Eliminate return value from process_action()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-01-18 09:08:35 -08:00
parent a945b3e0dd
commit 7d443b5e2e

View File

@ -1713,6 +1713,9 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ );
# Populate an action invocation chain. As new action tuples are encountered, # Populate an action invocation chain. As new action tuples are encountered,
# the function will be called recursively by process_rule(). # the function will be called recursively by process_rule().
# #
# Note that the first two parameters are passed by reference and may be
# modified by this function.
#
sub process_action(\$\$$) { sub process_action(\$\$$) {
my ( $wholeactionref, $chainrefref, $caller ) = @_; my ( $wholeactionref, $chainrefref, $caller ) = @_;
my $wholeaction = ${$wholeactionref}; my $wholeaction = ${$wholeactionref};
@ -1795,17 +1798,16 @@ sub process_action(\$\$$) {
# #
# Pop the action parameters # Pop the action parameters
# Caller should delete record of this chain if the action parameters
# were modified (and this function returns true
# #
if ( my $result = pop_action_params( $oldparms ) ) { if ( ( my $result = pop_action_params( $oldparms ) ) & PARMSMODIFIED ) {
# #
# Modified parameters trumps USEDCALLER # The action modified its parameters -- delete it from %usedactions
# #
return PARMSMODIFIED if $result & PARMSMODIFIED; delete $usedactions{$wholeaction};
} elsif ( $result & USEDCALLER ) {
# #
# The chain uses @CALLER but doesn't modify the action parameters. # The chain uses @CALLER but doesn't modify the action parameters.
# We need to see if this chain has already called this action # We need to see if this caller has already invoked this action
# #
my $renormalized_action = insert_caller( $wholeaction, $caller ); my $renormalized_action = insert_caller( $wholeaction, $caller );
my $chain1ref = $usedactions{$renormalized_action}; my $chain1ref = $usedactions{$renormalized_action};
@ -1817,6 +1819,7 @@ sub process_action(\$\$$) {
${$chainrefref} = $chain1ref; ${$chainrefref} = $chain1ref;
# #
# We leave the new chain in place but delete it from %usedactions below # We leave the new chain in place but delete it from %usedactions below
# The optimizer will drop it from the final ruleset.
# #
} else { } else {
# #
@ -1824,7 +1827,7 @@ sub process_action(\$\$$) {
# #
$usedactions{$renormalized_action} = $chainref; $usedactions{$renormalized_action} = $chainref;
# #
# Swap the action member # Update the action member
# #
$chainref->{action} = $renormalized_action; $chainref->{action} = $renormalized_action;
} }
@ -1837,8 +1840,6 @@ sub process_action(\$\$$) {
# #
${$wholeactionref} = $renormalized_action; ${$wholeactionref} = $renormalized_action;
} }
0;
} }
# #
@ -1976,7 +1977,7 @@ sub use_policy_action( $$ ) {
my $ref = use_action( $normalized_target ); my $ref = use_action( $normalized_target );
if ( $ref ) { if ( $ref ) {
delete $usedactions{$normalized_target} if process_action( $normalized_target, $ref, $caller ); process_action( $normalized_target, $ref, $caller );
} else { } else {
$ref = $usedactions{$normalized_target}; $ref = $usedactions{$normalized_target};
} }
@ -2728,7 +2729,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
# #
# Handle actions # Handle actions
# #
my $delete_action = 0; my $actionchain; #Name of the action chain
if ( $actiontype & ACTION ) { if ( $actiontype & ACTION ) {
# #
@ -2744,18 +2745,29 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
# #
my $savestatematch = $statematch; my $savestatematch = $statematch;
$statematch = ''; $statematch = '';
#
$delete_action = process_action( $normalized_target, $ref, $chain ); # process_action may modify both $normalized_target and $ref!!!
#
process_action( $normalized_target, $ref, $chain );
#
# Capture the name of the action chain
#
$actionchain = $ref->{name};
# #
# Processing the action may determine that the action or one of it's dependents does NAT or HELPER, so: # Processing the action may determine that the action or one of it's dependents does NAT or HELPER, so:
# #
# - Refresh $actiontype # - Refresh $actiontype
# - Create the associated nat and/or table chain if appropriate. # - Create the associated nat and/or table chain if appropriate.
# #
ensure_chain( 'nat', $ref->{name} ) if ( $actiontype = $targets{$basictarget} ) & NATRULE; ensure_chain( 'nat', $actionchain ) if ( $actiontype = $targets{$basictarget} ) & NATRULE;
ensure_chain( 'raw', $ref->{name} ) if ( $actiontype & HELPER ); ensure_chain( 'raw', $actionchain ) if ( $actiontype & HELPER );
$statematch = $savestatematch; $statematch = $savestatematch;
} else {
#
# We've seen this tuple before
#
$actionchain = $usedactions{$normalized_target}->{name};
} }
$action = $basictarget; # Remove params, if any, from $action. $action = $basictarget; # Remove params, if any, from $action.
@ -2875,7 +2887,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
$ports, $ports,
$sports, $sports,
$sourceref, $sourceref,
( $actiontype & ACTION ) ? $usedactions{$normalized_target}->{name} : '', ( $actiontype & ACTION ) ? $actionchain : '',
$inchain ? $chain : '' , $inchain ? $chain : '' ,
$user , $user ,
$rule , $rule ,
@ -2897,7 +2909,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
$proto, $proto,
$ports, $ports,
$origdest, $origdest,
( $actiontype & ACTION ) ? $usedactions{$normalized_target}->{name} : '', ( $actiontype & ACTION ) ? $actionchain : '',
$action, $action,
$sourceref, $sourceref,
$inaction ? $chain : '', $inaction ? $chain : '',
@ -2954,7 +2966,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
unless ( $actiontype & NATONLY ) { unless ( $actiontype & NATONLY ) {
if ( $actiontype & ACTION ) { if ( $actiontype & ACTION ) {
$action = $usedactions{$normalized_target}{name}; $action = $actionchain;
$loglevel = ''; $loglevel = '';
} }
@ -2985,8 +2997,6 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
unless unreachable_warning( $wildcard || $section == DEFAULTACTION_SECTION, $chainref ); unless unreachable_warning( $wildcard || $section == DEFAULTACTION_SECTION, $chainref );
} }
delete $usedactions{$normalized_target} if $delete_action & PARMSMODIFIED;
return 1; return 1;
} }