On Fri, 2011-11-25 at 18:47 -0800, Tom Eastep wrote: > On Nov 25, 2011, at 4:33 PM, Steven Jan Springl wrote: > > > > > Patch applied. No problems to report. > >
The fact that there were duplicate consecutive rules in the 'sticko' chain troubled me, so I investigated that this morning and found that Shorewall 4.4.22 broke the SAME target. The attached patch restores its functionality. I've added Steven's latest test case to the regression library to ensure that SAME isn't broken again in the future. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
commit 15d95b6977707044fce3420a84f6ebe64d026df8
Author: Tom Eastep <teas...@shorewall.net>
Date: Sat Nov 26 07:48:03 2011 -0800
Fix SAME target.
Signed-off-by: Tom Eastep <teas...@shorewall.net>
diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm
index f2eb7fb..7768852 100644
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@@ -1406,17 +1406,29 @@ sub handle_stickiness( $ ) {
for my $chainref ( $stickyref, $setstickyref ) {
if ( $chainref->{name} eq 'sticky' ) {
- $rule1 = $_;
+ $rule1 = {};
+
+ while ( my ( $key, $value ) = each %$_ ) {
+ $rule1->{$key} = $value;
+ }
set_rule_target( $rule1, 'MARK', "--set-mark $mark" );
set_rule_option( $rule1, 'recent', "--name $list --update --seconds 300" );
- $rule2 = $_;
+ $rule2 = {};
+
+ while ( my ( $key, $value ) = each %$_ ) {
+ $rule2->{$key} = $value;
+ }
clear_rule_target( $rule2 );
set_rule_option( $rule2, 'mark', "--mark 0/$mask -m recent --name $list --remove" );
} else {
- $rule1 = $_;
+ $rule1 = {};
+
+ while ( my ( $key, $value ) = each %$_ ) {
+ $rule1->{$key} = $value;
+ }
clear_rule_target( $rule1 );
set_rule_option( $rule1, 'mark', "--mark $mark\/$mask -m recent --name $list --set" );
@@ -1439,17 +1451,29 @@ sub handle_stickiness( $ ) {
for my $chainref ( $stickoref, $setstickoref ) {
if ( $chainref->{name} eq 'sticko' ) {
- $rule1 = $_;
+ $rule1 = {};
+
+ while ( my ( $key, $value ) = each %$_ ) {
+ $rule1->{$key} = $value;
+ }
set_rule_target( $rule1, 'MARK', "--set-mark $mark" );
- set_rule_option( $rule1, 'recent', " --name $list --rdest --update --seconds 300 -j MARK --set-mark $mark" );
+ set_rule_option( $rule1, 'recent', " --name $list --rdest --update --seconds 300" );
+
+ $rule2 = {};
- $rule2 = $_;
+ while ( my ( $key, $value ) = each %$_ ) {
+ $rule2->{$key} = $value;
+ }
clear_rule_target( $rule2 );
set_rule_option ( $rule2, 'mark', "--mark 0\/$mask -m recent --name $list --rdest --remove" );
} else {
- $rule1 = $_;
+ $rule1 = {};
+
+ while ( my ( $key, $value ) = each %$_ ) {
+ $rule1->{$key} = $value;
+ }
clear_rule_target( $rule1 );
set_rule_option ( $rule1, 'mark', "--mark $mark -m recent --name $list --rdest --set" );
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d
_______________________________________________ Shorewall-devel mailing list Shorewall-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-devel
