diff --git a/Shorewall-perl/Shorewall/Actions.pm b/Shorewall-perl/Shorewall/Actions.pm index eb92f539d..5ecbda905 100644 --- a/Shorewall-perl/Shorewall/Actions.pm +++ b/Shorewall-perl/Shorewall/Actions.pm @@ -341,7 +341,7 @@ sub process_action1 ( $$ ) { fatal_error "Parameter value not allowed in action files ($param)" if $paramtype & NATRULE; } - fatal_error "Invalid or missing ACTION ( $wholetarget )" unless defined $target; + fatal_error "Invalid or missing ACTION ($wholetarget)" unless defined $target; if ( find_macro $target ) { process_macro1( $action, $macros{$target} ); @@ -372,18 +372,18 @@ sub process_actions1() { if ( $targets{$action} ) { next if $targets{$action} & ACTION; - fatal_error "Invalid Action Name: $action"; + fatal_error "Invalid Action Name ($action)"; } $targets{$action} = ACTION; - fatal_error "Invalid Action Name: $action" unless "\L$action" =~ /^[a-z]\w*$/; + fatal_error "Invalid Action Name ($action)" unless "\L$action" =~ /^[a-z]\w*$/; new_action $action; my $actionfile = find_file "action.$action"; - fatal_error "Missing Action File: $actionfile" unless -f $actionfile; + fatal_error "Missing Action File ($actionfile)" unless -f $actionfile; progress_message2 " Pre-processing $actionfile..."; @@ -516,7 +516,7 @@ sub process_action3( $$$$$ ) { my $actionfile = find_file "action.$action"; my $standard = ( $actionfile =~ /^$globals{SHAREDIR}/ ); - fatal_error "Missing Action File: $actionfile" unless -f $actionfile; + fatal_error "Missing Action File ($actionfile)" unless -f $actionfile; progress_message2 "Processing $actionfile for chain $chainref->{name}..."; diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm index 92c085993..850ce8962 100644 --- a/Shorewall-perl/Shorewall/Chains.pm +++ b/Shorewall-perl/Shorewall/Chains.pm @@ -773,7 +773,7 @@ sub validate_portpair( $ ) { my @ports = split/:/, $portpair, 3; - fatal_error "Invalid port range" if @ports == 3; + fatal_error "Invalid port range ($portpair)" if @ports == 3; for my $port ( @ports ) { my $value = $services{$port}; @@ -887,8 +887,8 @@ sub do_proto( $$$ ) if ( $ports ne '' ) { if ( $ports =~ tr/,/,/ > 0 || $sports =~ tr/,/,/ > 0 ) { - fatal_error "Port list requires Multiport support in your kernel/iptables: $ports" unless $capabilities{MULTIPORT}; - fatal_error "Too many entries in port list: $ports" if port_count( $ports ) > 15; + fatal_error "Port list requires Multiport support in your kernel/iptables ($ports)" unless $capabilities{MULTIPORT}; + fatal_error "Too many entries in port list ($ports)" if port_count( $ports ) > 15; $ports = validate_port_list $ports; $output .= "-m multiport --dports $ports "; $multiport = 1; @@ -902,7 +902,7 @@ sub do_proto( $$$ ) if ( $sports ne '' ) { if ( $multiport ) { - fatal_error "Too many entries in port list: $sports" if port_count( $sports ) > 15; + fatal_error "Too many entries in port list ($sports)" if port_count( $sports ) > 15; $sports = validate_port_list $sports; $output .= "-m multiport --sports $sports "; } else { @@ -963,7 +963,7 @@ sub verify_mark( $ ) { my $mark = $_[0]; my $limit = $config{HIGH_ROUTE_MARKS} ? 