holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code

Browse Source
This commit is contained in:
Tom Eastep 2014-03-22 08:58:20 -07:00
commit 0561b10adb
2 changed files with 32 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -825,12 +825,13 @@ sub get_opttype( $$ ) { # $option, $default
$opttype{$_[0]} || $_[1]; $opttype{$_[0]} || $_[1];
} }
# # Next a helper for setting an individual option #
# Next a helper for setting an individual option
# #
sub set_rule_option( $$$ ) { sub set_rule_option( $$$ ) {
my ( $ruleref, $option, $value ) = @_; my ( $ruleref, $option, $value ) = @_;
assert( defined $value && reftype $ruleref , $value, $ruleref ); assert( defined $value && reftype $ruleref , $option, $ruleref );
$ruleref->{simple} = 0; $ruleref->{simple} = 0;
$ruleref->{complex} = 1 if reftype $value; $ruleref->{complex} = 1 if reftype $value;
@ -2333,7 +2334,7 @@ sub add_jump( $$$;$$$ ) {
# #
# If the destination is a chain, mark it referenced # If the destination is a chain, mark it referenced
# #
$toref->{referenced} = 1, add_reference $fromref, $toref if $toref; $toref->{referenced} = 1, add_reference( $fromref, $toref ) if $toref;
my $param = $goto_ok && $toref && have_capability( 'GOTO_TARGET' ) ? 'g' : 'j'; my $param = $goto_ok && $toref && have_capability( 'GOTO_TARGET' ) ? 'g' : 'j';
@ -3183,6 +3184,7 @@ sub check_optimization( $ ) {
# Perform Optimization # Perform Optimization
# #
# When an unreferenced chain is found, it is deleted unless its 'dont_delete' flag is set. # When an unreferenced chain is found, it is deleted unless its 'dont_delete' flag is set.
#
sub optimize_level0() { sub optimize_level0() {
for my $table ( qw/raw rawpost mangle nat filter/ ) { for my $table ( qw/raw rawpost mangle nat filter/ ) {
my $tableref = $chain_table{$table}; my $tableref = $chain_table{$table};
@ -4796,11 +4798,6 @@ sub verify_mark( $ ) {
} }
} }
sub verify_small_mark( $ ) {
verify_mark ( (my $mark) = $_[0] );
fatal_error "Mark value ($mark) too large" if numeric_value( $mark ) > $globals{TC_MAX};
}
sub validate_mark( $ ) { sub validate_mark( $ ) {
my $mark = shift; my $mark = shift;
my $val; my $val;
@ -4819,6 +4816,12 @@ sub validate_mark( $ ) {
return numeric_value $val if defined( wantarray ); return numeric_value $val if defined( wantarray );
} }
sub verify_small_mark( $ ) {
my $val = validate_mark ( (my $mark) = $_[0] );
fatal_error "Mark value ($mark) too large" if numeric_value( $mark ) > $globals{TC_MAX};
$val;
}
# #
# Generate an appropriate -m [conn]mark match string for the contents of a MARK column # Generate an appropriate -m [conn]mark match string for the contents of a MARK column
# #

34
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -227,8 +227,8 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) {
our $designator; our $designator;
my $fw = firewall_zone; my $fw = firewall_zone;
sub handle_mark_param( $ ) { sub handle_mark_param( $$ ) {
my ( $option ) = @_; my ( $option, $marktype ) = @_;
my $and_or = $1 if $params =~ s/^([|&])//; my $and_or = $1 if $params =~ s/^([|&])//;
if ( $params =~ /-/ ) { if ( $params =~ /-/ ) {
@ -292,16 +292,21 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) {
$done = 1; $done = 1;
} else { } else {
my $mark = $params;
my $val;
if ( supplied $mark ) {
$val = validate_mark( $mark );
} else {
$val = numeric_value( $mark = $globals{TC_MASK} );
}
# #
# A Single Mark # A Single Mark
# #
my $mark = $params;
my $val;
if ( supplied $mark ) {
if ( $marktype == SMALLMARK ) {
$val = verify_small_mark( $mark );
} else {
$val = validate_mark( $mark );
}
} else {
$val = numeric_value( $mark = $globals{TC_MASK} );
}
if ( $config{PROVIDER_OFFSET} ) { if ( $config{PROVIDER_OFFSET} ) {
my $limit = $globals{TC_MASK}; my $limit = $globals{TC_MASK};
unless ( have_capability 'FWMARK_RT_MASK' ) { unless ( have_capability 'FWMARK_RT_MASK' ) {
@ -375,7 +380,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) {
maxparams => 1, maxparams => 1,
function => sub () { function => sub () {
$target = 'CONNMARK'; $target = 'CONNMARK';
handle_mark_param('--set-mark' ); handle_mark_param('--set-mark' , HIGHMARK );
}, },
}, },
@ -551,7 +556,7 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) {
mask => in_hex( $globals{TC_MASK} ), mask => in_hex( $globals{TC_MASK} ),
function => sub () { function => sub () {
$target = 'MARK'; $target = 'MARK';
handle_mark_param('--set-mark'); handle_mark_param('--set-mark', , HIGHMARK );
}, },
}, },
@ -563,7 +568,8 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) {
function => sub () { function => sub () {
$target = 'CONNMARK '; $target = 'CONNMARK ';
if ( supplied $params ) { if ( supplied $params ) {
handle_mark_param( '--restore-mark --mark ' ); handle_mark_param( '--restore-mark --mask ',
$config{TC_EXPERT} ? HIGHMARK : SMALLMARK );
} else { } else {
$target .= '--restore-mark --mask ' . in_hex( $globals{TC_MASK} ); $target .= '--restore-mark --mask ' . in_hex( $globals{TC_MASK} );
} }
@ -591,7 +597,9 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) {
function => sub () { function => sub () {
$target = 'CONNMARK '; $target = 'CONNMARK ';
if ( supplied $params ) { if ( supplied $params ) {
handle_mark_param( '--save-mark --mask ' ); handle_mark_param( '--save-mark --mask ' ,
$config{TC_EXPERT} ? HIGHMARK : SMALLMARK );
} else { } else {
$target .= '--save-mark --mask ' . in_hex( $globals{TC_MASK} ); $target .= '--save-mark --mask ' . in_hex( $globals{TC_MASK} );
} }