mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-30 14:42:01 +02:00
Add infrastructure to delete the %usedactions entry for an action chain if
the chain parameters are modified. Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
@ -483,6 +483,7 @@ our %compiler_params;
|
|||||||
# Action parameters
|
# Action parameters
|
||||||
#
|
#
|
||||||
our %actparms;
|
our %actparms;
|
||||||
|
our $paramsmodified;
|
||||||
|
|
||||||
our $currentline; # Current config file line image
|
our $currentline; # Current config file line image
|
||||||
our $currentfile; # File handle reference
|
our $currentfile; # File handle reference
|
||||||
@ -938,6 +939,7 @@ sub initialize( $;$$) {
|
|||||||
%compiler_params = ();
|
%compiler_params = ();
|
||||||
|
|
||||||
%actparms = ( 0 => 0, loglevel => '', logtag => '', chain => '' );
|
%actparms = ( 0 => 0, loglevel => '', logtag => '', chain => '' );
|
||||||
|
$paramsmodified = 0;
|
||||||
|
|
||||||
%helpers_enabled = (
|
%helpers_enabled = (
|
||||||
amanda => 1,
|
amanda => 1,
|
||||||
@ -2762,9 +2764,14 @@ sub embedded_perl( $ ) {
|
|||||||
#
|
#
|
||||||
# Push/pop action params
|
# Push/pop action params
|
||||||
#
|
#
|
||||||
sub push_action_params( $$$$ ) {
|
sub push_action_params( $$$$$ ) {
|
||||||
my @params = ( undef , split_list3( $_[1], 'parameter' ) );
|
my @params = ( undef , split_list3( $_[1], 'parameter' ) );
|
||||||
my %oldparams = %actparms;
|
|
||||||
|
$actparms{modified} = $paramsmodified;
|
||||||
|
|
||||||
|
my %oldparms = %actparms;
|
||||||
|
|
||||||
|
$paramsmodified = 0;
|
||||||
|
|
||||||
%actparms = ();
|
%actparms = ();
|
||||||
|
|
||||||
@ -2777,17 +2784,25 @@ sub push_action_params( $$$$ ) {
|
|||||||
$actparms{0} = $_[0];
|
$actparms{0} = $_[0];
|
||||||
$actparms{loglevel} = $_[2];
|
$actparms{loglevel} = $_[2];
|
||||||
$actparms{logtag} = $_[3];
|
$actparms{logtag} = $_[3];
|
||||||
|
$actparms{caller} = $_[4];
|
||||||
#
|
#
|
||||||
# The Shorewall variable '@chain' has the non-word charaters removed
|
# The Shorewall variable '@chain' has the non-word charaters removed
|
||||||
#
|
#
|
||||||
( $actparms{chain} = $_[0]->{name} ) =~ s/[^\w]//g;
|
( $actparms{chain} = $_[0]->{name} ) =~ s/[^\w]//g;
|
||||||
|
|
||||||
\%oldparams;
|
\%oldparms;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Pop the action parameters using the passed hash reference
|
||||||
|
# Return true of the popped parameters were modified
|
||||||
|
#
|
||||||
sub pop_action_params( $ ) {
|
sub pop_action_params( $ ) {
|
||||||
my $oldparms = shift;
|
my $oldparms = shift;
|
||||||
%actparms = %$oldparms;
|
%actparms = %$oldparms;
|
||||||
|
my $return = $paramsmodified;
|
||||||
|
( $paramsmodified ) = delete $actparms{modified};
|
||||||
|
$return;
|
||||||
}
|
}
|
||||||
|
|
||||||
sub default_action_params {
|
sub default_action_params {
|
||||||
|
@ -1574,81 +1574,86 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$ );
