mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-05 13:08:50 +01:00
Correct SetEvent and ResetEvent
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
3ae243b882
commit
42f75f7ba2
@ -712,7 +712,7 @@ sub process_policies()
|
|||||||
#
|
#
|
||||||
# Policy Rule application
|
# Policy Rule application
|
||||||
#
|
#
|
||||||
sub process_inline ($$$$$$$$$$$$$$$$$$$$$);
|
sub process_inline ($$$$$$$$$$$$$$$$$$$$$$);
|
||||||
|
|
||||||
sub add_policy_rules( $$$$$ ) {
|
sub add_policy_rules( $$$$$ ) {
|
||||||
my ( $chainref , $target, $loglevel, $default, $dropmulticast ) = @_;
|
my ( $chainref , $target, $loglevel, $default, $dropmulticast ) = @_;
|
||||||
@ -737,6 +737,7 @@ sub add_policy_rules( $$$$$ ) {
|
|||||||
process_inline( $action, #Inline
|
process_inline( $action, #Inline
|
||||||
$chainref, #Chain
|
$chainref, #Chain
|
||||||
'', #Matches
|
'', #Matches
|
||||||
|
'', #Matches1
|
||||||
$loglevel, #Log Level and Tag
|
$loglevel, #Log Level and Tag
|
||||||
$default, #Target
|
$default, #Target
|
||||||
$param || '', #Param
|
$param || '', #Param
|
||||||
@ -1622,7 +1623,7 @@ my %builtinops = ( 'dropBcast' => \&dropBcast,
|
|||||||
'Limit' => \&Limit,
|
'Limit' => \&Limit,
|
||||||
);
|
);
|
||||||
|
|
||||||
sub process_rule ( $$$$$$$$$$$$$$$$$$$ );
|
sub process_rule ( $$$$$$$$$$$$$$$$$$$$ );
|
||||||
|
|
||||||
#
|
#
|
||||||
# Populate an action invocation chain. As new action tuples are encountered,
|
# Populate an action invocation chain. As new action tuples are encountered,
|
||||||
@ -1686,6 +1687,7 @@ sub process_action($$) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
process_rule( $chainref,
|
process_rule( $chainref,
|
||||||
|
'',
|
||||||
'',
|
'',
|
||||||
$nolog ? $target : merge_levels( join(':', @actparms{'chain','loglevel','logtag'}), $target ),
|
$nolog ? $target : merge_levels( join(':', @actparms{'chain','loglevel','logtag'}), $target ),
|
||||||
'',
|
'',
|
||||||
@ -1874,6 +1876,7 @@ sub process_reject_action() {
|
|||||||
process_inline( $action, #Inline
|
process_inline( $action, #Inline
|
||||||
$rejectref, #Chain
|
$rejectref, #Chain
|
||||||
'', #Matches
|
'', #Matches
|
||||||
|
'', #Matches1
|
||||||
'', #Log Level and Tag
|
'', #Log Level and Tag
|
||||||
$action, #Target
|
$action, #Target
|
||||||
'', #Param
|
'', #Param
|
||||||
@ -1902,8 +1905,8 @@ sub process_reject_action() {
|
|||||||
#
|
#
|
||||||
# Expand a macro rule from the rules file
|
# Expand a macro rule from the rules file
|
||||||
#
|
#
|
||||||
sub process_macro ($$$$$$$$$$$$$$$$$$$$) {
|
sub process_macro ($$$$$$$$$$$$$$$$$$$$$) {
|
||||||
my ($macro, $chainref, $matches, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper, $wildcard ) = @_;
|
my ($macro, $chainref, $matches, $matches1, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper, $wildcard ) = @_;
|
||||||
|
|
||||||
my $generated = 0;
|
my $generated = 0;
|
||||||
|
|
||||||
@ -2002,7 +2005,8 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$$) {
|
|||||||
|
|
||||||
$generated |= process_rule(
|
$generated |= process_rule(
|
||||||
$chainref,
|
$chainref,
|
||||||
$matches,
|
$matches,
|
||||||
|
$matches1,
|
||||||
$mtarget,
|
$mtarget,
|
||||||
$param,
|
$param,
|
||||||
$msource,
|
$msource,
|
||||||
@ -2035,8 +2039,8 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$$) {
|
|||||||
#
|
#
|
||||||
# Expand an inline action rule from the rules file
|
# Expand an inline action rule from the rules file
|
||||||
#
|
#
|
||||||
sub process_inline ($$$$$$$$$$$$$$$$$$$$$) {
|
sub process_inline ($$$$$$$$$$$$$$$$$$$$$$) {
|
||||||
my ($inline, $chainref, $matches, $loglevel, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper, $wildcard ) = @_;
|
my ($inline, $chainref, $matches, $matches1, $loglevel, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper, $wildcard ) = @_;
|
||||||
|
|
||||||
my $generated = 0;
|
my $generated = 0;
