From 82fc13d3c2c9456607ac83885615c07a2c994240 Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jow@openwrt.org>
Date: Wed, 16 May 2012 13:03:54 +0000
Subject: [PATCH] firewall: fix nat reflection after netifd switch (#11460)

SVN-Revision: 31754
---
 package/firewall/Makefile                 |  2 +-
 package/firewall/files/reflection.hotplug | 36 +++++++++++++++++++++--
 2 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/package/firewall/Makefile b/package/firewall/Makefile
index 373baae5f8..e7a308f3c5 100644
--- a/package/firewall/Makefile
+++ b/package/firewall/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=firewall
 
 PKG_VERSION:=2
-PKG_RELEASE:=49
+PKG_RELEASE:=50
 
 include $(INCLUDE_DIR)/package.mk
 
diff --git a/package/firewall/files/reflection.hotplug b/package/firewall/files/reflection.hotplug
index 1feb21075a..73d9c61df8 100644
--- a/package/firewall/files/reflection.hotplug
+++ b/package/firewall/files/reflection.hotplug
@@ -1,9 +1,38 @@
 #!/bin/sh
 
 . /etc/functions.sh
+. /usr/share/libubox/jshn.sh
+
+find_iface_address()
+{
+	local iface="$1"
+	local ipaddr="$2"
+	local prefix="$3"
+
+	local tmp="$(ubus call network.interface."$iface" status 2>/dev/null)"
+
+	json_load "${tmp:-{}}"
+	json_get_type tmp address
+
+	if [ "$tmp" = array ]; then
+
+		json_select address
+		json_get_type tmp 1
+
+		if [ "$tmp" = object ]; then
+
+			json_select 1
+			[ -n "$ipaddr" ] && json_get_var "$ipaddr" address
+			[ -n "$prefix" ] && json_get_var "$prefix" mask
+
+		fi
+	fi
+}
 
 if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "wan" ]; then
-	local wanip=$(uci -P/var/state get network.wan.ipaddr)
+	local wanip
+	find_iface_address wan wanip
+	[ -n "$wanip" ] || return
 
 	iptables -t nat -F nat_reflection_in 2>/dev/null || {
 		iptables -t nat -N nat_reflection_in
@@ -60,8 +89,9 @@ if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "wan" ]; then
 
 			local net
 			for net in $(find_networks "$dest"); do
-				local lanip=$(uci -P/var/state get network.$net.ipaddr)
-				local lanmk=$(uci -P/var/state get network.$net.netmask)
+				local lanip lanmk
+				find_iface_address "$net" lanip lanmk
+				[ -n "$lanip" ] || return
 
 				local proto
 				config_get proto "$cfg" proto
-- 
2.30.2