|
|||||||
# Populate an action invocation chain. As new action tuples are encountered,
|
# Populate an action invocation chain. As new action tuples are encountered,
|
||||||
# the function will be called recursively by process_rule1().
|
# the function will be called recursively by process_rule1().
|
||||||
#
|
#
|
||||||
sub process_action($) {
|
sub process_action($$) {
|
||||||
my $chainref = shift;
|
my ( $chainref, $caller ) = @_;
|
||||||
my $wholeaction = $chainref->{action};
|
my $wholeaction = $chainref->{action};
|
||||||
my ( $action, $level, $tag, $param ) = split /:/, $wholeaction, 4;
|
my ( $action, $level, $tag, $param ) = split /:/, $wholeaction, 4;
|
||||||
|
|
||||||
if ( $targets{$action} & BUILTIN ) {
|
if ( $targets{$action} & BUILTIN ) {
|
||||||
$level = '' if $level =~ /none!?/;
|
$level = '' if $level =~ /none!?/;
|
||||||
$builtinops{$action}->( $chainref, $level, $tag, $param );
|
$builtinops{$action}->( $chainref, $level, $tag, $param );
|
||||||
} else {
|
return 0;
|
||||||
my $actionfile = find_file "action.$action";
|
}
|
||||||
|
|
||||||
fatal_error "Missing Action File ($actionfile)" unless -f $actionfile;
|
my $actionfile = find_file "action.$action";
|
||||||
|
|
||||||
progress_message2 "$doing $actionfile for chain $chainref->{name}...";
|
fatal_error "Missing Action File ($actionfile)" unless -f $actionfile;
|
||||||
|
|
||||||
push_open $actionfile, 2, 1;
|
progress_message2 "$doing $actionfile for chain $chainref->{name}...";
|
||||||
|
|
||||||
my $oldparms = push_action_params( $chainref, $param, $level, $tag );
|
push_open $actionfile, 2, 1;
|
||||||
|
|
||||||
my $nolog = $actions{$action}{nolog};
|
my $oldparms = push_action_params( $chainref, $param, $level, $tag, $caller );
|
||||||
|
|
||||||
$active{$action}++;
|
my $nolog = $actions{$action}{nolog};
|
||||||
push @actionstack, $wholeaction;
|
|
||||||
|
|
||||||
my $save_comment = push_comment;
|
$active{$action}++;
|
||||||
|
push @actionstack, $wholeaction;
|
||||||
|
|
||||||
while ( read_a_line( NORMAL_READ ) ) {
|
my $save_comment = push_comment;
|
||||||
|
|
||||||
my ($target, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper );
|
while ( read_a_line( NORMAL_READ ) ) {
|
||||||
|
|
||||||
if ( $file_format == 1 ) {
|
my ($target, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper );
|
||||||
($target, $source, $dest, $proto, $ports, $sports, $rate, $user, $mark ) =
|
|
||||||
split_line1 'action file', { target => 0, source => 1, dest => 2, proto => 3, dport => 4, sport => 5, rate => 6, user => 7, mark => 8 }, $rule_commands;
|
|
||||||
$origdest = $connlimit = $time = $headers = $condition = $helper = '-';
|
|
||||||
} else {
|
|
||||||
($target, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper )
|
|
||||||
= split_line1 'action file', \%rulecolumns, $action_commands;
|
|
||||||
}
|
|
||||||
|
|
||||||
fatal_error 'TARGET must be specified' if $target eq '-';
|
if ( $file_format == 1 ) {
|
||||||
|
($target, $source, $dest, $proto, $ports, $sports, $rate, $user, $mark ) =
|
||||||
if ( $target eq 'DEFAULTS' ) {
|
split_line1 'action file', { target => 0, source => 1, dest => 2, proto => 3, dport => 4, sport => 5, rate => 6, user => 7, mark => 8 }, $rule_commands;
|
||||||
default_action_params( $action, split_list $source, 'defaults' ), next if $file_format == 2;
|
$origdest = $connlimit = $time = $headers = $condition = $helper = '-';
|
||||||
fatal_error 'DEFAULTS only allowed in FORMAT-2 actions';
|
} else {
|
||||||
}
|