0xFFFF : 0xFF; - fatal_error "Invalid Mark or Mask value: $mark" + fatal_error "Invalid Mark or Mask value ($mark)" unless numeric_value( $mark ) <= $limit; } @@ -1108,7 +1108,7 @@ sub get_set_flags( $$ ) { my ( $setname, $option ) = @_; my $options = $option; - fatal_error "Your kernel and/or iptables does not include ipset match: $setname" unless $capabilities{IPSET_MATCH}; + fatal_error "Your kernel and/or iptables does not include ipset match ($setname)" unless $capabilities{IPSET_MATCH}; if ( $setname =~ /(.*)\[([1-6])\]$/ ) { $setname = $1; @@ -1542,17 +1542,17 @@ sub expand_rule( $$$$$$$$$$ ) # # ADDRESS 'detect' in the masq file. # - fatal_error "Bridge port ( $diface) not allowed" if port_to_bridge( $diface ); + fatal_error "Bridge port ($diface) not allowed" if port_to_bridge( $diface ); add_command( $chainref , 'for dest in ' . get_interface_addresses( $diface) . '; do' ); $rule .= '-d $dest '; $chainref->{loopcount}++; } else { - fatal_error "Bridge Port ( $diface ) not allowed in OUTPUT or POSTROUTING rules" if ( $restriction & ( POSTROUTE_RESTRICT + OUTPUT_RESTRICT ) ) && port_to_bridge( $diface ); + fatal_error "Bridge Port ($diface) not allowed in OUTPUT or POSTROUTING rules" if ( $restriction & ( POSTROUTE_RESTRICT + OUTPUT_RESTRICT ) ) && port_to_bridge( $diface ); fatal_error "Destination Interface ($diface) not allowed when the destination zone is $firewall_zone" if $restriction & INPUT_RESTRICT; if ( $iiface ) { my $bridge = port_to_bridge( $diface ); - fatal_error "Source interface ( $iiface) is not a port on the same bridge as the destination interface ( $diface )" if $bridge && $bridge ne source_port_to_bridge( $iiface ); + fatal_error "Source interface ($iiface) is not a port on the same bridge as the destination interface ( $diface )" if $bridge && $bridge ne source_port_to_bridge( $iiface ); } $rule .= match_dest_dev( $diface ); diff --git a/Shorewall-perl/Shorewall/Compiler.pm b/Shorewall-perl/Shorewall/Compiler.pm index 0aaaadd3d..512993406 100644 --- a/Shorewall-perl/Shorewall/Compiler.pm +++ b/Shorewall-perl/Shorewall/Compiler.pm @@ -139,8 +139,8 @@ sub generate_script_1() { '', 'local version=$(cat ${SHAREDIR}/version)', '', - 'if [ ${SHOREWALL_LIBVERSION:-0} -lt 30401 ]; then', - ' fatal_error "This script requires Shorewall version 3.4.2 or later; current version is $version"', + 'if [ ${SHOREWALL_LIBVERSION:-0} -lt 30403 ]; then', + ' fatal_error "This script requires Shorewall version 3.4.3 or later; current version is $version"', 'fi', '#', '# These variables are required by the library functions called in this script', diff --git a/Shorewall-perl/Shorewall/Config.pm b/Shorewall-perl/Shorewall/Config.pm index fdb6e9378..d75c83b05 100644 --- a/Shorewall-perl/Shorewall/Config.pm +++ b/Shorewall-perl/Shorewall/Config.pm @@ -1,4 +1,4 @@ -# +s# # Shorewall-perl 4.0 -- /usr/share/shorewall-perl/Shorewall/Config.pm # # This program is under GPL [http://www.gnu.org/copyleft/gpl.htm] @@ -330,7 +330,7 @@ INIT { # sub warning_message { - my $lineinfo = $currentfile ? " : $currentfilename ( line $currentlinenumber )" : ''; + my $lineinfo = $currentfile ? " : $currentfilename (line $currentlinenumber)" : ''; print STDERR " WARNING: @_$lineinfo\n"; } @@ -339,7 +339,7 @@ sub warning_message # Issue fatal error message and die # sub fatal_error { - my $lineinfo = $currentfile ? " : $currentfilename ( line $currentlinenumber )" : ''; + my $lineinfo = $currentfile ? " : $currentfilename (line $currentlinenumber)" : ''; die " ERROR: @_$lineinfo\n"; @@ -679,7 +679,7 @@ sub check_trivalue( $$ ) { } elsif ( $val eq '' ) { $config{$var} = $default } else { - fatal_error "Invalid value ( $val ) for $var"; + fatal_error "Invalid value ($val) for $var"; } } else { $config{var} = $default @@ -1086,7 +1086,7 @@ sub get_configuration( $ ) { } elsif ( $val eq 'ACCEPT' ) { $globals{MACLIST_TARGET} = 'RETURN'; } else { - fatal_error "Invalid value ( $config{MACLIST_DISPOSITION} ) for MACLIST_DISPOSITION" + fatal_error "Invalid value ($config{MACLIST_DISPOSITION}) for MACLIST_DISPOSITION" } } } else { @@ -1158,7 +1158,7 @@ sub get_configuration( $ ) { fatal_error "Invalid LOGFORMAT ($val)" if $@; - fatal_error "LOGFORMAT string is longer than 29 characters: \"$val\"" if length $result > 29; + fatal_error "LOGFORMAT string is longer than 29 characters ($val)" if length $result > 29; $globals{MAXZONENAMELENGTH} = int ( 5 + ( ( 29 - (length $result ) ) / 2) ); } else { diff --git a/Shorewall-perl/Shorewall/IPAddrs.pm b/Shorewall-perl/Shorewall/IPAddrs.pm index d5b3fbcc4..a97ac2583 100644 --- a/Shorewall-perl/Shorewall/IPAddrs.pm +++ b/Shorewall-perl/Shorewall/IPAddrs.pm @@ -114,13 +114,13 @@ sub encodeaddr( $ ) { sub validate_range( $$ ) { my ( $low, $high ) = @_; - fatal_error "Invalid IP address ( $low )" unless valid_address $low; - fatal_error "Invalid IP address ( $high )" unless valid_address $high; + fatal_error "Invalid IP address ($low)" unless valid_address $low; + fatal_error "Invalid IP address ($high)" unless valid_address $high; my $first = decodeaddr $low; my $last = decodeaddr $high; - fatal_error "Invalid IP Range ( $low-$high )" unless $first <= $last; + fatal_error "Invalid IP Range ($low-$high)" unless $first <= $last; } sub ip_range_explicit( $ ) { @@ -129,17 +129,17 @@ sub ip_range_explicit( $ ) { my ( $low, $high ) = split /-/, $range; - fatal_error "Invalid IP address ( $low )" unless valid_address $low; + fatal_error "Invalid IP address ($low)" unless valid_address $low; push @result, $low; if ( defined $high ) { - fatal_error "Invalid IP address ( $high )" unless valid_address $high; + fatal_error "Invalid IP address ($high)" unless valid_address $high; my $first = decodeaddr $low; my $last = decodeaddr $high; - fatal_error "Invalid IP Range ( $range )" unless $first <= $last; + fatal_error "Invalid IP Range ($range)" unless $first <= $last; while ( ++$first <= $last ) { push @result, encodeaddr( $first ); diff --git a/Shorewall-perl/Shorewall/Interfaces.pm b/Shorewall-perl/Shorewall/Interfaces.pm index cc49af1cf..2d6cadd9b 100644 --- a/Shorewall-perl/Shorewall/Interfaces.pm +++ b/Shorewall-perl/Shorewall/Interfaces.pm @@ -236,14 +236,14 @@ sub validate_interfaces_file( $ ) fatal_error "Invalid INTERFACE" if defined $extra || ! $interface; - fatal_error "Invalid Interface Name ( $interface )" if $interface eq '+'; + fatal_error "Invalid Interface Name ($interface)" if $interface eq '+'; if ( defined $port ) { require_capability( 'PHYSDEV_MATCH', 'Bridge Ports', ''); require_capability( 'KLUDGEFREE', 'Bridge Ports', ''); - fatal_error "Duplicate Interface ( $port )" if $interfaces{$port}; + fatal_error "Duplicate Interface ($port)" if $interfaces{$port}; fatal_error "$interface is not a defined bridge" unless $interfaces{$interface} && $interfaces{$interface}{options}{bridge}; - fatal_error "Invalid Interface Name ( $interface:$port )" unless $port =~ /^[\w.@%-]+\+?