Revert condition initialization patch.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-11-30 07:31:29 -08:00
parent e60369728a
commit 6702bb1989
3 changed files with 14 additions and 28 deletions

View File

@ -25,7 +25,7 @@
# loaded after this one and replaces some of the functions declared here. # loaded after this one and replaces some of the functions declared here.
# #
SHOREWALL_CAPVERSION=40510 SHOREWALL_CAPVERSION=40509
[ -n "${g_program:=shorewall}" ] [ -n "${g_program:=shorewall}" ]
@ -2114,7 +2114,6 @@ determine_capabilities() {
ACCOUNT_TARGET= ACCOUNT_TARGET=
AUDIT_TARGET= AUDIT_TARGET=
CONDITION_MATCH= CONDITION_MATCH=
CONDITION_INIT=
IPTABLES_S= IPTABLES_S=
BASIC_FILTER= BASIC_FILTER=
CT_TARGET= CT_TARGET=
@ -2417,10 +2416,7 @@ determine_capabilities() {
qt $g_tool -A $chain -j AUDIT --type drop && AUDIT_TARGET=Yes qt $g_tool -A $chain -j AUDIT --type drop && AUDIT_TARGET=Yes
if qt $g_tool -A $chain -m condition --condition foo; then qt $g_tool -A $chain -m condition --condition foo && CONDITION_MATCH=Yes
CONDITION_MATCH=Yes
qt $g_tool -A $chain -m condition --condition foo --condinit 1 && CONDITION_INIT=Yes
fi
qt $g_tool -S INPUT && IPTABLES_S=Yes qt $g_tool -S INPUT && IPTABLES_S=Yes
qt $g_tool -F $chain qt $g_tool -F $chain
@ -2522,7 +2518,6 @@ report_capabilities() {
report_capability "AUDIT Target (AUDIT_TARGET)" $AUDIT_TARGET report_capability "AUDIT Target (AUDIT_TARGET)" $AUDIT_TARGET
report_capability "ipset V5 (IPSET_V5)" $IPSET_V5 report_capability "ipset V5 (IPSET_V5)" $IPSET_V5
report_capability "Condition Match (CONDITION_MATCH)" $CONDITION_MATCH report_capability "Condition Match (CONDITION_MATCH)" $CONDITION_MATCH
[ -n "$CONDITION_MATCH" ] && report_capability "Condition Initialize (CONDITION_INIT)" $CONDITION_INIT
report_capability "Statistic Match (STATISTIC_MATCH)" $STATISTIC_MATCH report_capability "Statistic Match (STATISTIC_MATCH)" $STATISTIC_MATCH
report_capability "IMQ Target (IMQ_TARGET)" $IMQ_TARGET report_capability "IMQ Target (IMQ_TARGET)" $IMQ_TARGET
report_capability "DSCP Match (DSCP_MATCH)" $DSCP_MATCH report_capability "DSCP Match (DSCP_MATCH)" $DSCP_MATCH
@ -2633,7 +2628,6 @@ report_capabilities1() {
report_capability1 AUDIT_TARGET report_capability1 AUDIT_TARGET
report_capability1 IPSET_V5 report_capability1 IPSET_V5
report_capability1 CONDITION_MATCH report_capability1 CONDITION_MATCH
report_capability1 CONDITION_INIT
report_capability1 IPTABLES_S report_capability1 IPTABLES_S
report_capability1 BASIC_FILTER report_capability1 BASIC_FILTER
report_capability1 CT_TARGET report_capability1 CT_TARGET

