From 3f37af7d2a0a90efbef1f576e9b47a1b630e6323 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Mon, 14 Jun 2010 16:39:01 -0700 Subject: Reject ip as a IP protocol value The name ip exists in /etc/protocols as a pseudonym for all IP protocols. But the Qos match logic doesn't support it so do not allow the user to choose that value Bug 5689 --- lib/Vyatta/Qos/Util.pm | 8 ++++++-- .../node.tag/class/node.tag/match/node.tag/ip/protocol/node.def | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/Vyatta/Qos/Util.pm b/lib/Vyatta/Qos/Util.pm index 9686120..8649a72 100644 --- a/lib/Vyatta/Qos/Util.pm +++ b/lib/Vyatta/Qos/Util.pm @@ -206,14 +206,18 @@ sub getProtocol { defined $str or return; if ( $str =~ /^([0-9]+)|(0x[0-9a-fA-F]+)$/ ) { - if ( $str < 0 || $str > 255 ) { + if ( $str <= 0 || $str > 255 ) { die "$str is not a valid protocol number\n"; } return $str; } my ( $name, $aliases, $proto ) = getprotobyname($str); - ( defined $proto ) or die "\"$str\" unknown protocol\n"; + die "\"$str\" unknown protocol\n" + unless $proto; + die "$name is not usable as an IP protocol match\n" + if ($proto == 0); + return $proto; } diff --git a/templates/traffic-policy/shaper/node.tag/class/node.tag/match/node.tag/ip/protocol/node.def b/templates/traffic-policy/shaper/node.tag/class/node.tag/match/node.tag/ip/protocol/node.def index 9c665c2..2405ca6 100644 --- a/templates/traffic-policy/shaper/node.tag/class/node.tag/match/node.tag/ip/protocol/node.def +++ b/templates/traffic-policy/shaper/node.tag/class/node.tag/match/node.tag/ip/protocol/node.def @@ -3,7 +3,7 @@ help: Match IP protocol name or number syntax:expression: exec "/opt/vyatta/sbin/vyatta-qos-util.pl --protocol $VAR(@)" allowed: awk ' /^#/ { next } - { printf "%s ", $1 }' IP protocol value or name Common names: icmp Internet Control Message Protocol -- cgit v1.2.3