Re: [Shorewall-devel] Shorewall 4.5.16 Beta 4

Tom Eastep Thu, 18 Apr 2013 11:08:44 -0700

On 04/17/2013 07:37 PM, Tom Eastep wrote:
> On 4/17/13 7:17 PM, "Dash Four" <[email protected]> wrote:
> 
>>
>>
>> Tom Eastep wrote:
>>> On 4/17/13 6:44 PM, "Dash Four" <[email protected]> wrote:
>>>
>>>   
>>>>> Have you looked at the HELPERS option?
>>>>>   
>>>>>       
>>>> I have "AUTOHELPERS=No" as well as "HELPERS=" (kernel version is 3.7.x)
>>>> and I am getting about 15 lines of this "No such helper" crap each time
>>>> I (re)start or (re)load shorewall.
>>>>     
>>>
>>> How about I implement a HELPERS=none that assumes no helpers?
>>>   
>> Sound! I thought that an empty HELPERS option meant just that (that no
>> helpers of any kind are enabled), but if that was not the case, then
>> yes, makes perfect sense. I am also assuming that if I have, say,
>> "HELPERS=amanda" for example, only that helper is enabled (amanda),
>> correct?


Here's a patch.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index 1d794b4..e397a33 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -3919,7 +3919,7 @@ sub FTP0_Helper() {
 }
 
 sub FTP_Helper() {
-    have_helper( 'ftp', 'tcp', 21 ) || FTP0_Helper;
+    have_helper( 'ftp', 'tcp', 21 ) || have_capability 'FTP0_HELPER';
 }
 
 sub H323_Helpers() {
@@ -3947,7 +3947,7 @@ sub SANE0_Helper() {
 }
 
 sub SANE_Helper() {
-    have_helper( 'sane', 'tcp', 6566 ) || SANE0_Helper;
+    have_helper( 'sane', 'tcp', 6566 ) || have_capability 'SANE0_HELPER';
 }
 
 sub SIP0_Helper() {
@@ -3955,7 +3955,7 @@ sub SIP0_Helper() {
 }
 
 sub SIP_Helper() {
-    have_helper( 'sip', 'udp', 5060 ) || SIP0_Helper;
+    have_helper( 'sip', 'udp', 5060 ) || have_capability 'SIP0_HELPER';
 }
 
 sub SNMP_Helper() {
@@ -3967,7 +3967,7 @@ sub TFTP0_Helper() {
 }
 
 sub TFTP_Helper() {
-    have_helper( 'tftp', 'udp', 69 ) || TFTP0_Helper;
+    have_helper( 'tftp', 'udp', 69 ) || have_capability 'TFTP0_HELPER';
 }
 
 sub Connlimit_Match() {
@@ -4330,9 +4330,7 @@ sub determine_capabilities() {
 	$capabilities{UDPLITEREDIRECT} = detect_capability( 'UDPLITEREDIRECT' );
 	$capabilities{NEW_TOS_MATCH}   = detect_capability( 'NEW_TOS_MATCH' );
 	
-	if ( have_capability 'CT_TARGET' ) {
-	    $capabilities{$_} = detect_capability $_ for ( values( %helpers_map ) );
-	} else {
+	unless ( have_capability 'CT_TARGET' ) {
 	    $capabilities{HELPER_MATCH} = detect_capability 'HELPER_MATCH';
 	}
 
@@ -4654,6 +4652,12 @@ sub read_capabilities() {
 	$capabilities{KERNELVERSION} = 20630;
     }
 
+    $helpers_aliases{ftp}  = 'ftp-0',  $capabilities{FTP_HELPER}  = 1 if $capabilities{FTP0_HELPER};
+    $helpers_aliases{irc}  = 'irc-0',  $capabilities{IRC_HELPER}  = 1 if $capabilities{IRC0_HELPER};
+    $helpers_aliases{sane} = 'sane-0', $capabilities{SANE_HELPER} = 1 if $capabilities{SANE0_HELPER};
+    $helpers_aliases{sip}  = 'sip-0',  $capabilities{SIP_HELPER}  = 1 if $capabilities{SIP0_HELPER};
+    $helpers_aliases{tftp} = 'tftp-0', $capabilities{TFTP_HELPER} = 1 if $capabilities{TFTP0_HELPER};
+
     for ( keys %capabilities ) {
 	$capabilities{$_} = '' unless defined $capabilities{$_};
     }
@@ -5021,13 +5025,53 @@ sub get_configuration( $$$$ ) {
 
     get_capabilities( $export );
 
