Add PERL_HASH_SEED option

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2025-02-02 02:49:54 +01:00 · 2017-05-02 07:51:37 -07:00 · 2017-05-02 07:51:37 -07:00 · bb70a3637b
commit bb70a3637b
parent 6c20cc7c4f
14 changed files with 74 additions and 2 deletions
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -907,6 +907,7 @@ sub initialize( $;$$) {
 	  ZERO_MARKS => undef ,
 	  FIREWALL => undef ,
 	  BALANCE_PROVIDERS => undef ,
 	  PERL_HASH_SEED => undef ,
 	  #
 	  # Packet Disposition
 	  #
--- a/Shorewall/Samples/Universal/shorewall.conf
+++ b/Shorewall/Samples/Universal/shorewall.conf
@ -217,6 +217,8 @@ OPTIMIZE=All
 OPTIMIZE_ACCOUNTING=No
 PERL_HASH_SEED=0
 REJECT_ACTION=
 REQUIRE_INTERFACE=Yes
--- a/Shorewall/Samples/one-interface/shorewall.conf
+++ b/Shorewall/Samples/one-interface/shorewall.conf
@ -228,6 +228,8 @@ OPTIMIZE=All
 OPTIMIZE_ACCOUNTING=No
 PERL_HASH_SEED=0
 REJECT_ACTION=
 REQUIRE_INTERFACE=No
--- a/Shorewall/Samples/three-interfaces/shorewall.conf
+++ b/Shorewall/Samples/three-interfaces/shorewall.conf
@ -225,6 +225,8 @@ OPTIMIZE=All
 OPTIMIZE_ACCOUNTING=No
 PERL_HASH_SEED=0
 REJECT_ACTION=
 REQUIRE_INTERFACE=No
--- a/Shorewall/Samples/two-interfaces/shorewall.conf
+++ b/Shorewall/Samples/two-interfaces/shorewall.conf
@ -228,6 +228,8 @@ OPTIMIZE=All
 OPTIMIZE_ACCOUNTING=No
 PERL_HASH_SEED=0
 REJECT_ACTION=
 REQUIRE_INTERFACE=No
--- a/Shorewall/configfiles/shorewall.conf
+++ b/Shorewall/configfiles/shorewall.conf
@ -217,6 +217,8 @@ OPTIMIZE=All
 OPTIMIZE_ACCOUNTING=No
 PERL_HASH_SEED=0
 REJECT_ACTION=
 REQUIRE_INTERFACE=No
--- a/Shorewall/lib.cli-std
+++ b/Shorewall/lib.cli-std
@ -341,6 +341,18 @@ get_config() {
 	setup_dbl
    fi
    if [ -z "$PERL_HASH_SEED" ]; then
 	PERL_HASH_SEED=0
    else
 	case $PERL_HASH_SEED in
 	    [0-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]|random)
 	        ;;
 	    *)
 		fatal_error "Invalid setting ($PERL_HASH_SEED) for PERL_HASH_SEED"
 		;;
 	esac
    fi
    lib=$(find_file lib.cli-user)
    [ -f $lib ] && . $lib
@ -484,8 +496,17 @@ compiler() {
    #
    [ "$g_debugging" != trace -a -z "$g_preview" ] || [ -n "$g_debug" ] && g_pager=
-    PERL_HASH_SEED=0
+    case $PERL_HASH_SEED in
-    export PERL_HASH_SEED
+	random)
 	    unset PERL_HASH_SEED
 	    unset PERL_PERTURB_KEYS
 	    ;;
 	*)
 	    export PERL_HASH_SEED
 	    PERL_PERTURB_KEYS=0
 	    export PERL_PERTURB_KEYS
 	    ;;
    esac
    if [ ${PERLLIBDIR} = ${LIBEXECDIR}/shorewall ]; then
 	eval $PERL $debugflags $pc $options $@ $g_pager
--- a/Shorewall/manpages/shorewall.conf.xml
+++ b/Shorewall/manpages/shorewall.conf.xml
@ -2153,6 +2153,21 @@ LOG:info:,bar                        net                    fw</programlisting>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">PERL_HASH_SEED=</emphasis><emphasis
        role="bold"><replaceable>seed</replaceable><emphasis
        role="bold">|random</emphasis></emphasis></term>
        <listitem>
          <para>Added in Shorewall 5.1.4. Sets the Perl hash
          <replaceable>seed</replaceable> (an integer in the range 0-99999)
          when running the Shorewall rules compiler. If not specified, the
          value 0 is assumed. If <option>random</option> is specified, a
          random seed will be chosed by Perl. See perlsec(1) for additional
          information.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis
        role="bold">PROVIDER_BITS</emphasis>=[<replaceable>number</replaceable>]</term>
--- a/Shorewall6/Samples6/Universal/shorewall6.conf
+++ b/Shorewall6/Samples6/Universal/shorewall6.conf
@ -198,6 +198,8 @@ OPTIMIZE=All
 OPTIMIZE_ACCOUNTING=No
 PERL_HASH_SEED=0
 REJECT_ACTION=
 REQUIRE_INTERFACE=Yes
--- a/Shorewall6/Samples6/one-interface/shorewall6.conf
+++ b/Shorewall6/Samples6/one-interface/shorewall6.conf
@ -199,6 +199,8 @@ OPTIMIZE=All
 OPTIMIZE_ACCOUNTING=No
 PERL_HASH_SEED=0
 REJECT_ACTION=
 REQUIRE_INTERFACE=No
--- a/Shorewall6/Samples6/three-interfaces/shorewall6.conf
+++ b/Shorewall6/Samples6/three-interfaces/shorewall6.conf
@ -198,6 +198,8 @@ OPTIMIZE=All
 OPTIMIZE_ACCOUNTING=No
 PERL_HASH_SEED=0
 REJECT_ACTION=
 REQUIRE_INTERFACE=No
--- a/Shorewall6/Samples6/two-interfaces/shorewall6.conf
+++ b/Shorewall6/Samples6/two-interfaces/shorewall6.conf
@ -198,6 +198,8 @@ OPTIMIZE=All
 OPTIMIZE_ACCOUNTING=No
 PERL_HASH_SEED=0
 REJECT_ACTION=
 REQUIRE_INTERFACE=No
--- a/Shorewall6/configfiles/shorewall6.conf
+++ b/Shorewall6/configfiles/shorewall6.conf
@ -198,6 +198,8 @@ OPTIMIZE=All
 OPTIMIZE_ACCOUNTING=No
 PERL_HASH_SEED=0
 REJECT_ACTION=
 REQUIRE_INTERFACE=No
--- a/Shorewall6/manpages/shorewall6.conf.xml
+++ b/Shorewall6/manpages/shorewall6.conf.xml
@ -1890,6 +1890,21 @@ LOG:info:,bar                        net                    fw</programlisting>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">PERL_HASH_SEED=</emphasis><emphasis
        role="bold"><replaceable>seed</replaceable><emphasis
        role="bold">|random</emphasis></emphasis></term>
        <listitem>
          <para>Added in Shorewall 5.1.4. Sets the Perl hash
          <replaceable>seed</replaceable> (an integer in the range 0-99999)
          when running the Shorewall rules compiler. If not specified, the
          value 0 is assumed. If <option>random</option> is specified, a
          random seed will be chosed by Perl. See perlsec(1) for additional
          information.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis
        role="bold">PROVIDER_BITS</emphasis>=[<replaceable>number</replaceable>]</term>