forked from extern/shorewall_code
Emit more uniform error messages
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6572 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
3d7336cb79
commit
4b456a3d34
@ -341,7 +341,7 @@ sub process_action1 ( $$ ) {
|
||||
fatal_error "Parameter value not allowed in action files ($param)" if $paramtype & NATRULE;
|
||||
}
|
||||
|
||||
fatal_error "Invalid or missing ACTION ( $wholetarget )" unless defined $target;
|
||||
fatal_error "Invalid or missing ACTION ($wholetarget)" unless defined $target;
|
||||
|
||||
if ( find_macro $target ) {
|
||||
process_macro1( $action, $macros{$target} );
|
||||
@ -372,18 +372,18 @@ sub process_actions1() {
|
||||
|
||||
if ( $targets{$action} ) {
|
||||
next if $targets{$action} & ACTION;
|
||||
fatal_error "Invalid Action Name: $action";
|
||||
fatal_error "Invalid Action Name ($action)";
|
||||
}
|
||||
|
||||
$targets{$action} = ACTION;
|
||||
|
||||
fatal_error "Invalid Action Name: $action" unless "\L$action" =~ /^[a-z]\w*$/;
|
||||
fatal_error "Invalid Action Name ($action)" unless "\L$action" =~ /^[a-z]\w*$/;
|
||||
|
||||
new_action $action;
|
||||
|
||||
my $actionfile = find_file "action.$action";
|
||||
|
||||
fatal_error "Missing Action File: $actionfile" unless -f $actionfile;
|
||||
fatal_error "Missing Action File ($actionfile)" unless -f $actionfile;
|
||||
|
||||
progress_message2 " Pre-processing $actionfile...";
|
||||
|
||||
@ -516,7 +516,7 @@ sub process_action3( $$$$$ ) {
|
||||
my $actionfile = find_file "action.$action";
|
||||
my $standard = ( $actionfile =~ /^$globals{SHAREDIR}/ );
|
||||
|
||||
fatal_error "Missing Action File: $actionfile" unless -f $actionfile;
|
||||
fatal_error "Missing Action File ($actionfile)" unless -f $actionfile;
|
||||
|
||||
progress_message2 "Processing $actionfile for chain $chainref->{name}...";
|
||||
|
||||
|
||||
@ -773,7 +773,7 @@ sub validate_portpair( $ ) {
|
||||
|
||||
my @ports = split/:/, $portpair, 3;
|
||||
|
||||
fatal_error "Invalid port range" if @ports == 3;
|
||||
fatal_error "Invalid port range ($portpair)" if @ports == 3;
|
||||
|
||||
for my $port ( @ports ) {
|
||||
my $value = $services{$port};
|
||||
@ -887,8 +887,8 @@ sub do_proto( $$$ )
|
||||
|
||||
if ( $ports ne '' ) {
|
||||
if ( $ports =~ tr/,/,/ > 0 || $sports =~ tr/,/,/ > 0 ) {
|
||||
fatal_error "Port list requires Multiport support in your kernel/iptables: $ports" unless $capabilities{MULTIPORT};
|
||||
fatal_error "Too many entries in port list: $ports" if port_count( $ports ) > 15;
|
||||
fatal_error "Port list requires Multiport support in your kernel/iptables ($ports)" unless $capabilities{MULTIPORT};
|
||||
fatal_error "Too many entries in port list ($ports)" if port_count( $ports ) > 15;
|
||||
$ports = validate_port_list $ports;
|
||||
$output .= "-m multiport --dports $ports ";
|
||||
$multiport = 1;
|
||||
@ -902,7 +902,7 @@ sub do_proto( $$$ )
|
||||
|
||||
if ( $sports ne '' ) {
|
||||
if ( $multiport ) {
|
||||
fatal_error "Too many entries in port list: $sports" if port_count( $sports ) > 15;
|
||||
fatal_error "Too many entries in port list ($sports)" if port_count( $sports ) > 15;
|
||||
$sports = validate_port_list $sports;
|
||||
$output .= "-m multiport --sports $sports ";
|
||||
} else {
|
||||
@ -963,7 +963,7 @@ sub verify_mark( $ ) {
|
||||
my $mark = $_[0];
|
||||
my $limit = $config{HIGH_ROUTE_MARKS} ? 0xFFFF : 0xFF;
|
||||
|
||||
fatal_error "Invalid Mark or Mask value: $mark"
|
||||
fatal_error "Invalid Mark or Mask value ($mark)"
|
||||
unless numeric_value( $mark ) <= $limit;
|
||||
}
|
||||
|
||||
@ -1108,7 +1108,7 @@ sub get_set_flags( $$ ) {
|
||||
my ( $setname, $option ) = @_;
|
||||
my $options = $option;
|
||||
|
||||
fatal_error "Your kernel and/or iptables does not include ipset match: $setname" unless $capabilities{IPSET_MATCH};
|
||||
fatal_error "Your kernel and/or iptables does not include ipset match ($setname)" unless $capabilities{IPSET_MATCH};
|
||||
|
||||
if ( $setname =~ /(.*)\[([1-6])\]$/ ) {
|
||||
$setname = $1;
|
||||
@ -1542,17 +1542,17 @@ sub expand_rule( $$$$$$$$$$ )
