mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-15 10:08:43 +01:00
Add correct reference counting to merge_rules()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
ea4b8cdb6f
commit
e693665be1
@ -786,41 +786,6 @@ sub format_rule( $$;$ ) {
|
|||||||
$rule;
|
$rule;
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
|
||||||
# Merge two rules.
|
|
||||||
#
|
|
||||||
sub merge_rules( $$$ ) {
|
|
||||||
my ( $tableref, $toref, $fromref ) = @_;
|
|
||||||
|
|
||||||
my $target = $fromref->{target};
|
|
||||||
#
|
|
||||||
# Since the 'to' rule is a jump to a chain containing the 'from' rule, we
|
|
||||||
# assume that common unique option values are compatible (such as 'tcp' and
|
|
||||||
# 'tcp ! syn').
|
|
||||||
#
|
|
||||||
for my $option ( @unique_options ) {
|
|
||||||
$toref->{$option} = $fromref->{$option} if exists $fromref->{$option};
|
|
||||||
}
|
|
||||||
|
|
||||||
for my $option ( grep ! $opttype{$_}, keys %$fromref ) {
|
|
||||||
set_rule_option( $toref, $option, $fromref->{$option} );
|
|
||||||
}
|
|
||||||
|
|
||||||
unless ( $toref->{state} ) {
|
|
||||||
set_rule_option ( $toref, 'state', $fromref->{state} ) if $fromref->{state};
|
|
||||||
}
|
|
||||||
|
|
||||||
set_rule_option( $toref, 'policy', $fromref->{policy} ) if exists $fromref->{policy};
|
|
||||||
|
|
||||||
$toref->{target} = $target;
|
|
||||||
$toref->{targetopts} = $fromref->{targetopts} if $fromref->{targetopts};
|
|
||||||
$toref->{jump} = 'j' unless $tableref->{$target};
|
|
||||||
|
|
||||||
unless ( $toref->{comment} ) {
|
|
||||||
$toref->{comment} = $fromref->{comment} if exists $fromref->{comment};
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Trace a change to the chain table
|
# Trace a change to the chain table
|
||||||
#
|
#
|
||||||
@ -2374,6 +2339,48 @@ sub replace_references( $$$ ) {
|
|||||||
delete_chain $chainref;
|
delete_chain $chainref;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Merge two rules.
|
||||||
|
#
|
||||||
|
sub merge_rules( $$$ ) {
|
||||||
|
my ( $tableref, $toref, $fromref ) = @_;
|
||||||
|
|
||||||
|
my $target = $fromref->{target};
|
||||||
|
#
|
||||||
|
# Since the 'to' rule is a jump to a chain containing the 'from' rule, we
|
||||||
|
# assume that common unique option values are compatible (such as 'tcp' and
|
||||||
|
# 'tcp ! syn').
|
||||||
|
#
|
||||||
|
for my $option ( @unique_options ) {
|
||||||
|
$toref->{$option} = $fromref->{$option} if exists $fromref->{$option};
|
||||||
|
}
|
||||||
|
|
||||||
|
for my $option ( grep ! $opttype{$_}, keys %$fromref ) {
|
||||||
|
set_rule_option( $toref, $option, $fromref->{$option} );
|
||||||
|
}
|
||||||
|
|
||||||
|
unless ( $toref->{state} ) {
|
||||||
|
set_rule_option ( $toref, 'state', $fromref->{state} ) if $fromref->{state};
|
||||||
|
}
|
||||||
|
|
||||||
|
set_rule_option( $toref, 'policy', $fromref->{policy} ) if exists $fromref->{policy};
|
||||||
|
|
||||||
|
|
||||||
|
unless ( $toref->{comment} ) {
|
||||||
|
$toref->{comment} = $fromref->{comment} if exists $fromref->{comment};
|
||||||
|
}
|
||||||
|
|
||||||
|
$toref->{target} = $target;
|
||||||
|
|
||||||
|
if ( my $targetref = $tableref->{$target} ) {
|
||||||
|
return $targetref;
|
||||||
|
} else {
|
||||||
|
$toref->{targetopts} = $fromref->{targetopts} if $fromref->{targetopts};
|
||||||
|
$toref->{jump} = 'j';
|
||||||
|
return '';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Replace jumps to the passed chain with jumps to the target of the passed rule while merging
|
# Replace jumps to the passed chain with jumps to the target of the passed rule while merging
|
||||||
# options and matches
|
# options and matches
|
||||||
@ -2394,7 +2401,10 @@ sub replace_references1( $$ ) {
|
|||||||
#
|
#
|
||||||
# The target is the passed chain -- merge the two rules into one
|
# The target is the passed chain -- merge the two rules into one
|
||||||
#
|
#
|
||||||
merge_rules( $tableref, $_, $ruleref );
|
if ( my $targetref = merge_rules( $tableref, $_, $ruleref ) ) {
|
||||||
|
add_reference( $fromref, $targetref );
|
||||||
|
delete_reference( $fromref, $chainref );
|
||||||
|
}
|
||||||
|
|
||||||
$count++;
|
$count++;
|
||||||
trace( $fromref, 'R', $rule, $_ ) if $debug;
|
trace( $fromref, 'R', $rule, $_ ) if $debug;
|
||||||
|
Loading…
Reference in New Issue
Block a user