Correct SetEvent and ResetEvent

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2025-01-03 12:09:14 +01:00 · 2015-04-25 12:56:36 -07:00 · 2015-04-25 12:56:36 -07:00 · 42f75f7ba2
commit 42f75f7ba2
parent 3ae243b882
3 changed files with 36 additions and 17 deletions
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@ -712,7 +712,7 @@ sub process_policies()
 #
 # Policy Rule application
 #
-sub process_inline ($$$$$$$$$$$$$$$$$$$$$);
+sub process_inline ($$$$$$$$$$$$$$$$$$$$$$);

 sub add_policy_rules( $$$$$ ) {
    my ( $chainref , $target, $loglevel, $default, $dropmulticast ) = @_;
@ -737,6 +737,7 @@ sub add_policy_rules( $$$$$ ) {
 		process_inline( $action,      #Inline
 				$chainref,    #Chain
 				'',           #Matches
+				'',           #Matches1
 				$loglevel,    #Log Level and Tag
 				$default,     #Target
 				$param || '', #Param
@ -1622,7 +1623,7 @@ my %builtinops = ( 'dropBcast'      => \&dropBcast,
 		   'Limit'          => \&Limit,
 		 );

-sub process_rule ( $$$$$$$$$$$$$$$$$$$ );
+sub process_rule ( $$$$$$$$$$$$$$$$$$$$ );

 #
 # Populate an action invocation chain. As new action tuples are encountered,
@ -1686,6 +1687,7 @@ sub process_action($$) {
 	}

 	process_rule( $chainref,
+		      '',
 		      '',
 		      $nolog ? $target : merge_levels( join(':', @actparms{'chain','loglevel','logtag'}), $target ),
 		      '',
@ -1874,6 +1876,7 @@ sub process_reject_action() {
 	process_inline( $action,      #Inline
 			$rejectref,   #Chain
 			'',           #Matches
+			'',           #Matches1
 			'',           #Log Level and Tag
 			$action,      #Target
 		        '',           #Param
@ -1902,8 +1905,8 @@ sub process_reject_action() {
 #
 # Expand a macro rule from the rules file
 #
-sub process_macro ($$$$$$$$$$$$$$$$$$$$) {
-    my ($macro, $chainref, $matches, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper, $wildcard ) = @_;
+sub process_macro ($$$$$$$$$$$$$$$$$$$$$) {
+    my ($macro, $chainref, $matches, $matches1, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper, $wildcard ) = @_;

    my $generated = 0;

@ -2002,7 +2005,8 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$$) {

 	$generated |= process_rule(
 				   $chainref,
-				   $matches,
+	                           $matches,
+	                           $matches1,
 				   $mtarget,
 				   $param,
 				   $msource,
@ -2035,8 +2039,8 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$$) {
 #
 # Expand an inline action rule from the rules file
 #
-sub process_inline ($$$$$$$$$$$$$$$$$$$$$) {
-    my ($inline, $chainref, $matches, $loglevel, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper, $wildcard ) = @_;
+sub process_inline ($$$$$$$$$$$$$$$$$$$$$$) {
+    my ($inline, $chainref, $matches, $matches1, $loglevel, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper, $wildcard ) = @_;

    my $generated = 0;

@ -2126,7 +2130,8 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$$$) {

 	$generated |= process_rule(
 				   $chainref,
-				   $matches,
+	                           $matches,
+	                           $matches1,
 				   $mtarget,
 				   $param,
 				   $msource,
@ -2179,9 +2184,10 @@ sub verify_audit($;$$) {
 # reference is also passed when rules are being generated during processing of a macro used as a default action.
 #

-sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
+sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
    my ( $chainref,   #reference to Action Chain if we are being called from process_action(); undef otherwise
 	 $rule,       #Matches
+	 $matches1,   #Matches after the ones generated by the columns
 	 $target,
 	 $current_param,
 	 $source,
@ -2246,6 +2252,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
 	my $generated = process_macro( $basictarget,
 				       $chainref,
 				       $rule . $raw_matches,
+				       $matches1,
 				       $target,
 				       $current_param,
 				       $source,
@ -2649,6 +2656,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
 	my $generated = process_inline( $basictarget,
 					$chainref,
 					$rule . $raw_matches,
+					$matches1,
 					$loglevel,
 					$target,
 					$current_param,
@ -2703,7 +2711,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
 		       do_headers( $headers ) ,
 		       do_condition( $condition , $chain ) ,
 		       do_helper( $helper ) ,
-		       $raw_matches ,
+		       $matches1 . $raw_matches ,
 		     );
    } else {
 	$rule .= join( '',
@ -2715,7 +2723,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
 		       do_time( $time ) ,
 		       do_headers( $headers ) ,
 		       do_condition( $condition , $chain ) ,
-		       $raw_matches ,
+		       $matches1 . $raw_matches ,
 		     );
    }

