From f69be4124c85f5959074da64eb3622752815b8d2 Mon Sep 17 00:00:00 2001 From: teastep Date: Fri, 30 Mar 2007 15:57:08 +0000 Subject: [PATCH] Unify file-related progress messages git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5759 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- New/Shorewall/Accounting.pm | 9 ++++- New/Shorewall/Config.pm | 8 +++- New/Shorewall/Hosts.pm | 4 +- New/Shorewall/Interfaces.pm | 9 ++++- New/Shorewall/Nat.pm | 12 +++--- New/Shorewall/Policy.pm | 11 ++++-- New/Shorewall/Providers.pm | 17 ++++---- New/Shorewall/Proxyarp.pm | 10 ++++- New/Shorewall/Rules.pm | 77 +++++++++++++++++++++++++------------ New/Shorewall/Tc.pm | 23 ++++------- New/Shorewall/Tunnels.pm | 4 +- New/Shorewall/Zones.pm | 9 ++++- New/compiler.pl | 6 --- 13 files changed, 128 insertions(+), 71 deletions(-) diff --git a/New/Shorewall/Accounting.pm b/New/Shorewall/Accounting.pm index 7ec54e263..bfed42e1b 100644 --- a/New/Shorewall/Accounting.pm +++ b/New/Shorewall/Accounting.pm @@ -110,12 +110,19 @@ sub process_accounting_rule( $$$$$$$$ ) { sub setup_accounting() { - open_file 'accounting'; + my $first_entry = 1; + + my $fn = open_file 'accounting'; while ( read_a_line ) { my ( $action, $chain, $source, $dest, $proto, $ports, $sports, $user ) = split_line 8, 'Accounting File'; + if ( $first_entry ) { + progress_message2 "$doing $fn..."; + $first_entry = 0; + } + process_accounting_rule $action, $chain, $source, $dest, $proto, $ports, $sports, $user; } diff --git a/New/Shorewall/Config.pm b/New/Shorewall/Config.pm index f323ac75d..091f6fa27 100644 --- a/New/Shorewall/Config.pm +++ b/New/Shorewall/Config.pm @@ -304,7 +304,9 @@ sub expand_shell_variables( $ ) { } # -# Open a file, setting $currentfile. +# Open a file, setting $currentfile. Returns the absolute pathname if the file +# exists, is non-empty and was successfully opened. Terminates with a fatal error +# if the file exists, is non-empty, but the open fails. # sub open_file( $ ) { my $fname = find_file $_[0]; @@ -352,7 +354,8 @@ sub pop_open() { # - Ignore blank or comment-only lines. # - Remove trailing comments. # - Compress out extra whitespace. -# - Handle Line Continuation +# - Handle Line Continuation (We don't continue comment lines, thus avoiding user frustration +# when the last line of a comment inadvertently ends with '\'). # - Expand shell variables from $ENV. # - Handle INCLUDE # @@ -363,6 +366,7 @@ sub read_a_line { $line = ''; while ( my $nextline = <$currentfile> ) { + $currentlinenumber++; next if $nextline =~ /^\s*#/; next if $nextline =~ /^\s*$/; diff --git a/New/Shorewall/Hosts.pm b/New/Shorewall/Hosts.pm index c4509f917..945fe9c97 100644 --- a/New/Shorewall/Hosts.pm +++ b/New/Shorewall/Hosts.pm @@ -53,14 +53,14 @@ sub validate_hosts_file() my $ipsec = 0; my $first_entry = 1; - open_file 'hosts'; + my $fn = open_file 'hosts'; while ( read_a_line ) { my ($zone, $hosts, $options ) = split_line 3, 'hosts file'; if ( $first_entry ) { - progress_message2 "Validating hosts file..."; + progress_message2 "$doing $fn..."; $first_entry = 0; } diff --git a/New/Shorewall/Interfaces.pm b/New/Shorewall/Interfaces.pm index df29ff0f6..ec6e83e8b 100644 --- a/New/Shorewall/Interfaces.pm +++ b/New/Shorewall/Interfaces.pm @@ -132,13 +132,20 @@ sub validate_interfaces_file() upnp => 1, ); - open_file 'interfaces'; + my $fn = open_file 'interfaces'; + + my $first_entry = 1; while ( read_a_line ) { my ($zone, $interface, $networks, $options ) = split_line 4, 'interfaces file'; my $zoneref; + if ( $first_entry ) { + progress_message2 "$doing $fn..."; + $first_entry = 0; + } + if ( $zone eq '-' ) { $zone = ''; } else { diff --git a/New/Shorewall/Nat.pm b/New/Shorewall/Nat.pm index 392d85c27..8547be4a9 100644 --- a/New/Shorewall/Nat.pm +++ b/New/Shorewall/Nat.pm @@ -240,14 +240,14 @@ sub setup_masq() { my $first_entry = 1; - open_file 'masq'; + my $fn = open_file 'masq'; while ( read_a_line ) { my ($fullinterface, $networks, $addresses, $proto, $ports, $ipsec) = split_line 6, 'masq file'; if ( $first_entry ) { - progress_message2 "$doing Masq file..."; + progress_message2 "$doing $fn..."; require_capability( 'NAT_ENABLED' , 'a non-empty masq file' ); $first_entry = 0; } @@ -354,14 +354,14 @@ sub setup_nat() { my $first_entry = 1; - open_file 'nat'; + my $fn = open_file 'nat'; while ( read_a_line ) { my ( $external, $interface, $internal, $allints, $localnat ) = split_line 5, 'nat file'; if ( $first_entry ) { - progress_message2 "$doing one-to-one NAT..."; + progress_message2 "$doing $fn..."; require_capability( 'NAT_ENABLED' , 'a non-empty nat file' ); $first_entry = 0; } @@ -389,14 +389,14 @@ sub setup_netmap() { my $first_entry = 1; - open_file 'netmap'; + my $fn = open_file 'netmap'; while ( read_a_line ) { my ( $type, $net1, $interface, $net2 ) = split_line 4, 'netmap file'; if ( $first_entry ) { - progress_message2 "$doing NETMAP..."; + progress_message2 "$doing $fn..."; require_capability( 'NAT_ENABLED' , 'a non-empty netmap file' ); $first_entry = 0; } diff --git a/New/Shorewall/Policy.pm b/New/Shorewall/Policy.pm index 9617233b8..d4c41e697 100644 --- a/New/Shorewall/Policy.pm +++ b/New/Shorewall/Policy.pm @@ -128,14 +128,19 @@ sub validate_policy() } } - open_file 'policy'; + my $fn = open_file 'policy'; + + my $first_entry = 1; while ( read_a_line ) { my ( $client, $server, $policy, $loglevel, $synparams ) = split_line 5, 'policy file'; - $loglevel = '' unless defined $loglevel; - $synparams = '' unless defined $synparams; + if ( $first_entry ) { + progress_message2 "$doing $fn..."; + $first_entry = 0; + } + $loglevel = '' if $loglevel eq '-'; $synparams = '' if $synparams eq '-'; diff --git a/New/Shorewall/Providers.pm b/New/Shorewall/Providers.pm index a963841cd..514d3834f 100644 --- a/New/Shorewall/Providers.pm +++ b/New/Shorewall/Providers.pm @@ -79,7 +79,6 @@ sub setup_route_marking() { } sub setup_providers() { - my $fn = find_file 'providers'; my $providers = 0; sub copy_table( $$ ) { @@ -344,7 +343,7 @@ sub setup_providers() { # # Setup_Providers() Starts Here.... # - open_file $fn; + my $fn = open_file 'providers'; while ( read_a_line ) { unless ( $providers ) { @@ -427,17 +426,21 @@ sub setup_providers() { emit "\$echocommand \"$providers{$table}{number}\\t$table\" >> /etc/iproute2/rt_tables"; } - my $fn = find_file 'route_rules'; + my $fn = open_file 'route_rules'; - if ( -f $fn ) { - progress_message2 "$doing $fn..."; + if ( $fn ) { + + my $first_entry = 0; emit ''; - open_file $fn; - while ( read_a_line ) { + if ( $first_entry ) { + progress_message2 "$doing $fn..."; + $first_entry = 0; + } + my ( $source, $dest, $provider, $priority ) = split_line 4, 'route_rules file'; add_an_rtrule( $source, $dest, $provider , $priority ); diff --git a/New/Shorewall/Proxyarp.pm b/New/Shorewall/Proxyarp.pm index 9a90294c0..d01027a0b 100644 --- a/New/Shorewall/Proxyarp.pm +++ b/New/Shorewall/Proxyarp.pm @@ -81,8 +81,11 @@ progress_message \" Host $address connected to $interface added to ARP on $ext sub setup_proxy_arp() { my $interfaces= find_interfaces_by_option 'proxyarp'; + my $fn = open_file 'proxyarp'; - if ( @$interfaces || open_file 'proxyarp' ) { + if ( @$interfaces || $fn ) { + + my $first_entry = 1; save_progress_message "Setting up Proxy ARP..."; @@ -92,6 +95,11 @@ sub setup_proxy_arp() { my ( $address, $interface, $external, $haveroute, $persistent ) = split_line 5, 'proxyarp file'; + if ( $first_entry ) { + progress_message2 "$doing $fn..."; + $first_entry = 0; + } + $set{$interface} = 1; $reset{$external} = 1 unless $set{$external}; diff --git a/New/Shorewall/Rules.pm b/New/Shorewall/Rules.pm index aa0acf6ba..d9da3eaa3 100644 --- a/New/Shorewall/Rules.pm +++ b/New/Shorewall/Rules.pm @@ -64,7 +64,7 @@ sub process_tos() { my $chain = $capabilities{MANGLE_FORWARD} ? 'fortos' : 'pretos'; my $stdchain = $capabilities{MANGLE_FORWARD} ? 'FORWARD' : 'PREROUTING'; - if ( open_file 'tos' ) { + if ( my $fn = open_file 'tos' ) { my $first_entry = 1; my ( $pretosref, $outtosref ); @@ -74,7 +74,7 @@ sub process_tos() { my ($src, $dst, $proto, $sports, $ports , $tos ) = split_line 6, 'tos file'; if ( $first_entry ) { - progress_message2 'Setting up TOS...'; + progress_message2 "$doing $fn..."; $pretosref = ensure_chain 'mangle' , $chain; $outtosref = ensure_chain 'mangle' , 'outtos'; $first_entry = 0; @@ -127,14 +127,19 @@ sub setup_ecn() my %interfaces; my @hosts; - if ( open_file 'ecn' ) { - - progress_message2 join( '' , "$doing ", find_file( 'ecn' ), '...' ); + if ( my $fn = open_file 'ecn' ) { + + my $first_entry = 1; while ( read_a_line ) { my ($interface, $hosts ) = split_line 2, 'ecn file'; + if ( $first_entry ) { + progress_message2 "$doing $fn..."; + $first_entry = 0; + } + fatal_error "Unknown interface ( $interface )" unless known_interface $interface; $interfaces{$interface} = 1; @@ -189,7 +194,9 @@ sub setup_rfc1918_filteration( $ ) { $chainref = new_standard_chain 'rfc1918d' if $config{RFC1918_STRICT}; - open_file 'rfc1918'; + my $fn = open_file 'rfc1918'; + + my $first_entry = 1; while ( read_a_line ) { @@ -197,6 +204,11 @@ sub setup_rfc1918_filteration( $ ) { my $s_target; + if ( $first_entry ) { + progress_message2 "$doing $fn..."; + $first_entry = 0; + } + if ( $target eq 'logdrop' ) { $target = 'rfc1918'; $s_target = 'rfc1918'; @@ -249,8 +261,6 @@ sub setup_blacklist() { my ( $level, $disposition ) = @config{'BLACKLIST_LOGLEVEL', 'BLACKLIST_DISPOSITION' }; - progress_message2 " Setting up Blacklist..."; - new_standard_chain 'blacklst'; my $target = $disposition eq 'REJECT' ? 