From 321476fd51a9923631b5aa340d2f1c347711b9bc Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 8 Apr 2016 08:24:57 -0700 Subject: [PATCH] Tweak terminating() implementation Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Chains.pm | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 7ad8f0cc7..b68f4da3d 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -851,6 +851,15 @@ sub terminating( $ ) { return $chainref->{complete} && ! ( $chainref->{optflags} & RETURNS ); } +sub is_terminating( $$ ) { + my ( $table, $target ) = @_; + + if ( my $chainref = $chain_table{$table}{$target} ) { + terminating( $chainref ); + } else { + $terminating{$target}; + } +} # # Transform the passed iptables rule into an internal-form hash reference. # Most of the compiler has been converted to use the new form natively. @@ -1550,7 +1559,7 @@ sub create_irule( $$$;@ ) { $ruleref->{jump} = $jump; $ruleref->{target} = $target; $chainref->{optflags} |= RETURNS_DONT_MOVE if $target eq 'RETURN'; - $chainref->{complete} ||= $terminating{$target} && ! @matches; + $chainref->{complete} ||= ( ! @matches && ( $jump eq 'g' || is_terminating( $chainref->{table}, $target ) ) ); $ruleref->{targetopts} = $targetopts if $targetopts; } else { $ruleref->{target} = ''; @@ -2497,7 +2506,7 @@ sub add_ijump_internal( $$$$$;@ ) { } if ( $ruleref->{simple} ) { - $fromref->{complete} = 1 if $jump eq 'g' || $terminating{$to}; + $fromref->{complete} = 1 if $jump eq 'g' || ( $toref ? terminating( $toref ) : $terminating{$to} ); } $ruleref->{origin} = $origin if $origin;