Add $logaction and $logtag as variables usable within actions

- Also make action variables usable in ?if and ?elsif expressions.

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Perl/Shorewall/Config.pm

@@ -472,7 +472,7 @@ my %compiler_params;
 #
 # Action parameters
 #
-my @actparms;
+my %actparms;
 
 our $currentline;            # Current config file line image
 my  $currentfile;            # File handle reference
@@ -901,7 +901,7 @@ sub initialize( $;$$) {
 
     %compiler_params = ();
 
-    @actparms = ();
+    %actparms = ( );
 
     %helpers_enabled = (
 			amanda       => 1,
@@ -1922,15 +1922,16 @@ sub evaluate_expression( $$$ ) {
     my $val;
     my $count = 0;
 
-    #                         $1      $2   $3      -     $4
-    while ( $expression =~ m( ^(.*?) \$({)? (\w+) (?(2)}) (.*)$ )x ) {
+    #                         $1      $2   $3                    -     $4
+    while ( $expression =~ m( ^(.*?) \$({)? (\d+|[a-zA-Z]\w*) (?(2)}) (.*)$ )x ) {
 	my ( $first, $var, $rest ) = ( $1, $3, $4);
 
-	$val = ( exists $ENV{$var}     ? $ENV{$var}    :
-		 exists $params{$var}  ? $params{$var} :
-		 exists $config{$var}  ? $config{$var} :
-		 exists $renamed{$var} ? $config{$renamed{$var}} :
-		 exists $capdesc{$var} ? have_capability( $var ) : 0 );
+	$val = ( exists $ENV{$var}      ? $ENV{$var}    :
+		 exists $params{$var}   ? $params{$var} :
+		 exists $config{$var}   ? $config{$var} :
+		 exists $renamed{$var}  ? $config{$renamed{$var}} :
+		 exists $actparms{$var} ? ( $var ? $actparms{$var} : $actparms{0}->{name} ) :
+		 exists $capdesc{$var}  ? have_capability( $var ) : 0 );
 	$val = 0 unless defined $val;
 	$val = "'$val'" unless $val =~ /^-?\d+$/;
 	$expression = join( '', $first, $val || 0, $rest );
@@ -2469,26 +2470,28 @@ sub embedded_perl( $ ) {
 #
 # Push/pop action params
 #
-sub push_action_params( $$ ) {
-    my @params = split /,/, $_[1];
-    my @oldparams = @actparms;
+sub push_action_params( $$$$ ) {
+    my @params = ( undef , split /,/, $_[1] );
+    my %oldparams = %actparms;
 
-    @actparms = ();
+    %actparms = ();
 
-    $actparms[0] = $_[0];
+    for ( my $i = 1; $i < @params; $i++ ) {
+	my $val = $params[$i];
 
-    for ( my $i = 1; $i <= @params; $i++ ) {
-	my $val = $params[$i - 1];
-
-	$actparms[$i] = $val eq '-' ? '' : $val eq '--' ? '-' : $val;
+	$actparms{$i} = $val eq '-' ? '' : $val eq '--' ? '-' : $val;
     }
 
-    \@oldparams;
+    $actparms{0}         = $_[0];
+    $actparms{loglevel}  = $_[2];
+    $actparms{logtag}    = $_[3];
+
+    \%oldparams;
 }
 
 sub pop_action_params( $ ) {
     my $oldparms = shift;
-    @actparms = @$oldparms;
+    %actparms = %$oldparms;
 }
 
 sub default_action_params {
@@ -2497,11 +2500,11 @@ sub default_action_params {
 
     for ( $i = 1; 1; $i++ ) {
 	last unless defined ( $val = shift );
-	my $curval = $actparms[$i];
-	$actparms[$i] = $val unless supplied( $curval );
+	my $curval = $actparms{$i};
+	$actparms{$i} = $val unless supplied( $curval );
     }
 
