holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Allow zone names in the MARK column when ZONE_BITS != 0

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-11-18 07:23:24 -08:00
parent 7c0cb69c29
commit 4f9afc32ec
2 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -3459,18 +3459,21 @@ sub do_imac( $ ) {
#
sub verify_mark( $ ) {
my $mark = $_[0];
my $limit = $globals{TC_MASK} | $globals{PROVIDER_MASK};
my $limit = $globals{EXCLUSION_MASK};
my $mask = $globals{TC_MASK};
my $value = numeric_value( $mark );
fatal_error "Invalid Mark or Mask value ($mark)"
unless defined( $value ) && $value <= $limit;
unless defined( $value ) && $value < $limit;
if ( $value > $mask ) {
#
# Not a valid TC mark -- must be a provider mark or a user mark
#
fatal_error "Invalid Mark or Mask value ($mark)" unless ( $value & $globals{PROVIDER_MASK} ) == $value || ( $value & $globals{USER_MASK} ) == $value;
fatal_error "Invalid Mark or Mask value ($mark)"
unless( ( $value & $globals{PROVIDER_MASK} ) == $value ||
( $value & $globals{USER_MASK} ) == $value ||
( $value & $globals{ZONE_MASK} ) == $value );
}
}
@ -3507,6 +3510,11 @@ sub do_test ( $$ )
$mask = '' unless defined $mask;
my $invert = $testval =~ s/^!// ? '! ' : '';
if ( $config{ZONE_BITS} ) {
$testval = join( '/', in_hex( find_zone( $testval )->{mark} ), in_hex( $globals{ZONE_MASK} ) ) unless $testval =~ /^\d/ || $testval =~ /:/;
}
my $match = $testval =~ s/:C$// ? "-m connmark ${invert}--mark" : "-m mark ${invert}--mark";
fatal_error "Invalid MARK value ($originaltestval)" if $testval eq '/';

2
Shorewall/Perl/Shorewall/Config.pm
View File

@ -3735,7 +3735,7 @@ sub get_configuration( $$$ ) {
numeric_option 'PROVIDER_OFFSET' , $config{HIGH_ROUTE_MARKS} ? $config{WIDE_TC_MARKS} ? 16 : 8 : 0, 0;
numeric_option 'ZONE_BITS' , 0, 0;
require_capability 'MARK_ANYWHERE', 'A non-zero ZONE_BITS setting', 's';
require_capability 'MARK_ANYWHERE', 'A non-zero ZONE_BITS setting', 's' if $config{ZONE_BITS};
if ( $config{PROVIDER_OFFSET} ) {
$config{PROVIDER_OFFSET} = $config{MASK_BITS} if $config{PROVIDER_OFFSET} < $config{MASK_BITS};