Re: [Shorewall-devel] Shorewall 4.4.17 Beta 3 (includes efficient per-IP accounting)

[Tom Eastep]

On 2/2/11 1:39 PM, Steven Jan Springl wrote:

> If the accounting file contains END followed by any non blank value eg rule:
> 
> END  test
> 
> The following error message is generated from the 'Optimizing Ruleset' phase:
> 
> ERROR: Internal error in Shorewall::Chains::delete_jumps 
> at /usr/share/shorewall/Shorewall/Chains.pm line 1169
> 

Steven,

I believe I have fixes for all three reported problems.

The attached fixes this one.

Thanks!
-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

diff --git a/Shorewall/Perl/Shorewall/Chains.pm 
b/Shorewall/Perl/Shorewall/Chains.pm
index d224130..888bbcb 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -1153,20 +1153,28 @@ sub delete_jumps ( $$ ) {
     my $from  = $fromref->{name};
     my $rules = $fromref->{rules};
     my $refs  = $toref->{references}{$from};
+
     #
-    # A C-style for-loop with indexing seems to work best here, given that we 
are
-    # deleting elements from the array over which we are iterating.
+    # The 'from' chain may have had no references and has already been deleted 
so
+    # we need to check
     #
-    for ( my $rule = 0; $rule <= $#{$rules}; $rule++ ) {
-       if (  $rules->[$rule] =~ / -[gj] ${to}(\s+-m comment .*)?\s*$/ ) {
-           trace( $fromref, 'D', $rule + 1, $rules->[$rule] ) if $debug;
-           splice(  @$rules, $rule, 1 );
-           last unless --$refs > 0;
-           $rule--;
+    if ( $fromref->{referenced} ) {
+       #
+       #
+       # A C-style for-loop with indexing seems to work best here, given that 
we are
+       # deleting elements from the array over which we are iterating.
+       #
+       for ( my $rule = 0; $rule <= $#{$rules}; $rule++ ) {
+           if (  $rules->[$rule] =~ / -[gj] ${to}(\s+-m comment .*)?\s*$/ ) {
+               trace( $fromref, 'D', $rule + 1, $rules->[$rule] ) if $debug;
+               splice(  @$rules, $rule, 1 );
+               last unless --$refs > 0;
+               $rule--;
+           }
        }
-    }
 
-    assert( ! $refs );
+       assert( ! $refs );
+    }
 
     delete $toref->{references}{$from};
 

signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel