forked from extern/shorewall_code
Allow zone names in the MARK column when ZONE_BITS != 0
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
7c0cb69c29
commit
4f9afc32ec
@ -3459,18 +3459,21 @@ sub do_imac( $ ) {
|
|||||||
#
|
#
|
||||||
sub verify_mark( $ ) {
|
sub verify_mark( $ ) {
|
||||||
my $mark = $_[0];
|
my $mark = $_[0];
|
||||||
my $limit = $globals{TC_MASK} | $globals{PROVIDER_MASK};
|
my $limit = $globals{EXCLUSION_MASK};
|
||||||
my $mask = $globals{TC_MASK};
|
my $mask = $globals{TC_MASK};
|
||||||
my $value = numeric_value( $mark );
|
my $value = numeric_value( $mark );
|
||||||
|
|
||||||
fatal_error "Invalid Mark or Mask value ($mark)"
|
fatal_error "Invalid Mark or Mask value ($mark)"
|
||||||
unless defined( $value ) && $value <= $limit;
|
unless defined( $value ) && $value < $limit;
|
||||||
|
|
||||||
if ( $value > $mask ) {
|
if ( $value > $mask ) {
|
||||||
#
|
#
|
||||||
# Not a valid TC mark -- must be a provider mark or a user mark
|
# Not a valid TC mark -- must be a provider mark or a user mark
|
||||||
#
|
#
|
||||||
fatal_error "Invalid Mark or Mask value ($mark)" unless ( $value & $globals{PROVIDER_MASK} ) == $value || ( $value & $globals{USER_MASK} ) == $value;
|
fatal_error "Invalid Mark or Mask value ($mark)"
|
||||||
|
unless( ( $value & $globals{PROVIDER_MASK} ) == $value ||
|
||||||
|
( $value & $globals{USER_MASK} ) == $value ||
|
||||||
|
( $value & $globals{ZONE_MASK} ) == $value );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3507,6 +3510,11 @@ sub do_test ( $$ )
|
|||||||
$mask = '' unless defined $mask;
|
$mask = '' unless defined $mask;
|
||||||
|
|
||||||
my $invert = $testval =~ s/^!// ? '! ' : '';
|
my $invert = $testval =~ s/^!// ? '! ' : '';
|
||||||
|
|
||||||
|
if ( $config{ZONE_BITS} ) {
|
||||||
|
$testval = join( '/', in_hex( find_zone( $testval )->{mark} ), in_hex( $globals{ZONE_MASK} ) ) unless $testval =~ /^\d/ || $testval =~ /:/;
|
||||||
|
}
|
||||||
|
|
||||||
my $match = $testval =~ s/:C$// ? "-m connmark ${invert}--mark" : "-m mark ${invert}--mark";
|
my $match = $testval =~ s/:C$// ? "-m connmark ${invert}--mark" : "-m mark ${invert}--mark";
|
||||||
|
|
||||||
fatal_error "Invalid MARK value ($originaltestval)" if $testval eq '/';
|
fatal_error "Invalid MARK value ($originaltestval)" if $testval eq '/';
|
||||||
|
@ -3735,7 +3735,7 @@ sub get_configuration( $$$ ) {
|
|||||||
numeric_option 'PROVIDER_OFFSET' , $config{HIGH_ROUTE_MARKS} ? $config{WIDE_TC_MARKS} ? 16 : 8 : 0, 0;
|
numeric_option 'PROVIDER_OFFSET' , $config{HIGH_ROUTE_MARKS} ? $config{WIDE_TC_MARKS} ? 16 : 8 : 0, 0;
|
||||||
numeric_option 'ZONE_BITS' , 0, 0;
|
numeric_option 'ZONE_BITS' , 0, 0;
|
||||||
|
|
||||||
require_capability 'MARK_ANYWHERE', 'A non-zero ZONE_BITS setting', 's';
|
require_capability 'MARK_ANYWHERE', 'A non-zero ZONE_BITS setting', 's' if $config{ZONE_BITS};
|
||||||
|
|
||||||
if ( $config{PROVIDER_OFFSET} ) {
|
if ( $config{PROVIDER_OFFSET} ) {
|
||||||
$config{PROVIDER_OFFSET} = $config{MASK_BITS} if $config{PROVIDER_OFFSET} < $config{MASK_BITS};
|
$config{PROVIDER_OFFSET} = $config{MASK_BITS} if $config{PROVIDER_OFFSET} < $config{MASK_BITS};
|
||||||
|
Loading…
Reference in New Issue
Block a user