extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-23 16:13:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

Restore small mark verification.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2014-03-22 08:38:57 -07:00
parent 54a5e4af52
commit db1b25b4d7
2 changed files with 27 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -4797,11 +4797,6 @@ sub verify_mark( $ ) {
} }
} }
sub verify_small_mark( $ ) {
verify_mark ( (my $mark) = $_[0] );
fatal_error "Mark value ($mark) too large" if numeric_value( $mark ) > $globals{TC_MAX};
}
sub validate_mark( $ ) { sub validate_mark( $ ) {
my $mark = shift; my $mark = shift;
my $val; my $val;
@ -4820,6 +4815,12 @@ sub validate_mark( $ ) {
return numeric_value $val if defined( wantarray ); return numeric_value $val if defined( wantarray );
} }
sub verify_small_mark( $ ) {
my $val = validate_mark ( (my $mark) = $_[0] );
fatal_error "Mark value ($mark) too large" if numeric_value( $mark ) > $globals{TC_MAX};
$val;
}
# #
# Generate an appropriate -m [conn]mark match string for the contents of a MARK column # Generate an appropriate -m [conn]mark match string for the contents of a MARK column
# #

34
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -227,8 +227,8 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) {
our $designator; our $designator;
my $fw = firewall_zone; my $fw = firewall_zone;
sub handle_mark_param( $ ) { sub handle_mark_param( $$ ) {
my ( $option ) = @_; my ( $option, $marktype ) = @_;
my $and_or = $1 if $params =~ s/^([|&])//; my $and_or = $1 if $params =~ s/^([|&])//;
if ( $params =~ /-/ ) { if ( $params =~ /-/ ) {
@ -292,16 +292,21 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) {
$done = 1; $done = 1;
} else { } else {
my $mark = $params;
my $val;
if ( supplied $mark ) {
$val = validate_mark( $mark );
} else {
$val = numeric_value( $mark = $globals{TC_MASK} );
}
# #
# A Single Mark # A Single Mark
# #
my $mark = $params;
my $val;
if ( supplied $mark ) {
if ( $marktype == SMALLMARK ) {
$val = verify_small_mark( $mark );
} else {
$val = validate_mark( $mark );
}
} else {
$val = numeric_value( $mark = $globals{TC_MASK} );
}
if ( $config{PROVIDER_OFFSET} ) { if ( $config{PROVIDER_OFFSET} ) {
my $limit = $globals{TC_MASK}; my $limit = $globals{TC_MASK};
unless ( have_capability 'FWMARK_RT_MASK' ) { unless ( have_capability 'FWMARK_RT_MASK' ) {
@ -375,7 +380,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) {
maxparams => 1, maxparams => 1,
function => sub () { function => sub () {
$target = 'CONNMARK'; $target = 'CONNMARK';
handle_mark_param('--set-mark' ); handle_mark_param('--set-mark' , HIGHMARK );
}, },
}, },
@ -551,7 +556,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) {
mask => in_hex( $globals{TC_MASK} ), mask => in_hex( $globals{TC_MASK} ),
function => sub () { function => sub () {
$target = 'MARK'; $target = 'MARK';
handle_mark_param('--set-mark'); handle_mark_param('--set-mark', , HIGHMARK );
}, },
}, },
@ -563,7 +568,8 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) {
function => sub () { function => sub () {
$target = 'CONNMARK '; $target = 'CONNMARK ';
if ( supplied $params ) { if ( supplied $params ) {
handle_mark_param( '--restore-mark --mark ' ); handle_mark_param( '--restore-mark --mask ',
$config{TC_EXPERT} ? HIGHMARK : SMALLMARK );
} else { } else {
$target .= '--restore-mark --mask ' . in_hex( $globals{TC_MASK} ); $target .= '--restore-mark --mask ' . in_hex( $globals{TC_MASK} );
} }
@ -591,7 +597,9 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) {
function => sub () { function => sub () {
$target = 'CONNMARK '; $target = 'CONNMARK ';
if ( supplied $params ) { if ( supplied $params ) {
handle_mark_param( '--save-mark --mask ' ); handle_mark_param( '--save-mark --mask ' ,
$config{TC_EXPERT} ? HIGHMARK : SMALLMARK );
} else { } else {
$target .= '--save-mark --mask ' . in_hex( $globals{TC_MASK} ); $target .= '--save-mark --mask ' . in_hex( $globals{TC_MASK} );
} }