extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-02-02 10:59:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

Maintain order when multiple instances of a match are separated.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-04-17 06:52:32 -07:00
parent 0da38cc38e
commit 8b91575c9e
1 changed files with 23 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -834,8 +834,9 @@ sub set_rule_option( $$$ ) {
} }
} else { } else {
$ruleref->{$option} = $value; $ruleref->{$option} = $value;
push @{$ruleref->{matches}}, $option;
} }
push @{$ruleref->{matches}}, $option;
} }
sub transform_rule( $;\$ ) { sub transform_rule( $;\$ ) {
@ -945,28 +946,38 @@ sub set_rule_target( $$$ ) {
sub format_option( $$ ) { sub format_option( $$ ) {
my ( $option, $value ) = @_; my ( $option, $value ) = @_;
my $list = reftype $value ? $value : [ $value ]; assert( ! reftype $value );
my $rule = ''; my $rule = '';
s/\s*$//, $rule .= join( ' ' , ' -m', $option, $_ ) for @$list; $value =~ s/\s*$//;
$rule .= join( ' ' , ' -m', $option, $value );
$rule; $rule;
} }
sub debug() { #
return 1; # And one that 'pops' an option value
#
sub pop_match( $$ ) {
my ( $ruleref, $option ) = @_;
my $value = $ruleref->{$option};
$value = shift @{$ruleref->{$option}} if reftype $value;
$value;
} }
sub format_rule( $$;$ ) { sub format_rule( $$;$ ) {
my ( $chainref, $ruleref, $suppresshdr ) = @_; my ( $chainref, $rulerefp, $suppresshdr ) = @_;
return $ruleref->{cmd} if exists $ruleref->{cmd}; return $rulerefp->{cmd} if exists $rulerefp->{cmd};
debug if $chainref->{name} eq 'drct-net';
my $rule = $suppresshdr ? '' : "-A $chainref->{name}"; my $rule = $suppresshdr ? '' : "-A $chainref->{name}";
my $ruleref = clone_rule( $rulerefp );
for ( @unique_options ) { for ( @unique_options ) {
if ( exists $ruleref->{$_} ) { if ( exists $ruleref->{$_} ) {
my $value = $ruleref->{$_}; my $value = $ruleref->{$_};
@ -989,10 +1000,8 @@ sub format_rule( $$;$ ) {
$rule .= format_option( 'state', $ruleref->{state} ); $rule .= format_option( 'state', $ruleref->{state} );
} }
my %done;
for ( grep ! $opttype{$_}, @{$ruleref->{matches}} ) { for ( grep ! $opttype{$_}, @{$ruleref->{matches}} ) {
$rule .= format_option( $_, $ruleref->{$_} ) unless $done{$_}++; $rule .= format_option( $_, pop_match( $ruleref, $_ ) );
} }
if ( $ruleref->{target} ) { if ( $ruleref->{target} ) {
@ -1327,8 +1336,9 @@ sub push_matches {
} else { } else {
$ruleref->{$option} = $value; $ruleref->{$option} = $value;
$dont_optimize ||= $option =~ /^[piosd]$/ && $value =~ /^!/; $dont_optimize ||= $option =~ /^[piosd]$/ && $value =~ /^!/;
push @{$ruleref->{matches}}, $option;
} }
push @{$ruleref->{matches}}, $option;
} }
DONT_OPTIMIZE if $dont_optimize; DONT_OPTIMIZE if $dont_optimize;