Correct handling of wildcard interfaces

- chain_base[1] renamed var_base[1] - $chain replaced by $var in renamed functions - replace trailing '+' by '_plus' to provide uniqueness - add sub chain_base() to the Chains module as an identity mapper Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-12-18 12:20:42 +01:00 · 2012-12-28 10:39:19 -08:00 · 2012-12-28 10:39:19 -08:00 · 51deec115b
commit 51deec115b
parent 643f419264
5 changed files with 53 additions and 45 deletions
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@ -1567,6 +1567,14 @@ sub blacklist_chain($$) {
    &rules_chain(@_) . '~';
 }

+#
+# Create the base for a chain involving the passed interface -- we make this a function so it will be
+# easy to change the mapping should the need ever arrive.
+#
+sub chain_base( $ ) {
+    $_[0];
+}
+
 #
 # Forward Chain for an interface
 #
@ -5598,7 +5606,7 @@ sub mark_firewall_not_started() {
 # Returns the name of the shell variable holding the first address of the passed interface
 #
 sub interface_address( $ ) {
-    my $variable = 'sw_' . chain_base( $_[0] ) . '_address';
+    my $variable = 'sw_' . var_base( $_[0] ) . '_address';
    uc $variable;
 }

@ -5623,7 +5631,7 @@ sub get_interface_address ( $ ) {
 # Returns the name of the shell variable holding the broadcast addresses of the passed interface
 #
 sub interface_bcasts( $ ) {
-    my $variable = 'sw_' . chain_base( $_[0] ) . '_bcasts';
+    my $variable = 'sw_' . var_base( $_[0] ) . '_bcasts';
    uc $variable;
 }

@ -5646,7 +5654,7 @@ sub get_interface_bcasts ( $ ) {
 # Returns the name of the shell variable holding the anycast addresses of the passed interface
 #
 sub interface_acasts( $ ) {
-    my $variable = 'sw_' . chain_base( $_[0] ) . '_acasts';
+    my $variable = 'sw_' . var_base( $_[0] ) . '_acasts';
    uc $variable;
 }

@ -5669,7 +5677,7 @@ sub get_interface_acasts ( $ ) {
 # Returns the name of the shell variable holding the gateway through the passed interface
 #
 sub interface_gateway( $ ) {
-    my $variable = 'sw_' . chain_base( $_[0] ) . '_gateway';
+    my $variable = 'sw_' . var_base( $_[0] ) . '_gateway';
    uc $variable;
 }

@ -5701,7 +5709,7 @@ sub get_interface_gateway ( $;$ ) {
 # Returns the name of the shell variable holding the addresses of the passed interface
 #
 sub interface_addresses( $ ) {
-    my $variable = 'sw_' . chain_base( $_[0] ) . '_addresses';
+    my $variable = 'sw_' . var_base( $_[0] ) . '_addresses';
    uc $variable;
 }

@ -5731,7 +5739,7 @@ sub get_interface_addresses ( $ ) {
 # Returns the name of the shell variable holding the networks routed out of the passed interface
 #
 sub interface_nets( $ ) {
-    my $variable = 'sw_' . chain_base( $_[0] ) . '_networks';
+    my $variable = 'sw_' . var_base( $_[0] ) . '_networks';
    uc $variable;
 }

@ -5762,7 +5770,7 @@ sub get_interface_nets ( $ ) {
 # Returns the name of the shell variable holding the MAC address of the gateway for the passed provider out of the passed interface
 #
 sub interface_mac( $$ ) {
-    my $variable = join( '_' , 'sw' , chain_base( $_[0] ) , chain_base( $_[1] ) , 'mac' );
+    my $variable = join( '_' , 'sw' , var_base( $_[0] ) , var_base( $_[1] ) , 'mac' );
    uc $variable;
 }

--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@ -1124,7 +1124,7 @@ sub add_common_rules ( $ ) {

 	    for $interface ( @$list ) {
 		my $chainref = $filter_table->{input_option_chain $interface};
-		my $base     = uc chain_base get_physical $interface;
+		my $base     = uc var_base get_physical $interface;
 		my $optional = interface_is_optional( $interface );
 		my $variable = get_interface_gateway( $interface, ! $optional );

--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@ -658,7 +658,7 @@ sub add_a_provider( $$ ) {
    my $what        = $providerref->{what};
    my $label       = $pseudo ? 'Optional Interface' : 'Provider';

-    my $dev         = chain_base $physical;
+    my $dev         = var_base $physical;
    my $base        = uc $dev;
    my $realm = '';

