holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Correct restriction and chain number handling in the mangle files

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-10-23 15:36:04 -07:00
parent e0203bca87
commit 0efc7a4899
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
3 changed files with 16 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -2747,11 +2747,13 @@ sub accounting_chainrefs() {
grep $_->{accounting} , values %$filter_table; grep $_->{accounting} , values %$filter_table;
} }
sub ensure_mangle_chain($) { sub ensure_mangle_chain($;$$) {
my $chain = $_[0]; my ( $chain, $number, $restriction ) = @_;
my $chainref = ensure_chain 'mangle', $chain; my $chainref = ensure_chain 'mangle', $chain;
$chainref->{referenced} = 1; $chainref->{referenced} = 1;
$chainref->{chainnumber} = $number if $number;
$chainref->{restriction} = $restriction if $restriction;
$chainref; $chainref;
} }

8
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -4098,11 +4098,13 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) {
my $chainref = ensure_chain( 'mangle', $chain = $chainnames{$chain} ); my $chainref = ensure_chain( 'mangle', $chain = $chainnames{$chain} );
$restriction |= $chainref->{restriction};
for ( my $packet = 0; $packet < $marks; $packet++, $markval += $increment ) { for ( my $packet = 0; $packet < $marks; $packet++, $markval += $increment ) {
my $match = "-m statistic --mode nth --every $marks --packet $packet "; my $match = "-m statistic --mode nth --every $marks --packet $packet ";
expand_rule( $chainref, expand_rule( $chainref,
$restrictions{$chain} | $restriction, $restriction,
$prerule , $prerule ,
$match . $match .
do_user( $user ) . do_user( $user ) .
@ -4845,8 +4847,10 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$$ ) {
$chainref = ensure_chain( 'mangle', $chainnames{$chain} ); $chainref = ensure_chain( 'mangle', $chainnames{$chain} );
} }
$restriction |= $chainref->{restriction} if defined $chainref->{restriction};
if ( ( my $result = expand_rule( $chainref , if ( ( my $result = expand_rule( $chainref ,
( $restrictions{$chain} || 0 ) | $restriction, $restriction,
$prerule, $prerule,
do_proto( $proto, $ports, $sports) . $matches . do_proto( $proto, $ports, $sports) . $matches .
do_user( $user ) . do_user( $user ) .

10
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -2276,13 +2276,13 @@ sub setup_tc( $ ) {
$convert = $_[0]; $convert = $_[0];
if ( $config{MANGLE_ENABLED} ) { if ( $config{MANGLE_ENABLED} ) {
ensure_mangle_chain 'tcpre'; ensure_mangle_chain( 'tcpre', PREROUTING, PREROUTE_RESTRICT );
ensure_mangle_chain 'tcout'; ensure_mangle_chain( 'tcout', OUTPUT , OUTPUT_RESTRICT );
if ( have_capability( 'MANGLE_FORWARD' ) ) { if ( have_capability( 'MANGLE_FORWARD' ) ) {
ensure_mangle_chain 'tcfor'; ensure_mangle_chain( 'tcfor', FORWARD );
ensure_mangle_chain 'tcpost'; ensure_mangle_chain( 'tcpost', POSTROUTING, POSTROUTE_RESTRICT );
ensure_mangle_chain 'tcin'; ensure_mangle_chain( 'tcin', INPUT , INPUT_RESTRICT );
} }
my @mark_part; my @mark_part;