holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Combine emit() and emitj()

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6942 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-07-23 18:14:12 +00:00
parent 7c01ffd2c0
commit 16a7b1deae
8 changed files with 153 additions and 179 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Shorewall-perl/Shorewall/Chains.pm
View File

@ -1853,7 +1853,7 @@ sub emitr( $ ) {
sub emit_comment() { sub emit_comment() {
unless ( $emitted_comment ) { unless ( $emitted_comment ) {
emitj ( '#', emit ( '#',
'# Establish the values of shell variables used in the following function calls', '# Establish the values of shell variables used in the following function calls',
'#' ); '#' );
$emitted_comment = 1; $emitted_comment = 1;
@ -1889,7 +1889,7 @@ sub create_netfilter_load() {
$state = NULL_STATE; $state = NULL_STATE;
emitj( 'setup_netfilter()', emit( 'setup_netfilter()',
'{' '{'
); );
@ -1955,14 +1955,14 @@ sub create_netfilter_load() {
# #
# Now generate the actual iptables-restore command # Now generate the actual iptables-restore command
# #
emitj( 'exec 3>&-', emit( 'exec 3>&-',
'', '',
'progress_message2 "Running iptables-restore..."', 'progress_message2 "Running iptables-restore..."',
'', '',
'cat ${VARDIR}/.iptables-restore-input | $IPTABLES_RESTORE # Use this nonsensical form to appease SELinux' 'cat ${VARDIR}/.iptables-restore-input | $IPTABLES_RESTORE # Use this nonsensical form to appease SELinux'
); );
emitj( 'if [ $? != 0 ]; then', emit( 'if [ $? != 0 ]; then',
' fatal_error "iptables-restore Failed. Input is in ${VARDIR}/.iptables-restore-input"', ' fatal_error "iptables-restore Failed. Input is in ${VARDIR}/.iptables-restore-input"',
"fi\n" "fi\n"
); );
@ -1979,7 +1979,7 @@ sub create_blacklist_reload() {
$state = NULL_STATE; $state = NULL_STATE;
emitj( 'blacklist_reload()', emit( 'blacklist_reload()',
'{' '{'
); );
@ -2010,14 +2010,12 @@ sub create_blacklist_reload() {
# #
# Now generate the actual iptables-restore command # Now generate the actual iptables-restore command
# #
emitj( 'exec 3>&-', emit( 'exec 3>&-',
'', '',
'progress_message2 "Running iptables-restore..."', 'progress_message2 "Running iptables-restore..."',
'', '',
'cat ${VARDIR}/.iptables-restore-input | $IPTABLES_RESTORE -n # Use this nonsensical form to appease SELinux' 'cat ${VARDIR}/.iptables-restore-input | $IPTABLES_RESTORE -n # Use this nonsensical form to appease SELinux',
); 'if [ $? != 0 ]; then',
emitj( 'if [ $? != 0 ]; then',
' fatal_error "iptables-restore Failed. Input is in ${VARDIR}/.iptables-restore-input"', ' fatal_error "iptables-restore Failed. Input is in ${VARDIR}/.iptables-restore-input"',
"fi\n" "fi\n"
); );

