diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 470c53dc0..b3cc2ca10 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -37,7 +37,6 @@ use Shorewall::Config qw(:DEFAULT :internal); use Shorewall::Zones; use Shorewall::IPAddrs; use strict; -use sort 'stable'; our @ISA = qw(Exporter); our @EXPORT = ( qw( @@ -3707,24 +3706,6 @@ sub optimize_level0() { } } -# -# Conditionally sort a list of chain table entry references by name, if -t was specified -# - -sub keysort(\%) { - my $hashref = shift; - - return sort { $a->{name} cmp $b->{name} } keys %$hashref if $test; - return keys %$hashref; -} - -sub valuesort(\%) { - my $hashref = shift; - - return sort { $a->{name} cmp $b->{name} } values %$hashref if $test; - return values %$hashref; -} - sub optimize_level4( $$ ) { my ( $table, $tableref ) = @_; my $progress = 1; @@ -3946,7 +3927,7 @@ sub optimize_level4( $$ ) { my @chains = grep ( $_->{referenced} && ! $_->{optflags} && @{$_->{rules}} < 4 && - keys %{$_->{references}} == 1 , valuesort %$tableref ); + keys %{$_->{references}} == 1 , values %$tableref ); if ( my $chains = @chains ) { $passes++; @@ -3955,7 +3936,7 @@ sub optimize_level4( $$ ) { for my $chainref ( @chains ) { my $name = $chainref->{name}; - for my $sourceref ( map $tableref->{$_}, sortkeysiftest %{$chainref->{references}} ) { + for my $sourceref ( map $tableref->{$_}, keys %{$chainref->{references}} ) { my $name1 = $sourceref->{name}; if ( $chainref->{references}{$name1} == 1 ) { @@ -4085,7 +4066,7 @@ sub optimize_level8( $$$ ) { # # First create aliases for each renamed chain and change the {name} member. # - for my $oldname ( sortiftest @rename ) { + for my $oldname ( @rename ) { my $newname = $renamed{ $oldname } = $rename{ $oldname } . $chainseq++; trace( $tableref->{$oldname}, 'RN', 0, " Renamed $newname" ) if $debug; @@ -4598,7 +4579,7 @@ sub combine_states { sub optimize_level16( $$$ ) { my ( $table, $tableref , $passes ) = @_; - my @chains = ( grep $_->{referenced}, valuesort %{$tableref} ); + my @chains = ( grep $_->{referenced}, values %{$tableref} ); my @chains1 = @chains; my $chains = @chains; @@ -4715,7 +4696,7 @@ sub setup_zone_mss() { my $hosts = find_zone_hosts_by_option( $zone, 'mss' ); - for my $hostref ( $test ? sort { $a->[0] cmp $b->[0] } @$hosts : @$hosts ) { + for my $hostref ( @$hosts ) { my $mss = $hostref->[4]; my @mssmatch = have_capability( 'TCPMSS_MATCH' ) ? ( tcpmss => "--mss $mss:" ) : (); my @sourcedev = imatch_source_dev $hostref->[0]; @@ -7474,13 +7455,13 @@ sub set_global_variables( $$ ) { if ( $conditional ) { my ( $interface, @interfaces ); - @interfaces = sortkeysiftest %interfaceaddr; + @interfaces = keys %interfaceaddr; for $interface ( @interfaces ) { emit( qq([ -z "\$interface" -o "\$interface" = "$interface" ] && $interfaceaddr{$interface}) ); } - @interfaces = sortkeysiftest %interfacegateways; + @interfaces = keys %interfacegateways; for $interface ( @interfaces ) { emit( qq(if [ -z "\$interface" -o "\$interface" = "$interface" ]; then) ); @@ -7490,29 +7471,29 @@ sub set_global_variables( $$ ) { emit( qq(fi\n) ); } - @interfaces = sortkeysiftest %interfacemacs; + @interfaces = keys %interfacemacs; for $interface ( @interfaces ) { emit( qq([ -z "\$interface" -o "\$interface" = "$interface" ] && $interfacemacs{$interface}) ); } } else { - emit $interfaceaddr{$_} for sortkeysiftest %interfaceaddr; - emit "$interfacegateways{$_}\n" for sortkeysiftest %interfacegateways; - emit $interfacemacs{$_} for sortkeysiftest %interfacemacs; + emit $_ for values %interfaceaddr; + emit "$_\n" for values %interfacegateways; + emit $_ for values %interfacemacs; } if ( $setall ) { - emit $interfaceaddr{$_} for sortkeysiftest %interfaceaddr; - emit $interfacenets{$_} for sortkeysiftest %interfacenets; + emit $_ for values %interfaceaddrs; + emit $_ for values %interfacenets; unless ( have_capability( 'ADDRTYPE' ) ) { if ( $family == F_IPV4 ) { emit 'ALL_BCASTS="$(get_all_bcasts) 255.255.255.255"'; - emit $interfacebcasts{$_} for sortkeysiftest %interfacebcasts; + emit $_ for values %interfacebcasts; } else { emit 'ALL_ACASTS="$(get_all_acasts)"'; - emit $interfaceacasts{$_} for sortkeysiftest %interfaceacasts; + emit $_ for values %interfaceacasts; } } } @@ -8476,7 +8457,7 @@ sub add_interface_options( $ ) { # Insert jumps to the interface chains into the rules chains # for my $zone1 ( off_firewall_zones ) { - my @input_interfaces = sortkeysiftest %{zone_interfaces( $zone1 )}; + my @input_interfaces = keys %{zone_interfaces( $zone1 )}; my @forward_interfaces = @input_interfaces; if ( @input_interfaces > 1 ) { @@ -8562,7 +8543,7 @@ sub add_interface_options( $ ) { for my $zone1 ( firewall_zone, vserver_zones ) { for my $zone2 ( off_firewall_zones ) { my $chainref = $filter_table->{rules_chain( $zone1, $zone2 )}; - my @interfaces = sortkeysiftest %{zone_interfaces( $zone2 )}; + my @interfaces = keys %{zone_interfaces( $zone2 )}; my $chain1ref; for my $interface ( @interfaces ) { @@ -9003,7 +8984,7 @@ sub create_save_ipsets() { # $ipsets{$_} = 1 for ( @ipsets, @{$globals{SAVED_IPSETS}} ); - my @sets = sortkeysiftest %ipsets; + my @sets = keys %ipsets; emit( '' , ' rm -f $file' , @@ -9172,7 +9153,7 @@ sub create_load_ipsets() { # sub create_nfobjects() { - my @objects = ( sortkeysiftest %nfobjects ); + my @objects = ( keys %nfobjects ); if ( @objects ) { if ( $config{NFACCT} ) { @@ -9187,7 +9168,7 @@ sub create_nfobjects() { } } - for ( @objects ) { + for ( keys %nfobjects ) { emit( qq(if ! qt \$NFACCT get $_; then), qq( \$NFACCT add $_), qq(fi\n) ); @@ -9560,7 +9541,7 @@ sub create_stop_load( $ ) { } sub initialize_switches() { - if ( sortkeysiftest %switches ) { + if ( keys %switches ) { emit( 'if [ $COMMAND = start ]; then' ); push_indent; for my $switch ( keys %switches ) { diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm index 5f62b4859..3f9f11177 100644 --- a/Shorewall/Perl/Shorewall/Compiler.pm +++ b/Shorewall/Perl/Shorewall/Compiler.pm @@ -49,6 +49,8 @@ our $VERSION = 'MODULEVERSION'; our $export; # True when compiling for export +our $test; # True when running regression tests + our $family; # IP address family (4 or 6) our $have_arptables; # True if we have arptables rules @@ -56,8 +58,8 @@ our $have_arptables; # True if we have arptables rules # # Initilize the package-globals in the other modules # -sub initialize_package_globals( $$$$ ) { - Shorewall::Config::initialize($family, $export, $_[1], $_[2], $_[3]); +sub initialize_package_globals( $$$ ) { + Shorewall::Config::initialize($family, $export, $_[1], $_[2]); Shorewall::Chains::initialize ($family, 1, $export ); Shorewall::Zones::initialize ($family, $_[0]); Shorewall::Nat::initialize($family); @@ -586,7 +588,7 @@ sub compiler { ( '', '', -1, '', 