diff options
| author | Michael Larson <slioch@eng-140.vyatta.com> | 2008-03-20 14:31:00 -0700 |
|---|---|---|
| committer | Michael Larson <slioch@eng-140.vyatta.com> | 2008-03-20 14:31:00 -0700 |
| commit | 1693cdf87f883464a10d4a91bdc32e8a595444a2 (patch) | |
| tree | 5bb0c7a147074b11339b43cdbdd7abab00a76473 | |
| parent | db3ccf7834617fa5f278e512bb73b831acb407d3 (diff) | |
| download | vyatta-wanloadbalance-1693cdf87f883464a10d4a91bdc32e8a595444a2.tar.gz vyatta-wanloadbalance-1693cdf87f883464a10d4a91bdc32e8a595444a2.zip | |
added final validation to address ranges and negation operators. now behavior is the same as firewall and nat.
| -rw-r--r-- | scripts/vyatta-wanloadbalance.pl | 17 | ||||
| -rw-r--r-- | src/lbdecision.cc | 36 |
2 files changed, 49 insertions, 4 deletions
diff --git a/scripts/vyatta-wanloadbalance.pl b/scripts/vyatta-wanloadbalance.pl index ec361fa..69fadcd 100644 --- a/scripts/vyatta-wanloadbalance.pl +++ b/scripts/vyatta-wanloadbalance.pl @@ -11,6 +11,7 @@ use lib "/opt/vyatta/share/perl5/"; use VyattaConfig; use VyattaMisc; +use VyattaTypeChecker; use warnings; use strict; @@ -88,7 +89,13 @@ sub write_rules { print FILE_LCK "\tdestination {\n"; my $daddr = $config->returnValue("$rule destination address"); if (defined $daddr) { - print FILE_LCK "\t\taddress \"" . $daddr . "\"\n"; + if (VyattaTypeChecker::validate_iptables4_addr($daddr) eq "1") { + print FILE_LCK "\t\taddress \"" . $daddr . "\"\n"; + } + else { + print "Error in destination address configuration\n"; + exit 1; + } } my $option = $config->returnValue("$rule destination port"); @@ -119,7 +126,13 @@ sub write_rules { print FILE_LCK "\tsource {\n"; my $saddr = $config->returnValue("$rule source address"); if (defined $saddr) { - print FILE_LCK "\t\taddress \"" . $saddr . "\"\n"; + if (VyattaTypeChecker::validate_iptables4_addr($saddr) eq "1") { + print FILE_LCK "\t\taddress \"" . $saddr . "\"\n"; + } + else { + print "Error in source address configuration\n"; + exit 1; + } } $option = $config->returnValue("$rule source port"); diff --git a/src/lbdecision.cc b/src/lbdecision.cc index fb79994..66f458b 100644 --- a/src/lbdecision.cc +++ b/src/lbdecision.cc @@ -281,11 +281,43 @@ LBDecision::get_application_cmd(LBRule &rule) } if (rule._s_addr.empty() == false) { - filter += "--source " + rule._s_addr + " "; + bool negate_flag = false; + string tmp(rule._s_addr); + if (tmp.find("!") != string::npos) { + negate_flag = true; + tmp = tmp.substr(1,tmp.length()-1); + } + + if (tmp.find("-") != string::npos) { + if (negate_flag) { + filter += "-m iprange ! --src-range " + tmp + " "; + } + else { + filter += "-m iprange --src-range " + tmp + " "; + } + } + else { + if (negate_flag) { + filter += "--source ! " + tmp + " "; + } + else { + filter += "--source " + tmp + " "; + } + } } if (rule._d_addr.empty() == false) { - filter += "--destination " + rule._d_addr + " "; + string tmp(rule._d_addr); + if (tmp.find("!") != string::npos) { + tmp = "! " + tmp.substr(1,tmp.length()-1); + } + + if (tmp.find("-") != string::npos) { + filter += "-m iprange --dst-range " + tmp + " "; + } + else { + filter += "--destination " + tmp + " "; + } } if (rule._proto == "udp" || rule._proto == "tcp") { |