extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-24 08:33:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Consolidate definitions of rule exception command handling

Browse Source
This commit is contained in:
Tom Eastep 2010-12-13 17:29:22 -08:00
parent 0ec68c7407
commit 5b0d8922e7
2 changed files with 10 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
Shorewall/Perl/Shorewall/Actions.pm
View File

@ -42,6 +42,7 @@ our @EXPORT = qw(
process_actions3 process_actions3
process_rule_common process_rule_common
$rule_commands
%usedactions %usedactions
%default_actions %default_actions
); );
@ -78,22 +79,14 @@ our $family;
our @builtins; our @builtins;
# #
# Commands that can be embedded in a macro file and how many total tokens on the line (0 => unlimited). # Commands that can be embedded in a basic rule and how many total tokens on the line (0 => unlimited).
# #
our $macro_commands = { COMMENT => 0, FORMAT => 2 }; our $rule_commands = { COMMENT => 0, FORMAT => 2 };
use constant { MAX_MACRO_NEST_LEVEL => 5 }; use constant { MAX_MACRO_NEST_LEVEL => 5 };
our $macro_nest_level; our $macro_nest_level;
#
# When splitting a line in the rules file, don't pad out the columns with '-' if the first column contains one of these
#
my %rules_commands = ( COMMENT => 0,
SECTION => 2 );
# #
# Rather than initializing globals in an INIT block or during declaration, # Rather than initializing globals in an INIT block or during declaration,
# we initialize them in a function. This is done for two reasons: # we initialize them in a function. This is done for two reasons:
@ -454,7 +447,7 @@ sub process_macro1 ( $$ ) {
push_open( $macrofile ); push_open( $macrofile );
while ( read_a_line ) { while ( read_a_line ) {
my ( $mtarget, @rest ) = split_line1 1, 13, 'macro file', $macro_commands; my ( $mtarget, @rest ) = split_line1 1, 13, 'macro file', $rule_commands;
next if $mtarget eq 'COMMENT' || $mtarget eq 'FORMAT'; next if $mtarget eq 'COMMENT' || $mtarget eq 'FORMAT';
@ -583,7 +576,7 @@ sub process_actions1() {
while ( read_a_line ) { while ( read_a_line ) {
my ($wholetarget, @rest ) = split_line1 1, 13, 'action file' , $macro_commands; my ($wholetarget, @rest ) = split_line1 1, 13, 'action file' , $rule_commands;
process_action1( $action, $wholetarget ) unless $wholetarget eq 'FORMAT'; process_action1( $action, $wholetarget ) unless $wholetarget eq 'FORMAT';
@ -638,10 +631,10 @@ sub process_action3( $$$$$ ) {
my ($target, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers ); my ($target, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers );
if ( $format == 1 ) { if ( $format == 1 ) {
($target, $source, $dest, $proto, $ports, $sports, $rate, $user, $mark ) = split_line1 1, 9, 'action file', $macro_commands; ($target, $source, $dest, $proto, $ports, $sports, $rate, $user, $mark ) = split_line1 1, 9, 'action file', $rule_commands;
$origdest = $connlimit = $time = $headers = '-'; $origdest = $connlimit = $time = $headers = '-';
} else { } else {
($target, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers ) = split_line1 1, 13, 'action file', $macro_commands; ($target, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers ) = split_line1 1, 13, 'action file', $rule_commands;
} }
if ( $target eq 'COMMENT' ) { if ( $target eq 'COMMENT' ) {
@ -864,10 +857,10 @@ sub process_macro ( $$$$$$$$$$$$$$$$$ ) {
my ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $morigdest, $mrate, $muser, $mmark, $mconnlimit, $mtime, $mheaders ); my ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $morigdest, $mrate, $muser, $mmark, $mconnlimit, $mtime, $mheaders );
if ( $format == 1 ) { if ( $format == 1 ) {
( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser ) = split_line1 1, 8, 'macro file', $macro_commands; ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $mrate, $muser ) = split_line1 1, 8, 'macro file', $rule_commands;
( $morigdest, $mmark, $mconnlimit, $mtime, $mheaders ) = qw/- - - - -/; ( $morigdest, $mmark, $mconnlimit, $mtime, $mheaders ) = qw/- - - - -/;
} else { } else {
( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $morigdest, $mrate, $muser, $mmark, $mconnlimit, $mtime, $mheaders ) = split_line1 1, 13, 'macro file', $macro_commands; ( $mtarget, $msource, $mdest, $mproto, $mports, $msports, $morigdest, $mrate, $muser, $mmark, $mconnlimit, $mtime, $mheaders ) = split_line1 1, 13, 'macro file', $rule_commands;
} }
if ( $mtarget eq 'COMMENT' ) { if ( $mtarget eq 'COMMENT' ) {

9
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -50,13 +50,6 @@ our $VERSION = '4.4_16';
our $family; our $family;
#
# When splitting a line in the rules file, don't pad out the columns with '-' if the first column contains one of these
#
my %rules_commands = ( COMMENT => 0,
SECTION => 2 );
# #
# Rather than initializing globals in an INIT block or during declaration, # Rather than initializing globals in an INIT block or during declaration,
# we initialize them in a function. This is done for two reasons: # we initialize them in a function. This is done for two reasons:
@ -976,7 +969,7 @@ sub build_zone_list( $$$\$\$ ) {
# Process a Record in the rules file # Process a Record in the rules file
# #
sub process_rule ( ) { sub process_rule ( ) {
my ( $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user, $mark, $connlimit, $time, $headers ) = split_line1 1, 13, 'rules file', \%rules_commands; my ( $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user, $mark, $connlimit, $time, $headers ) = split_line1 1, 13, 'rules file', $rule_commands;
process_comment, return 1 if $target eq 'COMMENT'; process_comment, return 1 if $target eq 'COMMENT';
process_section( $source ), return 1 if $target eq 'SECTION'; process_section( $source ), return 1 if $target eq 'SECTION';