diff options
| author | Bob Gilligan <gilligan@vyatta.com> | 2009-01-23 13:59:37 -0800 |
|---|---|---|
| committer | Bob Gilligan <gilligan@vyatta.com> | 2009-01-23 13:59:37 -0800 |
| commit | 1f1d31163c347ace7b8e288363235ea22651916f (patch) | |
| tree | 4584133fd8cce13f6c742a994812117f600056b9 /lib/Vyatta/IpTables | |
| parent | dd37fdecea527c8d7098e257bc83e620af1ff730 (diff) | |
| download | vyatta-cfg-firewall-1f1d31163c347ace7b8e288363235ea22651916f.tar.gz vyatta-cfg-firewall-1f1d31163c347ace7b8e288363235ea22651916f.zip | |
Bugfix 4062: Don't reference parameters outside the config tree.
The AddressFilter module was reaching up the config tree to find
a config parameter that was used to determine whether the address type
was IPv4 or IPv6. This breaks when the functions are called from some
locations in the config tree. I added explicity function calls to allow
the caller to to set the IP version, obviating the need to reference
a config parameter to determin the IP version.
Diffstat (limited to 'lib/Vyatta/IpTables')
| -rwxr-xr-x | lib/Vyatta/IpTables/AddressFilter.pm | 21 | ||||
| -rw-r--r-- | lib/Vyatta/IpTables/Rule.pm | 14 |
2 files changed, 28 insertions, 7 deletions
diff --git a/lib/Vyatta/IpTables/AddressFilter.pm b/lib/Vyatta/IpTables/AddressFilter.pm index 3689ee2..6a74002 100755 --- a/lib/Vyatta/IpTables/AddressFilter.pm +++ b/lib/Vyatta/IpTables/AddressFilter.pm @@ -44,7 +44,7 @@ my %fields = ( _port => undef, _protocol => undef, _src_mac => undef, - _name => undef, + _ip_version => undef, ); sub new { @@ -58,13 +58,20 @@ sub new { return $self; } +sub set_ip_version($$) { + my ($self, $ip_version) = @_; + + $self->{_ip_version} = $ip_version; +} + sub setup { my ($self, $level) = @_; my $config = new Vyatta::Config; $config->setLevel("$level"); - $self->{_name} = $config->returnParent(".. .. .. .. .."); + # Default to IPv4. + $self->{_ip_version} = "ipv4"; # setup needed parent nodes $self->{_srcdst} = $config->returnParent(".."); @@ -98,7 +105,8 @@ sub setupOrig { $config->setLevel("$level"); - $self->{_name} = $config->returnParent(".. .. .. .. .."); + # Default to IPv4. + $self->{_ip_version} = "ipv4"; # setup needed parent nodes $self->{_srcdst} = $config->returnParent(".."); @@ -151,15 +159,14 @@ sub rule { my $ip_term; my $prefix_term; - if (($self->{_name} eq "name") || ($self->{_name} eq "modify")) { + if ($self->{_ip_version} eq "ipv4") { # This is an IPv4 rule $addr_checker = 'ipv4_negate'; $prefix_checker = 'ipv4net_negate'; $ip_term = "IPv4"; $prefix_term = "subnet"; - } elsif (($self->{_name} eq "ipv6-name") || - ($self->{_name} eq "ipv6-modify")) { + } elsif ($self->{_ip_version} eq "ipv6") { # This is an IPv6 rule $addr_checker = 'ipv6_negate'; @@ -167,7 +174,7 @@ sub rule { $ip_term = "IPv6"; $prefix_term = "prefix" } else { - return (undef, "Invalid firewall tree: $self->{_name}"); + return (undef, "Invalid IP version: $self->{_ip_version}"); } if (!defined($self->{_protocol}) diff --git a/lib/Vyatta/IpTables/Rule.pm b/lib/Vyatta/IpTables/Rule.pm index 449b32b..d55cf64 100644 --- a/lib/Vyatta/IpTables/Rule.pm +++ b/lib/Vyatta/IpTables/Rule.pm @@ -51,6 +51,7 @@ my %fields = ( _burst => undef, }, _disable => undef, + _ip_version => undef, ); my %dummy_rule = ( @@ -97,6 +98,7 @@ my %dummy_rule = ( _burst => undef, }, _disable => undef, + _ip_version => undef, ); sub new { @@ -171,6 +173,8 @@ sub setup { $src->setup("$level source"); $dst->setup("$level destination"); + # Default to IPv4 + $self->{_ip_version} = "ipv4"; return 0; } @@ -229,9 +233,19 @@ sub setupOrig { $src->setupOrig("$level source"); $dst->setupOrig("$level destination"); + # Default to IPv4 + $self->{_ip_version} = "ipv4"; return 0; } +sub set_ip_version { + my ($self, $ip_version) = @_; + + $self->{_ip_version} = $ip_version; + $src->set_ip_version($ip_version); + $dst->set_ip_version($ip_version); +} + sub print { my ( $self ) = @_; |