From 5a864808c03b703fd9073133fd185347703177c7 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Mon, 22 May 2017 17:50:40 +0200
Subject: [PATCH 1/6] firewall.functions: New function get_nf_nat_helpers

This function returns a dict { module: [helper, ..], .. } similar to
get_nf_conntrack_helpers but for NAT helpers only. NAT helpers are not part
of the dict that is returned by get_nf_conntrack_helpers as it only lists
connection tracking helpers.

This is needed for RHBZ#1452681

(cherry picked from commit 577668e9b788e9982e90f331d934aaa8d79cae56)
---
 src/firewall/functions.py | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/src/firewall/functions.py b/src/firewall/functions.py
index 71d39a540754..07e65ab7c7f8 100644
--- a/src/firewall/functions.py
+++ b/src/firewall/functions.py
@@ -25,7 +25,7 @@ __all__ = [ "PY2", "getPortID", "getPortRange", "portStr", "getServiceName",
             "firewalld_is_active", "tempFile", "readfile", "writefile",
             "enable_ip_forwarding", "get_nf_conntrack_helper_setting",
             "set_nf_conntrack_helper_setting", "get_nf_conntrack_helpers",
-            "check_port", "check_address",
+            "get_nf_nat_helpers", "check_port", "check_address",
             "check_single_address", "check_mac", "uniqify", "ppid_of_pid",
             "max_zone_name_len", "checkUser", "checkUid", "checkCommand",
             "checkContext", "joinArgs", "splitArgs",
@@ -351,6 +351,26 @@ def get_nf_conntrack_helpers():
                     helpers.setdefault(module, [ ]).append(helper)
     return helpers
 
+def get_nf_nat_helpers():
+    kver = os.uname()[2]
+    path = "/lib/modules/%s/kernel/net/netfilter/" % kver
+    helpers = { }
+    if os.path.isdir(path):
+        for filename in sorted(os.listdir(path)):
+            if not filename.startswith("nf_nat_"):
+                continue
+            module = filename.split(".")[0]
+            (status, ret) = runProg(COMMANDS["modinfo"], [ module, ])
+            if status != 0:
+                continue
+            alias = None
+            for line in ret.split("\n"):
+                if line.startswith("description:") and "NAT helper" in line:
+                    helper = module.replace("nf_nat_", "")
+                    helper = helper.replace("_", "-")
+                    helpers.setdefault(module, [ ]).append(helper)
+    return helpers
+
 def get_nf_conntrack_helper_setting():
     try:
         return int(readfile("/proc/sys/net/netfilter/nf_conntrack_helper")[0])
-- 
2.12.0