forked from extern/shorewall_code
Avoid double globals initialization for IPv6
This commit is contained in:
parent
cbc9fa6e4c
commit
0557148bec
@ -38,24 +38,13 @@ our @EXPORT_OK = qw( );
|
|||||||
our $VERSION = '4.3_7';
|
our $VERSION = '4.3_7';
|
||||||
|
|
||||||
#
|
#
|
||||||
# Initialize globals -- we take this novel approach to globals initialization to allow
|
# Called by the compiler
|
||||||
# the compiler to run multiple times in the same process. The
|
|
||||||
# initialize() function does globals initialization for this
|
|
||||||
# module and is called from an INIT block below. The function is
|
|
||||||
# also called by Shorewall::Compiler::compiler at the beginning of
|
|
||||||
# the second and subsequent calls to that function or when compiling
|
|
||||||
# for IPv6.
|
|
||||||
#
|
#
|
||||||
|
|
||||||
sub initialize() {
|
sub initialize() {
|
||||||
our $jumpchainref;
|
our $jumpchainref;
|
||||||
$jumpchainref = undef;
|
$jumpchainref = undef;
|
||||||
}
|
}
|
||||||
|
|
||||||
INIT {
|
|
||||||
initialize;
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Accounting
|
# Accounting
|
||||||
#
|
#
|
||||||
|
@ -91,15 +91,15 @@ our $family;
|
|||||||
our $macro_commands = { COMMENT => 0, FORMAT => 2 };
|
our $macro_commands = { COMMENT => 0, FORMAT => 2 };
|
||||||
|
|
||||||
#
|
#
|
||||||
# Initialize globals -- we take this novel approach to globals initialization to allow
|
# Rather than initializing globals in an INIT block or during declaration,
|
||||||
# the compiler to run multiple times in the same process. The
|
# we initialize them in a function. This is done for two reasons:
|
||||||
# initialize() function does globals initialization for this
|
#
|
||||||
# module and is called from an INIT block below. The function is
|
# 1. Proper initialization usually depends on the address family which isn't
|
||||||
# also called by Shorewall::Compiler::compiler at the beginning of
|
# known until the compiler has started.
|
||||||
# the second and subsequent calls to that function or when compiling
|
#
|
||||||
# for IPv6.
|
# 2. The compiler can run multiple times in the same process so it has to be
|
||||||
|
# able to re-initialize all of its dependent modules.
|
||||||
#
|
#
|
||||||
|
|
||||||
sub initialize( $ ) {
|
sub initialize( $ ) {
|
||||||
|
|
||||||
$family = shift;
|
$family = shift;
|
||||||
@ -113,10 +113,6 @@ sub initialize( $ ) {
|
|||||||
%macros = ();
|
%macros = ();
|
||||||
}
|
}
|
||||||
|
|
||||||
INIT {
|
|
||||||
initialize( F_IPV4 );
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# This function determines the logging for a subordinate action or a rule within a superior action
|
# This function determines the logging for a subordinate action or a rule within a superior action
|
||||||
#
|
#
|
||||||
|
@ -111,7 +111,6 @@ our %EXPORT_TAGS = (
|
|||||||
new_builtin_chain
|
new_builtin_chain
|
||||||
new_nat_chain
|
new_nat_chain
|
||||||
ensure_filter_chain
|
ensure_filter_chain
|
||||||
initialize_chain_table
|
|
||||||
finish_section
|
finish_section
|
||||||
setup_zone_mss
|
setup_zone_mss
|
||||||
newexclusionchain
|
newexclusionchain
|
||||||
@ -297,16 +296,17 @@ our %builtin_target = ( ACCEPT => 1,
|
|||||||
NFQUEUE => 1,
|
NFQUEUE => 1,
|
||||||
REDIRECT => 1 );
|
REDIRECT => 1 );
|
||||||
|
|
||||||
|
sub initialize_chain_table();
