Fix a parsing error; clean up output; disable TC and Multi-ISP in 6 for now

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8969 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-12-10 17:04:34 +00:00
parent 63f3b609f7
commit 71155835a1
9 changed files with 54 additions and 16 deletions

View File

@ -1982,7 +1982,7 @@ sub expand_rule( $$$$$$$$$$$ )
} else { } else {
$iiface = $source; $iiface = $source;
} }
} elsif ( $source =~ /^(.+?):\[(.+)\]\s+$/ ) { } elsif ( $source =~ /^(.+?):\[(.+)\]\s*$/ ) {
$iiface = $1; $iiface = $1;
$inets = $2; $inets = $2;
} elsif ( $source =~ /:/ ) { } elsif ( $source =~ /:/ ) {
@ -2065,7 +2065,7 @@ sub expand_rule( $$$$$$$$$$$ )
} else { } else {
$diface = $dest; $diface = $dest;
} }
} elsif ( $dest =~ /^(.+?):\[(.+)\]\s+$/ ) { } elsif ( $dest =~ /^(.+?):\[(.+)\]\s*$/ ) {
$diface = $1; $diface = $1;
$dnets = $2; $dnets = $2;
} elsif ( $dest =~ /:/ ) { } elsif ( $dest =~ /:/ ) {

View File

@ -65,8 +65,8 @@ sub reinitialize() {
Shorewall::Zones::initialize ($family); Shorewall::Zones::initialize ($family);
Shorewall::Policy::initialize; Shorewall::Policy::initialize;
Shorewall::Nat::initialize; Shorewall::Nat::initialize;
Shorewall::Providers::initialize; Shorewall::Providers::initialize($family);
Shorewall::Tc::initialize; Shorewall::Tc::initialize($family);
Shorewall::Actions::initialize; Shorewall::Actions::initialize;
Shorewall::Accounting::initialize; Shorewall::Accounting::initialize;
Shorewall::Rules::initialize($family); Shorewall::Rules::initialize($family);

View File

@ -46,6 +46,7 @@ our @EXPORT = qw(
warning_message warning_message
fatal_error fatal_error
progress_message progress_message
progress_message_nocompress
progress_message2 progress_message2
progress_message3 progress_message3
); );
@ -813,6 +814,24 @@ sub progress_message {
} }
} }
sub progress_message_nocompress {
my $havelocaltime = 0;
if ( $verbose > 1 ) {
timestamp, $havelocaltime = 1 if $timestamp;
print "@_\n";
}
if ( $log_verbose > 1 ) {
our @localtime;
@localtime = localtime unless $havelocaltime;
printf $log '%s %2d %2d:%02d:%02d ', $abbr[$localtime[4]], @localtime[3,2,1,0];
print $log "@_\n";
}
}
# #
# Write a message if $verbose >= 1 # Write a message if $verbose >= 1
# #

View File

@ -528,7 +528,7 @@ sub validate_6net( $$ ) {
fatal_error "An ipset name ($net) is not allowed in this context" if substr( $net, 0, 1 ) eq '+'; fatal_error "An ipset name ($net) is not allowed in this context" if substr( $net, 0, 1 ) eq '+';
if ( defined $vlsm ) { if ( defined $vlsm ) {
fatal_error "Invalid VLSM ($vlsm)" unless $vlsm =~ /^\d+$/ && $vlsm <= 64; fatal_error "Invalid VLSM ($vlsm)" unless $vlsm =~ /^\d+$/ && $vlsm <= 128;
fatal_error "Invalid Network address ($_[0])" if defined $rest; fatal_error "Invalid Network address ($_[0])" if defined $rest;
fatal_error "Invalid IPv6 address ($net)" unless valid_6address $net; fatal_error "Invalid IPv6 address ($net)" unless valid_6address $net;
} else { } else {

View File

@ -149,7 +149,7 @@ sub print_policy($$$$) {
my ( $sourceref, $destref ) = ( find_zone($source) ,find_zone( $dest ) ); my ( $sourceref, $destref ) = ( find_zone($source) ,find_zone( $dest ) );
warning_message "CONTINUE policy between two un-nested zones ($source, $dest)" if ! ( @{$sourceref->{parents}} || @{$destref->{parents}} ); warning_message "CONTINUE policy between two un-nested zones ($source, $dest)" if ! ( @{$sourceref->{parents}} || @{$destref->{parents}} );
} }
progress_message " Policy for $source to $dest is $policy using chain $chain" unless $source eq $dest; progress_message_nocompress " Policy for $source to $dest is $policy using chain $chain" unless $source eq $dest;
} }
} }
@ -362,7 +362,7 @@ sub policy_rules( $$$$$ ) {
} }
sub report_syn_flood_protection() { sub report_syn_flood_protection() {
progress_message ' Enabled SYN flood protection'; progress_message_nocompress ' Enabled SYN flood protection';
} }
sub default_policy( $$$ ) { sub default_policy( $$$ ) {
@ -396,7 +396,7 @@ sub default_policy( $$$ ) {
} }
} }
progress_message " Policy $policy from $_[1] to $_[2] using chain $chainref->{name}"; progress_message_nocompress " Policy $policy from $_[1] to $_[2] using chain $chainref->{name}";
} }