($target, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper )
|
||||||
|
= split_line1 'action file', \%rulecolumns, $action_commands;
|
||||||
process_rule1( $chainref,
|
|
||||||
$nolog ? $target : merge_levels( "$action:$level:$tag", $target ),
|
|
||||||
'',
|
|
||||||
$source,
|
|
||||||
$dest,
|
|
||||||
$proto,
|
|
||||||
$ports,
|
|
||||||
$sports,
|
|
||||||
$origdest,
|
|
||||||
$rate,
|
|
||||||
$user,
|
|
||||||
$mark,
|
|
||||||
$connlimit,
|
|
||||||
$time,
|
|
||||||
$headers,
|
|
||||||
$condition,
|
|
||||||
$helper,
|
|
||||||
0 );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
pop_comment( $save_comment );
|
fatal_error 'TARGET must be specified' if $target eq '-';
|
||||||
|
|
||||||
$active{$action}--;
|
if ( $target eq 'DEFAULTS' ) {
|
||||||
pop @actionstack;
|
default_action_params( $action, split_list $source, 'defaults' ), next if $file_format == 2;
|
||||||
|
fatal_error 'DEFAULTS only allowed in FORMAT-2 actions';
|
||||||
|
}
|
||||||
|
|
||||||
pop_open;
|
process_rule1( $chainref,
|
||||||
|
$nolog ? $target : merge_levels( "$action:$level:$tag", $target ),
|
||||||
pop_action_params( $oldparms );
|
'',
|
||||||
|
$source,
|
||||||
|
$dest,
|
||||||
|
$proto,
|
||||||
|
$ports,
|
||||||
|
$sports,
|
||||||
|
$origdest,
|
||||||
|
$rate,
|
||||||
|
$user,
|
||||||
|
$mark,
|
||||||
|
$connlimit,
|
||||||
|
$time,
|
||||||
|
$headers,
|
||||||
|
$condition,
|
||||||
|
$helper,
|
||||||
|
0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
pop_comment( $save_comment );
|
||||||
|
|
||||||
|
$active{$action}--;
|
||||||
|
pop @actionstack;
|
||||||
|
|
||||||
|
pop_open;
|
||||||
|
|
||||||
|
#
|
||||||
|
# Pop the action parameters and delete record of this chain if the action parameters
|
||||||
|
# were modified
|
||||||
|
#
|
||||||
|
delete $usedactions{$wholeaction} if pop_action_params( $oldparms );
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -1657,7 +1662,7 @@ sub process_action($) {
|
|||||||
sub use_policy_action( $ ) {
|
sub use_policy_action( $ ) {
|
||||||
my $ref = use_action( $_[0] );
|
my $ref = use_action( $_[0] );
|
||||||
|
|
||||||
process_action( $ref ) if $ref;
|
process_action( $ref, 'POLICY' ) if $ref;
|
||||||
}
|
}
|
||||||
|
|
||||||
################################################################################
|
################################################################################
|
||||||
@ -1797,7 +1802,9 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$$) {
|
|||||||
my $oldparms = push_action_params( $chainref,
|
my $oldparms = push_action_params( $chainref,
|
||||||
$param,
|
$param,
|
||||||
supplied $level ? $level : 'none',
|
supplied $level ? $level : 'none',
|
||||||
defined $tag ? $tag : '');
|
defined $tag ? $tag : '' ,
|
||||||
|
$chainref->{name} ,
|
||||||
|
);
|
||||||
|
|
||||||
my $inlinefile = $inlines{$inline}{file};
|
my $inlinefile = $inlines{$inline}{file};
|
||||||
my $nolog = $inlines{$inline}{nolog};
|
my $nolog = $inlines{$inline}{nolog};
|
||||||
@ -2288,7 +2295,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$ ) {
|
|||||||
#
|
#
|
||||||
# First reference to this tuple
|
# First reference to this tuple
|
||||||
#
|
#
|
||||||
process_action( $ref );
|
process_action( $ref, $chain );
|
||||||
#
|
#
|
||||||
# Processing the action may determine that the action or one of it's dependents does NAT or HELPER, so:
|
# Processing the action may determine that the action or one of it's dependents does NAT or HELPER, so:
|
||||||
#
|
#
|
||||||
|
Reference in New Issue
Block a user