|
||||||
#
|
#
|
||||||
# Initialize globals -- we take this novel approach to globals initialization to allow
|
# Rather than initializing globals in an INIT block or during declaration,
|
||||||
# the compiler to run multiple times in the same process. The
|
# we initialize them in a function. This is done for two reasons:
|
||||||
# initialize() function does globals initialization for this
|
#
|
||||||
# module and is called from an INIT block below. The function is
|
# 1. Proper initialization usually depends on the address family which isn't
|
||||||
# also called by Shorewall::Compiler::compiler at the beginning of
|
# known until the compiler has started.
|
||||||
# the second and subsequent calls to that function or when compiling
|
#
|
||||||
# for IPv6.
|
# 2. The compiler can run multiple times in the same process so it has to be
|
||||||
|
# able to re-initialize all of its dependent modules.
|
||||||
#
|
#
|
||||||
|
|
||||||
sub initialize( $ ) {
|
sub initialize( $ ) {
|
||||||
$family = shift;
|
$family = shift;
|
||||||
|
|
||||||
@ -357,10 +357,8 @@ sub initialize( $ ) {
|
|||||||
$global_variables = 0;
|
$global_variables = 0;
|
||||||
$idiotcount = 0;
|
$idiotcount = 0;
|
||||||
|
|
||||||
}
|
initialize_chain_table;
|
||||||
|
|
||||||
INIT {
|
|
||||||
initialize( F_IPV4 );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -49,14 +49,12 @@ our $export;
|
|||||||
|
|
||||||
our $test;
|
our $test;
|
||||||
|
|
||||||
our $reused = 0;
|
|
||||||
|
|
||||||
our $family = F_IPV4;
|
our $family = F_IPV4;
|
||||||
|
|
||||||
#
|
#
|
||||||
# Reinitilize the package-globals in the other modules
|
# Initilize the package-globals in the other modules
|
||||||
#
|
#
|
||||||
sub reinitialize() {
|
sub initialize_package_globals() {
|
||||||
Shorewall::Config::initialize($family);
|
Shorewall::Config::initialize($family);
|
||||||
Shorewall::Chains::initialize ($family);
|
Shorewall::Chains::initialize ($family);
|
||||||
Shorewall::Zones::initialize ($family);
|
Shorewall::Zones::initialize ($family);
|
||||||
@ -572,7 +570,10 @@ sub compiler {
|
|||||||
${$ref->{store}} = $val;
|
${$ref->{store}} = $val;
|
||||||
}
|
}
|
||||||
|
|
||||||
reinitialize if $reused++ || $family == F_IPV6;
|
#
|
||||||
|
# Now that we know the address family that we are dealing with (IPv4/IPv6), we can initialize the other modules' globals
|
||||||
|
#
|
||||||
|
initialize_package_globals;
|
||||||
|
|
||||||
if ( $directory ne '' ) {
|
if ( $directory ne '' ) {
|
||||||
fatal_error "$directory is not an existing directory" unless -d $directory;
|
fatal_error "$directory is not an existing directory" unless -d $directory;
|
||||||
@ -597,8 +598,6 @@ sub compiler {
|
|||||||
|
|
||||||
set_command( 'check', 'Checking', 'Checked' ) unless $objectfile;
|
set_command( 'check', 'Checking', 'Checked' ) unless $objectfile;
|
||||||
|
|
||||||
initialize_chain_table;
|
|
||||||
|
|
||||||
unless ( $command eq 'check' ) {
|
unless ( $command eq 'check' ) {
|
||||||
create_temp_object( $objectfile , $export );
|
create_temp_object( $objectfile , $export );
|
||||||
}
|
}
|
||||||
@ -804,7 +803,6 @@ sub compiler {
|
|||||||
# for stopping the firewall
|
# for stopping the firewall
|
||||||
#
|
#
|
||||||
Shorewall::Chains::initialize( $family );
|
Shorewall::Chains::initialize( $family );
|
||||||
initialize_chain_table;
|
|
||||||
compile_stop_firewall( $test );
|
compile_stop_firewall( $test );
|
||||||
#
|
#
|
||||||
# Copy the footer to the object
|
# Copy the footer to the object
|
||||||
|
@ -285,13 +285,14 @@ use constant { MIN_VERBOSITY => -1,
|
|||||||
our %validlevels; # Valid log levels.
|
our %validlevels; # Valid log levels.
