Rename %env to %globals

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5773 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-03-31 17:44:16 +00:00
parent 505f1ba3e0
commit 5abdc94ff6
8 changed files with 61 additions and 59 deletions

View File

@ -378,7 +378,7 @@ sub process_action3( $$$$$ ) {
}
my $actionfile = find_file "action.$action";
my $standard = ( $actionfile =~ /^$env{SHAREDIR}/ );
my $standard = ( $actionfile =~ /^$globals{SHAREDIR}/ );
fatal_error "Missing Action File: $actionfile" unless -f $actionfile;
@ -420,7 +420,7 @@ sub process_action3( $$$$$ ) {
push_open $fn;
my $standard = ( $fn =~ /^($env{SHAREDIR})/ );
my $standard = ( $fn =~ /^($globals{SHAREDIR})/ );
while ( read_a_line ) {

View File

@ -431,7 +431,7 @@ sub new_chain($$)
my @rules;
$ch{name} = $chain;
$ch{log} = 1 if $env{LOGRULENUMBERS};
$ch{log} = 1 if $globals{LOGRULENUMBERS};
$ch{rules} = \@rules;
$ch{table} = $table;
$chain_table{$table}{$chain} = \%ch;
@ -937,7 +937,7 @@ sub log_rule_limit( $$$$$$$$ ) {
my $prefix;
$limit = $env{LOGLIMIT} unless $limit;
$limit = $globals{LOGLIMIT} unless $limit;
if ( $tag ) {
if ( $config{LOGTAGONLY} ) {
@ -950,7 +950,7 @@ sub log_rule_limit( $$$$$$$$ ) {
$tag = '' unless defined $tag;
}
if ( $env{LOGRULENUMBERS} ) {
if ( $globals{LOGRULENUMBERS} ) {
$prefix = (sprintf $config{LOGFORMAT} , $chain , $chainref->{log}++, $disposition ) . $tag;
} else {
$prefix = (sprintf $config{LOGFORMAT} , $chain , $disposition) . $tag;
@ -962,9 +962,9 @@ sub log_rule_limit( $$$$$$$$ ) {
}
if ( $level eq 'ULOG' ) {
$prefix = "-j ULOG $env{LOGPARMS} --ulog-prefix \"$prefix\" ";
$prefix = "-j ULOG $globals{LOGPARMS} --ulog-prefix \"$prefix\" ";
} else {
$prefix = "-j LOG $env{LOGPARMS} --log-level $level --log-prefix \"$prefix\" ";
$prefix = "-j LOG $globals{LOGPARMS} --log-level $level --log-prefix \"$prefix\" ";
}
if ( $command eq 'add' ) {
@ -977,7 +977,7 @@ sub log_rule_limit( $$$$$$$$ ) {
sub log_rule( $$$$ ) {
my ( $level, $chainref, $disposition, $predicates ) = @_;
log_rule_limit $level, $chainref, $chainref->{name} , $disposition, $env{LOGLIMIT}, '', 'add', $predicates;
log_rule_limit $level, $chainref, $chainref->{name} , $disposition, $globals{LOGLIMIT}, '', 'add', $predicates;
}
#