$/; + fatal_error "Invalid Interface Name ($interface:$port)" unless $port =~ /^[\w.@%-]+\+?$/; fatal_error "Bridge Ports may only be associated with 'bport' zones" if $zone && $zoneref->{type} ne 'bport4'; if ( $zone ) { @@ -257,7 +257,7 @@ sub validate_interfaces_file( $ ) $interfaces{$port}{bridge} = $bridge = $interface; $interface = $port; } else { - fatal_error "Duplicate Interface ( $interface )" if $interfaces{$interface}; + fatal_error "Duplicate Interface ($interface)" if $interfaces{$interface}; fatal_error "Zones of type 'bport' may only be associated with bridge ports" if $zone && $zoneref->{type} eq 'bport4'; $interfaces{$interface}{bridge} = $interface; } diff --git a/Shorewall-perl/Shorewall/Providers.pm b/Shorewall-perl/Shorewall/Providers.pm index ae56c1e4e..4d32914ab 100644 --- a/Shorewall-perl/Shorewall/Providers.pm +++ b/Shorewall-perl/Shorewall/Providers.pm @@ -168,10 +168,10 @@ sub setup_providers() { my ($table, $number, $mark, $duplicate, $interface, $gateway, $options, $copy) = @_; - fatal_error "Duplicate provider ( $table )" if $providers{$table}; + fatal_error "Duplicate provider ($table)" if $providers{$table}; for my $providerref ( values %providers ) { - fatal_error "Duplicate provider number ( $number )" if $providerref->{number} == $number; + fatal_error "Duplicate provider number ($number)" if $providerref->{number} == $number; } emit "#\n# Add Provider $table ($number)\n#"; @@ -235,7 +235,7 @@ sub setup_providers() { } for my $providerref ( values %providers ) { - fatal_error "Duplicate mark value ( $mark )" if $providerref->{mark} == $val; + fatal_error "Duplicate mark value ($mark)" if $providerref->{mark} == $val; } my $pref = 10000 + $val; diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm index 35546881f..7c6835900 100644 --- a/Shorewall-perl/Shorewall/Rules.pm +++ b/Shorewall-perl/Shorewall/Rules.pm @@ -113,7 +113,7 @@ sub process_tos() { if ( defined ( my $tosval = $tosoptions{"\L$tos"} ) ) { $tos = $tosval; } elsif ( numeric_value( $tos ) > 0x1e ) { - fatal_error "Invalid TOS value"; + fatal_error "Invalid TOS value ($tos)"; } my $chainref; @@ -176,7 +176,7 @@ sub setup_ecn() my ($interface, $hosts ) = split_line 1, 2, 'ecn file entry'; - fatal_error "Unknown interface ( $interface )" unless known_interface $interface; + fatal_error "Unknown interface ($interface)" unless known_interface $interface; $interfaces{$interface} = 1; @@ -730,7 +730,7 @@ sub setup_mac_lists( $ ) { my $targetref = $maclist_targets{$disposition}; - fatal_error "Invalid DISPOSITION ( $disposition)" if ! $targetref || ( ( $table eq 'mangle' ) && ! $targetref->{mangle} ); + fatal_error "Invalid DISPOSITION ($disposition)" if ! $targetref || ( ( $table eq 'mangle' ) && ! $targetref->{mangle} ); unless ( $maclist_interfaces{$interface} ) { next if get_interface_option( $interface, 'optional' ) && get_interface_option( $interface, 'detectnets' ); @@ -828,7 +828,7 @@ sub process_macro ( $$$$$$$$$$$$$ ) { my $action = isolate_basic_target $mtarget; - fatal_error "Invalid or missing ACTION ( $mtarget )" unless defined $action; + fatal_error "Invalid or missing ACTION ($mtarget)" unless defined $action; my $actiontype = $targets{$action} || find_macro( $action ); @@ -1248,7 +1248,7 @@ sub process_rule ( $$$$$$$$$$ ) { my $action = isolate_basic_target $target; - fatal_error "Invalid