@ -1282,7 +1282,7 @@ sub process_providers( $ ) {
    for ( grep interface_is_optional( $_ ) && ! $provider_interfaces{ $_ }, all_real_interfaces ) {
 	#
 	#               TABLE             NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY
-	$currentline =  chain_base($_) ." 0      -    -         $_        -       -       -";
+	$currentline =  var_base($_) ." 0      -    -         $_        -       -       -";
 	#
 	$pseudoproviders += process_a_provider(1);
    }
@ -1732,7 +1732,7 @@ sub handle_optional_interfaces( $ ) {
 	#
 	# Clear the '_IS_USABLE' variables
 	#
-	emit( join( '_', 'SW', uc chain_base( get_physical( $_ ) ) , 'IS_USABLE=' ) ) for @$interfaces;
+	emit( join( '_', 'SW', uc var_base( get_physical( $_ ) ) , 'IS_USABLE=' ) ) for @$interfaces;

 	if ( $wildcards ) {
 	    #
@ -1752,7 +1752,7 @@ sub handle_optional_interfaces( $ ) {
 	for my $interface ( grep $provider_interfaces{$_}, @$interfaces ) {
 	    my $provider    = $provider_interfaces{$interface};
 	    my $physical    = get_physical $interface;
-	    my $base        = uc chain_base( $physical );
+	    my $base        = uc var_base( $physical );
 	    my $providerref = $providers{$provider};

 	    emit( "$physical)" ), push_indent if $wildcards;
@ -1773,7 +1773,7 @@ sub handle_optional_interfaces( $ ) {

 	for my $interface ( grep ! $provider_interfaces{$_}, @$interfaces ) {
 	    my $physical    = get_physical $interface;
-	    my $base        = uc chain_base( $physical );
+	    my $base        = uc var_base( $physical );
 	    my $case        = $physical;
 	    my $wild        = $case =~ s/\+$/*/;

@ -1861,7 +1861,7 @@ sub handle_stickiness( $ ) {

 	for my $providerref ( @routemarked_providers ) {
 	    my $interface = $providerref->{physical};
-	    my $base      = uc chain_base $interface;
+	    my $base      = uc var_base $interface;
 	    my $mark      = $providerref->{mark};

 	    for ( grep rule_target($_) eq 'sticky', @{$tcpreref->{rules}} ) {
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@ -823,7 +823,7 @@ sub process_simple_device() {
    fatal_error "Unknown interface( $device )" unless known_interface $device;

    my $physical = physical_name $device;
-    my $dev      = chain_base( $physical );
+    my $dev      = var_base( $physical );

    push @tcdevices, $device;

@ -1932,7 +1932,7 @@ sub process_traffic_shaping() {

 	unless ( $config{TC_ENABLED} eq 'Shared' ) {

-	    my $dev = chain_base( $device );
+	    my $dev = var_base( $device );

 	    emit( '',
 		  '#',
@ -2170,7 +2170,7 @@ sub setup_traffic_shaping() {

    for my $device ( @tcdevices ) {
 	my $interfaceref = known_interface( $device );
-	my $dev          = chain_base( $interfaceref ? $interfaceref->{physical} : $device );
+	my $dev          = var_base( $interfaceref ? $interfaceref->{physical} : $device );

 	emit "setup_${dev}_tc";
    }
--- a/Shorewall/Perl/Shorewall/Zones.pm
+++ b/Shorewall/Perl/Shorewall/Zones.pm
@ -62,7 +62,7 @@ our @EXPORT = ( qw( NOTHING
 		    off_firewall_zones
 		    non_firewall_zones
 		    single_interface
-		    chain_base
+		    var_base
 		    validate_interfaces_file
 		    all_interfaces
 		    all_real_interfaces
@ -897,9 +897,9 @@ sub is_a_bridge( $ ) {
 #
 # Transform the passed interface name into a legal shell variable name.
 #
-sub chain_base($) {
-    my $chain = $_[0];
-    my $name  = $basemap{$chain};
+sub var_base($) {
+    my $var = $_[0];
+    my $name  = $basemap{$var};
    #
    # Return existing mapping, if any
    #
@ -907,31 +907,31 @@ sub chain_base($) {
    #
    # Remember initial value
    #
-    my $key = $chain;
+    my $key = $var;
    #
    # Handle VLANs and wildcards
    #
-    $chain =~ s/\+$//;
-    $chain =~ tr/./_/;
+    $var =~ s/\+$/_plus/;
+    $var =~ tr/./_/;

