Signed-off-by: Stefan Hanreich <s.hanre...@proxmox.com> Reviewed-by: Wolfgang Bumiller <w.bumil...@proxmox.com> --- src/PVE/Firewall.pm | 78 ++++++++++++++++++++++----------------------- 1 file changed, 39 insertions(+), 39 deletions(-)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index b1e5af6..65b8c73 100644 --- a/src/PVE/Firewall.pm +++ b/src/PVE/Firewall.pm @@ -1737,12 +1737,12 @@ sub verify_rule { $add_error->($name, "no such ipset '$2'") } } else { - &$add_error($name, "invalid ipset name '$value'"); + $add_error->($name, "invalid ipset name '$value'"); } } elsif ($value =~ m@^(guest/|dc/)?(${ip_alias_pattern})$@){ my $scope = $1 // ""; my $alias = lc($2); - &$add_error($name, "no such alias '$value'") + $add_error->($name, "no such alias '$value'") if !($cluster_conf->{aliases}->{$alias} || ($fw_conf && $fw_conf->{aliases}->{$alias})); my $e; @@ -1761,8 +1761,8 @@ sub verify_rule { my $type = $rule->{type}; my $action = $rule->{action}; - &$add_error('type', "missing property") if !$type; - &$add_error('action', "missing property") if !$action; + $add_error->('type', "missing property") if !$type; + $add_error->('action', "missing property") if !$action; if ($type) { my $valid_types = $rule_env_direction_lookup->{$rule_env} @@ -1778,22 +1778,22 @@ sub verify_rule { $add_error->('action', "unknown action '$action'") if $action && ($action !~ m/^(ACCEPT|DROP|REJECT)$/); } elsif ($type eq 'group') { - &$add_error('type', "security groups not allowed") + $add_error->('type', "security groups not allowed") if !$allow_groups; - &$add_error('action', "invalid characters in security group name") + $add_error->('action', "invalid characters in security group name") if $action && ($action !~ m/^${security_group_name_pattern}$/); } else { - &$add_error('type', "unknown rule type '$type'"); + $add_error->('type', "unknown rule type '$type'"); } } if ($rule->{iface}) { - &$add_error('type', "parameter -i not allowed for this rule type") + $add_error->('type', "parameter -i not allowed for this rule type") if !$allow_iface; eval { PVE::JSONSchema::pve_verify_iface($rule->{iface}); }; - &$add_error('iface', $@) if $@; + $add_error->('iface', $@) if $@; if ($rule_env eq 'vm' || $rule_env eq 'ct') { - &$add_error('iface', "value does not match the regex pattern 'net\\d+'") + $add_error->('iface', "value does not match the regex pattern 'net\\d+'") if $rule->{iface} !~ m/^net(\d+)$/; } } @@ -1802,14 +1802,14 @@ sub verify_rule { if (my $preferred_name = $pve_fw_preferred_macro_names->{lc($rule->{macro})}) { $rule->{macro} = $preferred_name; } else { - &$add_error('macro', "unknown macro '$rule->{macro}'"); + $add_error->('macro', "unknown macro '$rule->{macro}'"); } } my $is_icmp = 0; if ($rule->{proto}) { eval { pve_fw_verify_protocol_spec($rule->{proto}); }; - &$add_error('proto', $@) if $@; + $add_error->('proto', $@) if $@; &$set_ip_version(4) if $rule->{proto} eq 'icmp'; &$set_ip_version(6) if $rule->{proto} eq 'icmpv6'; &$set_ip_version(6) if $rule->{proto} eq 'ipv6-icmp'; @@ -1818,34 +1818,34 @@ sub verify_rule { if ($rule->{dport}) { eval { parse_port_name_number_or_range($rule->{dport}, $is_icmp); }; - &$add_error('dport', $@) if $@; + $add_error->('dport', $@) if $@; my $proto = $rule->{proto}; - &$add_error('proto', "missing property - 'dport' requires this property") + $add_error->('proto', "missing property - 'dport' requires this property") if !$proto; - &$add_error('dport', "protocol '$proto' does not support ports") + $add_error->('dport', "protocol '$proto' does not support ports") if !$PROTOCOLS_WITH_PORTS->{$proto} && !$is_icmp; #special cases } if (my $icmp_type = $rule ->{'icmp-type'}) { my $proto = $rule->{proto}; - &$add_error('proto', "missing property - 'icmp-type' requires this property") + $add_error->('proto', "missing property - 'icmp-type' requires this property") if !$is_icmp; - &$add_error('icmp-type', "'icmp-type' cannot be specified together with 'dport'") + $add_error->('icmp-type', "'icmp-type' cannot be specified together with 'dport'") if $rule->{dport}; if ($proto eq 'icmp' && !$icmp_type_names->{$icmp_type}) { - &$add_error('icmp-type', "invalid icmp-type '$icmp_type' for proto 'icmp'"); + $add_error->('icmp-type', "invalid icmp-type '$icmp_type' for proto 'icmp'"); } elsif (($proto eq 'icmpv6' || $proto eq 'ipv6-icmp') && !