extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-02-17 10:11:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Accurately determine if an inline action generates a rule.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-01-28 20:46:20 -08:00
parent 49166efdca
commit 42f46ea5e7
1 changed files with 77 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

145
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -158,6 +158,7 @@ our %auditpolicies = ( ACCEPT => 1,
our @columns; our @columns;
our @columnstack; our @columnstack;
our $actionresult;
# #
# Rather than initializing globals in an INIT block or during declaration, # Rather than initializing globals in an INIT block or during declaration,
@ -2469,7 +2470,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$$ ) {
$macro_nest_level--; $macro_nest_level--;
return $generated; return $generated || $actionresult;
} }
# #
# Generate Fixed part of the rule # Generate Fixed part of the rule
@ -2651,6 +2652,7 @@ sub perl_action_helper($$) {
my ( $target, $matches ) = @_; my ( $target, $matches ) = @_;
my $action = $actparms{action}; my $action = $actparms{action};
my $chainref = $actparms{0}; my $chainref = $actparms{0};
my $result;
assert( $chainref ); assert( $chainref );
@ -2661,27 +2663,29 @@ sub perl_action_helper($$) {
'', '',
@columns ); @columns );
} else { } else {
process_rule1( $chainref, $result = process_rule1( $chainref,
$matches, $matches,
$target, $target,
'', # Current Param '', # Current Param
'-', # Source '-', # Source
'-', # Dest '-', # Dest
'-', # Proto '-', # Proto
'-', # Port(s) '-', # Port(s)
'-', # Source Port(s) '-', # Source Port(s)
'-', # Original Dest '-', # Original Dest
'-', # Rate Limit '-', # Rate Limit
'-', # User '-', # User
'-', # Mark '-', # Mark
'-', # Connlimit '-', # Connlimit
'-', # Time '-', # Time
'-', # Headers, '-', # Headers,
'-', # condition, '-', # condition,
'-', # helper, '-', # helper,
0, # Wildcard 0, # Wildcard
); );
} }
$actionresult ||= $result;
} }
# #
@ -2691,40 +2695,43 @@ sub perl_action_tcp_helper($$) {
my ( $target, $proto ) = @_; my ( $target, $proto ) = @_;
my $action = $actparms{action}; my $action = $actparms{action};
my $chainref = $actparms{0}; my $chainref = $actparms{0};
my $result;
assert( $chainref ); assert( $chainref );
if ( $inlines{$action} ) { if ( $inlines{$action} ) {
&process_rule1( $chainref, $result = &process_rule1( $chainref,
$proto, $proto,
$target, $target,
'', '',
@columns[0,1], @columns[0,1],
'-', '-',
@columns[3..14] @columns[3..14]
); );
} else { } else {
process_rule1( $chainref, $result = process_rule1( $chainref,
$proto, $proto,
$target, $target,
'', # Current Param '', # Current Param
'-', # Source '-', # Source
'-', # Dest '-', # Dest
"-", # Proto "-", # Proto
'-', # Port(s) '-', # Port(s)
'-', # Source Port(s) '-', # Source Port(s)
'-', # Original Dest '-', # Original Dest
'-', # Rate Limit '-', # Rate Limit
'-', # User '-', # User
'-', # Mark '-', # Mark
'-', # Connlimit '-', # Connlimit
'-', # Time '-', # Time
'-', # Headers, '-', # Headers,
'-', # condition, '-', # condition,
'-', # helper, '-', # helper,
0, # Wildcard 0, # Wildcard
); );
} }
$actionresult ||= $result;
} }
# #
@ -2872,25 +2879,27 @@ sub process_rule ( ) {
if ( ! $wild || $intrazone || ( $sourcezone ne $destzone ) ) { if ( ! $wild || $intrazone || ( $sourcezone ne $destzone ) ) {
for my $proto ( @protos ) { for my $proto ( @protos ) {
for my $user ( @users ) { for my $user ( @users ) {
$generated |= process_rule1( undef, if ( process_rule1( undef,
'', '',
$target, $target,
'', '',
$source, $source,
$dest, $dest,
$proto, $proto,
$ports, $ports,
$sports, $sports,
$origdest, $origdest,
$ratelimit, $ratelimit,
$user, $user,
$mark, $mark,
$connlimit, $connlimit,
$time, $time,
$headers, $headers,
$condition, $condition,
$helper, $helper,
$wild ); $wild ) ) {
$generated = 1;
}
} }
} }
} }