From 80d54ec40b02cae5b6a7c746c9a809637e31acdc Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Mon, 18 Nov 2013 06:57:54 -0800 Subject: [PATCH] Implement ?SECTION Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Accounting.pm | 4 ++++ Shorewall/Perl/Shorewall/Config.pm | 31 ++++++++++++++++++++++++-- Shorewall/Perl/Shorewall/Rules.pm | 4 ++++ 3 files changed, 37 insertions(+), 2 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Accounting.pm b/Shorewall/Perl/Shorewall/Accounting.pm index f30e25347..21eb1b750 100644 --- a/Shorewall/Perl/Shorewall/Accounting.pm +++ b/Shorewall/Perl/Shorewall/Accounting.pm @@ -447,12 +447,16 @@ sub setup_accounting() { if ( my $fn = open_file 'accounting', 1, 1 ) { + set_section_function( &process_section ); + first_entry "$doing $fn..."; my $nonEmpty = 0; $nonEmpty |= process_accounting_rule while read_a_line( NORMAL_READ ); + clear_section_function; + if ( $nonEmpty ) { my $tableref = $chain_table{$acctable}; diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 19690b6d8..b0f80cde4 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -152,6 +152,8 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script no_comment macro_comment dump_mark_layout + set_section_function + clear_section_function $product $Product @@ -200,6 +202,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script SUPPRESS_WHITESPACE CONFIG_CONTINUATION DO_INCLUDE + DO_SECTION NORMAL_READ OPTIMIZE_POLICY_MASK @@ -626,11 +629,14 @@ use constant { PLAIN_READ => 0, # No read_a_line options CONFIG_CONTINUATION => 32, # Suppress leading whitespace if # continued line ends in ',' or ':' DO_INCLUDE => 64, # Look for INCLUDE + DO_SECTION => 128, # Look for [?]SECTION
NORMAL_READ => -1 # All options }; our %variables; # Symbol table for expanding shell variables +our $section_function; #Function Reference for handling ?section + sub process_shorewallrc($$); sub add_variables( \% ); # @@ -2150,6 +2156,17 @@ sub macro_comment( $ ) { $comment = $macro unless $comment || ! ( have_capability( 'COMMENTS' ) && $config{AUTOCOMMENT} ); } +# +# Set/clear $section_function +# +sub set_section_function( \& ) { + $section_function = $_[0]; +} + +sub clear_section_function() { + $section_function = undef; +} + # # Open a file, setting $currentfile. Returns the file's absolute pathname if the file # exists, is non-empty and was successfully opened. Terminates with a fatal error @@ -2202,7 +2219,8 @@ sub push_include() { $file_format, $max_format, $comment, - $nocomment ]; + $nocomment, + $section_function ]; } # @@ -2225,11 +2243,13 @@ sub pop_include() { $file_format, $max_format, $comment, - $nocomment ) = @$arrayref; + $nocomment, + $section_function ) = @$arrayref; } else { $currentfile = undef; $currentlinenumber = 'EOF'; clear_comment; + clear_section_function; } } @@ -2795,6 +2815,7 @@ EOF sub push_open( $;$$$ ) { my ( $file, $max , $ca, $nc ) = @_; push_include; + clear_section_function; my @a = @includestack; push @openstack, \@a; @includestack = (); @@ -3288,6 +3309,12 @@ sub read_a_line($) { } $currentline = ''; + } elsif ( ( $options & DO_SECTION ) && $currentline =~ /^s*\??SECTION\s+(.*)/i ) { + my $sectionname = $1; + fatal_error "Invalid SECTION name ($sectionname)" unless $sectionname =~ /^[-_\da-zA-Z]+$/; + fatal_error "This file does not allow ?SECTION" unless $section_function; + $section_function->($sectionname); + $currentline = ''; } else { fatal_error "Non-ASCII gunk in file" if ( $options && CHECK_GUNK ) && $currentline =~ /[^\s[:print:]]/; print "IN===> $currentline\n" if $debug; diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index 2e3bb54cd..556ee1321 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -3331,9 +3331,13 @@ sub process_rules( $ ) { if ( $fn ) { + set_section_function( &process_section ); + first_entry "$doing $fn..."; process_raw_rule while read_a_line( NORMAL_READ ); + + clear_section_function; } # # No need to finish the NEW section since no rules need to be generated