mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-30 22:50:02 +02:00
Add $logaction and $logtag as variables usable within actions
- Also make action variables usable in ?if and ?elsif expressions. Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
@ -472,7 +472,7 @@ my %compiler_params;
|
|||||||
#
|
#
|
||||||
# Action parameters
|
# Action parameters
|
||||||
#
|
#
|
||||||
my @actparms;
|
my %actparms;
|
||||||
|
|
||||||
our $currentline; # Current config file line image
|
our $currentline; # Current config file line image
|
||||||
my $currentfile; # File handle reference
|
my $currentfile; # File handle reference
|
||||||
@ -901,7 +901,7 @@ sub initialize( $;$$) {
|
|||||||
|
|
||||||
%compiler_params = ();
|
%compiler_params = ();
|
||||||
|
|
||||||
@actparms = ();
|
%actparms = ( );
|
||||||
|
|
||||||
%helpers_enabled = (
|
%helpers_enabled = (
|
||||||
amanda => 1,
|
amanda => 1,
|
||||||
@ -1923,13 +1923,14 @@ sub evaluate_expression( $$$ ) {
|
|||||||
my $count = 0;
|
my $count = 0;
|
||||||
|
|
||||||
# $1 $2 $3 - $4
|
# $1 $2 $3 - $4
|
||||||
while ( $expression =~ m( ^(.*?) \$({)? (\w+) (?(2)}) (.*)$ )x ) {
|
while ( $expression =~ m( ^(.*?) \$({)? (\d+|[a-zA-Z]\w*) (?(2)}) (.*)$ )x ) {
|
||||||
my ( $first, $var, $rest ) = ( $1, $3, $4);
|
my ( $first, $var, $rest ) = ( $1, $3, $4);
|
||||||
|
|
||||||
$val = ( exists $ENV{$var} ? $ENV{$var} :
|
$val = ( exists $ENV{$var} ? $ENV{$var} :
|
||||||
exists $params{$var} ? $params{$var} :
|
exists $params{$var} ? $params{$var} :
|
||||||
exists $config{$var} ? $config{$var} :
|
exists $config{$var} ? $config{$var} :
|
||||||
exists $renamed{$var} ? $config{$renamed{$var}} :
|
exists $renamed{$var} ? $config{$renamed{$var}} :
|
||||||
|
exists $actparms{$var} ? ( $var ? $actparms{$var} : $actparms{0}->{name} ) :
|
||||||
exists $capdesc{$var} ? have_capability( $var ) : 0 );
|
exists $capdesc{$var} ? have_capability( $var ) : 0 );
|
||||||
$val = 0 unless defined $val;
|
$val = 0 unless defined $val;
|
||||||
$val = "'$val'" unless $val =~ /^-?\d+$/;
|
$val = "'$val'" unless $val =~ /^-?\d+$/;
|
||||||
@ -2469,26 +2470,28 @@ sub embedded_perl( $ ) {
|
|||||||
#
|
#
|
||||||
# Push/pop action params
|
# Push/pop action params
|
||||||
#
|
#
|
||||||
sub push_action_params( $$ ) {
|
sub push_action_params( $$$$ ) {
|
||||||
my @params = split /,/, $_[1];
|
my @params = ( undef , split /,/, $_[1] );
|
||||||
my @oldparams = @actparms;
|
my %oldparams = %actparms;
|
||||||
|
|
||||||
@actparms = ();
|
%actparms = ();
|
||||||
|
|
||||||
$actparms[0] = $_[0];
|
for ( my $i = 1; $i < @params; $i++ ) {
|
||||||
|
my $val = $params[$i];
|
||||||
|
|
||||||
for ( my $i = 1; $i <= @params; $i++ ) {
|
$actparms{$i} = $val eq '-' ? '' : $val eq '--' ? '-' : $val;
|
||||||
my $val = $params[$i - 1];
|
|
||||||
|
|
||||||
$actparms[$i] = $val eq '-' ? '' : $val eq '--' ? '-' : $val;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
\@oldparams;
|
$actparms{0} = $_[0];
|
||||||
|
$actparms{loglevel} = $_[2];
|
||||||
|
$actparms{logtag} = $_[3];
|
||||||
|
|
||||||
|
\%oldparams;
|
||||||
}
|
}
|
||||||
|
|
||||||
sub pop_action_params( $ ) {
|
sub pop_action_params( $ ) {
|
||||||
my $oldparms = shift;
|
my $oldparms = shift;
|
||||||
@actparms = @$oldparms;
|
%actparms = %$oldparms;
|
||||||
}
|
}
|
||||||
|
|
||||||
sub default_action_params {
|
sub default_action_params {
|
||||||
@ -2497,11 +2500,11 @@ sub default_action_params {
