~ubuntu-branches/debian/sid/shorewall/sid

Viewing changes to Perl/Shorewall/IPAddrs.pm

Committer: Package Import Robot
Author(s): Roberto C. Sanchez
Date: 2013-05-03 08:17:42 UTC
mfrom: (1.3.52)
Revision ID: package-import@ubuntu.com-20130503081742-qo8p6k2z0dnbfqo8

Tags: 4.5.16.1-1

* New Upstream Version
* debian/patches/01_debian_configuration.patch: Refreshed
* debian/patches/02_correct_dnat_snat_behavior.patch: Removed
* Update lintian overrides

files added:
Macros/macro.ActiveDir

Macros/macro.Puppet

Macros/macro.SIP

Macros/macro.SNMPTrap

Macros/macro.Teredo

Macros/macro.VRRP

Macros/macro.Xymon

Macros/macro.mDNSbi

Perl/Shorewall/ARP.pm

Samples/three-interfaces/stoppedrules

Samples/three-interfaces/stoppedrules.annotated

Samples/two-interfaces/stoppedrules

Samples/two-interfaces/stoppedrules.annotated

action.Established

action.New

action.Related

action.Untracked

action.allowInvalid

action.dropInvalid

configfiles/arprules

configfiles/arprules.annotated

configfiles/conntrack

configfiles/conntrack.annotated

configfiles/stoppedrules

configfiles/stoppedrules.annotated

init.suse.sh

manpages/shorewall-arprules.5

manpages/shorewall-conntrack.5

manpages/shorewall-stoppedrules.5

files removed:
.pc/02_correct_dnat_snat_behavior.patch

.pc/02_correct_dnat_snat_behavior.patch/Perl

.pc/02_correct_dnat_snat_behavior.patch/Perl/Shorewall

.pc/02_correct_dnat_snat_behavior.patch/Perl/Shorewall/Misc.pm

Samples/three-interfaces/routestopped

Samples/three-interfaces/routestopped.annotated

Samples/two-interfaces/routestopped

Samples/two-interfaces/routestopped.annotated

configfiles/blacklist

configfiles/blacklist.annotated

configfiles/notrack

configfiles/notrack.annotated

debian/patches/02_correct_dnat_snat_behavior.patch

init.archlinux.sh

manpages/shorewall-notrack.5

files modified:
.pc/01_debian_configuration.patch/configfiles/shorewall.conf

.pc/applied-patches

Macros/macro.A_AllowICMPs

Macros/macro.A_DropDNSrep

Macros/macro.A_DropUPnP

Macros/macro.AllowICMPs

Macros/macro.Amanda

Macros/macro.BLACKLIST

Macros/macro.DCC

Macros/macro.DropDNSrep

Macros/macro.DropUPnP

Macros/macro.FTP

Macros/macro.IRC

Macros/macro.PPtP

Macros/macro.Rfc1918

Macros/macro.SANE

Macros/macro.SMB

Macros/macro.SMBBI

Macros/macro.SNMP

Macros/macro.TFTP

Macros/macro.mDNS

Macros/macro.template

Perl/Shorewall/Accounting.pm

Perl/Shorewall/Chains.pm

Perl/Shorewall/Compiler.pm

Perl/Shorewall/Config.pm

Perl/Shorewall/IPAddrs.pm

Perl/Shorewall/Misc.pm

Perl/Shorewall/Nat.pm

Perl/Shorewall/Proc.pm

Perl/Shorewall/Providers.pm

Perl/Shorewall/Raw.pm

Perl/Shorewall/Rules.pm

Perl/Shorewall/Tc.pm

Perl/Shorewall/Tunnels.pm

Perl/Shorewall/Zones.pm

Perl/compiler.pl

Perl/getparams

Perl/lib.core

Perl/prog.footer

Samples/Universal/interfaces

Samples/Universal/interfaces.annotated

Samples/Universal/policy.annotated

Samples/Universal/rules

Samples/Universal/rules.annotated

Samples/Universal/shorewall.conf

Samples/Universal/shorewall.conf.annotated

Samples/Universal/zones.annotated

Samples/one-interface/interfaces

Samples/one-interface/interfaces.annotated

Samples/one-interface/policy.annotated

Samples/one-interface/rules

Samples/one-interface/rules.annotated

Samples/one-interface/shorewall.conf

Samples/one-interface/shorewall.conf.annotated

Samples/one-interface/zones.annotated

Samples/three-interfaces/interfaces

Samples/three-interfaces/interfaces.annotated