212
Shorewall-perl/Shorewall/Compiler.pm
View File

@ -93,78 +93,78 @@ sub generate_script_1() {
emit "}\n"; emit "}\n";
} }
emitj ( '#', emit ( '#',
'# This function initializes the global variables used by the program', '# This function initializes the global variables used by the program',
'#', '#',
'initialize()', 'initialize()',
'{', '{',
' #', ' #',
' # These variables are required by the library functions called in this script', ' # These variables are required by the library functions called in this script',
' #' ' #'
); );
push_indent; push_indent;
if ( $export ) { if ( $export ) {
emitj ( 'SHAREDIR=/usr/share/shorewall-lite', emit ( 'SHAREDIR=/usr/share/shorewall-lite',
'CONFDIR=/etc/shorewall-lite', 'CONFDIR=/etc/shorewall-lite',
'PRODUCT="Shorewall Lite"' 'PRODUCT="Shorewall Lite"'
); );
} else { } else {
emitj ( 'SHAREDIR=/usr/share/shorewall', emit ( 'SHAREDIR=/usr/share/shorewall',
'CONFDIR=/etc/shorewall', 'CONFDIR=/etc/shorewall',
'PRODUCT=\'Shorewall\'', 'PRODUCT=\'Shorewall\'',
); );
} }
emit( '[ -f ${CONFDIR}/vardir ] && . ${CONFDIR}/vardir' ); emit( '[ -f ${CONFDIR}/vardir ] && . ${CONFDIR}/vardir' );
if ( $export ) { if ( $export ) {
emitj ( 'CONFIG_PATH="/etc/shorewall-lite:/usr/share/shorewall-lite"' , emit ( 'CONFIG_PATH="/etc/shorewall-lite:/usr/share/shorewall-lite"' ,
'[ -n "${VARDIR:=/var/lib/shorewall-lite}" ]' ); '[ -n "${VARDIR:=/var/lib/shorewall-lite}" ]' );
} else { } else {
emitj ( qq(CONFIG_PATH="$config{CONFIG_PATH}") , emit ( qq(CONFIG_PATH="$config{CONFIG_PATH}") ,
'[ -n "${VARDIR:=/var/lib/shorewall}" ]' ); '[ -n "${VARDIR:=/var/lib/shorewall}" ]' );
} }
emit 'TEMPFILE='; emit 'TEMPFILE=';
propagateconfig; propagateconfig;
emitj ( '[ -n "${COMMAND:=restart}" ]', emit ( '[ -n "${COMMAND:=restart}" ]',
'[ -n "${VERBOSE:=0}" ]', '[ -n "${VERBOSE:=0}" ]',
qq([ -n "\${RESTOREFILE:=$config{RESTOREFILE}}" ]), qq([ -n "\${RESTOREFILE:=$config{RESTOREFILE}}" ]),
'[ -n "$LOGFORMAT" ] || LOGFORMAT="Shorewall:%s:%s:"', '[ -n "$LOGFORMAT" ] || LOGFORMAT="Shorewall:%s:%s:"',
qq(VERSION="$globals{VERSION}") , qq(VERSION="$globals{VERSION}") ,
qq(PATH="$config{PATH}") , qq(PATH="$config{PATH}") ,
'TERMINATOR=fatal_error' 'TERMINATOR=fatal_error'
); );
if ( $config{IPTABLES} ) { if ( $config{IPTABLES} ) {
emitj( qq(IPTABLES="$config{IPTABLES}"), emit( qq(IPTABLES="$config{IPTABLES}"),
'', '',
'[ -x "$IPTABLES" ] || startup_error "IPTABLES=$IPTABLES does not exist or is not executable"', '[ -x "$IPTABLES" ] || startup_error "IPTABLES=$IPTABLES does not exist or is not executable"',
); );
} else { } else {
emitj( '[ -z "$IPTABLES" ] && IPTABLES=$(mywhich iptables 2> /dev/null)', emit( '[ -z "$IPTABLES" ] && IPTABLES=$(mywhich iptables 2> /dev/null)',
'', '',
'[ -n "$IPTABLES" -a -x "$IPTABLES" ] || startup_error "Can\'t find iptables executable"' '[ -n "$IPTABLES" -a -x "$IPTABLES" ] || startup_error "Can\'t find iptables executable"'
); );
} }
emitj( 'IPTABLES_RESTORE=${IPTABLES}-restore', emit( 'IPTABLES_RESTORE=${IPTABLES}-restore',
'[ -x "$IPTABLES_RESTORE" ] || startup_error "$IPTABLES_RESTORE does not exist or is not executable"' ); '[ -x "$IPTABLES_RESTORE" ] || startup_error "$IPTABLES_RESTORE does not exist or is not executable"' );
