Fix a parsing error; clean up output; disable TC and Multi-ISP in 6 for now

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8969 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-12-10 17:04:34 +00:00
parent 63f3b609f7
commit 71155835a1
9 changed files with 54 additions and 16 deletions

View File

@ -1982,7 +1982,7 @@ sub expand_rule( $$$$$$$$$$$ )
} else {
$iiface = $source;
}
} elsif ( $source =~ /^(.+?):\[(.+)\]\s+$/ ) {
} elsif ( $source =~ /^(.+?):\[(.+)\]\s*$/ ) {
$iiface = $1;
$inets = $2;
} elsif ( $source =~ /:/ ) {
@ -2065,7 +2065,7 @@ sub expand_rule( $$$$$$$$$$$ )
} else {
$diface = $dest;
}
} elsif ( $dest =~ /^(.+?):\[(.+)\]\s+$/ ) {
} elsif ( $dest =~ /^(.+?):\[(.+)\]\s*$/ ) {
$diface = $1;
$dnets = $2;
} elsif ( $dest =~ /:/ ) {

View File

@ -65,8 +65,8 @@ sub reinitialize() {
Shorewall::Zones::initialize ($family);
Shorewall::Policy::initialize;
Shorewall::Nat::initialize;
Shorewall::Providers::initialize;
Shorewall::Tc::initialize;
Shorewall::Providers::initialize($family);
Shorewall::Tc::initialize($family);
Shorewall::Actions::initialize;
Shorewall::Accounting::initialize;
Shorewall::Rules::initialize($family);

View File

@ -46,6 +46,7 @@ our @EXPORT = qw(
warning_message
fatal_error
progress_message
progress_message_nocompress
progress_message2
progress_message3
);
@ -813,6 +814,24 @@ sub progress_message {
}
}
sub progress_message_nocompress {
my $havelocaltime = 0;
if ( $verbose > 1 ) {
timestamp, $havelocaltime = 1 if $timestamp;
print "@_\n";
}
if ( $log_verbose > 1 ) {
our @localtime;
@localtime = localtime unless $havelocaltime;
printf $log '%s %2d %2d:%02d:%02d ', $abbr[$localtime[4]], @localtime[3,2,1,0];
print $log "@_\n";
}
}
#
# Write a message if $verbose >= 1
#

View File

@ -528,7 +528,7 @@ sub validate_6net( $$ ) {
fatal_error "An ipset name ($net) is not allowed in this context" if substr( $net, 0, 1 ) eq '+';
if ( defined $vlsm ) {
fatal_error "Invalid VLSM ($vlsm)" unless $vlsm =~ /^\d+$/ && $vlsm <= 64;
fatal_error "Invalid VLSM ($vlsm)" unless $vlsm =~ /^\d+$/ && $vlsm <= 128;
fatal_error "Invalid Network address ($_[0])" if defined $rest;
fatal_error "Invalid IPv6 address ($net)" unless valid_6address $net;
} else {

View File

@ -149,7 +149,7 @@ sub print_policy($$$$) {
my ( $sourceref, $destref ) = ( find_zone($source) ,find_zone( $dest ) );
warning_message "CONTINUE policy between two un-nested zones ($source, $dest)" if ! ( @{$sourceref->{parents}} || @{$destref->{parents}} );
}
progress_message " Policy for $source to $dest is $policy using chain $chain" unless $source eq $dest;
progress_message_nocompress " Policy for $source to $dest is $policy using chain $chain" unless $source eq $dest;
}
}
@ -362,7 +362,7 @@ sub policy_rules( $$$$$ ) {
}
sub report_syn_flood_protection() {
progress_message ' Enabled SYN flood protection';
progress_message_nocompress ' Enabled SYN flood protection';
}
sub default_policy( $$$ ) {
@ -396,7 +396,7 @@ sub default_policy( $$$ ) {
}
}
progress_message " Policy $policy from $_[1] to $_[2] using chain $chainref->{name}";
progress_message_nocompress " Policy $policy from $_[1] to $_[2] using chain $chainref->{name}";
}

View File

@ -54,6 +54,8 @@ our %providers;
our @providers;
our $family;
#
# Initialize globals -- we take this novel approach to globals initialization to allow
@ -64,7 +66,9 @@ our @providers;
# the second and subsequent calls to that function.
#
sub initialize() {
sub initialize( $ ) {
$family = shift;
@routemarked_providers = ();
%routemarked_interfaces = ();
@routemarked_interfaces = ();
@ -79,7 +83,7 @@ sub initialize() {
}
INIT {
initialize;
initialize( F_IPV4 );
}
#
@ -481,6 +485,8 @@ sub setup_providers() {
while ( read_a_line ) {
unless ( $providers ) {
progress_message2 "$doing $fn ...";
fatal_error "Multi-ISP support is not yet available in Shorewall6" if $family == F_IPV6;
require_capability( 'MANGLE_ENABLED' , 'a non-empty providers file' , 's' );
fatal_error "A non-empty providers file is not permitted with MANGLE_ENABLED=No" unless $config{MANGLE_ENABLED};

View File

@ -128,7 +128,7 @@ sub process_tos() {
if ( $family == F_IPV4 ) {
( $srczone , $source , $remainder ) = split( /:/, $src, 3 );
fatal_error 'Invalid SOURCE' if defined $remainder;
} elsif ( $src =~ /^(.+?):\[(.*)]\s$/ ) {
} elsif ( $src =~ /^(.+?):\[(.*)]\s*$/ ) {
$srczone = $1;
$source = $2;
} else {

View File

@ -155,6 +155,8 @@ our %restrictions = ( tcpre => PREROUTE_RESTRICT ,
tcfor => NO_RESTRICT ,
tcout => OUTPUT_RESTRICT );
our $family;
#
# Initialize globals -- we take this novel approach to globals initialization to allow
# the compiler to run multiple times in the same process. The
@ -164,7 +166,8 @@ our %restrictions = ( tcpre => PREROUTE_RESTRICT ,
# the second and subsequent calls to that function.
#
sub initialize() {
sub initialize( $ ) {
$family = shift;
%classids = ();
@deferred_rules = ();
@tcdevices = ();
@ -176,7 +179,7 @@ sub initialize() {
}
INIT {
initialize;
initialize( F_IPV4 );
}
sub process_tc_rule( $$$$$$$$$$$$ ) {
@ -339,6 +342,8 @@ sub validate_tc_device( $$$$$ ) {
my $devnumber;
fatal_error "Traffic Shaping is not yet available in Shorewall6" if $family == F_IPV6;
if ( $device =~ /:/ ) {
( my $number, $device, my $rest ) = split /:/, $device, 3;

View File

@ -374,7 +374,7 @@ sub zone_report()
$type = $ipzone if $type eq 'ip';
progress_message " $zone ($type)";
progress_message_nocompress " $zone ($type)";
my $printed = 0;
@ -388,7 +388,11 @@ sub zone_report()
my $hosts = $groupref->{hosts};
if ( $hosts ) {
my $grouplist = join ',', ( @$hosts );
progress_message " $interface:$grouplist";
if ( $family == F_IPV4 ) {
progress_message_nocompress " $interface:$grouplist";
} else {
progress_message_nocompress " $interface:\[$grouplist\]";
}
$printed = 1;
}
}
@ -443,7 +447,11 @@ sub dump_zone_contents()
my $hosts = $groupref->{hosts};
if ( $hosts ) {
my $grouplist = join ',', ( @$hosts );
if ( $family == F_IPV4 ) {
$entry .= " $interface:$grouplist";
} else {
$entry .= " $interface:\[$grouplist\]";
}
}
}
}