extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-24 03:31:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Remove requirement for XOR

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@626 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2003-07-04 15:08:29 +00:00
parent 807e808318
commit 9a6c36c146
3 changed files with 23 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Shorewall/changelog.txt
View File

@ -29,6 +29,5 @@ Changes since 1.4.5
12) Correct the implementation of destination IP list in DNAT[-] rules. 12) Correct the implementation of destination IP list in DNAT[-] rules.
13) Check for broken shells that don't support "^" in arithmetic 13) Check for shells whose arithmetic support is broken.
expressions or whose arithmetic support is otherwise broken.

35
Shorewall/firewall
View File

@ -2060,7 +2060,7 @@ add_a_rule()
;; ;;
all|ALL) all|ALL)
[ -n "$port" ] && \ [ -n "$port" ] && \
fatal_error "Port number not allowed with \"all\"; rule: \"$rule\"" fatal_error "Port number not allowed with protocol \"all\"; rule: \"$rule\""
proto= proto=
;; ;;
*) *)
@ -2982,7 +2982,7 @@ ip_range() {
# Netmask from CIDR # Netmask from CIDR
# #
ip_netmask() { ip_netmask() {
echo $(( -1 $LEFTSHIFT $((32 - ${1#*/})) )) echo $(( -1 $LEFTSHIFT $(( 32 - ${1#*/} )) ))
} }
# #
@ -2994,15 +2994,30 @@ networkaddress() {
echo `encodeaddr $(($decodedaddr & $netmask))` echo `encodeaddr $(($decodedaddr & $netmask))`
} }
#
# The following hack is supplied to compensate for the fact that many of
# the popular light-weight Bourne shell derivatives don't support XOR ("^").
#
# Note: 2147483647 = 0x7fffffff
ip_broadcast() {
local x=$(( ${1#*/} - 1 ))
[ $x -eq -1 ] && echo -1 || echo $(( 2147483647 >> $x ))
}
# #
# Calculate broadcast address from CIDR # Calculate broadcast address from CIDR
# #
broadcastaddress() { broadcastaddress() {
local decodedaddr=`decodeaddr ${1%/*}` local decodedaddr=`decodeaddr ${1%/*}`
local netmask=`ip_netmask $1` local netmask=`ip_netmask $1`
local broadcast=`ip_broadcast $1`
echo `encodeaddr $(( $(($decodedaddr & $netmask)) | $(( $netmask ^ -1 )) ))` echo `encodeaddr $(( $(($decodedaddr & $netmask)) | $broadcast ))`
} }
# #
# Test for subnet membership # Test for subnet membership
# #
@ -3012,6 +3027,7 @@ in_subnet() # $1 = IP address, $2 = CIDR network
test $(( `decodeaddr $1` & $netmask)) -eq $(( `decodeaddr ${2%/*}` & $netmask )) test $(( `decodeaddr $1` & $netmask)) -eq $(( `decodeaddr ${2%/*}` & $netmask ))
} }
# #
# Set up Source NAT (including masquerading) # Set up Source NAT (including masquerading)
# #
@ -4608,18 +4624,7 @@ added_param_value_no() # $1 = Parameter Name, $2 = Parameter value
# Initialize this program # Initialize this program
# #
do_initialize() { do_initialize() {
#
# Code to determine if shell can support xor
#
check_xor() {
echo $(( 256 ^ -1 ))
}
check_xor1() {
local x=`check_xor 2> /dev/null`
[ -n "$x" ] && echo $x || echo 0
}
# Run all utility programs using the C locale # Run all utility programs using the C locale
# #
# Thanks to Vincent Planchenault for this tip # # Thanks to Vincent Planchenault for this tip #
@ -4829,7 +4834,7 @@ do_initialize() {
[ -n "$SHOREWALL_SHELL" ] || SHOREWALL_SHELL=/bin/sh [ -n "$SHOREWALL_SHELL" ] || SHOREWALL_SHELL=/bin/sh
temp=`decodeaddr 192.168.1.1` temp=`decodeaddr 192.168.1.1`
if [ `encodeaddr $temp` != 192.168.1.1 -o `check_xor1` -ne -257 ]; then if [ `encodeaddr $temp` != 192.168.1.1 ]; then
startup_error "Shell $SHOREWALL_SHELL is broken and may not be used with Shorewall" startup_error "Shell $SHOREWALL_SHELL is broken and may not be used with Shorewall"
fi fi
} }

24
Shorewall/releasenotes.txt
View File

@ -1,4 +1,4 @@
This is a snapshot release of Shorewall. This is a minor release of Shorewall.
Problems Corrected: Problems Corrected:
@ -6,31 +6,11 @@ Problems Corrected:
errors when started using the "service" mechanism has been worked errors when started using the "service" mechanism has been worked
around. around.
2) A problem introduced in earlier snapshots has been corrected. This 2) Where a list of IP addresses appears in the DEST column of a DNAT[-]
problem caused incorrect netfilter rules to be created when the
destination zone in a rule was qualified by an address in CIDR
format.
Example:
ACCEPT fw net:206.124.146.0/24 tcp pop3
3) A problem introduced in Snapshot 20030629 has been corrected whereby
the output of the capabilities report was corrupted in the case
where the capability was not available.
4) Where a list of IP addresses appears in the DEST column of a DNAT[-]
rule, Shorewall incorrectly created multiple DNAT rules in the nat rule, Shorewall incorrectly created multiple DNAT rules in the nat
table (one for each element in the list). Shorewall now correctly table (one for each element in the list). Shorewall now correctly
creates a single DNAT rule with multiple "--to-destination" clauses. creates a single DNAT rule with multiple "--to-destination" clauses.
Migration Considerations:
This version of Shorewall uses shell features that aren't available
in all shells. Before you upgrade to this version of Shorewall, you
should download and run the 'shellcheck.sh' script from
http://shorewall.net/pub/shorewall/misc.
New Features: New Features:
1) A 'newnotsyn' interface option has been added. This option may be 1) A 'newnotsyn' interface option has been added. This option may be