append_file 'params' if $config{EXPORTPARAMS}; append_file 'params' if $config{EXPORTPARAMS};
emitj ( '', emit ( '',
"STOPPING=", "STOPPING=",
'', '',
'#', '#',
'# The library requires that ${VARDIR} exist', '# The library requires that ${VARDIR} exist',
'#', '#',
'[ -d ${VARDIR} ] || mkdir -p ${VARDIR}' '[ -d ${VARDIR} ] || mkdir -p ${VARDIR}'
); );
pop_indent; pop_indent;
@ -329,15 +329,15 @@ EOF
emit 'delete_tc1' if $config{CLEAR_TC}; emit 'delete_tc1' if $config{CLEAR_TC};
emitj( 'undo_routing', emit( 'undo_routing',
'restore_default_route' 'restore_default_route'
); );
my $criticalhosts = process_criticalhosts; my $criticalhosts = process_criticalhosts;
if ( @$criticalhosts ) { if ( @$criticalhosts ) {
if ( $config{ADMINISABSENTMINDED} ) { if ( $config{ADMINISABSENTMINDED} ) {
emitj ( 'for chain in INPUT OUTPUT; do', emit ( 'for chain in INPUT OUTPUT; do',
' setpolicy $chain ACCEPT', ' setpolicy $chain ACCEPT',
'done', 'done',
'', '',
@ -352,71 +352,71 @@ EOF
my $source = match_source_net $host; my $source = match_source_net $host;
my $dest = match_dest_net $host; my $dest = match_dest_net $host;
emitj( "\$IPTABLES -A INPUT -i $interface $source -j ACCEPT", emit( "\$IPTABLES -A INPUT -i $interface $source -j ACCEPT",
"\$IPTABLES -A OUTPUT -o $interface $dest -j ACCEPT" "\$IPTABLES -A OUTPUT -o $interface $dest -j ACCEPT"
); );
} }
emitj( '', emit( '',
'for chain in INPUT OUTPUT; do', 'for chain in INPUT OUTPUT; do',
' setpolicy $chain DROP', ' setpolicy $chain DROP',
"done\n" "done\n"
); );
} else { } else {
emitj( '', emit( '',
'for chain in INPUT OUTPUT; do', 'for chain in INPUT OUTPUT; do',
' setpolicy \$chain ACCEPT', ' setpolicy \$chain ACCEPT',
'done', 'done',
'', '',
'setpolicy FORWARD DROP', 'setpolicy FORWARD DROP',
'', '',
"deleteallchains\n" "deleteallchains\n"
); );
for my $hosts ( @$criticalhosts ) { for my $hosts ( @$criticalhosts ) {
my ( $interface, $host ) = ( split /:/, $hosts ); my ( $interface, $host ) = ( split /:/, $hosts );
my $source = match_source_net $host; my $source = match_source_net $host;
my $dest = match_dest_net $host; my $dest = match_dest_net $host;
emitj( "\$IPTABLES -A INPUT -i $interface $source -j ACCEPT", emit( "\$IPTABLES -A INPUT -i $interface $source -j ACCEPT",
"\$IPTABLES -A OUTPUT -o $interface $dest -j ACCEPT" "\$IPTABLES -A OUTPUT -o $interface $dest -j ACCEPT"
); );
} }
emitj ( "\nsetpolicy INPUT DROP", emit( "\nsetpolicy INPUT DROP",
'', '',
'for chain in INPUT FORWARD; do', 'for chain in INPUT FORWARD; do',
' setcontinue $chain', ' setcontinue $chain',
"done\n" "done\n"
); );
} }
} elsif ( $config{ADMINISABSENTMINDED} ) { } elsif ( $config{ADMINISABSENTMINDED} ) {
emitj( 'for chain in INPUT FORWARD; do', emit( 'for chain in INPUT FORWARD; do',
' setpolicy $chain DROP', ' setpolicy $chain DROP',
'done', 'done',
'', '',
'setpolicy OUTPUT ACCEPT', 'setpolicy OUTPUT ACCEPT',
'', '',
'deleteallchains', 'deleteallchains',
'', '',
'for chain in INPUT FORWARD; do', 'for chain in INPUT FORWARD; do',
' setcontinue $chain', ' setcontinue $chain',
"done\n", "done\n",
); );
} else { } else {
emitj( 'for chain in INPUT OUTPUT FORWARD; do', emit( 'for chain in INPUT OUTPUT FORWARD; do',
