holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Correct handling of IPv6 tunnel-src and tunnel-dst

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2017-04-23 08:36:22 -07:00
parent 6201f37913
commit d4e05f6163
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
1 changed files with 35 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
Shorewall/Perl/Shorewall/Zones.pm
View File

@ -108,24 +108,6 @@ our @EXPORT = ( qw( NOTHING
our @EXPORT_OK = qw( initialize ); our @EXPORT_OK = qw( initialize );
our $VERSION = 'MODULEVERSION'; our $VERSION = 'MODULEVERSION';
#
# IPSEC Option types
#
use constant { NOTHING => 'NOTHING',
NUMERIC => '0x[\da-fA-F]+|\d+',
NETWORK => '\d+.\d+.\d+.\d+(\/\d+)?',
IPSECPROTO => 'ah|esp|ipcomp',
IPSECMODE => 'tunnel|transport'
};
#
# Option columns
#
use constant { IN_OUT => 1,
IN => 2,
OUT => 3 };
# #
# Zone Table. # Zone Table.
# #
@ -221,6 +203,26 @@ our $zonemarkincr;
our $zonemarklimit; our $zonemarklimit;
our $loopback_interface; our $loopback_interface;
#
# IPSEC Option types
#
use constant { NOTHING => 'NOTHING',
NUMERIC => '0x[\da-fA-F]+|\d+',
IPSECPROTO => 'ah|esp|ipcomp',
IPSECMODE => 'tunnel|transport'
};
sub NETWORK() {
$family == F_IPV4 ? '\d+.\d+.\d+.\d+(\/\d+)?' : '(?:[0-9a-fA-F]{0,4}:){2,7}[0-9a-fA-F]{0,4}(?:\/d+)?';
}
#
# Option columns
#
use constant { IN_OUT => 1,
IN => 2,
OUT => 3 };
use constant { FIREWALL => 1, use constant { FIREWALL => 1,
IP => 2, IP => 2,
BPORT => 4, BPORT => 4,
@ -276,19 +278,7 @@ our %maxoptionvalue = ( routefilter => 2, mss => 100000 , wait => 120 , ignore =
our %validhostoptions; our %validhostoptions;
our %validzoneoptions = ( mss => NUMERIC, our %validzoneoptions;
nomark => NOTHING,
blacklist => NOTHING,
dynamic_shared => NOTHING,
strict => NOTHING,
next => NOTHING,
reqid => NUMERIC,
spi => NUMERIC,
proto => IPSECPROTO,
mode => IPSECMODE,
"tunnel-src" => NETWORK,
"tunnel-dst" => NETWORK,
);
use constant { UNRESTRICTED => 1, NOFW => 2 , COMPLEX => 8, IN_OUT_ONLY => 16 }; use constant { UNRESTRICTED => 1, NOFW => 2 , COMPLEX => 8, IN_OUT_ONLY => 16 };
# #
@ -330,6 +320,20 @@ sub initialize( $$ ) {
$minroot = 0; $minroot = 0;
$loopback_interface = ''; $loopback_interface = '';
%validzoneoptions = ( mss => NUMERIC,
nomark => NOTHING,
blacklist => NOTHING,
dynamic_shared => NOTHING,
strict => NOTHING,
next => NOTHING,
reqid => NUMERIC,
spi => NUMERIC,
proto => IPSECPROTO,
mode => IPSECMODE,
"tunnel-src" => NETWORK,
"tunnel-dst" => NETWORK,
);
if ( $family == F_IPV4 ) { if ( $family == F_IPV4 ) {
%validinterfaceoptions = (arp_filter => BINARY_IF_OPTION, %validinterfaceoptions = (arp_filter => BINARY_IF_OPTION,
arp_ignore => ENUM_IF_OPTION, arp_ignore => ENUM_IF_OPTION,