extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-15 04:04:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

Don't publish module interface for now

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6527 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-06-12 19:25:28 +00:00
parent adc08761e5
commit 8767b67440
3 changed files with 33 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
Shorewall-common/releasenotes.txt
View File

@ -27,9 +27,9 @@ Problems corrected in 4.0.0 Beta 5.
Other changes in Shorewall 4.0.0 Beta 5. Other changes in Shorewall 4.0.0 Beta 5.
1) The Perl compiler is now externalized. Both the program 1) The Perl compiler is now externalized. Currently only the
'compiler.pl' and the Perl Module interface compiler.pl program is documented but eventually, I plan to also
are now documented. document the Perl Module interface.
The compiler program is /usr/share/shorewall-perl/compiler.pl: The compiler program is /usr/share/shorewall-perl/compiler.pl:
@ -84,60 +84,6 @@ Other changes in Shorewall 4.0.0 Beta 5.
--directory SHOREWALL_DIR --directory SHOREWALL_DIR
--timestamp TIMESTAMP --timestamp TIMESTAMP
To use the Shorewall::Compiler module:
use lib '/usr/share/shorewall-perl';
use Shorewall::Compiler;
Two functions are exported:
configure( $export, $directory, $verbose, $timestamp )
The arguments correspond to the similarly-named
run-line options. Values passed as empty strings are
ignored.
The function will raise an exception with die if
$directory is not '' and does not name an existing
directory.
Example: configure( '', '.', 2, '' );
compiler( $objectfile )
The compiler function accepts 1 argument corresponding
to the <filename> run-line argument. If the argument is
false, then a syntax check of the configuration is
performed; otherwise, the configuration is compiled
into the file named in the argument.
Compilation errors cause the compiler to raise an
exception via die.
Important: The 'compiler' function may only be called
once in the block containing 'use
Shorewall::Compiler'. So you probably want to code this
as:
...
{
use Shorewall::Compiler;
eval {
configure( ... )
compiler( ... )
};
if ( $@ ) {
<compilation failed>
}
}
Warning: There is currently a memory leak in the compiler
caused by hard reference loops. I'll work to correct that
problem but it is not a high priority since compiler.pl only
calls Shorewall::Compiler::compiler once then exits.
Migration Considerations: Migration Considerations:
1) You cannot simply upgrade your existing Shorewall package. You must 1) You cannot simply upgrade your existing Shorewall package. You must
@ -225,7 +171,7 @@ Migration Considerations:
an error if you insert a port range into a port list and you don't an error if you insert a port range into a port list and you don't
have extended multiport support. have extended multiport support.
c) The old BRIDGEING=Yes support has been replaced by new bridge c) The old BRIDGING=Yes support has been replaced by new bridge
support that uses the reduced 'physdev match' capabilities found support that uses the reduced 'physdev match' capabilities found
in kernel 2.6.20 and later. This new implementation may be used in kernel 2.6.20 and later. This new implementation may be used
where it is desired to control traffic through a bridge. where it is desired to control traffic through a bridge.
@ -235,19 +181,19 @@ Migration Considerations:
a) A new "Bridge Port" zone type is defined. Specify 'bport' or a) A new "Bridge Port" zone type is defined. Specify 'bport' or
'bport4' in the TYPE column of /etc/shorewall/zones. 'bport4' in the TYPE column of /etc/shorewall/zones.
Bridge Port zones must be a sub-zone of a regular ipv4 zone Bridge Port zones should be a sub-zone of a regular ipv4 zone
that represents all hosts attached to the bridge. that represents all hosts attached to the bridge.
b) A new 'bridge' option is defined for entries in b) A new 'bridge' option is defined for entries in
/etc/shorewall/interfaces. Bridges should have this option /etc/shorewall/interfaces. Bridges should have this option
specified if traffic through the bridge is to be controlled specified.
with rules/policies.
c) Bridge ports must now be defined in c) Bridge ports must now be defined in
/etc/shorewall/interfaces. The INTERFACE column contains /etc/shorewall/interfaces. The INTERFACE column contains
both the bridge name and the port name separated by a colon both the bridge name and the port name separated by a colon
(e.g., "br0:eth1"). No OPTIONS are allowed for bridge (e.g., "br0:eth1"). No OPTIONS are allowed for bridge
ports. The bridge must be defined before its ports. ports. The bridge must be defined before its ports and must
have the 'bridge' option.
Bridge Port (BP) zones have a number of limitations: Bridge Port (BP) zones have a number of limitations:

36
Shorewall-perl/Shorewall/Compiler.pm
View File

@ -43,29 +43,14 @@ use Shorewall::Proc;
use Shorewall::Proxyarp; use Shorewall::Proxyarp;
our @ISA = qw(Exporter); our @ISA = qw(Exporter);
our @EXPORT = qw( compiler configure ); our @EXPORT = qw( compiler EXPORT TIMESTAMP );
our @EXPORT_OK = qw( $export ); our @EXPORT_OK = qw( $export );
our @VERSION = 1.00; our @VERSION = 1.00;
our $export = 0; our $export = 0;
# use constant { EXPORT => 0x01 ,
# Configure the compiler TIMESTAMP => 0x02 };
#
sub configure( $$$$ ) {
my ( $export_param, $shorewall_dir, $verbose, $timestamp) = @_;
$export = $export_param if $export_param;
if ( $shorewall_dir ne '' ) {
fatal_error "$shorewall_dir is not an existing directory" unless -d $shorewall_dir;
set_shorewall_dir( $shorewall_dir );
}
set_verbose( $verbose ) unless $verbose eq '';
set_timestamp( $timestamp ) unless $timestamp eq '';
}
# #
# First stage of script generation. # First stage of script generation.
# #
@ -664,12 +649,21 @@ EOF
# #
# The Compiler. # The Compiler.
# #
# If the argument is non-null, it names the script file to generate. # If the first argument is non-null, it names the script file to generate.
# Otherwise, this is a 'check' command and no script is produced. # Otherwise, this is a 'check' command and no script is produced.
# #
sub compiler( $ ) { sub compiler( $$$$ ) {
my $objectfile = $_[0]; my ( $objectfile, $directory, $verbosity, $options ) = @_;
if ( $directory ne '' ) {
fatal_error "$directory is not an existing directory" unless -d $directory;
set_shorewall_dir( $directory );
}
set_verbose( $verbosity ) unless $verbosity eq '';
$export = 1 if $options & EXPORT;
set_timestamp( 1 ) if $options & TIMESTAMP;
# #
# Get shorewall.conf and capabilities. # Get shorewall.conf and capabilities.
# #

14
Shorewall-perl/compiler.pl
View File

@ -52,15 +52,21 @@ my $result = GetOptions('export' => \$export,
't' => \$timestamp ); 't' => \$timestamp );
usage unless $result && @ARGV < 2; usage unless $result && @ARGV < 2;
eval { eval {
use Shorewall::Compiler; use Shorewall::Compiler;
configure( $export, $shorewall_dir, $verbose, $timestamp );
compiler $ARGV[0]; my $options = 0;
$options |= EXPORT if $export;
$options |= TIMESTAMP if $timestamp;
compiler $ARGV[0], $shorewall_dir, $verbose, $options;
}; };
my $foo = EXPORT;
if ( $@ ) { if ( $@ ) {
print STDERR $@; print STDERR $@;
exit 1; exit 1;
} }