Corrected sysconfig files

Removed unnecessary lines in sysconfig files

Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall-lite/sysconfig

@@ -24,4 +24,3 @@ RELOADOPTIONS=""
 STOPOPTIONS=""
 
 # EOF
->>>>>>> 39caa74... Improved sysconfig files

Shorewall/Perl/Shorewall/Chains.pm

@@ -5753,8 +5753,6 @@ sub match_source_net( $;$\$ ) {
     }
 
     if ( $net =~ /^(!?)\^([A-Z\d]{2})$/ || $net =~ /^(!?)\^\[([A-Z,\d]+)\]$/) {
-	fatal_error "A countrycode list may not be used in this context" if $restriction & ( OUTPUT_RESTRICT | POSTROUTE_RESTRICT );
-
 	require_capability 'GEOIP_MATCH', 'A country-code', '';
 
 	load_isocodes unless %isocodes;
@@ -5842,8 +5840,6 @@ sub imatch_source_net( $;$\$ ) {
     }
 
     if ( $net =~ /^(!?)\^([A-Z\d]{2})$/ || $net =~ /^(!?)\^\[([A-Z,\d]+)\]$/) {
-	fatal_error "A countrycode list may not be used in this context" if $restriction & ( OUTPUT_RESTRICT | POSTROUTE_RESTRICT );
-
 	require_capability 'GEOIP_MATCH', 'A country-code', '';
 
 	load_isocodes unless %isocodes;
@@ -5928,8 +5924,6 @@ sub match_dest_net( $;$ ) {
     }
 
     if ( $net =~ /^(!?)\^([A-Z\d]{2})$/ || $net =~ /^(!?)\^\[([A-Z,\d]+)\]$/) {
-	fatal_error "A countrycode list may not be used in this context" if $restriction & (PREROUTE_RESTRICT | INPUT_RESTRICT );
-
 	require_capability 'GEOIP_MATCH', 'A country-code', '';
 
 	load_isocodes unless %isocodes;
@@ -6011,8 +6005,6 @@ sub imatch_dest_net( $;$ ) {
     }
 
     if ( $net =~ /^(!?)\^([A-Z\d]{2})$/ || $net =~ /^(!?)\^\[([A-Z,\d]+)\]$/) {
-	fatal_error "A countrycode list may not be used in this context" if $restriction & (PREROUTE_RESTRICT | INPUT_RESTRICT );
-
 	require_capability 'GEOIP_MATCH', 'A country-code', '';
 
 	load_isocodes unless %isocodes;

Shorewall/Perl/Shorewall/Config.pm

@@ -3221,9 +3221,9 @@ sub push_action_params( $$$$$$ ) {
 sub pop_action_params( $ ) {
     my $oldparms       = shift;
     %actparms          = %$oldparms;
-    my $return         = $parmsmodified ? $parmsmodified : ( $usedcaller || 0 );
-    ( $parmsmodified ) = delete $actparms{modified};
-    ( $usedcaller )    = delete $actparms{usedcaller};
+    my $return         = $parmsmodified | $usedcaller;
+    ( $parmsmodified ) = delete $actparms{modified}   || 0;
+    ( $usedcaller )    = delete $actparms{usedcaller} || 0;
     $return;
 }
 

Shorewall/Perl/Shorewall/Raw.pm

@@ -36,7 +36,7 @@ use strict;
 our @ISA = qw(Exporter);
 our @EXPORT = qw( setup_conntrack );
 our @EXPORT_OK = qw( handle_helper_rule );
-our $VERSION = '4.6_10';
+our $VERSION = 'MODULEVERSION';
 
 our %valid_ctevent = ( new        => 1,
 		       related    => 1,

Shorewall/Perl/Shorewall/Rules.pm

@@ -1713,9 +1713,13 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ );
 # Populate an action invocation chain. As new action tuples are encountered,
 # the function will be called recursively by process_rule().
 # 
-sub process_action($$) {
-    my ( $chainref, $caller ) = @_;
-    my $wholeaction = $chainref->{action};
+# Note that the first two parameters are passed by reference and may be
+# modified by this function.
+#
+sub process_action(\$\$$) {
+    my ( $wholeactionref, $chainrefref, $caller ) = @_;
+    my $wholeaction = ${$wholeactionref};
+    my $chainref    = ${$chainrefref};
     my ( $action, $level, $tag, undef, $param ) = split /:/, $wholeaction, ACTION_TUPLE_ELEMENTS;
 
     if ( $targets{$action} & BUILTIN ) {
@@ -1794,10 +1798,48 @@ sub process_action($$) {
 
