extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-03 12:09:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Correct SetEvent and ResetEvent

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2015-04-25 12:56:36 -07:00
parent 3ae243b882
commit 42f75f7ba2
3 changed files with 36 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -712,7 +712,7 @@ sub process_policies()
# #
# Policy Rule application # Policy Rule application
# #
sub process_inline ($$$$$$$$$$$$$$$$$$$$$); sub process_inline ($$$$$$$$$$$$$$$$$$$$$$);
sub add_policy_rules( $$$$$ ) { sub add_policy_rules( $$$$$ ) {
my ( $chainref , $target, $loglevel, $default, $dropmulticast ) = @_; my ( $chainref , $target, $loglevel, $default, $dropmulticast ) = @_;
@ -737,6 +737,7 @@ sub add_policy_rules( $$$$$ ) {
process_inline( $action, #Inline process_inline( $action, #Inline
$chainref, #Chain $chainref, #Chain
'', #Matches '', #Matches
'', #Matches1
$loglevel, #Log Level and Tag $loglevel, #Log Level and Tag
$default, #Target $default, #Target
$param || '', #Param $param || '', #Param
@ -1622,7 +1623,7 @@ my %builtinops = ( 'dropBcast' => \&dropBcast,
'Limit' => \&Limit, 'Limit' => \&Limit,
); );
sub process_rule ( $$$$$$$$$$$$$$$$$$$ ); sub process_rule ( $$$$$$$$$$$$$$$$$$$$ );
# #
# Populate an action invocation chain. As new action tuples are encountered, # Populate an action invocation chain. As new action tuples are encountered,
@ -1686,6 +1687,7 @@ sub process_action($$) {
} }
process_rule( $chainref, process_rule( $chainref,
'',
'', '',
$nolog ? $target : merge_levels( join(':', @actparms{'chain','loglevel','logtag'}), $target ), $nolog ? $target : merge_levels( join(':', @actparms{'chain','loglevel','logtag'}), $target ),
'', '',
@ -1874,6 +1876,7 @@ sub process_reject_action() {
process_inline( $action, #Inline process_inline( $action, #Inline
$rejectref, #Chain $rejectref, #Chain
'', #Matches '', #Matches
'', #Matches1
'', #Log Level and Tag '', #Log Level and Tag
$action, #Target $action, #Target
'', #Param '', #Param
@ -1902,8 +1905,8 @@ sub process_reject_action() {
# #
# Expand a macro rule from the rules file # Expand a macro rule from the rules file
# #
sub process_macro ($$$$$$$$$$$$$$$$$$$$) { sub process_macro ($$$$$$$$$$$$$$$$$$$$$) {
my ($macro, $chainref, $matches, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper, $wildcard ) = @_; my ($macro, $chainref, $matches, $matches1, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper, $wildcard ) = @_;
my $generated = 0; my $generated = 0;
@ -2002,7 +2005,8 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$$) {
$generated |= process_rule( $generated |= process_rule(
$chainref, $chainref,
$matches, $matches,
$matches1,
$mtarget, $mtarget,
$param, $param,
$msource, $msource,
@ -2035,8 +2039,8 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$$) {
# #
# Expand an inline action rule from the rules file # Expand an inline action rule from the rules file
# #
sub process_inline ($$$$$$$$$$$$$$$$$$$$$) { sub process_inline ($$$$$$$$$$$$$$$$$$$$$$) {
my ($inline, $chainref, $matches, $loglevel, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper, $wildcard ) = @_; my ($inline, $chainref, $matches, $matches1, $loglevel, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper, $wildcard ) = @_;
my $generated = 0; my $generated = 0;
@ -2126,7 +2130,8 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$$$) {
$generated |= process_rule( $generated |= process_rule(
$chainref, $chainref,
$matches, $matches,
$matches1,
$mtarget, $mtarget,
$param, $param,
$msource, $msource,
@ -2179,9 +2184,10 @@ sub verify_audit($;$$) {
# reference is also passed when rules are being generated during processing of a macro used as a default action. # reference is also passed when rules are being generated during processing of a macro used as a default action.
# #
sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) { sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
my ( $chainref, #reference to Action Chain if we are being called from process_action(); undef otherwise my ( $chainref, #reference to Action Chain if we are being called from process_action(); undef otherwise
$rule, #Matches $rule, #Matches
$matches1, #Matches after the ones generated by the columns
$target, $target,
$current_param, $current_param,
$source, $source,
@ -2246,6 +2252,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
my $generated = process_macro( $basictarget, my $generated = process_macro( $basictarget,
$chainref, $chainref,
$rule . $raw_matches, $rule . $raw_matches,
$matches1,
$target, $target,
$current_param, $current_param,
