extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-18 04:11:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove old COMMENT/FORMAT handling

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-12-24 09:31:20 -08:00
parent 15817078b8
commit 14f8947012
9 changed files with 67 additions and 161 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Shorewall/Perl/Shorewall/Accounting.pm
View File

@ -49,7 +49,6 @@ our $defaultchain;
our $ipsecdir; our $ipsecdir;
our $defaultrestriction; our $defaultrestriction;
our $restriction; our $restriction;
our $accounting_commands = { COMMENT => 0, SECTION => 2 };
our $sectionname; our $sectionname;
our $acctable; our $acctable;
@ -149,20 +148,10 @@ sub process_accounting_rule( ) {
$jumpchainref = 0; $jumpchainref = 0;
my ($action, $chain, $source, $dest, $proto, $ports, $sports, $user, $mark, $ipsec, $headers ) = my ($action, $chain, $source, $dest, $proto, $ports, $sports, $user, $mark, $ipsec, $headers ) =
split_line1 'Accounting File', { action => 0, chain => 1, source => 2, dest => 3, proto => 4, dport => 5, sport => 6, user => 7, mark => 8, ipsec => 9, headers => 10 }, $accounting_commands; split_line1 'Accounting File', { action => 0, chain => 1, source => 2, dest => 3, proto => 4, dport => 5, sport => 6, user => 7, mark => 8, ipsec => 9, headers => 10 };
fatal_error 'ACTION must be specified' if $action eq '-'; fatal_error 'ACTION must be specified' if $action eq '-';
if ( $action eq 'COMMENT' ) {
process_comment;
return 0;
}
if ( $action eq 'SECTION' ) {
process_section( $chain );
return 0;
}
$asection = LEGACY if $asection < 0; $asection = LEGACY if $asection < 0;
our $disposition = ''; our $disposition = '';

21
Shorewall/Perl/Shorewall/Config.pm
View File

@ -1882,7 +1882,7 @@ sub split_line1( $$;$$ ) {
my @line = split( ' ', $columns ); my @line = split( ' ', $columns );
$nopad = { COMMENT => 0 } unless $nopad; $nopad = {} unless $nopad;
my $first = supplied $line[0] ? $line[0] : '-'; my $first = supplied $line[0] ? $line[0] : '-';
my $npcolumns = $nopad->{$first}; my $npcolumns = $nopad->{$first};
@ -2952,6 +2952,25 @@ sub read_a_line($) {
# #
$currentline =~ s/\s*$//; $currentline =~ s/\s*$//;
} }
if ( $comments_allowed && $currentline =~ /^\s*COMMENT\b/ ) {
process_comment;
$currentline = '';
$currentlinenumber = 0;
next
}
if ( $max_format > 1 && $currentline =~ /^\s*FORMAT\s+(.+)/ ) {
format_warning;
my $format = $1;
fatal_error( "Invalid format ($format)" ) unless $format =~ /\d+/;
fatal_error( "Format must be between 1 and $max_format" ) unless $format && $format <= $max_format;
$file_format = $format;
$currentline = '';
$currentlinenumber = 0;
next
}
# #
# Line not blank -- Handle any first-entry message/capabilities check # Line not blank -- Handle any first-entry message/capabilities check
# #

