extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-13 13:16:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Clean up checking for match inversion; rename %cts to %tcs

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5465 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-03-08 21:19:24 +00:00
parent fe06e52a8c
commit e3f9325a70
1 changed files with 19 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
New/compiler.pl
View File

@ -1714,10 +1714,11 @@ sub do_proto( $$$ )
sub mac_match( $ ) { sub mac_match( $ ) {
my $mac = $_[0]; my $mac = $_[0];
$mac =~ s/^~//; $mac =~ s/^(!?)~//;
$mac =~ s/^!// if my $invert = $1 ? '! ' : '';
$mac =~ s/-/:/g; $mac =~ s/-/:/g;
"--match mac --mac-source $mac "; "--match mac --mac-source ${invert}$mac ";
} }
# #
@ -1827,14 +1828,10 @@ sub iprange_match() {
sub match_source_net( $ ) { sub match_source_net( $ ) {
my $net = $_[0]; my $net = $_[0];
if ( $net =~ /.*\..*\..*\..*-.*\..*\..*\..*/ ) { if ( $net =~ /^(!?).*\..*\..*\..*-.*\..*\..*\..*/ ) {
my $match = ' '; $net =~ s/!// if my $invert = $1 ? '! ' : '';
if ( $net =~ /^!/ ) {
$net =~ s/!//;
$match .= '!';
}
$match . iprange_match . "--src-range $net "; iprange_match . "${invert}--src-range $net ";
} elsif ( $net =~ /^(!?)~(.*)$/ ) { } elsif ( $net =~ /^(!?)~(.*)$/ ) {
( $net = $2 ) =~ s/-/:/g; ( $net = $2 ) =~ s/-/:/g;
"-m mac --mac-source $1 $net " "-m mac --mac-source $1 $net "
@ -1852,14 +1849,10 @@ sub match_source_net( $ ) {
sub match_dest_net( $ ) { sub match_dest_net( $ ) {
my $net = $_[0]; my $net = $_[0];
if ( $net =~ /-/ ) { if ( $net =~ /^(!?).*\..*\..*\..*-.*\..*\..*\..*/ ) {
my $match = ' '; $net =~ s/!// if my $invert = $1 ? '! ' : '';
if ( $net =~ /^!/ ) {
$net =~ s/!//;
$match .= '! ';
}
$match . iprange_match . "--dest-range $net "; iprange_match . "${invert}--src-range $net ";
} elsif ( $net =~ /^!/ ) { } elsif ( $net =~ /^!/ ) {
$net =~ s/!//; $net =~ s/!//;
"-d ! $net "; "-d ! $net ";
@ -2979,7 +2972,7 @@ sub complete_standard_chain ( $$$ ) {
policy_rules $stdchainref , $policy , $loglevel, $default; policy_rules $stdchainref , $policy , $loglevel, $default;
} }
my %cts = ( t => { chain => 'tcpost', my %tcs = ( t => { chain => 'tcpost',
connmark => 0, connmark => 0,
fw => 1 fw => 1
} , } ,
@ -3064,7 +3057,7 @@ sub process_tc_rule( $$$$$$$$$$ ) {
my $chain = $env{MARKING_CHAIN}; my $chain = $env{MARKING_CHAIN};
my $target = 'MARK --set-mark'; my $target = 'MARK --set-mark';
my $ctsref; my $tcsref;
my $connmark = 0; my $connmark = 0;
my $classid = 0; my $classid = 0;
@ -3078,16 +3071,16 @@ sub process_tc_rule( $$$$$$$$$$ ) {
} }
if ( $designator ) { if ( $designator ) {
$ctsref = $cts{$designator}; $tcsref = $tcs{$designator};
if ( $ctsref ) { if ( $tcsref ) {
if ( $chain eq 'tcout' ) { if ( $chain eq 'tcout' ) {
fatal_error "Invalid chain designator for source $firewall_zone; rule \"$line\"" unless $ctsref->{fw}; fatal_error "Invalid chain designator for source $firewall_zone; rule \"$line\"" unless $tcsref->{fw};
} }
$chain = $ctsref->{chain} if $ctsref->{chain}; $chain = $tcsref->{chain} if $tcsref->{chain};
$target = $ctsref->{target} if $ctsref->{target}; $target = $tcsref->{target} if $tcsref->{target};
$mark = "$mark/0xFF" if $connmark = $ctsref->{connmark}; $mark = "$mark/0xFF" if $connmark = $tcsref->{connmark};
} else { } else {
fatal_error "Invalid MARK ($original_mark) in rule \"$line\"" unless $mark =~ /^([0-9]+|0x[0-9a-f]+)$/ and $designator =~ /^([0-9]+|0x[0-9a-f]+)$/; fatal_error "Invalid MARK ($original_mark) in rule \"$line\"" unless $mark =~ /^([0-9]+|0x[0-9a-f]+)$/ and $designator =~ /^([0-9]+|0x[0-9a-f]+)$/;