|
||||
#
|
||||
# ADDRESS 'detect' in the masq file.
|
||||
#
|
||||
fatal_error "Bridge port ( $diface) not allowed" if port_to_bridge( $diface );
|
||||
fatal_error "Bridge port ($diface) not allowed" if port_to_bridge( $diface );
|
||||
add_command( $chainref , 'for dest in ' . get_interface_addresses( $diface) . '; do' );
|
||||
$rule .= '-d $dest ';
|
||||
$chainref->{loopcount}++;
|
||||
} else {
|
||||
fatal_error "Bridge Port ( $diface ) not allowed in OUTPUT or POSTROUTING rules" if ( $restriction & ( POSTROUTE_RESTRICT + OUTPUT_RESTRICT ) ) && port_to_bridge( $diface );
|
||||
fatal_error "Bridge Port ($diface) not allowed in OUTPUT or POSTROUTING rules" if ( $restriction & ( POSTROUTE_RESTRICT + OUTPUT_RESTRICT ) ) && port_to_bridge( $diface );
|
||||
fatal_error "Destination Interface ($diface) not allowed when the destination zone is $firewall_zone" if $restriction & INPUT_RESTRICT;
|
||||
|
||||
if ( $iiface ) {
|
||||
my $bridge = port_to_bridge( $diface );
|
||||
fatal_error "Source interface ( $iiface) is not a port on the same bridge as the destination interface ( $diface )" if $bridge && $bridge ne source_port_to_bridge( $iiface );
|
||||
fatal_error "Source interface ($iiface) is not a port on the same bridge as the destination interface ( $diface )" if $bridge && $bridge ne source_port_to_bridge( $iiface );
|
||||
}
|
||||
|
||||
$rule .= match_dest_dev( $diface );
|
||||
|
||||
@ -139,8 +139,8 @@ sub generate_script_1() {
|
||||
'',
|
||||
'local version=$(cat ${SHAREDIR}/version)',
|
||||
'',
|
||||
'if [ ${SHOREWALL_LIBVERSION:-0} -lt 30401 ]; then',
|
||||
' fatal_error "This script requires Shorewall version 3.4.2 or later; current version is $version"',
|
||||
'if [ ${SHOREWALL_LIBVERSION:-0} -lt 30403 ]; then',
|
||||
' fatal_error "This script requires Shorewall version 3.4.3 or later; current version is $version"',
|
||||
'fi',
|
||||
'#',
|
||||
'# These variables are required by the library functions called in this script',
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
#
|
||||
s#
|
||||
# Shorewall-perl 4.0 -- /usr/share/shorewall-perl/Shorewall/Config.pm
|
||||
#
|
||||
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
|
||||
@ -330,7 +330,7 @@ INIT {
|
||||
#
|
||||
sub warning_message
|
||||
{
|
||||
my $lineinfo = $currentfile ? " : $currentfilename ( line $currentlinenumber )" : '';
|
||||
my $lineinfo = $currentfile ? " : $currentfilename (line $currentlinenumber)" : '';
|
||||
|
||||
print STDERR " WARNING: @_$lineinfo\n";
|
||||
}
|
||||
@ -339,7 +339,7 @@ sub warning_message
|
||||
# Issue fatal error message and die
|
||||
#
|
||||
sub fatal_error {
|
||||
my $lineinfo = $currentfile ? " : $currentfilename ( line $currentlinenumber )" : '';
|
||||
my $lineinfo = $currentfile ? " : $currentfilename (line $currentlinenumber)" : '';
|
||||
|
||||
die " ERROR: @_$lineinfo\n";
|
||||
|
||||
@ -679,7 +679,7 @@ sub check_trivalue( $$ ) {
|
||||
} elsif ( $val eq '' ) {
|
||||
$config{$var} = $default
|
||||
} else {
|
||||
fatal_error "Invalid value ( $val ) for $var";
|
||||
fatal_error "Invalid value ($val) for $var";
|
||||
}
|
||||
} else {
|
||||
$config{var} = $default
|
||||
@ -1086,7 +1086,7 @@ sub get_configuration( $ ) {
|
||||
} elsif ( $val eq 'ACCEPT' ) {
|
||||
$globals{MACLIST_TARGET} = 'RETURN';
|
||||
} else {
|
||||
