extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-24 00:23:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Avoid double globals initialization for IPv6

Browse Source
This commit is contained in:
Tom Eastep 2009-08-16 09:24:51 -07:00
parent cbc9fa6e4c
commit 0557148bec
14 changed files with 85 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Shorewall/Perl/Shorewall/Accounting.pm
View File

@ -38,24 +38,13 @@ our @EXPORT_OK = qw( );
our $VERSION = '4.3_7'; our $VERSION = '4.3_7';
# #
# Initialize globals -- we take this novel approach to globals initialization to allow # Called by the compiler
# the compiler to run multiple times in the same process. The
# initialize() function does globals initialization for this
# module and is called from an INIT block below. The function is
# also called by Shorewall::Compiler::compiler at the beginning of
# the second and subsequent calls to that function or when compiling
# for IPv6.
# #
sub initialize() { sub initialize() {
our $jumpchainref; our $jumpchainref;
$jumpchainref = undef; $jumpchainref = undef;
} }
INIT {
initialize;
}
# #
# Accounting # Accounting
# #

20
Shorewall/Perl/Shorewall/Actions.pm
View File

@ -91,15 +91,15 @@ our $family;
our $macro_commands = { COMMENT => 0, FORMAT => 2 }; our $macro_commands = { COMMENT => 0, FORMAT => 2 };
# #
# Initialize globals -- we take this novel approach to globals initialization to allow # Rather than initializing globals in an INIT block or during declaration,
# the compiler to run multiple times in the same process. The # we initialize them in a function. This is done for two reasons:
# initialize() function does globals initialization for this #
# module and is called from an INIT block below. The function is # 1. Proper initialization usually depends on the address family which isn't
# also called by Shorewall::Compiler::compiler at the beginning of # known until the compiler has started.
# the second and subsequent calls to that function or when compiling #
# for IPv6. # 2. The compiler can run multiple times in the same process so it has to be
# able to re-initialize all of its dependent modules.
# #
sub initialize( $ ) { sub initialize( $ ) {
$family = shift; $family = shift;
@ -113,10 +113,6 @@ sub initialize( $ ) {
%macros = (); %macros = ();
} }
INIT {
initialize( F_IPV4 );
}
# #
# This function determines the logging for a subordinate action or a rule within a superior action # This function determines the logging for a subordinate action or a rule within a superior action
# #

22
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -111,7 +111,6 @@ our %EXPORT_TAGS = (
new_builtin_chain new_builtin_chain
new_nat_chain new_nat_chain
ensure_filter_chain ensure_filter_chain
initialize_chain_table
finish_section finish_section
setup_zone_mss setup_zone_mss
newexclusionchain newexclusionchain
@ -297,16 +296,17 @@ our %builtin_target = ( ACCEPT => 1,
NFQUEUE => 1, NFQUEUE => 1,
REDIRECT => 1 ); REDIRECT => 1 );
sub initialize_chain_table();
# #
# Initialize globals -- we take this novel approach to globals initialization to allow # Rather than initializing globals in an INIT block or during declaration,
# the compiler to run multiple times in the same process. The # we initialize them in a function. This is done for two reasons:
# initialize() function does globals initialization for this #
# module and is called from an INIT block below. The function is # 1. Proper initialization usually depends on the address family which isn't
# also called by Shorewall::Compiler::compiler at the beginning of # known until the compiler has started.
# the second and subsequent calls to that function or when compiling #
# for IPv6. # 2. The compiler can run multiple times in the same process so it has to be
# able to re-initialize all of its dependent modules.
# #
sub initialize( $ ) { sub initialize( $ ) {
$family = shift; $family = shift;
@ -357,10 +357,8 @@ sub initialize( $ ) {
$global_variables = 0; $global_variables = 0;
$idiotcount = 0; $idiotcount = 0;
} initialize_chain_table;
INIT {
initialize( F_IPV4 );
} }
# #

