holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Correct helper parsing in the Raw module.

Browse Source 
- Require (...) around multiple ctevents
- Detect invalid options

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-08-05 08:09:17 -07:00
parent 9a0d53194a
commit b4c812b676
3 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Shorewall/Perl/Shorewall/Raw.pm
View File

@ -87,24 +87,26 @@ sub process_notrack_rule( $$$$$$$ ) {
$action = "CT --helper $args";
$exception_rule = do_proto( $proto, '-', '-' );
for my $mod ( split ',', $modifiers ) {
for my $mod ( split_list1( $modifiers, 'ctevents' ) ) {
fatal_error "Invalid helper option ($mod)" unless $mod =~ /^(\w+)=(.+)$/;
$mod = $1;
$args = $2;
$mod = $1;
my $val = $2;
if ( $mod eq 'ctevents' ) {
for ( split ',', $args ) {
for ( split_list( $val, 'ctevents' ) ) {
fatal_error "Invalid 'ctevents' event ($_)" unless $valid_ctevent{$_};
}
$action .= " --ctevents $args";
$action .= " --ctevents $val";
} elsif ( $mod eq 'expevents' ) {
fatal_error "Invalid expevent argument ($args)" unless $args eq 'new';
fatal_error "Invalid expevent argument ($val)" unless $val eq 'new';
$action .= ' --expevents new';
} else {
fatal_error "Invalid helper option ($mod)";
}
}
} else {
fatal_error "Invalid CT option ($option)";
}
}
}

5
Shorewall/manpages/shorewall-conntrack.xml
View File

@ -199,7 +199,10 @@
role="bold">helper</emphasis>, <emphasis
role="bold">mark</emphasis> (this is connection mark, not
packet mark), <emphasis role="bold">natseqinfo</emphasis>,
and <emphasis role="bold">secmark</emphasis>.</para>
and <emphasis role="bold">secmark</emphasis>. If more than
one <emphasis>event</emphasis> is listed, the
<replaceable>event</replaceable> list must be enclosed in
parentheses (e.g., ctevents=(new,related)).</para>
</listitem>
<listitem>

5
Shorewall6/manpages/shorewall6-conntrack.xml
View File

@ -102,7 +102,10 @@
role="bold">helper</emphasis>, <emphasis
role="bold">mark</emphasis> (this is connection mark, not
packet mark), <emphasis role="bold">natseqinfo</emphasis>,
and <emphasis role="bold">secmark</emphasis>.</para>
and <emphasis role="bold">secmark</emphasis>. If more than
one <emphasis>event</emphasis> is listed, the
<replaceable>event</replaceable> list must be enclosed in
parentheses (e.g., ctevents=(new,related)).</para>
</listitem>
<listitem>