From dff2e042d6c37979d35f05e16c940e9011b74150 Mon Sep 17 00:00:00 2001 From: Aaron Goodman Date: Mon, 31 Aug 2020 19:20:17 -0400 Subject: [PATCH] mwan3: give warning if ip of incorrect family specified in a rule also use global IPv4_REGEX environment variable as consistent IPv4 regex Signed-off-by: Aaron Goodman --- net/mwan3/files/lib/mwan3/mwan3.sh | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/net/mwan3/files/lib/mwan3/mwan3.sh b/net/mwan3/files/lib/mwan3/mwan3.sh index 8d7d352920588..4543db94ef57e 100644 --- a/net/mwan3/files/lib/mwan3/mwan3.sh +++ b/net/mwan3/files/lib/mwan3/mwan3.sh @@ -20,6 +20,7 @@ IPv6_REGEX="${IPv6_REGEX}:((:[0-9a-fA-F]{1,4}){1,7}|:)|" IPv6_REGEX="${IPv6_REGEX}fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|" IPv6_REGEX="${IPv6_REGEX}::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|" IPv6_REGEX="${IPv6_REGEX}([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])" +IPv4_REGEX="((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" MWAN3_STATUS_DIR="/var/run/mwan3" MWAN3_INTERFACE_MAX="" @@ -206,7 +207,7 @@ mwan3_set_custom_ipset_v4() { local custom_network_v4 - for custom_network_v4 in $($IP4 route list table "$1" | awk '{print $1}' | grep -E '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do + for custom_network_v4 in $($IP4 route list table "$1" | awk '{print $1}' | grep -E "$IPv4_REGEX"); do LOG notice "Adding network $custom_network_v4 from table $1 to mwan3_custom_v4 ipset" mwan3_push_update -! add mwan3_custom_v4 "$custom_network_v4" done @@ -242,7 +243,6 @@ mwan3_set_custom_ipset() mwan3_set_connected_ipv4() { local connected_network_v4 candidate_list cidr_list - local ipv4regex='[0-9]{1,3}(\.[0-9]{1,3}){3}' $IPS -! create mwan3_connected_v4 hash:net $IPS create mwan3_connected_v4_temp hash:net @@ -253,7 +253,7 @@ mwan3_set_connected_ipv4() $IP4 route | awk '{print $1}' $IP4 route list table 0 | awk '{print $2}' } - for connected_network_v4 in $(route_lists | grep -E "$ipv4regex"); do + for connected_network_v4 in $(route_lists | grep -E "$IPv4_REGEX"); do if [ -z "${connected_network_v4##*/*}" ]; then cidr_list="$cidr_list $connected_network_v4" else @@ -874,6 +874,14 @@ mwan3_set_user_iptables_rule() [ "$family" = "ipv4" ] && [ "$ipv" = "ipv6" ] && return [ "$family" = "ipv6" ] && [ "$ipv" = "ipv4" ] && return + for ipaddr in "$src_ip" "$dest_ip"; do + if [ -n "$ipaddr" ] && { { [ "$ipv" = "ipv4" ] && echo "$ipaddr" | grep -qE $IPv6_REGEX; } || + { [ "$ipv" = "ipv6" ] && echo "$ipaddr" | grep -qE $IPv4_REGEX; } }; then + LOG warn "invalid $ipv address $ipaddr specified for rule $rule" + return + fi + done + if [ -n "$src_iface" ]; then network_get_device src_dev "$src_iface" if [ -z "$src_dev" ]; then