Samples/three-interfaces/masq

Samples/three-interfaces/masq.annotated

Samples/three-interfaces/policy.annotated

Samples/three-interfaces/rules

Samples/three-interfaces/rules.annotated

Samples/three-interfaces/shorewall.conf

Samples/three-interfaces/shorewall.conf.annotated

Samples/three-interfaces/zones.annotated

Samples/two-interfaces/interfaces

Samples/two-interfaces/interfaces.annotated

Samples/two-interfaces/masq

Samples/two-interfaces/masq.annotated

Samples/two-interfaces/policy.annotated

Samples/two-interfaces/rules

Samples/two-interfaces/rules.annotated

Samples/two-interfaces/shorewall.conf

Samples/two-interfaces/shorewall.conf.annotated

Samples/two-interfaces/zones.annotated

action.Broadcast

action.Drop

action.DropSmurfs

action.Invalid

action.NotSyn

action.RST

action.Reject

action.TCPFlags

action.template

actions.std

changelog.txt

configfiles/accounting.annotated

configfiles/actions

configfiles/actions.annotated

configfiles/blrules.annotated

configfiles/interfaces

configfiles/interfaces.annotated

configfiles/masq

configfiles/masq.annotated

configfiles/nat.annotated

configfiles/policy.annotated

configfiles/routes.annotated

configfiles/routestopped

configfiles/routestopped.annotated

configfiles/rules

configfiles/rules.annotated

configfiles/secmarks.annotated

configfiles/shorewall.conf

configfiles/shorewall.conf.annotated

configfiles/tcclasses.annotated

configfiles/tcdevices.annotated

configfiles/tcfilters

configfiles/tcfilters.annotated

configfiles/tcinterfaces

configfiles/tcinterfaces.annotated

configfiles/tcpri.annotated

configfiles/tcrules

configfiles/tcrules.annotated

configfiles/tos.annotated

configfiles/tunnels.annotated

configfiles/zones.annotated

configpath

configure

configure.pl

debian/changelog

debian/patches/01_debian_configuration.patch

debian/patches/series

debian/shorewall.lintian-overrides

helpers

init.fedora.sh *

install.sh

known_problems.txt

lib.cli-std

manpages/shorewall-accounting.5

manpages/shorewall-actions.5

manpages/shorewall-blacklist.5

manpages/shorewall-blrules.5

manpages/shorewall-ecn.5

manpages/shorewall-exclusion.5

manpages/shorewall-hosts.5

manpages/shorewall-init.8

manpages/shorewall-interfaces.5

manpages/shorewall-ipsets.5

manpages/shorewall-maclist.5

manpages/shorewall-masq.5

manpages/shorewall-modules.5

manpages/shorewall-nat.5

manpages/shorewall-nesting.5

manpages/shorewall-netmap.5

manpages/shorewall-params.5

manpages/shorewall-policy.5

manpages/shorewall-providers.5

manpages/shorewall-proxyarp.5

manpages/shorewall-routes.5

manpages/shorewall-routestopped.5

manpages/shorewall-rtrules.5

manpages/shorewall-rules.5

manpages/shorewall-secmarks.5

manpages/shorewall-tcclasses.5

manpages/shorewall-tcdevices.5

manpages/shorewall-tcfilters.5

manpages/shorewall-tcinterfaces.5

manpages/shorewall-tcpri.5

manpages/shorewall-tcrules.5

manpages/shorewall-tos.5

manpages/shorewall-tunnels.5

manpages/shorewall-vardir.5

manpages/shorewall-zones.5

manpages/shorewall.8

manpages/shorewall.conf.5

modules.essential

modules.tc

modules.xtables

releasenotes.txt

shorewall

shorewall.spec

shorewallrc.apple

shorewallrc.archlinux

shorewallrc.cygwin

shorewallrc.debian

shorewallrc.default

shorewallrc.redhat

shorewallrc.slackware

shorewallrc.suse

uninstall.sh

Show diffs side-by-side

added added

removed removed

Perl/Shorewall/IPAddrs.pm

package Shorewall::IPAddrs;

