mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-28 09:08:48 +01:00
Correct reference accounting when long port lists are split
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
3d616980a6
commit
028fc20741
@ -266,6 +266,7 @@ our $filter_table;
|
|||||||
my $comment;
|
my $comment;
|
||||||
my @comments;
|
my @comments;
|
||||||
my $export;
|
my $export;
|
||||||
|
my $splitcount;
|
||||||
|
|
||||||
#
|
#
|
||||||
# Target Types
|
# Target Types
|
||||||
@ -951,12 +952,14 @@ sub handle_port_list( $$$$$$ ) {
|
|||||||
handle_port_list( $chainref, $newrule, 0, $1, $2, $3 );
|
handle_port_list( $chainref, $newrule, 0, $1, $2, $3 );
|
||||||
} else {
|
} else {
|
||||||
push_rule ( $chainref, $newrule );
|
push_rule ( $chainref, $newrule );
|
||||||
|
$splitcount++;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} elsif ( $dport && $rule =~ /^(.* --sports\s+)([^ ]+)(.*)$/ ) {
|
} elsif ( $dport && $rule =~ /^(.* --sports\s+)([^ ]+)(.*)$/ ) {
|
||||||
handle_port_list( $chainref, $rule, 0, $1, $2, $3 );
|
handle_port_list( $chainref, $rule, 0, $1, $2, $3 );
|
||||||
} else {
|
} else {
|
||||||
push_rule ( $chainref, $rule );
|
push_rule ( $chainref, $rule );
|
||||||
|
$splitcount++;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -966,7 +969,7 @@ sub handle_port_list( $$$$$$ ) {
|
|||||||
sub handle_icmptype_list( $$$$ ) {
|
sub handle_icmptype_list( $$$$ ) {
|
||||||
my ($chainref, $first, $types, $rest) = @_;
|
my ($chainref, $first, $types, $rest) = @_;
|
||||||
my @ports = split ',', $types;
|
my @ports = split ',', $types;
|
||||||
push_rule ( $chainref, join ( '', $first, shift @ports, $rest ) ) while @ports;
|
push_rule ( $chainref, join ( '', $first, shift @ports, $rest ) ), $splitcount++ while @ports;
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -1010,9 +1013,11 @@ sub add_rule($$;$) {
|
|||||||
handle_icmptype_list( $chainref, $first, $types, $rest );
|
handle_icmptype_list( $chainref, $first, $types, $rest );
|
||||||
} else {
|
} else {
|
||||||
push_rule( $chainref, $rule );
|
push_rule( $chainref, $rule );
|
||||||
|
$splitcount++;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
push_rule ( $chainref, $rule );
|
push_rule ( $chainref, $rule );
|
||||||
|
$splitcount++;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
push_rule( $chainref, $rule );
|
push_rule( $chainref, $rule );
|
||||||
@ -4523,6 +4528,10 @@ sub expand_rule( $$$$$$$$$$;$ )
|
|||||||
push @ends, $end;
|
push @ends, $end;
|
||||||
}
|
}
|
||||||
#
|
#
|
||||||
|
# Clear Split Count
|
||||||
|
#
|
||||||
|
$splitcount = 0;
|
||||||
|
#
|
||||||
# Trim disposition
|
# Trim disposition
|
||||||
#
|
#
|
||||||
$disposition =~ s/\s.*//;
|
$disposition =~ s/\s.*//;
|
||||||
@ -5021,9 +5030,12 @@ sub expand_rule( $$$$$$$$$$;$ )
|
|||||||
my $targetref = $chain_table{$table}{$target};
|
my $targetref = $chain_table{$table}{$target};
|
||||||
if ( $targetref ) {
|
if ( $targetref ) {
|
||||||
$targetref->{referenced} = 1;
|
$targetref->{referenced} = 1;
|
||||||
|
|
||||||
|
for ( my $i = 0; $i < $splitcount; $i++ ) {
|
||||||
add_reference $fromref, $targetref;
|
add_reference $fromref, $targetref;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
while ( @ends ) {
|
while ( @ends ) {
|
||||||
decr_cmd_level $chainref;
|
decr_cmd_level $chainref;
|
||||||
|
Loading…
Reference in New Issue
Block a user