-    fatal_error "Too Many arguments to action $action" if defined $actparms[$i];
+    fatal_error "Too Many arguments to action $action" if defined $actparms{$i};
 }
 
 sub get_action_params( $ ) {
@@ -2512,7 +2515,7 @@ sub get_action_params( $ ) {
     my @return;
 
     for ( my $i = 1; $i <= $num; $i++ ) {
-	my $val = $actparms[$i];
+	my $val = $actparms{$i};
 	push @return, defined $val ? $val eq '-' ? '' : $val eq '--' ? '-' : $val : $val;
     }
 
@@ -2520,18 +2523,18 @@ sub get_action_params( $ ) {
 }
 
 sub get_action_chain() {
-    $actparms[0];
+    $actparms{0};
 }
 
 sub set_action_param( $$ ) {
     my $i = shift;
 
     fatal_error "Parameter numbers must be numeric" unless $i =~ /^\d+$/ && $i > 0;
-    $actparms[$i] = shift;
+    $actparms{$i} = shift;
 }
 
 #
-# Expand Shell Variables in the passed buffer using @actparms, %params, %shorewallrc and %config, 
+# Expand Shell Variables in the passed buffer using %actparms, %params, %shorewallrc and %config, 
 #
 sub expand_variables( \$ ) {
     my ( $lineref, $count ) = ( $_[0], 0 );
@@ -2543,12 +2546,14 @@ sub expand_variables( \$ ) {
 	my $val;
 
 	if ( $var =~ /^\d+$/ ) {
-	    fatal_error "Undefined parameter (\$$var)" if ( ! defined $actparms[$var] ) || ( length( $var ) > 1 && $var =~ /^0/ );
-	    $val = $var ? $actparms[$var] : $actparms[0]->{name};
+	    fatal_error "Undefined parameter (\$$var)" if ( ! defined $actparms{$var} ) || ( length( $var ) > 1 && $var =~ /^0/ );
+	    $val = $var ? $actparms{$var} : $actparms{0}->{name};
 	} elsif ( exists $params{$var} ) {
 	    $val = $params{$var};
 	} elsif ( exists $shorewallrc{$var} ) {
 	    $val = $shorewallrc{$var}
+	} elsif ( exists $actparms{$var} ) { 
+	    $val = $actparms{$var};
 	} else {
 	    fatal_error "Undefined shell variable (\$$var)" unless exists $config{$var};
 	    $val = $config{$var};
@@ -2657,7 +2662,7 @@ sub read_a_line($) {
 	    #
 	    handle_first_entry if $first_entry;
 	    #
-	    # Expand Shell Variables using %params and @actparms
+	    # Expand Shell Variables using %params and %actparms
 	    #
 	    expand_variables( $currentline ) if $options & EXPAND_VARIABLES;
 

Shorewall/Perl/Shorewall/Rules.pm

@@ -579,7 +579,7 @@ sub process_policies()
 #
 # Policy Rule application
 #
-sub process_inline ($$$$$$$$$$$$$$$$$$$);
+sub process_inline ($$$$$$$$$$$$$$$$$$$$);
 
 sub policy_rules( $$$$$ ) {
     my ( $chainref , $target, $loglevel, $default, $dropmulticast ) = @_;
@@ -598,6 +598,7 @@ sub policy_rules( $$$$$ ) {
 		#
 		process_inline( $inline,      #Inline
 				$chainref,    #Chain
+				$loglevel,    #Log Level and Tag
 				$default,     #Target
 				$param || '', #Param
 				'-',          #Source
@@ -971,13 +972,13 @@ sub externalize( $ ) {
 #
 # Define an Action
 #
-sub new_action( $$$ ) {
+sub new_action( $$$$ ) {
 
-    my ( $action , $type, $noinline ) = @_;
+    my ( $action , $type, $noinline, $nolog ) = @_;
 
     fatal_error "Invalid action name($action)" if reserved_name( $action );
 
-    $actions{$action} = { actchain => '' , noinline => $noinline } if $type & ACTION;
+    $actions{$action} = { actchain => '' , noinline => $noinline, nolog => $nolog } if $type & ACTION;
 
