extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 17:58:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Validate classids

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6535 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-06-13 18:40:31 +00:00
parent 8eac917057
commit 6110ef3aa7
2 changed files with 37 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall-common/releasenotes.txt
View File

@ -87,6 +87,10 @@ Other changes in Shorewall 4.0.0 Beta 5.
--directory SHOREWALL_DIR --directory SHOREWALL_DIR
--timestamp TIMESTAMP --timestamp TIMESTAMP
2) When TC_ENABLED=Internal, Shorewall-perl now validates classids in
the MARK/CLASSIFY column of /etc/shorewall/tcrules against the
classes generated by /etc/shorewall/tcclasses.
Migration Considerations: Migration Considerations:
1) You cannot simply upgrade your existing Shorewall package. You must 1) You cannot simply upgrade your existing Shorewall package. You must

57
Shorewall-perl/Shorewall/Tc.pm
View File

@ -119,6 +119,8 @@ our @tccmd = ( { match => sub ( $ ) { $_[0] eq 'SAVE' } ,
} }
); );
our %classids;
sub process_tc_rule( $$$$$$$$$$ ) { sub process_tc_rule( $$$$$$$$$$ ) {
my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = @_; my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = @_;
@ -156,7 +158,12 @@ sub process_tc_rule( $$$$$$$$$$ ) {
$mark = "$mark/0xFF" if $connmark = $tcsref->{connmark}; $mark = "$mark/0xFF" if $connmark = $tcsref->{connmark};
} else { } else {
fatal_error "Invalid MARK ($original_mark)" unless $mark =~ /^([0-9]+|0x[0-9a-f]+)$/ and $designator =~ /^([0-9]+|0x[0-9a-f]+)$/; fatal_error "Invalid MARK ($original_mark)" unless $mark =~ /^([0-9]+|0x[0-9a-f]+)$/ and $designator =~ /^([0-9]+|0x[0-9a-f]+)$/;
if ( $config{TC_ENABLED} eq 'Internal' ) {
fatal_error "Unknown Class ($original_mark)}" unless $classids{$original_mark};
}
$chain = 'tcpost'; $chain = 'tcpost';
$classid = 1; $classid = 1;
$mark = $original_mark; $mark = $original_mark;
@ -462,6 +469,8 @@ sub setup_traffic_shaping() {
my $quantum = calculate_quantum $rate, calculate_r2q( $devref->{out_bandwidth} ); my $quantum = calculate_quantum $rate, calculate_r2q( $devref->{out_bandwidth} );
my $dev = chain_base $device; my $dev = chain_base $device;
$classids{$classid}=$device;
if ( $lastdevice ne $device ) { if ( $lastdevice ne $device ) {
if ( $lastdevice ) { if ( $lastdevice ) {
pop_indent; pop_indent;
@ -522,29 +531,6 @@ sub setup_tc() {
} }
} }
if ( my $fn = open_file 'tcrules' ) {
while ( read_a_line ) {
if ( $first_entry ) {
progress_message2 "$doing $fn...";
require_capability( 'MANGLE_ENABLED' , 'a non-empty tcrules file' , 's' );
$first_entry = 0;
}
my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = split_line1 2, 10, 'tcrules file';
if ( $mark eq 'COMMENT' ) {
process_comment;
} else {
process_tc_rule $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos
}
}
$comment = '';
}
if ( $capabilities{MANGLE_ENABLED} ) { if ( $capabilities{MANGLE_ENABLED} ) {
my $mark_part = ''; my $mark_part = '';
@ -578,6 +564,29 @@ sub setup_tc() {
} elsif ( $config{TC_ENABLED} eq 'Internal' ) { } elsif ( $config{TC_ENABLED} eq 'Internal' ) {
setup_traffic_shaping; setup_traffic_shaping;
} }
if ( my $fn = open_file 'tcrules' ) {
while ( read_a_line ) {
if ( $first_entry ) {
progress_message2 "$doing $fn...";
require_capability( 'MANGLE_ENABLED' , 'a non-empty tcrules file' , 's' );
$first_entry = 0;
}
my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = split_line1 2, 10, 'tcrules file';
if ( $mark eq 'COMMENT' ) {
process_comment;
} else {
process_tc_rule $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos
}
}
$comment = '';
}
} }
1; 1;