holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Some editing cleanup

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8410 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-04-09 22:56:23 +00:00
parent 94113e0312
commit 9d4ec13e47
4 changed files with 24 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall-perl/Shorewall/Compiler.pm
View File

@ -728,7 +728,7 @@ sub compiler {
sub edit_verbosity( $ ) { sub edit_verbosity( $ ) {
my $val = numeric_value( shift ); my $val = numeric_value( shift );
defined($val) && ($val >= -1) && ($val < 3); defined($val) && ($val >= MIN_VERBOSITY) && ($val <= MAX_VERBOSITY);
} }
my %parms = ( object => { store => \$objectfile }, my %parms = ( object => { store => \$objectfile },

13
Shorewall-perl/Shorewall/Config.pm
View File

@ -55,6 +55,7 @@ our @EXPORT_OK = qw( $shorewall_dir initialize read_a_line1 set_config_path shor
our %EXPORT_TAGS = ( internal => [ qw( create_temp_object our %EXPORT_TAGS = ( internal => [ qw( create_temp_object
finalize_object finalize_object
numeric_value numeric_value
numeric_value1
in_hex in_hex
in_hex2 in_hex2
in_hex3 in_hex3
@ -106,6 +107,9 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_object
%config %config
%globals %globals
%capabilities %capabilities
MIN_VERBOSITY
MAX_VERBOSITY
) ] ); ) ] );
Exporter::export_ok_tags('internal'); Exporter::export_ok_tags('internal');
@ -228,6 +232,9 @@ our $shorewall_dir; # Shorewall Directory
our $debug; # If true, use Carp to report errors with stack trace. our $debug; # If true, use Carp to report errors with stack trace.
use constant { MIN_VERBOSITY => -1,
MAX_VERBOSITY => 2 };
# #
# Initialize globals -- we take this novel approach to globals initialization to allow # Initialize globals -- we take this novel approach to globals initialization to allow
# the compiler to run multiple times in the same process. The # the compiler to run multiple times in the same process. The
@ -525,6 +532,12 @@ sub numeric_value ( $ ) {
$mark =~ /^0/ ? oct $mark : $mark; $mark =~ /^0/ ? oct $mark : $mark;
} }
sub numeric_value1 ( $ ) {
my $val = numeric_value $_[0];
fatal_error "Invalid Number ($_[0])" unless defined $val;
$val;
}
# #
# Return the argument expressed in Hex # Return the argument expressed in Hex
# #

8
Shorewall-perl/Shorewall/Policy.pm
View File

@ -219,11 +219,11 @@ sub validate_policy()
my $clientwild = ( "\L$client" eq 'all' ); my $clientwild = ( "\L$client" eq 'all' );
fatal_error "Undefined zone $client" unless $clientwild || defined_zone( $client ); fatal_error "Undefined zone ($client)" unless $clientwild || defined_zone( $client );
my $serverwild = ( "\L$server" eq 'all' ); my $serverwild = ( "\L$server" eq 'all' );
fatal_error "Undefined zone $server" unless $serverwild || defined_zone( $server ); fatal_error "Undefined zone ($server)" unless $serverwild || defined_zone( $server );
my ( $policy, $default, $remainder ) = split( /:/, $originalpolicy, 3 ); my ( $policy, $default, $remainder ) = split( /:/, $originalpolicy, 3 );
@ -252,10 +252,10 @@ sub validate_policy()
$default = $default_actions{$policy} || ''; $default = $default_actions{$policy} || '';
} }
fatal_error "Invalid policy $policy" unless exists $validpolicies{$policy}; fatal_error "Invalid policy ($policy)" unless exists $validpolicies{$policy};
if ( defined $queue ) { if ( defined $queue ) {
fatal_error "Invalid policy ($policy/$queue)" unless $policy eq 'NFQUEUE'; fatal_error "Invalid policy ($policy($queue))" unless $policy eq 'NFQUEUE';
require_capability( 'NFQUEUE_TARGET', 'An NFQUEUE Policy', 's' ); require_capability( 'NFQUEUE_TARGET', 'An NFQUEUE Policy', 's' );
my $queuenum = numeric_value( $queue ); my $queuenum = numeric_value( $queue );
fatal_error "Invalid NFQUEUE queue number ($queue)" unless defined( $queuenum) && $queuenum <= 65535; fatal_error "Invalid NFQUEUE queue number ($queue)" unless defined( $queuenum) && $queuenum <= 65535;

9
Shorewall-perl/Shorewall/Tc.pm
View File

@ -274,8 +274,10 @@ sub process_tc_rule( $$$$$$$$$$$ ) {
validate_mark $mark; validate_mark $mark;
if ( $config{HIGH_ROUTE_MARKS} ) { if ( $config{HIGH_ROUTE_MARKS} ) {
my $val = numeric_value( $cmd );
fatal_error "Invalid MARK/CLASSIFY ($cmd)" unless defined $val;
fatal_error 'Marks < 256 may not be set in the PREROUTING or OUTPUT chains when HIGH_ROUTE_MARKS=Yes' fatal_error 'Marks < 256 may not be set in the PREROUTING or OUTPUT chains when HIGH_ROUTE_MARKS=Yes'
if $cmd && ( $chain eq 'tcpre' || $chain eq 'tcout' ) && numeric_value( $cmd ) <= 0xFF; if $cmd && ( $chain eq 'tcpre' || $chain eq 'tcout' ) && $val <= 0xFF;
} }
} }
} }
@ -475,6 +477,7 @@ sub validate_tc_class( $$$$$$ ) {
fatal_error "Invalid Mark ($mark)" unless $mark =~ /^([0-9]+|0x[0-9a-f]+)$/ && numeric_value( $mark ) <= 0xff; fatal_error "Invalid Mark ($mark)" unless $mark =~ /^([0-9]+|0x[0-9a-f]+)$/ && numeric_value( $mark ) <= 0xff;
$markval = numeric_value( $mark ); $markval = numeric_value( $mark );
fatal_error "Invalid MARK ($markval)" unless defined $markval;
fatal_error "Duplicate MARK ($mark)" if $tcref->{$classnumber}; fatal_error "Duplicate MARK ($mark)" if $tcref->{$classnumber};
$classnumber = $devnum . $mark; $classnumber = $devnum . $mark;
} }
@ -623,8 +626,8 @@ sub process_tc_filter( $$$$$$ ) {
my ( $icmptype , $icmpcode ) = split '//', validate_icmp( $portrange ); my ( $icmptype , $icmpcode ) = split '//', validate_icmp( $portrange );
$icmptype = in_hex2 numeric_value $icmptype; $icmptype = in_hex2 numeric_value1 $icmptype;
$icmpcode = in_hex2 numeric_value $icmpcode if defined $icmpcode; $icmpcode = in_hex2 numeric_value1 $icmpcode if defined $icmpcode;
my $rule1 = " match u8 $icmptype 0xff at nexthdr+0"; my $rule1 = " match u8 $icmptype 0xff at nexthdr+0";
$rule1 .= "\\\n match u8 $icmpcode 0xff at nexthdr+1" if defined $icmpcode; $rule1 .= "\\\n match u8 $icmpcode 0xff at nexthdr+1" if defined $icmpcode;