From c45cd828d10fb556eda0fcfdae8219dfcb5d16da Mon Sep 17 00:00:00 2001
From: Bob Gilligan <gilligan@vyatta.com>
Date: Wed, 18 Feb 2009 11:06:43 -0800
Subject: Add type check function for firewall IPv6 src/dst address parameters

---
 lib/Vyatta/TypeChecker.pm | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

(limited to 'lib')

diff --git a/lib/Vyatta/TypeChecker.pm b/lib/Vyatta/TypeChecker.pm
index 89b8932..a711030 100755
--- a/lib/Vyatta/TypeChecker.pm
+++ b/lib/Vyatta/TypeChecker.pm
@@ -69,6 +69,7 @@ my %type_handler = (
 		    'ipv6net_negate' => \&validate_ipv6net_negate,
 		    'hex16' => \&validate_hex_16_bits,
 		    'hex32' => \&validate_hex_32_bits,
+                    'ipv6_addr_param' => \&validate_ipv6_addr_param,
                    );
 
 sub validate_ipv4 {
@@ -238,6 +239,36 @@ sub validate_hex_32_bits {
   return 1 if ($value =~ /^[0-9a-f]{8}$/)
 }
 
+# Validate the overloaded IPv6 source and destination address parameter in
+# the firewall configuration tree.
+sub validate_ipv6_addr_param {
+  my $value = shift;
+
+  # leading exclamation point is valid in all three formats
+  if ($value =~ m/^\!(.*)$/) {
+    $value = $1;
+  }
+
+  if ($value =~ m/^(.*)-(.*)$/) {
+    # first format: <ipv6addr>-<ipv6-addr>
+    if (validate_ipv6($1)) {
+      return validate_ipv6($2);
+    } else {
+      return 0;
+    }
+  } 
+
+  elsif ($value =~ m/^(.*)\/(.*)$/) {
+    # Second format:  <ipv6addr>/<prefix-len>
+    return validate_ipv6net($value);
+  }
+
+  else {
+    # third format:  <ipv6addr>
+    return validate_ipv6($value)
+  }
+}
+
 sub validateType {
   my ($type, $value, $quiet) = @_;
   if (!defined($type) || !defined($value)) {
-- 
cgit v1.2.3