From b6a1a7d5388ae647da1e0518911329c939107974 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Fri, 23 Nov 2012 08:14:24 -0800
Subject: [PATCH] Make NFLOG and ULOG built-ins.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Macros/macro.NFLOG       | 13 -------------
 Shorewall/Macros/macro.ULOG        | 13 -------------
 Shorewall/Perl/Shorewall/Chains.pm |  6 ++++++
 Shorewall/Perl/Shorewall/Rules.pm  | 18 +++++++-----------
 4 files changed, 13 insertions(+), 37 deletions(-)
 delete mode 100644 Shorewall/Macros/macro.NFLOG
 delete mode 100644 Shorewall/Macros/macro.ULOG

diff --git a/Shorewall/Macros/macro.NFLOG b/Shorewall/Macros/macro.NFLOG
deleted file mode 100644
index deb25c855..000000000
--- a/Shorewall/Macros/macro.NFLOG
+++ /dev/null
@@ -1,13 +0,0 @@
-#
-# Shorewall version 4 - NFLOG Macro
-#
-# /usr/share/shorewall/macro.NFLOG
-#
-#	This macro handles the NFLOG Target.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-
-FORMAT 2
-LOG:&
diff --git a/Shorewall/Macros/macro.ULOG b/Shorewall/Macros/macro.ULOG
deleted file mode 100644
index e79379755..000000000
--- a/Shorewall/Macros/macro.ULOG
+++ /dev/null
@@ -1,13 +0,0 @@
-#
-# Shorewall version 4 - ULOG Macro
-#
-# /usr/share/shorewall/macro.ULOG
-#
-#	This macro handles the ULOG Target.
-#
-###############################################################################
-#ACTION	SOURCE	DEST	PROTO	DEST	SOURCE	RATE	USER/
-#				PORT(S)	PORT(S)	LIMIT	GROUP
-
-FORMAT 2
-LOG:&
diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index eef62cd75..e543690dd 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -98,6 +98,7 @@ our %EXPORT_TAGS = (
 				       ACTION
 				       MACRO
 				       LOGRULE
+				       NFLOG
 				       NFQ
 				       CHAIN
 				       SET
@@ -357,6 +358,7 @@ use constant { STANDARD => 1,              #defined by Netfilter
 	       SET      => 2048,           #SET
 	       AUDIT    => 4096,           #A_ACCEPT, etc
 	       HELPER   => 8192,           #CT:helper
+	       NFLOG    => 16384,          #NFLOG or ULOG
 	   };
 #
 # Valid Targets -- value is a combination of one or more of the above
@@ -2484,8 +2486,10 @@ sub initialize_chain_table($) {
 		    'COUNT'           => STANDARD,
 		    'QUEUE'           => STANDARD,
 		    'QUEUE!'          => STANDARD,
+		    'NFLOG'           => STANDARD + LOGRULE + NFLOG,
 		    'NFQUEUE'         => STANDARD + NFQ,
 		    'NFQUEUE!'        => STANDARD + NFQ,
+		    'ULOG'            => STANDARD + LOGRULE + NFLOG,
 		    'ADD'             => STANDARD + SET,
 		    'DEL'             => STANDARD + SET,
 		    'WHITELIST'       => STANDARD,
@@ -2537,8 +2541,10 @@ sub initialize_chain_table($) {
 		    'COUNT'           => STANDARD,
 		    'QUEUE'           => STANDARD,
 		    'QUEUE!'          => STANDARD,
+		    'NFLOG'           => STANDARD + LOGRULE + NFLOG,
 		    'NFQUEUE'         => STANDARD + NFQ,
 		    'NFQUEUE!'        => STANDARD + NFQ,
+		    'ULOG'            => STANDARD + LOGRULE + NFLOG,
 		    'ADD'             => STANDARD + SET,
 		    'DEL'             => STANDARD + SET,
 		    'HELPER'          => STANDARD + HELPER + NATONLY, #Actually RAWONLY
diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 80b2fad68..806def39c 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -1127,7 +1127,7 @@ sub merge_levels ($$) {
     my $tag      = $supparts[2];
 
     if ( @supparts == 3 ) {
-	return $subordinate           if $target =~ /^(?:NFLOG|ULOG)\b/ || $sublevel =~ /^(?:NFLOG|ULOG)\b/;
+	return $subordinate           if $target =~ /^(?:NFLOG|ULOG)\b/;
 	return "$target:none!:$tag"   if $level eq 'none!';
 	return "$target:$level:$tag"  if $level =~ /!$/;
 	return $subordinate           if $subparts >= 2;
@@ -1135,7 +1135,7 @@ sub merge_levels ($$) {
     }
 
     if ( @supparts == 2 ) {
-	return $subordinate           if $target =~ /^(?:NFLOG|ULOG)\b/|| $sublevel =~ /^(?:NFLOG|ULOG)\b/;
+	return $subordinate           if $target =~ /^(?:NFLOG|ULOG)\b/;
 	return "$target:none!"        if $level eq 'none!';
 	return "$target:$level"       if ($level =~ /!$/) || ($subparts < 2);
     }
@@ -1658,14 +1658,6 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$) {
 	    $mtarget = substitute_param $param,  $mtarget;
 	}
 
-	if ( $mtarget =~ s/&$// ) {
-	    if ( supplied $param ) {
-		$mtarget = "${mtarget}${macro}($param)";
-	    } else {
-		$mtarget = "${mtarget}${macro}";
-	    }
-	}   
-
 	my $action = isolate_basic_target $mtarget;
 
 	fatal_error "Invalid or missing ACTION ($mtarget)" unless defined $action;
@@ -1845,6 +1837,10 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$ ) {
 	require_capability ( 'AUDIT_TARGET', 'The AUDIT action', 's' );
 	$param = $param eq '' ? 'drop' : $param;
 	fatal_error "Invalid AUDIT type ($param) -- must be 'accept', 'drop' or 'reject'" unless $param =~ /^(?:accept|drop|reject)$/;
+    } elsif ( $actiontype & NFLOG ) {
+	fatal_error "$basictarget does not allow a log level" if $loglevel;
+	validate_level( $action );
+	$action = join( ':', 'LOG', $action );
     } else {
 	fatal_error "The $basictarget TARGET does not accept a parameter" unless $param eq '';
     }
@@ -1900,7 +1896,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$ ) {
     #
     my $log_action = $action;
 
-    unless ( $actiontype & ( ACTION | MACRO | NFQ | CHAIN ) ) {
+    unless ( $actiontype & ( ACTION | MACRO | NFLOG | NFQ | CHAIN ) ) {
 	my $bt = $basictarget;
 
 	$bt =~ s/[-+!]$//;