onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-25 04:37:22 +01:00
Code Issues Releases Wiki Activity

* PolicyCompiler_PrintRule.cpp (PrintRule::_printTarget): fixes #1416

Browse Source 
leading blank space in front of the custom action is missing.
SF bug 2991397.
This commit is contained in:
Vadim Kurland 2010-04-23 18:22:08 +00:00
parent 433b8332a7
commit 4c6518d5d3
4 changed files with 116 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build_num
View File

@ -1 +1 @@
#define BUILD_NUM 2827
#define BUILD_NUM 2828

6
doc/ChangeLog
View File

@ -1,3 +1,9 @@
2010-04-23 vadim <vadim@vk.crocodile.org>
* PolicyCompiler_PrintRule.cpp (PrintRule::_printTarget): fixes #1416
leading blank space in front of the custom action is missing.
SF bug 2991397.
2010-04-22 vadim <vadim@vk.crocodile.org>
* NATCompiler_pf.cpp (VerifyRules::processNext): see #1401. Because

2
src/iptlib/PolicyCompiler_PrintRule.cpp
View File

@ -369,7 +369,7 @@ string PolicyCompiler_ipt::PrintRule::_printTarget(PolicyRule *rule)
if (target=="CUSTOM")
{
ostr << ruleopt->getStr("custom_str");
ostr << " " << ruleopt->getStr("custom_str");
return ostr.str();
}

