On Sat, 2011-07-23 at 06:58 -0700, Tom Eastep wrote: > On Sat, 2011-07-23 at 13:51 +0100, Steven Jan Springl wrote: > > > In the attached config. the entry in secmarks produces the following error > > messages: > > > > Use of uninitialized value in numeric gt (>) > > at /usr/share/shorewall/Shorewall/Chains.pm line 1264. > > > > ERROR: Internal error in Shorewall::Chains::decrement_reference_count > > at /usr/share/shorewall/Shorewall/Chains.pm line 1264
> Ouch! This is a difficult one that affects many versions of Shorewall. > I'll have to think about the best way to correct it. Steven, This patch is a bit of a hack but it will have to do. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 8ed2d12..1773c11 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -266,6 +266,7 @@ our $filter_table;
my $comment;
my @comments;
my $export;
+my $splitcount;
#
# Target Types
@@ -715,8 +716,8 @@ sub clear_rule_target( $ ) {
assert( reftype $ruleref );
delete $ruleref->{jump};
- delete $ruleref->{target};
delete $ruleref->{targetopts};
+ $ruleref->{target} = '';
1;
}
@@ -951,12 +952,14 @@ sub handle_port_list( $$$$$$ ) {
handle_port_list( $chainref, $newrule, 0, $1, $2, $3 );
} else {
push_rule ( $chainref, $newrule );
+ $splitcount++;
}
}
} elsif ( $dport && $rule =~ /^(.* --sports\s+)([^ ]+)(.*)$/ ) {
handle_port_list( $chainref, $rule, 0, $1, $2, $3 );
} else {
push_rule ( $chainref, $rule );
+ $splitcount++;
}
}
@@ -966,7 +969,7 @@ sub handle_port_list( $$$$$$ ) {
sub handle_icmptype_list( $$$$ ) {
my ($chainref, $first, $types, $rest) = @_;
my @ports = split ',', $types;
- push_rule ( $chainref, join ( '', $first, shift @ports, $rest ) ) while @ports;
+ push_rule ( $chainref, join ( '', $first, shift @ports, $rest ) ), $splitcount++ while @ports;
}
#
@@ -1010,9 +1013,11 @@ sub add_rule($$;$) {
handle_icmptype_list( $chainref, $first, $types, $rest );
} else {
push_rule( $chainref, $rule );
+ $splitcount++;
}
} else {
push_rule ( $chainref, $rule );
+ $splitcount++;
}
} else {
push_rule( $chainref, $rule );
@@ -4523,6 +4528,10 @@ sub expand_rule( $$$$$$$$$$;$ )
push @ends, $end;
}
#
+ # Clear Split Count
+ #
+ $splitcount = 0;
+ #
# Trim disposition
#
$disposition =~ s/\s.*//;
@@ -5021,7 +5030,10 @@ sub expand_rule( $$$$$$$$$$;$ )
my $targetref = $chain_table{$table}{$target};
if ( $targetref ) {
$targetref->{referenced} = 1;
- add_reference $fromref, $targetref;
+
+ for ( my $i = 0; $i < $splitcount; $i++ ) {
+ add_reference $fromref, $targetref;
+ }
}
}
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Storage Efficiency Calculator This modeling tool is based on patent-pending intellectual property that has been used successfully in hundreds of IBM storage optimization engage- ments, worldwide. Store less, Store more with what you own, Move data to the right place. Try It Now! http://www.accelacomm.com/jaw/sfnl/114/51427378/
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
