On 9/17/10 9:10 AM, Tom Eastep wrote: > Beta 6 is now available for testing. Pay close attention to the > Blacklisting change in this release; static blacklisting is incompatible > with blacklisting in Beta 5.
There are a couple of known problems. a) Mr Dash 4 has reported that a perl diagnostic is produced: Use of uninitialized value in addition (+) at /usr/share/shorewall/Shorewall/Chains.pm line 712. The attached FROZEN.patch corrects that. b) I've found an optimization bug that crazily reorders the rules in a chain that contains a jump to one of the blacklist chains. The attached CRAZY.patch corrects that problem. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Chains.pm
b/Shorewall/Perl/Shorewall/Chains.pm
index 592a96e..935259c 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -690,8 +690,7 @@ sub increment_reference_count( $$ ) {
#
# The rules generated by interface options are added to the interfaces's input
chain and
# forward chain. Shorewall::Rules::generate_matrix() may decide to move those
rules to
-# a zone-oriented chain, hence this function.
-#
+
sub move_rules( $$ ) {
my ($chain1, $chain2 ) = @_;
@@ -1011,7 +1010,8 @@ sub new_chain($$)
loglevel => '',
log => 1,
cmdlevel => 0,
- references => {} };
+ references => {},
+ frozen => 0 };
trace( $chainref, 'N', undef, '' ) if $debug;
commit c9e876fcf52f63881e1bf1297ab2d02f912b1718 Author: Tom Eastep <[email protected]> Date: Fri Sep 17 15:10:02 2010 -0700 Fix an optimization bug with the new blacklisting code diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index 33cfba6..37a02a0 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -744,8 +744,10 @@ sub copy_rules( $$ ) { my $name1 = $chain1->{name}; my $name = $name1; my $name2 = $chain2->{name}; - my @rules = @{$chain1->{rules}}; - my $rules = $chain2->{rules}; + my $frozen1 = $chain1->{frozen}; + my $frozen2 = $chain2->{frozen}; + my @rules1 = @{$chain1->{rules}}; + my $rules2 = $chain2->{rules}; my $count = @{$chain1->{rules}}; my $tableref = $chain_table{$chain1->{table}}; # @@ -753,20 +755,32 @@ sub copy_rules( $$ ) { # $name1 =~ s/\+/\\+/; - my $last = pop @$rules; # Delete the jump to chain1 + my $last = pop @$rules2; # Delete the jump to chain1 - if ( $debug ) { - my $rule = @$rules; - trace( $chain2, 'A', ++$rule, $_ ) for @rules; - } # # Chain2 is now a referent of all of Chain1's targets # - for ( @rules ) { + for ( @rules1 ) { increment_reference_count( $tableref->{$1}, $name2 ) if / -[jg] ([^\s]+)/; } - push @$rules, @rules; + if ( $frozen1 || $frozen2 ) { + if ( $debug ) { + my $rule = @$rules2; + trace( $chain2, 'A', ++$rule, $_ ) for @rules1; + } + + splice @$rules2, $frozen2, 0, splice( @rules1, 0, $frozen1 ); + + $chain2->{frozen} += $frozen1; + } + + if ( $debug ) { + my $rule = @$rules2; + trace( $chain2, 'A', ++$rule, $_ ) for @rules1; + } + + push @$rules2, @rules1; progress_message " $count rules from $chain1->{name} appended to $chain2->{name}";
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