|
||||||
|
|
||||||
#
|
#
|
||||||
# Initialize globals -- we take this novel approach to globals initialization to allow
|
# Rather than initializing globals in an INIT block or during declaration,
|
||||||
# the compiler to run multiple times in the same process. The
|
# we initialize them in a function. This is done for two reasons:
|
||||||
# initialize() function does globals initialization for this
|
#
|
||||||
# module and is called from an INIT block below. The function is
|
# 1. Proper initialization usually depends on the address family which isn't
|
||||||
# also called by Shorewall::Compiler::compiler at the beginning of
|
# known until the compiler has started.
|
||||||
# the second and subsequent calls to that function and when compiling
|
#
|
||||||
# for IPv6.
|
# 2. The compiler can run multiple times in the same process so it has to be
|
||||||
|
# able to re-initialize all of its dependent modules.
|
||||||
#
|
#
|
||||||
sub initialize( $ ) {
|
sub initialize( $ ) {
|
||||||
$family = shift;
|
$family = shift;
|
||||||
@ -642,7 +643,6 @@ sub initialize( $ ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
INIT {
|
INIT {
|
||||||
initialize( F_IPV4 );
|
|
||||||
#
|
#
|
||||||
# These variables appear within single quotes in shorewall.conf -- add them to ENV
|
# These variables appear within single quotes in shorewall.conf -- add them to ENV
|
||||||
# so that read_a_line doesn't have to be smart enough to parse that usage.
|
# so that read_a_line doesn't have to be smart enough to parse that usage.
|
||||||
|
@ -102,22 +102,19 @@ use constant { ALLIPv4 => '0.0.0.0/0' ,
|
|||||||
our @rfc1918_networks = ( "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" );
|
our @rfc1918_networks = ( "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" );
|
||||||
|
|
||||||
#
|
#
|
||||||
# Initialize globals -- we take this novel approach to globals initialization to allow
|
# Rather than initializing globals in an INIT block or during declaration,
|
||||||
# the compiler to run multiple times in the same process. The
|
# we initialize them in a function. This is done for two reasons:
|
||||||
# initialize() function does globals initialization for this
|
#
|
||||||
# module and is called from an INIT block below. The function is
|
# 1. Proper initialization usually depends on the address family which isn't
|
||||||
# also called by Shorewall::Compiler::compiler at the beginning of
|
# known until the compiler has started.
|
||||||
# the second and subsequent calls to that function.
|
#
|
||||||
|
# 2. The compiler can run multiple times in the same process so it has to be
|
||||||
|
# able to re-initialize all of its dependent modules.
|
||||||
#
|
#
|
||||||
|
|
||||||
sub initialize( $ ) {
|
sub initialize( $ ) {
|
||||||
$family = shift;
|
$family = shift;
|
||||||
}
|
}
|
||||||
|
|
||||||
INIT {
|
|
||||||
initialize( F_IPV4 );
|
|
||||||
}
|
|
||||||
|
|
||||||
sub vlsm_to_mask( $ ) {
|
sub vlsm_to_mask( $ ) {
|
||||||
my $vlsm = $_[0];
|
my $vlsm = $_[0];
|
||||||
|
|
||||||
|
@ -42,23 +42,13 @@ our @addresses_to_add;
|
|||||||
our %addresses_to_add;
|
our %addresses_to_add;
|
||||||
|
|
||||||
#
|
#
|
||||||
# Initialize globals -- we take this novel approach to globals initialization to allow
|
# Called by the compiler
|
||||||
# the compiler to run multiple times in the same process. The
|
|
||||||
# initialize() function does globals initialization for this
|
|
||||||
# module and is called from an INIT block below. The function is
|
|
||||||
# also called by Shorewall::Compiler::compiler at the beginning of
|
|
||||||
# the second and subsequent calls to that function.
|
|
||||||
#
|
#
|
||||||
|
|
||||||
sub initialize() {
|
sub initialize() {
|
||||||
@addresses_to_add = ();
|
@addresses_to_add = ();
|
||||||
%addresses_to_add = ();
|
%addresses_to_add = ();
|
||||||
}
|
}
|
||||||
|
|
||||||
INIT {
|
|
||||||
initialize;
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Handle IPSEC Options in a masq record
|
# Handle IPSEC Options in a masq record
|
||||||
#
|
#
|
||||||
|
@ -41,22 +41,12 @@ our $VERSION = '4.3_7';
|
|||||||
our @policy_chains;
|
our @policy_chains;
|
||||||
|
|
||||||
#
|
#
|
||||||
# Initialize globals -- we take this novel approach to globals initialization to allow
|
# Called by the compiler
|
||||||
# the compiler to run multiple times in the same process. The
|
|
||||||
# initialize() function does globals initialization for this
|
|
||||||
# module and is called from an INIT block below. The function is
|
|
||||||
# also called by Shorewall::Compiler::compiler at the beginning of
|
|
||||||
# the second and subsequent calls to that function.
|
|
||||||
#
|
#
|
||||||
|
|
||||||
sub initialize() {
|
sub initialize() {
|
||||||
@policy_chains = ();
|
@policy_chains = ();
|
||||||
}
|
}
|
||||||
|
|
||||||
INIT {
|
|
||||||
initialize;
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Convert a chain into a policy chain.
