> I would appreciate it if all who are testing nfacct would apply this patch.
>
I have a question:
--- a/Shorewall/Perl/Shorewall/Accounting.pm
+++ b/Shorewall/Perl/Shorewall/Accounting.pm
@@ -235,15 +235,12 @@ sub process_accounting_rule1( $$$$$$$$$$$ ) {
require_capability 'NFACCT_MATCH', 'The NFACCT action', 's';
$target = '';
for ( my @objects = split_nfacct_list $1 ) {
- if ( $_ =~ /^([\w%&@~]+)(!)?$/ ) {
- if ( $2 ) {
- $prerule .= "-m nfacct --nfacct-name $1 ";
- } else {
- $rule .= "-m nfacct --nfacct-name $1 ";
- }
- } else {
- fatal_error "Invalid nfacct object name ($_)";
- }
+ validate_nfobject( $_, 1 );
+ if ( s/!$// ) {
+ $prerule .= "-m nfacct --nfacct-name $_ ";
+ } else {
+ $rule .= "-m nfacct --nfacct-name $_ ";
+ }
[...]
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
[...]
+#
+# Validate and register an nfacct object name
+#
+
+sub validate_nfobject( $;$ ) {
+ my ( $name, $allowbang ) = @_;
+
+ fatal_error "Invalid nfacct object name ($name)" unless $name =~
/^[-\w%&@~]+(!)?$/ && ( $allowbang || ! $1 );
+ $nfobjects{$_} = 1;
+}
From what I can see, "validate_nfobject" adds the nfacct name to the
nfobjects array. This wasn't the case in Accounting.pm before as the
object was just validated and (pre)rule was created. Is this intentional
or have I got this wrong?
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
