From 44c9717a67286356303d2f99c696d0c15cff26b5 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Thu, 7 Feb 2008 22:34:27 +0000
Subject: [PATCH] Add back 'complex' zone attribute but don't use it yet

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8165 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall-perl/Shorewall/Zones.pm | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/Shorewall-perl/Shorewall/Zones.pm b/Shorewall-perl/Shorewall/Zones.pm
index 587271bcb..7ab5e9973 100644
--- a/Shorewall-perl/Shorewall/Zones.pm
+++ b/Shorewall-perl/Shorewall/Zones.pm
@@ -45,6 +45,7 @@ our @EXPORT = qw( NOTHING
 		  defined_zone
 		  zone_type
 		  all_zones
+		  complex_zones
 		  non_firewall_zones
 		  single_interface
 		  validate_interfaces_file
@@ -82,7 +83,8 @@ use constant { NOTHING    => 'NOTHING',
 #     @zones contains the ordered list of zones with sub-zones appearing before their parents.
 #
 #     %zones{<zone1> => {type = >      <zone type>       'firewall', 'ipv4', 'ipsec4', 'bport4';
-#                        options =>    {  nested  => 0|1
+#                        options =>    { complex => 0|1
+#                                        nested  => 0|1
 #                                        in_out  => < policy match string >
 #                                        in      => < policy match string >
 #                                        out     => < policy match string >
@@ -300,6 +302,7 @@ sub determine_zones()
 			  options    => { in_out  => parse_zone_option_list( $options || '', $type ) ,
 					  in      => parse_zone_option_list( $in_options || '', $type ) ,
 					  out     => parse_zone_option_list( $out_options || '', $type ) ,
+					  complex => ($type eq 'ipsec4' || $options || $in_options || $out_options ? 1 : 0) } ,
 					  nested  => @parents > 0 } ,
 			  interfaces => {} ,
 			  children   => [] ,
@@ -497,6 +500,8 @@ sub add_group_to_zone($$$$$)
     $interfaceref = ( $typeref->{$type}           || ( $interfaceref = $typeref->{$type} = {} ) );
     $arrayref     = ( $interfaceref->{$interface} || ( $interfaceref->{$interface} = [] ) );
 
+    $zoneref->{options}{complex} = 1 if @$arrayref || ( @newnetworks > 1 ) || ( @exclusions );
+    
     push @{$zoneref->{exclusions}}, @exclusions;
 
     push @{$arrayref}, { options => $options,
@@ -534,6 +539,10 @@ sub non_firewall_zones() {
    grep ( $zones{$_}{type} ne 'firewall'  ,  @zones );
 }
 
+sub complex_zones() {
+    grep( $zones{$_}{options}{complex} , @zones );
+}
+
 sub firewall_zone() {
     $firewall_zone;
 }
@@ -936,6 +945,7 @@ sub validate_hosts_file()
 	if ( $hosts =~ /^([\w.@%-]+\+?):(.*)$/ ) {
 	    $interface = $1;
 	    $hosts = $2;
+	    $zoneref->{options}{complex} = 1 if $hosts =~ /^\+/;
 	    fatal_error "Unknown interface ($interface)" unless $interfaces{$interface}{root};
 	} else {
 	    fatal_error "Invalid HOST(S) column contents: $hosts";
@@ -960,6 +970,7 @@ sub validate_hosts_file()
 	    {
 		if ( $option eq 'ipsec' ) {
 		    $type = 'ipsec4';
+		    $zoneref->{options}{complex} = 1;
 		    $ipsec = 1;
 		} elsif ( $validoptions{$option}) {
 		    $options{$option} = 1;