~mdw
/
firewall
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
classify.m4: Dispatch on destination addresses to correct chains.
[firewall]
/
classify.m4
diff --git
a/classify.m4
b/classify.m4
index
819cce6
..
5b6f209
100644
(file)
--- a/
classify.m4
+++ b/
classify.m4
@@
-234,7
+234,6
@@
trace "ifmap = $ifmap"
for entry in $ifmap; do
iface=${entry%=*} q=${entry##*=}
eval nets=\$ifnets_$q
for entry in $ifmap; do
iface=${entry%=*} q=${entry##*=}
eval nets=\$ifnets_$q
- trace "iface $iface [$q] = $nets"
aa=!
for n in $nets; do
eval "addrs=\"\$net_inet_$n \$net_inet6_$n\""
aa=!
for n in $nets; do
eval "addrs=\"\$net_inet_$n \$net_inet6_$n\""
@@
-246,12
+245,12
@@
for entry in $ifmap; do
done
eval ifaddrs_$q=\$aa
trace "iface $q = $iface; nets = $nets; addrs = $aa"
done
eval ifaddrs_$q=\$aa
trace "iface $q = $iface; nets = $nets; addrs = $aa"
-trace "alladdrs = $alladdrs"
done
done
+trace "alladdrs = $alladdrs"
## Populate the `out-classify' chain, matching networks.
prepare_to () { mode=goto fail=mark-to-$net_class_default; }
## Populate the `out-classify' chain, matching networks.
prepare_to () { mode=goto fail=mark-to-$net_class_default; }
-matchnets -d mark-
from
: prepare_to out-classify "" 0 $allnets
+matchnets -d mark-
to
: prepare_to out-classify "" 0 $allnets
## A `finish' hook for rejecting known address ranges arriving on a
## default-reachable interface.
## A `finish' hook for rejecting known address ranges arriving on a
## default-reachable interface.
@@
-297,7
+296,7
@@
for entry in $ifmap; do
## interfaces. We should match an address to a particular interface.
chains=""
for net in $nets; do
## interfaces. We should match an address to a particular interface.
chains=""
for net in $nets; do
- eval hosts=\$net_hosts_$net
+ eval hosts=\$net_hosts_$net
class=\$net_class_$net
for host in $hosts; do
eval ha=\$host_inet_$host ha6=\$host_inet6_$host
trace "$host : $class -> $iface"
for host in $hosts; do
eval ha=\$host_inet_$host ha6=\$host_inet6_$host
trace "$host : $class -> $iface"