forked from extern/shorewall_code
Eliminate vlsm_to_mask table
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8311 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
88b3d01914
commit
4756d4ef13
@ -64,39 +64,11 @@ use constant { ALLIPv4 => '0.0.0.0/0' , ICMP => 1, TCP => 6, UDP => 17 , SCTP =>
|
||||
|
||||
our @rfc1918_networks = ( "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" );
|
||||
|
||||
our @vlsm_to_mask = ( '0x00000000' ,
|
||||
'0x80000000' ,
|
||||
'0xC0000000' ,
|
||||
'0xE0000000' ,
|
||||
'0xF0000000' ,
|
||||
'0xF8000000' ,
|
||||
'0xFC000000' ,
|
||||
'0xFE000000' ,
|
||||
'0xFF000000' ,
|
||||
'0xFF800000' ,
|
||||
'0xFFC00000' ,
|
||||
'0xFFE00000' ,
|
||||
'0xFFF00000' ,
|
||||
'0xFFF80000' ,
|
||||
'0xFFFC0000' ,
|
||||
'0xFFFE0000' ,
|
||||
'0xFFFF0000' ,
|
||||
'0xFFFF8000' ,
|
||||
'0xFFFFC000' ,
|
||||
'0xFFFFE000' ,
|
||||
'0xFFFFF000' ,
|
||||
'0xFFFFF800' ,
|
||||
'0xFFFFFC00' ,
|
||||
'0xFFFFFE00' ,
|
||||
'0xFFFFFF00' ,
|
||||
'0xFFFFFF80' ,
|
||||
'0xFFFFFFC0' ,
|
||||
'0xFFFFFFE0' ,
|
||||
'0xFFFFFFF0' ,
|
||||
'0xFFFFFFF8' ,
|
||||
'0xFFFFFFFC' ,
|
||||
'0xFFFFFFFE' ,
|
||||
'0xFFFFFFFF' );
|
||||
sub vlsm_to_mask( $ ) {
|
||||
my $vlsm = $_[0];
|
||||
|
||||
in_hex8 ( ( 0xFFFFFFFF << ( 32 - $vlsm ) ) && 0xFFFFFFFF );
|
||||
}
|
||||
|
||||
sub valid_address( $ ) {
|
||||
my $address = $_[0];
|
||||
@ -230,7 +202,7 @@ sub decompose_net( $ ) {
|
||||
|
||||
( $net, my $vlsm ) = validate_net( $net , 0 );
|
||||
|
||||
( in_hex8( $net ) , $vlsm_to_mask[ $vlsm ] );
|
||||
( in_hex8( $net ) , vlsm_to_mask( $vlsm ) );
|
||||
|
||||
}
|
||||
|
||||
|
@ -552,7 +552,7 @@ sub process_tc_filter( $$$$$$ ) {
|
||||
|
||||
if ( $protonumber ) {
|
||||
my $pnumber = in_hex2 $protonumber;
|
||||
$rule .= "\\\n match u8 $pnumber 0xFF at 9";
|
||||
$rule .= "\\\n match u8 $pnumber 0xff at 9";
|
||||
}
|
||||
}
|
||||
|
||||
@ -585,21 +585,21 @@ sub process_tc_filter( $$$$$$ ) {
|
||||
$icmptype = in_hex2 numeric_value $icmptype;
|
||||
$icmpcode = in_hex2 numeric_value $icmpcode if defined $icmpcode;
|
||||
|
||||
$rule .= "\\\n match u8 $icmptype 0xFF at nexthdr+0";
|
||||
$rule .= "\\\n match u8 $icmpcode 0xFF at nexthdr+1" if defined $icmpcode;
|
||||
$rule .= "\\\n match u8 $icmptype 0xff at nexthdr+0";
|
||||
$rule .= "\\\n match u8 $icmpcode 0xff at nexthdr+1" if defined $icmpcode;
|
||||
} else {
|
||||
my $portnumber = in_hex8 validate_port( $protonumber , $port );
|
||||
$rule .= "\\\n match u32 $portnumber 0x0000FFFF at nexthdr+0";
|
||||
$rule .= "\\\n match u32 $portnumber 0x0000ffff at nexthdr+0";
|
||||
}
|
||||
}
|
||||
|
||||
unless ( $sport eq '-' ) {
|
||||
fatal_error "Only TCP, UDP and SCTP may specify SOURCE PORT"
|
||||
unless $protonumber == TCP || $protonumber == UDP || $protonumber == SCTP;
|
||||
my $portnumber = in_hex8 validate_port( $protonumber , $sport );
|
||||
|
||||
$portnumber =~ s/0x0000/0x/;
|
||||
$rule .= "\\\n match u32 ${portnumber}0000 0xFFFF0000 at nexthdr+0";
|
||||
my $portnumber = in_hex4 validate_port( $protonumber , $sport );
|
||||
|
||||
$rule .= "\\\n match u32 ${portnumber}0000 0xffff0000 at nexthdr+0";
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user