Apply Lennart Sorensen's patch to trunk

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8791 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-23 08:03:11 +01:00 · 2008-10-20 14:34:52 +00:00 · 2008-10-20 14:34:52 +00:00 · 96b02007a1
commit 96b02007a1
parent 0d6186dc50
4 changed files with 24 additions and 1 deletions
--- a/Shorewall-common/changelog.txt
+++ b/Shorewall-common/changelog.txt
@ -10,4 +10,6 @@ Changes in Shorewall 4.2.1

 5) Add time match support.

+6) Applied Lennart Sorensen's patch for length match.
+
 Initial release of Shorewall 4.2.0.
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@ -92,6 +92,10 @@ Problems corrected in Shorewall 4.2.1
    shorewall in some cases. Shorewall now detects when the new syntax
    is accepted and uses it instead.

+4)  The Shorewall-perl implementation of the LENGTH column in
+    /etc/shorewall/tcrules was incomplete with the result that 
+    all LENGTH rules matched. Thanks to Lennart Sorensen for the patch. 
+
 Other changes in Shorewall 4.2.1

 1)  With the recent renewed interest in DOS attacks, it seems
--- a/Shorewall-perl/Shorewall/Chains.pm
+++ b/Shorewall-perl/Shorewall/Chains.pm
@ -123,6 +123,7 @@ our %EXPORT_TAGS = (
 				       do_connlimit
 				       do_time
 				       do_user
+				       do_length
 				       do_tos
 				       do_connbytes
 				       do_helper
@ -1413,6 +1414,16 @@ sub do_helper( $ ) {
    qq(-m helper --helper "$helper");
 }

+#
+# Create a "-m length" match for the passed TOS
+#
+sub do_length( $ ) {
+    my $length = $_[0];
+
+    require_capability( 'LENGTH_MATCH' , 'Your kernel and/or iptables does not have length match support.' , '' );
+    $length ne '-' ? "-m length --length $length " : '';
+}
+
 #
 # Match Source Interface
 #
--- a/Shorewall-perl/Shorewall/Tc.pm
+++ b/Shorewall-perl/Shorewall/Tc.pm
@ -284,7 +284,13 @@ sub process_tc_rule( $$$$$$$$$$$$ ) {

    if ( ( my $result = expand_rule( ensure_chain( 'mangle' , $chain ) ,
 				     $restrictions{$chain} ,
-				     do_proto( $proto, $ports, $sports) . do_user( $user ) . do_test( $testval, $mask ) . do_tos( $tos ) . do_connbytes( $connbytes ) . do_helper( $helper ),
+				     do_proto( $proto, $ports, $sports) . 
+				     do_user( $user ) . 
+				     do_test( $testval, $mask ) . 
+				     do_length( $length ) . 
+				     do_tos( $tos ) . 
+				     do_connbytes( $connbytes ) . 
+				     do_helper( $helper ),
 				     $source ,
 				     $dest ,
 				     '' ,