@ -2960,8 +2968,8 @@ sub merge_target( $$ ) {
 #
 # May be called by Perl code in action bodies (regular and inline) to generate a rule.
 #
-sub perl_action_helper($$;$) {
-    my ( $target, $matches, $isstatematch ) = @_;
+sub perl_action_helper($$;$$) {
+    my ( $target, $matches, $isstatematch , $matches1 ) = @_;
    my $action   = $actparms{action};
    my $chainref = $actparms{0};
    my $result;
@ -2970,6 +2978,12 @@ sub perl_action_helper($$;$) {

    $matches .= ' ' unless $matches =~ /^(?:.+\s)?$/;

+    if ( $matches1 ) {
+	$matches1 .= ' ' unless $matches1 =~ /^(?:.+\s)?$/;
+    } else {
+	$matches1 = '';
+    }
+
    set_inline_matches( $target =~ /^INLINE(?::.*)?$/ ? $matches : '' );

    if ( $isstatematch ) {
@ -2993,6 +3007,7 @@ sub perl_action_helper($$;$) {
    if ( my $ref = $inlines{$action} ) {
 	$result = &process_rule( $chainref,
 				 $matches,
+				 $matches1,
 				 merge_target( $ref, $target ),
 				 '',                              # CurrentParam
 				 @columns );
@ -3001,6 +3016,7 @@ sub perl_action_helper($$;$) {

 	$result = process_rule( $chainref,
 				$matches,
+				$matches1,
 				merge_target( $actions{$action}, $target ),
 				'',                               # Current Param
 				'-',                              # Source
@ -3052,6 +3068,7 @@ sub perl_action_tcp_helper($$) {
 	if ( my $ref = $inlines{$action} ) {
 	    $result = &process_rule( $chainref,
 				     $proto,
+				     '',
 				     merge_target( $ref, $target ),
 				     '',
 				     @columns[0,1],
@ -3061,6 +3078,7 @@ sub perl_action_tcp_helper($$) {
 	} else {
 	    $result = process_rule( $chainref,
 				    $proto,
+				    '',
 				    merge_target( $actions{$action}, $target ),
 				    '',                               # Current Param
 				    '-',                              # Source
@ -3254,6 +3272,7 @@ sub process_raw_rule ( ) {
 		for my $proto ( @protos ) {
 		    for my $user ( @users ) {
 			if ( process_rule( undef,
+					   '',
 					   '',
 					   $target,
 					   '',
--- a/Shorewall/action.ResetEvent
+++ b/Shorewall/action.ResetEvent
@ -41,9 +41,9 @@ set_action_disposition( $disposition) if supplied $disposition;
 set_action_name_to_caller;

 if ( $destination eq 'dst' ) {
-    perl_action_helper( $action, "-m recent --name $event --remove --rdest" );
+    perl_action_helper( $action, '', '', "-m recent --name $event --remove --rdest" );
 } else {
-    perl_action_helper( $action, "-m recent --name $event --remove --rsource" );
+    perl_action_helper( $action, '', '', "-m recent --name $event --remove --rsource" );
 }

 1;
--- a/Shorewall/action.SetEvent
+++ b/Shorewall/action.SetEvent
@ -41,9 +41,9 @@ set_action_disposition( $disposition) if supplied $disposition;
 set_action_name_to_caller;

 if ( $destination eq 'dst' ) {
-    perl_action_helper( $action, "-m recent --name $event --set --rdest" );
+    perl_action_helper( $action, '', '', "-m recent --name $event --set --rdest" );
 } else {
-    perl_action_helper( $action, "-m recent --name $event --set --rsource" );
+    perl_action_helper( $action, '', '', "-m recent --name $event --set --rsource" );
 }

 1;