Tom Eastep wrote: > Tom Eastep wrote: >> Brian J. Murrell wrote: >>> On Thu, 2007-12-20 at 13:12 -0800, Tom Eastep wrote: >>>> Please have a look at ip_range() and ip_range_explicit() in lib.base and >>>> try >>>> to envision recoding them to use that technique. >>> I will admit to not having looked all of the use cases. >>> >>>> Maybe you want to spend >>>> your Christmas vacation that way -- I don't. >>> :-) >>> >>>> Yet another question: what does "/bin/sh /sbin/shorewall-lite ipdecimal >>>> 2953838592" do? >>> # /bin/sh /sbin/shorewall-lite ipdecimal 2953838592 >>> 176.16.0.0 >>> >> Brian, >> >> >> Attached is a patch to lib.base that attempts to replace the failing tests >> with calls to a bc-based function. Please try the "shorewall-lite iprange" >> command with this patch installed. > > Corrected patch attached (first one broke ip_range_explicit(). >
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Index: lib.base
===================================================================
--- lib.base (revision 7931)
+++ lib.base (working copy)
@@ -455,6 +455,14 @@
echo $y
}
+addr_comp() {
+ test $(bc <<EOF
+$1 > $2
+EOF
+) -eq 1
+
+}
+
#
# Enumerate the members of an IP range -- When using a shell supporting only
# 32-bit signed arithmetic, the range cannot span 128.0.0.0.
@@ -488,19 +496,19 @@
first=$(decodeaddr ${1%-*})
last=$(decodeaddr ${1#*-})
- if [ $first -gt $last ]; then
+ if addr_comp $first $last; then
fatal_error "Invalid IP address range: $1"
fi
l=$(( $last + 1 ))
- while [ $first -le $last ]; do
+ while addr_comp $last $first; do
vlsm=
x=31
y=2
z=1
- while [ $(( $first % $y )) -eq 0 -a $(( $first + $y )) -le $l ]; do
+ while [ $(( $first % $y )) -eq 0 ] && addr_comp $l $(( $first + $y )) ; do
vlsm=/$x
x=$(( $x - 1 ))
z=$y
@@ -527,11 +535,11 @@
first=$(decodeaddr ${1%-*})
last=$(decodeaddr ${1#*-})
- if [ $first -gt $last ]; then
+ if addr_comp $first $last; then
fatal_error "Invalid IP address range: $1"
fi
- while [ $first -le $last ]; do
+ while ! addr_comp $first $last; do
echo $(encodeaddr $first)
first=$(($first + 1))
done
@@ -583,8 +591,10 @@
in_network() # $1 = IP address, $2 = CIDR network
{
local netmask=$(ip_netmask $2)
-
- test $(( $(decodeaddr $1) & $netmask)) -eq $(( $(decodeaddr ${2%/*}) & $netmask ))
+ #
+ # We compare the values as strings rather than integers to work around broken BusyBox ash on OpenWRT
+ #
+ test $(( $(decodeaddr $1) & $netmask)) = $(( $(decodeaddr ${2%/*}) & $netmask ))
}
#
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
