a8ea4edb
5 changed files with 95 additions and 4 deletions
--- a/applications/luci-app-firewall/htdocs/luci-static/resources/tools/firewall.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/tools/firewall.js
@ -590,5 +590,64 @@ return L.Class.extend({

 			return widget.render();
 		}
-	})
+	}),
+
+	checkLegacySNAT: function() {
+		var redirects = uci.sections('firewall', 'redirect');
+
+		for (var i = 0; i < redirects.length; i++)
+			if ((redirects[i]['target'] || '').toLowerCase() == 'snat')
+				return true;
+
+		return false;
+	},
+
+	handleMigration: function(ev) {
+		var redirects = uci.sections('firewall', 'redirect'),
+		    tasks = [];
+
+		var mapping = {
+			dest: 'src',
+			reflection: null,
+			reflection_src: null,
+			src_dip: 'snat_ip',
+			src_dport: 'snat_port',
+			src: null
+		};
+
+		for (var i = 0; i < redirects.length; i++) {
+			if ((redirects[i]['target'] || '').toLowerCase() != 'snat')
+				continue;
+
+			var sid = uci.add('firewall', 'nat');
+
+			for (var opt in redirects[i]) {
+				if (opt.charAt(0) == '.')
+					continue;
+
+				if (mapping[opt] === null)
+					continue;
+
+				uci.set('firewall', sid, mapping[opt] || opt, redirects[i][opt]);
+			}
+
+			uci.remove('firewall', redirects[i]['.name']);
+		}
+
+		return uci.save()
+			.then(L.bind(ui.changes.init, ui.changes))
+			.then(L.bind(ui.changes.apply, ui.changes));
+	},
+
+	renderMigration: function() {
+		ui.showModal(_('Firewall configuration migration'), [
+			E('p', _('The existing firewall configuration needs to be changed for LuCI to function properly.')),
+			E('p', _('Upon pressing "Continue", "redirect" sections with target "SNAT" will be converted to "nat" sections and the firewall will be restarted to apply the updated configuration.')),
+			E('div', { 'class': 'right' },
+				E('button', {
+					'class': 'btn cbi-button-action important',
+					'click': ui.createHandlerFn(this, 'handleMigration')
+				}, _('Continue')))
+		]);
+	},
 });
--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/forwards.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/forwards.js
@ -107,11 +107,19 @@ return L.view.extend({
 		return Promise.all([
 			this.callHostHints(),
 			this.callConntrackHelpers(),
-			this.callNetworkDevices()
+			this.callNetworkDevices(),
+			uci.load('firewall')
 		]);
 	},

 	render: function(data) {
+		if (fwtool.checkLegacySNAT())
+			return fwtool.renderMigration();
+		else
+			return this.renderForwards(data);
+	},
+
+	renderForwards: function(data) {
 		var hosts = data[0],
 		    ctHelpers = data[1],
 		    devs = data[2],
--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js
@ -152,11 +152,19 @@ return L.view.extend({
 	load: function() {
 		return Promise.all([
 			this.callHostHints(),
-			this.callConntrackHelpers()
+			this.callConntrackHelpers(),
+			uci.load('firewall')
 		]);
 	},

 	render: function(data) {
+		if (fwtool.checkLegacySNAT())
+			return fwtool.renderMigration();
+		else
+			return this.renderRules(data);
+	},
+
+	renderRules: function(data) {
 		var hosts = data[0],
 		    ctHelpers = data[1],
 		    m, s, o;
--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/snats.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/snats.js
@ -106,11 +106,19 @@ return L.view.extend({
 	load: function() {
 		return Promise.all([
 			this.callHostHints(),
-			this.callNetworkDevices()
+			this.callNetworkDevices(),
+			uci.load('firewall')
 		]);
 	},

 	render: function(data) {
+		if (fwtool.checkLegacySNAT())
+			return fwtool.renderMigration();
+		else
+			return this.renderNats(data);
+	},
+
+	renderNats: function(data) {
 		var hosts = data[0],
 		    devs = data[1],
 		    m, s, o;
--- a/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js
+++ b/applications/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js
@ -4,6 +4,7 @@
 'require form';
 'require network';
 'require firewall';
+'require tools.firewall as fwtool';
 'require tools.widgets as widgets';

 return L.view.extend({
@ -21,6 +22,13 @@ return L.view.extend({
 	},

 	render: function(data) {
+		if (fwtool.checkLegacySNAT())
+			return fwtool.renderMigration();
+		else
+			return this.renderZones(data);
+	},
+
+	renderZones: function(data) {
 		var ctHelpers = data[0],
 		    fwDefaults = data[1],
 		    m, s, o, inp, out;