extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-24 03:31:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Allow specification of the action type via perl_action_helper().

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-02-01 12:59:48 -08:00
parent 9f82d82a92
commit 752e960f2f
2 changed files with 52 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -77,6 +77,24 @@ our @EXPORT = ( qw(
dont_move dont_move
add_interface_options add_interface_options
STANDARD
NATRULE
BUILTIN
NONAT
NATONLY
REDIRECT
ACTION
MACRO
LOGRULE
NFLOG
NFQ
CHAIN
SET
AUDIT
HELPER
INLINE
TERMINATING
%chain_table %chain_table
%targets %targets
$raw_table $raw_table
@ -88,23 +106,7 @@ our @EXPORT = ( qw(
); );
our %EXPORT_TAGS = ( our %EXPORT_TAGS = (
internal => [ qw( STANDARD internal => [ qw( NO_RESTRICT
NATRULE
BUILTIN
NONAT
NATONLY
REDIRECT
ACTION
MACRO
LOGRULE
NFLOG
NFQ
CHAIN
SET
AUDIT
HELPER
INLINE
NO_RESTRICT
PREROUTE_RESTRICT PREROUTE_RESTRICT
DESTIFACE_DISALLOW DESTIFACE_DISALLOW
INPUT_RESTRICT INPUT_RESTRICT

57
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -1675,7 +1675,7 @@ sub process_actions() {
} }
sub process_rule ( $$$$$$$$$$$$$$$$$$$ ); sub process_rule ( $$$$$$$$$$$$$$$$$$$$ );
# #
# Populate an action invocation chain. As new action tuples are encountered, # Populate an action invocation chain. As new action tuples are encountered,
@ -1731,6 +1731,7 @@ sub process_action($$) {
process_rule( $chainref, process_rule( $chainref,
'', '',
0,
$nolog ? $target : merge_levels( join(':', @actparms{'chain','loglevel','logtag'}), $target ), $nolog ? $target : merge_levels( join(':', @actparms{'chain','loglevel','logtag'}), $target ),
'', '',
$source, $source,
@ -1875,6 +1876,7 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$$) {
$generated |= process_rule( $generated |= process_rule(
$chainref, $chainref,
$matches, $matches,
0,
$mtarget, $mtarget,
$param, $param,
$msource, $msource,
@ -1994,6 +1996,7 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$$$) {
$generated |= process_rule( $generated |= process_rule(
$chainref, $chainref,
$matches, $matches,
0,
$mtarget, $mtarget,
$param, $param,
$msource, $msource,
@ -2046,9 +2049,10 @@ sub verify_audit($;$$) {
# reference is also passed when rules are being generated during processing of a macro used as a default action. # reference is also passed when rules are being generated during processing of a macro used as a default action.
# #
sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) { sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
my ( $chainref, #reference to Action Chain if we are being called from process_action(); undef otherwise my ( $chainref, #reference to Action Chain if we are being called from process_action(); undef otherwise
$rule, #Matches $rule, #Matches
$actiontype,
$target, $target,
$current_param, $current_param,
$source, $source,
@ -2086,7 +2090,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
# #
# Determine the validity of the action # Determine the validity of the action
# #
my $actiontype = $targets{$basictarget} || find_macro ( $basictarget ); $actiontype = ( $targets{$basictarget} || find_macro ( $basictarget ) ) unless $actiontype;
if ( $config{ MAPOLDACTIONS } ) { if ( $config{ MAPOLDACTIONS } ) {
( $basictarget, $actiontype , $param ) = map_old_actions( $basictarget ) unless $actiontype || supplied $param; ( $basictarget, $actiontype , $param ) = map_old_actions( $basictarget ) unless $actiontype || supplied $param;
@ -2654,8 +2658,8 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
# #
# May be called by Perl code in action bodies (regular and inline) to generate a rule. # May be called by Perl code in action bodies (regular and inline) to generate a rule.
# #
sub perl_action_helper($$) { sub perl_action_helper($$;$) {
my ( $target, $matches ) = @_; my ( $target, $matches, $actiontype ) = @_;
my $action = $actparms{action}; my $action = $actparms{action};
my $chainref = $actparms{0}; my $chainref = $actparms{0};
my $result; my $result;
@ -2667,12 +2671,14 @@ sub perl_action_helper($$) {
if ( $inlines{$action} ) { if ( $inlines{$action} ) {
$result = &process_rule( $chainref, $result = &process_rule( $chainref,
$matches, $matches,
$actiontype || 0,
$target, $target,
'', # CurrentParam '', # CurrentParam
@columns ); @columns );
} else { } else {
$result = process_rule( $chainref, $result = process_rule( $chainref,
$matches, $matches,
$actiontype || 0,
$target, $target,
'', # Current Param '', # Current Param
'-', # Source '-', # Source
@ -2719,6 +2725,7 @@ sub perl_action_tcp_helper($$) {
if ( $inlines{$action} ) { if ( $inlines{$action} ) {
$result = &process_rule( $chainref, $result = &process_rule( $chainref,
$proto, $proto,
0,
$target, $target,
'', '',
@columns[0,1], @columns[0,1],
@ -2727,7 +2734,8 @@ sub perl_action_tcp_helper($$) {
); );
} else { } else {
$result = process_rule( $chainref, $result = process_rule( $chainref,
$proto, '',
0,
$target, $target,
'', # Current Param '', # Current Param
'-', # Source '-', # Source
@ -2900,24 +2908,25 @@ sub process_raw_rule ( ) {
for my $proto ( @protos ) { for my $proto ( @protos ) {
for my $user ( @users ) { for my $user ( @users ) {
if ( process_rule( undef, if ( process_rule( undef,
'', '',
$target, 0,
'', $target,
$source, '',
$dest, $source,
$proto, $dest,
$ports, $proto,
$sports, $ports,
$origdest, $sports,
$ratelimit, $origdest,
$user, $ratelimit,
$mark, $user,
$connlimit, $mark,
$time, $connlimit,
$headers, $time,
$condition, $headers,
$helper, $condition,
$wild ) ) { $helper,
$wild ) ) {
$generated = 1; $generated = 1;
} }
} }