|
|||||||
|
|
||||||
for ( $i = 1; 1; $i++ ) {
|
for ( $i = 1; 1; $i++ ) {
|
||||||
last unless defined ( $val = shift );
|
last unless defined ( $val = shift );
|
||||||
my $curval = $actparms[$i];
|
my $curval = $actparms{$i};
|
||||||
$actparms[$i] = $val unless supplied( $curval );
|
$actparms{$i} = $val unless supplied( $curval );
|
||||||
}
|
}
|
||||||
|
|
||||||
fatal_error "Too Many arguments to action $action" if defined $actparms[$i];
|
fatal_error "Too Many arguments to action $action" if defined $actparms{$i};
|
||||||
}
|
}
|
||||||
|
|
||||||
sub get_action_params( $ ) {
|
sub get_action_params( $ ) {
|
||||||
@ -2512,7 +2515,7 @@ sub get_action_params( $ ) {
|
|||||||
my @return;
|
my @return;
|
||||||
|
|
||||||
for ( my $i = 1; $i <= $num; $i++ ) {
|
for ( my $i = 1; $i <= $num; $i++ ) {
|
||||||
my $val = $actparms[$i];
|
my $val = $actparms{$i};
|
||||||
push @return, defined $val ? $val eq '-' ? '' : $val eq '--' ? '-' : $val : $val;
|
push @return, defined $val ? $val eq '-' ? '' : $val eq '--' ? '-' : $val : $val;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2520,18 +2523,18 @@ sub get_action_params( $ ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
sub get_action_chain() {
|
sub get_action_chain() {
|
||||||
$actparms[0];
|
$actparms{0};
|
||||||
}
|
}
|
||||||
|
|
||||||
sub set_action_param( $$ ) {
|
sub set_action_param( $$ ) {
|
||||||
my $i = shift;
|
my $i = shift;
|
||||||
|
|
||||||
fatal_error "Parameter numbers must be numeric" unless $i =~ /^\d+$/ && $i > 0;
|
fatal_error "Parameter numbers must be numeric" unless $i =~ /^\d+$/ && $i > 0;
|
||||||
$actparms[$i] = shift;
|
$actparms{$i} = shift;
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Expand Shell Variables in the passed buffer using @actparms, %params, %shorewallrc and %config,
|
# Expand Shell Variables in the passed buffer using %actparms, %params, %shorewallrc and %config,
|
||||||
#
|
#
|
||||||
sub expand_variables( \$ ) {
|
sub expand_variables( \$ ) {
|
||||||
my ( $lineref, $count ) = ( $_[0], 0 );
|
my ( $lineref, $count ) = ( $_[0], 0 );
|
||||||
@ -2543,12 +2546,14 @@ sub expand_variables( \$ ) {
|
|||||||
my $val;
|
my $val;
|
||||||
|
|
||||||
if ( $var =~ /^\d+$/ ) {
|
if ( $var =~ /^\d+$/ ) {
|
||||||
fatal_error "Undefined parameter (\$$var)" if ( ! defined $actparms[$var] ) || ( length( $var ) > 1 && $var =~ /^0/ );
|
fatal_error "Undefined parameter (\$$var)" if ( ! defined $actparms{$var} ) || ( length( $var ) > 1 && $var =~ /^0/ );
|
||||||
$val = $var ? $actparms[$var] : $actparms[0]->{name};
|
$val = $var ? $actparms{$var} : $actparms{0}->{name};
|
||||||
} elsif ( exists $params{$var} ) {
|
} elsif ( exists $params{$var} ) {
|
||||||
$val = $params{$var};
|
$val = $params{$var};
|
||||||
} elsif ( exists $shorewallrc{$var} ) {
|
} elsif ( exists $shorewallrc{$var} ) {
|
||||||
$val = $shorewallrc{$var}
|
$val = $shorewallrc{$var}
|
||||||
|
} elsif ( exists $actparms{$var} ) {
|
||||||
|
$val = $actparms{$var};
|
||||||
} else {
|
} else {
|
||||||
fatal_error "Undefined shell variable (\$$var)" unless exists $config{$var};
|
fatal_error "Undefined shell variable (\$$var)" unless exists $config{$var};
|
||||||
$val = $config{$var};
|
$val = $config{$var};
|
||||||
@ -2657,7 +2662,7 @@ sub read_a_line($) {
|
|||||||
#
|
#
|
||||||
handle_first_entry if $first_entry;
|
handle_first_entry if $first_entry;
|
||||||
#
|
#
|
||||||
