forked from extern/shorewall_code
Unify TRACK_RULES settings implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
6ef136a546
commit
866cb04cbb
@ -919,7 +919,7 @@ sub set_rule_option( $$$ ) {
|
|||||||
|
|
||||||
sub transform_rule( $;\$ ) {
|
sub transform_rule( $;\$ ) {
|
||||||
my ( $input, $completeref ) = @_;
|
my ( $input, $completeref ) = @_;
|
||||||
my $ruleref = { mode => CAT_MODE, matches => [], target => '' , origin => shortlineinfo1( '' ) };
|
my $ruleref = { mode => CAT_MODE, matches => [], target => '' , origin => shortlineinfo( '' ) };
|
||||||
my $simple = 1;
|
my $simple = 1;
|
||||||
my $target = '';
|
my $target = '';
|
||||||
my $jump = '';
|
my $jump = '';
|
||||||
@ -1243,6 +1243,19 @@ sub add_commands ( $$;@ ) {
|
|||||||
$chainref->{optflags} |= ( DONT_OPTIMIZE | DONT_MOVE );
|
$chainref->{optflags} |= ( DONT_OPTIMIZE | DONT_MOVE );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sub set_rule_comment( $$ ) {
|
||||||
|
my ( $chainref, $ruleref ) = @_;
|
||||||
|
|
||||||
|
if ( $config{TRACK_RULES} eq 'Yes' && ( $ruleref->{origin} ||= $chainref->{origin} ) ) {
|
||||||
|
if ( length( my $origin = join( ' ', '@@@' , $ruleref->{origin}, '@@@' ) ) <= 255 ) {
|
||||||
|
$ruleref->{comment} = $origin;
|
||||||
|
} else {
|
||||||
|
$ruleref->{comment} = $comment;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
$ruleref->{comment} = $comment;
|
||||||
|
}
|
||||||
|
}
|
||||||
#
|
#
|
||||||
# Transform the passed rule and add it to the end of the passed chain's rule list.
|
# Transform the passed rule and add it to the end of the passed chain's rule list.
|
||||||
#
|
#
|
||||||
@ -1254,7 +1267,8 @@ sub push_rule( $$ ) {
|
|||||||
my $complete = 0;
|
my $complete = 0;
|
||||||
my $ruleref = transform_rule( $_[1], $complete );
|
my $ruleref = transform_rule( $_[1], $complete );
|
||||||
|
|
||||||
$ruleref->{comment} = shortlineinfo($chainref->{origin}) || $comment;
|
set_rule_comment( $chainref, $ruleref );
|
||||||
|
|
||||||
$ruleref->{mode} = CMD_MODE if $ruleref->{cmdlevel} = $chainref->{cmdlevel};
|
$ruleref->{mode} = CMD_MODE if $ruleref->{cmdlevel} = $chainref->{cmdlevel};
|
||||||
|
|
||||||
push @{$chainref->{rules}}, $ruleref;
|
push @{$chainref->{rules}}, $ruleref;
|
||||||
@ -1475,7 +1489,7 @@ sub create_irule( $$$;@ ) {
|
|||||||
|
|
||||||
( $target, my $targetopts ) = split ' ', $target, 2;
|
( $target, my $targetopts ) = split ' ', $target, 2;
|
||||||
|
|
||||||
my $ruleref = { matches => [] , origin => shortlineinfo1( '' ) };
|
my $ruleref = { matches => [] , origin => shortlineinfo( '' ) };
|
||||||
|
|
||||||
$ruleref->{mode} = ( $ruleref->{cmdlevel} = $chainref->{cmdlevel} ) ? CMD_MODE : CAT_MODE;
|
$ruleref->{mode} = ( $ruleref->{cmdlevel} = $chainref->{cmdlevel} ) ? CMD_MODE : CAT_MODE;
|
||||||
|
|
||||||
@ -1488,7 +1502,7 @@ sub create_irule( $$$;@ ) {
|
|||||||
$ruleref->{target} = '';
|
$ruleref->{target} = '';
|
||||||
}
|
}
|
||||||
|
|
||||||
$ruleref->{comment} = shortlineinfo($chainref->{origin}) || $ruleref->{comment} || $comment;
|
set_rule_comment( $chainref, $ruleref );
