extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-19 17:28:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

Centralize Rules module handling of @CALLER in actions

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-01-17 16:29:35 -08:00
parent 4059e9de95
commit ec6c233666
2 changed files with 52 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Shorewall/Perl/Shorewall/Config.pm
View File

@ -3221,9 +3221,9 @@ sub push_action_params( $$$$$$ ) {
sub pop_action_params( $ ) { sub pop_action_params( $ ) {
my $oldparms = shift; my $oldparms = shift;
%actparms = %$oldparms; %actparms = %$oldparms;
my $return = $parmsmodified ? $parmsmodified : ( $usedcaller || 0 ); my $return = $parmsmodified | $usedcaller;
( $parmsmodified ) = delete $actparms{modified}; ( $parmsmodified ) = delete $actparms{modified} || 0;
( $usedcaller ) = delete $actparms{usedcaller}; ( $usedcaller ) = delete $actparms{usedcaller} || 0;
$return; $return;
} }

122
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -1713,9 +1713,10 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ );
# Populate an action invocation chain. As new action tuples are encountered, # Populate an action invocation chain. As new action tuples are encountered,
# the function will be called recursively by process_rule(). # the function will be called recursively by process_rule().
# #
sub process_action($$) { sub process_action(\$\$$) {
my ( $chainref, $caller ) = @_; my ( $wholeactionref, $chainrefref, $caller ) = @_;
my $wholeaction = $chainref->{action}; my $wholeaction = ${$wholeactionref};
my $chainref = ${$chainrefref};
my ( $action, $level, $tag, undef, $param ) = split /:/, $wholeaction, ACTION_TUPLE_ELEMENTS; my ( $action, $level, $tag, undef, $param ) = split /:/, $wholeaction, ACTION_TUPLE_ELEMENTS;
if ( $targets{$action} & BUILTIN ) { if ( $targets{$action} & BUILTIN ) {
@ -1797,7 +1798,49 @@ sub process_action($$) {
# Caller should delete record of this chain if the action parameters # Caller should delete record of this chain if the action parameters
# were modified (and this function returns true # were modified (and this function returns true
# #
pop_action_params( $oldparms ); if ( my $result = pop_action_params( $oldparms ) ) {
if ( $result & PARMSMODIFIED ) {
return PARMSMODIFIED;
} else {
#
# The chain uses @CALLER but doesn't modify the action parameters.
# We need to see if this chain has already called this action
#
my $renormalized_action = insert_caller( $wholeaction, $caller );
my $chain1ref = $usedactions{$renormalized_action};
if ( $chain1ref ) {
#
# It has -- use the prior chain
#
${$chainrefref} = $chain1ref;
#
# We leave the new chain in place but delete it from %usedactions below
#
} else {
#
# This is the first time that the current chain has invoked this action
#
$usedactions{$renormalized_action} = $chainref;
#
# Swap the action member
#
$chainref->{action} = $renormalized_action;
}
#
# Delete the usedactions entry with the original normalized key
#
delete $usedactions{$wholeaction};
#
# New normalized target
#
${$wholeactionref} = $renormalized_action;
return 0;
}
}
0;
} }
# #
@ -1935,40 +1978,7 @@ sub use_policy_action( $$ ) {
my $ref = use_action( $normalized_target ); my $ref = use_action( $normalized_target );
if ( $ref ) { if ( $ref ) {
if ( my $result = process_action( $ref, $caller ) ) { delete $usedactions{$normalized_target} if process_action( $normalized_target, $ref, $caller );
if ( $result & PARMSMODIFIED ) {
delete $usedactions{$ref->{action}};
} else {
#
# The chain uses @CALLER but doesn't modify the action parameters.
# We need to see if this chain has already called this action
#
my $renormalized_target = insert_caller( $normalized_target, $caller );
if ( my $ref1 = $usedactions{$renormalized_target} ) {
#
# It has -- use the prior chain
#
$ref = $ref1;
#
# We leave the new chain in place but delete it from %usedactions below
#
} else {
#
# This is the first time that the current chain has invoked this action
#
$usedactions{$renormalized_target} = $ref;
#
# Swap the action member
#
$ref->{action} = $renormalized_target;
}
#
# Delete the usedactions entry with the original normalized key
#
delete $usedactions{$normalized_target};
}
}
} else { } else {
$ref = $usedactions{$normalized_target}; $ref = $usedactions{$normalized_target};
} }
@ -2737,41 +2747,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
my $savestatematch = $statematch; my $savestatematch = $statematch;
$statematch = ''; $statematch = '';
if ( ( $delete_action = process_action( $ref, $chain ) ) & USEDCALLER ) { $delete_action = process_action( $normalized_target, $ref, $chain );
#
# The chain uses @CALLER but doesn't modify the action parameters.
# We need to see if this chain has already called this action
#
my $renormalized_target = insert_caller( $normalized_target, $chain );
my $ref1 = $usedactions{$renormalized_target};
if ( $ref1 ) {
#
# It has -- use the prior chain
#
$ref = $ref1;
#
# We leave the new chain in place but delete it from %usedactions below
#
} else {
#
# This is the first time that the current chain has invoked this action
#
$usedactions{$renormalized_target} = $ref;
#
# Swap the action member
#
$ref->{action} = $renormalized_target;
}
#
# Delete the usedactions entry with the original normalized key
#
delete $usedactions{$normalized_target};
#
# New normalized target
#
$normalized_target = $renormalized_target;
}
# #
# Processing the action may determine that the action or one of it's dependents does NAT or HELPER, so: # Processing the action may determine that the action or one of it's dependents does NAT or HELPER, so:
# #