fatal_error "Invalid value ( $config{MACLIST_DISPOSITION} ) for MACLIST_DISPOSITION"
|
||||
fatal_error "Invalid value ($config{MACLIST_DISPOSITION}) for MACLIST_DISPOSITION"
|
||||
}
|
||||
}
|
||||
} else {
|
||||
@ -1158,7 +1158,7 @@ sub get_configuration( $ ) {
|
||||
|
||||
fatal_error "Invalid LOGFORMAT ($val)" if $@;
|
||||
|
||||
fatal_error "LOGFORMAT string is longer than 29 characters: \"$val\"" if length $result > 29;
|
||||
fatal_error "LOGFORMAT string is longer than 29 characters ($val)" if length $result > 29;
|
||||
|
||||
$globals{MAXZONENAMELENGTH} = int ( 5 + ( ( 29 - (length $result ) ) / 2) );
|
||||
} else {
|
||||
|
||||
@ -114,13 +114,13 @@ sub encodeaddr( $ ) {
|
||||
sub validate_range( $$ ) {
|
||||
my ( $low, $high ) = @_;
|
||||
|
||||
fatal_error "Invalid IP address ( $low )" unless valid_address $low;
|
||||
fatal_error "Invalid IP address ( $high )" unless valid_address $high;
|
||||
fatal_error "Invalid IP address ($low)" unless valid_address $low;
|
||||
fatal_error "Invalid IP address ($high)" unless valid_address $high;
|
||||
|
||||
my $first = decodeaddr $low;
|
||||
my $last = decodeaddr $high;
|
||||
|
||||
fatal_error "Invalid IP Range ( $low-$high )" unless $first <= $last;
|
||||
fatal_error "Invalid IP Range ($low-$high)" unless $first <= $last;
|
||||
}
|
||||
|
||||
sub ip_range_explicit( $ ) {
|
||||
@ -129,17 +129,17 @@ sub ip_range_explicit( $ ) {
|
||||
|
||||
my ( $low, $high ) = split /-/, $range;
|
||||
|
||||
fatal_error "Invalid IP address ( $low )" unless valid_address $low;
|
||||
fatal_error "Invalid IP address ($low)" unless valid_address $low;
|
||||
|
||||
push @result, $low;
|
||||
|
||||
if ( defined $high ) {
|
||||
fatal_error "Invalid IP address ( $high )" unless valid_address $high;
|
||||
fatal_error "Invalid IP address ($high)" unless valid_address $high;
|
||||
|
||||
my $first = decodeaddr $low;
|
||||
my $last = decodeaddr $high;
|
||||
|
||||
fatal_error "Invalid IP Range ( $range )" unless $first <= $last;
|
||||
fatal_error "Invalid IP Range ($range)" unless $first <= $last;
|
||||
|
||||
while ( ++$first <= $last ) {
|
||||
push @result, encodeaddr( $first );
|
||||
|
||||
@ -236,14 +236,14 @@ sub validate_interfaces_file( $ )
|
||||
|
||||
fatal_error "Invalid INTERFACE" if defined $extra || ! $interface;
|
||||
|
||||
fatal_error "Invalid Interface Name ( $interface )" if $interface eq '+';
|
||||
fatal_error "Invalid Interface Name ($interface)" if $interface eq '+';
|
||||
|
||||
if ( defined $port ) {
|
||||
require_capability( 'PHYSDEV_MATCH', 'Bridge Ports', '');
|
||||
require_capability( 'KLUDGEFREE', 'Bridge Ports', '');
|
||||
fatal_error "Duplicate Interface ( $port )" if $interfaces{$port};
|
||||
fatal_error "Duplicate Interface ($port)" if $interfaces{$port};
|
||||
fatal_error "$interface is not a defined bridge" unless $interfaces{$interface} && $interfaces{$interface}{options}{bridge};
|
||||
fatal_error "Invalid Interface Name ( $interface:$port )" unless $port =~ /^[\w.@%-]+\+?$/;
|
||||
fatal_error "Invalid Interface Name ($interface:$port)" unless $port =~ /^[\w.@%-]+\+?$/;
|
||||
fatal_error "Bridge Ports may only be associated with 'bport' zones" if $zone && $zoneref->{type} ne 'bport4';
|
||||
|
||||
if ( $zone ) {
|
||||
@ -257,7 +257,7 @@ sub validate_interfaces_file( $ )
|
||||