0, '', -1, 0, 0, 0, 0, , '' , '/usr/share/shorewall/shorewallrc', '' ); $export = 0; - my $test = 0; + $test = 0; $have_arptables = 0; sub validate_boolean( $ ) { @@ -639,19 +641,18 @@ sub compiler { # # Now that we know the address family (IPv4/IPv6), we can initialize the other modules' globals # - initialize_package_globals( $update, $test, $shorewallrc, $shorewallrc1 ); - # - # Rather than continuing to extend the argument list of Config::initialize(), - # we use a set of small functions to export settings to the Config module. - # + initialize_package_globals( $update, $shorewallrc, $shorewallrc1 ); + set_config_path( $config_path ) if $config_path; + set_shorewall_dir( $directory ) if $directory ne ''; + $verbosity = 1 if $debug && $verbosity < 1; + set_verbosity( $verbosity ); set_log($log, $log_verbosity) if $log; set_timestamp( $timestamp ); set_debug( $debug , $confess ); - set_command( 'compile', 'Compiling', 'Compiled' ); # # S H O R E W A L L R C , # S H O R E W A L L . C O N F A N D C A P A B I L I T I E S @@ -669,7 +670,12 @@ sub compiler { # # Create a temp file to hold the script # - create_temp_script( $scriptfilename , $export ) if $scriptfilename; + if ( $scriptfilename ) { + set_command( 'compile', 'Compiling', 'Compiled' ); + create_temp_script( $scriptfilename , $export ); + } else { + set_command( 'check', 'Checking', 'Checked' ); + } # # Z O N E D E F I N I T I O N # (Produces no output to the compiled script) diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index b92edb8dd..3c988a4a6 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -166,11 +166,7 @@ our @EXPORT = qw( report_used_capabilities kernel_version - compiletime - - sortkeysiftest - sortvaluesiftest - sortiftest + compiletime F_IPV4 F_IPV6 @@ -268,7 +264,6 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script $debug $file_format $comment - $test %config %origin @@ -798,8 +793,6 @@ our %filecache; our $compiletime; -our $test; - sub process_shorewallrc($$); sub add_variables( \% ); # @@ -811,12 +804,9 @@ sub add_variables( \% ); # # 2. The compiler can run multiple times in the same process so it has to be # able to re-initialize its dependent modules' state. -#################################################################################################### -# Do not change the required part of this prototype unless you want to take on a lot of additional -# work (This function is called from build). -#################################################################################################### -sub initialize($;$$$$) { - ( $family, $export, $test, my ( $shorewallrc, $shorewallrc1 ) ) = @_; +# +sub initialize($;$$$) { + ( $family, $export, my ( $shorewallrc, $shorewallrc1 ) ) = @_; if ( $family == F_IPV4 ) { ( $product, $Product, $toolname, $toolNAME ) = qw( shorewall Shorewall iptables IPTABLES ); @@ -861,7 +851,7 @@ sub initialize($;$$$$) { TC_SCRIPT => '', EXPORT => 0, KLUDGEFREE => '', - VERSION => '5.2.4.1', + VERSION => '5.2.0-Beta1', CAPVERSION => 50200 , BLACKLIST_LOG_TAG => '', RELATED_LOG_TAG => '', @@ -1838,30 +1828,6 @@ sub set_command( $$$ ) { ($command, $doing, $done) = @_; } -# -# Return the keys or values of the passed hash. If $test, the keys/values will be sorted by their own values -# -sub sortkeysiftest(\%) { - my ( $hashref ) = @_; - - return sort keys %$hashref if $test; - return keys %$hashref; -} - -sub sortvaluesiftest(\%) { - my ( $hashref ) = @_; - - return sort values %$hashref if $test; - return keys %$hashref; -} - -# -# Sort a list by the list elements if $test -# -sub sortiftest(@) { - return $test ? sort @_ : @_; -} - # # Print the current TOD to STDOUT. # diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm index 3802167b4..a94dc74e9 100644 --- a/Shorewall/Perl/Shorewall/Misc.pm +++ b/Shorewall/Perl/Shorewall/Misc.pm @@ -34,7 +34,6 @@ use Shorewall::Zones; use Shorewall::Chains qw(:DEFAULT :internal); use Shorewall::Rules; use Shorewall::Proc; -use sort 'stable'; use strict; @@ -131,7 +130,7 @@ sub setup_ecn() } if ( @hosts ) { - my @interfaces = ( sortkeysiftest %interfaces ); + my @interfaces = ( keys %interfaces ); progress_message "$doing ECN control on @interfaces..."; @@ -1323,7 +1322,7 @@ sub setup_mac_lists( $ ) { $maclist_interfaces{ $hostref->[0] } = 1; } - my @maclist_interfaces = ( sortkeysiftest %maclist_interfaces ); + my @maclist_interfaces = ( keys %maclist_interfaces ); if ( $phase == 1 ) { @@ -1409,7 +1408,7 @@ sub setup_mac_lists( $ ) { # # Generate jumps from the input and forward chains # - for my $hostref ( $test ? sort { $a->[0] cmp $b->[0] } @$maclist_hosts : @$maclist_hosts ) { + for my $hostref ( @$maclist_hosts ) { my $interface = $hostref->[0]; my $ipsec = $hostref->[1]; my @policy = $ipsec && have_ipsec ? ( policy => "--pol $ipsec --dir in" ) : (); @@ -1802,7 +1801,7 @@ sub handle_complex_zone( $$ ) { my $type = $zoneref->{type}; my $source_ref = ( $zoneref->{hosts}{ipsec} ) || {}; - for my $interface ( sortkeysiftest %$source_ref ) { + for my $interface ( keys %$source_ref ) { my $sourcechainref = $filter_table->{forward_chain $interface}; my @interfacematch; my $interfaceref = find_interface $interface; @@ -1942,7 +1941,7 @@ sub add_output_jumps( $$$$$$$$ ) { my $use_output = 0; my @dest = imatch_dest_net $net; my @ipsec_out_match = match_ipsec_out $zone , $hostref; - my @zone_interfaces = sortkeysiftest %{zone_interfaces( $zone )}; + my @zone_interfaces = keys %{zone_interfaces( $zone )}; if ( @vservers || use_interface_chain( $interface, 'use_output_chain' ) || ( @{$interfacechainref->{rules}} && ! $chain1ref ) || @zone_interfaces > 1 ) { # @@ -2314,9 +2313,9 @@ sub generate_matrix() { # # Take care of PREROUTING, INPUT and OUTPUT jumps # - for my $type ( sortkeysiftest %$source_hosts_ref ) { + for my $type ( keys %$source_hosts_ref ) { my $typeref = $source_hosts_ref->{$type}; - for my $interface ( sortkeysiftest %$typeref ) { + for my $interface ( keys %$typeref ) { if ( get_physical( $interface ) eq '+' ) { # # Insert the interface-specific jumps before this one which is not interface-specific @@ -2401,9 +2400,9 @@ sub generate_matrix() { my $chainref = $filter_table->{$chain}; #Will be null if $chain is a Netfilter Built-in target like ACCEPT - for my $type ( sortkeysiftest %{$zone1ref->{hosts}} ) { + for my $type ( keys %{$zone1ref->{hosts}} ) { my $typeref = $zone1ref->{hosts}{$type}; - for my $interface ( sortkeysiftest %$typeref ) { + for my $interface ( keys %$typeref ) { for my $hostref ( @{$typeref->{$interface}} ) { next if $hostref->{options}{sourceonly}; if ( $zone ne $zone1 || $num_ifaces > 1 || $hostref->{options}{routeback} ) { diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index 4f4ad59bb..18598da14 