mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-20 09:47:51 +02:00
Fix remaining problems reported by Andras Sarkozy
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6157 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
0b996cb556
commit
f95a9e4db3
@ -818,7 +818,7 @@ sub do_proto( $$$ )
|
|||||||
|
|
||||||
fatal_error 'SOURCE PORT(S) not permitted with ICMP' if $sports ne '';
|
fatal_error 'SOURCE PORT(S) not permitted with ICMP' if $sports ne '';
|
||||||
} elsif ( $proto =~ /^(ipp2p(:(tcp|udp|all)))?$/i ) {
|
} elsif ( $proto =~ /^(ipp2p(:(tcp|udp|all)))?$/i ) {
|
||||||
require_capability( 'IPP2P' , 'PROTO = ipp2p' );
|
require_capability( 'IPP2P_MATCH' , 'PROTO = ipp2p' );
|
||||||
$proto = $2 ? $3 : 'tcp';
|
$proto = $2 ? $3 : 'tcp';
|
||||||
$ports = 'ipp2p' unless $ports;
|
$ports = 'ipp2p' unless $ports;
|
||||||
$output .= "-p $proto -m ipp2p --$ports ";
|
$output .= "-p $proto -m ipp2p --$ports ";
|
||||||
|
|||||||
@ -43,46 +43,46 @@ our @EXPORT = qw( setup_tc );
|
|||||||
our @EXPORT_OK = qw( process_tc_rule );
|
our @EXPORT_OK = qw( process_tc_rule );
|
||||||
our @VERSION = 1.00;
|
our @VERSION = 1.00;
|
||||||
|
|
||||||
my %tcs = ( t => { chain => 'tcpost',
|
my %tcs = ( T => { chain => 'tcpost',
|
||||||
connmark => 0,
|
connmark => 0,
|
||||||
fw => 1
|
fw => 1
|
||||||
} ,
|
} ,
|
||||||
ct => { chain => 'tcpost' ,
|
CT => { chain => 'tcpost' ,
|
||||||
target => 'CONNMARK --set-mark' ,
|
target => 'CONNMARK --set-mark' ,
|
||||||
connmark => 1 ,
|
connmark => 1 ,
|
||||||
fw => 1
|
fw => 1
|
||||||
} ,
|
} ,
|
||||||
c => { target => 'CONNMARK --set-mark' ,
|
C => { target => 'CONNMARK --set-mark' ,
|
||||||
connmark => 1 ,
|
connmark => 1 ,
|
||||||
fw => 1
|
fw => 1
|
||||||
} ,
|
} ,
|
||||||
p => { chain => 'tcpre' ,
|
P => { chain => 'tcpre' ,
|
||||||
connmark => 0 ,
|
connmark => 0 ,
|
||||||
fw => 0
|
fw => 0
|
||||||
} ,
|
} ,
|
||||||
cp => { chain => 'tcpre' ,
|
CP => { chain => 'tcpre' ,
|
||||||
target => 'CONNMARK --set-mark' ,
|
target => 'CONNMARK --set-mark' ,
|
||||||
connmark => 1 ,
|
connmark => 1 ,
|
||||||
fw => 0
|
fw => 0
|
||||||
} ,
|
} ,
|
||||||
f => { chain => 'tcfor' ,
|
F => { chain => 'tcfor' ,
|
||||||
connmark => 0 ,
|
connmark => 0 ,
|
||||||
fw => 0
|
fw => 0
|
||||||
} ,
|
} ,
|
||||||
cf => { chain => 'tcfor' ,
|
CF => { chain => 'tcfor' ,
|
||||||
fw => 0 ,
|
fw => 0 ,
|
||||||
connmark => 1 ,
|
connmark => 1 ,
|
||||||
} ,
|
} ,
|
||||||
t => { chain => 'tcpost' ,
|
T => { chain => 'tcpost' ,
|
||||||
connmark => 0 ,
|
connmark => 0 ,
|
||||||
fw => 0
|
fw => 0
|
||||||
} ,
|
} ,
|
||||||
ct => { chain => 'tcpost' ,
|
CT => { chain => 'tcpost' ,
