From 2f66381a4a628835f73e2fabe3b6e38c807b88d6 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 1 Apr 2019 15:12:25 -0700
Subject: [PATCH] Allow multiple protocols to be specified for a helper

- the protocol list is specified in the %helpers hash as an array reference
  e.g., "[UDP,TCP]". Note that those are protocol *numbers*, not names.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Chains.pm | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index d2b76f3bf..d5920a482 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -5747,10 +5747,25 @@ sub validate_helper( $;$ ) {
 
 	    my $protonum = -1;
 
-	    fatal_error "Unknown PROTO ($proto)" unless defined ( $protonum = resolve_proto( $proto ) );
+	    fatal_error "Unknown PROTO ($proto)" unless $proto eq '-' || defined ( $protonum = resolve_proto( $proto ) );
 
-	    unless ( $protonum == $helper_proto ) {
-		fatal_error "The $helper_base helper requires PROTO=" . (proto_name $helper_proto );
+	    if ( reftype( $helper_proto ) ) {
+		#
+		# More than one protocol allowed with this helper, so $helper_proto is an array reference
+		#
+		my $found;
+		my $names = '';
+
+		for ( @$helper_proto ) {
+		    $names = $names ? join( ',', $names, proto_name( $_ ) ) : proto_name( $_ );
+		    $found = 1 if $protonum == $_;
+		}
+
+		fatal_error "The $helper_base helper requires PROTO to be one of '$names'" unless $found;
+	    } else {
+		unless ( $protonum == $helper_proto ) {
+		    fatal_error "The $helper_base helper requires PROTO=" . (proto_name( $helper_proto ) );
+		}
 	    }
 	}
     } else {