52
Shorewall/Perl/Shorewall/Misc.pm
View File

@ -683,7 +683,7 @@ sub process_stoppedrules() {
$result = 1; $result = 1;
my ( $target, $source, $dest, $proto, $ports, $sports ) = my ( $target, $source, $dest, $proto, $ports, $sports ) =
split_line1 'stoppedrules file', { target => 0, source => 1, dest => 2, proto => 3, dport => 4, sport => 5 }, { COMMENT => 0 }; split_line1 'stoppedrules file', { target => 0, source => 1, dest => 2, proto => 3, dport => 4, sport => 5 };
fatal_error( "Invalid TARGET ($target)" ) unless $target =~ /^(?:ACCEPT|NOTRACK)$/; fatal_error( "Invalid TARGET ($target)" ) unless $target =~ /^(?:ACCEPT|NOTRACK)$/;
@ -1216,47 +1216,43 @@ sub setup_mac_lists( $ ) {
my ( $original_disposition, $interface, $mac, $addresses ) = split_line1 'maclist file', { disposition => 0, interface => 1, mac => 2, addresses => 3 }; my ( $original_disposition, $interface, $mac, $addresses ) = split_line1 'maclist file', { disposition => 0, interface => 1, mac => 2, addresses => 3 };
if ( $original_disposition eq 'COMMENT' ) { my ( $disposition, $level, $remainder) = split( /:/, $original_disposition, 3 );
process_comment;
} else {
my ( $disposition, $level, $remainder) = split( /:/, $original_disposition, 3 );
fatal_error "Invalid DISPOSITION ($original_disposition)" if defined $remainder || ! $disposition; fatal_error "Invalid DISPOSITION ($original_disposition)" if defined $remainder || ! $disposition;
my $targetref = $maclist_targets{$disposition}; my $targetref = $maclist_targets{$disposition};
fatal_error "Invalid DISPOSITION ($original_disposition)" if ! $targetref || ( ( $table eq 'mangle' ) && ! $targetref->{mangle} ); fatal_error "Invalid DISPOSITION ($original_disposition)" if ! $targetref || ( ( $table eq 'mangle' ) && ! $targetref->{mangle} );
fatal_error "Unknown Interface ($interface)" unless known_interface( $interface ); fatal_error "Unknown Interface ($interface)" unless known_interface( $interface );
fatal_error "No hosts on $interface have the maclist option specified" unless $maclist_interfaces{$interface}; fatal_error "No hosts on $interface have the maclist option specified" unless $maclist_interfaces{$interface};
my $chainref = $chain_table{$table}{( $ttl ? macrecent_target $interface : mac_chain $interface )}; my $chainref = $chain_table{$table}{( $ttl ? macrecent_target $interface : mac_chain $interface )};
$mac = '' unless $mac && ( $mac ne '-' ); $mac = '' unless $mac && ( $mac ne '-' );
$addresses = '' unless defined $addresses && ( $addresses ne '-' ); $addresses = '' unless defined $addresses && ( $addresses ne '-' );
fatal_error "You must specify a MAC address or an IP address" unless $mac || $addresses; fatal_error "You must specify a MAC address or an IP address" unless $mac || $addresses;
$mac = do_mac $mac if $mac; $mac = do_mac $mac if $mac;
if ( $addresses ) { if ( $addresses ) {
for my $address ( split ',', $addresses ) { for my $address ( split ',', $addresses ) {
my $source = match_source_net $address; my $source = match_source_net $address;
log_rule_limit $level, $chainref , mac_chain( $interface) , $disposition, '', '', 'add' , "${mac}${source}" log_rule_limit $level, $chainref , mac_chain( $interface) , $disposition, '', '', 'add' , "${mac}${source}"
if supplied $level;
add_ijump( $chainref , j => 'AUDIT', targetopts => '--type ' . lc $disposition ) if $audit && $disposition ne 'ACCEPT';
add_jump( $chainref , $targetref->{target}, 0, "${mac}${source}" );
}
} else {
log_rule_limit $level, $chainref , mac_chain( $interface) , $disposition, '', '', 'add' , $mac
if supplied $level; if supplied $level;
add_ijump( $chainref , j => 'AUDIT', targetopts => '--type ' . lc $disposition ) if $audit && $disposition ne 'ACCEPT'; add_ijump( $chainref , j => 'AUDIT', targetopts => '--type ' . lc $disposition ) if $audit && $disposition ne 'ACCEPT';
add_jump ( $chainref , $targetref->{target}, 0, "$mac" ); add_jump( $chainref , $targetref->{target}, 0, "${mac}${source}" );
} }
} else {
log_rule_limit $level, $chainref , mac_chain( $interface) , $disposition, '', '', 'add' , $mac
if supplied $level;
progress_message " Maclist entry \"$currentline\" $done"; add_ijump( $chainref , j => 'AUDIT', targetopts => '--type ' . lc $disposition ) if $audit && $disposition ne 'ACCEPT';
add_jump ( $chainref , $targetref->{target}, 0, "$mac" );
} }
progress_message " Maclist entry \"$currentline\" $done";
} }
clear_comment; clear_comment;