     #
     # Pop the action parameters
-    # Caller should delete record of this chain if the action parameters
-    # were modified (and this function returns true
     #
-    pop_action_params( $oldparms );
+    if ( ( my $result = pop_action_params( $oldparms ) ) & PARMSMODIFIED ) {
+	#
+	# The action modified its parameters -- delete it from %usedactions
+	#
+	delete $usedactions{$wholeaction};
+    } elsif ( $result & USEDCALLER ) {
+	#
+	# The chain uses @CALLER but doesn't modify the action parameters.
+	# We need to see if this caller has already invoked this action
+	#
+	my $renormalized_action = insert_caller( $wholeaction, $caller );
+	my $chain1ref           = $usedactions{$renormalized_action};
+
+	if ( $chain1ref ) {
+	    #
+	    # It has -- use the prior chain
+	    #
+	    ${$chainrefref} = $chain1ref;
+	    #
+	    # We leave the new chain in place but delete it from %usedactions below
+	    # The optimizer will drop it from the final ruleset.
+	    #
+	} else {
+	    #
+	    # This is the first time that the current chain has invoked this action
+	    #
+	    $usedactions{$renormalized_action} = $chainref;
+	    #
+	    # Update the action member
+	    #
+	    $chainref->{action} = $renormalized_action;
+	}
+	#
+	# Delete the usedactions entry with the original normalized key
+	#
+	delete $usedactions{$wholeaction};
+	#
+	# New normalized target
+	#
+	${$wholeactionref} = $renormalized_action;
+    }
 }
 
 #
@@ -1930,11 +1972,14 @@ sub process_actions() {
 # Create a policy action if it doesn't already exist
 #
 sub use_policy_action( $$ ) {
-    my $ref = use_action( $_[0] );
+    my ( $normalized_target, $caller ) = @_;
+
+    my $ref = use_action( $normalized_target );
+
     if ( $ref ) {
-	delete $usedactions{$ref->{action}} if process_action( $ref, $_[1] ) & PARMSMODIFIED;
+	process_action( $normalized_target, $ref, $caller );
     } else {
-	$ref = $usedactions{$_[0]};
+	$ref = $usedactions{$normalized_target};
     }
 
     $ref;
@@ -2684,7 +2729,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
     #
     # Handle actions
     #
-    my $delete_action = 0;
+    my $actionchain; #Name of the action chain
 
     if ( $actiontype & ACTION ) {
 	#
@@ -2700,52 +2745,29 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
 	    #
 	    my $savestatematch = $statematch;
 	    $statematch        = '';
-
-	    if ( ( $delete_action = process_action( $ref, $chain ) ) & USEDCALLER ) {
 	    #
-		# The chain uses @CALLER but doesn't modify the action parameters.
-		# We need to see if this chain has already called this action
+	    # process_action may modify both $normalized_target and $ref!!!
 	    #
-		my $renormalized_target = insert_caller( $normalized_target, $chain );
-		my $ref1 = $usedactions{$renormalized_target};
-
-		if ( $ref1 ) {
+	    process_action( $normalized_target, $ref, $chain );
 	    #
-		    # It has -- use the prior chain
+	    # Capture the name of the action chain
 	    #
-		    $ref = $ref1;
-		    #
-		    # We leave the new chain in place but delete it from %usedactions below
-		    #
-		} else {
-		    #
-		    # This is the first time that the current chain has invoked this action
-		    #
-		    $usedactions{$renormalized_target} = $ref;
-		    #
-		    # Swap the action member
-		    #
-		    $ref->{action} = $renormalized_target;
-		}
-		#
-		# Delete the usedactions entry with the original normalized key
-		#
-		delete $usedactions{$normalized_target};
-		#
-		# New normalized target
-		#
-		$normalized_target = $renormalized_target;
-	    }    
+	    $actionchain = $ref->{name};
 	    #
 	    # Processing the action may determine that the action or one of it's dependents does NAT or HELPER, so:
 	    #
 	    #    - Refresh $actiontype
 	    #    - Create the associated nat and/or table chain if appropriate.
 	    #
-	    ensure_chain( 'nat', $ref->{name} ) if ( $actiontype = $targets{$basictarget} ) & NATRULE;
-	    ensure_chain( 'raw', $ref->{name} ) if ( $actiontype & HELPER );
+	    ensure_chain( 'nat', $actionchain ) if ( $actiontype = $targets{$basictarget} ) & NATRULE;
+	    ensure_chain( 'raw', $actionchain ) if ( $actiontype & HELPER );
 