' setpolicy $chain DROP', ' setpolicy $chain DROP',
'done', 'done',
'', '',
"deleteallchains\n" "deleteallchains\n"
); );
} }
process_routestopped; process_routestopped;
emitj( '$IPTABLES -A INPUT -i lo -j ACCEPT', emit( '$IPTABLES -A INPUT -i lo -j ACCEPT',
'$IPTABLES -A OUTPUT -o lo -j ACCEPT' '$IPTABLES -A OUTPUT -o lo -j ACCEPT'
); );
emit '$IPTABLES -A OUTPUT -o lo -j ACCEPT' unless $config{ADMINISABSENTMINDED}; emit '$IPTABLES -A OUTPUT -o lo -j ACCEPT' unless $config{ADMINISABSENTMINDED};
@ -434,12 +434,12 @@ EOF
emit ''; emit '';
if ( $config{IP_FORWARDING} eq 'on' ) { if ( $config{IP_FORWARDING} eq 'on' ) {
emitj( 'echo 1 > /proc/sys/net/ipv4/ip_forward', emit( 'echo 1 > /proc/sys/net/ipv4/ip_forward',
'progress_message2 IP Forwarding Enabled' ); 'progress_message2 IP Forwarding Enabled' );
} elsif ( $config{IP_FORWARDING} eq 'off' ) { } elsif ( $config{IP_FORWARDING} eq 'off' ) {
emitj( 'echo 0 > /proc/sys/net/ipv4/ip_forward', emit( 'echo 0 > /proc/sys/net/ipv4/ip_forward',
'progress_message2 IP Forwarding Disabled!' 'progress_message2 IP Forwarding Disabled!'
); );
} }
emit 'run_stopped_exit'; emit 'run_stopped_exit';
@ -491,7 +491,7 @@ sub generate_script_2 () {
copy $globals{SHAREDIRPL} . 'prog.functions'; copy $globals{SHAREDIRPL} . 'prog.functions';
emitj( '', emit( '',
'#', '#',
'# Clear Routing and Traffic Shaping', '# Clear Routing and Traffic Shaping',
'#', '#',
@ -524,7 +524,7 @@ sub generate_script_2 () {
emit ''; emit '';
for my $interface ( @{find_interfaces_by_option 'norfc1918'} ) { for my $interface ( @{find_interfaces_by_option 'norfc1918'} ) {
emitj ( "addr=\$(ip -f inet addr show $interface 2> /dev/null | grep 'inet\ ' | head -n1)", emit ( "addr=\$(ip -f inet addr show $interface 2> /dev/null | grep 'inet\ ' | head -n1)",
'if [ -n "$addr" ]; then', 'if [ -n "$addr" ]; then',
' addr=$(echo $addr | sed \'s/inet //;s/\/.*//;s/ peer.*//\')', ' addr=$(echo $addr | sed \'s/inet //;s/\/.*//;s/ peer.*//\')',
' for network in 10.0.0.0/8 176.16.0.0/12 192.168.0.0/16; do', ' for network in 10.0.0.0/8 176.16.0.0/12 192.168.0.0/16; do',
@ -535,7 +535,7 @@ sub generate_script_2 () {
"fi\n" ); "fi\n" );
} }
emitj ( '[ "$COMMAND" = refresh ] && run_refresh_exit || run_init_exit', emit ( '[ "$COMMAND" = refresh ] && run_refresh_exit || run_init_exit',
'', '',
'qt $IPTABLES -L shorewall -n && qt $IPTABLES -F shorewall && qt $IPTABLES -X shorewall', 'qt $IPTABLES -L shorewall -n && qt $IPTABLES -F shorewall && qt $IPTABLES -X shorewall',
'', '',
@ -544,7 +544,7 @@ sub generate_script_2 () {
); );
if ( $capabilities{NAT_ENABLED} ) { if ( $capabilities{NAT_ENABLED} ) {
emitj( 'if [ -f ${VARDIR}/nat ]; then', emit( 'if [ -f ${VARDIR}/nat ]; then',
' while read external interface; do', ' while read external interface; do',
' del_ip_addr $external $interface', ' del_ip_addr $external $interface',
' done < ${VARDIR}/nat', ' done < ${VARDIR}/nat',
@ -560,7 +560,7 @@ sub generate_script_2 () {
emit "}\n"; emit "}\n";
emitj( '#', emit( '#',
'# Setup Routing and Traffic Shaping', '# Setup Routing and Traffic Shaping',
'#', '#',
'setup_routing_and_traffic_shaping() {' 'setup_routing_and_traffic_shaping() {'