128
test/ipt/objects-for-regression-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="16" lastModified="1270840440" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="16" lastModified="1272040502" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@ -24042,7 +24042,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="verify_interfaces">True</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id43BB80919745" host_OS="linux24" inactive="False" lastCompiled="1247364089" lastInstalled="1142003872" lastModified="1224470619" platform="iptables" version="" name="firewall37" comment="testing TAG and CLASSIFY rules&#10;&#10;normal script mode (not using iptables-restore)" ro="False">
<Firewall id="id43BB80919745" host_OS="linux24" inactive="False" lastCompiled="1247364089" lastInstalled="1142003872" lastModified="1272040560" platform="iptables" version="" name="firewall37" comment="testing TAG and CLASSIFY rules&#10;&#10;normal script mode (not using iptables-restore)" ro="False">
<NAT id="id43BB80B09745" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id43BB814D9745" disabled="False" position="0" action="Translate" comment="">
<OSrc neg="False">
@ -24630,7 +24630,50 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="tagobject_id">id342984</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id37410X26379" disabled="False" group="" log="False" position="20" action="Accept" direction="Both" comment="tag 0 matches packet that has not been marked yet.&#10;">
<PolicyRule id="id2287317X67928" disabled="False" group="" log="False" position="20" action="Branch" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="id3CB1279B"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id43BB81799745"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="branch_id">id2843857X67928</Option>
<Option name="classify_str"></Option>
<Option name="custom_str"></Option>
<Option name="ipf_route_opt_addr"></Option>
<Option name="ipf_route_opt_if"></Option>
<Option name="ipf_route_option">route_reply_through</Option>
<Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="ipfw_pipe_queue_num">0</Option>
<Option name="ipt_branch_in_mangle">True</Option>
<Option name="ipt_continue">False</Option>
<Option name="ipt_gw"></Option>
<Option name="ipt_iif"></Option>
<Option name="ipt_mark_connections">False</Option>
<Option name="ipt_oif"></Option>
<Option name="ipt_tee">False</Option>
<Option name="pf_fastroute">False</Option>
<Option name="pf_route_load_option">none</Option>
<Option name="pf_route_opt_addr"></Option>
<Option name="pf_route_opt_if"></Option>
<Option name="pf_route_option">none</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id37410X26379" disabled="False" group="" log="False" position="21" action="Accept" direction="Both" comment="tag 0 matches packet that has not been marked yet.&#10;">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -24673,7 +24716,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="tagobject_id">id37422X26379</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43BB80989745" disabled="False" log="False" position="21" action="Pipe" direction="Both" comment="">
<PolicyRule id="id43BB80989745" disabled="False" log="False" position="22" action="Pipe" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -24693,7 +24736,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43BB81879745" disabled="False" log="False" position="22" action="Classify" direction="Both" comment="">
<PolicyRule id="id43BB81879745" disabled="False" log="False" position="23" action="Classify" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
@ -24728,7 +24771,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id451E2B486383" disabled="False" log="True" position="23" action="Classify" direction="Both" comment="">
<PolicyRule id="id451E2B486383" disabled="False" log="True" position="24" action="Classify" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
@ -24763,7 +24806,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id451E56936383" disabled="False" log="False" position="24" action="Classify" direction="Both" comment="">
<PolicyRule id="id451E56936383" disabled="False" log="False" position="25" action="Classify" direction="Both" comment="">
<Src neg="True">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3B022266"/>
@ -24799,7 +24842,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id451E56A46383" disabled="False" log="True" position="25" action="Classify" direction="Both" comment="">
<PolicyRule id="id451E56A46383" disabled="False" log="True" position="26" action="Classify" direction="Both" comment="">
<Src neg="True">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3B022266"/>
@ -24835,7 +24878,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id451EAD596383" disabled="False" log="False" position="26" action="Classify" direction="Both" comment="">
<PolicyRule id="id451EAD596383" disabled="False" log="False" position="27" action="Classify" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
@ -24870,7 +24913,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id451EAD6A6383" disabled="False" log="True" position="27" action="Classify" direction="Both" comment="">
<PolicyRule id="id451EAD6A6383" disabled="False" log="True" position="28" action="Classify" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
@ -24905,7 +24948,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id451ED8E76383" disabled="False" log="False" position="28" action="Classify" direction="Both" comment="">
<PolicyRule id="id451ED8E76383" disabled="False" log="False" position="29" action="Classify" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
@ -24940,7 +24983,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id451ED8F86383" disabled="False" log="True" position="29" action="Classify" direction="Both" comment="">
<PolicyRule id="id451ED8F86383" disabled="False" log="True" position="30" action="Classify" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
@ -24975,7 +25018,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="ulog_nlgroup">1</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4599A9DC19324" disabled="False" log="False" position="30" action="Classify" direction="Both" comment="testing for bug #1618381&#10;classify action is non-terminating&#10;in this firewall object">
<PolicyRule id="id4599A9DC19324" disabled="False" log="False" position="31" action="Classify" direction="Both" comment="testing for bug #1618381&#10;classify action is non-terminating&#10;in this firewall object">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -25017,7 +25060,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id4599A9E919324" disabled="False" log="False" position="31" action="Classify" direction="Both" comment="second rule for bug #1618381">
<PolicyRule id="id4599A9E919324" disabled="False" log="False" position="32" action="Classify" direction="Both" comment="second rule for bug #1618381">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -25059,7 +25102,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id459A026219324" disabled="False" log="False" position="32" action="Classify" direction="Both" comment="testing for bug #1618381">
<PolicyRule id="id459A026219324" disabled="False" log="False" position="33" action="Classify" direction="Both" comment="testing for bug #1618381">
<Src neg="True">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3B022266"/>
@ -25102,7 +25145,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id459A5AFB19324" disabled="False" log="False" position="33" action="Classify" direction="Both" comment="testing for bug #1618381">
<PolicyRule id="id459A5AFB19324" disabled="False" log="False" position="34" action="Classify" direction="Both" comment="testing for bug #1618381">
<Src neg="True">
<ObjectRef ref="net-Internal_net"/>
<ObjectRef ref="id3B022266"/>
@ -25146,7 +25189,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id459A875F19324" disabled="False" log="False" position="34" action="Classify" direction="Both" comment="bug #1618381&#10;this rule uses multiport&#10;and has to be split because&#10;of that">
<PolicyRule id="id459A875F19324" disabled="False" log="False" position="35" action="Classify" direction="Both" comment="bug #1618381&#10;this rule uses multiport&#10;and has to be split because&#10;of that">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -25189,7 +25232,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43F46B8A28368" disabled="False" log="False" position="35" action="Custom" direction="Both" comment="">
<PolicyRule id="id43F46B8A28368" disabled="False" log="False" position="36" action="Custom" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="net-Internal_net"/>
</Src>
@ -25217,7 +25260,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="tagvalue"></Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43495X28575" disabled="False" group="" log="True" position="36" action="Branch" direction="Both" comment="">
<PolicyRule id="id43495X28575" disabled="False" group="" log="True" position="37" action="Branch" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -25260,7 +25303,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="stateless">True</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id43BB80A49745" disabled="False" log="True" position="37" action="Deny" direction="Both" comment="">
<PolicyRule id="id43BB80A49745" disabled="False" log="True" position="38" action="Deny" direction="Both" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
@ -26003,6 +26046,51 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
</Option>
</RuleSetOptions>
</Policy>
<Policy id="id2843857X67928" name="Policy_3" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<PolicyRule id="id2843931X67928" disabled="False" log="True" position="0" action="Tag" direction="Outbound" comment="">
<Src neg="False">
<ObjectRef ref="sysid0"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id43BB817C9745"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="action_on_reject"></Option>
<Option name="classify_str"></Option>
<Option name="custom_str"></Option>
<Option name="ipf_route_opt_addr"></Option>
<Option name="ipf_route_opt_if"></Option>
<Option name="ipf_route_option">route_through</Option>
<Option name="ipfw_classify_method">2</Option>
<Option name="ipfw_pipe_port_num">0</Option>
<Option name="ipfw_pipe_queue_num">0</Option>
<Option name="ipt_continue">False</Option>
<Option name="ipt_gw"></Option>
<Option name="ipt_iif"></Option>
<Option name="ipt_mark_connections">False</Option>
<Option name="ipt_oif"></Option>
<Option name="ipt_tee">False</Option>
<Option name="pf_fastroute">False</Option>
<Option name="pf_route_load_option">none</Option>
<Option name="pf_route_opt_addr"></Option>
<Option name="pf_route_opt_if"></Option>
<Option name="pf_route_option">none</Option>
<Option name="rule_name_accounting"></Option>
<Option name="stateless">False</Option>
<Option name="tagobject_id">id449328D924380</Option>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Routing id="id43BB81789745" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</Routing>