From 86df82a29ae82def881ba56efb3c00064e4b4115 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 23 Oct 2009 13:41:51 -0700 Subject: [PATCH] Fix IPv6 address validation error --- Shorewall/Perl/Shorewall/Compiler.pm | 2 +- Shorewall/Perl/Shorewall/IPAddrs.pm | 1 + Shorewall/Perl/Shorewall/Providers.pm | 8 ++++++-- Shorewall/changelog.txt | 2 ++ Shorewall/releasenotes.txt | 3 +++ 5 files changed, 13 insertions(+), 3 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm index fedefc1af..3f620765b 100644 --- a/Shorewall/Perl/Shorewall/Compiler.pm +++ b/Shorewall/Perl/Shorewall/Compiler.pm @@ -100,7 +100,7 @@ sub generate_script_1() { EOF copy1 $lib; - emit "/n"; + emit "\n"; } emit <<'EOF'; diff --git a/Shorewall/Perl/Shorewall/IPAddrs.pm b/Shorewall/Perl/Shorewall/IPAddrs.pm index 6cf1b44f1..d17fc112b 100644 --- a/Shorewall/Perl/Shorewall/IPAddrs.pm +++ b/Shorewall/Perl/Shorewall/IPAddrs.pm @@ -476,6 +476,7 @@ sub valid_6address( $ ) { return 0 unless valid_4address pop @address; $max = 6; $address = join ':', @address; + return 1 if @address eq ':'; } else { $max = 8; } diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index 493064392..f7b55be2b 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -143,10 +143,12 @@ sub setup_route_marking() { sub copy_table( $$$ ) { my ( $duplicate, $number, $realm ) = @_; + my $filter = $family == F_IPV6 ? q(sed 's/ via :: / /' | ) : ''; + if ( $realm ) { emit ( "\$IP -$family route show table $duplicate | sed -r 's/ realm [[:alnum:]_]+//' | while read net route; do" ) } else { - emit ( "\$IP -$family route show table $duplicate | while read net route; do" ) + emit ( "\$IP -$family route show table $duplicate | ${filter}while read net route; do" ) } emit ( ' case $net in', @@ -162,11 +164,13 @@ sub copy_table( $$$ ) { sub copy_and_edit_table( $$$$ ) { my ( $duplicate, $number, $copy, $realm) = @_; + + my $filter = $family == F_IPV6 ? q(sed 's/ via :: / /' | ) : ''; if ( $realm ) { emit ( "\$IP -$family route show table $duplicate | sed -r 's/ realm [[:alnum:]_]+//' | while read net route; do" ) } else { - emit ( "\$IP -$family route show table $duplicate | while read net route; do" ) + emit ( "\$IP -$family route show table $duplicate | ${filter}while read net route; do" ) } emit ( ' case $net in', diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 913d17a30..b2c570428 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -20,6 +20,8 @@ Changes in Shorewall 4.4.3 10) Add TRACK_PROVIDERS option. +11) Fix IPv6 address parsing bug. + Changes in Shorewall 4.4.2 1) BUGFIX: Correct detection of Persistent SNAT support diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 614e839c9..b8aa7a9fd 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -194,6 +194,9 @@ Shorewall 4.4.3 interface (name ends with +) in /etc/shorewall/interfaces did not work correctly in all cases. +5) IPv4 addresses embedded in IPv6 (e.g., ::192.168.1.5) were + incorrectly reported as invalid. + ---------------------------------------------------------------------------- K N O W N P R O B L E M S R E M A I N I N G ----------------------------------------------------------------------------