$source, $source,
@ -2649,6 +2656,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
my $generated = process_inline( $basictarget, my $generated = process_inline( $basictarget,
$chainref, $chainref,
$rule . $raw_matches, $rule . $raw_matches,
$matches1,
$loglevel, $loglevel,
$target, $target,
$current_param, $current_param,
@ -2703,7 +2711,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
do_headers( $headers ) , do_headers( $headers ) ,
do_condition( $condition , $chain ) , do_condition( $condition , $chain ) ,
do_helper( $helper ) , do_helper( $helper ) ,
$raw_matches , $matches1 . $raw_matches ,
); );
} else { } else {
$rule .= join( '', $rule .= join( '',
@ -2715,7 +2723,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
do_time( $time ) , do_time( $time ) ,
do_headers( $headers ) , do_headers( $headers ) ,
do_condition( $condition , $chain ) , do_condition( $condition , $chain ) ,
$raw_matches , $matches1 . $raw_matches ,
); );
} }
@ -2960,8 +2968,8 @@ sub merge_target( $$ ) {
# #
# May be called by Perl code in action bodies (regular and inline) to generate a rule. # May be called by Perl code in action bodies (regular and inline) to generate a rule.
# #
sub perl_action_helper($$;$) { sub perl_action_helper($$;$$) {
my ( $target, $matches, $isstatematch ) = @_; my ( $target, $matches, $isstatematch , $matches1 ) = @_;
my $action = $actparms{action}; my $action = $actparms{action};
my $chainref = $actparms{0}; my $chainref = $actparms{0};
my $result; my $result;
@ -2970,6 +2978,12 @@ sub perl_action_helper($$;$) {
$matches .= ' ' unless $matches =~ /^(?:.+\s)?$/; $matches .= ' ' unless $matches =~ /^(?:.+\s)?$/;
if ( $matches1 ) {
$matches1 .= ' ' unless $matches1 =~ /^(?:.+\s)?$/;
} else {
$matches1 = '';
}
set_inline_matches( $target =~ /^INLINE(?::.*)?$/ ? $matches : '' ); set_inline_matches( $target =~ /^INLINE(?::.*)?$/ ? $matches : '' );
if ( $isstatematch ) { if ( $isstatematch ) {
@ -2993,6 +3007,7 @@ sub perl_action_helper($$;$) {
if ( my $ref = $inlines{$action} ) { if ( my $ref = $inlines{$action} ) {
$result = &process_rule( $chainref, $result = &process_rule( $chainref,
$matches, $matches,
$matches1,
merge_target( $ref, $target ), merge_target( $ref, $target ),
'', # CurrentParam '', # CurrentParam
@columns ); @columns );
@ -3001,6 +3016,7 @@ sub perl_action_helper($$;$) {
$result = process_rule( $chainref, $result = process_rule( $chainref,
$matches, $matches,
$matches1,
merge_target( $actions{$action}, $target ), merge_target( $actions{$action}, $target ),
'', # Current Param '', # Current Param
'-', # Source '-', # Source
@ -3052,6 +3068,7 @@ sub perl_action_tcp_helper($$) {
if ( my $ref = $inlines{$action} ) { if ( my $ref = $inlines{$action} ) {
$result = &process_rule( $chainref, $result = &process_rule( $chainref,
$proto, $proto,
'',
merge_target( $ref, $target ), merge_target( $ref, $target ),
'', '',
@columns[0,1], @columns[0,1],
@ -3061,6 +3078,7 @@ sub perl_action_tcp_helper($$) {
} else { } else {
$result = process_rule( $chainref, $result = process_rule( $chainref,
$proto, $proto,
'',
merge_target( $actions{$action}, $target ), merge_target( $actions{$action}, $target ),
'', # Current Param '', # Current Param
'-', # Source '-', # Source
@ -3254,6 +3272,7 @@ sub process_raw_rule ( ) {
for my $proto ( @protos ) { for my $proto ( @protos ) {
for my $user ( @users ) { for my $user ( @users ) {
if ( process_rule( undef, if ( process_rule( undef,
'',
'', '',
$target, $target,
'', '',

4
Shorewall/action.ResetEvent
View File

@ -41,9 +41,9 @@ set_action_disposition( $disposition) if supplied $disposition;
set_action_name_to_caller; set_action_name_to_caller;
if ( $destination eq 'dst' ) { if ( $destination eq 'dst' ) {
perl_action_helper( $action, "-m recent --name $event --remove --rdest" ); perl_action_helper( $action, '', '', "-m recent --name $event --remove --rdest" );
} else { } else {
perl_action_helper( $action, "-m recent --name $event --remove --rsource" ); perl_action_helper( $action, '', '', "-m recent --name $event --remove --rsource" );
} }
1; 1;

4
Shorewall/action.SetEvent
View File

@ -41,9 +41,9 @@ set_action_disposition( $disposition) if supplied $disposition;
set_action_name_to_caller; set_action_name_to_caller;
if ( $destination eq 'dst' ) { if ( $destination eq 'dst' ) {
perl_action_helper( $action, "-m recent --name $event --set --rdest" ); perl_action_helper( $action, '', '', "-m recent --name $event --set --rdest" );
} else { } else {
perl_action_helper( $action, "-m recent --name $event --set --rsource" ); perl_action_helper( $action, '', '', "-m recent --name $event --set --rsource" );
} }
1; 1;