extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-10 23:58:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Correct IPv6 Address Range parsing

Browse Source 
Previously, such ranges were required to be of the form [<addr1>-<addr2>]
rather than the more standard form [<addr1>]-[<addr2>]. In the snat file
(and in nat actions), the latter form was actually flagged as an error
while in other contexts, it resulted in a less obvious error being raised.

With this change, both forms are accepted.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2019-12-23 10:02:48 -08:00
parent 77cad81ba7
commit 08da235896
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
3 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -7655,11 +7655,13 @@ sub isolate_source_interface( $ ) {
) { ) {
$iiface = $1; $iiface = $1;
$inets = $2; $inets = $2;
$inets =~ s/\]-\[/-/;
} elsif ( $source =~ /:/ ) { } elsif ( $source =~ /:/ ) {
if ( $source =~ /^\[(?:.+),\[(?:.+)\]$/ ){ if ( $source =~ /^\[(?:.+),\[(?:.+)\]$/ ){
$inets = $source; $inets = $source;
} elsif ( $source =~ /^\[(.+)\]$/ ) { } elsif ( $source =~ /^\[(.+)\]$/ ) {
$inets = $1; $inets = $1;
$inets =~ s/\]-\[/-/;
} else { } else {
$inets = $source; $inets = $source;
} }
@ -7777,6 +7779,7 @@ sub isolate_dest_interface( $$$$ ) {
if ( $dest =~ /^(.+?):(\[(?:.+),\[(?:.+)\])$/ ) { if ( $dest =~ /^(.+?):(\[(?:.+),\[(?:.+)\])$/ ) {
$diface = $1; $diface = $1;
$dnets = $2; $dnets = $2;
$dnets =~ s/\]-\[/-/;
} elsif ( $dest =~ /^(.+?):\[(.+)\]\s*$/ || } elsif ( $dest =~ /^(.+?):\[(.+)\]\s*$/ ||
$dest =~ /^(.+?):(!?\+.+)$/ || $dest =~ /^(.+?):(!?\+.+)$/ ||
$dest =~ /^(.+?):(!?[&%].+)$/ || $dest =~ /^(.+?):(!?[&%].+)$/ ||
@ -7789,6 +7792,7 @@ sub isolate_dest_interface( $$$$ ) {
$dnets = $dest; $dnets = $dest;
} elsif ( $dest =~ /^\[(.+)\]$/ ) { } elsif ( $dest =~ /^\[(.+)\]$/ ) {
$dnets = $1; $dnets = $1;
$dnets =~ s/\]-\[/-/;
} else { } else {
$dnets = $dest; $dnets = $dest;
} }

4
Shorewall/Perl/Shorewall/Nat.pm
View File

@ -316,9 +316,9 @@ sub process_one_masq1( $$$$$$$$$$$ )
fatal_error "Invalid IPv6 Address ($addr)" unless $addr =~ /^\[(.+)\]$/; fatal_error "Invalid IPv6 Address ($addr)" unless $addr =~ /^\[(.+)\]$/;
$addr = $1; $addr = $1;
$addr =~ s/\]-\[/-/;
if ( $addr =~ /^(.+)-(.+)$/ ) { if ( $addr =~ /^(.+)-(.+)$/ ) {
fatal_error "Correct address range syntax is '[<addr1>-<addr2>]'" if $addr =~ /]-\[/;
validate_range( $1, $2 ); validate_range( $1, $2 );
} else { } else {
validate_address $addr, 0; validate_address $addr, 0;
@ -930,7 +930,7 @@ sub handle_nat_rule( $$$$$$$$$$$$$ ) {
if ( $server =~ /^\[(.+)\]$/ ) { if ( $server =~ /^\[(.+)\]$/ ) {
$server = $1; $server = $1;
fatal_error "Correct address range syntax is '[<addr1>-<addr2>]'" if $server =~ /]-\[/; $server =~ s/\]-\[/-/;
assert( $server =~ /^(.+)-(.+)$/ ); assert( $server =~ /^(.+)-(.+)$/ );
( $addr1, $addr2 ) = ( $1, $2 ); ( $addr1, $addr2 ) = ( $1, $2 );
} }

2
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -5767,9 +5767,9 @@ sub process_snat1( $$$$$$$$$$$$ ) {
fatal_error "Invalid IPv6 Address ($addr)" unless $addr =~ /^\[(.+)\]$/; fatal_error "Invalid IPv6 Address ($addr)" unless $addr =~ /^\[(.+)\]$/;
$addr = $1; $addr = $1;
$addr =~ s/\]-\[/-/;
if ( $addr =~ /^(.+)-(.+)$/ ) { if ( $addr =~ /^(.+)-(.+)$/ ) {
fatal_error "Correct address range syntax is '[<addr1>-<addr2>]'" if $addr =~ /]-\[/;
validate_range( $1, $2 ); validate_range( $1, $2 );
} else { } else {
validate_address $addr, 0; validate_address $addr, 0;