Move INLINE processing into the Chains module.

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Perl/Shorewall/Accounting.pm

@@ -243,7 +243,7 @@ sub process_accounting_rule1( $$$$$$$$$$$ ) {
 		}
 	    }
 	} elsif ( $action eq 'INLINE' ) {
-	    $rule .= get_inline_matches;
+	    $rule .= get_inline_matches(1);
 	} else {
 	    ( $action, my $cmd ) = split /:/, $action;
 

Shorewall/Perl/Shorewall/Chains.pm

@@ -80,6 +80,10 @@ our @EXPORT = ( qw(
 		    add_interface_options
 		    state_match
 		    state_imatch
+                    split_action
+                    get_target_param
+                    get_inline_matches
+                    handle_inline
 
 		    STANDARD
 		    NATRULE
@@ -8397,4 +8401,71 @@ sub initialize_switches() {
     }
 }
 
+#
+# Return ( action, level[:tag] ) from passed full action
+#
+sub split_action ( $ ) {
+    my $action = $_[0];
+
+    my @list   = split_list2( $action, 'ACTION' );
+
+    fatal_error "Invalid ACTION ($action)" if @list > 3;
+
+    ( shift @list, join( ':', @list ) );
+}
+
+#
+# Get inline matches and conditionally verify the absense of -j
+#
+sub get_inline_matches( $ ) {
+    if ( $_[0] ) {
+	fetch_inline_matches;
+    } else {
+	my $inline_matches = fetch_inline_matches;
+
+	fatal_error "-j is only allowed when the ACTION is INLINE with no parameter" if $inline_matches =~ /\s-j\s/;
+
+	$inline_matches;
+    }
+}
+
+#
+# Split the passed target into the basic target and parameter (previously duplicated in this file)
+#
+sub get_target_param( $ ) {
+    my ( $target, $param ) = split '/', $_[0];
+
+    unless ( defined $param ) {
+	( $target, $param ) = ( $1, $2 ) if $target =~ /^(.*?)[(](.*)[)]$/;
+    }
+
+    ( $target, $param );
+}
+
+sub handle_inline( $$$$ ) {
+    my ( $action, $basictarget, $param, $loglevel ) = @_;
+    my $inline_matches = get_inline_matches(1);
+    my $raw_matches = '';
+
+    if ( $inline_matches =~ /^(.*\s+)?-j\s+(.+) $/ ) {
+	$raw_matches .= $1 if supplied $1;
+	$action = $2;
+	my ( $target ) = split ' ', $action;
+	fatal_error "Unknown jump target ($action)" unless $targets{$target} || $target eq 'MARK';
+	fatal_error "INLINE may not have a parameter when '-j' is specified in the free-form area" if $param ne '';
+    } else {
+	$raw_matches .= $inline_matches;
+	
+	if ( $param eq '' ) {
+	    $action = $loglevel ? 'LOG' : '';
+	} else {
+	    ( $action, $loglevel )   = split_action $param;
+	    ( $basictarget, $param ) = get_target_param $action;
+	    $param = '' unless defined $param;
+	}
+    }
+
+    return ( $action, $basictarget, $param, $loglevel, $raw_matches );
+}
+
 1;

Shorewall/Perl/Shorewall/Config.pm

@@ -70,7 +70,7 @@ our @EXPORT = qw(
 		 get_action_disposition
 		 set_action_disposition
 		 set_action_param
-		 get_inline_matches
+		 fetch_inline_matches
 		 set_inline_matches
 
                  set_comment
@@ -3071,7 +3071,7 @@ sub embedded_perl( $ ) {
 #
 # Return inline matches
 #
-sub get_inline_matches() {
+sub fetch_inline_matches() {
     "$inline_matches ";
 }
 
@@ -5197,7 +5197,8 @@ sub convert_to_directives() {
 			    # writeable regular file
 			    #
 			    my $result = system << "EOF";
-			    perl -pi.bak -e '/^\\s*FORMAT\\s*/ && s/FORMAT/?FORMAT/;
+			    perl -pi.bak -e '/^\\s*FORMAT\\s+/ && s/FORMAT/?FORMAT/;
+                                             /^\\s*SECTION\\s+/ && s/SECTION/?SECTION/;
                                              if ( /^\\s*COMMENT\\s+/ ) {
                                                  s/COMMENT/?COMMENT/;
                                              } elsif ( /^\\s*COMMENT\\s*\$/ ) {