14
Shorewall/Perl/Shorewall/Compiler.pm
View File

@ -49,14 +49,12 @@ our $export;
our $test; our $test;
our $reused = 0;
our $family = F_IPV4; our $family = F_IPV4;
# #
# Reinitilize the package-globals in the other modules # Initilize the package-globals in the other modules
# #
sub reinitialize() { sub initialize_package_globals() {
Shorewall::Config::initialize($family); Shorewall::Config::initialize($family);
Shorewall::Chains::initialize ($family); Shorewall::Chains::initialize ($family);
Shorewall::Zones::initialize ($family); Shorewall::Zones::initialize ($family);
@ -572,7 +570,10 @@ sub compiler {
${$ref->{store}} = $val; ${$ref->{store}} = $val;
} }
reinitialize if $reused++ || $family == F_IPV6; #
# Now that we know the address family that we are dealing with (IPv4/IPv6), we can initialize the other modules' globals
#
initialize_package_globals;
if ( $directory ne '' ) { if ( $directory ne '' ) {
fatal_error "$directory is not an existing directory" unless -d $directory; fatal_error "$directory is not an existing directory" unless -d $directory;
@ -597,8 +598,6 @@ sub compiler {
set_command( 'check', 'Checking', 'Checked' ) unless $objectfile; set_command( 'check', 'Checking', 'Checked' ) unless $objectfile;
initialize_chain_table;
unless ( $command eq 'check' ) { unless ( $command eq 'check' ) {
create_temp_object( $objectfile , $export ); create_temp_object( $objectfile , $export );
} }
@ -804,7 +803,6 @@ sub compiler {
# for stopping the firewall # for stopping the firewall
# #
Shorewall::Chains::initialize( $family ); Shorewall::Chains::initialize( $family );
initialize_chain_table;
compile_stop_firewall( $test ); compile_stop_firewall( $test );
# #
# Copy the footer to the object # Copy the footer to the object

16
Shorewall/Perl/Shorewall/Config.pm
View File

@ -285,13 +285,14 @@ use constant { MIN_VERBOSITY => -1,
our %validlevels; # Valid log levels. our %validlevels; # Valid log levels.
# #
# Initialize globals -- we take this novel approach to globals initialization to allow # Rather than initializing globals in an INIT block or during declaration,
# the compiler to run multiple times in the same process. The # we initialize them in a function. This is done for two reasons:
# initialize() function does globals initialization for this #
# module and is called from an INIT block below. The function is # 1. Proper initialization usually depends on the address family which isn't
# also called by Shorewall::Compiler::compiler at the beginning of # known until the compiler has started.
# the second and subsequent calls to that function and when compiling #
# for IPv6. # 2. The compiler can run multiple times in the same process so it has to be
# able to re-initialize all of its dependent modules.
# #
sub initialize( $ ) { sub initialize( $ ) {
$family = shift; $family = shift;
@ -642,7 +643,6 @@ sub initialize( $ ) {
} }
INIT { INIT {
initialize( F_IPV4 );
# #
# These variables appear within single quotes in shorewall.conf -- add them to ENV # These variables appear within single quotes in shorewall.conf -- add them to ENV
# so that read_a_line doesn't have to be smart enough to parse that usage. # so that read_a_line doesn't have to be smart enough to parse that usage.

19
Shorewall/Perl/Shorewall/IPAddrs.pm
View File

@ -102,22 +102,19 @@ use constant { ALLIPv4 => '0.0.0.0/0' ,
our @rfc1918_networks = ( "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" ); our @rfc1918_networks = ( "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" );
# #
# Initialize globals -- we take this novel approach to globals initialization to allow # Rather than initializing globals in an INIT block or during declaration,
# the compiler to run multiple times in the same process. The # we initialize them in a function. This is done for two reasons:
# initialize() function does globals initialization for this #
# module and is called from an INIT block below. The function is # 1. Proper initialization usually depends on the address family which isn't
# also called by Shorewall::Compiler::compiler at the beginning of # known until the compiler has started.
# the second and subsequent calls to that function. #
# 2. The compiler can run multiple times in the same process so it has to be
# able to re-initialize all of its dependent modules.
# #
sub initialize( $ ) { sub initialize( $ ) {
$family = shift; $family = shift;
} }
INIT {
initialize( F_IPV4 );
}
sub vlsm_to_mask( $ ) { sub vlsm_to_mask( $ ) {
my $vlsm = $_[0]; my $vlsm = $_[0];

