holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Better ACCOUNT(...) parsing

Browse Source
This commit is contained in:
Tom Eastep 2011-01-31 20:17:56 -08:00
parent f8e6c80ca0
commit 4e7f656a5b
2 changed files with 17 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
Shorewall/Perl/Shorewall/Accounting.pm
View File

@ -102,17 +102,21 @@ sub process_accounting_rule( ) {
unless ( $action eq 'COUNT' ) { unless ( $action eq 'COUNT' ) {
if ( $action eq 'DONE' ) { if ( $action eq 'DONE' ) {
$target = 'RETURN'; $target = 'RETURN';
} elsif ( $action =~ /^ACCOUNT\((.+)\)$/ ) { } elsif ( $action =~ /^ACCOUNT\(/ ) {
require_capability 'ACCOUNT_TARGET' , 'ACCOUNT Rules' , ''; if ( $action =~ /^ACCOUNT\((.+)\)$/ ) {
my ( $table, $net, $rest ) = split/,/, $1; require_capability 'ACCOUNT_TARGET' , 'ACCOUNT Rules' , '';
fatal_error "Invalid Network Address (${net}${rest})" if defined $rest; my ( $table, $net, $rest ) = split/,/, $1;
fatal_error "Missing Table Name" unless defined $table && $table ne '';; fatal_error "Invalid Network Address (${net},${rest})" if defined $rest;
fatal_error "Invalid Table Name ($table)" unless $table =~ /^([-\w.]+)$/; fatal_error "Missing Table Name" unless defined $table && $table ne '';;
fatal_error "Missing Network Address" unless defined $net; fatal_error "Invalid Table Name ($table)" unless $table =~ /^([-\w.]+)$/;
fatal_error "Invalid Network Address ($net)" unless defined $net && $net =~ '/(\d+)$'; fatal_error "Missing Network Address" unless defined $net;
fatal_error "Netmask ($1) out of range" unless $1 >= 8; fatal_error "Invalid Network Address ($net)" unless defined $net && $net =~ '/(\d+)$';
validate_net $net, 0; fatal_error "Netmask ($1) out of range" unless $1 >= 8;
$target = "ACCOUNT --addr $net --tname $table"; validate_net $net, 0;
$target = "ACCOUNT --addr $net --tname $table";
} else {
fatal_error "Invalid ACCOUNT Action";
}
} else { } else {
( $action, my $cmd ) = split /:/, $action; ( $action, my $cmd ) = split /:/, $action;
if ( $cmd ) { if ( $cmd ) {

2
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -1262,6 +1262,7 @@ sub ensure_accounting_chain( $$ )
fatal_error "Non-accounting chain ($chain) used in an accounting rule" unless $chainref->{accounting}; fatal_error "Non-accounting chain ($chain) used in an accounting rule" unless $chainref->{accounting};
} else { } else {
fatal_error "Chain name ($chain) too long" if length $chain > 29; fatal_error "Chain name ($chain) too long" if length $chain > 29;
fatal_error "Invalid Chain name ($chain)" unless $chain =~ /^[-\w.]+$/;
$chainref = new_chain 'filter' , $chain; $chainref = new_chain 'filter' , $chain;
$chainref->{accounting} = 1; $chainref->{accounting} = 1;
$chainref->{referenced} = 1; $chainref->{referenced} = 1;
@ -1350,6 +1351,7 @@ sub new_nat_chain($) {
sub new_manual_chain($) { sub new_manual_chain($) {
my $chain = $_[0]; my $chain = $_[0];
fatal_error "Chain name ($chain) too long" if length $chain > 29; fatal_error "Chain name ($chain) too long" if length $chain > 29;
fatal_error "Invalid Chain name ($chain)" unless $chain =~ /^[-\w.]+$/;
fatal_error "Duplicate Chain Name ($chain)" if $targets{$chain} || $filter_table->{$chain}; fatal_error "Duplicate Chain Name ($chain)" if $targets{$chain} || $filter_table->{$chain};
$targets{$chain} = CHAIN; $targets{$chain} = CHAIN;
( my $chainref = ensure_filter_chain( $chain, 0) )->{manual} = 1; ( my $chainref = ensure_filter_chain( $chain, 0) )->{manual} = 1;