$interfaces{$port}{bridge} = $bridge = $interface;
|
||||
$interface = $port;
|
||||
} else {
|
||||
fatal_error "Duplicate Interface ( $interface )" if $interfaces{$interface};
|
||||
fatal_error "Duplicate Interface ($interface)" if $interfaces{$interface};
|
||||
fatal_error "Zones of type 'bport' may only be associated with bridge ports" if $zone && $zoneref->{type} eq 'bport4';
|
||||
$interfaces{$interface}{bridge} = $interface;
|
||||
}
|
||||
|
||||
@ -168,10 +168,10 @@ sub setup_providers() {
|
||||
|
||||
my ($table, $number, $mark, $duplicate, $interface, $gateway, $options, $copy) = @_;
|
||||
|
||||
fatal_error "Duplicate provider ( $table )" if $providers{$table};
|
||||
fatal_error "Duplicate provider ($table)" if $providers{$table};
|
||||
|
||||
for my $providerref ( values %providers ) {
|
||||
fatal_error "Duplicate provider number ( $number )" if $providerref->{number} == $number;
|
||||
fatal_error "Duplicate provider number ($number)" if $providerref->{number} == $number;
|
||||
}
|
||||
|
||||
emit "#\n# Add Provider $table ($number)\n#";
|
||||
@ -235,7 +235,7 @@ sub setup_providers() {
|
||||
}
|
||||
|
||||
for my $providerref ( values %providers ) {
|
||||
fatal_error "Duplicate mark value ( $mark )" if $providerref->{mark} == $val;
|
||||
fatal_error "Duplicate mark value ($mark)" if $providerref->{mark} == $val;
|
||||
}
|
||||
|
||||
my $pref = 10000 + $val;
|
||||
|
||||
@ -113,7 +113,7 @@ sub process_tos() {
|
||||
if ( defined ( my $tosval = $tosoptions{"\L$tos"} ) ) {
|
||||
$tos = $tosval;
|
||||
} elsif ( numeric_value( $tos ) > 0x1e ) {
|
||||
fatal_error "Invalid TOS value";
|
||||
fatal_error "Invalid TOS value ($tos)";
|
||||
}
|
||||
|
||||
my $chainref;
|
||||
@ -176,7 +176,7 @@ sub setup_ecn()
|
||||
|
||||
my ($interface, $hosts ) = split_line 1, 2, 'ecn file entry';
|
||||
|
||||
fatal_error "Unknown interface ( $interface )" unless known_interface $interface;
|
||||
fatal_error "Unknown interface ($interface)" unless known_interface $interface;
|
||||
|
||||
$interfaces{$interface} = 1;
|
||||
|
||||
@ -730,7 +730,7 @@ sub setup_mac_lists( $ ) {
|
||||
|
||||
my $targetref = $maclist_targets{$disposition};
|
||||
|
||||
fatal_error "Invalid DISPOSITION ( $disposition)" if ! $targetref || ( ( $table eq 'mangle' ) && ! $targetref->{mangle} );
|
||||
fatal_error "Invalid DISPOSITION ($disposition)" if ! $targetref || ( ( $table eq 'mangle' ) && ! $targetref->{mangle} );
|
||||
|
||||
unless ( $maclist_interfaces{$interface} ) {
|
||||
next if get_interface_option( $interface, 'optional' ) && get_interface_option( $interface, 'detectnets' );
|
||||
@ -828,7 +828,7 @@ sub process_macro ( $$$$$$$$$$$$$ ) {
|
||||
|
||||
my $action = isolate_basic_target $mtarget;
|
||||
|
||||
fatal_error "Invalid or missing ACTION ( $mtarget )" unless defined $action;
|
||||
fatal_error "Invalid or missing ACTION ($mtarget)" unless defined $action;
|
||||
|
||||
my $actiontype = $targets{$action} || find_macro( $action );
|
||||
|
||||
@ -1248,7 +1248,7 @@ sub process_rule ( $$$$$$$$$$ ) {
|
||||
|
||||
my $action = isolate_basic_target $target;
|
||||
|
||||
fatal_error "Invalid or missing ACTION ( $target )" unless defined $action;
|
||||
fatal_error "Invalid or missing ACTION ($target)" unless defined $action;
|
||||
|
||||
if ( $source eq 'all' ) {
|
||||