12
Shorewall/Perl/Shorewall/Nat.pm
View File

@ -42,23 +42,13 @@ our @addresses_to_add;
our %addresses_to_add; our %addresses_to_add;
# #
# Initialize globals -- we take this novel approach to globals initialization to allow # Called by the compiler
# the compiler to run multiple times in the same process. The
# initialize() function does globals initialization for this
# module and is called from an INIT block below. The function is
# also called by Shorewall::Compiler::compiler at the beginning of
# the second and subsequent calls to that function.
# #
sub initialize() { sub initialize() {
@addresses_to_add = (); @addresses_to_add = ();
%addresses_to_add = (); %addresses_to_add = ();
} }
INIT {
initialize;
}
# #
# Handle IPSEC Options in a masq record # Handle IPSEC Options in a masq record
# #

12
Shorewall/Perl/Shorewall/Policy.pm
View File

@ -41,22 +41,12 @@ our $VERSION = '4.3_7';
our @policy_chains; our @policy_chains;
# #
# Initialize globals -- we take this novel approach to globals initialization to allow # Called by the compiler
# the compiler to run multiple times in the same process. The
# initialize() function does globals initialization for this
# module and is called from an INIT block below. The function is
# also called by Shorewall::Compiler::compiler at the beginning of
# the second and subsequent calls to that function.
# #
sub initialize() { sub initialize() {
@policy_chains = (); @policy_chains = ();
} }
INIT {
initialize;
}
# #
# Convert a chain into a policy chain. # Convert a chain into a policy chain.
# #

19
Shorewall/Perl/Shorewall/Providers.pm
View File

@ -62,14 +62,15 @@ our $family;
use constant { ROUTEMARKED_SHARED => 1, ROUTEMARKED_UNSHARED => 2 }; use constant { ROUTEMARKED_SHARED => 1, ROUTEMARKED_UNSHARED => 2 };
# #
# Initialize globals -- we take this novel approach to globals initialization to allow # Rather than initializing globals in an INIT block or during declaration,
# the compiler to run multiple times in the same process. The # we initialize them in a function. This is done for two reasons:
# initialize() function does globals initialization for this #
# module and is called from an INIT block below. The function is # 1. Proper initialization usually depends on the address family which isn't
# also called by Shorewall::Compiler::compiler at the beginning of # known until the compiler has started.
# the second and subsequent calls to that function. #
# 2. The compiler can run multiple times in the same process so it has to be
# able to re-initialize all of its dependent modules.
# #
sub initialize( $ ) { sub initialize( $ ) {
$family = shift; $family = shift;
@ -89,10 +90,6 @@ sub initialize( $ ) {
@providers = (); @providers = ();
} }
INIT {
initialize( F_IPV4 );
}
# #
# Set up marking for 'tracked' interfaces. # Set up marking for 'tracked' interfaces.
# #

19
Shorewall/Perl/Shorewall/Proxyarp.pm
View File

@ -42,23 +42,20 @@ our @proxyarp;
our $family; our $family;
# #
# Initialize globals -- we take this novel approach to globals initialization to allow # Rather than initializing globals in an INIT block or during declaration,
# the compiler to run multiple times in the same process. The # we initialize them in a function. This is done for two reasons:
# initialize() function does globals initialization for this #
# module and is called from an INIT block below. The function is # 1. Proper initialization usually depends on the address family which isn't
# also called by Shorewall::Compiler::compiler at the beginning of # known until the compiler has started.
# the second and subsequent calls to that function. #
# 2. The compiler can run multiple times in the same process so it has to be
# able to re-initialize all of its dependent modules.
# #
sub initialize( $ ) { sub initialize( $ ) {
$family = shift; $family = shift;
@proxyarp = (); @proxyarp = ();
} }
INIT {
initialize( F_IPV4 );
}
sub setup_one_proxy_arp( $$$$$ ) { sub setup_one_proxy_arp( $$$$$ ) {
my ( $address, $interface, $external, $haveroute, $persistent) = @_; my ( $address, $interface, $external, $haveroute, $persistent) = @_;

