extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-12 04:37:01 +02:00
Code Issues Packages Projects Releases Wiki Activity

Correct arptables_jf MAC handling.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-01-04 17:27:16 -08:00
parent af7b7195d2
commit 97009bad79
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Shorewall/Perl/Shorewall/ARP.pm
View File

@ -39,6 +39,8 @@ our $arp_output;
our $arp_forward; our $arp_forward;
our $sourcemac; our $sourcemac;
our $destmac; our $destmac;
our $addrlen;
our $hw;
our @builtins; our @builtins;
our $arptablesjf; our $arptablesjf;
our @map = ( qw( 0 Request Reply Request_Reverse Reply_Reverse DRARP_Request DRARP_Reply DRARP_Error InARP_Request ARP_NAK ) ); our @map = ( qw( 0 Request Reply Request_Reverse Reply_Reverse DRARP_Request DRARP_Reply DRARP_Error InARP_Request ARP_NAK ) );
@ -105,17 +107,17 @@ sub process_arprule() {
DNAT => sub() { validate_address $newaddr, 0; DNAT => sub() { validate_address $newaddr, 0;
$rule .= "-j mangle --mangle-ip-d $newaddr"; }, $rule .= "-j mangle --mangle-ip-d $newaddr"; },
SMAT => sub() { fatal_error "Invalid MAC address ($newaddr)" unless $newaddr =~ /^(?:[0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}$/; SMAT => sub() { fatal_error "Invalid MAC address ($newaddr)" unless $newaddr =~ /^(?:[0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}$/;
$rule .= "--h-length 6 -j mangle --mangle-mac-s $newaddr"; }, $rule .= "$addrlen 6 -j mangle --mangle-$hw-s $newaddr"; },
DMAT => sub() { fatal_error "Invalid MAC address ($newaddr)" unless $newaddr =~ /^(?:[0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}$/; DMAT => sub() { fatal_error "Invalid MAC address ($newaddr)" unless $newaddr =~ /^(?:[0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}$/;
$rule .= "--h-length 6 -j mangle --mangle-mac-d $newaddr"; }, $rule .= "$addrlen 6 -j mangle --mangle-$hw-d $newaddr"; },
SNATC => sub() { validate_address $newaddr, 0; SNATC => sub() { validate_address $newaddr, 0;
$rule .= "-j mangle --mangle-ip-s $newaddr --mangle-target CONTINUE"; }, $rule .= "-j mangle --mangle-ip-s $newaddr --mangle-target CONTINUE"; },
DNATC => sub() { validate_address $newaddr, 0; DNATC => sub() { validate_address $newaddr, 0;
$rule .= "-j mangle --mangle-ip-d $newaddr --mangle-target CONTINUE"; }, $rule .= "-j mangle --mangle-ip-d $newaddr --mangle-target CONTINUE"; },
SMATC => sub() { fatal_error "Invalid MAC address ($newaddr)" unless $newaddr =~ /^(?:[0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}$/; SMATC => sub() { fatal_error "Invalid MAC address ($newaddr)" unless $newaddr =~ /^(?:[0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}$/;
$rule .= "--h-length 6 -j mangle --mangle-mac-s $newaddr --mangle-target CONTINUE"; }, $rule .= "$addrlen 6 -j mangle --mangle-$hw-s $newaddr --mangle-target CONTINUE"; },
DMATC => sub() { fatal_error "Invalid MAC address ($newaddr)" unless $newaddr =~ /^(?:[0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}$/; DMATC => sub() { fatal_error "Invalid MAC address ($newaddr)" unless $newaddr =~ /^(?:[0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}$/;
$rule .= "--h-length 6 -j mangle --mangle-mac-d $newaddr --mangle-target CONTINUE"; }, $rule .= "$addrlen 6 -j mangle --mangle-$hw-d $newaddr --mangle-target CONTINUE"; },
); );
if ( supplied $newaddr ) { if ( supplied $newaddr ) {
@ -188,6 +190,8 @@ sub process_arprules() {
@builtins = qw( IN OUT FORWARD ); @builtins = qw( IN OUT FORWARD );
$sourcemac = '-z'; $sourcemac = '-z';
$destmac = '-y'; $destmac = '-y';
$addrlen = '--arhln';
$hw = 'hw';
} else { } else {
$arp_input = $arp_table{INPUT} = []; $arp_input = $arp_table{INPUT} = [];
$arp_output = $arp_table{OUTPUT} = []; $arp_output = $arp_table{OUTPUT} = [];
@ -195,6 +199,8 @@ sub process_arprules() {
@builtins = qw( INPUT OUTPUT FORWARD ); @builtins = qw( INPUT OUTPUT FORWARD );
$sourcemac = '--source-mac'; $sourcemac = '--source-mac';
$destmac = '--destination-mac'; $destmac = '--destination-mac';
$addrlen = '--h-length';
$hw = 'mac';
} }
my $fn = open_file 'arprules'; my $fn = open_file 'arprules';