From 282253022eb27c8e5cd8e6795e218d3dc0026fd0 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sat, 29 Oct 2016 14:59:34 -0700 Subject: [PATCH] Correct handling of address variables out of the Providers module Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Chains.pm | 21 +++++++++------------ Shorewall/Perl/Shorewall/Providers.pm | 16 ++++++++-------- 2 files changed, 17 insertions(+), 20 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 91e373f98..33b4aaad5 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -268,7 +268,6 @@ our %EXPORT_TAGS = ( mark_firewall6_not_started interface_address get_interface_address - used_address_variable get_interface_addresses get_interface_bcasts get_interface_acasts @@ -5778,12 +5777,12 @@ sub have_ipset_rules() { $ipset_rules; } -sub get_interface_address( $ ); +sub get_interface_address( $;$ ); sub get_interface_gateway ( $;$$ ); -sub record_runtime_address( $$;$ ) { - my ( $addrtype, $interface, $protect ) = @_; +sub record_runtime_address( $$;$$ ) { + my ( $addrtype, $interface, $protect, $provider ) = @_; if ( $interface =~ /^{([a-zA-Z_]\w*)}$/ ) { fatal_error "Mixed required/optional usage of address variable $1" if ( $address_variables{$1} || $addrtype ) ne $addrtype; @@ -5797,9 +5796,9 @@ sub record_runtime_address( $$;$ ) { my $addr; if ( $addrtype eq '&' ) { - $addr = get_interface_address( $interface ); + $addr = get_interface_address( $interface, $provider ); } else { - $addr = get_interface_gateway( $interface, $protect ); + $addr = get_interface_gateway( $interface, $protect, $provider ); } $addr . ' '; @@ -6796,8 +6795,8 @@ sub interface_address( $ ) { # # Record that the ruleset requires the first IP address on the passed interface # -sub get_interface_address ( $ ) { - my ( $logical ) = $_[0]; +sub get_interface_address ( $;$ ) { + my ( $logical, $provider ) = @_; my $interface = get_physical( $logical ); my $variable = interface_address( $interface ); @@ -6807,11 +6806,9 @@ sub get_interface_address ( $ ) { $interfaceaddr{$interface} = "$variable=\$($function $interface)\n"; - "\$$variable"; -} + set_interface_option( $logical, 'used_address_variable', 1 ) unless $provider; -sub used_address_variable( $ ) { - defined $interfaceaddr{$_[0]} + "\$$variable"; } # diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index 00bbb0966..c20ad6330 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -799,7 +799,7 @@ sub add_a_provider( $$ ) { } if ( $gateway ) { - $address = get_interface_address $interface unless $address; + $address = get_interface_address( $interface, 1 ) unless $address; emit( qq([ -z "$address" ] && return\n) ); @@ -925,7 +925,7 @@ CEOF } if ( $gateway ) { - $address = get_interface_address $interface unless $address; + $address = get_interface_address( $interface, 1 ) unless $address; if ( $hostroute ) { emit qq(run_ip route replace $gateway src $address dev $physical ${mtu}); @@ -1038,7 +1038,7 @@ CEOF emit( qq(rm -f \${VARDIR}/${physical}_disabled) ); emit_started_message( '', 2, $pseudo, $table, $number ); - if ( used_address_variable( $interface ) || get_interface_option( $interface, 'used_gateway_variable' ) ) { + if ( get_interface_option( $interface, 'used_address_variable' ) || get_interface_option( $interface, 'used_gateway_variable' ) ) { emit( '', 'if [ -n "$g_forcereload" ]; then', " progress_message2 \"The IP address or gateway of $physical has changed -- forcing reload of the ruleset\"", @@ -1059,7 +1059,7 @@ CEOF emit "fi\n"; - if ( used_address_variable( $interface ) ) { + if ( get_interface_option( $interface, 'used_address_variable' ) ) { my $variable = interface_address( $interface ); emit( "echo \$$variable > \${VARDIR}/${physical}.address" ); @@ -1095,7 +1095,7 @@ CEOF } - if ( used_address_variable( $interface ) ) { + if ( get_interface_option( $interface, 'used_address_variable' ) ) { my $variable = interface_address( $interface ); emit( "\necho \$$variable > \${VARDIR}/${physical}.address" ); } @@ -1242,7 +1242,7 @@ sub add_an_rtrule1( $$$$$ ) { if ( $source eq '-' ) { $source = 'from ' . ALLIP; } elsif ( $source =~ s/^&// ) { - $source = 'from ' . record_runtime_address '&', $source; + $source = 'from ' . record_runtime_address( '&', $source, undef, 1 ); } elsif ( $family == F_IPV4 ) { if ( $source =~ /:/ ) { ( my $interface, $source , my $remainder ) = split( /:/, $source, 3 ); @@ -2189,7 +2189,7 @@ sub handle_optional_interfaces( $ ) { emit( " SW_${wildbase}_IS_USABLE=Yes" ) if $interfaceref->{wildcard}; emit( 'fi' ); - if ( used_address_variable( $interface ) ) { + if ( get_interface_option( $interface, 'used_address_variable' ) ) { my $variable = interface_address( $interface ); emit( '', @@ -2242,7 +2242,7 @@ sub handle_optional_interfaces( $ ) { emit ( " SW_${base}_IS_USABLE=Yes" , 'fi' ); - if ( used_address_variable( $interface ) ) { + if ( get_interface_option( $interface, 'used_address_variable' ) ) { emit( '', "if [ -f \${VARDIR}/${physical}.address ]; then", " if [ \$(cat \${VARDIR}/${physical}.address) != \$$variable ]; then",