Fix service validation

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8332 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2008-03-22 14:54:10 +00:00 · 2008-03-22 14:54:10 +00:00 · 942d6bf6f5
commit 942d6bf6f5
parent 3bf59ff03a
2 changed files with 21 additions and 5 deletions
--- a/Shorewall-perl/Shorewall/IPAddrs.pm
+++ b/Shorewall-perl/Shorewall/IPAddrs.pm
@ -256,7 +256,7 @@ sub validate_port( $$ ) {
    if ( $port =~ /^(\d+)$/ ) {
 	return $port if $port <= 65535;
    } else {
-	$proto = getprotobyname $proto if $proto =~ /^(\d+)$/;
+	$proto = getprotobynumber $proto if $proto =~ /^(\d+)$/;
 	$value = getservbyname( $port, $proto );
    }

@ -363,7 +363,7 @@ sub validate_icmp( $ ) {
 # Example:
 #
 #       DB<3> @foo = Shorewall::IPAddrs::expand_port_range( 6, '110:' ); print "@foo\n"
-#            006e fffe 0070 fff0 0080 ff80 0100 ff00 0200 fe00 0400 fc00 0800 f800 1000 f000 2000 e000 4000 c000 8000 8000
+#       006e fffe 0070 fff0 0080 ff80 0100 ff00 0200 fe00 0400 fc00 0800 f800 1000 f000 2000 e000 4000 c000 8000 8000
 #
 sub expand_port_range( $$ ) {
    my ( $proto, $range ) = @_;
--- a/Shorewall-perl/Shorewall/Tc.pm
+++ b/Shorewall-perl/Shorewall/Tc.pm
@ -569,14 +569,28 @@ sub process_tc_filter( $$$$$$ ) {
 	      "   flowid $devref->{number}:$class" ,
 	      '' );
    } else {
+	our $lastrule;
+	our $lasttnum;
 	#
 	# In order to be able to access the protocol header, we must create another hash table and link to it.
 	#
 	# Create the Table.
 	#
-	my $tnum = in_hex3 $devref->{tablenumber}++;
+	my $tnum;

-	emit( "\nrun_tc filter add dev $device parent $devnum:0 protocol ip pref 10 handle $tnum: u32 divisor 1" );
+	if ( $lastrule eq $rule ) {
+	    #
+	    # The source, dest and protocol are the same as the last rule that specified a port
+	    # Use the same table
+	    #
+	    $tnum = $lasttnum
+	} else {
+	    $tnum     = in_hex3 $devref->{tablenumber}++;
+	    $lasttnum = $tnum;
+	    $lastrule = $rule;
+
+	    emit( "\nrun_tc filter add dev $device parent $devnum:0 protocol ip pref 10 handle $tnum: u32 divisor 1" );
+	}
 	#
 	# And link to it using the current contents of $rule
 	#
@ -585,7 +599,7 @@ sub process_tc_filter( $$$$$$ ) {
 	#
 	# The rule to match the port(s) will be inserted into the new table
 	#
-	$rule = "filter add dev $device protocol ip parent $devnum:0 pref 10 u32 ht $tnum:0";
+	$rule     = "filter add dev $device protocol ip parent $devnum:0 pref 10 u32 ht $tnum:0";

 	if ( $portlist eq '-' ) {
 	    fatal_error "Only TCP, UDP and SCTP may specify SOURCE PORT" 
@ -664,6 +678,8 @@ sub process_tc_filter( $$$$$$ ) {
 }   

 sub setup_traffic_shaping() {
+    our $lastrule = '';
+
    save_progress_message "Setting up Traffic Control...";

    my $fn = open_file 'tcdevices';