     $targets{$action} = $type;
 }
@@ -1460,7 +1461,7 @@ sub process_actions() {
     #
     # Add built-in actions to the target table and create those actions
     #
-    $targets{$_} = new_action( $_ , ACTION + BUILTIN, 1 ) for @builtins;
+    $targets{$_} = new_action( $_ , ACTION + BUILTIN, 1, 0 ) for @builtins;
 
     for my $file ( qw/actions.std actions/ ) {
 	open_file $file;
@@ -1470,6 +1471,7 @@ sub process_actions() {
 
 	    my $type     = ACTION;
 	    my $noinline = 0;
+	    my $nolog    = 0;
 
 	    if ( $action =~ /:/ ) {
 		warning_message 'Default Actions are now specified in /etc/shorewall/shorewall.conf';
@@ -1484,6 +1486,8 @@ sub process_actions() {
 			$type = INLINE;
 		    } elsif ( $_ eq 'noinline' ) {
 			$noinline = 1;
+		    } elsif ( $_ eq 'nolog' ) {
+			$nolog = 1;
 		    } else {
 			fatal_error "Invalid option ($_)";
 		    }
@@ -1507,13 +1511,13 @@ sub process_actions() {
 		}
 	    }
 
-	    new_action $action, $type, $noinline;
+	    new_action $action, $type, $noinline, $nolog;
 
 	    my $actionfile = find_file( "action.$action" );
 
 	    fatal_error "Missing Action File ($actionfile)" unless -f $actionfile;
 
-	    $inlines{$action} = $actionfile if $type == INLINE;
+	    $inlines{$action} = { file => $actionfile, nolog => $nolog } if $type == INLINE;
 	}
     }
 
@@ -1525,7 +1529,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$ );
 # Populate an action invocation chain. As new action tuples are encountered,
 # the function will be called recursively by process_rule1().
 #
-sub process_action( $) {
+sub process_action($) {
     my $chainref = shift;
     my $wholeaction = $chainref->{action};
     my ( $action, $level, $tag, $param ) = split /:/, $wholeaction, 4;
@@ -1543,7 +1547,9 @@ sub process_action( $) {
 
 	push_open $actionfile;
 
-	my $oldparms = push_action_params( $chainref, $param );
+	my $oldparms = push_action_params( $chainref, $param, $level, $tag );
+
+	my $nolog = $actions{$action}{nolog};
 
 	$active{$action}++;
 	push @actionstack, $wholeaction;
@@ -1582,7 +1588,7 @@ sub process_action( $) {
 	    }
 
 	    process_rule1( $chainref,
-			   merge_levels( "$action:$level:$tag", $target ),
+			   $nolog ? $target : merge_levels( "$action:$level:$tag", $target ),
 			   '',
 			   $source,
 			   $dest,
@@ -1764,8 +1770,8 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$) {
 #
 # Expand an inline action rule from the rules file
 #
-sub process_inline ($$$$$$$$$$$$$$$$$$$) {
-    my ($inline, $chainref, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper, $wildcard ) = @_;
+sub process_inline ($$$$$$$$$$$$$$$$$$$$) {
+    my ($inline, $chainref, $loglevel, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper, $wildcard ) = @_;
 
     my $nocomment = no_comment;
 
@@ -1773,9 +1779,15 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$) {
 
     macro_comment $inline;
 
-    my $oldparms = push_action_params( $chainref, $param );
+    my ( $level, $tag ) = split( ':', $loglevel, 2 );
 
-    my $inlinefile = $inlines{$inline};
+    my $oldparms   = push_action_params( $chainref,
+					 $param,
+					 supplied $level ? $level : 'none',
+					 defined  $tag   ? $tag   : '');
+
+    my $inlinefile = $inlines{$inline}{file};
+    my $nolog      = $inlines{$inline}{nolog};
 
     progress_message "..Expanding inline action $inlinefile...";
 
@@ -1815,7 +1827,7 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$) {
 	    next;
 	}
 
-	$mtarget = merge_levels $target, $mtarget;
+	$mtarget = merge_levels( $target, $mtarget ) unless $nolog;
 
 	my $action = isolate_basic_target $mtarget;
 
@@ -2277,6 +2289,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$ ) {
 
 	my $generated = process_inline( $basictarget,
 					$chainref,
+					$loglevel,
 					$target,
 					$current_param,
 					$source,