|
||||||
target => 'CONNMARK --set-mark' ,
|
target => 'CONNMARK --set-mark' ,
|
||||||
connmark => 1 ,
|
connmark => 1 ,
|
||||||
fw => 0
|
fw => 0
|
||||||
} ,
|
} ,
|
||||||
c => { target => 'CONNMARK --set-mark' ,
|
C => { target => 'CONNMARK --set-mark' ,
|
||||||
connmark => 1 ,
|
connmark => 1 ,
|
||||||
fw => 0
|
fw => 0
|
||||||
}
|
}
|
||||||
@ -166,36 +166,34 @@ sub process_tc_rule( $$$$$$$$$$ ) {
|
|||||||
|
|
||||||
my ($cmd, $rest) = split '/', $mark;
|
my ($cmd, $rest) = split '/', $mark;
|
||||||
|
|
||||||
unless ( $classid )
|
unless ( $classid ) {
|
||||||
|
MARK:
|
||||||
{
|
{
|
||||||
MARK:
|
|
||||||
{
|
|
||||||
PATTERN:
|
PATTERN:
|
||||||
for my $tccmd ( @tccmd ) {
|
for my $tccmd ( @tccmd ) {
|
||||||
if ( $tccmd->{match}($cmd) ) {
|
if ( $tccmd->{match}($cmd) ) {
|
||||||
fatal_error "$mark not valid with :C[FP]" if $connmark;
|
fatal_error "$mark not valid with :C[FP]" if $connmark;
|
||||||
|
|
||||||
|
$target = "$tccmd->{target} ";
|
||||||
|
my $marktype = $tccmd->{mark};
|
||||||
|
|
||||||
$target = "$tccmd->{target} ";
|
$mark =~ s/^[!&]//;
|
||||||
my $marktype = $tccmd->{mark};
|
|
||||||
|
|
||||||
$mark =~ s/^[!&]//;
|
if ( $rest ) {
|
||||||
|
fatal_error "Invalid MARK ($original_mark)" if $marktype == NOMARK;
|
||||||
if ( $rest ) {
|
|
||||||
fatal_error "Invalid MARK ($original_mark)" if $marktype == NOMARK;
|
$mark = $rest if $tccmd->{mask};
|
||||||
|
|
||||||
$mark = $rest if $tccmd->{mask};
|
if ( $marktype == SMALLMARK ) {
|
||||||
|
verify_small_mark $mark;
|
||||||
if ( $marktype == SMALLMARK ) {
|
} else {
|
||||||
verify_small_mark $mark;
|
validate_mark $mark;
|
||||||
} else {
|
|
||||||
validate_mark $mark;
|
|
||||||
}
|
|
||||||
} elsif ( $tccmd->{mask} ) {
|
|
||||||
$mark = $tccmd->{mask};
|
|
||||||
}
|
}
|
||||||
|
} elsif ( $tccmd->{mask} ) {
|
||||||
last MARK;
|
$mark = $tccmd->{mask};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
last MARK;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -204,6 +202,7 @@ sub process_tc_rule( $$$$$$$$$$ ) {
|
|||||||
fatal_error 'Marks < 256 may not be set in the PREROUTING chain when HIGH_ROUTE_MARKS=Yes'
|
fatal_error 'Marks < 256 may not be set in the PREROUTING chain when HIGH_ROUTE_MARKS=Yes'
|
||||||
if $cmd && $chain eq 'tcpre' && numeric_value( $cmd ) < 0xFF && $config{HIGH_ROUTE_MARKS};
|
if $cmd && $chain eq 'tcpre' && numeric_value( $cmd ) < 0xFF && $config{HIGH_ROUTE_MARKS};
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
expand_rule
|
expand_rule
|
||||||
ensure_chain( 'mangle' , $chain ) ,
|
ensure_chain( 'mangle' , $chain ) ,
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user