|
||||||
|
|
||||||
$iprangematch = 0;
|
$iprangematch = 0;
|
||||||
|
|
||||||
@ -1644,7 +1658,7 @@ sub insert_rule1($$$)
|
|||||||
|
|
||||||
my $ruleref = transform_rule( $rule );
|
my $ruleref = transform_rule( $rule );
|
||||||
|
|
||||||
$ruleref->{comment} = shortlineinfo($chainref->{origin}) || $comment;
|
set_rule_comment( $chainref, $ruleref );
|
||||||
|
|
||||||
assert( ! ( $ruleref->{cmdlevel} = $chainref->{cmdlevel}) , $chainref->{name} );
|
assert( ! ( $ruleref->{cmdlevel} = $chainref->{cmdlevel}) , $chainref->{name} );
|
||||||
$ruleref->{mode} = CAT_MODE;
|
$ruleref->{mode} = CAT_MODE;
|
||||||
@ -1670,7 +1684,7 @@ sub insert_irule( $$$$;@ ) {
|
|||||||
my ( $chainref, $jump, $target, $number, @matches ) = @_;
|
my ( $chainref, $jump, $target, $number, @matches ) = @_;
|
||||||
|
|
||||||
my $rulesref = $chainref->{rules};
|
my $rulesref = $chainref->{rules};
|
||||||
my $ruleref = { origin => shortlineinfo1( '' ) };
|
my $ruleref = { origin => shortlineinfo( '' ) };
|
||||||
|
|
||||||
$ruleref->{mode} = ( $ruleref->{cmdlevel} = $chainref->{cmdlevel} ) ? CMD_MODE : CAT_MODE;
|
$ruleref->{mode} = ( $ruleref->{cmdlevel} = $chainref->{cmdlevel} ) ? CMD_MODE : CAT_MODE;
|
||||||
|
|
||||||
@ -1686,8 +1700,7 @@ sub insert_irule( $$$$;@ ) {
|
|||||||
$chainref->{optflags} |= push_matches( $ruleref, @matches );
|
$chainref->{optflags} |= push_matches( $ruleref, @matches );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
set_rule_comment( $chainref, $ruleref );
|
||||||
$ruleref->{comment} = shortlineinfo( $chainref->{origin} ) || $ruleref->{comment} || $comment;
|
|
||||||
|
|
||||||
if ( $number >= @$rulesref ) {
|
if ( $number >= @$rulesref ) {
|
||||||
#
|
#
|
||||||
@ -2302,7 +2315,7 @@ sub new_chain($$)
|
|||||||
references => {},
|
references => {},
|
||||||
filtered => 0,
|
filtered => 0,
|
||||||
optflags => 0,
|
optflags => 0,
|
||||||
origin => shortlineinfo1( '' ) || shortlineinfo( '' ),
|
origin => shortlineinfo( '' ),
|
||||||
};
|
};
|
||||||
|
|
||||||
trace( $chainref, 'N', undef, '' ) if $debug;
|
trace( $chainref, 'N', undef, '' ) if $debug;
|
||||||
@ -7931,7 +7944,7 @@ sub emitr( $$ ) {
|
|||||||
#
|
#
|
||||||
enter_cat_mode unless $mode == CAT_MODE;
|
enter_cat_mode unless $mode == CAT_MODE;
|
||||||
|
|
||||||
if ( my $origin = $ruleref->{origin} ) {
|
if ( ( my $origin = $ruleref->{origin} ) && $config{TRACK_RULES} eq 'file' ) {
|
||||||
emit_unindented '# ' . $origin;
|
emit_unindented '# ' . $origin;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -52,8 +52,6 @@ our @EXPORT = qw(
|
|||||||
assert
|
assert
|
||||||
currentlineinfo
|
currentlineinfo
|
||||||
shortlineinfo
|
shortlineinfo
|
||||||
shortlineinfo1
|
|
||||||
shortlineinfo2
|
|
||||||
clear_currentfilename
|
clear_currentfilename
|
||||||
validate_level
|
validate_level
|
||||||
|
|
||||||
@ -1211,24 +1209,8 @@ sub shortlineinfo2() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
sub shortlineinfo1( $ ) {
|
|
||||||
$globals{TRACK_RULES} ? $currentfile ? shortlineinfo2 : $_[0] || '' : '';
|
|
||||||