|
||||||
|
|
||||||
@ -2126,7 +2130,8 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$$$) {
|
|||||||
|
|
||||||
$generated |= process_rule(
|
$generated |= process_rule(
|
||||||
$chainref,
|
$chainref,
|
||||||
$matches,
|
$matches,
|
||||||
|
$matches1,
|
||||||
$mtarget,
|
$mtarget,
|
||||||
$param,
|
$param,
|
||||||
$msource,
|
$msource,
|
||||||
@ -2179,9 +2184,10 @@ sub verify_audit($;$$) {
|
|||||||
# reference is also passed when rules are being generated during processing of a macro used as a default action.
|
# reference is also passed when rules are being generated during processing of a macro used as a default action.
|
||||||
#
|
#
|
||||||
|
|
||||||
sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
|
sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
|
||||||
my ( $chainref, #reference to Action Chain if we are being called from process_action(); undef otherwise
|
my ( $chainref, #reference to Action Chain if we are being called from process_action(); undef otherwise
|
||||||
$rule, #Matches
|
$rule, #Matches
|
||||||
|
$matches1, #Matches after the ones generated by the columns
|
||||||
$target,
|
$target,
|
||||||
$current_param,
|
$current_param,
|
||||||
$source,
|
$source,
|
||||||
@ -2246,6 +2252,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
|
|||||||
my $generated = process_macro( $basictarget,
|
my $generated = process_macro( $basictarget,
|
||||||
$chainref,
|
$chainref,
|
||||||
$rule . $raw_matches,
|
$rule . $raw_matches,
|
||||||
|
$matches1,
|
||||||
$target,
|
$target,
|
||||||
$current_param,
|
$current_param,
|
||||||
$source,
|
$source,
|
||||||
@ -2649,6 +2656,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
|
|||||||
my $generated = process_inline( $basictarget,
|
my $generated = process_inline( $basictarget,
|
||||||
$chainref,
|
$chainref,
|
||||||
$rule . $raw_matches,
|
$rule . $raw_matches,
|
||||||
|
$matches1,
|
||||||
$loglevel,
|
$loglevel,
|
||||||
$target,
|
$target,
|
||||||
$current_param,
|
$current_param,
|
||||||
@ -2703,7 +2711,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
|
|||||||
do_headers( $headers ) ,
|
do_headers( $headers ) ,
|
||||||
do_condition( $condition , $chain ) ,
|
do_condition( $condition , $chain ) ,
|
||||||
do_helper( $helper ) ,
|
do_helper( $helper ) ,
|
||||||
$raw_matches ,
|
$matches1 . $raw_matches ,
|
||||||
);
|
);
|
||||||
} else {
|
} else {
|
||||||
$rule .= join( '',
|
$rule .= join( '',
|
||||||
@ -2715,7 +2723,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
|
|||||||
do_time( $time ) ,
|
do_time( $time ) ,
|
||||||
do_headers( $headers ) ,
|
do_headers( $headers ) ,
|
||||||
do_condition( $condition , $chain ) ,
|
do_condition( $condition , $chain ) ,
|
||||||
$raw_matches ,
|
$matches1 . $raw_matches ,
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2960,8 +2968,8 @@ sub merge_target( $$ ) {