27
Shorewall/Perl/Shorewall/Nat.pm
View File

@ -61,11 +61,6 @@ sub process_one_masq( )
my ($interfacelist, $networks, $addresses, $proto, $ports, $ipsec, $mark, $user, $condition, $origdest ) = my ($interfacelist, $networks, $addresses, $proto, $ports, $ipsec, $mark, $user, $condition, $origdest ) =
split_line1 'masq file', { interface => 0, source => 1, address => 2, proto => 3, port => 4, ipsec => 5, mark => 6, user => 7, switch => 8, origdest => 9 }; split_line1 'masq file', { interface => 0, source => 1, address => 2, proto => 3, port => 4, ipsec => 5, mark => 6, user => 7, switch => 8, origdest => 9 };
if ( $interfacelist eq 'COMMENT' ) {
process_comment;
return 1;
}
fatal_error 'INTERFACE must be specified' if $interfacelist eq '-'; fatal_error 'INTERFACE must be specified' if $interfacelist eq '-';
my $pre_nat; my $pre_nat;
@ -387,23 +382,19 @@ sub setup_nat() {
my ( $external, $interfacelist, $internal, $allints, $localnat ) = split_line1 'nat file', { external => 0, interface => 1, internal => 2, allints => 3, local => 4 }; my ( $external, $interfacelist, $internal, $allints, $localnat ) = split_line1 'nat file', { external => 0, interface => 1, internal => 2, allints => 3, local => 4 };
if ( $external eq 'COMMENT' ) { ( $interfacelist, my $digit ) = split /:/, $interfacelist;
process_comment;
} else {
( $interfacelist, my $digit ) = split /:/, $interfacelist;
$digit = defined $digit ? ":$digit" : ''; $digit = defined $digit ? ":$digit" : '';
fatal_error 'EXTERNAL must be specified' if $external eq '-'; fatal_error 'EXTERNAL must be specified' if $external eq '-';
fatal_error 'INTERNAL must be specified' if $interfacelist eq '-'; fatal_error 'INTERNAL must be specified' if $interfacelist eq '-';
for my $interface ( split_list $interfacelist , 'interface' ) { for my $interface ( split_list $interfacelist , 'interface' ) {
fatal_error "Invalid Interface List ($interfacelist)" unless supplied $interface; fatal_error "Invalid Interface List ($interfacelist)" unless supplied $interface;
do_one_nat $external, "${interface}${digit}", $internal, $allints, $localnat; do_one_nat $external, "${interface}${digit}", $internal, $allints, $localnat;
}
progress_message " NAT entry \"$currentline\" $done";
} }
progress_message " NAT entry \"$currentline\" $done";
} }
clear_comment; clear_comment;

21
Shorewall/Perl/Shorewall/Raw.pm
View File

@ -227,7 +227,7 @@ sub setup_conntrack() {
if ( $fn ) { if ( $fn ) {
my $action = 'NOTRACK'; my $action;
my $empty = 1; my $empty = 1;
@ -238,24 +238,9 @@ sub setup_conntrack() {
if ( $file_format == 1 ) { if ( $file_format == 1 ) {
( $source, $dest, $proto, $ports, $sports, $user, $switch ) = split_line1 'Conntrack File', { source => 0, dest => 1, proto => 2, dport => 3, sport => 4, user => 5, switch => 6 }; ( $source, $dest, $proto, $ports, $sports, $user, $switch ) = split_line1 'Conntrack File', { source => 0, dest => 1, proto => 2, dport => 3, sport => 4, user => 5, switch => 6 };
$action = 'NOTRACK';
if ( $source eq 'FORMAT' ) {
process_format( $dest );
next;
}
} else { } else {
( $action, $source, $dest, $proto, $ports, $sports, $user, $switch ) = split_line1 'Conntrack File', { action => 0, source => 1, dest => 2, proto => 3, dport => 4, sport => 5, user => 6, switch => 7 }, { COMMENT => 0, FORMAT => 2 }; ( $action, $source, $dest, $proto, $ports, $sports, $user, $switch ) = split_line1 'Conntrack File', { action => 0, source => 1, dest => 2, proto => 3, dport => 4, sport => 5, user => 6, switch => 7 };
if ( $action eq 'FORMAT' ) {
process_format( $source );
$action = 'NOTRACK';
next;
}
}
if ( $action eq 'COMMENT' ) {
process_comment;
next;
} }
$empty = 0; $empty = 0;

