holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Document -t option

Browse Source 
- Also copy compiler directives to the mangle file.
This commit is contained in:
Tom Eastep 2014-02-17 12:50:59 -08:00
parent a011ad8efe
commit 3e87efc82b
4 changed files with 195 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
Shorewall/Perl/Shorewall/Config.pm
View File

@ -158,6 +158,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
set_section_function set_section_function
section_warning section_warning
clear_section_function clear_section_function
directive_callback
$product $product
$Product $Product
@ -562,6 +563,7 @@ our $warningcount1; # Used to suppress duplicate warnings about COMMENT
our $warningcount2; # Used to suppress duplicate warnings about FORMAT being deprecated our $warningcount2; # Used to suppress duplicate warnings about FORMAT being deprecated
our $warningcount3; # Used to suppress duplicate warnings about SECTION being deprecated our $warningcount3; # Used to suppress duplicate warnings about SECTION being deprecated
our $checkinline; # The -i option to check/compile/etc. our $checkinline; # The -i option to check/compile/etc.
our $directive_callback; # Function to call in compiler_directive
our $shorewall_dir; # Shorewall Directory; if non-empty, search here first for files. our $shorewall_dir; # Shorewall Directory; if non-empty, search here first for files.
@ -687,6 +689,8 @@ sub initialize( $;$$) {
$ifstack = 0; $ifstack = 0;
@ifstack = (); @ifstack = ();
$embedded = 0; $embedded = 0;
$directive_callback
= 0;
# #
# Contents of last COMMENT line. # Contents of last COMMENT line.
# #
@ -2490,6 +2494,13 @@ sub evaluate_expression( $$$ ) {
$val; $val;
} }
#
# Set callback
#
sub directive_callback( $ ) {
$directive_callback = shift;
}
# #
# Each entry in @ifstack consists of a 4-tupple # Each entry in @ifstack consists of a 4-tupple
# #
@ -2518,7 +2529,8 @@ sub process_compiler_directive( $$$$ ) {
my ( $lastkeyword, $prioromit, $included, $lastlinenumber ) = @ifstack ? @{$ifstack[-1]} : ('', 0, 0, 0 ); my ( $lastkeyword, $prioromit, $included, $lastlinenumber ) = @ifstack ? @{$ifstack[-1]} : ('', 0, 0, 0 );
my %directives = ( IF => sub() { my %directives =
( IF => sub() {
directive_error( "Missing IF expression" , $filename, $linenumber ) unless supplied $expression; directive_error( "Missing IF expression" , $filename, $linenumber ) unless supplied $expression;
my $nextomitting = $omitting || ! evaluate_expression( $expression , $filename, $linenumber ); my $nextomitting = $omitting || ! evaluate_expression( $expression , $filename, $linenumber );
push @ifstack, [ 'IF', $omitting, ! $nextomitting, $linenumber ]; push @ifstack, [ 'IF', $omitting, ! $nextomitting, $linenumber ];
@ -2581,7 +2593,7 @@ sub process_compiler_directive( $$$$ ) {
} }
} , } ,
FORMAT => sub() { 'FORMAT' => sub() {
unless ( $omitting ) { unless ( $omitting ) {
directive_error( "?FORMAT is not allowed in this file", $filename, $linenumber ) unless $max_format > 1; directive_error( "?FORMAT is not allowed in this file", $filename, $linenumber ) unless $max_format > 1;
directive_error( "Missing format", $filename, $linenumber ) unless supplied $expression; directive_error( "Missing format", $filename, $linenumber ) unless supplied $expression;
@ -2646,7 +2658,11 @@ sub process_compiler_directive( $$$$ ) {
assert( 0, $keyword ); assert( 0, $keyword );
} }
if ( $directive_callback ) {
$directive_callback->( $keyword, $line )
} else {
$omitting; $omitting;
}
} }
# #

