extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-15 12:14:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

More object file infrastructure

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5489 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-03-11 01:40:59 +00:00
parent 619d9cf0ed
commit 8685b26aa8
2 changed files with 132 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
New/compiler
View File

@ -99,7 +99,7 @@ case "$COMMAND" in
compile) compile)
[ $# -ne 2 ] && usage [ $# -ne 2 ] && usage
do_initialize do_initialize
exec perl $debug /usr/share/shorewall/compiler.pl $1 exec perl $debug /usr/share/shorewall/compiler.pl $(resolve_file $2)
;; ;;
*) *)
usage usage

137
New/compiler.pl
View File

@ -1,6 +1,9 @@
#! /usr/bin/perl -w #! /usr/bin/perl -w
use strict; use strict;
use File::Basename;
use File::Temp qw/ tempfile tempdir /;
# #
# IPSEC Option types # IPSEC Option types
# #
@ -137,6 +140,10 @@ my ( $command, $doing, $done ) = qw/ compile Compiling Compiled/; #describe the
my $line; # Current config file line my $line; # Current config file line
my $object; # Object file Handle Reference
my $indent = '';
# #
# Zone Table. # Zone Table.
# #
@ -418,6 +425,93 @@ sub default_yes_no ( $$ ) {
} }
} }
#
# Write the argument to the object file with the current indentation.
#
# Since emacs doesn't understand Perl's rendition of 'here documents', we
# use multi-line quoting instead. To make multi-line emit calls look better,
# we delete a leading newline and add one to the end.
#
sub emit ( $ ) {
my $line = $_[0];
$line =~ s/^\n//;
if ( $indent || $line ) {
$line =~ s/^/$indent/;
$line =~ s/\n(.)/\n$indent$1/g;
}
print $object "$line\n";
}
#
# Write passed message to the object with no indentation.
#
sub emit_unindented( $ ) {
print $object $_[0];
}
#
# Write a progress_message2 command to the output file.
#
sub save_progress_message( $ ) {
print $object "\n";
emit "progress_message2 $_[0]";
print $object "\n";
}
sub save_progress_message_short( $ ) {
emit "progress_message $_[0]";
}
sub indent( $ ) {
my $file = $_[0];
open IF , $file or fatal_error "Unable to open $file: $!";
while ( my $line = <IF> ) {
$line =~ s/^/$indent/ if $indent;
print $object $line;
}
close IF;
}
sub indent1( $ ) {
my $file = $_[0];
open IF , $file or fatal_error "Unable to open $file: $!";
my $do_indent = 1;
while ( my $line = <IF> ) {
if ( $line =~ /^\s+$/ ) {
print $object "\n";
$do_indent = 1;
next;
}
$line =~ s/^/$indent/ if $indent && $do_indent;
print $object $line;
$do_indent = ! ( $line =~ /\\$/ );
}
close IF;
}
sub append_file( $ ) {
my $user_exit = find_file $_[0];
unless ( $user_exit =~ /$env{SHAREDIR}/ ) {
if ( -f $user_exit ) {
save_progress_message "Processing $user_exit ...";
indent1 $user_exit;
}
}
}
# #
# Parse the passed option list and return a reference to a hash as follows: # Parse the passed option list and return a reference to a hash as follows:
# #
@ -5040,17 +5134,17 @@ sub generate_matrix() {
} }
sub create_iptables_restore_file() { sub create_iptables_restore_file() {
print "#Generated by Shorewall $env{VERSION} - " . ( localtime ) . "\n"; print $object "#Generated by Shorewall $env{VERSION} - " . ( localtime ) . "\n";
for my $table qw/raw nat mangle filter/ { for my $table qw/raw nat mangle filter/ {
print "*$table\n"; print $object "*$table\n";
my @chains; my @chains;
for my $chain ( grep $chain_table{$table}{$_}->{referenced} , ( sort keys %{$chain_table{$table}} ) ) { for my $chain ( grep $chain_table{$table}{$_}->{referenced} , ( sort keys %{$chain_table{$table}} ) ) {
my $chainref = $chain_table{$table}{$chain}; my $chainref = $chain_table{$table}{$chain};
if ( $chainref->{builtin} ) { if ( $chainref->{builtin} ) {
print ":$chainref->{name} $chainref->{policy} [0:0]\n"; print $object ":$chainref->{name} $chainref->{policy} [0:0]\n";
} else { } else {
print ":$chainref->{name} - [0:0]\n"; print $object ":$chainref->{name} - [0:0]\n";
} }
push @chains, $chainref; push @chains, $chainref;
@ -5059,10 +5153,10 @@ sub create_iptables_restore_file() {
for my $chainref ( @chains ) { for my $chainref ( @chains ) {
my $name = $chainref->{name}; my $name = $chainref->{name};
for my $rule ( @{$chainref->{rules}} ) { for my $rule ( @{$chainref->{rules}} ) {
print "-A $name $rule\n"; print $object "-A $name $rule\n";
} }
} }
print "COMMIT\n"; print $object "COMMIT\n";
} }
} }
@ -5327,8 +5421,36 @@ sub do_initialize() {
sub compile_firewall( $ ) { sub compile_firewall( $ ) {
my $objectfile = $_[0]; my $objectfile = $_[0];
my $tempfile;
my ( $dir, $file );
( $command, $doing, $done ) = qw/ check Checking Checked / unless $objectfile; ( $command, $doing, $done ) = qw/ check Checking Checked / unless $objectfile;
if ( $command eq 'compile' ) {
eval {
( $file, $dir, my $suffix ) = fileparse( $objectfile );
fatal_error "Directory $dir does not exist" unless -d $dir;
fatal_error "$dir is a Symbolic Link" if -l $dir;
fatal_error "$objectfile is a Directory" if -d $objectfile;
fatal_error "$dir is a Symbolic Link" if -l $objectfile;
fatal_error "$objectfile exists and is not a compiled script" if -e _ && ! -x _;
( $object, $tempfile ) = tempfile ( 'tempfileXXXX' , DIR => $dir );
$file = "$file.$suffix" if $suffix;
};
fatal_error "$@" if $@;
my $date = localtime;
emit "
#
# Compiled firewall script generated by Shorewall $env{VERSION} - $date
#";
}
# #
# Process the zones file. # Process the zones file.
# #
@ -5409,6 +5531,9 @@ sub compile_firewall( $ ) {
# #
unless ( $command eq 'check' ) { unless ( $command eq 'check' ) {
progress_message2 "Creating iptables-restore input..."; create_iptables_restore_file; progress_message2 "Creating iptables-restore input..."; create_iptables_restore_file;
$file = "$dir/$file";
rename $tempfile, $file;
chmod 0700, $file;
} }
} }