require Exporter;

use Shorewall::Config qw( :DEFAULT split_list require_capability in_hex8 numeric_value F_IPV4 F_IPV6 );

use Shorewall::Config qw( :DEFAULT split_list require_capability in_hex8 numeric_value F_IPV4 F_IPV6 :protocols %config );

use Socket;

use strict;

our @ISA = qw(Exporter);

our @EXPORT = qw( ALLIPv4

our @EXPORT = ( qw( ALLIPv4

ALLIPv6

NILIPv4

NILIPv6

ALLIP

NILIP

ALL

TCP

UDP

UDPLITE

ICMP

DCCP

IPv6_ICMP

SCTP

GRE

VLSMv4

VLSMv6

VLSM

valid_address

validate_address

validate_net

decompose_net

nilip

rfc1918_networks

resolve_proto

resolve_dnsname

proto_name

validate_port

validate_portpair

validate_port_list

validate_icmp

validate_icmp6

);

) );

our @EXPORT_OK = qw( );

our $VERSION = '4.4_2';

our $VERSION = '4.5_15';

# Some IPv4/6 useful stuff

my @allipv4 = ( '0.0.0.0/0' );

my @allipv6 = ( '::/0' );

my $allip;

my @allip;

my @nilipv4 = ( '0.0.0.0' );

my @nilipv6 = ( '::' );

my $nilip;

my @nilip;

my $valid_address;

my $validate_address;

100

my $validate_net;

101

my $validate_range;

102

my $validate_host;

103

my $family;

our @allipv4 = ( '0.0.0.0/0' );

our @allipv6 = ( '::/0' );

our $allip;

our @allip;

our @nilipv4 = ( '0.0.0.0' );

our @nilipv6 = ( '::' );

our $nilip;

our @nilip;

our $vlsm_width;

our $valid_address;

our $validate_address;

our $validate_net;

our $resolve_dnsname;

100

our $validate_range;

101

our $validate_host;

102

our $family;

104

103

105

104

use constant { ALLIPv4 => '0.0.0.0/0' ,

106

105

ALLIPv6 => '::/0' ,

115

114

IPv6_LINK_ALLRTRS => 'ff01::2' ,

116

115

IPv6_SITE_ALLNODES => 'ff02::1' ,

117

116

IPv6_SITE_ALLRTRS => 'ff02::2' ,

118

ICMP => 1,

119

TCP => 6,

120

UDP => 17,

121

DCCP => 33,

122

GRE => 47,

123

IPv6_ICMP => 58,

124

SCTP => 132,

125

UDPLITE => 136 };

117

VLSMv4 => 32,

118

VLSMv6 => 128,

119

};

126

120

127

my @rfc1918_networks = ( "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" );

121

our @rfc1918_networks = ( "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" );

128

122

129

123

130

124

# Note: initialize() is declared at the bottom of the file

132

126

sub vlsm_to_mask( $ ) {

133

127

my $vlsm = $_[0];

134

128

135

in_hex8 ( ( 0xFFFFFFFF << ( 32 - $vlsm ) ) & 0xFFFFFFFF );

129

in_hex8 ( ( 0xFFFFFFFF << ( VLSMv4 - $vlsm ) ) & 0xFFFFFFFF );

136

130

}

137

131

138

132

sub valid_4address( $ ) {

167

161

defined wantarray ? wantarray ? @addrs : $addrs[0] : undef;

168

162

}

169

163

164

sub resolve_4dnsname( $ ) {

165

my $net = $_[0];

166

my @addrs;

