holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Use SHA1 to shorten digests.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-12-30 14:58:49 -08:00
parent 4d9a43a4dd
commit 28f27c65aa
1 changed files with 27 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -28,6 +28,7 @@ package Shorewall::Chains;
require Exporter; require Exporter;
use Scalar::Util 'reftype'; use Scalar::Util 'reftype';
use Digest::SHA1 qw(sha1);
use Shorewall::Config qw(:DEFAULT :internal); use Shorewall::Config qw(:DEFAULT :internal);
use Shorewall::Zones; use Shorewall::Zones;
use Shorewall::IPAddrs; use Shorewall::IPAddrs;
@ -2821,7 +2822,7 @@ sub optimize_level8( $$$ ) {
} }
} }
$chainref->{digest} = $digest; $chainref->{digest} = sha1 $digest;
} }
for my $chainref ( @chains ) { for my $chainref ( @chains ) {
@ -5826,9 +5827,11 @@ sub add_interface_options( $ ) {
# #
# Generate a digest for each chain # Generate a digest for each chain
# #
for my $chainref ( grep defined $_, values %input_chains, values %forward_chains ) { for my $chainref ( values %input_chains, values %forward_chains ) {
my $digest = ''; my $digest = '';
assert( $chainref );
for ( @{$chainref->{rules}} ) { for ( @{$chainref->{rules}} ) {
if ( $digest ) { if ( $digest ) {
$digest .= ' |' . format_rule( $chainref, $_, 1 ); $digest .= ' |' . format_rule( $chainref, $_, 1 );
@ -5837,7 +5840,7 @@ sub add_interface_options( $ ) {
} }
} }
$chainref->{digest} = $digest; $chainref->{digest} = sha1 $digest;
} }
# #
# Insert all interface option rules into the rules chains # Insert all interface option rules into the rules chains
@ -5887,28 +5890,29 @@ sub add_interface_options( $ ) {
if ( zone_type( $zone2 ) & (FIREWALL | VSERVER ) ) { if ( zone_type( $zone2 ) & (FIREWALL | VSERVER ) ) {
if ( @input_interfaces == 1 && copy_options( $input_interfaces[0] ) ) { if ( @input_interfaces == 1 && copy_options( $input_interfaces[0] ) ) {
if ( ( $chain1ref = $input_chains{$input_interfaces[0]} ) && @{$chain1ref->{rules}} ) { $chain1ref = $input_chains{$input_interfaces[0]};
if ( @{$chain1ref->{rules}} ) {
copy_rules $chain1ref, $chainref, 1; copy_rules $chain1ref, $chainref, 1;
$chainref->{referenced} = 1; $chainref->{referenced} = 1;
} }
} else { } else {
for my $interface ( @input_interfaces ) { for my $interface ( @input_interfaces ) {
if ( ( $chain1ref = $input_chains{$interface} ) && @{$chain1ref->{rules}} ) { $chain1ref = $input_chains{$interface};
add_ijump ( $chainref , j => $chain1ref->{name}, @input_interfaces > 1 ? imatch_source_dev( $interface ) : () ); add_ijump ( $chainref , j => $chain1ref->{name}, @input_interfaces > 1 ? imatch_source_dev( $interface ) : () ) if @{$chain1ref->{rules}};
}
} }
} }
} else { } else {
if ( @forward_interfaces == 1 && copy_options( $forward_interfaces[0] ) ) { if ( @forward_interfaces == 1 && copy_options( $forward_interfaces[0] ) ) {
if ( ( $chain1ref = $forward_chains{$forward_interfaces[0]} ) && @{$chain1ref->{rules}} ) { $chain1ref = $forward_chains{$forward_interfaces[0]};
if ( @{$chain1ref->{rules}} ) {
copy_rules $chain1ref, $chainref, 1; copy_rules $chain1ref, $chainref, 1;
$chainref->{referenced} = 1; $chainref->{referenced} = 1;
} }
} else { } else {
for my $interface ( @forward_interfaces ) { for my $interface ( @forward_interfaces ) {
if ( ( $chain1ref = $forward_chains{$interface} ) && @{$chain1ref->{rules}} ) { $chain1ref = $forward_chains{$interface};
add_ijump ( $chainref , j => $chain1ref->{name}, @forward_interfaces > 1 ? imatch_source_dev( $interface ) : () ); add_ijump ( $chainref , j => $chain1ref->{name}, @forward_interfaces > 1 ? imatch_source_dev( $interface ) : () ) if @{$chain1ref->{rules}};
}
} }
} }
} }
@ -5922,7 +5926,9 @@ sub add_interface_options( $ ) {
my $chain1ref; my $chain1ref;
for my $interface ( @interfaces ) { for my $interface ( @interfaces ) {
if ( ( $chain1ref = $filter_table->{output_option_chain $interface} ) && @{$chain1ref->{rules}} ) { $chain1ref = $filter_table->{output_option_chain $interface};
if ( @{$chain1ref->{rules}} ) {
copy_rules( $chain1ref, $chainref, 1 ); copy_rules( $chain1ref, $chainref, 1 );
$chainref->{referenced} = 1; $chainref->{referenced} = 1;
} }
@ -5937,17 +5943,23 @@ sub add_interface_options( $ ) {
my $chainref; my $chainref;
my $chain1ref; my $chain1ref;
if ( ( $chainref = $filter_table->{input_option_chain $interface} ) && @{$chainref->{rules}} ) { $chainref = $filter_table->{input_option_chain $interface};
if( @{$chainref->{rules}} ) {
move_rules $chainref, $chain1ref = $filter_table->{input_chain $interface}; move_rules $chainref, $chain1ref = $filter_table->{input_chain $interface};
set_interface_option( $interface, 'use_input_chain', 1 ); set_interface_option( $interface, 'use_input_chain', 1 );
} }
if ( ( $chainref = $filter_table->{forward_option_chain $interface} ) && @{$chainref->{rules}} ) { $chainref = $filter_table->{forward_option_chain $interface};
if ( @{$chainref->{rules}} ) {
move_rules $chainref, $chain1ref = $filter_table->{forward_chain $interface}; move_rules $chainref, $chain1ref = $filter_table->{forward_chain $interface};
set_interface_option( $interface, 'use_forward_chain' , 1 ); set_interface_option( $interface, 'use_forward_chain' , 1 );
} }
if ( ( $chainref = $filter_table->{output_option_chain $interface} ) && @{$chainref->{rules}} ) { $chainref = $filter_table->{output_option_chain $interface};
if ( @{$chainref->{rules}} ) {
move_rules $chainref, $chain1ref = $filter_table->{output_chain $interface}; move_rules $chainref, $chain1ref = $filter_table->{output_chain $interface};
set_interface_option( $interface, 'use_output_chain' , 1 ); set_interface_option( $interface, 'use_output_chain' , 1 );
} }