}
|
|
||||||
|
|
||||||
sub shortlineinfo( $ ) {
|
sub shortlineinfo( $ ) {
|
||||||
if ( $config{TRACK_RULES} ) {
|
( $config{TRACK_RULES} ? shortlineinfo2 || $_[0] : $_[0] ) || '';
|
||||||
if ( $currentfile ) {
|
|
||||||
my $comment = '@@@ '. join( ':', $currentfilename, $currentlinenumber ) . ' @@@';
|
|
||||||
$comment = '@@@ ' . join( ':' , basename($currentfilename), $currentlinenumber) . ' @@@' if length $comment > 255;
|
|
||||||
$comment = '@@@ Filename Too Long @@@' if length $comment > 255;
|
|
||||||
$comment;
|
|
||||||
} else {
|
|
||||||
#
|
|
||||||
# Alternate lineinfo may have been passed
|
|
||||||
#
|
|
||||||
$_[0] || ''
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
sub handle_first_entry();
|
sub handle_first_entry();
|
||||||
@ -5838,15 +5820,11 @@ sub get_configuration( $$$$ ) {
|
|||||||
default_yes_no 'CHAIN_SCRIPTS' , 'Yes';
|
default_yes_no 'CHAIN_SCRIPTS' , 'Yes';
|
||||||
|
|
||||||
if ( supplied ( $val = $config{TRACK_RULES} ) ) {
|
if ( supplied ( $val = $config{TRACK_RULES} ) ) {
|
||||||
if ( lc( $val ) eq 'file' ) {
|
if ( lc( $val ) ne 'file' ) {
|
||||||
$globals{TRACK_RULES} = 'Yes';
|
|
||||||
$config{TRACK_RULES} = '';
|
|
||||||
} else {
|
|
||||||
default_yes_no 'TRACK_RULES' , '';
|
default_yes_no 'TRACK_RULES' , '';
|
||||||
$globals{TRACK_RULES} = '';
|
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
default_yes_no 'TRACK_RULES' , '';
|
$config{TRACK_RULES} = '';
|
||||||
}
|
}
|
||||||
|
|
||||||
%origin = () unless $globals{TRACK_RULES};
|
%origin = () unless $globals{TRACK_RULES};
|
||||||
@ -5872,7 +5850,7 @@ sub get_configuration( $$$$ ) {
|
|||||||
$config{REJECT_ACTION} = '';
|
$config{REJECT_ACTION} = '';
|
||||||
}
|
}
|
||||||
|
|
||||||
require_capability 'COMMENTS', 'TRACK_RULES=Yes', 's' if $config{TRACK_RULES};
|
require_capability 'COMMENTS', 'TRACK_RULES=Yes', 's' if $config{TRACK_RULES} eq 'Yes';
|
||||||
|
|
||||||
default_yes_no 'MANGLE_ENABLED' , have_capability( 'MANGLE_ENABLED' ) ? 'Yes' : '';
|
default_yes_no 'MANGLE_ENABLED' , have_capability( 'MANGLE_ENABLED' ) ? 'Yes' : '';
|
||||||
default_yes_no 'USE_DEFAULT_RT' , '';
|
default_yes_no 'USE_DEFAULT_RT' , '';
|
||||||
|
|||||||
@ -894,7 +894,7 @@ sub add_group_to_zone($$$$$$)
|
|||||||
hosts => \@newnetworks,
|
hosts => \@newnetworks,
|
||||||
ipsec => $type & IPSEC ? 'ipsec' : 'none' ,
|
ipsec => $type & IPSEC ? 'ipsec' : 'none' ,
|
||||||
exclusions => \@exclusions ,
|
exclusions => \@exclusions ,
|
||||||
origin => shortlineinfo1( '' ) ,
|
origin => shortlineinfo( '' ) ,
|
||||||
};
|
};
|
||||||
|
|
||||||
if ( $type != IPSEC ) {
|
if ( $type != IPSEC ) {
|
||||||
@ -1397,7 +1397,7 @@ sub process_interface( $$ ) {
|
|||||||
physical => $physical ,
|
physical => $physical ,
|
||||||
base => var_base( $physical ),
|
base => var_base( $physical ),
|
||||||
zones => {},
|
zones => {},
|
||||||
origin => shortlineinfo1('') || shortlineinfo( '' ),
|
origin => shortlineinfo(''),
|
||||||
wildcard => $wildcard,
|
wildcard => $wildcard,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user