holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Cosmetic and maintainability improvements:

Browse Source 
1. Export optimization masks from Shorewall::Chains for use in
   Shorewall::Compiler.
2. Move capability reporting and checkint from Shorewall::Compiler to
   Shorewall::Config.
3. Eliminate some gratuitous black lines.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-01-17 07:24:12 -08:00
parent 7060c1350f
commit ed3a623184
4 changed files with 34 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -100,6 +100,9 @@ our %EXPORT_TAGS = (
ALL_RESTRICT ALL_RESTRICT
ALL_COMMANDS ALL_COMMANDS
NOT_RESTORE NOT_RESTORE
OPTIMIZE_POLICY_MASK
OPTIMIZE_RULESET_MASK
OPTIMIZE_MASK
state_imatch state_imatch
initialize_chain_table initialize_chain_table
@ -347,6 +350,16 @@ my $ipset_rules;
# #
use constant { ALL_COMMANDS => 1, NOT_RESTORE => 2 }; use constant { ALL_COMMANDS => 1, NOT_RESTORE => 2 };
#
# Optimization masks
#
use constant {
OPTIMIZE_POLICY_MASK => 0x02 , # Call optimize_policy_chains()
OPTIMIZE_RULESET_MASK => 0x1C , # Call optimize_ruleset()
};
use constant { OPTIMIZE_MASK => OPTIMIZE_POLICY_MASK | OPTIMIZE_RULESET_MASK };
# #
# These hashes hold the shell code to set shell variables. The key is the name of the variable; the value is the code to generate the variable's contents # These hashes hold the shell code to set shell variables. The key is the name of the variable; the value is the code to generate the variable's contents
# #

32
Shorewall/Perl/Shorewall/Compiler.pm
View File

@ -490,13 +490,12 @@ EOF
setup_load_distribution; setup_load_distribution;
setup_forwarding( $family , 0 ); setup_forwarding( $family , 0 );
emit<<"EOF"; emit( ' run_refreshed_exit' ,
run_refreshed_exit ' do_iptables -N shorewall' ,
do_iptables -N shorewall " set_state Started $config_dir" ,
set_state Started $config_dir ' else' ,
else ' setup_netfilter' );
setup_netfilter
EOF
setup_load_distribution; setup_load_distribution;
emit<<"EOF"; emit<<"EOF";
@ -623,14 +622,9 @@ sub compiler {
# S H O R E W A L L . C O N F A N D C A P A B I L I T I E S # S H O R E W A L L . C O N F A N D C A P A B I L I T I E S
# #
get_configuration( $export , $update , $annotate ); get_configuration( $export , $update , $annotate );
#
report_capabilities unless $config{LOAD_HELPERS_ONLY}; # Create a temp file to hold the script
#
require_capability( 'MULTIPORT' , "Shorewall $globals{VERSION}" , 's' );
require_capability( 'RECENT_MATCH' , 'MACLIST_TTL' , 's' ) if $config{MACLIST_TTL};
require_capability( 'XCONNMARK' , 'HIGH_ROUTE_MARKS=Yes' , 's' ) if $config{PROVIDER_OFFSET} > 0;
require_capability( 'MANGLE_ENABLED' , 'Traffic Shaping' , 's' ) if $config{TC_ENABLED};
if ( $scriptfilename ) { if ( $scriptfilename ) {
set_command( 'compile', 'Compiling', 'Compiled' ); set_command( 'compile', 'Compiling', 'Compiled' );
create_temp_script( $scriptfilename , $export ); create_temp_script( $scriptfilename , $export );
@ -639,7 +633,7 @@ sub compiler {
} }
# #
# Chain table initialization depends on shorewall.conf and capabilities. So it must be deferred until # Chain table initialization depends on shorewall.conf and capabilities. So it must be deferred until
# shorewall.conf has been processed and the capabilities have been determined. # now when shorewall.conf has been processed and the capabilities have been determined.
# #
initialize_chain_table(1); initialize_chain_table(1);
# #
@ -888,16 +882,16 @@ sub compiler {
optimize_level0; optimize_level0;
if ( $config{OPTIMIZE} & 0x1E ) { if ( $config{OPTIMIZE} & OPTIMIZE_MASK ) {
progress_message2 'Optimizing Ruleset...'; progress_message2 'Optimizing Ruleset...';
# #
# Optimize Policy Chains # Optimize Policy Chains
# #
optimize_policy_chains if $config{OPTIMIZE} & 2; optimize_policy_chains if $config{OPTIMIZE} & OPTIMIZE_POLICY_MASK;
# #
# Ruleset Optimization # Ruleset Optimization
# #
optimize_ruleset if $config{OPTIMIZE} & 0x1C; optimize_ruleset if $config{OPTIMIZE} & OPTIMIZE_RULESET_MASK;
} }
enable_script if $debug; enable_script if $debug;

7
Shorewall/Perl/Shorewall/Config.pm
View File

@ -3982,6 +3982,13 @@ sub get_configuration( $$$ ) {
} else { } else {
$config{LOCKFILE} = ''; $config{LOCKFILE} = '';
} }
report_capabilities unless $config{LOAD_HELPERS_ONLY};
require_capability( 'MULTIPORT' , "Shorewall $globals{VERSION}" , 's' );
require_capability( 'RECENT_MATCH' , 'MACLIST_TTL' , 's' ) if $config{MACLIST_TTL};
require_capability( 'XCONNMARK' , 'HIGH_ROUTE_MARKS=Yes' , 's' ) if $config{PROVIDER_OFFSET} > 0;
require_capability( 'MANGLE_ENABLED' , 'Traffic Shaping' , 's' ) if $config{TC_ENABLED};
} }
# #

2
Shorewall/Perl/Shorewall/Providers.pm
View File

@ -764,8 +764,6 @@ CEOF
emit qq(add_gateway "nexthop dev $physical $realm" ) . $tbl; emit qq(add_gateway "nexthop dev $physical $realm" ) . $tbl;
} }
} }
emit '';
} else { } else {
$weight = 1; $weight = 1;
} }