mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-09 01:04:06 +01:00
Elmininate export of %usedactions
This commit is contained in:
parent
262b4044f8
commit
b56b81ef74
@ -39,19 +39,16 @@ our @EXPORT = qw(
|
||||
get_target_param
|
||||
normalize_action
|
||||
normalize_action_name
|
||||
createactionchain
|
||||
use_action
|
||||
process_actions2
|
||||
|
||||
%actions
|
||||
%usedactions
|
||||
%logactionchains
|
||||
%default_actions
|
||||
);
|
||||
our @EXPORT_OK = qw( initialize );
|
||||
our $VERSION = '4.4_16';
|
||||
|
||||
#
|
||||
# Used Actions. Each action that is actually used has an entry with value 1.
|
||||
#
|
||||
our %usedactions;
|
||||
#
|
||||
# Default actions for each policy.
|
||||
#
|
||||
@ -86,7 +83,6 @@ our $family;
|
||||
sub initialize( $ ) {
|
||||
|
||||
$family = shift;
|
||||
%usedactions = ();
|
||||
%default_actions = ( DROP => 'none' ,
|
||||
REJECT => 'none' ,
|
||||
ACCEPT => 'none' ,
|
||||
@ -149,11 +145,15 @@ sub normalize_action( $$$ ) {
|
||||
$tag = '' unless defined $tag;
|
||||
$param = '' unless defined $param;
|
||||
|
||||
( $action, $level, $tag, $param );
|
||||
join( ':', $action, $level, $tag, $param );
|
||||
}
|
||||
|
||||
sub normalize_action_name( $$$ ) {
|
||||
join (':', &normalize_action( @_ ) );
|
||||
sub normalize_action_name( $ ) {
|
||||
my $target = shift;
|
||||
my ( $action, $loglevel) = split_action $target;
|
||||
|
||||
normalize_action( $action, $loglevel, '' );
|
||||
|
||||
}
|
||||
|
||||
#
|
||||
@ -261,4 +261,62 @@ sub createactionchain( $ ) {
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# Mark an action as used and create its chain. Returns one if the chain was
|
||||
# created on this call or 0 otherwise.
|
||||
#
|
||||
sub use_action( $ ) {
|
||||
my $normalized = shift;
|
||||
|
||||
if ( $logactionchains{$normalized} ) {
|
||||
0;
|
||||
} else {
|
||||
createactionchain $normalized;
|
||||
}
|
||||
}
|
||||
|
||||
sub merge_action_levels( $$ ) {
|
||||
my $superior = shift;
|
||||
my $subordinate = shift;
|
||||
|
||||
my ( $unused, $suplevel, $suptag, $supparam ) = split /:/, $superior;
|
||||
my ( $action, $sublevel, $subtag, $subparam ) = split /:/, $subordinate;
|
||||
|
||||
assert defined $supparam;
|
||||
|
||||
if ( $suplevel =~ /!$/ ) {
|
||||
( $sublevel, $subtag ) = ( $suplevel, $subtag );
|
||||
} else {
|
||||
$sublevel = 'none' unless defined $sublevel && $sublevel ne '';
|
||||
if ( $sublevel =~ /^none~/ ) {
|
||||
$subtag = '';
|
||||
} else {
|
||||
$subtag = '' unless defined $subtag;
|
||||
}
|
||||
}
|
||||
|
||||
$subparam = $supparam unless defined $subparam && $subparam ne '';
|
||||
|
||||
join ':', $action, $sublevel, $subtag, $subparam;
|
||||
}
|
||||
|
||||
sub process_actions2 () {
|
||||
progress_message2 'Generating Transitive Closure of Used-action List...';
|
||||
|
||||
my $changed = 1;
|
||||
|
||||
while ( $changed ) {
|
||||
$changed = 0;
|
||||
for my $target (keys %logactionchains) {
|
||||
my ( $action, $level, $tag, $param ) = split ':', $target;
|
||||
my $actionref = $actions{$action};
|
||||
assert( $actionref );
|
||||
for my $action1 ( keys %{$actionref->{requires}} ) {
|
||||
my $action2 = merge_action_levels( $target, $action1 );
|
||||
$changed = 1 if use_action( $action2 );
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
1;
|
||||
|
@ -177,11 +177,7 @@ sub process_a_policy() {
|
||||
my $defaulttype = $targets{$default} || 0;
|
||||
|
||||
if ( $defaulttype & ACTION ) {
|
||||
my $normalized = "$default:none::";
|
||||
unless ( $usedactions{$normalized} ) {
|
||||
$usedactions{$normalized} = 1;
|
||||
createactionchain $normalized;
|
||||
}
|
||||
use_action( normalize_action_name $default );
|
||||
} else {
|
||||
fatal_error "Unknown Default Action ($default)";
|
||||
}
|
||||
@ -322,12 +318,7 @@ sub validate_policy()
|
||||
fatal_error "Default Action $option=$action not found";
|
||||
}
|
||||
|
||||
my $normalized = "$action:none::";
|
||||
|
||||
unless ( $usedactions{$normalized} ) {
|
||||
$usedactions{$normalized} = 1;
|
||||
createactionchain $normalized;
|
||||
}
|
||||
use_action( normalize_action_name $action );
|
||||
|
||||
$default_actions{$map{$option}} = $action;
|
||||
}
|
||||
|
@ -38,7 +38,6 @@ use strict;
|
||||
our @ISA = qw(Exporter);
