From 0557148becf716eae3c207a7b3684c00bcaf5895 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 16 Aug 2009 09:24:51 -0700 Subject: [PATCH] Avoid double globals initialization for IPv6 --- Shorewall/Perl/Shorewall/Accounting.pm | 13 +------------ Shorewall/Perl/Shorewall/Actions.pm | 20 ++++++++------------ Shorewall/Perl/Shorewall/Chains.pm | 22 ++++++++++------------ Shorewall/Perl/Shorewall/Compiler.pm | 14 ++++++-------- Shorewall/Perl/Shorewall/Config.pm | 16 ++++++++-------- Shorewall/Perl/Shorewall/IPAddrs.pm | 19 ++++++++----------- Shorewall/Perl/Shorewall/Nat.pm | 12 +----------- Shorewall/Perl/Shorewall/Policy.pm | 12 +----------- Shorewall/Perl/Shorewall/Providers.pm | 19 ++++++++----------- Shorewall/Perl/Shorewall/Proxyarp.pm | 19 ++++++++----------- Shorewall/Perl/Shorewall/Rules.pm | 19 ++++++++----------- Shorewall/Perl/Shorewall/Tc.pm | 19 ++++++++----------- Shorewall/Perl/Shorewall/Zones.pm | 20 ++++++++------------ Shorewall/changelog.txt | 2 ++ 14 files changed, 85 insertions(+), 141 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Accounting.pm b/Shorewall/Perl/Shorewall/Accounting.pm index bccd1f52f..0ef3c822b 100644 --- a/Shorewall/Perl/Shorewall/Accounting.pm +++ b/Shorewall/Perl/Shorewall/Accounting.pm @@ -38,24 +38,13 @@ our @EXPORT_OK = qw( ); our $VERSION = '4.3_7'; # -# Initialize globals -- we take this novel approach to globals initialization to allow -# the compiler to run multiple times in the same process. The -# initialize() function does globals initialization for this -# module and is called from an INIT block below. The function is -# also called by Shorewall::Compiler::compiler at the beginning of -# the second and subsequent calls to that function or when compiling -# for IPv6. +# Called by the compiler # - sub initialize() { our $jumpchainref; $jumpchainref = undef; } -INIT { - initialize; -} - # # Accounting # diff --git a/Shorewall/Perl/Shorewall/Actions.pm b/Shorewall/Perl/Shorewall/Actions.pm index de4c4f31e..0313a8db9 100644 --- a/Shorewall/Perl/Shorewall/Actions.pm +++ b/Shorewall/Perl/Shorewall/Actions.pm @@ -91,15 +91,15 @@ our $family; our $macro_commands = { COMMENT => 0, FORMAT => 2 }; # -# Initialize globals -- we take this novel approach to globals initialization to allow -# the compiler to run multiple times in the same process. The -# initialize() function does globals initialization for this -# module and is called from an INIT block below. The function is -# also called by Shorewall::Compiler::compiler at the beginning of -# the second and subsequent calls to that function or when compiling -# for IPv6. +# Rather than initializing globals in an INIT block or during declaration, +# we initialize them in a function. This is done for two reasons: +# +# 1. Proper initialization usually depends on the address family which isn't +# known until the compiler has started. +# +# 2. The compiler can run multiple times in the same process so it has to be +# able to re-initialize all of its dependent modules. # - sub initialize( $ ) { $family = shift; @@ -113,10 +113,6 @@ sub initialize( $ ) { %macros = (); } -INIT { - initialize( F_IPV4 ); -} - # # This function determines the logging for a subordinate action or a rule within a superior action # diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index f08e1dff0..96d4588c5 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -111,7 +111,6 @@ our %EXPORT_TAGS = ( new_builtin_chain new_nat_chain ensure_filter_chain - initialize_chain_table finish_section setup_zone_mss newexclusionchain @@ -297,16 +296,17 @@ our %builtin_target = ( ACCEPT => 1, NFQUEUE => 1, REDIRECT => 1 ); +sub initialize_chain_table(); # -# Initialize globals -- we take this novel approach to globals initialization to allow -# the compiler to run multiple times in the same process. The -# initialize() function does globals initialization for this -# module and is called from an INIT block below. The function is -# also called by Shorewall::Compiler::compiler at the beginning of -# the second and subsequent calls to that function or when compiling -# for IPv6. +# Rather than initializing globals in an INIT block or during declaration, +# we initialize them in a function. This is done for two reasons: +# +# 