167

168

fatal_error "Unknown Host ($net)" unless @addrs = gethostbyname( $net );

169

170

shift @addrs for (1..4);

171

for ( @addrs ) {

172

$_ = ( inet_ntoa( $_ ) );

173

}

174

175

@addrs;

176

}

177

178

170

179

sub decodeaddr( $ ) {

171

180

my $address = $_[0];

172

181

212

221

}

213

222

214

223

if ( defined $vlsm ) {

215

fatal_error "Invalid VLSM ($vlsm)" unless $vlsm =~ /^\d+$/ && $vlsm <= 32;

224

fatal_error "Invalid VLSM ($vlsm)" unless $vlsm =~ /^\d+$/ && $vlsm <= VLSMv4;

216

225

fatal_error "Invalid Network address ($_[0])" if defined $rest;

217

226

fatal_error "Invalid IP address ($net)" unless valid_4address $net;

218

227

} else {

219

228

fatal_error "Invalid Network address ($_[0])" if $_[0] =~ '/' || ! defined $net;

220

validate_4address $net, $_[1];

221

$vlsm = 32;

229

my $net1 = validate_4address $net, $allow_name;

230

$net = $net1 unless $config{DEFER_DNS_RESOLUTION};

231

$vlsm = VLSMv4;

222

232

}

223

233

224

234

if ( defined wantarray ) {

225

assert ( ! $allow_name );

226

235

if ( wantarray ) {

236

assert( ! $allow_name );

227

237

( decodeaddr( $net ) , $vlsm );

238

} elsif ( valid_4address $net ) {

239

$vlsm == VLSMv4 ? $net : "$net/$vlsm";

228

240

} else {

229

"$net/$vlsm";

241

$net;

230

242

}

231

243

}

232

244

}

241

253

my $last = decodeaddr $high;

242

254

243

255

fatal_error "Invalid IP Range ($low-$high)" unless $first <= $last;

256

257

"$low-$high";

244

258

}

245

259

246

260

sub validate_4host( $$ ) {

335

349

$number = numeric_value ( $proto );

336

350

defined $number && $number <= 255 ? $number : undef;

337

351

} else {

352

fatal_error "A protocol list ($proto) is not allowed in this context" if $proto =~ /,/;

338

353

339

354

# Allow 'icmp' as a synonym for 'ipv6-icmp' in IPv6 compilations

340

355

392

407

$what = 'port';

393

408

}

394

409

395

fatal_error "Using a $what ( $portpair ) requires PROTO TCP, UDP, SCTP or DCCP" unless

396

defined $protonum && ( $protonum == TCP ||

397

$protonum == UDP ||

398

$protonum == SCTP ||

410

fatal_error "Using a $what ( $portpair ) requires PROTO TCP, UDP, UDPLITE, SCTP or DCCP" unless

411

defined $protonum && ( $protonum == TCP ||

412

$protonum == UDP ||

413

$protonum == UDPLITE ||

414

$protonum == SCTP ||

399

415

$protonum == DCCP );

400

416

join ':', @ports;

401

417

621

637

defined wantarray ? wantarray ? @addrs : $addrs[0] : undef;

622

638

}

623

639

640

sub resolve_6dnsname( $ ) {

641

my $net = $_[0];

642

my @addrs;

643

644

require Socket6;

645

fatal_error "Unknown Host ($net)" unless (@addrs = Socket6::gethostbyname2( $net, Socket6::AF_INET6()));

646

647

shift @addrs for (1..4);

648

for ( @addrs ) {

649

$_ = Socket6::inet_ntop( Socket6::AF_INET6(), $_ );

650

}

651

652

@addrs;

653

}

654

624

655

sub validate_6net( $$ ) {

625

my ($net, $vlsm, $rest) = split( '/', $_[0], 3 );

626

my $allow_name = $_[1];

656

my ( $net, $allow_name ) = @_;

657

658

if ( $net =~ /^\[(.+)]$/ ) {

659

$net = $1;

660

} elsif ( $net =~ /^\[(.+)\]\/(\d+)$/ ) {

661

$net = join( '/', $1, $2 );

