* RoutingCompiler_ipt.cpp (addressRangesInDst::processNext): fixed

bug #2666971 "fwb_ipt crashes when Address Range object in routing
rule". Policy compiler for iptables crashed if Address Range
object was used in "Destination" of a routing rule.

build_num

@@ -1 +1 @@
-#define BUILD_NUM 774
+#define BUILD_NUM 775

doc/ChangeLog

@@ -1,5 +1,10 @@
 2009-03-05  vadim  <vadim@vk.crocodile.org>
 
+	* RoutingCompiler_ipt.cpp (addressRangesInDst::processNext): fixed
+	bug #2666971 "fwb_ipt crashes when Address Range object in routing
+	rule". Policy compiler for iptables crashed if Address Range
+	object was used in "Destination" of a routing rule.
+
 	* RuleSetView.cpp (RuleSetView::insertRule),
 	ProjectPanel.cpp (ProjectPanel::closeEvent): fixed bug #2656815
 	"Copy/paste does not work properly". Fixed Copy/Paste problem with

src/ipt/RoutingCompiler_ipt.cpp

@@ -151,6 +151,20 @@ bool RoutingCompiler_ipt::eliminateDuplicateRules::processNext()
     return true;
 }
 
+bool RoutingCompiler_ipt::addressRangesInDst::processNext()
+{
+    RoutingCompiler_ipt *ipt_comp = dynamic_cast<RoutingCompiler_ipt*>(compiler);
+    RoutingRule *rule;
+    rule=getNext(); if (rule==NULL) return false;
+
+    RuleElementRDst *dstrel = rule->getRDst();
+    compiler->_expandAddressRanges(rule, dstrel);
+
+    tmp_queue.push_back(rule);
+    return true;
+}
+
+
 bool RoutingCompiler_ipt::FindDefaultRoute::processNext()
 {
     RoutingCompiler_ipt *ipt_comp = dynamic_cast<RoutingCompiler_ipt*>(compiler);
@@ -198,6 +212,9 @@ void RoutingCompiler_ipt::compile()
         add(new ExpandGroups("Expand groups in DST"));
         add(new ExpandMultipleAddresses(
                 "Expand objects with multiple addresses in DST"));
+
+        add(new addressRangesInDst("process address ranges"));
+
         add(new eliminateDuplicatesInDST("Eliminate duplicates in DST"));
         
         add(new FindDefaultRoute("Find rules that install default route"));

src/ipt/RoutingCompiler_ipt.h

@@ -73,6 +73,11 @@ namespace fwcompiler {
 	 */
         DECLARE_ROUTING_RULE_PROCESSOR(FindDefaultRoute);
 
+        /**
+	 * expand address range objects in destination
+	 */
+        DECLARE_ROUTING_RULE_PROCESSOR(addressRangesInDst);
+        
         /**
          * remove duplicate rules
          */

test/ipt/objects-for-regression-tests.fwb

@@ -800,9 +800,10 @@
     </Interface>
     <ObjectRef ref="id4733FFE419714"/>
     <ObjectRef ref="id40860X98946"/>
-    <ObjectRef ref="sysid0"/>
     <ObjectRef ref="id118609X9876"/>
     <ObjectRef ref="sysid0"/>
+    <ObjectRef ref="sysid0"/>
+    <ObjectRef ref="sysid0"/>
   </Library>
   <Library id="syslib001" color="#d2ffd0" name="User" comment="User defined objects" ro="False">
     <ObjectGroup id="stdid01_1" name="Objects" comment="" ro="False">
@@ -19723,7 +19724,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
           <Option name="verify_interfaces">False</Option>
         </FirewallOptions>
       </Firewall>
-      <Firewall id="id43A2BF7416451" host_OS="linux24" inactive="False" lastCompiled="1215360266" lastInstalled="1142003872" lastModified="1235803788" platform="iptables" version="" name="firewall36" comment="&#10;testing routing rules - both actually routing  and ROUTE target&#10;&#10;routing ruleset installs ECMP default" ro="False">
+      <Firewall id="id43A2BF7416451" host_OS="linux24" inactive="False" lastCompiled="1215360266" lastInstalled="1142003872" lastModified="1236314795" platform="iptables" version="" name="firewall36" comment="&#10;testing routing rules - both actually routing  and ROUTE target&#10;&#10;routing ruleset installs ECMP default" ro="False">
         <NAT id="id43A2C00E16451" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True"/>
         <Policy id="id43A2BF7A16451" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
           <PolicyRule id="id43A2BFF616451" disabled="False" log="False" position="0" action="Accept" direction="Both" comment="This permits access from internal net&#10;to the Internet and DMZ">
@@ -20012,6 +20013,18 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
             </RItf>
             <RoutingRuleOptions/>
           </RoutingRule>
+          <RoutingRule id="id42129X3455" disabled="False" group="" metric="0" position="3" comment="">
+            <RDst neg="False">
+              <ObjectRef ref="id4368AD8615884"/>
+            </RDst>
+            <RGtw neg="False">
+              <ObjectRef ref="id40860X98946"/>
+            </RGtw>
+            <RItf neg="False">
+              <ObjectRef ref="id43A2C03E16451"/>
+            </RItf>
+            <RoutingRuleOptions/>
+          </RoutingRule>
         </Routing>
         <Interface id="id43A2C03B16451" bridgeport="False" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
           <IPv4 id="id43A2C03D16451" name="firewall36:eth0:ip" comment="This is a test address, change it to your real one" ro="False" address="192.0.2.1" netmask="255.255.255.0"/>