# Expand Shell Variables using %params and @actparms
|
# Expand Shell Variables using %params and %actparms
|
||||||
#
|
#
|
||||||
expand_variables( $currentline ) if $options & EXPAND_VARIABLES;
|
expand_variables( $currentline ) if $options & EXPAND_VARIABLES;
|
||||||
|
|
||||||
|
@ -579,7 +579,7 @@ sub process_policies()
|
|||||||
#
|
#
|
||||||
# Policy Rule application
|
# Policy Rule application
|
||||||
#
|
#
|
||||||
sub process_inline ($$$$$$$$$$$$$$$$$$$);
|
sub process_inline ($$$$$$$$$$$$$$$$$$$$);
|
||||||
|
|
||||||
sub policy_rules( $$$$$ ) {
|
sub policy_rules( $$$$$ ) {
|
||||||
my ( $chainref , $target, $loglevel, $default, $dropmulticast ) = @_;
|
my ( $chainref , $target, $loglevel, $default, $dropmulticast ) = @_;
|
||||||
@ -598,6 +598,7 @@ sub policy_rules( $$$$$ ) {
|
|||||||
#
|
#
|
||||||
process_inline( $inline, #Inline
|
process_inline( $inline, #Inline
|
||||||
$chainref, #Chain
|
$chainref, #Chain
|
||||||
|
$loglevel, #Log Level and Tag
|
||||||
$default, #Target
|
$default, #Target
|
||||||
$param || '', #Param
|
$param || '', #Param
|
||||||
'-', #Source
|
'-', #Source
|
||||||
@ -971,13 +972,13 @@ sub externalize( $ ) {
|
|||||||
#
|
#
|
||||||
# Define an Action
|
# Define an Action
|
||||||
#
|
#
|
||||||
sub new_action( $$$ ) {
|
sub new_action( $$$$ ) {
|
||||||
|
|
||||||
my ( $action , $type, $noinline ) = @_;
|
my ( $action , $type, $noinline, $nolog ) = @_;
|
||||||
|
|
||||||
fatal_error "Invalid action name($action)" if reserved_name( $action );
|
fatal_error "Invalid action name($action)" if reserved_name( $action );
|
||||||
|
|
||||||
$actions{$action} = { actchain => '' , noinline => $noinline } if $type & ACTION;
|
$actions{$action} = { actchain => '' , noinline => $noinline, nolog => $nolog } if $type & ACTION;
|
||||||
|
|
||||||
$targets{$action} = $type;
|
$targets{$action} = $type;
|
||||||
}
|
}
|
||||||
@ -1460,7 +1461,7 @@ sub process_actions() {
|
|||||||
#
|
#
|
||||||
# Add built-in actions to the target table and create those actions
|
# Add built-in actions to the target table and create those actions
|
||||||
#
|
#
|
||||||
$targets{$_} = new_action( $_ , ACTION + BUILTIN, 1 ) for @builtins;
|
$targets{$_} = new_action( $_ , ACTION + BUILTIN, 1, 0 ) for @builtins;
|
||||||
|
|
||||||
for my $file ( qw/actions.std actions/ ) {
|
for my $file ( qw/actions.std actions/ ) {
|
||||||
open_file $file;
|
open_file $file;
|
||||||
@ -1470,6 +1471,7 @@ sub process_actions() {
|
|||||||
|
|
||||||
my $type = ACTION;
|
my $type = ACTION;
|
||||||
my $noinline = 0;
|
my $noinline = 0;
|
||||||
|
my $nolog = 0;
|
||||||
|
|
||||||
if ( $action =~ /:/ ) {
|
if ( $action =~ /:/ ) {
|
||||||
warning_message 'Default Actions are now specified in /etc/shorewall/shorewall.conf';
|
warning_message 'Default Actions are now specified in /etc/shorewall/shorewall.conf';
|
||||||
@ -1484,6 +1486,8 @@ sub process_actions() {
|
|||||||
$type = INLINE;
|
$type = INLINE;
|
||||||
} elsif ( $_ eq 'noinline' ) {
|
} elsif ( $_ eq 'noinline' ) {
|
||||||
$noinline = 1;
|
$noinline = 1;
|
||||||
|
} elsif ( $_ eq 'nolog' ) {
|
||||||
|
$nolog = 1;
|
||||||
} else {
|
} else {
|
||||||
fatal_error "Invalid option ($_)";
|
fatal_error "Invalid option ($_)";
|
||||||
}
|
}
|
||||||
@ -1507,13 +1511,13 @@ sub process_actions() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
new_action $action, $type, $noinline;
|
new_action $action, $type, $noinline, $nolog;
|
||||||
|
|
||||||