662

}

663

664

fatal_error "Invalid Network Address($net)" if $net =~ /\[/;

665

666

($net, my $vlsm, my $rest) = split( '/', $net, 3 );

667

668

fatal_error 'Invalid Network Address(' . join( '/', $net, $vlsm, $rest ) if defined $rest;

627

669

628

670

if ( $net =~ /\+(\[?)/ ) {

629

671

if ( $1 ) {

635

677

}

636

678

}

637

679

680

fatal_error "Invalid Network address ($_[0])" unless supplied $net;

681

682

638

683

if ( defined $vlsm ) {

639

fatal_error "Invalid VLSM ($vlsm)" unless $vlsm =~ /^\d+$/ && $vlsm <= 128;

684

fatal_error "Invalid VLSM ($vlsm)" unless $vlsm =~ /^\d+$/ && $vlsm <= VLSMv6;

640

685

fatal_error "Invalid Network address ($_[0])" if defined $rest;

641

686

fatal_error "Invalid IPv6 address ($net)" unless valid_6address $net;

642

687

} else {

643

fatal_error "Invalid Network address ($_[0])" if $_[0] =~ '/' || ! defined $net;

644

validate_6address $net, $allow_name;

645

$vlsm = 128;

688

fatal_error "Invalid Network address ($_[0])" if $_[0] =~ '/';

689

my $net1 = validate_6address $net, $allow_name;

690

$net = $net1 unless $config{DEFER_DNS_RESOLUTION};

691

$vlsm = VLSMv6;

646

692

}

647

693

648

694

if ( defined wantarray ) {

649

assert ( ! $allow_name );

650

695

if ( wantarray ) {

696

assert( ! $allow_name );

651

697

( $net , $vlsm );

698

} elsif ( valid_6address ( $net ) ) {

699

$vlsm == VLSMv6 ? $net : "$net/$vlsm";

652

700

} else {

653

"$net/$vlsm";

701

$net;

654

702

}

655

703

}

656

704

}

697

745

while ( @low ) {

698

746

my ( $l, $h) = ( shift @low, shift @high );

699

747

next if hex "0x$l" == hex "0x$h";

700

return 1 if hex "0x$l" < hex "0x$h";

748

return "$low-$high" if hex "0x$l" < hex "0x$h";

701

749

last;

702

750

}

703

751

704

752

fatal_error "Invalid IPv6 Range ($low-$high)";

753

754

705

755

}

706

756

707

757

sub validate_6host( $$ ) {

768

818

@nilip;

769

819

}

770

820

821

sub VLSM() {

822

$vlsm_width;

823

}

824

771

825

sub valid_address ( $ ) {

772

826

$valid_address->(@_);

773

827

}

780

834

$validate_net->(@_);

781

835

}

782

836

837

sub resolve_dnsname( $ ) {

838

$resolve_dnsname->(@_);

839

}

840

783

841

sub validate_range ($$ ) {

784

842

$validate_range->(@_);

785

843

}

806

864

@allip = @allipv4;

807

865

$nilip = NILIPv4;

808

866

@nilip = @nilipv4;

867

$vlsm_width = VLSMv4;

809

868

$valid_address = \&valid_4address;

810

869

$validate_address = \&validate_4address;

811

870

$validate_net = \&validate_4net;

812

871

$validate_range = \&validate_4range;

813

872

$validate_host = \&validate_4host;

873

$resolve_dnsname = \&resolve_4dnsname;

814

874

} else {

815

875

$allip = ALLIPv6;

816

876

@allip = @allipv6;

817

877

$nilip = NILIPv6;

818

878

@nilip = @nilipv6;

879

$vlsm_width = VLSMv6;

819

880

$valid_address = \&valid_6address;

820

881

$validate_address = \&validate_6address;

821

882

$validate_net = \&validate_6net;

822

883

$validate_range = \&validate_6range;

823

884

$validate_host = \&validate_6host;

885

$resolve_dnsname = \&resolve_6dnsname;

824

886

}

825

887

}

826

888

Older »