Remove requirement for XOR

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@626 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/changelog.txt

@@ -29,6 +29,5 @@ Changes since 1.4.5
 
 12) Correct the implementation of destination IP list in DNAT[-] rules.
 
-13) Check for broken shells that don't support "^" in arithmetic
-    expressions or whose arithmetic support is otherwise broken.
+13) Check for shells whose arithmetic support is broken.
 

Shorewall/firewall

@@ -2060,7 +2060,7 @@ add_a_rule()
 	    ;;
 	all|ALL)
 	    [ -n "$port" ] && \
-		fatal_error "Port number not allowed with \"all\"; rule: \"$rule\""
+		fatal_error "Port number not allowed with protocol \"all\"; rule: \"$rule\""
 	    proto=
 	    ;;
 	*)
@@ -2994,15 +2994,30 @@ networkaddress() {
 
     echo `encodeaddr $(($decodedaddr & $netmask))`
 }
+
+#
+# The following hack is supplied to compensate for the fact that many of
+# the popular light-weight Bourne shell derivatives don't support XOR ("^").
+#
+# Note: 2147483647 = 0x7fffffff
+
+ip_broadcast() {
+    local x=$(( ${1#*/} - 1 ))
+
+    [ $x -eq -1 ] && echo -1 || echo $(( 2147483647 >> $x ))
+}
+
 #
 # Calculate broadcast address from CIDR
 #
 broadcastaddress() {
     local decodedaddr=`decodeaddr ${1%/*}`
     local netmask=`ip_netmask $1`
+    local broadcast=`ip_broadcast $1`
 
-    echo `encodeaddr $(( $(($decodedaddr & $netmask)) | $(( $netmask ^ -1 )) ))`
+    echo `encodeaddr $(( $(($decodedaddr & $netmask)) | $broadcast ))`
 }
+
 #
 # Test for subnet membership
 #
@@ -3012,6 +3027,7 @@ in_subnet() # $1 = IP address, $2 = CIDR network
 
     test $(( `decodeaddr $1` & $netmask)) -eq $(( `decodeaddr ${2%/*}` & $netmask ))
 }
+
 #
 # Set up Source NAT (including masquerading)
 #
@@ -4608,17 +4624,6 @@ added_param_value_no() # $1 = Parameter Name, $2 = Parameter value
 # Initialize this program
 #
 do_initialize() {
-    #
-    # Code to determine if shell can support xor
-    #
-    check_xor() {
-	echo $(( 256 ^ -1 ))
-    }
-    
-    check_xor1() {
-	local x=`check_xor 2> /dev/null`
-	[ -n "$x" ] && echo $x || echo 0
-    }
     
     # Run all utility programs using the C locale
     #
@@ -4829,7 +4834,7 @@ do_initialize() {
     [ -n "$SHOREWALL_SHELL" ] || SHOREWALL_SHELL=/bin/sh
 
     temp=`decodeaddr 192.168.1.1` 
-    if [ `encodeaddr $temp` != 192.168.1.1 -o `check_xor1` -ne -257 ]; then
+    if [ `encodeaddr $temp` != 192.168.1.1 ]; then
 	startup_error "Shell $SHOREWALL_SHELL is broken and may not be used with Shorewall"
     fi
 }

Shorewall/releasenotes.txt

@@ -1,4 +1,4 @@
-This is a snapshot release of Shorewall.
+This is a minor release of Shorewall.
 
 Problems Corrected:
 
@@ -6,31 +6,11 @@ Problems Corrected:
    errors when started using the "service" mechanism has been worked
    around.
 
-2) A problem introduced in earlier snapshots has been corrected. This
-   problem caused incorrect netfilter rules to be created when the
-   destination zone in a rule was qualified by an address in CIDR
-   format.
- 
-   Example:
-
-   ACCEPT  fw  net:206.124.146.0/24   tcp   pop3
-
-3) A problem introduced in Snapshot 20030629 has been corrected whereby
-   the output of the capabilities report was corrupted in the case
-   where the capability was not available.
-
-4) Where a list of IP addresses appears in the DEST column of a DNAT[-]
+2) Where a list of IP addresses appears in the DEST column of a DNAT[-]
    rule, Shorewall incorrectly created multiple DNAT rules in the nat
    table (one for each element in the list). Shorewall now correctly
    creates a single DNAT rule with multiple "--to-destination" clauses.
 
-Migration Considerations:
-
-   This version of Shorewall uses shell features that aren't available
-   in all shells. Before you upgrade to this version of Shorewall, you
-   should download and run the 'shellcheck.sh' script from
-   http://shorewall.net/pub/shorewall/misc.
-
 New Features:
 
 1) A 'newnotsyn' interface option has been added. This option may be