41
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -75,9 +75,9 @@ our @builtins;
# #
# Commands that can be embedded in a basic rule and how many total tokens on the line (0 => unlimited). # Commands that can be embedded in a basic rule and how many total tokens on the line (0 => unlimited).
# #
our $rule_commands = { COMMENT => 0, FORMAT => 2, SECTION => 2 }; our $rule_commands = { SECTION => 2 };
our $action_commands = { COMMENT => 0, FORMAT => 2, SECTION => 2, DEFAULTS => 2 }; our $action_commands = { SECTION => 2, DEFAULTS => 2 };
our $macro_commands = { COMMENT => 0, FORMAT => 2, SECTION => 2, DEFAULT => 2 }; our $macro_commands = { SECTION => 2, DEFAULT => 2 };
our %rulecolumns = ( action => 0, our %rulecolumns = ( action => 0,
source => 1, source => 1,
@ -1578,18 +1578,6 @@ sub process_action($) {
fatal_error 'TARGET must be specified' if $target eq '-'; fatal_error 'TARGET must be specified' if $target eq '-';
if ( $target eq 'COMMENT' ) {
process_comment;
next;
}
if ( $target eq 'FORMAT' ) {
format_warning;
fatal_error "FORMAT must be 1 or 2" unless $source =~ /^[12]$/;
$file_format = $source;
next;
}
if ( $target eq 'DEFAULTS' ) { if ( $target eq 'DEFAULTS' ) {
default_action_params( $action, split_list $source, 'defaults' ), next if $file_format == 2; default_action_params( $action, split_list $source, 'defaults' ), next if $file_format == 2;
fatal_error 'DEFAULTS only allowed in FORMAT-2 actions'; fatal_error 'DEFAULTS only allowed in FORMAT-2 actions';
@ -1683,18 +1671,6 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$) {
fatal_error 'TARGET must be specified' if $mtarget eq '-'; fatal_error 'TARGET must be specified' if $mtarget eq '-';
if ( $mtarget eq 'COMMENT' ) {
process_comment unless $nocomment;
next;
}
if ( $mtarget eq 'FORMAT' ) {
format_warning;
fatal_error "Invalid FORMAT ($msource)" unless $msource =~ /^[12]$/;
$file_format = $msource;
next;
}
if ( $mtarget =~ /^DEFAULTS?$/ ) { if ( $mtarget =~ /^DEFAULTS?$/ ) {
$param = $msource unless supplied $param; $param = $msource unless supplied $param;
next; next;
@ -1819,21 +1795,11 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$$) {
fatal_error 'TARGET must be specified' if $mtarget eq '-'; fatal_error 'TARGET must be specified' if $mtarget eq '-';
if ( $mtarget eq 'COMMENT' ) {
process_comment unless $nocomment;
next;
}
if ( $mtarget eq 'DEFAULTS' ) { if ( $mtarget eq 'DEFAULTS' ) {
default_action_params( $chainref, split_list( $msource, 'defaults' ) ); default_action_params( $chainref, split_list( $msource, 'defaults' ) );
next; next;
} }
if ( $mtarget eq 'FORMAT' ) {
fatal_error "FORMAT must be 2" unless $msource eq '2';
next;
}
$mtarget = merge_levels( $target, $mtarget ) unless $nolog; $mtarget = merge_levels( $target, $mtarget ) unless $nolog;
my $action = isolate_basic_target $mtarget; my $action = isolate_basic_target $mtarget;
@ -2593,7 +2559,6 @@ sub process_rule ( ) {
fatal_error 'ACTION must be specified' if $target eq '-'; fatal_error 'ACTION must be specified' if $target eq '-';
process_comment, return 1 if $target eq 'COMMENT';
process_section( $source ), return 1 if $target eq 'SECTION'; process_section( $source ), return 1 if $target eq 'SECTION';
# #
# Section Names are optional so once we get to an actual rule, we need to be sure that # Section Names are optional so once we get to an actual rule, we need to be sure that

