mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-12 16:48:12 +01:00
Improve maintainability of action-tuple code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
742c15b289
commit
031371f259
@ -79,6 +79,10 @@ use constant { NULL_SECTION => 0x00,
|
|||||||
NEW_SECTION => 0x40,
|
NEW_SECTION => 0x40,
|
||||||
DEFAULTACTION_SECTION => 0x80 };
|
DEFAULTACTION_SECTION => 0x80 };
|
||||||
#
|
#
|
||||||
|
# Number of elements in the action tuple
|
||||||
|
#
|
||||||
|
use constant { ACTION_TUPLE_ELEMENTS => 5 };
|
||||||
|
#
|
||||||
# Section => name function
|
# Section => name function
|
||||||
#
|
#
|
||||||
our %section_functions = ( ALL_SECTION , \&rules_chain,
|
our %section_functions = ( ALL_SECTION , \&rules_chain,
|
||||||
@ -424,6 +428,7 @@ sub print_policy($$$$) {
|
|||||||
sub use_policy_action( $$ );
|
sub use_policy_action( $$ );
|
||||||
sub normalize_action( $$$ );
|
sub normalize_action( $$$ );
|
||||||
sub normalize_action_name( $ );
|
sub normalize_action_name( $ );
|
||||||
|
sub normalize_single_action( $ );
|
||||||
|
|
||||||
sub process_default_action( $$$$ ) {
|
sub process_default_action( $$$$ ) {
|
||||||
my ( $originalpolicy, $policy, $default, $level ) = @_;
|
my ( $originalpolicy, $policy, $default, $level ) = @_;
|
||||||
@ -560,7 +565,7 @@ sub process_a_policy() {
|
|||||||
|
|
||||||
require_capability 'AUDIT_TARGET', ":audit", "s" if $audit;
|
require_capability 'AUDIT_TARGET', ":audit", "s" if $audit;
|
||||||
|
|
||||||
my ( $policy, $default, $level, undef, $remainder ) = split( /:/, $originalpolicy, 5 );
|
my ( $policy, $default, $level, undef, $remainder ) = split( /:/, $originalpolicy, ACTION_TUPLE_ELEMENTS );
|
||||||
|
|
||||||
fatal_error "Invalid or missing POLICY ($originalpolicy)" unless $policy;
|
fatal_error "Invalid or missing POLICY ($originalpolicy)" unless $policy;
|
||||||
|
|
||||||
@ -944,7 +949,7 @@ sub complete_standard_chain ( $$$$ ) {
|
|||||||
( $policy, $loglevel, $defaultaction ) = @{$policychainref}{'policy', 'loglevel', 'default' };
|
( $policy, $loglevel, $defaultaction ) = @{$policychainref}{'policy', 'loglevel', 'default' };
|
||||||
$stdchainref->{origin} = $policychainref->{origin};
|
$stdchainref->{origin} = $policychainref->{origin};
|
||||||
} elsif ( $defaultaction !~ /:/ ) {
|
} elsif ( $defaultaction !~ /:/ ) {
|
||||||
$defaultaction = join(":", $defaultaction, 'none', '', '', '' );
|
$defaultaction = normalize_single_action( $defaultaction );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -1210,11 +1215,18 @@ sub normalize_action_name( $ ) {
|
|||||||
normalize_action( $action, $loglevel, '' );
|
normalize_action( $action, $loglevel, '' );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Create an action tuple from a single target name
|
||||||
|
#
|
||||||
|
sub normalize_single_action( $ ) {
|
||||||
|
join(":", $_[0], 'none', '', '', '' );
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Produce a recognizable target from a normalized action
|
# Produce a recognizable target from a normalized action
|
||||||
#
|
#
|
||||||
sub external_name( $ ) {
|
sub external_name( $ ) {
|
||||||
my ( $target, $level, $tag, undef, $params ) = split /:/, shift, 5;
|
my ( $target, $level, $tag, undef, $params ) = split /:/, shift, ACTION_TUPLE_ELEMENTS;
|
||||||
|
|
||||||
$target = join( '', $target, '(', $params , ')' ) if $params;
|
$target = join( '', $target, '(', $params , ')' ) if $params;
|
||||||
$target .= ":$level" if $level && $level ne 'none';
|
$target .= ":$level" if $level && $level ne 'none';
|
||||||
@ -1344,7 +1356,7 @@ sub createsimpleactionchain( $ ) {
|
|||||||
sub createactionchain( $ ) {
|
sub createactionchain( $ ) {
|
||||||
my $normalized = shift;
|
my $normalized = shift;
|
||||||
|
|
||||||
my ( $target, $level, $tag, $caller, $param ) = split /:/, $normalized, 5;
|
my ( $target, $level, $tag, $caller, $param ) = split /:/, $normalized, ACTION_TUPLE_ELEMENTS;
|
||||||
|
|
||||||
assert( defined $param );
|
assert( defined $param );
|
||||||
|
|
||||||
@ -1704,7 +1716,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ );
|
|||||||
sub process_action($$) {
|
sub process_action($$) {
|
||||||
my ( $chainref, $caller ) = @_;
|
my ( $chainref, $caller ) = @_;
|
||||||
my $wholeaction = $chainref->{action};
|
my $wholeaction = $chainref->{action};
|
||||||
my ( $action, $level, $tag, undef, $param ) = split /:/, $wholeaction, 5;
|
my ( $action, $level, $tag, undef, $param ) = split /:/, $wholeaction, ACTION_TUPLE_ELEMENTS;
|
||||||
|
|
||||||
if ( $targets{$action} & BUILTIN ) {
|
if ( $targets{$action} & BUILTIN ) {
|
||||||
$level = '' if $level =~ /none!?/;
|
$level = '' if $level =~ /none!?/;
|
||||||
|
Loading…
Reference in New Issue
Block a user