Re: [Shorewall-devel] Shorewall 4.4.19 Beta 1

Tom Eastep Fri, 18 Mar 2011 12:43:04 -0700

On 3/17/11 3:46 PM, Steven Jan Springl wrote:
> Tom
> 
> In tcfilters, if an icmp type/code is specified:
> 
> eth0:33  77.77.77.77/7  2.2.0.0  icmp 3/4
> 
> The following error messages are produced:
> 
> Illegal "match"
> ERROR: Command "tc filter add dev eth0 protocol ip parent 1:0 prio 10 u32 ht 
> 0x006:0 match icmp type 3/4 0xff flowid 1:33" Failed


Steven,

Sorry to be slow getting back to you -- lots of work right now.

Please try the attached patch.

Thanks,
-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index 7cffd9b..94550b5 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -1125,7 +1125,7 @@ sub process_tc_filter() {
                    fatal_error "ICMP not allowed with IPv6" unless $family == 
F_IPV4;
                    fatal_error "SOURCE PORT(S) are not allowed with ICMP" if 
$sportlist ne '-';
 
-                   my ( $icmptype , $icmpcode ) = split '//', validate_icmp( 
$portrange );
+                   my ( $icmptype , $icmpcode ) = split '/', validate_icmp( 
$portrange );
 
                    my $rule1 = "   match icmp type $icmptype 0xff";
                    $rule1   .= "\\\n   match icmp code $icmpcode 0xff" if 
defined $icmpcode;
@@ -1136,7 +1136,7 @@ sub process_tc_filter() {
                    fatal_error "IPv6 ICMP not allowed with IPv4" unless 
$family == F_IPV4;
                    fatal_error "SOURCE PORT(S) are not allowed with IPv6 ICMP" 
if $sportlist ne '-';
 
-                   my ( $icmptype , $icmpcode ) = split '//', validate_icmp6( 
$portrange );
+                   my ( $icmptype , $icmpcode ) = split '/', validate_icmp6( 
$portrange );
 
                    my $rule1 = "   match icmp6 type $icmptype 0xff";
                    $rule1   .= "\\\n   match icmp6 code $icmpcode 0xff" if 
defined $icmpcode;

signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d

_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Re: [Shorewall-devel] Shorewall 4.4.19 Beta 1

Reply via email to