Add infrastructure to delete the %usedactions entry for an action chain if

the chain parameters are modified.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
2013-01-18 14:54:57 -08:00
parent 4587430e4a
commit 95aab78c0d
2 changed files with 83 additions and 61 deletions

View File

@ -483,6 +483,7 @@ our %compiler_params;
# Action parameters # Action parameters
# #
our %actparms; our %actparms;
our $paramsmodified;
our $currentline; # Current config file line image our $currentline; # Current config file line image
our $currentfile; # File handle reference our $currentfile; # File handle reference
@ -938,6 +939,7 @@ sub initialize( $;$$) {
%compiler_params = (); %compiler_params = ();
%actparms = ( 0 => 0, loglevel => '', logtag => '', chain => '' ); %actparms = ( 0 => 0, loglevel => '', logtag => '', chain => '' );
$paramsmodified = 0;
%helpers_enabled = ( %helpers_enabled = (
amanda => 1, amanda => 1,
@ -2762,9 +2764,14 @@ sub embedded_perl( $ ) {
# #
# Push/pop action params # Push/pop action params
# #
sub push_action_params( $$$$ ) { sub push_action_params( $$$$$ ) {
my @params = ( undef , split_list3( $_[1], 'parameter' ) ); my @params = ( undef , split_list3( $_[1], 'parameter' ) );
my %oldparams = %actparms;
$actparms{modified} = $paramsmodified;
my %oldparms = %actparms;
$paramsmodified = 0;
%actparms = (); %actparms = ();
@ -2777,17 +2784,25 @@ sub push_action_params( $$$$ ) {
$actparms{0} = $_[0]; $actparms{0} = $_[0];
$actparms{loglevel} = $_[2]; $actparms{loglevel} = $_[2];
$actparms{logtag} = $_[3]; $actparms{logtag} = $_[3];
$actparms{caller} = $_[4];
# #
# The Shorewall variable '@chain' has the non-word charaters removed # The Shorewall variable '@chain' has the non-word charaters removed
# #
( $actparms{chain} = $_[0]->{name} ) =~ s/[^\w]//g; ( $actparms{chain} = $_[0]->{name} ) =~ s/[^\w]//g;
\%oldparams; \%oldparms;
} }
#
# Pop the action parameters using the passed hash reference
# Return true of the popped parameters were modified
#
sub pop_action_params( $ ) { sub pop_action_params( $ ) {
my $oldparms = shift; my $oldparms = shift;
%actparms = %$oldparms; %actparms = %$oldparms;
my $return = $paramsmodified;
( $paramsmodified ) = delete $actparms{modified};
$return;
} }
sub default_action_params { sub default_action_params {

