Accurately determine if an inline action generates a rule.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-01-28 20:46:20 -08:00
parent 49166efdca
commit 42f46ea5e7

View File

@ -158,6 +158,7 @@ our %auditpolicies = ( ACCEPT => 1,
our @columns; our @columns;
our @columnstack; our @columnstack;
our $actionresult;
# #
# Rather than initializing globals in an INIT block or during declaration, # Rather than initializing globals in an INIT block or during declaration,
@ -2469,7 +2470,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$$ ) {
$macro_nest_level--; $macro_nest_level--;
return $generated; return $generated || $actionresult;
} }
# #
# Generate Fixed part of the rule # Generate Fixed part of the rule
@ -2651,6 +2652,7 @@ sub perl_action_helper($$) {
my ( $target, $matches ) = @_; my ( $target, $matches ) = @_;
my $action = $actparms{action}; my $action = $actparms{action};
my $chainref = $actparms{0}; my $chainref = $actparms{0};
my $result;
assert( $chainref ); assert( $chainref );
@ -2661,7 +2663,7 @@ sub perl_action_helper($$) {
'', '',
@columns ); @columns );
} else { } else {
process_rule1( $chainref, $result = process_rule1( $chainref,
$matches, $matches,
$target, $target,
'', # Current Param '', # Current Param
@ -2682,6 +2684,8 @@ sub perl_action_helper($$) {
0, # Wildcard 0, # Wildcard
); );
} }
$actionresult ||= $result;
} }
# #
@ -2691,11 +2695,12 @@ sub perl_action_tcp_helper($$) {
my ( $target, $proto ) = @_; my ( $target, $proto ) = @_;
my $action = $actparms{action}; my $action = $actparms{action};
my $chainref = $actparms{0}; my $chainref = $actparms{0};
my $result;
assert( $chainref ); assert( $chainref );
if ( $inlines{$action} ) { if ( $inlines{$action} ) {
&process_rule1( $chainref, $result = &process_rule1( $chainref,
$proto, $proto,
$target, $target,
'', '',
@ -2704,7 +2709,7 @@ sub perl_action_tcp_helper($$) {
@columns[3..14] @columns[3..14]
); );
} else { } else {
process_rule1( $chainref, $result = process_rule1( $chainref,
$proto, $proto,
$target, $target,
'', # Current Param '', # Current Param
@ -2725,6 +2730,8 @@ sub perl_action_tcp_helper($$) {
0, # Wildcard 0, # Wildcard
); );
} }
$actionresult ||= $result;
} }
# #
@ -2872,7 +2879,7 @@ sub process_rule ( ) {
if ( ! $wild || $intrazone || ( $sourcezone ne $destzone ) ) { if ( ! $wild || $intrazone || ( $sourcezone ne $destzone ) ) {
for my $proto ( @protos ) { for my $proto ( @protos ) {
for my $user ( @users ) { for my $user ( @users ) {
$generated |= process_rule1( undef, if ( process_rule1( undef,
'', '',
$target, $target,
'', '',
@ -2890,7 +2897,9 @@ sub process_rule ( ) {
$headers, $headers,
$condition, $condition,
$helper, $helper,
$wild ); $wild ) ) {
$generated = 1;
}
} }
} }
} }