From 63ec936f2173d451337423b350c64f4f5f001768 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sat, 4 Mar 2017 19:05:33 -0800 Subject: [PATCH] Remove determinism sorts --- Shorewall/Perl/Shorewall/Accounting.pm | 4 +-- Shorewall/Perl/Shorewall/Chains.pm | 42 +++++++++++++------------- Shorewall/Perl/Shorewall/Misc.pm | 22 +++++++------- Shorewall/Perl/Shorewall/Providers.pm | 6 ++-- Shorewall/Perl/Shorewall/Proxyarp.pm | 4 +-- Shorewall/Perl/Shorewall/Tc.pm | 4 +-- Shorewall/Perl/Shorewall/Zones.pm | 16 +++++----- 7 files changed, 49 insertions(+), 49 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Accounting.pm b/Shorewall/Perl/Shorewall/Accounting.pm index 498611b73..96ff524a5 100644 --- a/Shorewall/Perl/Shorewall/Accounting.pm +++ b/Shorewall/Perl/Shorewall/Accounting.pm @@ -519,9 +519,9 @@ sub setup_accounting() { while ( $chainswithjumps && $progress ) { $progress = 0; - for my $chain1 ( sort keys %accountingjumps ) { + for my $chain1 ( keys %accountingjumps ) { if ( keys %{$accountingjumps{$chain1}} ) { - for my $chain2 ( sort keys %{$accountingjumps{$chain1}} ) { + for my $chain2 ( keys %{$accountingjumps{$chain1}} ) { delete $accountingjumps{$chain1}{$chain2}, $progress = 1 unless $accountingjumps{$chain2}; } } else { diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 08b0291d5..1f4067533 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -1223,7 +1223,7 @@ sub merge_rules( $$$ ) { } } - for my $option ( grep ! $opttype{$_} || $_ eq 'nfacct' || $_ eq 'recent', sort { $b cmp $a } keys %$fromref ) { + for my $option ( grep ! $opttype{$_} || $_ eq 'nfacct' || $_ eq 'recent', keys %$fromref ) { set_rule_option( $toref, $option, $fromref->{$option} ); } @@ -1239,7 +1239,7 @@ sub merge_rules( $$$ ) { set_rule_option( $toref, 'policy', $fromref->{policy} ) if exists $fromref->{policy}; - for my $option ( grep( get_opttype( $_, 0 ) == EXPENSIVE, sort keys %$fromref ) ) { + for my $option ( grep( get_opttype( $_, 0 ) == EXPENSIVE, keys %$fromref ) ) { set_rule_option( $toref, $option, $fromref->{$option} ); } @@ -3691,7 +3691,7 @@ sub optimize_level8( $$$ ) { } if ( $progress ) { - my @rename = sort keys %rename; + my @rename = keys %rename; # # First create aliases for each renamed chain and change the {name} member. # @@ -6980,13 +6980,13 @@ sub set_global_variables( $$ ) { if ( $conditional ) { my ( $interface, @interfaces ); - @interfaces = sort keys %interfaceaddr; + @interfaces = keys %interfaceaddr; for $interface ( @interfaces ) { emit( qq([ -z "\$interface" -o "\$interface" = "$interface" ] && $interfaceaddr{$interface}) ); } - @interfaces = sort keys %interfacegateways; + @interfaces = keys %interfacegateways; for $interface ( @interfaces ) { emit( qq(if [ -z "\$interface" -o "\$interface" = "$interface" ]; then) ); @@ -6996,36 +6996,36 @@ sub set_global_variables( $$ ) { emit( qq(fi\n) ); } - @interfaces = sort keys %interfacemacs; + @interfaces = keys %interfacemacs; for $interface ( @interfaces ) { emit( qq([ -z "\$interface" -o "\$interface" = "$interface" ] && $interfacemacs{$interface}) ); } } else { - emit $_ for sort values %interfaceaddr; - emit "$_\n" for sort values %interfacegateways; - emit $_ for sort values %interfacemacs; + emit $_ for values %interfaceaddr; + emit "$_\n" for values %interfacegateways; + emit $_ for values %interfacemacs; } if ( $setall ) { - emit $_ for sort values %interfaceaddrs; - emit $_ for sort values %interfacenets; + emit $_ for values %interfaceaddrs; + emit $_ for values %interfacenets; unless ( have_capability( 