In copy_rules(), handle the unlikely case where both chains have blacklist jumps.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-09-18 12:26:07 -07:00
parent f7db24f756
commit 74abd4ad54

View File

@ -610,7 +610,9 @@ sub add_reference ( $$ ) {
# Chain reference , Rule Number, Rule
#
# In the first function, the rule number is zero-relative. In the second function,
# the rule number is one-relative.
# the rule number is one-relative. In the first function, if the rule number is < 0, then
# the rule is a jump to a blacklist chain (blacklst or blackout). The rule will be
# inserted at the front of the chain and the chain's 'blacklist' member is incremented.
#
sub insert_rule1($$$)
{
@ -692,7 +694,7 @@ sub increment_reference_count( $$ ) {
#
# The rules generated by interface options are added to the interfaces's input chain and
# forward chain. Shorewall::Rules::generate_matrix() may decide to move those rules to
# the head of a rules chain (behind any blacklist rules already there).
# the head of a rules chain (behind any blacklist rule already there).
sub move_rules( $$ ) {
my ($chain1, $chain2 ) = @_;
@ -759,6 +761,11 @@ sub copy_rules( $$ ) {
my $last = pop @$rules2; # Delete the jump to chain1
if ( $blacklist2 && $blacklist1 ) {
shift @rules1;
assert( ! --$chain1->{blacklist} );
$blacklist1 = 0;
}
#
# Chain2 is now a referent of all of Chain1's targets
#
@ -767,14 +774,14 @@ sub copy_rules( $$ ) {
}
if ( $blacklist1 ) {
if ( $debug ) {
my $rule = @$rules2;
trace( $chain2, 'A', ++$rule, $_ ) for @rules1;
}
assert( $blacklist1 == 1 );
splice @$rules2, $blacklist2, 0, splice( @rules1, 0, $blacklist1 );
trace( $chain2, 'A', 1 , $rules1[0]) if $debug;
$chain2->{blacklist} += $blacklist1;
unshift @$rules2, shift @rules1;
$chain1->{blacklist} = 0;
$chain2->{blacklist} = 1;
}
if ( $debug ) {