View File

@ -47,7 +47,7 @@ our @EXPORT = qw(
generate_aux_config
%config
%env
%globals
%capabilities );
our @EXPORT_OK = ();
our @VERSION = 1.00;
@ -55,12 +55,12 @@ our @VERSION = 1.00;
#
# Misc Globals
#
our %env = ( SHAREDIR => '/usr/share/shorewall' ,
CONFDIR => '/etc/shorewall',
SHAREDIRPL => '/usr/share/shorewall-perl/',
LOGPARMS => '',
VERSION => '3.9.0-1',
);
our %globals = ( SHAREDIR => '/usr/share/shorewall' ,
CONFDIR => '/etc/shorewall',
SHAREDIRPL => '/usr/share/shorewall-perl/',
LOGPARMS => '',
VERSION => '3.9.0-1',
);
#
# From shorewall.conf file
@ -266,7 +266,7 @@ sub find_file($)
return $file if -f $file;
}
"$env{CONFDIR}/$filename";
"$globals{CONFDIR}/$filename";
}
#
@ -468,9 +468,11 @@ sub require_capability( $$ ) {
#
# - Read the shorewall.conf file
# - Read the capabilities file created by the compiler front-end
# - establish global hashes %config , %env and %capabilities
# - establish global hashes %config , %globals and %capabilities
#
sub get_configuration() {
sub get_configuration( $ ) {
my $export = $_[0];
@config_path = split /:/, $ENV{CONFIG_PATH};
@ -537,16 +539,16 @@ sub get_configuration() {
fatal_error "$file does not exist!";
}
$env{ORIGINAL_POLICY_MATCH} = $capabilities{POLICY_MATCH};
$globals{ORIGINAL_POLICY_MATCH} = $capabilities{POLICY_MATCH};
default 'MODULE_PREFIX', 'o gz ko o.gz ko.gz';
if ( $config{LOGRATE} || $config{LOGBURST} ) {
$env{LOGLIMIT} = '-m limit';
$env{LOGLIMIT} .= " --limit $config{LOGRATE}" if $config{LOGRATE};
$env{LOGLIMIT} .= " --limit-burst $config{LOGBURST}" if $config{LOGBURST};
$globals{LOGLIMIT} = '-m limit';
$globals{LOGLIMIT} .= " --limit $config{LOGRATE}" if $config{LOGRATE};
$globals{LOGLIMIT} .= " --limit-burst $config{LOGBURST}" if $config{LOGBURST};
} else {
$env{LOGLIMIT} = '';
$globals{LOGLIMIT} = '';
}
if ( $config{IP_FORWARDING} ) {
@ -576,11 +578,11 @@ sub get_configuration() {
default_yes_no 'DISABLE_IPV6' , '';
default_yes_no 'DYNAMIC_ZONES' , '';
fatal_error "DYNAMIC_ZONES=Yes is incompatible with the -e option" if $config{DYNAMIC_ZONES} and $ENV{EXPORT};
fatal_error "DYNAMIC_ZONES=Yes is incompatible with the -e option" if $config{DYNAMIC_ZONES} && $export;
default_yes_no 'BRIDGING' , '';
fatal_error 'BRIDGING=Yes is not supported by Shorewall-perl' . $env{VERSION} if $config{BRIDGING};
fatal_error 'BRIDGING=Yes is not supported by Shorewall-perl' . $globals{VERSION} if $config{BRIDGING};
default_yes_no 'STARTUP_ENABLED' , 'Yes';
default_yes_no 'DELAYBLACKLISTLOAD' , '';
@ -588,11 +590,11 @@ sub get_configuration() {
default_yes_no 'RFC1918_STRICT' , '';
default_yes_no 'SAVE_IPSETS' , '';
warning_message 'SAVE_IPSETS=Yes is not supported by Shorewall-perl ' . $env{VERSION} if $config{SAVE_IPSETS};
warning_message 'SAVE_IPSETS=Yes is not supported by Shorewall-perl ' . $globals{VERSION} if $config{SAVE_IPSETS};
default_yes_no 'MAPOLDACTIONS' , '';
warning_message 'MAPOLDACTIONS=Yes is not supported by Shorewall-perl ' . $env{VERSION} if $config{MAPOLDACTIONS};
warning_message 'MAPOLDACTIONS=Yes is not supported by Shorewall-perl ' . $globals{VERSION} if $config{MAPOLDACTIONS};
default_yes_no 'FASTACCEPT' , '';
default_yes_no 'IMPLICIT_CONTINUE' , '';
@ -608,14 +610,14 @@ sub get_configuration() {
my $val;
$env{MACLIST_TARGET} = 'reject';
$globals{MACLIST_TARGET} = 'reject';
if ( $val = $config{MACLIST_DISPOSITION} ) {
unless ( $val eq 'REJECT' ) {
if ( $val eq 'DROP' ) {
$env{MACLIST_TARGET} = 'DROP';
$globals{MACLIST_TARGET} = 'DROP';
} elsif ( $val eq 'ACCEPT' ) {
$env{MACLIST_TARGET} = 'RETURN';
$globals{MACLIST_TARGET} = 'RETURN';
} else {
fatal_error "Invalid value ( $config{MACLIST_DISPOSITION} ) for MACLIST_DISPOSITION"
}
@ -640,7 +642,7 @@ sub get_configuration() {
$config{TCP_FLAGS_DISPOSITION} = 'DROP';
}
$env{TC_SCRIPT} = '';
$globals{TC_SCRIPT} = '';
if ( $val = "\L$config{TC_ENABLED}" ) {
if ( $val eq 'yes' ) {
@ -670,14 +672,14 @@ sub get_configuration() {
fatal_error "Invalid IPSECFILE value ($config{IPSECFILE}" unless $config{IPSECFILE} eq 'zones';
$env{MARKING_CHAIN} = $config{MARK_IN_FORWARD_CHAIN} ? 'tcfor' : 'tcpre';
$globals{MARKING_CHAIN} = $config{MARK_IN_FORWARD_CHAIN} ? 'tcfor' : 'tcpre';
if ( $val = $config{LOGFORMAT} ) {
my $result;
eval {
if ( $val =~ /%d/ ) {
$env{LOGRULENUMBERS} = 'Yes';
$globals{LOGRULENUMBERS} = 'Yes';
$result = sprintf "$val", 'fooxx2barxx', 1, 'ACCEPT';
} else {
$result = sprintf "$val", 'fooxx2barxx', 'ACCEPT';
@ -689,10 +691,10 @@ sub get_configuration() {
fatal_error "LOGFORMAT string is longer than 29 characters: \"$val\""
if length $result > 29;
$env{MAXZONENAMELENGTH} = int ( 5 + ( ( 29 - (length $result ) ) / 2) );
$globals{MAXZONENAMELENGTH} = int ( 5 + ( ( 29 - (length $result ) ) / 2) );
} else {
$env{LOGFORMAT}='Shorewall:%s:%s:';
$env{MAXZONENAMELENGTH} = 5;
$globals{LOGFORMAT}='Shorewall:%s:%s:';
$globals{MAXZONENAMELENGTH} = 5;
}
}
@ -704,7 +706,7 @@ sub propagateconfig() {
}
for my $option ( @Shorewall::Config::propagateenv ) {
my $value = $env{$option} || '';
my $value = $globals{$option} || '';
emit "$option=\"$value\"";
}
}
@ -712,7 +714,7 @@ sub propagateconfig() {
sub append_file( $ ) {
my $user_exit = find_file $_[0];
unless ( $user_exit =~ /$env{SHAREDIR}/ ) {
unless ( $user_exit =~ /$globals{SHAREDIR}/ ) {
if ( -f $user_exit ) {
save_progress_message "Processing $user_exit ...";
copy1 $user_exit;
@ -757,7 +759,7 @@ sub generate_aux_config() {
create_temp_aux_config;
emit( "#\n# Shorewall auxiliary configuration file created by Shorewall-perl version " . $env{VERSION} . ' - ' . ( localtime ) . "\n#" );
emit( "#\n# Shorewall auxiliary configuration file created by Shorewall-perl version " . $globals{VERSION} . ' - ' . ( localtime ) . "\n#" );
for my $option qw(VERBOSITY LOGFILE LOGFORMAT IPTABLES PATH SHOREWALL_SHELL SUBSYSLOCK RESTOREFILE SAVE_IPSETS) {
conditionally_add_option $option;

