extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-04-11 12:58:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Backout another Patch from the Virtual Zone Sequence and re-apply a couple of small optimizations

Browse Source
This commit is contained in:
Tom Eastep 2009-11-28 07:25:31 -08:00
parent e5106f10bc
commit e582f222ad
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Shorewall/Perl/Shorewall/Providers.pm
View File

@ -311,7 +311,6 @@ sub add_a_provider( ) {
} }
} else { } else {
fatal_error "Invalid Mark Value ($mark)" unless $config{HIGH_ROUTE_MARKS} && $config{WIDE_TC_MARKS}; fatal_error "Invalid Mark Value ($mark)" unless $config{HIGH_ROUTE_MARKS} && $config{WIDE_TC_MARKS};
fatal_error "Invalid Mark Value ($mark)" if $val > 0xf0000;
} }
for my $providerref ( values %providers ) { for my $providerref ( values %providers ) {

6
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -1990,8 +1990,9 @@ sub generate_matrix() {
next if $hostref->{options}{sourceonly}; next if $hostref->{options}{sourceonly};
if ( $zone ne $zone1 || $num_ifaces > 1 || $hostref->{options}{routeback} ) { if ( $zone ne $zone1 || $num_ifaces > 1 || $hostref->{options}{routeback} ) {
my $ipsec_out_match = match_ipsec_out $zone1 , $hostref; my $ipsec_out_match = match_ipsec_out $zone1 , $hostref;
my $dest_exclusion = dest_exclusion( $hostref->{exclusions}, $chain);
for my $net ( @{$hostref->{hosts}} ) { for my $net ( @{$hostref->{hosts}} ) {
add_jump $frwd_ref, dest_exclusion( $hostref->{exclusions}, $chain), 0, join( '', match_dest_dev( $interface) , match_dest_net($net), $ipsec_out_match ); add_jump $frwd_ref, $dest_exclusion, 0, join( '', match_dest_dev( $interface) , match_dest_net($net), $ipsec_out_match );
} }
} }
} }
@ -2032,6 +2033,7 @@ sub generate_matrix() {
for my $host1ref ( @$array1ref ) { for my $host1ref ( @$array1ref ) {
next if $host1ref->{options}{sourceonly}; next if $host1ref->{options}{sourceonly};
my $ipsec_out_match = match_ipsec_out $zone1 , $host1ref; my $ipsec_out_match = match_ipsec_out $zone1 , $host1ref;
my $dest_exclusion = dest_exclusion( $host1ref->{exclusions}, $chain );
for my $net1 ( @{$host1ref->{hosts}} ) { for my $net1 ( @{$host1ref->{hosts}} ) {
unless ( $interface eq $interface1 && $net eq $net1 && ! $host1ref->{options}{routeback} ) { unless ( $interface eq $interface1 && $net eq $net1 && ! $host1ref->{options}{routeback} ) {
# #
@ -2039,7 +2041,7 @@ sub generate_matrix() {
# #
add_jump( add_jump(
$excl3ref , $excl3ref ,
dest_exclusion( $host1ref->{exclusions}, $chain ), $dest_exclusion,
0, 0,
join( '', join( '',
$match_source_dev, $match_source_dev,