View File

@ -1574,81 +1574,86 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$ );
# Populate an action invocation chain. As new action tuples are encountered, # Populate an action invocation chain. As new action tuples are encountered,
# the function will be called recursively by process_rule1(). # the function will be called recursively by process_rule1().
# #
sub process_action($) { sub process_action($$) {
my $chainref = shift; my ( $chainref, $caller ) = @_;
my $wholeaction = $chainref->{action}; my $wholeaction = $chainref->{action};
my ( $action, $level, $tag, $param ) = split /:/, $wholeaction, 4; my ( $action, $level, $tag, $param ) = split /:/, $wholeaction, 4;
if ( $targets{$action} & BUILTIN ) { if ( $targets{$action} & BUILTIN ) {
$level = '' if $level =~ /none!?/; $level = '' if $level =~ /none!?/;
$builtinops{$action}->( $chainref, $level, $tag, $param ); $builtinops{$action}->( $chainref, $level, $tag, $param );
} else { return 0;
my $actionfile = find_file "action.$action"; }
fatal_error "Missing Action File ($actionfile)" unless -f $actionfile; my $actionfile = find_file "action.$action";
progress_message2 "$doing $actionfile for chain $chainref->{name}..."; fatal_error "Missing Action File ($actionfile)" unless -f $actionfile;
push_open $actionfile, 2, 1; progress_message2 "$doing $actionfile for chain $chainref->{name}...";
my $oldparms = push_action_params( $chainref, $param, $level, $tag ); push_open $actionfile, 2, 1;
my $nolog = $actions{$action}{nolog}; my $oldparms = push_action_params( $chainref, $param, $level, $tag, $caller );
$active{$action}++; my $nolog = $actions{$action}{nolog};
push @actionstack, $wholeaction;
my $save_comment = push_comment; $active{$action}++;
push @actionstack, $wholeaction;
while ( read_a_line( NORMAL_READ ) ) { my $save_comment = push_comment;
my ($target, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper ); while ( read_a_line( NORMAL_READ ) ) {
if ( $file_format == 1 ) { my ($target, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper );
($target, $source, $dest, $proto, $ports, $sports, $rate, $user, $mark ) =
split_line1 'action file', { target => 0, source => 1, dest => 2, proto => 3, dport => 4, sport => 5, rate => 6, user => 7, mark => 8 }, $rule_commands;
$origdest = $connlimit = $time = $headers = $condition = $helper = '-';
} else {
($target, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper )
= split_line1 'action file', \%rulecolumns, $action_commands;
}
fatal_error 'TARGET must be specified' if $target eq '-'; if ( $file_format == 1 ) {
($target, $source, $dest, $proto, $ports, $sports, $rate, $user, $mark ) =
if ( $target eq 'DEFAULTS' ) { split_line1 'action file', { target => 0, source => 1, dest => 2, proto => 3, dport => 4, sport => 5, rate => 6, user => 7, mark => 8 }, $rule_commands;
default_action_params( $action, split_list $source, 'defaults' ), next if $file_format == 2; $origdest = $connlimit = $time = $headers = $condition = $helper = '-';
fatal_error 'DEFAULTS only allowed in FORMAT-2 actions'; } else {
} ($target, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper )
= split_line1 'action file', \%rulecolumns, $action_commands;
process_rule1( $chainref,
$nolog ? $target : merge_levels( "$action:$level:$tag", $target ),
'',
$source,
$dest,
$proto,
$ports,
$sports,
$origdest,
$rate,
$user,
$mark,
$connlimit,
$time,
$headers,
$condition,
$helper,
0 );
} }
pop_comment( $save_comment ); fatal_error 'TARGET must be specified' if $target eq '-';
$active{$action}--; if ( $target eq 'DEFAULTS' ) {
pop @actionstack; default_action_params( $action, split_list $source, 'defaults' ), next if $file_format == 2;
fatal_error 'DEFAULTS only allowed in FORMAT-2 actions';
}
pop_open; process_rule1( $chainref,
$nolog ? $target : merge_levels( "$action:$level:$tag", $target ),
pop_action_params( $oldparms ); '',
$source,
$dest,
$proto,
$ports,
$sports,
$origdest,
$rate,
$user,
$mark,
$connlimit,
$time,
$headers,
$condition,
$helper,
0 );
} }
pop_comment( $save_comment );
$active{$action}--;
pop @actionstack;
pop_open;
#
# Pop the action parameters and delete record of this chain if the action parameters
# were modified
#
delete $usedactions{$wholeaction} if pop_action_params( $oldparms );
} }
# #
@ -1657,7 +1662,7 @@ sub process_action($) {
sub use_policy_action( $ ) { sub use_policy_action( $ ) {
my $ref = use_action( $_[0] ); my $ref = use_action( $_[0] );
process_action( $ref ) if $ref; process_action( $ref, 'POLICY' ) if $ref;
} }
################################################################################ ################################################################################
@ -1797,7 +1802,9 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$$) {
my $oldparms = push_action_params( $chainref, my $oldparms = push_action_params( $chainref,
$param, $param,
supplied $level ? $level : 'none', supplied $level ? $level : 'none',
defined $tag ? $tag : ''); defined $tag ? $tag : '' ,
$chainref->{name} ,
);
my $inlinefile = $inlines{$inline}{file}; my $inlinefile = $inlines{$inline}{file};
my $nolog = $inlines{$inline}{nolog}; my $nolog = $inlines{$inline}{nolog};
@ -2288,7 +2295,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$ ) {
# #
# First reference to this tuple # First reference to this tuple
# #
process_action( $ref ); process_action( $ref, $chain );
# #
# Processing the action may determine that the action or one of it's dependents does NAT or HELPER, so: # Processing the action may determine that the action or one of it's dependents does NAT or HELPER, so:
# #