|
# Convert a chain into a policy chain.
|
||||||
#
|
#
|
||||||
|
@ -62,14 +62,15 @@ our $family;
|
|||||||
use constant { ROUTEMARKED_SHARED => 1, ROUTEMARKED_UNSHARED => 2 };
|
use constant { ROUTEMARKED_SHARED => 1, ROUTEMARKED_UNSHARED => 2 };
|
||||||
|
|
||||||
#
|
#
|
||||||
# Initialize globals -- we take this novel approach to globals initialization to allow
|
# Rather than initializing globals in an INIT block or during declaration,
|
||||||
# the compiler to run multiple times in the same process. The
|
# we initialize them in a function. This is done for two reasons:
|
||||||
# initialize() function does globals initialization for this
|
#
|
||||||
# module and is called from an INIT block below. The function is
|
# 1. Proper initialization usually depends on the address family which isn't
|
||||||
# also called by Shorewall::Compiler::compiler at the beginning of
|
# known until the compiler has started.
|
||||||
# the second and subsequent calls to that function.
|
#
|
||||||
|
# 2. The compiler can run multiple times in the same process so it has to be
|
||||||
|
# able to re-initialize all of its dependent modules.
|
||||||
#
|
#
|
||||||
|
|
||||||
sub initialize( $ ) {
|
sub initialize( $ ) {
|
||||||
$family = shift;
|
$family = shift;
|
||||||
|
|
||||||
@ -89,10 +90,6 @@ sub initialize( $ ) {
|
|||||||
@providers = ();
|
@providers = ();
|
||||||
}
|
}
|
||||||
|
|
||||||
INIT {
|
|
||||||
initialize( F_IPV4 );
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Set up marking for 'tracked' interfaces.
|
# Set up marking for 'tracked' interfaces.
|
||||||
#
|
#
|
||||||
|
@ -42,23 +42,20 @@ our @proxyarp;
|
|||||||
our $family;
|
our $family;
|
||||||
|
|
||||||
#
|
#
|
||||||
# Initialize globals -- we take this novel approach to globals initialization to allow
|
# Rather than initializing globals in an INIT block or during declaration,
|
||||||
# the compiler to run multiple times in the same process. The
|
# we initialize them in a function. This is done for two reasons:
|
||||||
# initialize() function does globals initialization for this
|
#
|
||||||
# module and is called from an INIT block below. The function is
|
# 1. Proper initialization usually depends on the address family which isn't
|
||||||
# also called by Shorewall::Compiler::compiler at the beginning of
|
# known until the compiler has started.
|
||||||
# the second and subsequent calls to that function.
|
#
|
||||||
|
# 2. The compiler can run multiple times in the same process so it has to be
|
||||||
|
# able to re-initialize all of its dependent modules.
|
||||||
#
|
#
|
||||||
|
|
||||||
sub initialize( $ ) {
|
sub initialize( $ ) {
|
||||||
$family = shift;
|
$family = shift;
|
||||||
@proxyarp = ();
|
@proxyarp = ();
|
||||||
}
|
}
|
||||||
|
|
||||||
INIT {
|
|
||||||
initialize( F_IPV4 );
|
|
||||||
}
|
|
||||||
|
|
||||||
sub setup_one_proxy_arp( $$$$$ ) {
|
sub setup_one_proxy_arp( $$$$$ ) {
|
||||||
my ( $address, $interface, $external, $haveroute, $persistent) = @_;
|
my ( $address, $interface, $external, $haveroute, $persistent) = @_;
|
||||||
|
|
||||||
|
@ -63,14 +63,15 @@ my %rules_commands = ( COMMENT => 0,
|
|||||||
SECTION => 2 );
|
SECTION => 2 );