29
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -208,32 +208,17 @@ sub process_tc_rule( ) {
my ( $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state ); my ( $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state );
if ( $family == F_IPV4 ) { if ( $family == F_IPV4 ) {
( $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $probability, $dscp, $state ) = ( $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $probability, $dscp, $state ) =
split_line1 'tcrules file', { mark => 0, action => 0, source => 1, dest => 2, proto => 3, dport => 4, sport => 5, user => 6, test => 7, length => 8, tos => 9, connbytes => 10, helper => 11, probability => 12 , dscp => 13, state => 14 }, { COMMENT => 0, FORMAT => 2 } , 15; split_line1 'tcrules file', { mark => 0, action => 0, source => 1, dest => 2, proto => 3, dport => 4, sport => 5, user => 6, test => 7, length => 8, tos => 9, connbytes => 10, helper => 11, probability => 12 , dscp => 13, state => 14 }, {}, 15;
$headers = '-'; $headers = '-';
} else { } else {
( $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability, $dscp, $state ) = ( $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability, $dscp, $state ) =
split_line1 'tcrules file', { mark => 0, action => 0, source => 1, dest => 2, proto => 3, dport => 4, sport => 5, user => 6, test => 7, length => 8, tos => 9, connbytes => 10, helper => 11, headers => 12, probability => 13 , dscp => 14 , state => 15 }, { COMMENT => 0, FORMAT => 2 }, 16; split_line1 'tcrules file', { mark => 0, action => 0, source => 1, dest => 2, proto => 3, dport => 4, sport => 5, user => 6, test => 7, length => 8, tos => 9, connbytes => 10, helper => 11, headers => 12, probability => 13 , dscp => 14 , state => 15 }, {}, 16;
} }
our %tccmd; our %tccmd;
fatal_error 'MARK must be specified' if $originalmark eq '-'; fatal_error 'MARK must be specified' if $originalmark eq '-';
if ( $originalmark eq 'COMMENT' ) {
process_comment;
return;
}
if ( $originalmark eq 'FORMAT' ) {
format_warning;
if ( $source =~ /^([12])$/ ) {
$file_format = $1;
return;
}
fatal_error "Invalid FORMAT ($source)";
}
my ( $mark, $designator, $remainder ) = split( /:/, $originalmark, 3 ); my ( $mark, $designator, $remainder ) = split( /:/, $originalmark, 3 );
fatal_error "Invalid MARK ($originalmark)" unless supplied $mark; fatal_error "Invalid MARK ($originalmark)" unless supplied $mark;
@ -1803,11 +1788,6 @@ sub process_tc_priority() {
fatal_error 'BAND must be specified' if $band eq '-'; fatal_error 'BAND must be specified' if $band eq '-';
if ( $band eq 'COMMENT' ) {
process_comment;
return;
}
fatal_error "Invalid tcpri entry" if ( $proto eq '-' && fatal_error "Invalid tcpri entry" if ( $proto eq '-' &&
$ports eq '-' && $ports eq '-' &&
$address eq '-' && $address eq '-' &&
@ -2207,11 +2187,6 @@ sub process_secmark_rule() {
fatal_error 'SECMARK must be specified' if $secmark eq '-'; fatal_error 'SECMARK must be specified' if $secmark eq '-';
if ( $secmark eq 'COMMENT' ) {
process_comment;
return;
}
my %chns = ( T => 'tcpost' , my %chns = ( T => 'tcpost' ,
P => 'tcpre' , P => 'tcpre' ,
F => 'tcfor' , F => 'tcfor' ,

10
Shorewall/Perl/Shorewall/Tunnels.pm
View File

@ -291,16 +291,12 @@ sub setup_tunnels() {
while ( read_a_line( NORMAL_READ ) ) { while ( read_a_line( NORMAL_READ ) ) {
my ( $kind, $zone, $gateway, $gatewayzones ) = split_line1 'tunnels file', { type => 0, zone => 1, gateway => 2, gateways => 2, gateway_zone => 3 , gateway_zones => 3 }, undef, 4; my ( $kind, $zone, $gateway, $gatewayzones ) = split_line1 'tunnels file', { type => 0, zone => 1, gateway => 2, gateways => 2, gateway_zone => 3 , gateway_zones => 3 }, {}, 4;
fatal_error 'TYPE must be specified' if $kind eq '-'; fatal_error 'TYPE must be specified' if $kind eq '-';
if ( $kind eq 'COMMENT' ) { fatal_error 'ZONE must be specified' if $zone eq '-';
process_comment; setup_one_tunnel $kind, $zone, $gateway, $gatewayzones;
} else {
fatal_error 'ZONE must be specified' if $zone eq '-';
setup_one_tunnel $kind, $zone, $gateway, $gatewayzones;
}
} }
clear_comment; clear_comment;

14
Shorewall/Perl/Shorewall/Zones.pm
View File

@ -1004,22 +1004,12 @@ sub process_interface( $$ ) {
my $bridge = ''; my $bridge = '';
if ( $file_format == 1 ) { if ( $file_format == 1 ) {
($zone, $originalinterface, $bcasts, $options ) = split_line1 'interfaces file', { zone => 0, interface => 1, broadcast => 2, options => 3 }, { COMMENT => 0, FORMAT => 2 }; ($zone, $originalinterface, $bcasts, $options ) = split_line1 'interfaces file', { zone => 0, interface => 1, broadcast => 2, options => 3 };
} else { } else {
($zone, $originalinterface, $options ) = split_line1 'interfaces file', { zone => 0, interface => 1, options => 2 }, { COMMENT => 0, FORMAT => 2 }; ($zone, $originalinterface, $options ) = split_line1 'interfaces file', { zone => 0, interface => 1, options => 2 };
$bcasts = '-'; $bcasts = '-';
} }
if ( $zone eq 'FORMAT' ) {
format_warning;
if ( $originalinterface =~ /^([12])$/ ) {
$file_format = $1;
return;
}
fatal_error "Invalid FORMAT ($originalinterface)";
}
if ( $zone eq '-' ) { if ( $zone eq '-' ) {
$zone = ''; $zone = '';
} else { } else {