1. Proper initialization usually depends on the address family which isn't +# known until the compiler has started. +# +# 2. The compiler can run multiple times in the same process so it has to be +# able to re-initialize all of its dependent modules. # - sub initialize( $ ) { $family = shift; @@ -357,10 +357,8 @@ sub initialize( $ ) { $global_variables = 0; $idiotcount = 0; -} + initialize_chain_table; -INIT { - initialize( F_IPV4 ); } # diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm index fa1a4ef55..df9b51f99 100644 --- a/Shorewall/Perl/Shorewall/Compiler.pm +++ b/Shorewall/Perl/Shorewall/Compiler.pm @@ -49,14 +49,12 @@ our $export; our $test; -our $reused = 0; - our $family = F_IPV4; # -# Reinitilize the package-globals in the other modules +# Initilize the package-globals in the other modules # -sub reinitialize() { +sub initialize_package_globals() { Shorewall::Config::initialize($family); Shorewall::Chains::initialize ($family); Shorewall::Zones::initialize ($family); @@ -572,7 +570,10 @@ sub compiler { ${$ref->{store}} = $val; } - reinitialize if $reused++ || $family == F_IPV6; + # + # Now that we know the address family that we are dealing with (IPv4/IPv6), we can initialize the other modules' globals + # + initialize_package_globals; if ( $directory ne '' ) { fatal_error "$directory is not an existing directory" unless -d $directory; @@ -597,8 +598,6 @@ sub compiler { set_command( 'check', 'Checking', 'Checked' ) unless $objectfile; - initialize_chain_table; - unless ( $command eq 'check' ) { create_temp_object( $objectfile , $export ); } @@ -804,7 +803,6 @@ sub compiler { # for stopping the firewall # Shorewall::Chains::initialize( $family ); - initialize_chain_table; compile_stop_firewall( $test ); # # Copy the footer to the object diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 43a88f743..81dfe6e14 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -285,13 +285,14 @@ use constant { MIN_VERBOSITY => -1, our %validlevels; # Valid log levels. # -# Initialize globals -- we take this novel approach to globals initialization to allow -# the compiler to run multiple times in the same process. The -# initialize() function does globals initialization for this -# module and is called from an INIT block below. The function is -# also called by Shorewall::Compiler::compiler at the beginning of -# the second and subsequent calls to that function and when compiling -# for IPv6. +# Rather than initializing globals in an INIT block or during declaration, +# we initialize them in a function. This is done for two reasons: +# +# 1. Proper initialization usually depends on the address family which isn't +# known until the compiler has started. +# +# 2. The compiler can run multiple times in the same process so it has to be +# able to re-initialize all of its dependent modules. # sub initialize( $ ) { $family = shift; @@ -642,7 +643,6 @@ sub initialize( $ ) { } INIT { - initialize( F_IPV4 ); # # These variables appear within single quotes in shorewall.conf -- add them to ENV # so that read_a_line doesn't have to be smart enough to parse that usage. diff --git a/Shorewall/Perl/Shorewall/IPAddrs.pm b/Shorewall/Perl/Shorewall/IPAddrs.pm index d45e8b7d7..6acc98b22 100644 --- a/Shorewall/Perl/Shorewall/IPAddrs.pm +++ b/Shorewall/Perl/Shorewall/IPAddrs.pm @@ -102,22 +102,19 @@ use constant { ALLIPv4 => '0.0.0.0/0' , our @rfc1918_networks = ( "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" ); # -# Initialize globals -- we take this novel approach to globals initialization to allow -# the compiler to run multiple times in the same process. The -# initialize() function does globals initialization for this -# module and is called from an INIT block below. The function is -# also called by Shorewall::Compiler::compiler at the beginning of -# the second and subsequent calls to that function. +# Rather than initializing globals in an INIT block or during declaration, +# we initialize them in a function. This is done for two reasons: +# +# 1. Proper initialization usually depends on the address family which isn't +# known until the compiler has started. +# +# 2. The compiler can run multiple times in the same process so it has to be +# able to re-initialize all of its dependent modules. # - sub initialize( $ ) { $family = shift; } -INIT { - initialize( F_IPV4 ); -} - sub vlsm_to_mask( $ ) { my $vlsm = $_[0]; diff --git a/Shorewall/Perl/Shorewall/Nat.pm b/Shorewall/Perl/Shorewall/Nat.pm index 3ccb1c96d..7e5a51abf 100644 --- a/Shorewall/Perl/Shorewall/Nat.pm +++ b/Shorewall/Perl/Shorewall/Nat.pm @@ -42,23 +42,13 @@ our @addresses_to_add; our %addresses_to_add; # -# Initialize globals -- we take this novel approach to globals initialization to allow -# the compiler to run multiple times in the same process. The -# initialize() function does globals initialization for this -# module and is called from an INIT block below. The function is -# also called by Shorewall::Compiler::compiler at the beginning of -# the second and subsequent calls to that function. +# Called by the compiler # - sub initialize() { @addresses_to_add = (); %addresses_to_add = (); } -INIT { - initialize; -} - # # Handle IPSEC Options in a masq record # diff --git a/Shorewall/Perl/Shorewall/Policy.pm b/Shorewall/Perl/Shorewall/Policy.pm index c3e76e41e..b78e75d76 100644 --- a/Shorewall/Perl/Shorewall/Policy.pm +++ b/Shorewall/Perl/Shorewall/Policy.pm @@ -41,22 +41,12 @@ our $VERSION = '4.3_7'; our @policy_chains; # -# Initialize globals -- we take this novel approach to globals initialization to allow -# the compiler to run multiple times in the same process. The -# initialize() function does globals initialization for this -# module and is called from an INIT block below. The function is -# also called by Shorewall::Compiler::compiler at the beginning of -# the second and subsequent calls to that function. +# Called by the compiler # - sub initialize() { @policy_chains = (); } -INIT { - initialize; -} - # # Convert a chain into a policy chain. # diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index e4afb6953..3fc5c660b 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -62,14 +62,15 @@ our $family; use constant { ROUTEMARKED_SHARED => 1, ROUTEMARKED_UNSHARED => 2 }; # -# Initialize globals -- we take this novel approach to globals initialization to allow -# the compiler to run multiple times in the same process. The -# initialize() function does globals initialization for this -# module and is called from an INIT block below. The function is -# also called by Shorewall::Compiler::compiler at the beginning of -# the second and subsequent calls to that function. +# Rather than initializing globals in an INIT block or during declaration, +# we initialize them in a function. This is done for two reasons: +# +# 1. Proper initialization usually depends on the address family which isn't +# known until the compiler has started. +# +# 2. The compiler can run multiple times in the same process so it has to be +# able to re-initialize all of its dependent modules. # - sub initialize( $ ) { $family = shift; @@ -89,10 +90,6 @@ sub initialize( $ ) { @providers = (); } -INIT { - initialize( F_IPV4 ); -} - # # Set up marking for 'tracked' interfaces. # diff --git a/Shorewall/Perl/Shorewall/Proxyarp.pm b/Shorewall/Perl/Shorewall/Proxyarp.pm index 4987c93da..7c40383bf 100644 --- a/Shorewall/Perl/Shorewall/Proxyarp.pm +++ b/Shorewall/Perl/Shorewall/Proxyarp.pm @@ -42,23 +42,20 @@ our @proxyarp; our $family; # -# Initialize globals -- we take this novel approach to globals initialization to allow -# the compiler to run multiple times in the same process. The -# initialize() function does globals initialization for this -# module and is called from an INIT block below. The function is -# also called by Shorewall::Compiler::compiler at the beginning of -# the second and subsequent calls to that function. +# Rather than initializing globals in an INIT block or during declaration, +# we initialize them in a function. This is done for two reasons: +# +# 1. Proper initialization usually depends on the address family which isn't +# known until the compiler has started. +# +# 2. The compiler can run multiple times in the same process so it has to be +# able to re-initialize all of its dependent modules. # - sub initialize( $ ) { $family = shift; @proxyarp = (); } -INIT { - initialize( F_IPV4 ); -} - sub setup_one_proxy_arp( $$$$$ ) { my ( $address, $interface, $external, $haveroute, $persistent) = @_; diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm index 47c14aff6..1d47fa2cf 100644 --- a/Shorewall/Perl/Shorewall/Rules.pm +++ b/Shorewall/Perl/Shorewall/Rules.pm @@ -63,14 +63,15 @@ my %rules_commands = ( COMMENT => 0, SECTION => 2 ); # -# Initialize globals -- we take this novel approach to globals initialization to allow -# the compiler to run multiple times in the same process. The -# initialize() function does globals initialization for this -# module and is called from an INIT block below. The function is -# also called by Shorewall::Compiler::compiler at the beginning of -# the second and subsequent calls to that function. +# Rather than initializing globals in an INIT block or during declaration, +# we initialize them in a function. This is done for two reasons: +# +# 1. Proper initialization usually depends on the address family which isn't +# known until the compiler has started. +# +# 2. The compiler can run multiple times in the same process so it has to be +# able to re-initialize all of its dependent modules. # - sub initialize( $ ) { $family = shift; $sectioned = 0; @@ -79,10 +80,6 @@ sub initialize( $ ) { @param_stack = (); } -INIT { - initialize( F_IPV4 ); -} - use constant { MAX_MACRO_NEST_LEVEL => 5 }; sub process_tos() { diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm index 32117dc1c..26a175cd1 100644 --- a/Shorewall/Perl/Shorewall/Tc.pm +++ b/Shorewall/Perl/Shorewall/Tc.pm @@ -202,14 +202,15 @@ our %restrictions = ( tcpre => PREROUTE_RESTRICT , our $family; # -# Initialize globals -- we take this novel approach to globals initialization to allow -# the compiler to run multiple times in the same process. The -# initialize() function does globals initialization for this -# module and is called from an INIT block below. The function is -# also called by Shorewall::Compiler::compiler at the beginning of -# the second and subsequent calls to that function. +# Rather than initializing globals in an INIT block or during declaration, +# we initialize them in a function. This is done for two reasons: +# +# 1. Proper initialization usually depends on the address family which isn't +# known until the compiler has started. +# +# 2. The compiler can run multiple times in the same process so it has to be +# able to re-initialize all of its dependent modules. # - sub initialize( $ ) { $family = shift; %classids = (); @@ -223,10 +224,6 @@ sub initialize( $ ) { $sticky = 0; } -INIT { - initialize( F_IPV4 ); -} - sub process_tc_rule( ) { my ( $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper ) = split_line1 2, 12, 'tcrules file'; diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm index 4962b6d1b..252f0810d 100644 --- a/Shorewall/Perl/Shorewall/Zones.pm +++ b/Shorewall/Perl/Shorewall/Zones.pm @@ -174,15 +174,15 @@ our %validinterfaceoptions; our %validhostoptions; # -# Initialize globals -- we take this novel approach to globals initialization to allow -# the compiler to run multiple times in the same process. The -# initialize() function does globals initialization for this -# module and is called from an INIT block below. The function is -# also called by Shorewall::Compiler::compiler at the beginning of -# the second and subsequent calls to that function or when compiling -# for IPv6. +# Rather than initializing globals in an INIT block or during declaration, +# we initialize them in a function. This is done for two reasons: +# +# 1. Proper initialization usually depends on the address family which isn't +# known until the compiler has started. +# +# 2. The compiler can run multiple times in the same process so it has to be +# able to re-initialize all of its dependent modules. # - sub initialize( $ ) { $family = shift; @zones = (); @@ -250,10 +250,6 @@ sub initialize( $ ) { } } -INIT { - initialize( F_IPV4 ); -} - # # Parse the passed option list and return a reference to a hash as follows: # diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index b6a8294a7..77fb9b818 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -6,6 +6,8 @@ Changes in Shorewall 4.4.1 3) Added support for --persistent. +4) Don't do module initialization in an INIT block. + Changes in Shorewall 4.4.0 1) Fix 'compile ... -' so that it no longer requires '-v-1'