$icmpv6_type_names->{$icmp_type}) { - &$add_error('icmp-type', "invalid icmp-type '$icmp_type' for proto '$proto'"); + $add_error->('icmp-type', "invalid icmp-type '$icmp_type' for proto '$proto'"); } } if ($rule->{sport}) { eval { parse_port_name_number_or_range($rule->{sport}, 0); }; - &$add_error('sport', $@) if $@; + $add_error->('sport', $@) if $@; my $proto = $rule->{proto}; - &$add_error('proto', "missing property - 'sport' requires this property") + $add_error->('proto', "missing property - 'sport' requires this property") if !$proto; - &$add_error('sport', "protocol '$proto' does not support ports") + $add_error->('sport', "protocol '$proto' does not support ports") if !$PROTOCOLS_WITH_PORTS->{$proto}; } @@ -1854,7 +1854,7 @@ sub verify_rule { my $source_ipversion = parse_address_list($rule->{source}); &$set_ip_version($source_ipversion); }; - &$add_error('source', $@) if $@; + $add_error->('source', $@) if $@; &$check_ipset_or_alias_property('source', $ipversion); } @@ -1863,7 +1863,7 @@ sub verify_rule { my $dest_ipversion = parse_address_list($rule->{dest}); &$set_ip_version($dest_ipversion); }; - &$add_error('dest', $@) if $@; + $add_error->('dest', $@) if $@; &$check_ipset_or_alias_property('dest', $ipversion); } @@ -1875,10 +1875,10 @@ sub verify_rule { if (ref($err) eq "PVE::Exception" && $err->{errors}) { my $eh = $err->{errors}; foreach my $p (keys %$eh) { - &$add_error($p, $eh->{$p}); + $add_error->($p, $eh->{$p}); } } else { - &$add_error('macro', "$err"); + $add_error->('macro', "$err"); } } } @@ -3515,17 +3515,17 @@ sub save_vmfw_conf { my $raw = ''; my $options = $vmfw_conf->{options}; - $raw .= &$format_options($options) if $options && scalar(keys %$options); + $raw .= $format_options->($options) if $options && scalar(keys %$options); my $aliases = $vmfw_conf->{aliases}; - $raw .= &$format_aliases($aliases) if $aliases && scalar(keys %$aliases); + $raw .= $format_aliases->($aliases) if $aliases && scalar(keys %$aliases); - $raw .= &$format_ipsets($vmfw_conf) if $vmfw_conf->{ipset}; + $raw .= $format_ipsets->($vmfw_conf) if $vmfw_conf->{ipset}; my $rules = $vmfw_conf->{rules} || []; if ($rules && scalar(@$rules)) { $raw .= "[RULES]\n\n"; - $raw .= &$format_rules($rules, 1); + $raw .= $format_rules->($rules, 1); $raw .= "\n"; } @@ -3774,17 +3774,17 @@ sub save_clusterfw_conf { my $raw = ''; my $options = $cluster_conf->{options}; - $raw .= &$format_options($options) if $options && scalar(keys %$options); + $raw .= $format_options->($options) if $options && scalar(keys %$options); my $aliases = $cluster_conf->{aliases}; - $raw .= &$format_aliases($aliases) if $aliases && scalar(keys %$aliases); + $raw .= $format_aliases->($aliases) if $aliases && scalar(keys %$aliases); - $raw .= &$format_ipsets($cluster_conf) if $cluster_conf->{ipset}; + $raw .= $format_ipsets->($cluster_conf) if $cluster_conf->{ipset}; my $rules = $cluster_conf->{rules}; if ($rules && scalar(@$rules)) { $raw .= "[RULES]\n\n"; - $raw .= &$format_rules($rules, 1); + $raw .= $format_rules->($rules, 1); $raw .= "\n"; } @@ -3798,7 +3798,7 @@ sub save_clusterfw_conf { $raw .= "[group $group]\n\n"; } - $raw .= &$format_rules($rules, 0); + $raw .= $format_rules->($rules, 0); $raw .= "\n"; } } @@ -3839,12 +3839,12 @@ sub save_hostfw_conf { my $raw = ''; my $options = $hostfw_conf->{options}; - $raw .= &$format_options($options) if $options && scalar(keys %$options); + $raw .= $format_options->($options) if $options && scalar(keys %$options); my $rules = $hostfw_conf->{rules}; if ($rules && scalar(@$rules)) { $raw .= "[RULES]\n\n"; - $raw .= &$format_rules($rules, 1); + $raw .= $format_rules->($rules, 1); $raw .= "\n"; } @@ -3881,12 +3881,12 @@ sub save_vnetfw_conf { my $raw = ''; my $options = $conf->{options}; - $raw .= &$format_options($options) if $options && scalar(keys %$options); + $raw .= $format_options->($options) if $options && scalar(keys %$options); my $rules = $conf->{rules}; if ($rules && scalar(@$rules)) { $raw .= "[RULES]\n\n"; - $raw .= &$format_rules($rules, 1); + $raw .= $format_rules->($rules, 1); $raw .= "\n"; } -- 2.39.5 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel