From b40b19e1de852aee5b1a53a26c8fb0e3e00b6a71 Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Fri, 20 Sep 2019 09:48:07 -0400
Subject: [PATCH 105/109] fix: service: usage of helpers with '-' in name

Fixes: 8c65bda2a750 ("fix: allow custom helpers using standard helper modules")
(cherry picked from commit 28f3e6a83167ca2798157fd6e2c752b296c72830)
(cherry picked from commit 98e77f8fb8fd6e72e71eb1267ea5ccbc0563cb83)
---
 src/firewall/core/fw_zone.py | 6 +++---
 src/firewall/functions.py    | 6 ++++--
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
index c096e3efe028..e7be779ebc8c 100644
--- a/src/firewall/core/fw_zone.py
+++ b/src/firewall/core/fw_zone.py
@@ -25,7 +25,7 @@ from firewall.core.base import SHORTCUTS, DEFAULT_ZONE_TARGET, \
 from firewall.core.logger import log
 from firewall.functions import portStr, checkIPnMask, checkIP6nMask, \
     checkProtocol, enable_ip_forwarding, check_single_address, check_mac, \
-    portInPortRange
+    portInPortRange, get_nf_conntrack_short_name
 from firewall.core.rich import Rich_Rule, Rich_Accept, \
     Rich_Mark, Rich_Service, Rich_Port, Rich_Protocol, \
     Rich_Masquerade, Rich_ForwardPort, Rich_SourcePort, Rich_IcmpBlock, \
@@ -1609,7 +1609,7 @@ class FirewallZone(object):
                         modules = [ ]
                         for helper in helpers:
                             module = helper.module
-                            _module_short_name = module.replace("-","_").replace("nf_conntrack_", "")
+                            _module_short_name = get_nf_conntrack_short_name(module)
                             if self._fw.nf_conntrack_helper_setting == 0:
                                 if _module_short_name not in \
                                    self._fw.nf_conntrack_helpers[module]:
@@ -1820,7 +1820,7 @@ class FirewallZone(object):
             if self._fw.nf_conntrack_helper_setting == 0:
                 for helper in helpers:
                     module = helper.module
-                    _module_short_name = module.replace("-","_").replace("nf_conntrack_", "")
+                    _module_short_name = get_nf_conntrack_short_name(module)
                     if _module_short_name not in \
                        self._fw.nf_conntrack_helpers[module]:
                         raise FirewallError(
diff --git a/src/firewall/functions.py b/src/firewall/functions.py
index 5f54a59204b8..ad2166905d1d 100644
--- a/src/firewall/functions.py
+++ b/src/firewall/functions.py
@@ -345,6 +345,9 @@ def enable_ip_forwarding(ipv):
         return writefile("/proc/sys/net/ipv6/conf/all/forwarding", "1\n")
     return False
 
+def get_nf_conntrack_short_name(module):
+    return module.replace("_","-").replace("nf-conntrack-", "")
+
 def get_nf_conntrack_helpers():
     kver = os.uname()[2]
     path = "/lib/modules/%s/kernel/net/netfilter/" % kver
@@ -361,8 +364,7 @@ def get_nf_conntrack_helpers():
             # the we add it to helpers list and goto next module
             if filename.startswith("nf_conntrack_proto_"):
                 helper = filename.split(".")[0].strip()
-                helper = helper.replace("_", "-")
-                helper = helper.replace("nf-conntrack-", "")
+                helper = get_nf_conntrack_short_name(helper)
                 helpers.setdefault(module, [ ]).append(helper)
                 continue
             # Else we get module alias and if "-helper" in the "alias:" line of modinfo
-- 
2.20.1