View File

@ -105,7 +105,7 @@ sub setup_one_masq($$$$$$)
# Handle IPSEC options, if any
#
if ( $ipsec ne '-' ) {
fatal_error "Non-empty IPSEC column requires policy match support in your kernel and iptables" unless $env{ORIGINAL_POLICY_MATCH};
fatal_error "Non-empty IPSEC column requires policy match support in your kernel and iptables" unless $globals{ORIGINAL_POLICY_MATCH};
if ( $ipsec =~ /^yes$/i ) {
$rule .= '-m policy --pol ipsec --dir out ';

View File

@ -268,7 +268,7 @@ sub setup_blacklist() {
if ( $level ) {
my $chainref = new_standard_chain 'blacklog';
log_rule_limit( $level , $chainref , 'blacklst' , $disposition , "$env{LOGLIMIT}" , '', 'add', '' );
log_rule_limit( $level , $chainref , 'blacklst' , $disposition , "$globals{LOGLIMIT}" , '', 'add', '' );
add_rule $chainref, "-j $target" ;
@ -467,7 +467,7 @@ sub add_common_rules() {
my $rejectref = new_standard_chain 'reject';
$level = $env{BLACKLIST_LOG_LEVEL} || 'info';
$level = $globals{BLACKLIST_LOG_LEVEL} || 'info';
add_rule_pair new_standard_chain( 'logdrop' ), ' ' , 'DROP' , $level ;
add_rule_pair new_standard_chain( 'logreject' ), ' ' , 'REJECT' , $level ;
@ -554,13 +554,13 @@ sub add_common_rules() {
if ( $config{TCP_FLAGS_LOG_LEVEL} ) {
my $logflagsref = new_standard_chain 'logflags';
my $savelogparms = $env{LOGPARMS};
my $savelogparms = $globals{LOGPARMS};
$env{LOGPARMS} = "$env{LOGPARMS} --log-ip-options" unless $config{TCP_FLAGS_LOG_LEVEL} eq 'ULOG';
$globals{LOGPARMS} = "$globals{LOGPARMS} --log-ip-options" unless $config{TCP_FLAGS_LOG_LEVEL} eq 'ULOG';
log_rule $config{TCP_FLAGS_LOG_LEVEL} , $logflagsref , $config{TCP_FLAGS_DISPOSITION}, '';
$env{LOGPARMS} = $savelogparms;
$globals{LOGPARMS} = $savelogparms;
if ( $config{TCP_FLAGS_DISPOSITION} eq 'REJECT' ) {
add_rule $logflagsref , '-j REJECT --reject-with tcp-reset';
@ -732,7 +732,7 @@ sub setup_mac_lists( $ ) {
}
}
} else {
my $target = $env{MACLIST_TARGET};
my $target = $globals{MACLIST_TARGET};
my $level = $config{MACLIST_LOG_LEVEL};
my $disposition = $config{MACLIST_DISPOSITION};
@ -770,7 +770,7 @@ sub process_rule1 ( $$$$$$$$$ );
sub process_macro ( $$$$$$$$$$$ ) {
my ($macrofile, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user) = @_;
my $standard = ( $macrofile =~ /^($env{SHAREDIR})/ );
my $standard = ( $macrofile =~ /^($globals{SHAREDIR})/ );
progress_message "..Expanding Macro $macrofile...";