|
|||||||
#
|
#
|
||||||
# May be called by Perl code in action bodies (regular and inline) to generate a rule.
|
# May be called by Perl code in action bodies (regular and inline) to generate a rule.
|
||||||
#
|
#
|
||||||
sub perl_action_helper($$;$) {
|
sub perl_action_helper($$;$$) {
|
||||||
my ( $target, $matches, $isstatematch ) = @_;
|
my ( $target, $matches, $isstatematch , $matches1 ) = @_;
|
||||||
my $action = $actparms{action};
|
my $action = $actparms{action};
|
||||||
my $chainref = $actparms{0};
|
my $chainref = $actparms{0};
|
||||||
my $result;
|
my $result;
|
||||||
@ -2970,6 +2978,12 @@ sub perl_action_helper($$;$) {
|
|||||||
|
|
||||||
$matches .= ' ' unless $matches =~ /^(?:.+\s)?$/;
|
$matches .= ' ' unless $matches =~ /^(?:.+\s)?$/;
|
||||||
|
|
||||||
|
if ( $matches1 ) {
|
||||||
|
$matches1 .= ' ' unless $matches1 =~ /^(?:.+\s)?$/;
|
||||||
|
} else {
|
||||||
|
$matches1 = '';
|
||||||
|
}
|
||||||
|
|
||||||
set_inline_matches( $target =~ /^INLINE(?::.*)?$/ ? $matches : '' );
|
set_inline_matches( $target =~ /^INLINE(?::.*)?$/ ? $matches : '' );
|
||||||
|
|
||||||
if ( $isstatematch ) {
|
if ( $isstatematch ) {
|
||||||
@ -2993,6 +3007,7 @@ sub perl_action_helper($$;$) {
|
|||||||
if ( my $ref = $inlines{$action} ) {
|
if ( my $ref = $inlines{$action} ) {
|
||||||
$result = &process_rule( $chainref,
|
$result = &process_rule( $chainref,
|
||||||
$matches,
|
$matches,
|
||||||
|
$matches1,
|
||||||
merge_target( $ref, $target ),
|
merge_target( $ref, $target ),
|
||||||
'', # CurrentParam
|
'', # CurrentParam
|
||||||
@columns );
|
@columns );
|
||||||
@ -3001,6 +3016,7 @@ sub perl_action_helper($$;$) {
|
|||||||
|
|
||||||
$result = process_rule( $chainref,
|
$result = process_rule( $chainref,
|
||||||
$matches,
|
$matches,
|
||||||
|
$matches1,
|
||||||
merge_target( $actions{$action}, $target ),
|
merge_target( $actions{$action}, $target ),
|
||||||
'', # Current Param
|
'', # Current Param
|
||||||
'-', # Source
|
'-', # Source
|
||||||
@ -3052,6 +3068,7 @@ sub perl_action_tcp_helper($$) {
|
|||||||
if ( my $ref = $inlines{$action} ) {
|
if ( my $ref = $inlines{$action} ) {
|
||||||
$result = &process_rule( $chainref,
|
$result = &process_rule( $chainref,
|
||||||
$proto,
|
$proto,
|
||||||
|
'',
|
||||||
merge_target( $ref, $target ),
|
merge_target( $ref, $target ),
|
||||||
'',
|
'',
|
||||||
@columns[0,1],
|
@columns[0,1],
|
||||||
@ -3061,6 +3078,7 @@ sub perl_action_tcp_helper($$) {
|
|||||||
} else {
|
} else {
|
||||||
$result = process_rule( $chainref,
|
$result = process_rule( $chainref,
|
||||||
$proto,
|
$proto,
|
||||||
|
'',
|
||||||
merge_target( $actions{$action}, $target ),
|
merge_target( $actions{$action}, $target ),
|
||||||
'', # Current Param
|
'', # Current Param
|
||||||
'-', # Source
|
'-', # Source
|
||||||
@ -3254,6 +3272,7 @@ sub process_raw_rule ( ) {
|
|||||||
for my $proto ( @protos ) {
|
for my $proto ( @protos ) {
|
||||||
for my $user ( @users ) {
|
for my $user ( @users ) {
|
||||||
if ( process_rule( undef,
|
if ( process_rule( undef,
|
||||||
|
'',
|
||||||
'',
|
'',
|
||||||
$target,
|
$target,
|
||||||
'',
|
'',
|
||||||
|
@ -41,9 +41,9 @@ set_action_disposition( $disposition) if supplied $disposition;
|
|||||||
set_action_name_to_caller;
|
set_action_name_to_caller;
|
||||||
|
|
||||||
if ( $destination eq 'dst' ) {
|
if ( $destination eq 'dst' ) {
|
||||||
perl_action_helper( $action, "-m recent --name $event --remove --rdest" );
|
perl_action_helper( $action, '', '', "-m recent --name $event --remove --rdest" );
|
||||||
} else {
|
} else {
|
||||||
perl_action_helper( $action, "-m recent --name $event --remove --rsource" );
|
perl_action_helper( $action, '', '', "-m recent --name $event --remove --rsource" );
|
||||||
}
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
@ -41,9 +41,9 @@ set_action_disposition( $disposition) if supplied $disposition;
|
|||||||
set_action_name_to_caller;
|
set_action_name_to_caller;
|
||||||
|
|
||||||
if ( $destination eq 'dst' ) {
|
if ( $destination eq 'dst' ) {
|
||||||
perl_action_helper( $action, "-m recent --name $event --set --rdest" );
|
perl_action_helper( $action, '', '', "-m recent --name $event --set --rdest" );
|
||||||
} else {
|
} else {
|
||||||
perl_action_helper( $action, "-m recent --name $event --set --rsource" );
|
perl_action_helper( $action, '', '', "-m recent --name $event --set --rsource" );
|
||||||
}
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
Loading…
Reference in New Issue
Block a user