-    report_capabilities unless $config{LOAD_HELPERS_ONLY};
+    my ( $val, $all );
 
-    $helpers_aliases{ftp}  = 'ftp-0',  $capabilities{FTP_HELPER}  = 1 if $capabilities{FTP0_HELPER};
-    $helpers_aliases{irc}  = 'irc-0',  $capabilities{IRC_HELPER}  = 1 if $capabilities{IRC0_HELPER};
-    $helpers_aliases{sane} = 'sane-0', $capabilities{SANE_HELPER} = 1 if $capabilities{SANE0_HELPER};
-    $helpers_aliases{sip}  = 'sip-0',  $capabilities{SIP_HELPER}  = 1 if $capabilities{SIP0_HELPER};
-    $helpers_aliases{tftp} = 'tftp-0', $capabilities{TFTP_HELPER} = 1 if $capabilities{TFTP0_HELPER};
+    if ( supplied ( $val = $config{HELPERS} ) ) {
+	if ( $val eq 'none' ) {
+	    $val = $config{HELPERS} = '';
+	}
+    }  else {
+	$val = $config{HELPERS} = join( ',', grep $_ !~ /-0$/, keys %helpers_enabled );
+	$all = 1;
+    }
+
+    if ( supplied $val ) {
+	my %helpers_temp = %helpers_enabled;
+
+	$helpers_temp{$_} = 0 for keys %helpers_temp;
+
+	my @helpers = split_list ( $val, 'helper' );
+
+	for ( split_list $config{HELPERS} , 'helper' ) {
+	    my $name = $_;
+	    if ( exists $helpers_enabled{$name} ) {
+		s/-/_/;
+
+		if ( $all ) {
+		    $helpers_temp{$name} = 1 if have_capability uc( $_ ) . '_HELPER' , 1;
+		} else {
+		    require_capability( uc( $_ ) . '_HELPER' , "The $name helper", 's' );
+		    $helpers_temp{$name} = 1;
+		}
+	    } else {
+		fatal_error "Unknown Helper ($_)";
+	    }
+	}
+
+	%helpers_enabled = %helpers_temp;
+
+	while ( my ( $helper, $enabled ) = each %helpers_enabled ) {
+	    $helper =~ s/-0/0/;
+	    $helper =~ s/-/_/;
+	    $capabilities{uc($helper) . '_HELPER'} = 0 unless $enabled; 
+	}
+    } elsif ( have_capability 'CT_TARGET' ) {
+	$helpers_enabled{$_} = 0 for keys %helpers_enabled;
+	$capabilities{$_}    = 0 for grep /_HELPER/ , keys %capabilities;
+    }
+
+    report_capabilities unless $config{LOAD_HELPERS_ONLY};
 
     #
     # Now initialize the used capabilities hash
@@ -5118,8 +5162,6 @@ sub get_configuration( $$$$ ) {
 
     check_trivalue ( 'IP_FORWARDING', 'on' );
 
-    my $val;
-
     if ( have_capability( 'KERNELVERSION' ) < 20631 ) {
 	check_trivalue ( 'ROUTE_FILTER',  '' );
     } else {
@@ -5299,29 +5341,6 @@ sub get_configuration( $$$$ ) {
 
     $config{IPSET} = '' if supplied $config{IPSET} && $config{IPSET} eq 'ipset'; 
 
-    if ( supplied $config{HELPERS} ) {
-	my %helpers_temp = %helpers_enabled;
-
-	$helpers_temp{$_} = 0 for keys %helpers_temp;
-
-	for ( split_list $config{HELPERS} , 'helper' ) {
-	    my $name = $_;
-	    if ( exists $helpers_enabled{$name} ) {
-		s/-/_/;
-		require_capability( uc( $_ ) . '_HELPER' , "The $name helper", 's' );
-		$helpers_temp{$name} = 1;
-	    } else {
-		fatal_error "Unknown Helper ($_)";
-	    }
-	}
-	
-	%helpers_enabled = %helpers_temp;
-
-	while ( my ( $helper, $enabled ) = each %helpers_enabled ) {
-	    $capabilities{uc($helper) . '_HELPER'} = 0 unless $enabled; 
-	}
-    }
-
     require_capability 'MARK' , 'FORWARD_CLEAR_MARK=Yes', 's', if $config{FORWARD_CLEAR_MARK};
 
     numeric_option 'TC_BITS',          $config{WIDE_TC_MARKS} ? 14 : 8 , 0;

signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter

_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel

Re: [Shorewall-devel] Shorewall 4.5.16 Beta 4

Reply via email to