From 89ea37e08862718e5a7b2d113ae491e1fabaaa7d Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Mon, 24 Dec 2012 10:11:53 -0800 Subject: [PATCH 1/2] Correct nested comments. Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Config.pm | 36 +++++++++++++++++------------- Shorewall/Perl/Shorewall/Rules.pm | 11 ++++----- 2 files changed, 27 insertions(+), 20 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 34f258657..6305555ad 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -497,6 +497,7 @@ our $max_format; # Max format value our $comment; # Current COMMENT our @comments; our $comments_allowed; +our $nocomment; our $warningcount; our $warningcount1; our $warningcount2; @@ -922,6 +923,7 @@ sub initialize( $;$$) { $first_entry = 0; # Message to output or function to call on first non-blank file entry $max_format = 1; $comments_allowed = 0; + $nocomment = 0; $shorewall_dir = ''; #Shorewall Directory @@ -2004,7 +2006,7 @@ sub do_open_file( $ ) { $currentfilename = $fname; } -sub open_file( $;$$ ) { +sub open_file( $;$$$ ) { my $fname = find_file $_[0]; assert( ! defined $currentfile ); @@ -2014,6 +2016,7 @@ sub open_file( $;$$ ) { $file_format = 1; $max_format = supplied $_[1] ? $_[1] : 1; $comments_allowed = supplied $_[2] ? $_[2] : 0; + $nocomment = supplied $_[3] ? $_[3] && no_comment : 0; do_open_file $fname;; } else { $ifstack = @ifstack; @@ -2034,10 +2037,11 @@ sub pop_include() { } if ( $arrayref ) { - ( $currentfile, $currentfilename, $currentlinenumber, $ifstack, $file_format, $max_format ) = @$arrayref; + ( $currentfile, $currentfilename, $currentlinenumber, $ifstack, $file_format, $max_format, $nocomment ) = @$arrayref; } else { $currentfile = undef; $currentlinenumber = 'EOF'; + $nocomment = $comment = 0; } } @@ -2270,11 +2274,13 @@ sub process_compiler_directive( $$$$ ) { COMMENT => sub() { unless ( $omitting ) { if ( $comments_allowed ) { - if ( have_capability( 'COMMENTS' ) ) { - ( $comment = $line ) =~ s/^\s*\?COMMENT\s*//; - $comment =~ s/\s*$//; - } else { - directive_warning( "COMMENTs ignored -- require comment support in iptables/Netfilter" , $filename, $linenumber ) unless $warningcount++; + unless ( $nocomment ) { + if ( have_capability( 'COMMENTS' ) ) { + ( $comment = $line ) =~ s/^\s*\?COMMENT\s*//; + $comment =~ s/\s*$//; + } else { + directive_warning( "COMMENTs ignored -- require comment support in iptables/Netfilter" , $filename, $linenumber ) unless $warningcount++; + } } } else { directive_error ( "?COMMENT is not allowed in this file", $filename, $linenumber ); @@ -2423,7 +2429,7 @@ sub copy1( $ ) { fatal_error "Directory ($filename) not allowed in INCLUDE" if -d _; if ( -s _ ) { - push @includestack, [ $currentfile, $currentfilename, $currentlinenumber, $ifstack, $file_format, $max_format ]; + push @includestack, [ $currentfile, $currentfilename, $currentlinenumber, $ifstack, $file_format, $max_format, $nocomment ]; $currentfile = undef; do_open_file $filename; } else { @@ -2559,14 +2565,14 @@ EOF # The following two functions allow module clients to nest opens. This happens frequently # in the Rules module. # -sub push_open( $;$$ ) { - my ( $file, $max , $ca) = @_; - push @includestack, [ $currentfile, $currentfilename, $currentlinenumber, $ifstack, $file_format, $max_format ] if $currentfile; +sub push_open( $;$$$ ) { + my ( $file, $max , $ca, $nc ) = @_; + push @includestack, [ $currentfile, $currentfilename, $currentlinenumber, $ifstack, $file_format, $max_format, $nocomment ] if $currentfile; my @a = @includestack; push @openstack, \@a; @includestack = (); $currentfile = undef; - open_file( $file , $max, $comments_allowed || $ca ); + open_file( $file , $max, $comments_allowed || $ca, $nc ); } sub pop_open() { @@ -2644,7 +2650,7 @@ sub embedded_shell( $ ) { $command .= q('); - push @includestack, [ $currentfile, $currentfilename, $currentlinenumber, $ifstack , $file_format, $max_format ]; + push @includestack, [ $currentfile, $currentfilename, $currentlinenumber, $ifstack , $file_format, $max_format, $nocomment ]; $currentfile = undef; open $currentfile , '-|', $command or fatal_error qq(Shell Command failed); $currentfilename = "SHELL\@$currentfilename:$currentlinenumber"; @@ -2706,7 +2712,7 @@ sub embedded_perl( $ ) { $perlscript = undef; - push @includestack, [ $currentfile, $currentfilename, $currentlinenumber , $ifstack , $file_format, $max_format ]; + push @includestack, [ $currentfile, $currentfilename, $currentlinenumber , $ifstack , $file_format, $max_format, $nocomment ]; $currentfile = undef; open $currentfile, '<', $perlscriptname or fatal_error "Unable to open Perl Script $perlscriptname"; @@ -2974,7 +2980,7 @@ sub read_a_line($) { fatal_error "Directory ($filename) not allowed in INCLUDE" if -d _; if ( -s _ ) { - push @includestack, [ $currentfile, $currentfilename, $currentlinenumber, $ifstack , $file_format, $max_format ]; + push @includestack, [ $currentfile, $currentfilename, $currentlinenumber, $ifstack , $file_format, $max_format, $nocomment ]; $currentfile = undef; do_open_file $filename; } else { diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index 51d3f490f..26fe6e173 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -1648,13 +1648,14 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$) { my $generated = 0; - macro_comment $macro; my $macrofile = $macros{$macro}; progress_message "..Expanding Macro $macrofile..."; - push_open $macrofile, 2; + push_open $macrofile, 2, 1, 1; + + macro_comment $macro; while ( read_a_line( NORMAL_READ ) ) { @@ -1784,8 +1785,6 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$$) { my $generated = 0; - macro_comment $inline; - my ( $level, $tag ) = split( ':', $loglevel, 2 ); my $oldparms = push_action_params( $chainref, @@ -1798,7 +1797,9 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$$) { progress_message "..Expanding inline action $inlinefile..."; - push_open $inlinefile, 2; + push_open $inlinefile, 2, 1, 1; + + macro_comment $inline; while ( read_a_line( NORMAL_READ ) ) { my ( $mtarget, From c942a95d3c07d886c9dd0a6e08a9518c3def6845 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Mon, 24 Dec 2012 10:15:23 -0800 Subject: [PATCH 2/2] Allow ?COMMENT in accounting. Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Accounting.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Shorewall/Perl/Shorewall/Accounting.pm b/Shorewall/Perl/Shorewall/Accounting.pm index 8d84244fb..22e1931cd 100644 --- a/Shorewall/Perl/Shorewall/Accounting.pm +++ b/Shorewall/Perl/Shorewall/Accounting.pm @@ -417,7 +417,7 @@ sub process_accounting_rule( ) { sub setup_accounting() { - if ( my $fn = open_file 'accounting' ) { + if ( my $fn = open_file 'accounting', 1, 1 ) { first_entry "$doing $fn...";