From: Dietmar Maurer <dietmar@proxmox.com>
Date: Fri, 30 May 2014 10:24:40 +0000 (+0200)
Subject: code cleanup - introcduce new method resolve_alias
X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=6c22157652291ed6b3b5e9e8c6ee614a3b5f92eb

code cleanup - introcduce new method resolve_alias
---

diff --git a/src/PVE/API2/Firewall/IPSet.pm b/src/PVE/API2/Firewall/IPSet.pm
index 6c7ab5e..24a45ae 100644
--- a/src/PVE/API2/Firewall/IPSet.pm
+++ b/src/PVE/API2/Firewall/IPSet.pm
@@ -145,17 +145,6 @@ sub register_delete_ipset {
 	}});
 }
 
-my $verify_alias_exists = sub {
-    my ($cluster_conf, $fw_conf, $cidr) = @_;
-
-    if ($cidr !~ m/^\d/) {
-	my $alias = lc($cidr);
-	die "no such alias '$cidr'\n"
-	    if !(($cluster_conf && $cluster_conf->{aliases}->{$alias}) || 
-		 ($fw_conf && $fw_conf->{aliases}->{$alias}));
-    }
-};
-
 sub register_create_ip {
     my ($class) = @_;
 
@@ -189,7 +178,8 @@ sub register_create_ip {
 		    if $entry->{cidr} eq $cidr;
 	    }
 
-	    &$verify_alias_exists($cluster_conf, $fw_conf, $cidr);
+	    # make sure alias exists (if $cidr is an alias)
+	    PVE::Firewall::resolve_alias($cluster_conf, $fw_conf, $cidr); 
 
 	    my $data = { cidr => $cidr };
 
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 6adf487..66f4b91 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -2116,6 +2116,21 @@ sub parse_clusterfw_option {
     return ($opt, $value);
 }
 
+sub resolve_alias {
+    my ($clusterfw_conf, $fw_conf, $cidr) = @_;
+
+    if ($cidr !~ m/^\d/) {
+	my $alias = lc($cidr);
+	my $e = $fw_conf->{aliases}->{$alias} if $fw_conf;
+	$e = $clusterfw_conf->{aliases}->{$alias} if !$e && $clusterfw_conf;
+	return $e->{cidr} if $e;
+	
+	die "no such alias '$cidr'\n";
+    }
+
+    return $cidr;
+}
+
 sub parse_alias {
     my ($line) = @_;
 
@@ -2259,7 +2274,6 @@ sub generic_fw_config_parser {
 
 	    if($cidr !~ m/^${ip_alias_pattern}$/) {
 		$cidr =~ s|/32$||;
-
 		eval { pve_verify_ipv4_or_cidr($cidr); };
 		if (my $err = $@) {
 		    warn "$prefix: $cidr - $err";
@@ -2608,20 +2622,11 @@ sub generate_ipset {
     # remove duplicates
     my $nethash = {};
     foreach my $entry (@$options) {
-	my $cidr = $entry->{cidr};
-	if ($cidr =~ m/^${ip_alias_pattern}$/) {
-	    my $alias = lc($cidr);
-	    my $e = $fw_conf->{aliases}->{$alias} if $fw_conf;
-	    $e = $clusterfw_conf->{aliases}->{$alias} if !$e && $clusterfw_conf;
-	    if ($e) {
-		$entry->{cidr} = $e->{cidr};
-		$nethash->{$entry->{cidr}} = $entry;
-	    } else {
-		warn "no such alias '$cidr'\n";
-	    }
-	} else {
-	    $nethash->{$entry->{cidr}} = $entry;
-	}
+	eval {
+	    my $cidr = resolve_alias($clusterfw_conf, $fw_conf, $entry->{cidr});
+	    $nethash->{$cidr} = { cidr => $cidr, nomatch => $entry->{nomatch} };
+	};
+	warn $@ if $@;
     }
 
     foreach my $cidr (sort keys %$nethash) {