From 8300183445943c6a394b858051b0efb48b1052cc Mon Sep 17 00:00:00 2001 From: teastep Date: Sat, 9 Dec 2006 19:31:23 +0000 Subject: [PATCH] Pre-process standard files up front -- Take 2 git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5071 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/lib.accounting | 2 -- Shorewall/lib.actions | 4 --- Shorewall/lib.config | 73 +++++++++++++++++++++++++--------------- Shorewall/lib.providers | 20 ++++------- Shorewall/lib.tunnels | 2 -- 5 files changed, 52 insertions(+), 49 deletions(-) diff --git a/Shorewall/lib.accounting b/Shorewall/lib.accounting index 3e0d0740b..4766fb8bb 100644 --- a/Shorewall/lib.accounting +++ b/Shorewall/lib.accounting @@ -239,8 +239,6 @@ setup_accounting() # $1 = Name of accounting file save_progress_message "Setting up Accounting..." - strip_file accounting $1 - while read action chain source dest proto port sport user ; do process_accounting_rule done < $TMP_DIR/accounting diff --git a/Shorewall/lib.actions b/Shorewall/lib.actions index 74b1d7152..74caad5ca 100644 --- a/Shorewall/lib.actions +++ b/Shorewall/lib.actions @@ -557,10 +557,6 @@ merge_levels() # $1=level at which superior action is called, $2=level at which # process_actions1() { - strip_file actions - - strip_file actions.std ${SHAREDIR}/actions.std - for inputfile in actions.std actions; do while read xaction rest; do [ "x$rest" = x ] || fatal_error "Invalid Action: $xaction $rest" diff --git a/Shorewall/lib.config b/Shorewall/lib.config index 6ee76e7a3..57f10c8a1 100644 --- a/Shorewall/lib.config +++ b/Shorewall/lib.config @@ -222,7 +222,7 @@ get_firewall_zone() { esac done < $f - startup_error "No firewall zone defined" + startup_error "No firewall zone defined in $f" } # @@ -255,7 +255,7 @@ determine_zones() IPV4_ZONES= IPSEC_ZONES= - [ "$IPSECFILE" = zones ] && new_zone_file=Yes + [ "$IPSECFILE" = zones ] && new_zone_file=Yes || test -n "${FW:=fw}" while read zone type rest; do case $zone in @@ -1717,9 +1717,12 @@ do_initialize() { # TERMINATOR=fatal_error # - # Clear all configuration variables + # Clear all configuration variables (shorewall.conf) # - VERSION= + STARTUP_ENABLED= + # + #VERBOSE is inherited -- VERBOSITY is only used in the CIs + # # # Logging # @@ -1795,6 +1798,7 @@ do_initialize() { # # Other Globals # + VERSION= FW= USEPKTYPE= LOGLIMIT= @@ -1820,7 +1824,7 @@ do_initialize() { TMP_DIR=$(mktempdir) [ -n "$TMP_DIR" ] && chmod 700 $TMP_DIR || \ - fatal_error "Can't create a temporary directory" + startup_error "Can't create a temporary directory" case $PROGRAM in compiler) @@ -1846,10 +1850,10 @@ do_initialize() { progress_message "Processing $config..." . $config else - fatal_error "Cannot read $config (Hint: Are you root?)" + startup_error "Cannot read $config (Hint: Are you root?)" fi else - fatal_error "$config does not exist!" + startup_error "$config does not exist!" fi # @@ -1872,9 +1876,9 @@ do_initialize() { if [ -z "$IPTABLES" ]; then IPTABLES=$(mywhich iptables 2> /dev/null) - [ -z "$IPTABLES" ] && fatal_error "Can't find iptables executable" + [ -z "$IPTABLES" ] && startup_error "Can't find iptables executable" else - [ -e "$IPTABLES" ] || fatal_error "\$IPTABLES=$IPTABLES does not exist or is not executable" + [ -e "$IPTABLES" ] || startup_error "\$IPTABLES=$IPTABLES does not exist or is not executable" fi f=$(find_file capabilities) @@ -1884,7 +1888,7 @@ do_initialize() { else f=$(find_file capabilities) - [ -f $f ] && . $f || fatal_error "The -e flag requires a capabilities file" + [ -f $f ] && . $f || startup_error "The -e flag requires a capabilities file" fi ADD_IP_ALIASES="$(added_param_value_yes ADD_IP_ALIASES $ADD_IP_ALIASES)" @@ -1900,7 +1904,7 @@ do_initialize() { [Oo][Nn]|[Oo][Ff][Ff]|[Kk][Ee][Ee][Pp]) ;; *) - fatal_error "Invalid value ($IP_FORWARDING) for IP_FORWARDING" + startup_error "Invalid value ($IP_FORWARDING) for IP_FORWARDING" ;; esac else @@ -1935,7 +1939,7 @@ do_initialize() { MACLIST_TARGET=RETURN ;; *) - fatal_error "Invalid value ($MACLIST_DISPOSITION) for MACLIST_DISPOSITION" + startup_error "Invalid value ($MACLIST_DISPOSITION) for MACLIST_DISPOSITION" ;; esac else @@ -1947,7 +1951,7 @@ do_initialize() { REJECT|ACCEPT|DROP) ;; *) - fatal_error "Invalid value ($TCP_FLAGS_DISPOSITION) for TCP_FLAGS_DISPOSITION" + startup_error "Invalid value ($TCP_FLAGS_DISPOSITION) for TCP_FLAGS_DISPOSITION" ;; esac else @@ -1965,16 +1969,16 @@ do_initialize() { LOGRULENUMBERS=Yes temp=$(printf "$LOGFORMAT" fooxx2barxx 1 ACCEPT 2> /dev/null) if [ $? -ne 0 ]; then - fatal_error "Invalid LOGFORMAT string: \"$LOGFORMAT\"" + startup_error "Invalid LOGFORMAT string: \"$LOGFORMAT\"" fi else temp=$(printf "$LOGFORMAT" fooxx2barxx ACCEPT 2> /dev/null) if [ $? -ne 0 ]; then - fatal_error "Invalid LOGFORMAT string: \"$LOGFORMAT\"" + startup_error "Invalid LOGFORMAT string: \"$LOGFORMAT\"" fi fi - [ ${#temp} -le 29 ] || fatal_error "LOGFORMAT string is longer than 29 characters: \"$LOGFORMAT\"" + [ ${#temp} -le 29 ] || startup_error "LOGFORMAT string is longer than 29 characters: \"$LOGFORMAT\"" MAXZONENAMELENGTH=$(( 5 + ( ( 29 - ${#temp}) / 2) )) MAXZONENAMELENGTH=${MAXZONENAMELENGTH%.*} @@ -1990,7 +1994,7 @@ do_initialize() { DYNAMIC_ZONES=$(added_param_value_no DYNAMIC_ZONES $DYNAMIC_ZONES) if [ -n "$DYNAMIC_ZONES" ]; then - [ -n "$EXPORT" ] && fatal_error "DYNAMIC_ZONES=Yes is incompatible with the -e option" + [ -n "$EXPORT" ] && startup_error "DYNAMIC_ZONES=Yes is incompatible with the -e option" lib_avail dynamiczones || error_message "WARNING: DYNAMIC_ZONES=Yes requires the Shorewall dynamiczones library (${SHAREDIR}/lib.dynamiczones) which is not installed" fi @@ -2012,15 +2016,15 @@ do_initialize() { [ -n "$XCONNMARK_MATCH" ] || XCONNMARK= [ -n "$XMARK" ] || XCONNMARK= - [ -n "$HIGH_ROUTE_MARKS" -a -z "$XCONNMARK" ] && fatal_error "HIGH_ROUTE_MARKS=Yes requires extended CONNMARK target, extended CONNMARK match support and extended MARK support" + [ -n "$HIGH_ROUTE_MARKS" -a -z "$XCONNMARK" ] && startup_error "HIGH_ROUTE_MARKS=Yes requires extended CONNMARK target, extended CONNMARK match support and extended MARK support" case ${MACLIST_TABLE:=filter} in filter) ;; mangle) - [ $MACLIST_DISPOSITION = reject ] && fatal_error "MACLIST_DISPOSITION=REJECT is not allowed with MACLIST_TABLE=mangle" + [ $MACLIST_DISPOSITION = reject ] && startup_error "MACLIST_DISPOSITION=REJECT is not allowed with MACLIST_TABLE=mangle" ;; *) - fatal_error "Invalid value ($MACLIST_TABLE) for MACLIST_TABLE option" + startup_error "Invalid value ($MACLIST_TABLE) for MACLIST_TABLE option" ;; esac @@ -2031,7 +2035,7 @@ do_initialize() { [Yy][Ee][Ss]) TC_ENABLED=Yes TC_SCRIPT=$(find_file tcstart) - [ -f $TC_SCRIPT ] || fatal_error "Unable to find tcstart file" + [ -f $TC_SCRIPT ] || startup_error "Unable to find tcstart file" ;; [Ii][Nn][Tt][Ee][Rr][Nn][Aa][Ll]) TC_ENABLED=Internal @@ -2045,7 +2049,7 @@ do_initialize() { fi if [ -n "$TC_ENABLED" ];then - [ -n "$MANGLE_ENABLED" ] || fatal_error "Traffic Shaping requires mangle support in your kernel and iptables" + [ -n "$MANGLE_ENABLED" ] || startup_error "Traffic Shaping requires mangle support in your kernel and iptables" fi [ "x${SHOREWALL_DIR}" = "x." ] && SHOREWALL_DIR="$PWD" @@ -2079,7 +2083,7 @@ do_initialize() { 0|1) ;; *) - fatal_error "Invalid OPTIMIZE value ($OPTIMIZE)" + startup_error "Invalid OPTIMIZE value ($OPTIMIZE)" ;; esac # @@ -2089,7 +2093,7 @@ do_initialize() { temp=$(decodeaddr 192.168.1.1) if [ $(encodeaddr $temp) != 192.168.1.1 ]; then - fatal_error "Shell $SHOREWALL_SHELL is broken and may not be used with Shorewall" + startup_error "Shell $SHOREWALL_SHELL is broken and may not be used with Shorewall" fi if [ -z "$KLUDGEFREE" ]; then @@ -2098,7 +2102,12 @@ do_initialize() { fi qt mywhich awk && HAVEAWK=Yes || HAVEAWK= - + # + # Pre-process all of the standard files + # + # Because 'strip_file()' does shell variable expansion, we must first determine the + # setting of $FW + # case ${IPSECFILE:=ipsec} in ipsec) [ -n "${FW:=fw}" ] @@ -2108,7 +2117,7 @@ do_initialize() { get_firewall_zone ;; *) - fatal_error "Invalid value ($IPSECFILE) for IPSECFILE option" + startup_error "Invalid value ($IPSECFILE) for IPSECFILE option" ;; esac @@ -2118,7 +2127,13 @@ do_initialize() { strip_file hosts if [ $PROGRAM = compiler ]; then - strip_file_and_lib_load accounting accounting + strip_file_and_lib_load accounting accounting + + if [ -n "$USE_ACTIONS" ]; then + strip_file actions + strip_file actions.std ${SHAREDIR}/actions.std + fi + strip_file blacklist strip_file ecn strip_file maclist @@ -2141,7 +2156,9 @@ do_initialize() { strip_file tos strip_file_and_lib_load tunnels tunnels fi - + # + # Clear $FW + # FW= } diff --git a/Shorewall/lib.providers b/Shorewall/lib.providers index 1880c506c..7d287f89a 100644 --- a/Shorewall/lib.providers +++ b/Shorewall/lib.providers @@ -393,21 +393,15 @@ __EOF__ __EOF__ done - f=$(find_file route_rules) + if [ -s $TMP_DIR/route_rules ]; then + progress_message2 "$DOING $(find_file route_rules)..." - if [ -f $f ]; then - strip_file route_rules $f + save_command - if [ -s $TMP_DIR/route_rules ]; then - progress_message2 "$DOING $f..." - - save_command - - while read source dest provider priority; do - rule="$source $dest $priority $provider" - add_an_rtrule - done < $TMP_DIR/route_rules - fi + while read source dest provider priority; do + rule="$source $dest $priority $provider" + add_an_rtrule + done < $TMP_DIR/route_rules fi fi diff --git a/Shorewall/lib.tunnels b/Shorewall/lib.tunnels index cd024b798..527a4b917 100644 --- a/Shorewall/lib.tunnels +++ b/Shorewall/lib.tunnels @@ -223,8 +223,6 @@ setup_tunnels() # $1 = name of tunnels file progress_message_and_save " GENERIC tunnel to $1:$p defined." } - strip_file tunnels $1 - while read kind z gateway z1; do tunnel="$(echo $kind $z $gateway $z1)" if validate_zone $z; then