19
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -63,14 +63,15 @@ my %rules_commands = ( COMMENT => 0,
SECTION => 2 ); SECTION => 2 );
# #
# Initialize globals -- we take this novel approach to globals initialization to allow # Rather than initializing globals in an INIT block or during declaration,
# the compiler to run multiple times in the same process. The # we initialize them in a function. This is done for two reasons:
# initialize() function does globals initialization for this #
# module and is called from an INIT block below. The function is # 1. Proper initialization usually depends on the address family which isn't
# also called by Shorewall::Compiler::compiler at the beginning of # known until the compiler has started.
# the second and subsequent calls to that function. #
# 2. The compiler can run multiple times in the same process so it has to be
# able to re-initialize all of its dependent modules.
# #
sub initialize( $ ) { sub initialize( $ ) {
$family = shift; $family = shift;
$sectioned = 0; $sectioned = 0;
@ -79,10 +80,6 @@ sub initialize( $ ) {
@param_stack = (); @param_stack = ();
} }
INIT {
initialize( F_IPV4 );
}
use constant { MAX_MACRO_NEST_LEVEL => 5 }; use constant { MAX_MACRO_NEST_LEVEL => 5 };
sub process_tos() { sub process_tos() {

19
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -202,14 +202,15 @@ our %restrictions = ( tcpre => PREROUTE_RESTRICT ,
our $family; our $family;
# #
# Initialize globals -- we take this novel approach to globals initialization to allow # Rather than initializing globals in an INIT block or during declaration,
# the compiler to run multiple times in the same process. The # we initialize them in a function. This is done for two reasons:
# initialize() function does globals initialization for this #
# module and is called from an INIT block below. The function is # 1. Proper initialization usually depends on the address family which isn't
# also called by Shorewall::Compiler::compiler at the beginning of # known until the compiler has started.
# the second and subsequent calls to that function. #
# 2. The compiler can run multiple times in the same process so it has to be
# able to re-initialize all of its dependent modules.
# #
sub initialize( $ ) { sub initialize( $ ) {
$family = shift; $family = shift;
%classids = (); %classids = ();
@ -223,10 +224,6 @@ sub initialize( $ ) {
$sticky = 0; $sticky = 0;
} }
INIT {
initialize( F_IPV4 );
}
sub process_tc_rule( ) { sub process_tc_rule( ) {
my ( $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper ) = split_line1 2, 12, 'tcrules file'; my ( $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper ) = split_line1 2, 12, 'tcrules file';

20
Shorewall/Perl/Shorewall/Zones.pm
View File

@ -174,15 +174,15 @@ our %validinterfaceoptions;
our %validhostoptions; our %validhostoptions;
# #
# Initialize globals -- we take this novel approach to globals initialization to allow # Rather than initializing globals in an INIT block or during declaration,
# the compiler to run multiple times in the same process. The # we initialize them in a function. This is done for two reasons:
# initialize() function does globals initialization for this #
# module and is called from an INIT block below. The function is # 1. Proper initialization usually depends on the address family which isn't
# also called by Shorewall::Compiler::compiler at the beginning of # known until the compiler has started.
# the second and subsequent calls to that function or when compiling #
# for IPv6. # 2. The compiler can run multiple times in the same process so it has to be
# able to re-initialize all of its dependent modules.
# #
sub initialize( $ ) { sub initialize( $ ) {
$family = shift; $family = shift;
@zones = (); @zones = ();
@ -250,10 +250,6 @@ sub initialize( $ ) {
} }
} }
INIT {
initialize( F_IPV4 );
}
# #
# Parse the passed option list and return a reference to a hash as follows: # Parse the passed option list and return a reference to a hash as follows:
# #

2
Shorewall/changelog.txt
View File

@ -6,6 +6,8 @@ Changes in Shorewall 4.4.1
3) Added support for --persistent. 3) Added support for --persistent.
4) Don't do module initialization in an INIT block.
Changes in Shorewall 4.4.0 Changes in Shorewall 4.4.0
1) Fix 'compile ... -' so that it no longer requires '-v-1' 1) Fix 'compile ... -' so that it no longer requires '-v-1'