extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-01 15:35:50 +02:00
Code Issues Packages Projects Releases Wiki Activity

Uniform handling of VLSM width.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-03-23 09:19:26 -07:00
parent 536fea27a5
commit 0c30e7c013
3 changed files with 21 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
Shorewall/Perl/Shorewall/IPAddrs.pm
View File

@ -48,6 +48,9 @@ our @EXPORT = ( qw( ALLIPv4
ALLIP ALLIP
NILIP NILIP
ALL ALL
VLSMv4
VLSMv6
VLSM
valid_address valid_address
validate_address validate_address
@ -89,6 +92,7 @@ our @nilipv4 = ( '0.0.0.0' );
our @nilipv6 = ( '::' ); our @nilipv6 = ( '::' );
our $nilip; our $nilip;
our @nilip; our @nilip;
our $vlsm_width;
our $valid_address; our $valid_address;
our $validate_address; our $validate_address;
our $validate_net; our $validate_net;
@ -110,6 +114,8 @@ use constant { ALLIPv4 => '0.0.0.0/0' ,
IPv6_LINK_ALLRTRS => 'ff01::2' , IPv6_LINK_ALLRTRS => 'ff01::2' ,
IPv6_SITE_ALLNODES => 'ff02::1' , IPv6_SITE_ALLNODES => 'ff02::1' ,
IPv6_SITE_ALLRTRS => 'ff02::2' , IPv6_SITE_ALLRTRS => 'ff02::2' ,
VLSMv4 => 32,
VLSMv6 => 128,
}; };
our @rfc1918_networks = ( "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" ); our @rfc1918_networks = ( "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" );
@ -120,7 +126,7 @@ our @rfc1918_networks = ( "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" );
sub vlsm_to_mask( $ ) { sub vlsm_to_mask( $ ) {
my $vlsm = $_[0]; my $vlsm = $_[0];
in_hex8 ( ( 0xFFFFFFFF << ( 32 - $vlsm ) ) & 0xFFFFFFFF ); in_hex8 ( ( 0xFFFFFFFF << ( VLSMv4 - $vlsm ) ) & 0xFFFFFFFF );
} }
sub valid_4address( $ ) { sub valid_4address( $ ) {
@ -215,14 +221,14 @@ sub validate_4net( $$ ) {
} }
if ( defined $vlsm ) { if ( defined $vlsm ) {
fatal_error "Invalid VLSM ($vlsm)" unless $vlsm =~ /^\d+$/ && $vlsm <= 32; fatal_error "Invalid VLSM ($vlsm)" unless $vlsm =~ /^\d+$/ && $vlsm <= VLSMv4;
fatal_error "Invalid Network address ($_[0])" if defined $rest; fatal_error "Invalid Network address ($_[0])" if defined $rest;
fatal_error "Invalid IP address ($net)" unless valid_4address $net; fatal_error "Invalid IP address ($net)" unless valid_4address $net;
} else { } else {
fatal_error "Invalid Network address ($_[0])" if $_[0] =~ '/' || ! defined $net; fatal_error "Invalid Network address ($_[0])" if $_[0] =~ '/' || ! defined $net;
my $net1 = validate_4address $net, $allow_name; my $net1 = validate_4address $net, $allow_name;
$net = $net1 unless $config{DEFER_DNS_RESOLUTION}; $net = $net1 unless $config{DEFER_DNS_RESOLUTION};
$vlsm = 32; $vlsm = VLSMv4;
} }
if ( defined wantarray ) { if ( defined wantarray ) {
@ -230,7 +236,7 @@ sub validate_4net( $$ ) {
assert( ! $allow_name ); assert( ! $allow_name );
( decodeaddr( $net ) , $vlsm ); ( decodeaddr( $net ) , $vlsm );
} elsif ( valid_4address $net ) { } elsif ( valid_4address $net ) {
$vlsm == 32 ? $net : "$net/$vlsm"; $vlsm == VLSMv4 ? $net : "$net/$vlsm";
} else { } else {
$net; $net;
} }
@ -675,14 +681,14 @@ sub validate_6net( $$ ) {
if ( defined $vlsm ) { if ( defined $vlsm ) {
fatal_error "Invalid VLSM ($vlsm)" unless $vlsm =~ /^\d+$/ && $vlsm <= 128; fatal_error "Invalid VLSM ($vlsm)" unless $vlsm =~ /^\d+$/ && $vlsm <= VLSMv6;
fatal_error "Invalid Network address ($_[0])" if defined $rest; fatal_error "Invalid Network address ($_[0])" if defined $rest;
fatal_error "Invalid IPv6 address ($net)" unless valid_6address $net; fatal_error "Invalid IPv6 address ($net)" unless valid_6address $net;
} else { } else {
fatal_error "Invalid Network address ($_[0])" if $_[0] =~ '/'; fatal_error "Invalid Network address ($_[0])" if $_[0] =~ '/';
my $net1 = validate_6address $net, $allow_name; my $net1 = validate_6address $net, $allow_name;
$net = $net1 unless $config{DEFER_DNS_RESOLUTION}; $net = $net1 unless $config{DEFER_DNS_RESOLUTION};
$vlsm = 128; $vlsm = VLSMv6;
} }
if ( defined wantarray ) { if ( defined wantarray ) {
@ -690,7 +696,7 @@ sub validate_6net( $$ ) {
assert( ! $allow_name ); assert( ! $allow_name );
( $net , $vlsm ); ( $net , $vlsm );
} elsif ( valid_6address ( $net ) ) { } elsif ( valid_6address ( $net ) ) {
$vlsm == 128 ? $net : "$net/$vlsm"; $vlsm == VLSMv6 ? $net : "$net/$vlsm";
} else { } else {
$net; $net;
} }
@ -812,6 +818,10 @@ sub nilip() {
@nilip; @nilip;
} }
sub VLSM() {
$vlsm_width;
}
sub valid_address ( $ ) { sub valid_address ( $ ) {
$valid_address->(@_); $valid_address->(@_);
} }
@ -854,6 +864,7 @@ sub initialize( $ ) {
@allip = @allipv4; @allip = @allipv4;
$nilip = NILIPv4; $nilip = NILIPv4;
@nilip = @nilipv4; @nilip = @nilipv4;
$vlsm_width = VLSMv4;
$valid_address = \&valid_4address; $valid_address = \&valid_4address;
$validate_address = \&validate_4address; $validate_address = \&validate_4address;
$validate_net = \&validate_4net; $validate_net = \&validate_4net;
@ -865,6 +876,7 @@ sub initialize( $ ) {
@allip = @allipv6; @allip = @allipv6;
$nilip = NILIPv6; $nilip = NILIPv6;
@nilip = @nilipv6; @nilip = @nilipv6;
$vlsm_width = VLSMv6;
$valid_address = \&valid_6address; $valid_address = \&valid_6address;
$validate_address = \&validate_6address; $validate_address = \&validate_6address;
$validate_net = \&validate_6net; $validate_net = \&validate_6net;