View File

@ -125,7 +125,7 @@ sub process_tc_rule( $$$$$$$$$$ ) {
( $mark, my $designator ) = split /:/, $mark;
my $chain = $env{MARKING_CHAIN};
my $chain = $globals{MARKING_CHAIN};
my $target = 'MARK --set-mark';
my $tcsref;
my $connmark = 0;

View File

@ -207,7 +207,7 @@ sub determine_zones()
}
}
fatal_error "Invalid zone name: $zone" unless "\L$zone" =~ /^[a-z]\w*$/ && length $zone <= $env{MAXZONENAMELENGTH};
fatal_error "Invalid zone name: $zone" unless "\L$zone" =~ /^[a-z]\w*$/ && length $zone <= $globals{MAXZONENAMELENGTH};
fatal_error "Invalid zone name: $zone" if $zone =~ /^all2|2all$/;
fatal_error( "Duplicate zone name: $zone\n" ) if $zones{$zone};

View File

@ -75,11 +75,11 @@ BEGIN {
#
sub generate_script_1 {
copy $env{SHAREDIRPL} . 'prog.header';
copy $globals{SHAREDIRPL} . 'prog.header';
my $date = localtime;
emit "#\n# Compiled firewall script generated by Shorewall-perl $env{VERSION} - $date\n#";
emit "#\n# Compiled firewall script generated by Shorewall-perl $globals{VERSION} - $date\n#";
if ( $export ) {
emitj ( 'SHAREDIR=/usr/share/shorewall-lite',
@ -88,7 +88,7 @@ sub generate_script_1 {
'PRODUCT="Shorewall Lite"'
);
copy "$env{SHAREDIR}/lib.base";
copy "$globals{SHAREDIR}/lib.base";
emitj ( '################################################################################',
'# End of /usr/share/shorewall/lib.base',
@ -147,7 +147,7 @@ sub generate_script_1 {
'[ -n "${VERBOSE:=0}" ]',
qq([ -n "\${RESTOREFILE:=$config{RESTOREFILE}}" ]),
'[ -n "$LOGFORMAT" ] || LOGFORMAT="Shorewall:%s:%s:"',
qq(VERSION="$env{VERSION}") ,
qq(VERSION="$globals{VERSION}") ,
qq(PATH="$config{PATH}") ,
'TERMINATOR=fatal_error'
);
@ -478,7 +478,7 @@ EOF
#
sub generate_script_2 () {
copy $env{SHAREDIRPL} . 'prog.functions';
copy $globals{SHAREDIRPL} . 'prog.functions';
emitj( '#',
'# Setup Routing and Traffic Shaping',
@ -495,7 +495,7 @@ sub generate_script_2 () {
if ( $export ) {
my $mf = find_file 'modules';
if ( $mf ne "$env{SHAREDIR}/module" && -f $mf ) {
if ( $mf ne "$globals{SHAREDIR}/module" && -f $mf ) {
emitj( 'echo MODULESDIR="$MODULESDIR" > ${VARDIR}/.modulesdir',
'cat > ${VARDIR}/.modules << EOF'
@ -628,7 +628,7 @@ EOF
emit "}\n";
copy $env{SHAREDIRPL} . 'prog.footer';
copy $globals{SHAREDIRPL} . 'prog.footer';
}
#
@ -643,8 +643,8 @@ sub compiler( $ ) {
report_capabilities if $verbose > 1;
require_capability( 'MULTIPORT' , "Shorewall-perl $env{VERSION}" );
require_capability( 'ADDRTYPE' , "Shorewall-perl $env{VERSION}" );
require_capability( 'MULTIPORT' , "Shorewall-perl $globals{VERSION}" );
require_capability( 'ADDRTYPE' , "Shorewall-perl $globals{VERSION}" );
require_capability( 'RECENT_MATCH' , 'MACLIST_TTL' ) if $config{MACLIST_TTL};
require_capability( 'XCONNMARK' , 'HIGH_ROUTE_MARKS=Yes' ) if $config{HIGH_ROUTE_MARKS};
require_capability( 'MANGLE_ENABLED' , 'Traffic Shaping' ) if $config{TC_ENABLED};
@ -795,7 +795,7 @@ sub compiler( $ ) {
#
# Get shorewall.conf and capabilities.
#
get_configuration;
get_configuration( $export );
#
# Compile/Check the configuration.
#