mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-23 22:18:57 +01:00
In copy_rules(), handle the unlikely case where both chains have blacklist jumps.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
f7db24f756
commit
74abd4ad54
@ -610,7 +610,9 @@ sub add_reference ( $$ ) {
|
||||
# Chain reference , Rule Number, Rule
|
||||
#
|
||||
# In the first function, the rule number is zero-relative. In the second function,
|
||||
# the rule number is one-relative.
|
||||
# the rule number is one-relative. In the first function, if the rule number is < 0, then
|
||||
# the rule is a jump to a blacklist chain (blacklst or blackout). The rule will be
|
||||
# inserted at the front of the chain and the chain's 'blacklist' member is incremented.
|
||||
#
|
||||
sub insert_rule1($$$)
|
||||
{
|
||||
@ -692,7 +694,7 @@ sub increment_reference_count( $$ ) {
|
||||
#
|
||||
# The rules generated by interface options are added to the interfaces's input chain and
|
||||
# forward chain. Shorewall::Rules::generate_matrix() may decide to move those rules to
|
||||
# the head of a rules chain (behind any blacklist rules already there).
|
||||
# the head of a rules chain (behind any blacklist rule already there).
|
||||
|
||||
sub move_rules( $$ ) {
|
||||
my ($chain1, $chain2 ) = @_;
|
||||
@ -759,6 +761,11 @@ sub copy_rules( $$ ) {
|
||||
|
||||
my $last = pop @$rules2; # Delete the jump to chain1
|
||||
|
||||
if ( $blacklist2 && $blacklist1 ) {
|
||||
shift @rules1;
|
||||
assert( ! --$chain1->{blacklist} );
|
||||
$blacklist1 = 0;
|
||||
}
|
||||
#
|
||||
# Chain2 is now a referent of all of Chain1's targets
|
||||
#
|
||||
@ -767,14 +774,14 @@ sub copy_rules( $$ ) {
|
||||
}
|
||||
|
||||
if ( $blacklist1 ) {
|
||||
if ( $debug ) {
|
||||
my $rule = @$rules2;
|
||||
trace( $chain2, 'A', ++$rule, $_ ) for @rules1;
|
||||
}
|
||||
assert( $blacklist1 == 1 );
|
||||
|
||||
splice @$rules2, $blacklist2, 0, splice( @rules1, 0, $blacklist1 );
|
||||
trace( $chain2, 'A', 1 , $rules1[0]) if $debug;
|
||||
|
||||
$chain2->{blacklist} += $blacklist1;
|
||||
unshift @$rules2, shift @rules1;
|
||||
|
||||
$chain1->{blacklist} = 0;
|
||||
$chain2->{blacklist} = 1;
|
||||
}
|
||||
|
||||
if ( $debug ) {
|
||||
|
Loading…
Reference in New Issue
Block a user