holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Cosmetic and maintainability improvements:

Browse Source 
1. Export optimization masks from Shorewall::Chains for use in
   Shorewall::Compiler.
2. Move capability reporting and checkint from Shorewall::Compiler to
   Shorewall::Config.
3. Eliminate some gratuitous black lines.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-01-17 07:24:12 -08:00
parent 7060c1350f
commit ed3a623184
4 changed files with 34 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -100,6 +100,9 @@ our %EXPORT_TAGS = (
ALL_RESTRICT
ALL_COMMANDS
NOT_RESTORE
OPTIMIZE_POLICY_MASK
OPTIMIZE_RULESET_MASK
OPTIMIZE_MASK
state_imatch
initialize_chain_table
@ -347,6 +350,16 @@ my $ipset_rules;
#
use constant { ALL_COMMANDS => 1, NOT_RESTORE => 2 };
#
# Optimization masks
#
use constant {
OPTIMIZE_POLICY_MASK => 0x02 , # Call optimize_policy_chains()
OPTIMIZE_RULESET_MASK => 0x1C , # Call optimize_ruleset()
};
use constant { OPTIMIZE_MASK => OPTIMIZE_POLICY_MASK | OPTIMIZE_RULESET_MASK };
#
# These hashes hold the shell code to set shell variables. The key is the name of the variable; the value is the code to generate the variable's contents
#

32
Shorewall/Perl/Shorewall/Compiler.pm
View File

@ -490,13 +490,12 @@ EOF
setup_load_distribution;
setup_forwarding( $family , 0 );
emit<<"EOF";
run_refreshed_exit
do_iptables -N shorewall
set_state Started $config_dir
else
setup_netfilter
EOF
emit( ' run_refreshed_exit' ,
' do_iptables -N shorewall' ,
" set_state Started $config_dir" ,
' else' ,
' setup_netfilter' );
setup_load_distribution;
emit<<"EOF";
@ -623,14 +622,9 @@ sub compiler {
# S H O R E W A L L . C O N F A N D C A P A B I L I T I E S
#
get_configuration( $export , $update , $annotate );
report_capabilities unless $config{LOAD_HELPERS_ONLY};
require_capability( 'MULTIPORT' , "Shorewall $globals{VERSION}" , 's' );
require_capability( 'RECENT_MATCH' , 'MACLIST_TTL' , 's' ) if $config{MACLIST_TTL};
require_capability( 'XCONNMARK' , 'HIGH_ROUTE_MARKS=Yes' , 's' ) if $config{PROVIDER_OFFSET} > 0;
require_capability( 'MANGLE_ENABLED' , 'Traffic Shaping' , 's' ) if $config{TC_ENABLED};
#
# Create a temp file to hold the script
#
if ( $scriptfilename ) {
set_command( 'compile', 'Compiling', 'Compiled' );
create_temp_script( $scriptfilename , $export );
@ -639,7 +633,7 @@ sub compiler {
}
#
# Chain table initialization depends on shorewall.conf and capabilities. So it must be deferred until
# shorewall.conf has been processed and the capabilities have been determined.
# now when shorewall.conf has been processed and the capabilities have been determined.
#
initialize_chain_table(1);
#
@ -888,16 +882,16 @@ sub compiler {
optimize_level0;
if ( $config{OPTIMIZE} & 0x1E ) {
if ( $config{OPTIMIZE} & OPTIMIZE_MASK ) {
progress_message2 'Optimizing Ruleset...';
#
# Optimize Policy Chains
#
optimize_policy_chains if $config{OPTIMIZE} & 2;
optimize_policy_chains if $config{OPTIMIZE} & OPTIMIZE_POLICY_MASK;
#
# Ruleset Optimization
#
optimize_ruleset if $config{OPTIMIZE} & 0x1C;
optimize_ruleset if $config{OPTIMIZE} & OPTIMIZE_RULESET_MASK;
}
enable_script if $debug;

7
Shorewall/Perl/Shorewall/Config.pm
View File

@ -3982,6 +3982,13 @@ sub get_configuration( $$$ ) {
} else {
$config{LOCKFILE} = '';
}
report_capabilities unless $config{LOAD_HELPERS_ONLY};
require_capability( 'MULTIPORT' , "Shorewall $globals{VERSION}" , 's' );
require_capability( 'RECENT_MATCH' , 'MACLIST_TTL' , 's' ) if $config{MACLIST_TTL};
require_capability( 'XCONNMARK' , 'HIGH_ROUTE_MARKS=Yes' , 's' ) if $config{PROVIDER_OFFSET} > 0;
require_capability( 'MANGLE_ENABLED' , 'Traffic Shaping' , 's' ) if $config{TC_ENABLED};
}
#

2
Shorewall/Perl/Shorewall/Providers.pm
View File

@ -764,8 +764,6 @@ CEOF
emit qq(add_gateway "nexthop dev $physical $realm" ) . $tbl;
}
}
emit '';
} else {
$weight = 1;
}