'ADDRTYPE' ) ) { if ( $family == F_IPV4 ) { emit 'ALL_BCASTS="$(get_all_bcasts) 255.255.255.255"'; - emit $_ for sort values %interfacebcasts; + emit $_ for values %interfacebcasts; } else { emit 'ALL_ACASTS="$(get_all_acasts)"'; - emit $_ for sort values %interfaceacasts; + emit $_ for values %interfaceacasts; } } } } sub verify_address_variables() { - for my $variable ( sort keys %address_variables ) { + for my $variable ( keys %address_variables ) { my $type = $address_variables{$variable}; my $address = "\$$variable"; @@ -7942,7 +7942,7 @@ sub add_interface_options( $ ) { # # Generate a digest for each chain # - for my $chainref ( sort { $a->{name} cmp $b->{name} } values %input_chains, values %forward_chains ) { + for my $chainref ( values %input_chains, values %forward_chains ) { my $digest = ''; assert( $chainref ); @@ -7961,7 +7961,7 @@ sub add_interface_options( $ ) { # Insert jumps to the interface chains into the rules chains # for my $zone1 ( off_firewall_zones ) { - my @input_interfaces = sort keys %{zone_interfaces( $zone1 )}; + my @input_interfaces = keys %{zone_interfaces( $zone1 )}; my @forward_interfaces = @input_interfaces; if ( @input_interfaces > 1 ) { @@ -8047,7 +8047,7 @@ sub add_interface_options( $ ) { for my $zone1 ( firewall_zone, vserver_zones ) { for my $zone2 ( off_firewall_zones ) { my $chainref = $filter_table->{rules_chain( $zone1, $zone2 )}; - my @interfaces = sort keys %{zone_interfaces( $zone2 )}; + my @interfaces = keys %{zone_interfaces( $zone2 )}; my $chain1ref; for my $interface ( @interfaces ) { @@ -8453,7 +8453,7 @@ sub create_save_ipsets() { # $ipsets{$_} = 1 for ( @ipsets, @{$globals{SAVED_IPSETS}} ); - my @sets = sort keys %ipsets; + my @sets = keys %ipsets; emit( '' , ' rm -f $file' , @@ -8629,7 +8629,7 @@ sub create_load_ipsets() { # sub create_nfobjects() { - my @objects = ( sort keys %nfobjects ); + my @objects = ( keys %nfobjects ); if ( @objects ) { if ( $config{NFACCT} ) { @@ -8644,7 +8644,7 @@ sub create_nfobjects() { } } - for ( sort keys %nfobjects ) { + for ( keys %nfobjects ) { emit( qq(if ! qt \$NFACCT get $_; then), qq( \$NFACCT add $_), qq(fi\n) ); @@ -9120,7 +9120,7 @@ sub initialize_switches() { if ( keys %switches ) { emit( 'if [ $COMMAND = start ]; then' ); push_indent; - for my $switch ( sort keys %switches ) { + for my $switch ( keys %switches ) { my $setting = $switches{$switch}; my $file = "/proc/net/nf_condition/$switch"; emit "[ -f $file ] && echo $setting->{setting} > $file"; diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm index ccf836408..1042a8921 100644 --- a/Shorewall/Perl/Shorewall/Misc.pm +++ b/Shorewall/Perl/Shorewall/Misc.pm @@ -127,7 +127,7 @@ sub setup_ecn() } if ( @hosts ) { - my @interfaces = ( sort { interface_number($a) <=> interface_number($b) } keys %interfaces ); + my @interfaces = ( keys %interfaces ); progress_message "$doing ECN control on @interfaces..."; @@ -1297,7 +1297,7 @@ sub setup_mac_lists( $ ) { $maclist_interfaces{ $hostref->[0] } = 1; } - my @maclist_interfaces = ( sort keys %maclist_interfaces ); + my @maclist_interfaces = ( keys %maclist_interfaces ); if ( $phase == 1 ) { @@ -1618,7 +1618,7 @@ sub handle_loopback_traffic() { # Handle conntrack rules # if ( $notrackref->{referenced} ) { - for my $hostref ( sort { $a->{type} cmp $b->{type} } @{defined_zone( $z1 )->{hosts}{ip}{'%vserver%'}} ) { + for my $hostref ( @{defined_zone( $z1 )->{hosts}{ip}{'%vserver%'}} ) { my $exclusion = source_exclusion( $hostref->{exclusions}, $notrackref); my @ipsec_match = match_ipsec_in $z1 , $hostref; @@ -1639,8 +1639,8 @@ sub handle_loopback_traffic() { # my $source_hosts_ref = defined_zone( $z1 )->{hosts}; - for my $typeref ( sort { $a->{type} cmp $b->{type} } values %{$source_hosts_ref} ) { - for my $hostref ( sort { $a->{type} cmp $b->{type} } @{$typeref->{'%vserver%'}} ) { + for my $typeref ( values %{$source_hosts_ref} ) { + for my $hostref ( @{$typeref->{'%vserver%'}} ) { my $exclusion = source_exclusion( $hostref->{exclusions}, $natref); for my $net ( @{$hostref->{hosts}} ) { @@ -1662,7 +1662,7 @@ sub add_interface_jumps { our %input_jump_added; our %output_jump_added; our %forward_jump_added; - my @interfaces = sort grep $_ ne '%vserver%', @_; + my @interfaces = grep $_ ne '%vserver%', @_; my $dummy; my $lo_jump_added = interface_zone( loopback_interface ) && ! get_interface_option( loopback_interface, 'destonly' ); # @@ -1776,7 +1776,7 @@ sub handle_complex_zone( $$ ) { my $type = $zoneref->{type}; my $source_ref = ( $zoneref->{hosts}{ipsec} ) || {}; - for my $interface ( sort { interface_number( $a ) <=> interface_number( $b ) } keys %$source_ref ) { + for my $interface ( keys %$source_ref ) { my $sourcechainref = $filter_table->{forward_chain $interface}; my @interfacematch; my $interfaceref = find_interface $interface; @@ -2288,9 +2288,9 @@ sub generate_matrix() { # # Take care of PREROUTING, INPUT and OUTPUT jumps # - for my $type ( sort keys %$source_hosts_ref ) { + for my $type ( keys %$source_hosts_ref ) { my $typeref = $source_hosts_ref->{$type}; - for my $interface ( sort { interface_number( $a ) <=> interface_number( $b ) } keys %$typeref ) { + for my $interface ( keys %$typeref ) { if ( get_physical( $interface ) eq '+' ) { # # Insert the interface-specific jumps before this one which is not interface-specific @@ -2375,9 +2375,9 @@ sub generate_matrix() { my $chainref = $filter_table->{$chain}; #Will be null if $chain is a Netfilter Built-in target like ACCEPT - for my $type ( sort keys %{$zone1ref->{hosts}} ) { + for my $type ( keys %{$zone1ref->{hosts}} ) { my $typeref = $zone1ref->{hosts}{$type}; - for my $interface ( sort { interface_number( $a ) <=> interface_number( $b ) } keys %$typeref ) { + for my $interface ( keys %$typeref ) { for my $hostref ( @{$typeref->{$interface}} ) { next if $hostref->{options}{sourceonly}; if ( $zone ne $zone1 || $num_ifaces > 1 || $hostref->{options}{routeback} ) { diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index 234fd7a29..70571421d 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -1799,7 +1799,7 @@ sub map_provider_to_interface() { my $haveoptional; - for my $providerref ( sort { $a->{number} cmp $b->{number} } values %providers ) { + for my $providerref ( values %providers ) { if ( $providerref->{optional} ) { unless ( $haveoptional++ ) { emit( 'if [ -n "$interface" ]; then', @@ -1963,7 +1963,7 @@ sub compile_updown() { } my @nonshared = ( grep $providers{$_}->{optional}, - sort( { $providers{$a}->{number} <=> $providers{$b}->{number} } values %provider_interfaces ) ); + values %provider_interfaces ); if ( @nonshared ) { my $interfaces = join( '|', map $providers{$_}->{physical}, @nonshared ); @@ -2158,7 +2158,7 @@ sub handle_optional_interfaces( $ ) { # names but they might derive from wildcard interface entries. Optional interfaces which do not have # wildcard physical names are also included in the providers table. # - for my $providerref ( grep $_->{optional} , sort { $a->{number} <=> $b->{number} } values %providers ) { + for my $providerref ( grep $_->{optional} , values %providers ) { push @interfaces, $providerref->{interface}; $wildcards ||= $providerref->{wildcard}; } diff --git a/Shorewall/Perl/Shorewall/Proxyarp.pm b/Shorewall/Perl/Shorewall/Proxyarp.pm index f930bf9a2..073881603 100644 --- a/Shorewall/Perl/Shorewall/Proxyarp.pm +++ b/Shorewall/Perl/Shorewall/Proxyarp.pm @@ -154,7 +154,7 @@ sub setup_proxy_arp() { emit ''; - for my $interface ( sort keys %reset ) { + for my $interface ( keys %reset ) { unless ( $set{interface} ) { my $physical = get_physical $interface; emit ( "if [ -f /proc/sys/net/ipv$family/conf/$physical/$proc_file ]; then" , @@ -163,7 +163,7 @@ sub setup_proxy_arp() { } } - for my $interface ( sort keys %set ) { + for my $interface ( keys %set ) { my $physical = get_physical $interface; emit ( "if [ -f /proc/sys/net/ipv$family/conf/$physical/$proc_file ]; then" , " echo 1 > /proc/sys/net/ipv$family/conf/$physical/$proc_file" ); diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm index ed57feaa7..fadd245b7 100644 --- a/Shorewall/Perl/Shorewall/Tc.pm +++ b/Shorewall/Perl/Shorewall/Tc.pm @@ -1924,7 +1924,7 @@ sub process_traffic_shaping() { my ( $options, $redopts ) = ( '', $tcref->{redopts} ); - for my $option ( sort keys %validredoptions ) { + for my $option ( keys %validredoptions ) { my $type = $validredoptions{$option}; if ( my $value = $redopts->{$option} ) { @@ -1943,7 +1943,7 @@ sub process_traffic_shaping() { my ( $options, $codelopts ) = ( '', $tcref->{codelopts} ); - for my $option ( sort keys %validcodeloptions ) { + for my $option ( keys %validcodeloptions ) { my $type = $validcodeloptions{$option}; if ( my $value = $codelopts->{$option} ) { diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm index 7457281c4..162fc1a93 100644 --- a/Shorewall/Perl/Shorewall/Zones.pm +++ b/Shorewall/Perl/Shorewall/Zones.pm @@ -713,10 +713,10 @@ sub zone_report() my $printed = 0; if ( $hostref ) { - for my $type ( sort keys %$hostref ) { + for my $type ( keys %$hostref ) { my $interfaceref = $hostref->{$type}; - for my $interface ( sort keys %$interfaceref ) { + for my $interface ( keys %$interfaceref ) { my $iref = $interfaces{$interface}; my $arrayref = $interfaceref->{$interface}; @@ -766,10 +766,10 @@ sub dump_zone_contents() { $entry .= ( " mark=" . in_hex( $zoneref->{mark} ) ) if exists $zoneref->{mark}; if ( $hostref ) { - for my $type ( sort keys %$hostref ) { + for my $type ( keys %$hostref ) { my $interfaceref = $hostref->{$type}; - for my $interface ( sort keys %$interfaceref ) { + for my $interface ( keys %$interfaceref ) { my $iref = $interfaces{$interface}; my $arrayref = $interfaceref->{$interface}; @@ -2219,9 +2219,9 @@ sub find_hosts_by_option( $ ) { } for my $zone ( grep ! ( $zones{$_}{type} & FIREWALL ) , @zones ) { - for my $type (sort keys %{$zones{$zone}{hosts}} ) { + for my $type (keys %{$zones{$zone}{hosts}} ) { my $interfaceref = $zones{$zone}{hosts}->{$type}; - for my $interface ( sort keys %$interfaceref ) { + for my $interface ( keys %$interfaceref ) { my $arrayref = $interfaceref->{$interface}; for my $host ( @{$arrayref} ) { my $ipsec = $host->{ipsec}; @@ -2249,9 +2249,9 @@ sub find_zone_hosts_by_option( $$ ) { my @hosts; unless ( $zones{$zone}{type} & FIREWALL ) { - for my $type (sort keys %{$zones{$zone}{hosts}} ) { + for my $type (keys %{$zones{$zone}{hosts}} ) { my $interfaceref = $zones{$zone}{hosts}->{$type}; - for my $interface ( sort keys %$interfaceref ) { + for my $interface ( keys %$interfaceref ) { my $arrayref = $interfaceref->{$interface}; for my $host ( @{$arrayref} ) { if ( my $value = $host->{options}{$option} ) {