|
||||||
|
|
||||||
#
|
#
|
||||||
# Initialize globals -- we take this novel approach to globals initialization to allow
|
# Rather than initializing globals in an INIT block or during declaration,
|
||||||
# the compiler to run multiple times in the same process. The
|
# we initialize them in a function. This is done for two reasons:
|
||||||
# initialize() function does globals initialization for this
|
#
|
||||||
# module and is called from an INIT block below. The function is
|
# 1. Proper initialization usually depends on the address family which isn't
|
||||||
# also called by Shorewall::Compiler::compiler at the beginning of
|
# known until the compiler has started.
|
||||||
# the second and subsequent calls to that function.
|
#
|
||||||
|
# 2. The compiler can run multiple times in the same process so it has to be
|
||||||
|
# able to re-initialize all of its dependent modules.
|
||||||
#
|
#
|
||||||
|
|
||||||
sub initialize( $ ) {
|
sub initialize( $ ) {
|
||||||
$family = shift;
|
$family = shift;
|
||||||
$sectioned = 0;
|
$sectioned = 0;
|
||||||
@ -79,10 +80,6 @@ sub initialize( $ ) {
|
|||||||
@param_stack = ();
|
@param_stack = ();
|
||||||
}
|
}
|
||||||
|
|
||||||
INIT {
|
|
||||||
initialize( F_IPV4 );
|
|
||||||
}
|
|
||||||
|
|
||||||
use constant { MAX_MACRO_NEST_LEVEL => 5 };
|
use constant { MAX_MACRO_NEST_LEVEL => 5 };
|
||||||
|
|
||||||
sub process_tos() {
|
sub process_tos() {
|
||||||
|
@ -202,14 +202,15 @@ our %restrictions = ( tcpre => PREROUTE_RESTRICT ,
|
|||||||
our $family;
|
our $family;
|
||||||
|
|
||||||
#
|
#
|
||||||
# Initialize globals -- we take this novel approach to globals initialization to allow
|
# Rather than initializing globals in an INIT block or during declaration,
|
||||||
# the compiler to run multiple times in the same process. The
|
# we initialize them in a function. This is done for two reasons:
|
||||||
# initialize() function does globals initialization for this
|
#
|
||||||
# module and is called from an INIT block below. The function is
|
# 1. Proper initialization usually depends on the address family which isn't
|
||||||
# also called by Shorewall::Compiler::compiler at the beginning of
|
# known until the compiler has started.
|
||||||
# the second and subsequent calls to that function.
|
#
|
||||||
|
# 2. The compiler can run multiple times in the same process so it has to be
|
||||||
|
# able to re-initialize all of its dependent modules.
|
||||||
#
|
#
|
||||||
|
|
||||||
sub initialize( $ ) {
|
sub initialize( $ ) {
|
||||||
$family = shift;
|
$family = shift;
|
||||||
%classids = ();
|
%classids = ();
|
||||||
@ -223,10 +224,6 @@ sub initialize( $ ) {
|
|||||||
$sticky = 0;
|
$sticky = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
INIT {
|
|
||||||
initialize( F_IPV4 );
|
|
||||||
}
|
|
||||||
|
|
||||||
sub process_tc_rule( ) {
|
sub process_tc_rule( ) {
|
||||||
my ( $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper ) = split_line1 2, 12, 'tcrules file';
|
my ( $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper ) = split_line1 2, 12, 'tcrules file';
|
||||||
|
|
||||||
|
@ -174,15 +174,15 @@ our %validinterfaceoptions;
|
|||||||
our %validhostoptions;
|
our %validhostoptions;
|
||||||
|
|
||||||
#
|
#
|
||||||
# Initialize globals -- we take this novel approach to globals initialization to allow
|
# Rather than initializing globals in an INIT block or during declaration,
|
||||||
# the compiler to run multiple times in the same process. The
|
# we initialize them in a function. This is done for two reasons:
|
||||||
# initialize() function does globals initialization for this
|
#
|
||||||
# module and is called from an INIT block below. The function is
|
# 1. Proper initialization usually depends on the address family which isn't
|
||||||
# also called by Shorewall::Compiler::compiler at the beginning of
|
# known until the compiler has started.
|
||||||
# the second and subsequent calls to that function or when compiling
|
#
|
||||||
# for IPv6.
|
# 2. The compiler can run multiple times in the same process so it has to be
|
||||||
|
# able to re-initialize all of its dependent modules.
|
||||||
#
|
#
|
||||||
|
|
||||||
sub initialize( $ ) {
|
sub initialize( $ ) {
|
||||||
$family = shift;
|
$family = shift;
|
||||||
@zones = ();
|
@zones = ();
|
||||||
@ -250,10 +250,6 @@ sub initialize( $ ) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
INIT {
|
|
||||||
initialize( F_IPV4 );
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Parse the passed option list and return a reference to a hash as follows:
|
# Parse the passed option list and return a reference to a hash as follows:
|
||||||
#
|
#
|
||||||
|
@ -6,6 +6,8 @@ Changes in Shorewall 4.4.1
|
|||||||
|
|
||||||
3) Added support for --persistent.
|
3) Added support for --persistent.
|
||||||
|
|
||||||
|
4) Don't do module initialization in an INIT block.
|
||||||
|
|
||||||
Changes in Shorewall 4.4.0
|
Changes in Shorewall 4.4.0
|
||||||
|
|
||||||
1) Fix 'compile ... -' so that it no longer requires '-v-1'
|
1) Fix 'compile ... -' so that it no longer requires '-v-1'
|
||||||
|
Loading…
Reference in New Issue
Block a user