View File

@ -4662,18 +4662,15 @@ sub do_condition( $$ ) {
fatal_error "Invalid switch name ($condition)" unless $condition =~ /^[a-zA-Z][-\w]*$/ && length $condition <= 30; fatal_error "Invalid switch name ($condition)" unless $condition =~ /^[a-zA-Z][-\w]*$/ && length $condition <= 30;
my $initialization = '';
if ( defined $initialize ) { if ( defined $initialize ) {
if ( my $switchref = $switches{$condition} ) { if ( my $switchref = $switches{$condition} ) {
fatal_error "Switch $condition was previously initialized to $switchref->{setting} at $switchref->{where}" unless $switchref->{setting} == $initialize; fatal_error "Switch $condition was previously initialized to $switchref->{setting} at $switchref->{where}" unless $switchref->{setting} == $initialize;
} else { } else {
$initialization = "--condinit $initialize " if have_capability 'CONDITION_INIT';
$switches{$condition} = { setting => $initialize, where => currentlineinfo }; $switches{$condition} = { setting => $initialize, where => currentlineinfo };
} }
} }
"-m condition ${invert}--condition $condition $initialization" "-m condition ${invert}--condition $condition "
} }
@ -7486,19 +7483,17 @@ sub create_stop_load( $ ) {
} }
sub initialize_switches() { sub initialize_switches() {
unless ( have_capability 'CONDITION_INIT' ) { if ( keys %switches ) {
if ( keys %switches ) { push_indent; push_indent;
push_indent; push_indent; emit( 'if [ $COMMAND = start ]; then' );
emit( 'if [ $COMMAND = start ]; then' ); push_indent;
push_indent; while ( my ( $switch, $setting ) = each %switches ) {
while ( my ( $switch, $setting ) = each %switches ) { my $file = "/proc/net/nf_condition/$switch";
my $file = "/proc/net/nf_condition/$switch"; emit "[ -f $file ] && echo $setting->{setting} > $file";
emit "[ -f $file ] && echo $setting->{setting} > $file";
}
pop_indent;
emit "fi\n";
pop_indent; pop_indent;
} }
pop_indent;
emit "fi\n";
pop_indent; pop_indent;
} }
} }

View File

@ -610,7 +610,7 @@ sub initialize( $;$$) {
KLUDGEFREE => '', KLUDGEFREE => '',
STATEMATCH => '-m state --state', STATEMATCH => '-m state --state',
VERSION => "4.5.8-Beta2", VERSION => "4.5.8-Beta2",
CAPVERSION => 40510 , CAPVERSION => 40509 ,
); );
# #
# From shorewall.conf file # From shorewall.conf file
@ -841,7 +841,6 @@ sub initialize( $;$$) {
ACCOUNT_TARGET => undef, ACCOUNT_TARGET => undef,
AUDIT_TARGET => undef, AUDIT_TARGET => undef,
CONDITION_MATCH => undef, CONDITION_MATCH => undef,
CONDITION_INIT => undef,
IPTABLES_S => undef, IPTABLES_S => undef,
BASIC_FILTER => undef, BASIC_FILTER => undef,
CT_TARGET => undef, CT_TARGET => undef,
@ -3515,7 +3514,6 @@ our %detect_capability =
CHECKSUM_TARGET => \&Checksum_Target, CHECKSUM_TARGET => \&Checksum_Target,
CLASSIFY_TARGET => \&Classify_Target, CLASSIFY_TARGET => \&Classify_Target,
CONDITION_MATCH => \&Condition_Match, CONDITION_MATCH => \&Condition_Match,
CONDITION_INIT => \&Condition_Init,
COMMENTS => \&Comments, COMMENTS => \&Comments,
CONNLIMIT_MATCH => \&Connlimit_Match, CONNLIMIT_MATCH => \&Connlimit_Match,
CONNMARK => \&Connmark, CONNMARK => \&Connmark,
@ -3713,7 +3711,6 @@ sub determine_capabilities() {
$capabilities{AUDIT_TARGET} = detect_capability( 'AUDIT_TARGET' ); $capabilities{AUDIT_TARGET} = detect_capability( 'AUDIT_TARGET' );
$capabilities{IPSET_V5} = detect_capability( 'IPSET_V5' ); $capabilities{IPSET_V5} = detect_capability( 'IPSET_V5' );
$capabilities{CONDITION_MATCH} = detect_capability( 'CONDITION_MATCH' ); $capabilities{CONDITION_MATCH} = detect_capability( 'CONDITION_MATCH' );
$capabilities{CONDITION_INIT} = detect_capability( 'CONDITION_INIT' );
$capabilities{IPTABLES_S} = detect_capability( 'IPTABLES_S' ); $capabilities{IPTABLES_S} = detect_capability( 'IPTABLES_S' );
$capabilities{BASIC_FILTER} = detect_capability( 'BASIC_FILTER' ); $capabilities{BASIC_FILTER} = detect_capability( 'BASIC_FILTER' );
$capabilities{CT_TARGET} = detect_capability( 'CT_TARGET' ); $capabilities{CT_TARGET} = detect_capability( 'CT_TARGET' );