View File

@ -54,6 +54,8 @@ our %providers;
our @providers; our @providers;
our $family;
# #
# Initialize globals -- we take this novel approach to globals initialization to allow # Initialize globals -- we take this novel approach to globals initialization to allow
@ -64,7 +66,9 @@ our @providers;
# the second and subsequent calls to that function. # the second and subsequent calls to that function.
# #
sub initialize() { sub initialize( $ ) {
$family = shift;
@routemarked_providers = (); @routemarked_providers = ();
%routemarked_interfaces = (); %routemarked_interfaces = ();
@routemarked_interfaces = (); @routemarked_interfaces = ();
@ -79,7 +83,7 @@ sub initialize() {
} }
INIT { INIT {
initialize; initialize( F_IPV4 );
} }
# #
@ -481,6 +485,8 @@ sub setup_providers() {
while ( read_a_line ) { while ( read_a_line ) {
unless ( $providers ) { unless ( $providers ) {
progress_message2 "$doing $fn ..."; progress_message2 "$doing $fn ...";
fatal_error "Multi-ISP support is not yet available in Shorewall6" if $family == F_IPV6;
require_capability( 'MANGLE_ENABLED' , 'a non-empty providers file' , 's' ); require_capability( 'MANGLE_ENABLED' , 'a non-empty providers file' , 's' );
fatal_error "A non-empty providers file is not permitted with MANGLE_ENABLED=No" unless $config{MANGLE_ENABLED}; fatal_error "A non-empty providers file is not permitted with MANGLE_ENABLED=No" unless $config{MANGLE_ENABLED};

View File

@ -128,7 +128,7 @@ sub process_tos() {
if ( $family == F_IPV4 ) { if ( $family == F_IPV4 ) {
( $srczone , $source , $remainder ) = split( /:/, $src, 3 ); ( $srczone , $source , $remainder ) = split( /:/, $src, 3 );
fatal_error 'Invalid SOURCE' if defined $remainder; fatal_error 'Invalid SOURCE' if defined $remainder;
} elsif ( $src =~ /^(.+?):\[(.*)]\s$/ ) { } elsif ( $src =~ /^(.+?):\[(.*)]\s*$/ ) {
$srczone = $1; $srczone = $1;
$source = $2; $source = $2;
} else { } else {

View File

@ -155,6 +155,8 @@ our %restrictions = ( tcpre => PREROUTE_RESTRICT ,
tcfor => NO_RESTRICT , tcfor => NO_RESTRICT ,
tcout => OUTPUT_RESTRICT ); tcout => OUTPUT_RESTRICT );
our $family;
# #
# Initialize globals -- we take this novel approach to globals initialization to allow # Initialize globals -- we take this novel approach to globals initialization to allow
# the compiler to run multiple times in the same process. The # the compiler to run multiple times in the same process. The
@ -164,7 +166,8 @@ our %restrictions = ( tcpre => PREROUTE_RESTRICT ,
# the second and subsequent calls to that function. # the second and subsequent calls to that function.
# #
sub initialize() { sub initialize( $ ) {
$family = shift;
%classids = (); %classids = ();
@deferred_rules = (); @deferred_rules = ();
@tcdevices = (); @tcdevices = ();
@ -176,7 +179,7 @@ sub initialize() {
} }
INIT { INIT {
initialize; initialize( F_IPV4 );
} }
sub process_tc_rule( $$$$$$$$$$$$ ) { sub process_tc_rule( $$$$$$$$$$$$ ) {
@ -339,6 +342,8 @@ sub validate_tc_device( $$$$$ ) {
my $devnumber; my $devnumber;
fatal_error "Traffic Shaping is not yet available in Shorewall6" if $family == F_IPV6;
if ( $device =~ /:/ ) { if ( $device =~ /:/ ) {
( my $number, $device, my $rest ) = split /:/, $device, 3; ( my $number, $device, my $rest ) = split /:/, $device, 3;

View File

@ -374,7 +374,7 @@ sub zone_report()
$type = $ipzone if $type eq 'ip'; $type = $ipzone if $type eq 'ip';
progress_message " $zone ($type)"; progress_message_nocompress " $zone ($type)";
my $printed = 0; my $printed = 0;
@ -388,7 +388,11 @@ sub zone_report()
my $hosts = $groupref->{hosts}; my $hosts = $groupref->{hosts};
if ( $hosts ) { if ( $hosts ) {
my $grouplist = join ',', ( @$hosts ); my $grouplist = join ',', ( @$hosts );
progress_message " $interface:$grouplist"; if ( $family == F_IPV4 ) {
progress_message_nocompress " $interface:$grouplist";
} else {
progress_message_nocompress " $interface:\[$grouplist\]";
}
$printed = 1; $printed = 1;
} }
} }
@ -443,7 +447,11 @@ sub dump_zone_contents()
my $hosts = $groupref->{hosts}; my $hosts = $groupref->{hosts};
if ( $hosts ) { if ( $hosts ) {
my $grouplist = join ',', ( @$hosts ); my $grouplist = join ',', ( @$hosts );
if ( $family == F_IPV4 ) {
$entry .= " $interface:$grouplist"; $entry .= " $interface:$grouplist";
} else {
$entry .= " $interface:\[$grouplist\]";
}
} }
} }
} }