From 4111432a52a1fc017817058b7ec79ccddaaa8288 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 26 Dec 2010 16:13:53 -0800 Subject: [PATCH] Implement optional action parameters --- Shorewall/Perl/Shorewall/Config.pm | 3 ++- Shorewall/Perl/Shorewall/Rules.pm | 12 ++++++++++-- Shorewall/releasenotes.txt | 13 +++++++++---- docs/Actions.xml | 9 ++++++++- 4 files changed, 29 insertions(+), 8 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 3a0cb709b..85bdc0bab 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -1799,7 +1799,8 @@ sub push_params( $ ) { %actparms = (); for ( my $i = 1; $i <= @params; $i++ ) { - $actparms{$i} = $params[$i - 1]; + my $val = $params[$i - 1]; + $actparms{$i} = $val eq '-' ? '' : $val; } $oldparams; diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index 564cb8d19..8e977ffb0 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -260,7 +260,7 @@ sub process_rule_common ( $$$$$$$$$$$$$$$$ ); sub process_actions1() { - progress_message2 "Preprocessing Action Files..."; + progress_message2 "Locating Action Files..."; # # Add built-in actions to the target table and create those actions # @@ -717,6 +717,14 @@ sub process_macro ( $$$$$$$$$$$$$$$$$ ) { # # Once a rule has been expanded via wildcards (source and/or dest zone eq 'all'), it is processed by this function. If # the target is a macro, the macro is expanded and this function is called recursively for each rule in the expansion. +# Rules in both the rules file and in action bodies are processed here. +# +# This function may be called in three different ways: +# +# 1) $chainref undefined -- Being called to process a record in the rules file. All arguments are passed. +# 2) $chainref is a chain name -- Pre-proessing the records in an action file. Only $target is passed. +# 3) $chainref is a chain reference -- Processing the records in an action file. The chain is where the generated +# rules are added. # sub process_rule_common ( $$$$$$$$$$$$$$$$ ) { my ( $chainref, #reference to Action Chain if we are being called from process_action3() @@ -765,7 +773,7 @@ sub process_rule_common ( $$$$$$$$$$$$$$$$ ) { ( $basictarget, $actiontype , $param ) = map_old_actions( $basictarget ) unless $actiontype || $param; } - fatal_error "Unknown action ($action)" unless $actiontype; + fatal_error "Unknown ACTION ($action)" unless $actiontype; if ( $actiontype == MACRO ) { # diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 126119184..cc024fb21 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -125,13 +125,18 @@ Beta 1 Actions are now free to invoke other actions. 4) There is now support for parameterized actions. The parameters are - available to extensions scripts. See + a comma-separated list enclosed in parentheses following the + action name (e.g., ACT(REDIRECT,192.168.1.4)). Within the action + body, the parameter values are available in $1, $2, etc. + + You can 'omit' a parameter in the list by using '-' (e,g, + REDIRECT,-.info) would omit the second parameter (within the action + body, $2 would expand to nothing). + + Parameter values are also available to extensions scripts. See http://www.shorewall.net/Actions.html#Extension for more information. - Within the action body, the parameter values are available in $1, - $2, etc. - ---------------------------------------------------------------------------- I V. R E L E A S E 4 . 4 H I G H L I G H T S ---------------------------------------------------------------------------- diff --git a/docs/Actions.xml b/docs/Actions.xml index 77297f4dc..f8eb5ee76 100644 --- a/docs/Actions.xml +++ b/docs/Actions.xml @@ -249,6 +249,12 @@ A(REDIRECT) net fw #TARGET SOURCE DEST PROTO DEST SOURCE ORIGINAL # PORT(S) PORT(S) DEST REDIRECT net - tcp 80 - 1.2.3.4 + + You can 'omit' parameters by using '-'. + + Example: ACTION(REDIRECT,-,info) + + In the above example, $2 would expand to nothing.
@@ -542,7 +548,8 @@ bar:debug @params is the list of - parameter values (Shorewall 4.4.16 and later). + parameter values (Shorewall 4.4.16 and later). 'Omitted' parameters + contain '-'.