On 04/26/2013 09:54 AM, Dash Four wrote:
>
>> I would appreciate it if all who are testing nfacct would apply this patch.
>>
> I have a question:
>
> --- a/Shorewall/Perl/Shorewall/Accounting.pm
> +++ b/Shorewall/Perl/Shorewall/Accounting.pm
> @@ -235,15 +235,12 @@ sub process_accounting_rule1( $$$$$$$$$$$ ) {
> require_capability 'NFACCT_MATCH', 'The NFACCT action', 's';
> $target = '';
> for ( my @objects = split_nfacct_list $1 ) {
> - if ( $_ =~ /^([\w%&@~]+)(!)?$/ ) {
> - if ( $2 ) {
> - $prerule .= "-m nfacct --nfacct-name $1 ";
> - } else {
> - $rule .= "-m nfacct --nfacct-name $1 ";
> - }
> - } else {
> - fatal_error "Invalid nfacct object name ($_)";
> - }
> + validate_nfobject( $_, 1 );
> + if ( s/!$// ) {
> + $prerule .= "-m nfacct --nfacct-name $_ ";
> + } else {
> + $rule .= "-m nfacct --nfacct-name $_ ";
> + }
> [...]
> --- a/Shorewall/Perl/Shorewall/Chains.pm
> +++ b/Shorewall/Perl/Shorewall/Chains.pm
> [...]
> +#
> +# Validate and register an nfacct object name
> +#
> +
> +sub validate_nfobject( $;$ ) {
> + my ( $name, $allowbang ) = @_;
> +
> + fatal_error "Invalid nfacct object name ($name)" unless $name =~
> /^[-\w%&@~]+(!)?$/ && ( $allowbang || ! $1 );
> + $nfobjects{$_} = 1;
> +}
>
> From what I can see, "validate_nfobject" adds the nfacct name to the
> nfobjects array. This wasn't the case in Accounting.pm before as the
> object was just validated and (pre)rule was created. Is this intentional
> or have I got this wrong?
>The registration of the nfacct object name was in 4.5.15 but had been dropped somewhere. This change simply re-added that registration. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