4
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -3154,6 +3154,8 @@ sub setup_tc( $ ) {
# We are going to convert this tcrules file to the equivalent mangle file # We are going to convert this tcrules file to the equivalent mangle file
# #
open( $mangle , '>>', $fn1 = find_file('mangle') ) || fatal_error "Unable to open $fn1:$!"; open( $mangle , '>>', $fn1 = find_file('mangle') ) || fatal_error "Unable to open $fn1:$!";
directive_callback( sub () { print $mangle "$_[1]\n" unless $_[0] eq 'FORMAT'; 0; } );
} }
first_entry "$doing $fn..."; first_entry "$doing $fn...";
@ -3173,7 +3175,7 @@ sub setup_tc( $ ) {
} }
} }
close $mangle if $tcrules; close $mangle, directive_callback( 0 ) if $tcrules;
} }
if ( my $fn = open_file( 'mangle', 1, 1 ) ) { if ( my $fn = open_file( 'mangle', 1, 1 ) ) {

34
Shorewall/manpages/shorewall.xml
View File

@ -1864,9 +1864,41 @@
url="shorewall-mangle.html">shorewall-mangle(5)</ulink>. The old url="shorewall-mangle.html">shorewall-mangle(5)</ulink>. The old
file is renamed with a .bak suffix.</para> file is renamed with a .bak suffix.</para>
<important>
<para>There are some notable restrictions with the
<option>-t</option> option:</para>
<orderedlist>
<listitem>
<para>Converted rules will be appended to the existing
<filename>mangle</filename> file; if there is no
<filename>mangle</filename> file in the CONFIG_PATH, one will
be created in <filename
class="directory">/etc/shorewall</filename>.</para>
</listitem>
<listitem>
<para>Existing comments in the <filename>tcrules</filename>
file will not be transferred to the
<filename>mangle</filename> file.</para>
</listitem>
<listitem>
<para>INCLUDEd files will be expanded inline in the
<filename>mangle</filename> file.</para>
</listitem>
<listitem>
<para>Columns in the <filename>mangle</filename> file will be
separated by a single tab character; there is no attempt made
to otherwise align the columns.</para>
</listitem>
</orderedlist>
</important>
<para>The <option>-A</option> option was added in Shorewall 4.6.0 <para>The <option>-A</option> option was added in Shorewall 4.6.0
and is equivalent to specifying the <option>-b</option>, and is equivalent to specifying the <option>-b</option>,
<option>-D</option> and the <option>-t</option> options. </para> <option>-D</option> and the <option>-t</option> options.</para>
<para>For a description of the other options, see the <emphasis <para>For a description of the other options, see the <emphasis
role="bold">check</emphasis> command above.</para> role="bold">check</emphasis> command above.</para>

32
Shorewall6/manpages/shorewall6.xml
View File

@ -1700,6 +1700,38 @@
url="shorewall6-mangle.html">shorewall6-mangle(5)</ulink>. The old url="shorewall6-mangle.html">shorewall6-mangle(5)</ulink>. The old
file is renamed with a .bak suffix.</para> file is renamed with a .bak suffix.</para>
<important>
<para>There are some notable restrictions with the
<option>-t</option> option:</para>
<orderedlist>
<listitem>
<para>Converted rules will be appended to the existing
<filename>mangle</filename> file; if there is no
<filename>mangle</filename> file in the CONFIG_PATH, one will
be created in <filename
class="directory">/etc/shorewall6</filename>.</para>
</listitem>
<listitem>
<para>Existing comments in the <filename>tcrules</filename>
file will not be transferred to the
<filename>mangle</filename> file.</para>
</listitem>
<listitem>
<para>INCLUDEd files will be expanded inline in the
<filename>mangle</filename> file.</para>
</listitem>
<listitem>
<para>Columns in the <filename>mangle</filename> file will be
separated by a single tab character; there is no attempt made
to otherwise align the columns.</para>
</listitem>
</orderedlist>
</important>
<para>The <option>-A</option> option was added in Shorewall 4.6.0 <para>The <option>-A</option> option was added in Shorewall 4.6.0
and is equivalent to specifying the <option>-b</option>, and is equivalent to specifying the <option>-b</option>,
<option>-D</option> and the <option>-t</option> options.</para> <option>-D</option> and the <option>-t</option> options.</para>