mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-24 14:39:04 +01:00
More cleanup of rule and chain deletion:
- Rename purge_jumps() to delete_jumps() - Add delete_chain() function - Remove an unnecessary assertion Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
1de304bfd9
commit
ff73d802da
@ -78,7 +78,7 @@ our %EXPORT_TAGS = (
|
|||||||
add_commands
|
add_commands
|
||||||
move_rules
|
move_rules
|
||||||
insert_rule1
|
insert_rule1
|
||||||
purge_jumps
|
delete_jumps
|
||||||
add_tunnel_rule
|
add_tunnel_rule
|
||||||
process_comment
|
process_comment
|
||||||
no_comment
|
no_comment
|
||||||
@ -668,16 +668,16 @@ sub add_jump( $$$;$$$ ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Purge jumps previously added via add_jump. If the target chain is empty, reset its
|
# Delete jumps previously added via add_jump. If the target chain is empty, reset its
|
||||||
# referenced flag
|
# referenced flag
|
||||||
#
|
#
|
||||||
sub purge_jumps ( $$ ) {
|
sub delete_jumps ( $$ ) {
|
||||||
my ( $fromref, $toref ) = @_;
|
my ( $fromref, $toref ) = @_;
|
||||||
my $to = $toref->{name};
|
my $to = $toref->{name};
|
||||||
my $last = 0;
|
my $last = 0;
|
||||||
my $rule;
|
my $rule;
|
||||||
#
|
#
|
||||||
# A C-style for loop seems to work best here, given that we are
|
# A C-style for-loop with indexing seems to work best here, given that we are
|
||||||
# deleting elements from the array over which we are iterating.
|
# deleting elements from the array over which we are iterating.
|
||||||
#
|
#
|
||||||
for ( $rule = 0; $rule <= $#{$fromref->{rules}}; $rule++ ) {
|
for ( $rule = 0; $rule <= $#{$fromref->{rules}}; $rule++ ) {
|
||||||
@ -697,6 +697,19 @@ sub purge_jumps ( $$ ) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Do final work to 'delete' a chain. We leave it in the chain table but clear
|
||||||
|
# the 'referenced', 'rules' and 'references' members.
|
||||||
|
#
|
||||||
|
sub delete_chain( $ ) {
|
||||||
|
my $chainref = shift;
|
||||||
|
|
||||||
|
$chainref->{referenced} = 0;
|
||||||
|
$chainref->{rules} = [];
|
||||||
|
$chainref->{references} = {};
|
||||||
|
trace( $chainref, 'X', undef, '' ) if $debug;
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Insert a tunnel rule into the passed chain. Tunnel rules are inserted sequentially
|
# Insert a tunnel rule into the passed chain. Tunnel rules are inserted sequentially
|
||||||
# at the beginning of the 'NEW' section.
|
# at the beginning of the 'NEW' section.
|
||||||
@ -741,9 +754,8 @@ sub move_rules( $$ ) {
|
|||||||
shift @{$rules} if @{$rules} > 1 && $rules->[0] eq $rules->[1];
|
shift @{$rules} if @{$rules} > 1 && $rules->[0] eq $rules->[1];
|
||||||
|
|
||||||
$chain2->{referenced} = 1;
|
$chain2->{referenced} = 1;
|
||||||
$chain1->{referenced} = 0;
|
delete_chain $chain1;
|
||||||
$chain1->{rules} = [];
|
|
||||||
trace( $chain1, 'X', undef, '' ) if $debug;
|
|
||||||
$count;
|
$count;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -786,10 +798,8 @@ sub copy_rules( $$ ) {
|
|||||||
unless ( --$chain1->{references}{$name2} ) {
|
unless ( --$chain1->{references}{$name2} ) {
|
||||||
delete $chain1->{references}{$name2};
|
delete $chain1->{references}{$name2};
|
||||||
unless ( keys %{$chain1->{references}} ) {
|
unless ( keys %{$chain1->{references}} ) {
|
||||||
$chain1->{referenced} = 0;
|
delete_chain $chain1;
|
||||||
$chain1->{rules} = [];
|
|
||||||
progress_message " Unreferenced chain $name1 deleted";
|
progress_message " Unreferenced chain $name1 deleted";
|
||||||
trace( $chain1, 'X', undef, '' ) if $debug;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1405,9 +1415,7 @@ sub optimize_chain( $ ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
progress_message " $count references to ACCEPT policy chain $chainref->{name} replaced";
|
progress_message " $count references to ACCEPT policy chain $chainref->{name} replaced";
|
||||||
$chainref->{referenced} = 0;
|
delete_chain $chainref;
|
||||||
$chainref->{rules} = [];
|
|
||||||
