From 71155835a1fa5432c8274d428c6a1c918b2b1faa Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 10 Dec 2008 17:04:34 +0000 Subject: [PATCH] Fix a parsing error; clean up output; disable TC and Multi-ISP in 6 for now git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8969 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-perl/Shorewall/Chains.pm | 4 ++-- Shorewall-perl/Shorewall/Compiler.pm | 4 ++-- Shorewall-perl/Shorewall/Config.pm | 19 +++++++++++++++++++ Shorewall-perl/Shorewall/IPAddrs.pm | 2 +- Shorewall-perl/Shorewall/Policy.pm | 6 +++--- Shorewall-perl/Shorewall/Providers.pm | 10 ++++++++-- Shorewall-perl/Shorewall/Rules.pm | 2 +- Shorewall-perl/Shorewall/Tc.pm | 9 +++++++-- Shorewall-perl/Shorewall/Zones.pm | 14 +++++++++++--- 9 files changed, 54 insertions(+), 16 deletions(-) diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm index e990a4eee..f9f394025 100644 --- a/Shorewall-perl/Shorewall/Chains.pm +++ b/Shorewall-perl/Shorewall/Chains.pm @@ -1982,7 +1982,7 @@ sub expand_rule( $$$$$$$$$$$ ) } else { $iiface = $source; } - } elsif ( $source =~ /^(.+?):\[(.+)\]\s+$/ ) { + } elsif ( $source =~ /^(.+?):\[(.+)\]\s*$/ ) { $iiface = $1; $inets = $2; } elsif ( $source =~ /:/ ) { @@ -2065,7 +2065,7 @@ sub expand_rule( $$$$$$$$$$$ ) } else { $diface = $dest; } - } elsif ( $dest =~ /^(.+?):\[(.+)\]\s+$/ ) { + } elsif ( $dest =~ /^(.+?):\[(.+)\]\s*$/ ) { $diface = $1; $dnets = $2; } elsif ( $dest =~ /:/ ) { diff --git a/Shorewall-perl/Shorewall/Compiler.pm b/Shorewall-perl/Shorewall/Compiler.pm index 3018a2326..2f1ff07ad 100644 --- a/Shorewall-perl/Shorewall/Compiler.pm +++ b/Shorewall-perl/Shorewall/Compiler.pm @@ -65,8 +65,8 @@ sub reinitialize() { Shorewall::Zones::initialize ($family); Shorewall::Policy::initialize; Shorewall::Nat::initialize; - Shorewall::Providers::initialize; - Shorewall::Tc::initialize; + Shorewall::Providers::initialize($family); + Shorewall::Tc::initialize($family); Shorewall::Actions::initialize; Shorewall::Accounting::initialize; Shorewall::Rules::initialize($family); diff --git a/Shorewall-perl/Shorewall/Config.pm b/Shorewall-perl/Shorewall/Config.pm index f104c6ac3..93263ab5e 100644 --- a/Shorewall-perl/Shorewall/Config.pm +++ b/Shorewall-perl/Shorewall/Config.pm @@ -46,6 +46,7 @@ our @EXPORT = qw( warning_message fatal_error progress_message + progress_message_nocompress progress_message2 progress_message3 ); @@ -813,6 +814,24 @@ sub progress_message { } } +sub progress_message_nocompress { + my $havelocaltime = 0; + + if ( $verbose > 1 ) { + timestamp, $havelocaltime = 1 if $timestamp; + print "@_\n"; + } + + if ( $log_verbose > 1 ) { + our @localtime; + + @localtime = localtime unless $havelocaltime; + + printf $log '%s %2d %2d:%02d:%02d ', $abbr[$localtime[4]], @localtime[3,2,1,0]; + print $log "@_\n"; + } +} + # # Write a message if $verbose >= 1 # diff --git a/Shorewall-perl/Shorewall/IPAddrs.pm b/Shorewall-perl/Shorewall/IPAddrs.pm index da1f13343..eecd1f19b 100644 --- a/Shorewall-perl/Shorewall/IPAddrs.pm +++ b/Shorewall-perl/Shorewall/IPAddrs.pm @@ -528,7 +528,7 @@ sub validate_6net( $$ ) { fatal_error "An ipset name ($net) is not allowed in this context" if substr( $net, 0, 1 ) eq '+'; if ( defined $vlsm ) { - fatal_error "Invalid VLSM ($vlsm)" unless $vlsm =~ /^\d+$/ && $vlsm <= 64; + fatal_error "Invalid VLSM ($vlsm)" unless $vlsm =~ /^\d+$/ && $vlsm <= 128; fatal_error "Invalid Network address ($_[0])" if defined $rest; fatal_error "Invalid IPv6 address ($net)" unless valid_6address $net; } else { diff --git a/Shorewall-perl/Shorewall/Policy.pm b/Shorewall-perl/Shorewall/Policy.pm index db2c333ba..414a1e6f4 100644 --- a/Shorewall-perl/Shorewall/Policy.pm +++ b/Shorewall-perl/Shorewall/Policy.pm @@ -149,7 +149,7 @@ sub print_policy($$$$) { my ( $sourceref, $destref ) = ( find_zone($source) ,find_zone( $dest ) ); warning_message "CONTINUE policy between two un-nested zones ($source, $dest)" if ! ( @{$sourceref->{parents}} || @{$destref->{parents}} ); } - progress_message " Policy for $source to $dest is $policy using chain $chain" unless $source eq $dest; + progress_message_nocompress " Policy for $source to $dest is $policy using chain $chain" unless $source eq $dest; } } @@ -362,7 +362,7 @@ sub policy_rules( $$$$$ ) { } sub report_syn_flood_protection() { - progress_message ' Enabled SYN flood protection'; + progress_message_nocompress ' Enabled SYN flood protection'; } sub default_policy( $$$ ) { @@ -396,7 +396,7 @@ sub default_policy( $$$ ) { } } - progress_message " Policy $policy from $_[1] to $_[2] using chain $chainref->{name}"; + progress_message_nocompress " Policy $policy from $_[1] to $_[2] using chain $chainref->{name}"; } diff --git a/Shorewall-perl/Shorewall/Providers.pm b/Shorewall-perl/Shorewall/Providers.pm index 8dfd74537..816d2cff0 100644 --- a/Shorewall-perl/Shorewall/Providers.pm +++ b/Shorewall-perl/Shorewall/Providers.pm @@ -54,6 +54,8 @@ our %providers; our @providers; +our $family; + # # Initialize globals -- we take this novel approach to globals initialization to allow @@ -64,7 +66,9 @@ our @providers; # the second and subsequent calls to that function. # -sub initialize() { +sub initialize( $ ) { + $family = shift; + @routemarked_providers = (); %routemarked_interfaces = (); @routemarked_interfaces = (); @@ -79,7 +83,7 @@ sub initialize() { } INIT { - initialize; + initialize( F_IPV4 ); } # @@ -481,6 +485,8 @@ sub setup_providers() { while ( read_a_line ) { unless ( $providers ) { progress_message2 "$doing $fn ..."; + fatal_error "Multi-ISP support is not yet available in Shorewall6" if $family == F_IPV6; + require_capability( 'MANGLE_ENABLED' , 'a non-empty providers file' , 's' ); fatal_error "A non-empty providers file is not permitted with MANGLE_ENABLED=No" unless $config{MANGLE_ENABLED}; diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm index a695adedf..705640987 100644 --- a/Shorewall-perl/Shorewall/Rules.pm +++ b/Shorewall-perl/Shorewall/Rules.pm @@ -128,7 +128,7 @@ sub process_tos() { if ( $family == F_IPV4 ) { ( $srczone , $source , $remainder ) = split( /:/, $src, 3 ); fatal_error 'Invalid SOURCE' if defined $remainder; - } elsif ( $src =~ /^(.+?):\[(.*)]\s$/ ) { + } elsif ( $src =~ /^(.+?):\[(.*)]\s*$/ ) { $srczone = $1; $source = $2; } else { diff --git a/Shorewall-perl/Shorewall/Tc.pm b/Shorewall-perl/Shorewall/Tc.pm index 5c6ced6dd..d9d168edd 100644 --- a/Shorewall-perl/Shorewall/Tc.pm +++ b/Shorewall-perl/Shorewall/Tc.pm @@ -155,6 +155,8 @@ our %restrictions = ( tcpre => PREROUTE_RESTRICT , tcfor => NO_RESTRICT , tcout => OUTPUT_RESTRICT ); +our $family; + # # Initialize globals -- we take this novel approach to globals initialization to allow # the compiler to run multiple times in the same process. The @@ -164,7 +166,8 @@ our %restrictions = ( tcpre => PREROUTE_RESTRICT , # the second and subsequent calls to that function. # -sub initialize() { +sub initialize( $ ) { + $family = shift; %classids = (); @deferred_rules = (); @tcdevices = (); @@ -176,7 +179,7 @@ sub initialize() { } INIT { - initialize; + initialize( F_IPV4 ); } sub process_tc_rule( $$$$$$$$$$$$ ) { @@ -339,6 +342,8 @@ sub validate_tc_device( $$$$$ ) { my $devnumber; + fatal_error "Traffic Shaping is not yet available in Shorewall6" if $family == F_IPV6; + if ( $device =~ /:/ ) { ( my $number, $device, my $rest ) = split /:/, $device, 3; diff --git a/Shorewall-perl/Shorewall/Zones.pm b/Shorewall-perl/Shorewall/Zones.pm index 17d3dc7cb..bee62356a 100644 --- a/Shorewall-perl/Shorewall/Zones.pm +++ b/Shorewall-perl/Shorewall/Zones.pm @@ -374,7 +374,7 @@ sub zone_report() $type = $ipzone if $type eq 'ip'; - progress_message " $zone ($type)"; + progress_message_nocompress " $zone ($type)"; my $printed = 0; @@ -388,7 +388,11 @@ sub zone_report() my $hosts = $groupref->{hosts}; if ( $hosts ) { my $grouplist = join ',', ( @$hosts ); - progress_message " $interface:$grouplist"; + if ( $family == F_IPV4 ) { + progress_message_nocompress " $interface:$grouplist"; + } else { + progress_message_nocompress " $interface:\[$grouplist\]"; + } $printed = 1; } } @@ -443,7 +447,11 @@ sub dump_zone_contents() my $hosts = $groupref->{hosts}; if ( $hosts ) { my $grouplist = join ',', ( @$hosts ); - $entry .= " $interface:$grouplist"; + if ( $family == F_IPV4 ) { + $entry .= " $interface:$grouplist"; + } else { + $entry .= " $interface:\[$grouplist\]"; + } } } }