28
Shorewall-perl/Shorewall/Config.pm
View File

@ -42,7 +42,6 @@ our @EXPORT = qw(
create_temp_object create_temp_object
finalize_object finalize_object
emit emit
emitj
emit_unindented emit_unindented
save_progress_message save_progress_message
save_progress_message_short save_progress_message_short
@ -414,34 +413,11 @@ sub fatal_error {
} }
# #
# Write the argument to the object file (if any) with the current indentation. # Write the arguments to the object file (if any) with the current indentation.
# #
# Replaces leading spaces with tabs as appropriate and suppresses consecutive blank lines. # Replaces leading spaces with tabs as appropriate and suppresses consecutive blank lines.
# #
sub emit ( $ ) { sub emit {
if ( $object ) {
#
# 'compile' as opposed to 'check'
#
my $line = $_[0]; # This copy is necessary because the actual arguments are almost always read-only.
unless ( $line =~ /^\s*$/ ) {
$line =~ s/^\n// if $lastlineblank;
$line =~ s/^/$indent/gm if $indent;
$line =~ s/ /\t/gm;
print $object "$line\n";
$lastlineblank = ( substr( $line, -1, 1 ) eq "\n" );
} else {
print $object "\n" unless $lastlineblank;
$lastlineblank = 1;
}
}
}
#
# Version of emit() that accepts an indefinite number of scalar arguments; each argument will be emitted as a separate line
#
sub emitj {
if ( $object ) { if ( $object ) {
# #
# 'compile' as opposed to 'check' # 'compile' as opposed to 'check'

32
Shorewall-perl/Shorewall/Proc.pm
View File

@ -60,10 +60,10 @@ sub setup_arp_filtering() {
my $file = "/proc/sys/net/ipv4/conf/$interface/arp_filter"; my $file = "/proc/sys/net/ipv4/conf/$interface/arp_filter";
my $value = get_interface_option $interface, 'arp_filter'; my $value = get_interface_option $interface, 'arp_filter';
emitj( '', emit ( '',
"if [ -f $file ]; then", "if [ -f $file ]; then",
" echo $value > $file"); " echo $value > $file");
emitj( 'else', emit ( 'else',
" error_message \"WARNING: Cannot set ARP filtering on $interface\"" ) unless interface_is_optional( $interface ); " error_message \"WARNING: Cannot set ARP filtering on $interface\"" ) unless interface_is_optional( $interface );
emit "fi\n"; emit "fi\n";
} }
@ -74,9 +74,9 @@ sub setup_arp_filtering() {
fatal_error "Internal Error in setup_arp_filtering()" unless defined $value; fatal_error "Internal Error in setup_arp_filtering()" unless defined $value;
emitj( "if [ -f $file ]; then", emit ( "if [ -f $file ]; then",
" echo $value > $file"); " echo $value > $file");
emitj( 'else', emit ( 'else',
" error_message \"WARNING: Cannot set ARP filtering on $interface\"" ) unless interface_is_optional( $interface ); " error_message \"WARNING: Cannot set ARP filtering on $interface\"" ) unless interface_is_optional( $interface );
emit "fi\n"; emit "fi\n";
} }
@ -100,18 +100,18 @@ sub setup_route_filtering() {
if ( $config{ROUTE_FILTER} ) { if ( $config{ROUTE_FILTER} ) {
my $val = $config{ROUTE_FILTER} eq 'on' ? 1 : 0; my $val = $config{ROUTE_FILTER} eq 'on' ? 1 : 0;