my $actionfile = find_file( "action.$action" );
|
my $actionfile = find_file( "action.$action" );
|
||||||
|
|
||||||
fatal_error "Missing Action File ($actionfile)" unless -f $actionfile;
|
fatal_error "Missing Action File ($actionfile)" unless -f $actionfile;
|
||||||
|
|
||||||
$inlines{$action} = $actionfile if $type == INLINE;
|
$inlines{$action} = { file => $actionfile, nolog => $nolog } if $type == INLINE;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1543,7 +1547,9 @@ sub process_action( $) {
|
|||||||
|
|
||||||
push_open $actionfile;
|
push_open $actionfile;
|
||||||
|
|
||||||
my $oldparms = push_action_params( $chainref, $param );
|
my $oldparms = push_action_params( $chainref, $param, $level, $tag );
|
||||||
|
|
||||||
|
my $nolog = $actions{$action}{nolog};
|
||||||
|
|
||||||
$active{$action}++;
|
$active{$action}++;
|
||||||
push @actionstack, $wholeaction;
|
push @actionstack, $wholeaction;
|
||||||
@ -1582,7 +1588,7 @@ sub process_action( $) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
process_rule1( $chainref,
|
process_rule1( $chainref,
|
||||||
merge_levels( "$action:$level:$tag", $target ),
|
$nolog ? $target : merge_levels( "$action:$level:$tag", $target ),
|
||||||
'',
|
'',
|
||||||
$source,
|
$source,
|
||||||
$dest,
|
$dest,
|
||||||
@ -1764,8 +1770,8 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$) {
|
|||||||
#
|
#
|
||||||
# Expand an inline action rule from the rules file
|
# Expand an inline action rule from the rules file
|
||||||
#
|
#
|
||||||
sub process_inline ($$$$$$$$$$$$$$$$$$$) {
|
sub process_inline ($$$$$$$$$$$$$$$$$$$$) {
|
||||||
my ($inline, $chainref, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper, $wildcard ) = @_;
|
my ($inline, $chainref, $loglevel, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper, $wildcard ) = @_;
|
||||||
|
|
||||||
my $nocomment = no_comment;
|
my $nocomment = no_comment;
|
||||||
|
|
||||||
@ -1773,9 +1779,15 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$) {
|
|||||||
|
|
||||||
macro_comment $inline;
|
macro_comment $inline;
|
||||||
|
|
||||||
my $oldparms = push_action_params( $chainref, $param );
|
my ( $level, $tag ) = split( ':', $loglevel, 2 );
|
||||||
|
|
||||||
my $inlinefile = $inlines{$inline};
|
my $oldparms = push_action_params( $chainref,
|
||||||
|
$param,
|
||||||
|
supplied $level ? $level : 'none',
|
||||||
|
defined $tag ? $tag : '');
|
||||||
|
|
||||||
|
my $inlinefile = $inlines{$inline}{file};
|
||||||
|
my $nolog = $inlines{$inline}{nolog};
|
||||||
|
|
||||||
progress_message "..Expanding inline action $inlinefile...";
|
progress_message "..Expanding inline action $inlinefile...";
|
||||||
|
|
||||||
@ -1815,7 +1827,7 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$) {
|
|||||||
next;
|
next;
|
||||||
}
|
}
|
||||||
|
|
||||||
$mtarget = merge_levels $target, $mtarget;
|
$mtarget = merge_levels( $target, $mtarget ) unless $nolog;
|
||||||
|
|
||||||
my $action = isolate_basic_target $mtarget;
|
my $action = isolate_basic_target $mtarget;
|
||||||
|
|
||||||
@ -2277,6 +2289,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$ ) {
|
|||||||
|
|
||||||
my $generated = process_inline( $basictarget,
|
my $generated = process_inline( $basictarget,
|
||||||
$chainref,
|
$chainref,
|
||||||
|
$loglevel,
|
||||||
$target,
|
$target,
|
||||||
$current_param,
|
$current_param,
|
||||||
$source,
|
$source,
|
||||||
|
Reference in New Issue
Block a user