holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Allow 'default' optimizations to be disabled by specifying optimization 4096.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-03-11 17:15:44 -08:00
parent 57dc5731b2
commit 196cd5417f
2 changed files with 6 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -774,7 +774,7 @@ sub use_forward_chain($$) {
my ( $interface, $chainref ) = @_; my ( $interface, $chainref ) = @_;
my $interfaceref = find_interface($interface); my $interfaceref = find_interface($interface);
return 1 if $globals{UNOPTIMIZED} && @{$chainref->{rules}}; return 1 if @{$chainref->{rules}} && ( $config{OPTIMIZE} & 4096 );
# #
# We must use the interfaces's chain if the interface is associated with multiple zone nets # We must use the interfaces's chain if the interface is associated with multiple zone nets
# #
@ -813,7 +813,7 @@ sub use_input_chain($$) {
my $interfaceref = find_interface($interface); my $interfaceref = find_interface($interface);
my $nets = $interfaceref->{nets}; my $nets = $interfaceref->{nets};
return 1 if $globals{UNOPTIMIZED} && @{$chainref->{rules}}; return 1 if @{$chainref->{rules}} && ( $config{OPTIMIZE} & 4096 );
# #
# We must use the interfaces's chain if: # We must use the interfaces's chain if:
# #
@ -870,10 +870,12 @@ sub use_output_chain($$) {
my ( $interface, $chainref) = @_; my ( $interface, $chainref) = @_;
my $interfaceref = find_interface($interface); my $interfaceref = find_interface($interface);
my $nets = $interfaceref->{nets}; my $nets = $interfaceref->{nets};
return 1 if @{$chainref->{rules}} && ( $config{OPTIMIZE} & 4096 );
# #
# We must use the interfaces's chain if the interface is associated with multiple zone nets # We must use the interfaces's chain if the interface is associated with multiple zone nets
# #
return 1 if $nets > 1 || ( $globals{UNOPTIMIZED} && @{$chainref->{rules}} ); return 1 if $nets > 1;
# #
# Don't need it if it isn't associated with any zone # Don't need it if it isn't associated with any zone
# #

8
Shorewall/Perl/Shorewall/Config.pm
View File

@ -338,7 +338,6 @@ sub initialize( $ ) {
TC_SCRIPT => '', TC_SCRIPT => '',
EXPORT => 0, EXPORT => 0,
UNTRACKED => 0, UNTRACKED => 0,
UNOPTIMIZED => 0,
VERSION => "4.4.8-RC1", VERSION => "4.4.8-RC1",
CAPVERSION => 40408 , CAPVERSION => 40408 ,
); );
@ -3003,12 +3002,7 @@ sub get_configuration( $ ) {
$val = numeric_value $config{OPTIMIZE}; $val = numeric_value $config{OPTIMIZE};
fatal_error "Invalid OPTIMIZE value ($config{OPTIMIZE})" unless defined( $val ) && $val >= -1 && $val <= 7; fatal_error "Invalid OPTIMIZE value ($config{OPTIMIZE})" unless defined( $val ) && $val >= 0 && ( $val & ( 4096 ^ -1 ) ) <= 7;
if ( $val == -1 ) {
$config{OPTIMIZE} = 0;
$globals{UNOPTIMIZED} = 1;
}
$globals{MARKING_CHAIN} = $config{MARK_IN_FORWARD_CHAIN} ? 'tcfor' : 'tcpre'; $globals{MARKING_CHAIN} = $config{MARK_IN_FORWARD_CHAIN} ? 'tcfor' : 'tcpre';