emitj ( 'for file in /proc/sys/net/ipv4/conf/*; do', emit ( 'for file in /proc/sys/net/ipv4/conf/*; do',
" [ -f \$file/rp_filter ] && echo $val > \$file/rp_filter", " [ -f \$file/rp_filter ] && echo $val > \$file/rp_filter",
'done' ); 'done' );
} }
for my $interface ( @$interfaces ) { for my $interface ( @$interfaces ) {
my $file = "/proc/sys/net/ipv4/conf/$interface/rp_filter"; my $file = "/proc/sys/net/ipv4/conf/$interface/rp_filter";
my $value = get_interface_option $interface, 'routefilter'; my $value = get_interface_option $interface, 'routefilter';
emitj( "if [ -f $file ]; then" , emit ( "if [ -f $file ]; then" ,
" echo $value > $file" ); " echo $value > $file" );
emitj( 'else' , emit ( 'else' ,
" error_message \"WARNING: Cannot set route filtering on $interface\"" ) unless interface_is_optional( $interface); " error_message \"WARNING: Cannot set route filtering on $interface\"" ) unless interface_is_optional( $interface);
emit "fi\n"; emit "fi\n";
} }
@ -144,19 +144,19 @@ sub setup_martian_logging() {
if ( $config{LOG_MARTIANS} ) { if ( $config{LOG_MARTIANS} ) {
my $val = $config{LOG_MARTIANS} eq 'on' ? 1 : 0; my $val = $config{LOG_MARTIANS} eq 'on' ? 1 : 0;
emitj ( 'for file in /proc/sys/net/ipv4/conf/*; do', emit ( 'for file in /proc/sys/net/ipv4/conf/*; do',
" [ -f \$file/log_martians ] && echo $val > \$file/log_martians", " [ -f \$file/log_martians ] && echo $val > \$file/log_martians",
'done' ); 'done' );
} }
for my $interface ( @$interfaces ) { for my $interface ( @$interfaces ) {
my $file = "/proc/sys/net/ipv4/conf/$interface/log_martians"; my $file = "/proc/sys/net/ipv4/conf/$interface/log_martians";
my $value = get_interface_option $interface, 'logmartians'; my $value = get_interface_option $interface, 'logmartians';
emitj( "if [ -f $file ]; then" , emit ( "if [ -f $file ]; then" ,
" echo $value > $file" ); " echo $value > $file" );
emitj( 'else' , emit ( 'else' ,
" error_message \"WARNING: Cannot set Martian logging on $interface\"") unless interface_is_optional( $interface); " error_message \"WARNING: Cannot set Martian logging on $interface\"") unless interface_is_optional( $interface);
emit "fi\n"; emit "fi\n";
} }
@ -189,9 +189,9 @@ sub setup_source_routing() {
my $file = "/proc/sys/net/ipv4/conf/$interface/accept_source_route"; my $file = "/proc/sys/net/ipv4/conf/$interface/accept_source_route";
my $value = get_interface_option $interface, 'sourceroute'; my $value = get_interface_option $interface, 'sourceroute';
emitj( "if [ -f $file ]; then" , emit ( "if [ -f $file ]; then" ,
" echo $value > $file" ); " echo $value > $file" );
emitj( 'else' , emit ( 'else' ,
" error_message \"WARNING: Cannot set Accept Source Routing on $interface\"" ) unless interface_is_optional( $interface); " error_message \"WARNING: Cannot set Accept Source Routing on $interface\"" ) unless interface_is_optional( $interface);
emit "fi\n"; emit "fi\n";
} }