for my $zone ( @zones ) {
|
||||
|
||||
@ -295,7 +295,7 @@ sub rate_to_kbit( $ ) {
|
||||
return $1 * 8000 if $rate =~ /^(\d+)mbps$/i;
|
||||
return $1 * 8 if $rate =~ /^(\d+)kbps$/i;
|
||||
return $rate / 125 if $rate =~ /^\d+$/;
|
||||
fatal_error "Invalid Rate ( $rate )";
|
||||
fatal_error "Invalid Rate ($rate)";
|
||||
}
|
||||
|
||||
sub calculate_r2q( $ ) {
|
||||
@ -313,8 +313,8 @@ sub calculate_quantum( $$ ) {
|
||||
sub validate_tc_device( $$$ ) {
|
||||
my ( $device, $inband, $outband ) = @_;
|
||||
|
||||
fatal_error "Duplicate device ( $device )" if $tcdevices{$device};
|
||||
fatal_error "Invalid device name ( $device )" if $device =~ /[:+]/;
|
||||
fatal_error "Duplicate device ($device)" if $tcdevices{$device};
|
||||
fatal_error "Invalid device name ($device)" if $device =~ /[:+]/;
|
||||
|
||||
rate_to_kbit $inband;
|
||||
rate_to_kbit $outband;
|
||||
@ -349,16 +349,16 @@ sub validate_tc_class( $$$$$$ ) {
|
||||
'tos-normal-service' => 'tos=0x00/0x1e' );
|
||||
|
||||
my $devref = $tcdevices{$device};
|
||||
fatal_error "Unknown Device ( $device )" unless $devref;
|
||||
fatal_error "Unknown Device ($device)" unless $devref;
|
||||
my $full = rate_to_kbit $devref->{out_bandwidth};
|
||||
|
||||
$tcclasses{$device} = {} unless $tcclasses{$device};
|
||||
my $tcref = $tcclasses{$device};
|
||||
|
||||
fatal_error "Invalid Mark ( $mark )" unless $mark =~ /^([0-9]+|0x[0-9a-f]+)$/ && numeric_value( $mark ) < 0xff;
|
||||
fatal_error "Invalid Mark ($mark)" unless $mark =~ /^([0-9]+|0x[0-9a-f]+)$/ && numeric_value( $mark ) < 0xff;
|
||||
|
||||
my $markval = numeric_value( $mark );
|
||||
fatal_error "Duplicate Mark ( $mark )" if $tcref->{$markval};
|
||||
fatal_error "Duplicate Mark ($mark)" if $tcref->{$markval};
|
||||
|
||||
$tcref->{$markval} = {};
|
||||
$tcref = $tcref->{$markval};
|
||||
@ -385,7 +385,7 @@ sub validate_tc_class( $$$$$$ ) {
|
||||
( undef, $option ) = split /=/, $option;
|
||||
push @{$tcref->{tos}}, $option;
|
||||
} else {
|
||||
fatal_error "Unknown option ( $option )";
|
||||
fatal_error "Unknown option ($option)";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -237,9 +237,9 @@ sub determine_zones()
|
||||
}
|
||||
}
|
||||
|
||||
fatal_error "Invalid zone name: $zone" unless "\L$zone" =~ /^[a-z]\w*$/ && length $zone <= $globals{MAXZONENAMELENGTH};
|
||||
fatal_error "Invalid zone name: $zone" if $reservedName{$zone} || $zone =~ /^all2|2all$/;
|
||||
fatal_error( "Duplicate zone name: $zone\n" ) if $zones{$zone};
|
||||
fatal_error "Invalid zone name ($zone)" unless "\L$zone" =~ /^[a-z]\w*$/ && length $zone <= $globals{MAXZONENAMELENGTH};
|
||||
fatal_error "Invalid zone name ($zone)" if $reservedName{$zone} || $zone =~ /^all2|2all$/;
|
||||
fatal_error( "Duplicate zone name ($zone)" ) if $zones{$zone};
|
||||
|
||||
$type = "ipv4" unless $type;
|
||||
|
||||
@ -252,7 +252,7 @@ sub determine_zones()
|
||||
$type = 'bport4';
|
||||
} elsif ( $type eq 'firewall' ) {
|
||||
fatal_error 'Firewall zone may not be nested' if @parents;
|
||||
fatal_error "Only one firewall zone may be defined: $zone" if $firewall_zone;
|
||||
fatal_error "Only one firewall zone may be defined ($zone)" if $firewall_zone;
|
||||
$firewall_zone = $zone;
|
||||
$ENV{FW} = $zone;
|
||||
$type = "firewall";
|
||||
|
||||
Loading…
Reference in New Issue
Block a user