 	    $statematch = $savestatematch;
+	} else {
+	    #
+	    # We've seen this tuple before
+	    #
+	    $actionchain = $usedactions{$normalized_target}->{name};
 	}
 
 	$action = $basictarget; # Remove params, if any, from $action.
@@ -2865,7 +2887,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
 			    $ports,
 			    $sports,
 			    $sourceref,
-			    ( $actiontype & ACTION ) ? $usedactions{$normalized_target}->{name} : '',
+			    ( $actiontype & ACTION ) ? $actionchain : '',
 			    $inchain ? $chain : '' ,
 			    $user ,
 			    $rule ,
@@ -2887,7 +2909,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
 				     $proto,
 				     $ports,
 				     $origdest,
-				     ( $actiontype & ACTION ) ? $usedactions{$normalized_target}->{name} : '',
+				     ( $actiontype & ACTION ) ? $actionchain : '',
 				     $action,
 				     $sourceref,
 				     $inaction ? $chain : '',
@@ -2944,7 +2966,7 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
     unless ( $actiontype & NATONLY ) {
 
 	if ( $actiontype & ACTION ) {
-	    $action = $usedactions{$normalized_target}{name};
+	    $action = $actionchain;
 	    $loglevel = '';
 	}
 
@@ -2975,8 +2997,6 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$$ ) {
 	    unless unreachable_warning( $wildcard || $section == DEFAULTACTION_SECTION, $chainref );
     }
 
-    delete $usedactions{$normalized_target} if $delete_action & PARMSMODIFIED;	
-
     return 1;
 }
 

Shorewall/Perl/Shorewall/Tc.pm

@@ -2954,7 +2954,9 @@ sub process_traffic_shaping() {
 
 			my ( $options, $redopts ) = ( '', $tcref->{redopts} );
 
-			while ( my ( $option, $type ) = each %validredoptions ) {
+			for my $option ( sort keys %validredoptions ) {
+			    my $type = $validredoptions{$option};
+
 			    if ( my $value = $redopts->{$option} ) {
 				if ( $type == RED_NONE ) {
 				    $options = join( ' ', $options, $option ) if $value;
@@ -2971,7 +2973,9 @@ sub process_traffic_shaping() {
 
 			my ( $options, $codelopts ) = ( '', $tcref->{codelopts} );
 
-			while ( my ( $option, $type ) = each %validcodeloptions ) {
+			for my $option ( sort keys %validcodeloptions ) {
+			    my $type = $validcodeloptions{$option};
+
 			    if ( my $value = $codelopts->{$option} ) {
 				if ( $type == CODEL_NONE ) {
 				    $options = join( ' ', $options, $option );

Shorewall/sysconfig

@@ -24,4 +24,3 @@ RELOADOPTIONS=""
 STOPOPTIONS=""
 
 # EOF
->>>>>>> 39caa74... Improved sysconfig files

Shorewall6-lite/sysconfig

@@ -24,4 +24,3 @@ RELOADOPTIONS=""
 STOPOPTIONS=""
 
 # EOF
->>>>>>> 39caa74... Improved sysconfig files

Shorewall6/sysconfig

@@ -24,4 +24,3 @@ RELOADOPTIONS=""
 STOPOPTIONS=""
 
 # EOF
->>>>>>> 39caa74... Improved sysconfig files