22
Shorewall-perl/Shorewall/Providers.pm
View File

@ -105,7 +105,7 @@ sub setup_route_marking() {
sub copy_table( $$ ) { sub copy_table( $$ ) {
my ( $duplicate, $number ) = @_; my ( $duplicate, $number ) = @_;
emitj( "ip route show table $duplicate | while read net route; do", emit ( "ip route show table $duplicate | while read net route; do",
' case $net in', ' case $net in',
' default|nexthop)', ' default|nexthop)',
' ;;', ' ;;',
@ -120,7 +120,7 @@ sub copy_table( $$ ) {
sub copy_and_edit_table( $$$ ) { sub copy_and_edit_table( $$$ ) {
my ( $duplicate, $number, $copy ) = @_; my ( $duplicate, $number, $copy ) = @_;
emitj ( "ip route show table $duplicate | while read net route; do", emit ( "ip route show table $duplicate | while read net route; do",
' case $net in', ' case $net in',
' default|nexthop)', ' default|nexthop)',
' ;;', ' ;;',
@ -197,7 +197,7 @@ sub add_a_provider( $$$$$$$$ ) {
if ( $gateway eq 'detect' ) { if ( $gateway eq 'detect' ) {
my $variable = get_interface_address $interface; my $variable = get_interface_address $interface;
emitj ( "gateway=\$(detect_gateway $interface)\n", emit ( "gateway=\$(detect_gateway $interface)\n",
'if [ -n "$gateway" ]; then', 'if [ -n "$gateway" ]; then',
" run_ip route replace $variable dev $interface table $number", " run_ip route replace $variable dev $interface table $number",
" run_ip route add default via \$gateway dev $interface table $number", " run_ip route add default via \$gateway dev $interface table $number",
@ -235,7 +235,7 @@ sub add_a_provider( $$$$$$$$ ) {
my $pref = 10000 + $val; my $pref = 10000 + $val;
emitj( "qt ip rule del fwmark $mark", emit ( "qt ip rule del fwmark $mark",
"run_ip rule add fwmark $mark pref $pref table $number", "run_ip rule add fwmark $mark pref $pref table $number",
"echo \"qt ip rule del fwmark $mark\" >> \${VARDIR}/undo_routing" "echo \"qt ip rule del fwmark $mark\" >> \${VARDIR}/undo_routing"
); );
@ -273,7 +273,7 @@ sub add_a_provider( $$$$$$$$ ) {
emit "\nrulenum=0\n"; emit "\nrulenum=0\n";
emitj ( "find_interface_addresses $interface | while read address; do", emit ( "find_interface_addresses $interface | while read address; do",
' qt ip rule del from $address', ' qt ip rule del from $address',
" run_ip rule add from \$address pref \$(( $rulebase + \$rulenum )) table $number", " run_ip rule add from \$address pref \$(( $rulebase + \$rulenum )) table $number",
" echo \"qt ip rule del from \$address\" >> \${VARDIR}/undo_routing", " echo \"qt ip rule del from \$address\" >> \${VARDIR}/undo_routing",
@ -281,7 +281,7 @@ sub add_a_provider( $$$$$$$$ ) {
'done' 'done'
); );
} else { } else {
emitj( "\nfind_interface_addresses $interface | while read address; do", emit ( "\nfind_interface_addresses $interface | while read address; do",
' qt ip rule del from $address', ' qt ip rule del from $address',
'done' 'done'
); );
@ -293,7 +293,7 @@ sub add_a_provider( $$$$$$$$ ) {
emit 'else'; emit 'else';
if ( $optional ) { if ( $optional ) {
emitj( " error_message \"WARNING: Interface $interface is not configured -- Provider $table ($number) not Added\"", emit ( " error_message \"WARNING: Interface $interface is not configured -- Provider $table ($number) not Added\"",
" ${iface}_up=" " ${iface}_up="
); );
} else { } else {
@ -343,7 +343,7 @@ sub add_an_rtrule( $$$$ ) {
$priority = "priority $priority"; $priority = "priority $priority";
emitj( "qt ip rule del $source $dest $priority", emit ( "qt ip rule del $source $dest $priority",
"run_ip rule add $source $dest $priority table $provider", "run_ip rule add $source $dest $priority table $provider",
"echo \"qt ip rule del $source $dest $priority\" >> \${VARDIR}/undo_routing" "echo \"qt ip rule del $source $dest $priority\" >> \${VARDIR}/undo_routing"
); );
@ -364,7 +364,7 @@ sub setup_providers() {
push_indent; push_indent;
emitj ( '#', emit ( '#',
'# Undo any changes made since the last time that we [re]started -- this will not restore the default route', '# Undo any changes made since the last time that we [re]started -- this will not restore the default route',
'#', '#',
'undo_routing', 'undo_routing',
@ -400,7 +400,7 @@ sub setup_providers() {
if ( $providers ) { if ( $providers ) {
if ( $balance ) { if ( $balance ) {
emitj ( 'if [ -n "$DEFAULT_ROUTE" ]; then', emit ( 'if [ -n "$DEFAULT_ROUTE" ]; then',
' run_ip route replace default scope global $DEFAULT_ROUTE', ' run_ip route replace default scope global $DEFAULT_ROUTE',
" progress_message \"Default route '\$(echo \$DEFAULT_ROUTE | sed 's/\$\\s*//')' Added\"", " progress_message \"Default route '\$(echo \$DEFAULT_ROUTE | sed 's/\$\\s*//')' Added\"",
'else', 'else',
@ -409,7 +409,7 @@ sub setup_providers() {
'fi', 'fi',
'' ); '' );
} else { } else {
emitj( '#', emit ( '#',
'# We don\'t have any \'balance\' providers so we restore any default route that we\'ve saved', '# We don\'t have any \'balance\' providers so we restore any default route that we\'ve saved',
'#', '#',
'restore_default_route' ); 'restore_default_route' );