2
Shorewall/Perl/Shorewall/Misc.pm
View File

@ -1039,7 +1039,7 @@ sub add_common_rules ( $ ) {
add_ijump( $filter_table->{input_chain( $interface ) } , add_ijump( $filter_table->{input_chain( $interface ) } ,
j => 'ACCEPT' , j => 'ACCEPT' ,
p => "udp --dport $ports" , p => "udp --dport $ports" ,
s => NILIPv4 . '/32' ); s => NILIPv4 . '/' . VLSMv4 );
} }
} }
} }

2
Shorewall/Perl/Shorewall/Providers.pm
View File

@ -1147,7 +1147,7 @@ sub add_a_route( ) {
fatal_error "You may not add routes to the $provider table" if $number == LOCAL_TABLE || $number == UNSPEC_TABLE; fatal_error "You may not add routes to the $provider table" if $number == LOCAL_TABLE || $number == UNSPEC_TABLE;
$dest .= join( '', '/', $family == 4 ? '32' : '128' ) unless $dest =~ '/'; $dest .= join( '', '/', VLSM ) unless $dest =~ '/';
if ( $routedests->{$dest} ) { if ( $routedests->{$dest} ) {
fatal_error "Duplicate DEST ($dest) in table ($provider)"; fatal_error "Duplicate DEST ($dest) in table ($provider)";