From 4756d4ef139cd3d6951e8b04023dd03b16085640 Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 19 Mar 2008 22:40:03 +0000 Subject: [PATCH] Eliminate vlsm_to_mask table git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8311 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-perl/Shorewall/IPAddrs.pm | 40 +++++------------------------ Shorewall-perl/Shorewall/Tc.pm | 14 +++++----- 2 files changed, 13 insertions(+), 41 deletions(-) diff --git a/Shorewall-perl/Shorewall/IPAddrs.pm b/Shorewall-perl/Shorewall/IPAddrs.pm index 63af9be5e..0029e8c9c 100644 --- a/Shorewall-perl/Shorewall/IPAddrs.pm +++ b/Shorewall-perl/Shorewall/IPAddrs.pm @@ -64,39 +64,11 @@ use constant { ALLIPv4 => '0.0.0.0/0' , ICMP => 1, TCP => 6, UDP => 17 , SCTP => our @rfc1918_networks = ( "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" ); -our @vlsm_to_mask = ( '0x00000000' , - '0x80000000' , - '0xC0000000' , - '0xE0000000' , - '0xF0000000' , - '0xF8000000' , - '0xFC000000' , - '0xFE000000' , - '0xFF000000' , - '0xFF800000' , - '0xFFC00000' , - '0xFFE00000' , - '0xFFF00000' , - '0xFFF80000' , - '0xFFFC0000' , - '0xFFFE0000' , - '0xFFFF0000' , - '0xFFFF8000' , - '0xFFFFC000' , - '0xFFFFE000' , - '0xFFFFF000' , - '0xFFFFF800' , - '0xFFFFFC00' , - '0xFFFFFE00' , - '0xFFFFFF00' , - '0xFFFFFF80' , - '0xFFFFFFC0' , - '0xFFFFFFE0' , - '0xFFFFFFF0' , - '0xFFFFFFF8' , - '0xFFFFFFFC' , - '0xFFFFFFFE' , - '0xFFFFFFFF' ); +sub vlsm_to_mask( $ ) { + my $vlsm = $_[0]; + + in_hex8 ( ( 0xFFFFFFFF << ( 32 - $vlsm ) ) && 0xFFFFFFFF ); +} sub valid_address( $ ) { my $address = $_[0]; @@ -230,7 +202,7 @@ sub decompose_net( $ ) { ( $net, my $vlsm ) = validate_net( $net , 0 ); - ( in_hex8( $net ) , $vlsm_to_mask[ $vlsm ] ); + ( in_hex8( $net ) , vlsm_to_mask( $vlsm ) ); } diff --git a/Shorewall-perl/Shorewall/Tc.pm b/Shorewall-perl/Shorewall/Tc.pm index dfc89e17e..92625c3bf 100644 --- a/Shorewall-perl/Shorewall/Tc.pm +++ b/Shorewall-perl/Shorewall/Tc.pm @@ -552,7 +552,7 @@ sub process_tc_filter( $$$$$$ ) { if ( $protonumber ) { my $pnumber = in_hex2 $protonumber; - $rule .= "\\\n match u8 $pnumber 0xFF at 9"; + $rule .= "\\\n match u8 $pnumber 0xff at 9"; } } @@ -585,21 +585,21 @@ sub process_tc_filter( $$$$$$ ) { $icmptype = in_hex2 numeric_value $icmptype; $icmpcode = in_hex2 numeric_value $icmpcode if defined $icmpcode; - $rule .= "\\\n match u8 $icmptype 0xFF at nexthdr+0"; - $rule .= "\\\n match u8 $icmpcode 0xFF at nexthdr+1" if defined $icmpcode; + $rule .= "\\\n match u8 $icmptype 0xff at nexthdr+0"; + $rule .= "\\\n match u8 $icmpcode 0xff at nexthdr+1" if defined $icmpcode; } else { my $portnumber = in_hex8 validate_port( $protonumber , $port ); - $rule .= "\\\n match u32 $portnumber 0x0000FFFF at nexthdr+0"; + $rule .= "\\\n match u32 $portnumber 0x0000ffff at nexthdr+0"; } } unless ( $sport eq '-' ) { fatal_error "Only TCP, UDP and SCTP may specify SOURCE PORT" unless $protonumber == TCP || $protonumber == UDP || $protonumber == SCTP; - my $portnumber = in_hex8 validate_port( $protonumber , $sport ); - $portnumber =~ s/0x0000/0x/; - $rule .= "\\\n match u32 ${portnumber}0000 0xFFFF0000 at nexthdr+0"; + my $portnumber = in_hex4 validate_port( $protonumber , $sport ); + + $rule .= "\\\n match u32 ${portnumber}0000 0xffff0000 at nexthdr+0"; } }