12
Shorewall-perl/Shorewall/Proxyarp.pm
View File

@ -80,7 +80,7 @@ sub setup_one_proxy_arp( $$$$$ ) {
$haveroute = 1 if $persistent; $haveroute = 1 if $persistent;
} }
emitj( "if ! arp -i $external -Ds $address $external pub; then", emit ( "if ! arp -i $external -Ds $address $external pub; then",
" fatal_error \"Command 'arp -i $external -Ds $address $external pub' failed\"" , " fatal_error \"Command 'arp -i $external -Ds $address $external pub' failed\"" ,
'fi' , 'fi' ,
'', '',
@ -126,25 +126,25 @@ sub setup_proxy_arp() {
for my $interface ( keys %reset ) { for my $interface ( keys %reset ) {
unless ( $set{interface} ) { unless ( $set{interface} ) {
emitj ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ]; then" , emit ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ]; then" ,
" echo 0 > /proc/sys/net/ipv4/conf/$interface/proxy_arp" ); " echo 0 > /proc/sys/net/ipv4/conf/$interface/proxy_arp" );
emit "fi\n"; emit "fi\n";
} }
} }
for my $interface ( keys %set ) { for my $interface ( keys %set ) {
emitj ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ]; then" , emit ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ]; then" ,
" echo 1 > /proc/sys/net/ipv4/conf/$interface/proxy_arp" ); " echo 1 > /proc/sys/net/ipv4/conf/$interface/proxy_arp" );
emitj ( 'else' , emit ( 'else' ,
" error_message \" WARNING: Cannot set the 'proxy_arp' option for interface $interface\"" ) unless interface_is_optional( $interface ); " error_message \" WARNING: Cannot set the 'proxy_arp' option for interface $interface\"" ) unless interface_is_optional( $interface );
emit "fi\n"; emit "fi\n";
} }
for my $interface ( @$interfaces ) { for my $interface ( @$interfaces ) {
my $value = get_interface_option $interface, 'proxyarp'; my $value = get_interface_option $interface, 'proxyarp';
emitj( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ] ; then" , emit ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ] ; then" ,
" echo $value > /proc/sys/net/ipv4/conf/$interface/proxy_arp" ); " echo $value > /proc/sys/net/ipv4/conf/$interface/proxy_arp" );
emitj( 'else' , emit ( 'else' ,
" error_message \"WARNING: Unable to set/reset proxy ARP on $interface\"" ) unless interface_is_optional( $interface ); " error_message \"WARNING: Unable to set/reset proxy ARP on $interface\"" ) unless interface_is_optional( $interface );
emit "fi\n"; emit "fi\n";
} }

6
Shorewall-perl/Shorewall/Tc.pm
View File

@ -453,7 +453,7 @@ sub setup_traffic_shaping() {
push_indent; push_indent;
emitj( "${dev}_exists=Yes", emit ( "${dev}_exists=Yes",
"qt tc qdisc del dev $device root", "qt tc qdisc del dev $device root",
"qt tc qdisc del dev $device ingress", "qt tc qdisc del dev $device ingress",
"run_tc qdisc add dev $device root handle $devnum: htb default $defmark", "run_tc qdisc add dev $device root handle $devnum: htb default $defmark",
@ -465,7 +465,7 @@ sub setup_traffic_shaping() {
my $inband = rate_to_kbit $devref->{in_bandwidth}; my $inband = rate_to_kbit $devref->{in_bandwidth};
if ( $inband ) { if ( $inband ) {
emitj( "run_tc qdisc add dev $device handle ffff: ingress", emit ( "run_tc qdisc add dev $device handle ffff: ingress",
"run_tc filter add dev $device parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${inband}kbit burst 10k drop flowid :1" "run_tc filter add dev $device parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${inband}kbit burst 10k drop flowid :1"
); );
} }
@ -509,7 +509,7 @@ sub setup_traffic_shaping() {
$lastdevice = $device; $lastdevice = $device;
} }
emitj( "[ \$${dev}_mtu -gt $quantum ] && quantum=\$${dev}_mtu || quantum=$quantum", emit ( "[ \$${dev}_mtu -gt $quantum ] && quantum=\$${dev}_mtu || quantum=$quantum",
"run_tc class add dev $device parent $devref->{number}:1 classid $classid htb rate $rate ceil $tcref->{ceiling} prio $tcref->{priority} \$${dev}_mtu1 quantum \$quantum", "run_tc class add dev $device parent $devref->{number}:1 classid $classid htb rate $rate ceil $tcref->{ceiling} prio $tcref->{priority} \$${dev}_mtu1 quantum \$quantum",
"run_tc qdisc add dev $device parent $classid handle ${prefix}${mark}: sfq perturb 10" "run_tc qdisc add dev $device parent $classid handle ${prefix}${mark}: sfq perturb 10"
); );

2
Shorewall-perl/Shorewall/Zones.pm
View File

@ -76,7 +76,7 @@ use constant { NOTHING => 'NOTHING',
# #
# @zones contains the ordered list of zones with sub-zones appearing before their parents. # @zones contains the ordered list of zones with sub-zones appearing before their parents.
# #
# %zones{<zone1> => {type = > <zone type> 'firewall', 'ipv4', 'ipsec4'; # %zones{<zone1> => {type = > <zone type> 'firewall', 'ipv4', 'ipsec4', 'bport4';
# options => { complex => 0|1 # options => { complex => 0|1
# in_out => < policy match string > # in_out => < policy match string >
# in => < policy match string > # in => < policy match string >