or missing ACTION ( $target )" unless defined $action; + fatal_error "Invalid or missing ACTION ($target)" unless defined $action; if ( $source eq 'all' ) { for my $zone ( @zones ) { diff --git a/Shorewall-perl/Shorewall/Tc.pm b/Shorewall-perl/Shorewall/Tc.pm index f6688aac2..f076e4ebc 100644 --- a/Shorewall-perl/Shorewall/Tc.pm +++ b/Shorewall-perl/Shorewall/Tc.pm @@ -295,7 +295,7 @@ sub rate_to_kbit( $ ) { return $1 * 8000 if $rate =~ /^(\d+)mbps$/i; return $1 * 8 if $rate =~ /^(\d+)kbps$/i; return $rate / 125 if $rate =~ /^\d+$/; - fatal_error "Invalid Rate ( $rate )"; + fatal_error "Invalid Rate ($rate)"; } sub calculate_r2q( $ ) { @@ -313,8 +313,8 @@ sub calculate_quantum( $$ ) { sub validate_tc_device( $$$ ) { my ( $device, $inband, $outband ) = @_; - fatal_error "Duplicate device ( $device )" if $tcdevices{$device}; - fatal_error "Invalid device name ( $device )" if $device =~ /[:+]/; + fatal_error "Duplicate device ($device)" if $tcdevices{$device}; + fatal_error "Invalid device name ($device)" if $device =~ /[:+]/; rate_to_kbit $inband; rate_to_kbit $outband; @@ -349,16 +349,16 @@ sub validate_tc_class( $$$$$$ ) { 'tos-normal-service' => 'tos=0x00/0x1e' ); my $devref = $tcdevices{$device}; - fatal_error "Unknown Device ( $device )" unless $devref; + fatal_error "Unknown Device ($device)" unless $devref; my $full = rate_to_kbit $devref->{out_bandwidth}; $tcclasses{$device} = {} unless $tcclasses{$device}; my $tcref = $tcclasses{$device}; - fatal_error "Invalid Mark ( $mark )" unless $mark =~ /^([0-9]+|0x[0-9a-f]+)$/ && numeric_value( $mark ) < 0xff; + fatal_error "Invalid Mark ($mark)" unless $mark =~ /^([0-9]+|0x[0-9a-f]+)$/ && numeric_value( $mark ) < 0xff; my $markval = numeric_value( $mark ); - fatal_error "Duplicate Mark ( $mark )" if $tcref->{$markval}; + fatal_error "Duplicate Mark ($mark)" if $tcref->{$markval}; $tcref->{$markval} = {}; $tcref = $tcref->{$markval}; @@ -385,7 +385,7 @@ sub validate_tc_class( $$$$$$ ) { ( undef, $option ) = split /=/, $option; push @{$tcref->{tos}}, $option; } else { - fatal_error "Unknown option ( $option )"; + fatal_error "Unknown option ($option)"; } } } diff --git a/Shorewall-perl/Shorewall/Zones.pm b/Shorewall-perl/Shorewall/Zones.pm index d17d495f2..f50713f6f 100644 --- a/Shorewall-perl/Shorewall/Zones.pm +++ b/Shorewall-perl/Shorewall/Zones.pm @@ -237,9 +237,9 @@ sub determine_zones() } } - fatal_error "Invalid zone name: $zone" unless "\L$zone" =~ /^[a-z]\w*$/ && length $zone <= $globals{MAXZONENAMELENGTH}; - fatal_error "Invalid zone name: $zone" if $reservedName{$zone} || $zone =~ /^all2|2all$/; - fatal_error( "Duplicate zone name: $zone\n" ) if $zones{$zone}; + fatal_error "Invalid zone name ($zone)" unless "\L$zone" =~ /^[a-z]\w*$/ && length $zone <= $globals{MAXZONENAMELENGTH}; + fatal_error "Invalid zone name ($zone)" if $reservedName{$zone} || $zone =~ /^all2|2all$/; + fatal_error( "Duplicate zone name ($zone)" ) if $zones{$zone}; $type = "ipv4" unless $type; @@ -252,7 +252,7 @@ sub determine_zones() $type = 'bport4'; } elsif ( $type eq 'firewall' ) { fatal_error 'Firewall zone may not be nested' if @parents; - fatal_error "Only one firewall zone may be defined: $zone" if $firewall_zone; + fatal_error "Only one firewall zone may be defined ($zone)" if $firewall_zone; $firewall_zone = $zone; $ENV{FW} = $zone; $type = "firewall";