|
||||
our @EXPORT = qw(
|
||||
process_actions1
|
||||
process_actions2
|
||||
process_actions3
|
||||
|
||||
process_rules
|
||||
@ -267,8 +266,9 @@ sub find_logactionchain( $ ) {
|
||||
# %<action>n is used where the <action> name is truncated on the right where necessary to ensure that the total
|
||||
# length of the chain name does not exceed 30 characters.
|
||||
#
|
||||
# The second phase (process_actions2) occurs after the rules file is scanned. The transitive closure of
|
||||
# %usedactions is generated; again, as new actions are merged into the hash, their action chains are created.
|
||||
# The second phase (process_actions2 -- see Actions.pm) occurs after the rules file is scanned. The transitive
|
||||
# closure of %usedactions is generated; again, as new actions are merged into the hash, their action chains
|
||||
# are created.
|
||||
#
|
||||
# The final phase (process_actions3) traverses the keys of %usedactions populating each chain appropriately
|
||||
# by reading the related action definition file and creating rules. Note that a given action definition file is
|
||||
@ -349,54 +349,6 @@ sub process_actions1() {
|
||||
}
|
||||
}
|
||||
|
||||
sub merge_action_levels( $$ ) {
|
||||
my $superior = shift;
|
||||
my $subordinate = shift;
|
||||
|
||||
my ( $unused, $suplevel, $suptag, $supparam ) = split /:/, $superior;
|
||||
my ( $action, $sublevel, $subtag, $subparam ) = split /:/, $subordinate;
|
||||
|
||||
assert defined $supparam;
|
||||
|
||||
if ( $suplevel =~ /!$/ ) {
|
||||
( $sublevel, $subtag ) = ( $suplevel, $subtag );
|
||||
} else {
|
||||
$sublevel = 'none' unless defined $sublevel && $sublevel ne '';
|
||||
if ( $sublevel =~ /^none~/ ) {
|
||||
$subtag = '';
|
||||
} else {
|
||||
$subtag = '' unless defined $subtag;
|
||||
}
|
||||
}
|
||||
|
||||
$subparam = $supparam unless defined $subparam && $subparam ne '';
|
||||
|
||||
join ':', $action, $sublevel, $subtag, $subparam;
|
||||
}
|
||||
|
||||
sub process_actions2 () {
|
||||
progress_message2 'Generating Transitive Closure of Used-action List...';
|
||||
|
||||
my $changed = 1;
|
||||
|
||||
while ( $changed ) {
|
||||
$changed = 0;
|
||||
for my $target (keys %usedactions) {
|
||||
my ( $action, $level, $tag, $param ) = split ':', $target;
|
||||
my $actionref = $actions{$action};
|
||||
assert( $actionref );
|
||||
for my $action1 ( keys %{$actionref->{requires}} ) {
|
||||
my $action2 = merge_action_levels $target, $action1;
|
||||
unless ( $usedactions{ $action2 } ) {
|
||||
$usedactions{ $action2 } = 1;
|
||||
createactionchain $action2;
|
||||
$changed = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# Generate chain for non-builtin action invocation
|
||||
#
|
||||
@ -601,8 +553,7 @@ sub process_actions3 () {
|
||||
'forwardUPnP' => \&forwardUPnP,
|
||||
'Limit' => \&Limit, );
|
||||
|
||||
for my $wholeaction ( keys %usedactions ) {
|
||||
my $chainref = find_logactionchain $wholeaction;
|
||||
while ( my ( $wholeaction, $chainref ) = each %logactionchains ) {
|
||||
my ( $action, $level, $tag, $param ) = split /:/, $wholeaction;
|
||||
|
||||
if ( $targets{$action} & BUILTIN ) {
|
||||
@ -834,14 +785,12 @@ sub process_rule_common ( $$$$$$$$$$$$$$$$ ) {
|
||||
# Handle actions
|
||||
#
|
||||
if ( $actiontype & ACTION ) {
|
||||
$normalized_target = normalize_action_name( $basictarget, $loglevel, $param );
|
||||
$normalized_target = normalize_action( $basictarget, $loglevel, $param );
|
||||
|
||||
if ( $inaction1 ) {
|
||||
add_requiredby( $target , $inaction1 );
|
||||
} else {
|
||||
unless ( $usedactions{$normalized_target} ) {
|
||||
$usedactions{$normalized_target} = 1;
|
||||
my $ref = createactionchain $normalized_target;
|
||||
if ( my $ref = use_action( $normalized_target ) ) {
|
||||
new_nat_chain $ref->{name} if $actiontype & ( NATRULE | NONAT );
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user