-    if ( $chain eq '' || $chain =~ /^[0-9]/ || $chain =~ /[^\w]/ ) {
+    if ( $var eq '' || $var =~ /^[0-9]/ || $var =~ /[^\w]/ ) {
 	#
 	# Must map. Remove all illegal characters
 	#
-	$chain =~ s/[^\w]//g;
+	$var =~ s/[^\w]//g;
 	#
 	# Prefix with if_ if it begins with a digit
 	#
-	$chain = join( '' , 'if_', $chain ) if $chain =~ /^[0-9]/;
+	$var = join( '' , 'if_', $var ) if $var =~ /^[0-9]/;
 	#
 	# Create a new unique name
 	#
-	1 while $mapbase{$name = join ( '_', $chain, ++$baseseq )};
+	1 while $mapbase{$name = join ( '_', $var, ++$baseseq )};
    } else {
 	#
 	# We'll store the identity mapping if it is unique
 	#
-	$chain = join( '_', $key , ++$baseseq ) while $mapbase{$name = $chain};
+	$var = join( '_', $key , ++$baseseq ) while $mapbase{$name = $var};
    }
    #
    # Store the reverse mapping
@ -946,9 +946,9 @@ sub chain_base($) {
 #
 # This is a slightly relaxed version of the above that allows '-' in the generated name.
 #
-sub chain_base1($) {
-    my $chain = $_[0];
-    my $name  = $basemap1{$chain};
+sub var_base1($) {
+    my $var = $_[0];
+    my $name  = $basemap1{$var};
    #
    # Return existing mapping, if any
    #
@ -956,31 +956,31 @@ sub chain_base1($) {
    #
    # Remember initial value
    #
-    my $key = $chain;
+    my $key = $var;
    #
    # Handle VLANs and wildcards
    #
-    $chain =~ s/\+$//;
-    $chain =~ tr/./_/;
+    $var =~ s/\+$//;
+    $var =~ tr/./_/;

-    if ( $chain eq '' || $chain =~ /^[0-9]/ || $chain =~ /[^-\w]/ ) {
+    if ( $var eq '' || $var =~ /^[0-9]/ || $var =~ /[^-\w]/ ) {
 	#
 	# Must map. Remove all illegal characters
 	#
-	$chain =~ s/[^\w]//g;
+	$var =~ s/[^\w]//g;
 	#
 	# Prefix with if_ if it begins with a digit
 	#
-	$chain = join( '' , 'if_', $chain ) if $chain =~ /^[0-9]/;
+	$var = join( '' , 'if_', $var ) if $var =~ /^[0-9]/;
 	#
 	# Create a new unique name
 	#
-	1 while $mapbase1{$name = join ( '_', $chain, ++$baseseq )};
+	1 while $mapbase1{$name = join ( '_', $var, ++$baseseq )};
    } else {
 	#
 	# We'll store the identity mapping if it is unique
 	#
-	$chain = join( '_', $key , ++$baseseq ) while $mapbase1{$name = $chain};
+	$var = join( '_', $key , ++$baseseq ) while $mapbase1{$name = $var};
    }
    #
    # Store the reverse mapping
@ -1242,7 +1242,7 @@ sub process_interface( $$ ) {

 	if ( $netsref eq 'dynamic' ) {
 	    my $ipset = $family == F_IPV4 ? "${zone}" : "6_${zone}";
-	    $ipset = join( '_', $ipset, chain_base1( $physical ) ) unless $zoneref->{options}{in_out}{dynamic_shared};	    
+	    $ipset = join( '_', $ipset, var_base1( $physical ) ) unless $zoneref->{options}{in_out}{dynamic_shared};	    
 	    $netsref = [ "+$ipset" ];
 	    $ipsets{$ipset} = 1;
 	}
@ -1277,7 +1277,7 @@ sub process_interface( $$ ) {
 						       options    => \%options ,
 						       zone       => '',
 						       physical   => $physical ,
-						       base       => chain_base( $physical ),
+						       base       => var_base( $physical ),
 						       zones      => {},
 						     };

@ -1401,7 +1401,7 @@ sub known_interface($)
 						   name     => $i ,
 						   number   => $interfaceref->{number} ,
 						   physical => $physical ,
-						   base     => chain_base( $physical ) ,
+						   base     => var_base( $physical ) ,
 						 };
 	    }
 	}
@ -1748,7 +1748,7 @@ sub verify_required_interfaces( $ ) {
 	    my $physical = get_physical $interface;

 	    if ( $physical =~ /\+$/ ) {
-		my $base = uc chain_base $physical;
+		my $base = uc var_base $physical;

 		$physical =~ s/\+$/*/;

@ -1895,7 +1895,7 @@ sub process_host( ) {
 	my $set = $family == F_IPV4 ? "${zone}" : "6_${zone}";
 	
 	unless ( $zoneref->{options}{in_out}{dynamic_shared} ) {
-	    my $physical = chain_base1( physical_name $interface );
+	    my $physical = var_base1( physical_name $interface );
 	    $set = join( '_', $set, $physical );
 	}