'reject' : $disposition; @@ -265,14 +275,19 @@ sub setup_blacklist() { $target = 'blacklog'; } - if ( open_file 'blacklist' ) { + if ( my $fn = open_file 'blacklist' ) { - progress_message( join( '', ' Processing ', find_file( 'blacklist' ), '...' ) ); + my $first_entry = 1; while ( read_a_line ) { my ( $networks, $protocol, $ports ) = split_line 3, 'blacklist file'; + if ( $first_entry ) { + progress_message2 "$doing $fn..."; + $first_entry = 0; + } + expand_rule ensure_filter_chain( 'blacklst' , 0 ) , NO_RESTRICT , @@ -348,12 +363,11 @@ sub process_criticalhosts() { sub process_routestopped() { - my $fn = find_file 'routestopped'; my ( @allhosts, %source, %dest ); - progress_message2 "$doing $fn..."; + my $fn = open_file 'routestopped'; - open_file $fn; + my $first_entry = 1; while ( read_a_line ) { @@ -361,6 +375,11 @@ sub process_routestopped() { my ($interface, $hosts, $options ) = split_line 3, 'routestopped file'; + if ( $first_entry ) { + progress_message2 "$doing $fn..."; + $first_entry = 0; + } + $hosts = ALLIPv4 unless $hosts && $hosts ne '-'; my @hosts; @@ -478,7 +497,7 @@ sub add_common_rules() { } if ( @$list ) { - progress_message2 ' Adding Anti-smurf Rules'; + progress_message2 'Adding Anti-smurf Rules'; for my $hostref ( @$list ) { $interface = $hostref->[0]; my $ipsec = $hostref->[1]; @@ -502,7 +521,7 @@ sub add_common_rules() { $list = find_interfaces_by_option 'dhcp'; if ( @$list ) { - progress_message2 ' Adding rules for DHCP'; + progress_message2 'Adding rules for DHCP'; for $interface ( @$list ) { for $chain ( @{first_chains $interface}) { @@ -515,18 +534,14 @@ sub add_common_rules() { $list = find_hosts_by_option 'norfc1918'; - if ( @$list ) { - progress_message2 ' Enabling RFC1918 Filtering'; - - setup_rfc1918_filteration $list; - } + setup_rfc1918_filteration $list if @$list; $list = find_hosts_by_option 'tcpflags'; if ( @$list ) { my $disposition; - progress_message2 " $doing TCP Flags filtering..."; + progress_message2 "$doing TCP Flags filtering..."; $chainref = new_standard_chain 'tcpflags'; @@ -585,7 +600,7 @@ sub add_common_rules() { $list = find_interfaces_by_option 'upnp'; if ( @$list ) { - progress_message2 ' $doing UPnP'; + progress_message2 '$doing UPnP'; (new_chain 'nat', 'UPnP')->{referenced} = 1; @@ -639,12 +654,19 @@ sub setup_mac_lists( $ ) { } } - open_file 'maclist'; + my $fn = open_file 'maclist'; + + my $first_entry = 1; while ( read_a_line ) { my ( $disposition, $interface, $mac, $addresses ) = split_line 4, 'maclist file'; + if ( $first_entry ) { + progress_message2 "$doing $fn..."; + $first_entry = 0; + } + if ( $disposition eq 'COMMENT' ) { if ( $capabilities{COMMENTS} ) { ( $comment = $line ) =~ s/^\s*COMMENT\s*//; @@ -1169,12 +1191,19 @@ sub process_rule ( $$$$$$$$$ ) { # sub process_rules() { - open_file 'rules'; + my $fn = open_file 'rules'; + + my $first_entry = 1; while ( read_a_line ) { my ( $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user ) = split_line 9, 'rules file'; + if ( $first_entry ) { + progress_message2 "$doing $fn..."; + $first_entry = 0; + } + if ( $target eq 'COMMENT' ) { if ( $capabilities{COMMENTS} ) { ( $comment = $line ) =~ s/^\s*COMMENT\s*//; diff --git a/New/Shorewall/Tc.pm b/New/Shorewall/Tc.pm index 655cb8b8c..dbf682f7c 100644 --- a/New/Shorewall/Tc.pm +++ b/New/Shorewall/Tc.pm @@ -349,15 +349,12 @@ sub validate_tc_class( $$$$$$ ) { } sub setup_traffic_shaping() { - my $first_entry = 1; - save_progress_message "Setting up Traffic Control..."; - my $fn = find_file 'tcdevices'; + my $fn = open_file 'tcdevices'; - if ( -f $fn ) { - - open_file $fn; + if ( $fn ) { + my $first_entry = 1; while ( read_a_line ) { @@ -373,12 +370,10 @@ sub setup_traffic_shaping() { } } - $fn = find_file 'tcclasses'; + $fn = open_file 'tcclasses'; - if ( -f $fn ) { - $first_entry = 1; - - open_file $fn; + if ( $fn ) { + my $first_entry = 1; while ( read_a_line ) { @@ -510,16 +505,14 @@ sub setup_tc() { } } - my $fn = find_file 'tcrules'; - - if ( open_file $fn ) { + if ( my $fn = open_file 'tcrules' ) { while ( read_a_line ) { my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = split_line 10, 'tcrules file'; if ( $first_entry ) { - progress_message2 "$doing TC Rules..."; + progress_message2 "$doing $fn..."; require_capability( 'MANGLE_ENABLED' , 'a non-empty tcrules file' ); $first_entry = 0; } diff --git a/New/Shorewall/Tunnels.pm b/New/Shorewall/Tunnels.pm index b8a9f1dc0..df1f9913f 100644 --- a/New/Shorewall/Tunnels.pm +++ b/New/Shorewall/Tunnels.pm @@ -233,14 +233,14 @@ sub setup_tunnels() { # # Setup_Tunnels() Starts Here # - open_file 'tunnels'; + my $fn = open_file 'tunnels'; while ( read_a_line ) { my ( $kind, $zone, $gateway, $gatewayzones ) = split_line 4, 'tunnels file'; if ( $first_entry ) { - progress_message2 "$doing Tunnels..."; + progress_message2 "$doing $fn..."; $first_entry = 0; } diff --git a/New/Shorewall/Zones.pm b/New/Shorewall/Zones.pm index 174ae5996..571ba1a54 100644 --- a/New/Shorewall/Zones.pm +++ b/New/Shorewall/Zones.pm @@ -180,7 +180,9 @@ sub determine_zones() { my @z; - open_file 'zones'; + my $fn = open_file 'zones'; + + my $first_entry = 1; while ( read_a_line ) { @@ -188,6 +190,11 @@ sub determine_zones() my ($zone, $type, $options, $in_options, $out_options ) = split_line 5, 'zones file'; + if ( $first_entry ) { + progress_message2 "$doing $fn..."; + $first_entry = 0; + } + if ( $zone =~ /(\w+):([\w,]+)/ ) { $zone = $1; @parents = split ',', $2; diff --git a/New/compiler.pl b/New/compiler.pl index 440f31b84..e00af28d8 100755 --- a/New/compiler.pl +++ b/New/compiler.pl @@ -656,12 +656,10 @@ sub compiler( $ ) { # # Process the zones file. # - progress_message2 "Determining Zones..."; determine_zones; # # Process the interfaces file. # - progress_message2 "Validating interfaces file..."; validate_interfaces_file; # # Process the hosts file. @@ -680,7 +678,6 @@ sub compiler( $ ) { # # Process the Policy File. # - progress_message2 "Validating Policy file..."; validate_policy; # # Compile the 'stop_firewall()' function @@ -693,7 +690,6 @@ sub compiler( $ ) { # # Do all of the zone-independent stuff # - progress_message2 "$doing Common Rules..."; add_common_rules; # # /proc stuff @@ -735,7 +731,6 @@ sub compiler( $ ) { # # Process the rules file. # - progress_message2 "$doing Rules..."; process_rules; # # Add Tunnel rules. @@ -767,7 +762,6 @@ sub compiler( $ ) { # # Accounting. # - progress_message2 "$doing Accounting..."; setup_accounting; progress_message2 'Generating Rule Matrix...';