From 9d4ec13e4743a6b99fd02977563c6996eb971bc0 Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 9 Apr 2008 22:56:23 +0000 Subject: [PATCH] Some editing cleanup git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8410 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-perl/Shorewall/Compiler.pm | 2 +- Shorewall-perl/Shorewall/Config.pm | 13 +++++++++++++ Shorewall-perl/Shorewall/Policy.pm | 8 ++++---- Shorewall-perl/Shorewall/Tc.pm | 9 ++++++--- 4 files changed, 24 insertions(+), 8 deletions(-) diff --git a/Shorewall-perl/Shorewall/Compiler.pm b/Shorewall-perl/Shorewall/Compiler.pm index df6f3f1d4..cc7f43d15 100644 --- a/Shorewall-perl/Shorewall/Compiler.pm +++ b/Shorewall-perl/Shorewall/Compiler.pm @@ -728,7 +728,7 @@ sub compiler { sub edit_verbosity( $ ) { my $val = numeric_value( shift ); - defined($val) && ($val >= -1) && ($val < 3); + defined($val) && ($val >= MIN_VERBOSITY) && ($val <= MAX_VERBOSITY); } my %parms = ( object => { store => \$objectfile }, diff --git a/Shorewall-perl/Shorewall/Config.pm b/Shorewall-perl/Shorewall/Config.pm index 47d3ccd3c..e93816e0e 100644 --- a/Shorewall-perl/Shorewall/Config.pm +++ b/Shorewall-perl/Shorewall/Config.pm @@ -55,6 +55,7 @@ our @EXPORT_OK = qw( $shorewall_dir initialize read_a_line1 set_config_path shor our %EXPORT_TAGS = ( internal => [ qw( create_temp_object finalize_object numeric_value + numeric_value1 in_hex in_hex2 in_hex3 @@ -106,6 +107,9 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_object %config %globals %capabilities + + MIN_VERBOSITY + MAX_VERBOSITY ) ] ); Exporter::export_ok_tags('internal'); @@ -228,6 +232,9 @@ our $shorewall_dir; # Shorewall Directory our $debug; # If true, use Carp to report errors with stack trace. +use constant { MIN_VERBOSITY => -1, + MAX_VERBOSITY => 2 }; + # # Initialize globals -- we take this novel approach to globals initialization to allow # the compiler to run multiple times in the same process. The @@ -525,6 +532,12 @@ sub numeric_value ( $ ) { $mark =~ /^0/ ? oct $mark : $mark; } +sub numeric_value1 ( $ ) { + my $val = numeric_value $_[0]; + fatal_error "Invalid Number ($_[0])" unless defined $val; + $val; +} + # # Return the argument expressed in Hex # diff --git a/Shorewall-perl/Shorewall/Policy.pm b/Shorewall-perl/Shorewall/Policy.pm index 36961fe9b..ab212da02 100644 --- a/Shorewall-perl/Shorewall/Policy.pm +++ b/Shorewall-perl/Shorewall/Policy.pm @@ -219,11 +219,11 @@ sub validate_policy() my $clientwild = ( "\L$client" eq 'all' ); - fatal_error "Undefined zone $client" unless $clientwild || defined_zone( $client ); + fatal_error "Undefined zone ($client)" unless $clientwild || defined_zone( $client ); my $serverwild = ( "\L$server" eq 'all' ); - fatal_error "Undefined zone $server" unless $serverwild || defined_zone( $server ); + fatal_error "Undefined zone ($server)" unless $serverwild || defined_zone( $server ); my ( $policy, $default, $remainder ) = split( /:/, $originalpolicy, 3 ); @@ -252,10 +252,10 @@ sub validate_policy() $default = $default_actions{$policy} || ''; } - fatal_error "Invalid policy $policy" unless exists $validpolicies{$policy}; + fatal_error "Invalid policy ($policy)" unless exists $validpolicies{$policy}; if ( defined $queue ) { - fatal_error "Invalid policy ($policy/$queue)" unless $policy eq 'NFQUEUE'; + fatal_error "Invalid policy ($policy($queue))" unless $policy eq 'NFQUEUE'; require_capability( 'NFQUEUE_TARGET', 'An NFQUEUE Policy', 's' ); my $queuenum = numeric_value( $queue ); fatal_error "Invalid NFQUEUE queue number ($queue)" unless defined( $queuenum) && $queuenum <= 65535; diff --git a/Shorewall-perl/Shorewall/Tc.pm b/Shorewall-perl/Shorewall/Tc.pm index 8c34c42c9..cc121b49e 100644 --- a/Shorewall-perl/Shorewall/Tc.pm +++ b/Shorewall-perl/Shorewall/Tc.pm @@ -274,8 +274,10 @@ sub process_tc_rule( $$$$$$$$$$$ ) { validate_mark $mark; if ( $config{HIGH_ROUTE_MARKS} ) { + my $val = numeric_value( $cmd ); + fatal_error "Invalid MARK/CLASSIFY ($cmd)" unless defined $val; fatal_error 'Marks < 256 may not be set in the PREROUTING or OUTPUT chains when HIGH_ROUTE_MARKS=Yes' - if $cmd && ( $chain eq 'tcpre' || $chain eq 'tcout' ) && numeric_value( $cmd ) <= 0xFF; + if $cmd && ( $chain eq 'tcpre' || $chain eq 'tcout' ) && $val <= 0xFF; } } } @@ -475,6 +477,7 @@ sub validate_tc_class( $$$$$$ ) { fatal_error "Invalid Mark ($mark)" unless $mark =~ /^([0-9]+|0x[0-9a-f]+)$/ && numeric_value( $mark ) <= 0xff; $markval = numeric_value( $mark ); + fatal_error "Invalid MARK ($markval)" unless defined $markval; fatal_error "Duplicate MARK ($mark)" if $tcref->{$classnumber}; $classnumber = $devnum . $mark; } @@ -623,8 +626,8 @@ sub process_tc_filter( $$$$$$ ) { my ( $icmptype , $icmpcode ) = split '//', validate_icmp( $portrange ); - $icmptype = in_hex2 numeric_value $icmptype; - $icmpcode = in_hex2 numeric_value $icmpcode if defined $icmpcode; + $icmptype = in_hex2 numeric_value1 $icmptype; + $icmpcode = in_hex2 numeric_value1 $icmpcode if defined $icmpcode; my $rule1 = " match u8 $icmptype 0xff at nexthdr+0"; $rule1 .= "\\\n match u8 $icmpcode 0xff at nexthdr+1" if defined $icmpcode;