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -1892,8 +1892,8 @@ sub map_provider_to_interface() { my $haveoptional; - for my $provider ( @providers ) { - if ( ( my $providerref=$providers{$provider} )->{optional} ) { + for my $providerref ( values %providers ) { + if ( $providerref->{optional} ) { unless ( $haveoptional++ ) { emit( 'if [ -n "$interface" ]; then', ' case $interface in' ); @@ -2054,7 +2054,8 @@ sub compile_updown() { ); } - my @nonshared = ( grep $providers{$_}->{optional}, sortvaluesiftest %provider_interfaces ); + my @nonshared = ( grep $providers{$_}->{optional}, + values %provider_interfaces ); if ( @nonshared ) { my $interfaces = join( '|', map $providers{$_}->{physical}, @nonshared ); @@ -2245,11 +2246,9 @@ sub handle_optional_interfaces() { # names but they might derive from wildcard interface entries. Optional interfaces which do not have # wildcard physical names are also included in the providers table. # - for my $provider ( @providers ) { - if ( ( my $providerref = $providers{$provider} )->{optional} ) { - push @interfaces, $providerref->{interface}; - $wildcards ||= $providerref->{wildcard}; - } + for my $providerref ( grep $_->{optional} , values %providers ) { + push @interfaces, $providerref->{interface}; + $wildcards ||= $providerref->{wildcard}; } # @@ -2297,7 +2296,17 @@ sub handle_optional_interfaces() { emit( "$physical)" ), push_indent if $wildcards; - emit qq(if [ -z "\$interface" -o "\$interface" = "$physical" ]; then); + if ( $provider eq $physical ) { + # + # Just an optional interface, or provider and interface are the same + # + emit qq(if [ -z "\$interface" -o "\$interface" = "$physical" ]; then); + } else { + # + # Provider + # + emit qq(if [ -z "\$interface" -o "\$interface" = "$physical" ]; then); + } push_indent; diff --git a/Shorewall/Perl/Shorewall/Proxyarp.pm b/Shorewall/Perl/Shorewall/Proxyarp.pm index 7051aef9f..c014bd5bd 100644 --- a/Shorewall/Perl/Shorewall/Proxyarp.pm +++ b/Shorewall/Perl/Shorewall/Proxyarp.pm @@ -155,7 +155,7 @@ sub setup_proxy_arp() { emit ''; - for my $interface ( sortkeysiftest %reset ) { + for my $interface ( keys %reset ) { unless ( $set{interface} ) { my $physical = get_physical $interface; emit ( "if [ -f /proc/sys/net/ipv$family/conf/$physical/$proc_file ]; then" , @@ -164,7 +164,7 @@ sub setup_proxy_arp() { } } - for my $interface ( sortkeysiftest %set ) { + for my $interface ( keys %set ) { my $physical = get_physical $interface; emit ( "if [ -f /proc/sys/net/ipv$family/conf/$physical/$proc_file ]; then" , " echo 1 > /proc/sys/net/ipv$family/conf/$physical/$proc_file" ); diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm index 1fc4f515f..0f7ec8ddc 100644 --- a/Shorewall/Perl/Shorewall/Zones.pm +++ b/Shorewall/Perl/Shorewall/Zones.pm @@ -29,7 +29,6 @@ package Shorewall::Zones; require Exporter; use Shorewall::Config qw(:DEFAULT :internal); use Shorewall::IPAddrs; -use sort 'stable'; use strict; @@ -848,10 +847,10 @@ sub dump_zone_contents() { $entry .= ( " mark=" . in_hex( $zoneref->{mark} ) ) if exists $zoneref->{mark}; if ( $hostref ) { - for my $type ( sortkeysiftest %$hostref ) { + for my $type ( keys %$hostref ) { my $interfaceref = $hostref->{$type}; - for my $interface ( sortkeysiftest %$interfaceref ) { + for my $interface ( keys %$interfaceref ) { my $iref = $interfaces{$interface}; my $arrayref = $interfaceref->{$interface};