forked from extern/shorewall_code
Don't do unref/loop detection when accounting file is sectioned
This commit is contained in:
parent
e9b2013f91
commit
b1abb3f554
@ -52,7 +52,7 @@ our $accounting_commands = { COMMENT => 0, SECTION => 2 };
|
|||||||
our $sectionname;
|
our $sectionname;
|
||||||
|
|
||||||
use constant {
|
use constant {
|
||||||
LEGACY => -1,
|
LEGACY => 0,
|
||||||
INPUT => 1,
|
INPUT => 1,
|
||||||
OUTPUT => 2,
|
OUTPUT => 2,
|
||||||
FORWARD => 3 };
|
FORWARD => 3 };
|
||||||
@ -68,7 +68,7 @@ sub initialize() {
|
|||||||
$jumpchainref = undef;
|
$jumpchainref = undef;
|
||||||
%tables = ();
|
%tables = ();
|
||||||
%accountingjumps = ();
|
%accountingjumps = ();
|
||||||
$asection = LEGACY;
|
$asection = -1;
|
||||||
$defaultchain = 'accounting';
|
$defaultchain = 'accounting';
|
||||||
$defaultrestriction = NO_RESTRICT;
|
$defaultrestriction = NO_RESTRICT;
|
||||||
$sectionname = '';
|
$sectionname = '';
|
||||||
@ -121,7 +121,7 @@ sub process_accounting_rule( ) {
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
$asection = 0 if $asection == LEGACY;
|
$asection = LEGACY if $asection < 0;
|
||||||
|
|
||||||
our $disposition = '';
|
our $disposition = '';
|
||||||
|
|
||||||
@ -277,6 +277,7 @@ sub process_accounting_rule( ) {
|
|||||||
|
|
||||||
if ( $jumpchainref ) {
|
if ( $jumpchainref ) {
|
||||||
if ( $asection ) {
|
if ( $asection ) {
|
||||||
|
fatal_error "Chain $chain jumps to itself" if $chainref eq $jumpchainref;
|
||||||
my $jumprestrict = $jumpchainref->{restriction} || $restriction;
|
my $jumprestrict = $jumpchainref->{restriction} || $restriction;
|
||||||
fatal_error "Chain $jumpchainref->{name} contains rules that are incompatible with the $sectionname section" if $restriction && $jumprestrict ne $restriction;
|
fatal_error "Chain $jumpchainref->{name} contains rules that are incompatible with the $sectionname section" if $restriction && $jumprestrict ne $restriction;
|
||||||
}
|
}
|
||||||
@ -389,31 +390,33 @@ sub setup_accounting() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
for ( accounting_chainrefs ) {
|
unless ( $asection ) {
|
||||||
warning_message "Accounting chain $_->{name} has no references" unless keys %{$_->{references}};
|
for ( accounting_chainrefs ) {
|
||||||
}
|
warning_message "Accounting chain $_->{name} has no references" unless keys %{$_->{references}};
|
||||||
|
|
||||||
if ( my $chainswithjumps = keys %accountingjumps ) {
|
|
||||||
my $progress = 1;
|
|
||||||
|
|
||||||
while ( $chainswithjumps && $progress ) {
|
|
||||||
$progress = 0;
|
|
||||||
for my $chain1 ( keys %accountingjumps ) {
|
|
||||||
if ( keys %{$accountingjumps{$chain1}} ) {
|
|
||||||
for my $chain2 ( keys %{$accountingjumps{$chain1}} ) {
|
|
||||||
delete $accountingjumps{$chain1}{$chain2}, $progress = 1 unless $accountingjumps{$chain2};
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
delete $accountingjumps{$chain1};
|
|
||||||
$chainswithjumps--;
|
|
||||||
$progress = 1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $chainswithjumps ) {
|
if ( my $chainswithjumps = keys %accountingjumps ) {
|
||||||
my @chainswithjumps = keys %accountingjumps;
|
my $progress = 1;
|
||||||
fatal_error "Jump loop involving the following chains: @chainswithjumps";
|
|
||||||
|
while ( $chainswithjumps && $progress ) {
|
||||||
|
$progress = 0;
|
||||||
|
for my $chain1 ( keys %accountingjumps ) {
|
||||||
|
if ( keys %{$accountingjumps{$chain1}} ) {
|
||||||
|
for my $chain2 ( keys %{$accountingjumps{$chain1}} ) {
|
||||||
|
delete $accountingjumps{$chain1}{$chain2}, $progress = 1 unless $accountingjumps{$chain2};
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
delete $accountingjumps{$chain1};
|
||||||
|
$chainswithjumps--;
|
||||||
|
$progress = 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( $chainswithjumps ) {
|
||||||
|
my @chainswithjumps = keys %accountingjumps;
|
||||||
|
fatal_error "Jump loop involving the following chains: @chainswithjumps";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user