Shorewall/Perl/Shorewall/Nat.pm

@@ -77,9 +77,9 @@ sub process_one_masq1( $$$$$$$$$$ )
     #
     if ( $interfacelist =~ /^INLINE\((.+)\)$/ ) {
 	$interfacelist = $1;
-	$inlinematches = get_inline_matches;
+	$inlinematches = get_inline_matches(0);
     } elsif ( $config{INLINE_MATCHES} ) {
-	$inlinematches = get_inline_matches;
+	$inlinematches = get_inline_matches(0);
     }	
     #
     # Parse the remaining part of the INTERFACE column

Shorewall/Perl/Shorewall/Rules.pm

@@ -299,19 +299,6 @@ sub new_rules_chain( $ ) {
 ###############################################################################
 # Functions moved from the former Policy Module
 ###############################################################################
-#
-# Split the passed target into the basic target and parameter (previously duplicated in this file)
-#
-sub get_target_param( $ ) {
-    my ( $target, $param ) = split '/', $_[0];
-
-    unless ( defined $param ) {
-	( $target, $param ) = ( $1, $2 ) if $target =~ /^(.*?)[(](.*)[)]$/;
-    }
-
-    ( $target, $param );
-}
-
 #
 # Convert a chain into a policy chain.
 #
@@ -1104,19 +1091,6 @@ sub finish_section ( $ ) {
 ################################################################################
 # Functions moved from the Actions module in 4.4.16
 ################################################################################
-#
-# Return ( action, level[:tag] ) from passed full action
-#
-sub split_action ( $ ) {
-    my $action = $_[0];
-
-    my @list   = split_list2( $action, 'ACTION' );
-
-    fatal_error "Invalid ACTION ($action)" if @list > 3;
-
-    ( shift @list, join( ':', @list ) );
-}
-
 #
 # Create a normalized action name from the passed pieces.
 #
@@ -2179,7 +2153,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
     my ( $basictarget, $param ) = get_target_param $action;
     my $optimize = $wildcard ? ( $basictarget =~ /!$/ ? 0 : $config{OPTIMIZE} & 5 ) : 0;
     my $actiontype;
-    my $inaction  = ''; # Set to true when we are process rules in an action file
+    my $inaction  = ''; # Set to true when we are processing rules in an action file
     my $inchain   = ''; # Set to true when a chain reference is passed.
     my $normalized_target;
     my $normalized_action;
@@ -2194,27 +2168,9 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
     $param = '' unless defined $param;
 
     if ( $basictarget eq 'INLINE' ) {
-	my $inline_matches = get_inline_matches;
-
-	if ( $inline_matches =~ /^(.*\s+)?-j\s+(.+) $/ ) {
-	    $raw_matches .= $1 if supplied $1;
-	    $action = $2;
-	    my ( $target ) = split ' ', $action;
-	    fatal_error "Unknown jump target ($action)" unless $targets{$target} || $target eq 'MARK';
-	    fatal_error "INLINE may not have a parameter when '-j' is specified in the free-form area" if $param ne '';
-	} else {
-	    $raw_matches .= $inline_matches;
-
-	    if ( $param eq '' ) {
-		$action = $loglevel ? 'LOG' : '';
-	    } else {
-		( $action, $loglevel )   = split_action $param;
-		( $basictarget, $param ) = get_target_param $action;
-		$param = '' unless defined $param;
-	    }
-	}
+	( $action, $basictarget, $param, $loglevel, $raw_matches ) = handle_inline( $action, $basictarget, $param, $loglevel );
     } elsif ( $config{INLINE_MATCHES} ) {
-	$raw_matches = get_inline_matches;
+	$raw_matches = get_inline_matches(0);
     }
     #
     # Determine the validity of the action

Shorewall/Perl/Shorewall/Tc.pm

@@ -321,9 +321,9 @@ sub process_tc_rule1( $$$$$$$$$$$$$$$$ ) {
     if ( $originalmark =~ /^INLINE\((.+)\)(:.*)?$/ ) {
 	$originalmark = $1;
 	$originalmark .= $2 if $2;
-	$raw = get_inline_matches;
+	$raw = get_inline_matches(0);
     } elsif ( $config{INLINE_MATCHES} ) {
-	$raw = get_inline_matches;
+	$raw = get_inline_matches(0);
     }
 
     my ( $mark, $designator, $remainder ) = split( /:/, $originalmark, 3 );
@@ -565,7 +565,7 @@ sub process_tc_rule1( $$$$$$$$$$$$$$$$ ) {
 		       INLINE   => sub()
 		                       {
 					   assert ( $cmd eq 'INLINE' );
-					   $matches = get_inline_matches;
+					   $matches = get_inline_matches(1);
 
 					   if ( $matches =~ /^(.*\s+)-j\s+(.+)$/ ) {
 					       $matches   = $1;