trace ( $chainref, 'X', undef, '' ) if $debug;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1416,22 +1424,24 @@ sub optimize_chain( $ ) {
|
|||||||
# Delete the references to the passed chain
|
# Delete the references to the passed chain
|
||||||
#
|
#
|
||||||
sub delete_references( $ ) {
|
sub delete_references( $ ) {
|
||||||
my $chainref = shift;
|
my $toref = shift;
|
||||||
my $table = $chainref->{table};
|
my $table = $toref->{table};
|
||||||
my $count = 0;
|
my $count = 0;
|
||||||
my $rule;
|
my $rule;
|
||||||
|
|
||||||
for my $fromref ( map $chain_table{$table}{$_} , keys %{$chainref->{references}} ) {
|
for my $fromref ( map $chain_table{$table}{$_} , keys %{$toref->{references}} ) {
|
||||||
purge_jumps ($fromref, $chainref );
|
delete_jumps ($fromref, $toref );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $count ) {
|
if ( $count ) {
|
||||||
progress_message " $count references to empty chain $chainref->{name} deleted";
|
progress_message " $count references to empty chain $toref->{name} deleted";
|
||||||
} else {
|
} else {
|
||||||
progress_message " Empty chain $chainref->{name} deleted";
|
progress_message " Empty chain $toref->{name} deleted";
|
||||||
}
|
}
|
||||||
|
#
|
||||||
assert ( ! $chainref->{referenced} );
|
# Make sure the above loop found all references
|
||||||
|
#
|
||||||
|
assert ( ! $toref->{referenced} );
|
||||||
|
|
||||||
$count;
|
$count;
|
||||||
}
|
}
|
||||||
@ -1481,10 +1491,7 @@ sub replace_references( $$ ) {
|
|||||||
|
|
||||||
progress_message " $count references to 1-rule chain $chainref->{name} replaced" if $count;
|
progress_message " $count references to 1-rule chain $chainref->{name} replaced" if $count;
|
||||||
|
|
||||||
$chainref->{referenced} = 0;
|
delete_chain $chainref;
|
||||||
$chainref->{rules} = [];
|
|
||||||
trace ( $chainref, 'X', undef, '' ) if $debug;
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -1545,10 +1552,7 @@ sub replace_references1( $$$ ) {
|
|||||||
|
|
||||||
progress_message " $count references to 1-rule chain $chainref->{name} replaced" if $count;
|
progress_message " $count references to 1-rule chain $chainref->{name} replaced" if $count;
|
||||||
|
|
||||||
$chainref->{referenced} = 0;
|
delete_chain $chainref;
|
||||||
$chainref->{rules} = [];
|
|
||||||
trace ( $chainref, 'X', undef, '' ) if $debug;
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -1623,9 +1627,7 @@ sub optimize_ruleset() {
|
|||||||
# If the chain isn't branched to, then delete it
|
# If the chain isn't branched to, then delete it
|
||||||
#
|
#
|
||||||
unless ( $chainref->{dont_delete} || keys %{$chainref->{references}} ) {
|
unless ( $chainref->{dont_delete} || keys %{$chainref->{references}} ) {
|
||||||
$chainref->{referenced} = 0;
|
delete_chain $chainref;
|
||||||
$chainref->{rules} = [];
|
|
||||||
trace ( $chainref, 'X', undef, '' ) if $debug;
|
|
||||||
progress_message " Unreferenced chain $chainref->{name} deleted";
|
progress_message " Unreferenced chain $chainref->{name} deleted";
|
||||||
next;
|
next;
|
||||||
}
|
}
|
||||||
@ -1654,8 +1656,6 @@ sub optimize_ruleset() {
|
|||||||
#
|
#
|
||||||
# Chain has a single rule
|
# Chain has a single rule
|
||||||
#
|
#
|
||||||
assert( $firstrule );
|
|
||||||
|
|
||||||
if ( $firstrule =~ /^-A $chainref->{name} -[jg] (.*)$/ ) {
|
if ( $firstrule =~ /^-A $chainref->{name} -[jg] (.*)$/ ) {
|
||||||
#
|
#
|
||||||
# Easy case -- the rule is a simple jump
|
# Easy case -- the rule is a simple jump
|
||||||
|
@ -960,8 +960,9 @@ sub handle_stickiness( $ ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ( @routemarked_providers ) {
|
if ( @routemarked_providers ) {
|
||||||
purge_jumps $mangle_table->{PREROUTING}, $setstickyref unless @{$setstickyref->{rules}};
|
delete_jumps $mangle_table->{PREROUTING}, $setstickyref unless @{$setstickyref->{rules}};
|
||||||
purge_jumps $mangle_table->{OUTPUT}, $setstickoref unless @{$setstickoref->{rules}};
|
delete_jumps $mangle_table->{OUTPUT}, $setstickoref unless @{$setstickoref->{rules}};
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
Loading…
Reference in New Issue
Block a user