On Thu, 7 Jul 2011, Tom Eastep wrote: > Date: Thu, 7 Jul 2011 06:39:41 > From: Tom Eastep <[email protected]> > To: Shorewall Users <[email protected]> > Subject: Re: [Shorewall-users] Tproxy with Shorewall6 > > On Thu, 2011-07-07 at 04:22 -0700, J. Randall Owens wrote: > >> I take that back now. While it's not on that page, I see where Tc.pm has >> a place for picking out an IP address as a third parameter. In that case, >> I'd say that process_tc_rule is messing up at line 206/208, where it >> checks $originalmark to make sure splitting it on colons doesn't produce >> three or more fields, which was safe with the old MARK values which never >> had addresses, either IPv4 or IPv6, but might have a colon in there >> before the [CFPTI] values. And when it finds three (though the second is >> that empty non-space between the colons), it spits out that error message. >> >> (And this time, Tom, I'm looking at a git checkout, not an ancient 4.4.17. >> ;) > :-) > > Attached is a patch which allows an IPv6 address in the third parameter. > Enclosing the address in [...] or <...> is optional. > > Now for the manpages.
Pardon me if I'm wrong, but in line 208, haven't you inverted the significance of the empty string comparison, by switching if to unless and not adding a '!'? Granted, it will still have the same outcome when it gets to the if/then $originalmark comparison and doesn't match. The sense of the logical operator is inverted also; the '||' should have been changed to a '&&' (otherwise, the empty string comparison will only ever be checked if $mark is undefined, in which case it's hardly going to be equal, and may throw an error depending on strictness). Easiest thing might be to just chop everything there after the defined check, and let the following $originalmark match catch it. -- J. Randall Owens | http://www.ghiapet.net/ ProofReading Markup Language | http://prml.sourceforge.net/ ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
