From 0dbf42424d12641a0e984cde1eed8d18617e6a85 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sat, 2 Apr 2016 10:04:05 -0700 Subject: [PATCH] Make physical name a synonym for the correcponding logical name. Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Chains.pm | 24 +++++------ Shorewall/Perl/Shorewall/Zones.pm | 67 +++++++++++++++++------------- 2 files changed, 50 insertions(+), 41 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index c5beb2d44..badd3df56 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -2030,7 +2030,7 @@ sub chain_base( $ ) { sub forward_chain($) { my $interface = shift; - ( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : $interface ) . '_fwd'; + ( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : get_logical( $interface ) ) . '_fwd'; } # @@ -2085,7 +2085,7 @@ sub use_forward_chain($$) { # sub input_option_chain($) { my $interface = shift; - ( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : $interface ) . '_iop'; + ( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : get_logical( $interface ) ) . '_iop'; } # @@ -2093,7 +2093,7 @@ sub input_option_chain($) { # sub output_option_chain($) { my $interface = shift; - ( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : $interface ) . '_oop'; + ( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : get_logical( $interface ) ) . '_oop'; } # @@ -2101,7 +2101,7 @@ sub output_option_chain($) { # sub forward_option_chain($) { my $interface = shift; - ( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : $interface ) . '_fop'; + ( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : get_logical( $interface ) ) . '_fop'; } # @@ -2110,7 +2110,7 @@ sub forward_option_chain($) { sub input_chain($) { my $interface = shift; - ( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : $interface ) . '_in'; + ( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : get_logical( $interface ) ) . '_in'; } # @@ -2173,7 +2173,7 @@ sub use_input_chain($$) { sub output_chain($) { my $interface = shift; - ( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : $interface ) . '_out'; + ( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : get_logical( $interface ) ) . '_out'; } # @@ -2182,7 +2182,7 @@ sub output_chain($) sub prerouting_chain($) { my $interface = shift; - ( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : $interface ) . '_pre'; + ( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : get_logical( $interface ) ) . '_pre'; } # @@ -2191,7 +2191,7 @@ sub prerouting_chain($) sub postrouting_chain($) { my $interface = shift; - ( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : $interface ) . '_post'; + ( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : get_logical( $interface ) ) . '_post'; } # @@ -2244,7 +2244,7 @@ sub use_output_chain($$) { sub masq_chain($) { my $interface = shift; - ( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : $interface ) . '_masq'; + ( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : get_logical( $interface ) ) . '_masq'; } # @@ -2260,7 +2260,7 @@ sub syn_flood_chain ( $ ) { sub mac_chain( $ ) { my $interface = shift; - ( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : $interface ) . '_mac'; + ( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : get_logical( $interface ) ) . '_mac'; } sub macrecent_target($) @@ -2297,7 +2297,7 @@ sub load_chain( $ ) { sub snat_chain( $ ) { my $interface = shift; - ( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : $interface ) . '_snat'; + ( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : get_logical( $interface ) ) . '_snat'; } # @@ -2306,7 +2306,7 @@ sub snat_chain( $ ) sub ecn_chain( $ ) { my $interface = shift; - ( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : $interface ) . '_ecn'; + ( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : get_logical( $interface ) ) . '_ecn'; } # diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm index 7f93debf8..2125ce1db 100644 --- a/Shorewall/Perl/Shorewall/Zones.pm +++ b/Shorewall/Perl/Shorewall/Zones.pm @@ -82,6 +82,7 @@ our @EXPORT = ( qw( NOTHING find_interface known_interface get_physical + get_logical physical_name have_bridges port_to_bridge @@ -210,7 +211,6 @@ our %interfaces; our %roots; our @bport_zones; our %ipsets; -our %physical; our %basemap; our %basemap1; our %mapbase; @@ -327,7 +327,6 @@ sub initialize( $$ ) { %interfaces = (); @bport_zones = (); %ipsets = (); - %physical = (); %basemap = (); %basemap1 = (); %mapbase = (); @@ -1311,7 +1310,7 @@ sub process_interface( $$ ) { fatal_error "Invalid Physical interface name ($value)" unless $value && $value !~ /%/; fatal_error "Virtual interfaces ($value) are not supported" if $value =~ /:\d+$/; - fatal_error "Duplicate physical interface name ($value)" if ( $physical{$value} && ! $port ); + fatal_error "Duplicate physical interface name ($value)" if ( $interfaces{$value} && ! $port ); fatal_error "The type of 'physical' name ($value) doesn't match the type of interface name ($interface)" if $wildcard && ! $value =~ /\+$/; $physical = $value; @@ -1385,21 +1384,23 @@ sub process_interface( $$ ) { $options{tcpflags} = $hostoptionsref->{tcpflags} = 1 unless exists $options{tcpflags}; } - $physical{$physical} = $interfaces{$interface} = { name => $interface , - bridge => $bridge , - filter => $filterref , - nets => 0 , - number => $nextinum , - root => $root , - broadcasts => $broadcasts , - options => \%options , - zone => '', - physical => $physical , - base => var_base( $physical ), - zones => {}, - origin => shortlineinfo( '' ), - wildcard => $wildcard, - }; + my $interfaceref = $interfaces{$interface} = { name => $interface , + bridge => $bridge , + filter => $filterref , + nets => 0 , + number => $nextinum , + root => $root , + broadcasts => $broadcasts , + options => \%options , + zone => '', + physical => $physical , + base => var_base( $physical ), + zones => {}, + origin => shortlineinfo( '' ), + wildcard => $wildcard, + }; + + $interfaces{$physical} = $interfaceref if $physical ne $interface; if ( $zone ) { fatal_error "Unmanaged interfaces may not be associated with a zone" if $options{unmanaged}; @@ -1570,20 +1571,21 @@ sub known_interface($) my $physical = map_physical( $interface, $interfaceref ); - return $interfaces{$interface} = { options => $interfaceref->{options} , - bridge => $interfaceref->{bridge} , - name => $i , - number => $interfaceref->{number} , - physical => $physical , - base => var_base( $physical ) , - wildcard => $interfaceref->{wildcard} , - zones => $interfaceref->{zones} , - }; + $interfaces{$interface} = $interfaces{$physical} = { options => $interfaceref->{options} , + bridge => $interfaceref->{bridge} , + name => $i , + number => $interfaceref->{number} , + physical => $physical , + base => var_base( $physical ) , + wildcard => $interfaceref->{wildcard} , + zones => $interfaceref->{zones} , + }; + } } } - $physical{$interface} || 0; + 0; } # @@ -1655,12 +1657,19 @@ sub find_interface( $ ) { } # -# Returns the physical interface associated with the passed logical name +# Returns the physical interface associated with the passed interface name # sub get_physical( $ ) { $interfaces{ $_[0] }->{physical}; } +# +# Returns the logical interface associated with the passed interface name +# +sub get_logical( $ ) { + $interfaces{ $_[0] }->{name}; +} + # # This one doesn't insist that the passed name be the name of a configured interface #