From: Thomas Lamprecht Date: Fri, 13 Dec 2019 11:07:16 +0000 (+0100) Subject: grammar fix: s/does not exists/does not exist/g X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=75a12a9d84e749011676edc8a52afd6c685bbae2 grammar fix: s/does not exists/does not exist/g Signed-off-by: Thomas Lamprecht --- diff --git a/src/PVE/API2/Firewall/Aliases.pm b/src/PVE/API2/Firewall/Aliases.pm index b81dc9d..2a66abd 100644 --- a/src/PVE/API2/Firewall/Aliases.pm +++ b/src/PVE/API2/Firewall/Aliases.pm @@ -9,7 +9,7 @@ use PVE::Firewall; use base qw(PVE::RESTHandler); -my $api_properties = { +my $api_properties = { cidr => { description => "Network/IP specification in CIDR format.", type => 'string', format => 'IPorCIDR', @@ -41,7 +41,7 @@ sub save_aliases { sub rule_env { my ($class, $param) = @_; - + die "implement this in subclass"; } @@ -97,7 +97,7 @@ sub register_get_aliases { type => 'string', optional => 1, }, - digest => get_standard_option('pve-config-digest', { optional => 0} ), + digest => get_standard_option('pve-config-digest', { optional => 0} ), }, }, links => [ { rel => 'child', href => "{name}" } ], @@ -140,10 +140,10 @@ sub register_create_alias { my ($fw_conf, $aliases) = $class->load_config($param); my $name = lc($param->{name}); - - raise_param_exc({ name => "alias '$param->{name}' already exists" }) + + raise_param_exc({ name => "alias '$param->{name}' already exists" }) if defined($aliases->{$name}); - + my $data = { name => $param->{name}, cidr => $param->{cidr} }; $data->{comment} = $param->{comment} if $param->{comment}; @@ -161,7 +161,7 @@ sub register_read_alias { my $properties = $class->additional_parameters(); $properties->{name} = $api_properties->{name}; - + $class->register_method({ name => 'read_alias', path => '{name}', @@ -234,7 +234,7 @@ sub register_update_alias { $rename = lc($rename) if $rename; if ($rename && ($name ne $rename)) { - raise_param_exc({ name => "alias '$param->{rename}' already exists" }) + raise_param_exc({ name => "alias '$param->{rename}' already exists" }) if defined($aliases->{$rename}); $aliases->{$name}->{name} = $param->{rename}; $aliases->{$rename} = $aliases->{$name}; @@ -280,7 +280,7 @@ sub register_delete_alias { delete $aliases->{$name}; $class->save_aliases($param, $fw_conf, $aliases); - + return undef; }}); } @@ -304,7 +304,7 @@ use base qw(PVE::API2::Firewall::AliasesBase); sub rule_env { my ($class, $param) = @_; - + return 'cluster'; } @@ -336,13 +336,13 @@ use base qw(PVE::API2::Firewall::AliasesBase); sub rule_env { my ($class, $param) = @_; - + return 'vm'; } -__PACKAGE__->additional_parameters({ +__PACKAGE__->additional_parameters({ node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid'), }); sub load_config { @@ -374,13 +374,13 @@ use base qw(PVE::API2::Firewall::AliasesBase); sub rule_env { my ($class, $param) = @_; - + return 'ct'; } -__PACKAGE__->additional_parameters({ +__PACKAGE__->additional_parameters({ node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid'), }); sub load_config { diff --git a/src/PVE/API2/Firewall/Groups.pm b/src/PVE/API2/Firewall/Groups.pm index 8f94b6d..ec0d016 100644 --- a/src/PVE/API2/Firewall/Groups.pm +++ b/src/PVE/API2/Firewall/Groups.pm @@ -16,7 +16,7 @@ my $get_security_group_list = sub { my $res = []; foreach my $group (sort keys %{$cluster_conf->{groups}}) { - my $data = { + my $data = { group => $group, }; if (my $comment = $cluster_conf->{group_comments}->{$group}) { @@ -44,10 +44,10 @@ __PACKAGE__->register_method({ type => 'array', items => { type => "object", - properties => { + properties => { group => get_standard_option('pve-security-group-name'), digest => get_standard_option('pve-config-digest', { optional => 0} ), - comment => { + comment => { type => 'string', optional => 1, } @@ -74,7 +74,7 @@ __PACKAGE__->register_method({ }, parameters => { additionalProperties => 0, - properties => { + properties => { group => get_standard_option('pve-security-group-name'), comment => { type => 'string', @@ -97,7 +97,7 @@ __PACKAGE__->register_method({ my (undef, $digest) = &$get_security_group_list($cluster_conf); PVE::Tools::assert_if_modified($digest, $param->{digest}); - raise_param_exc({ group => "Security group '$param->{rename}' does not exists" }) + raise_param_exc({ group => "Security group '$param->{rename}' does not exist" }) if !$cluster_conf->{groups}->{$param->{rename}}; # prevent overwriting an existing group @@ -113,7 +113,7 @@ __PACKAGE__->register_method({ $cluster_conf->{group_comments}->{$param->{group}} = $param->{comment} if defined($param->{comment}); } else { foreach my $name (keys %{$cluster_conf->{groups}}) { - raise_param_exc({ group => "Security group '$name' already exists" }) + raise_param_exc({ group => "Security group '$name' already exists" }) if $name eq $param->{group}; } @@ -122,12 +122,12 @@ __PACKAGE__->register_method({ } PVE::Firewall::save_clusterfw_conf($cluster_conf); - + return undef; }}); __PACKAGE__->register_method ({ - subclass => "PVE::API2::Firewall::GroupRules", + subclass => "PVE::API2::Firewall::GroupRules", path => '{group}', }); diff --git a/src/PVE/API2/Firewall/Host.pm b/src/PVE/API2/Firewall/Host.pm index 764dab1..d02619a 100644 --- a/src/PVE/API2/Firewall/Host.pm +++ b/src/PVE/API2/Firewall/Host.pm @@ -14,7 +14,7 @@ use PVE::API2::Firewall::Rules; use base qw(PVE::RESTHandler); __PACKAGE__->register_method ({ - subclass => "PVE::API2::Firewall::HostRules", + subclass => "PVE::API2::Firewall::HostRules", path => 'rules', }); @@ -58,7 +58,7 @@ my $add_option_properties = sub { foreach my $k (keys %$option_properties) { $properties->{$k} = $option_properties->{$k}; } - + return $properties; }; @@ -124,7 +124,7 @@ __PACKAGE__->register_method({ if ($param->{delete}) { foreach my $opt (PVE::Tools::split_list($param->{delete})) { - raise_param_exc({ delete => "no such option '$opt'" }) + raise_param_exc({ delete => "no such option '$opt'" }) if !$option_properties->{$opt}; delete $hostfw_conf->{options}->{$opt}; } @@ -136,7 +136,7 @@ __PACKAGE__->register_method({ foreach my $k (keys %$option_properties) { next if !defined($param->{$k}); - $hostfw_conf->{options}->{$k} = $param->{$k}; + $hostfw_conf->{options}->{$k} = $param->{$k}; } PVE::Firewall::save_hostfw_conf($hostfw_conf); @@ -145,8 +145,8 @@ __PACKAGE__->register_method({ }}); __PACKAGE__->register_method({ - name => 'log', - path => 'log', + name => 'log', + path => 'log', method => 'GET', description => "Read firewall log", proxyto => 'node', @@ -172,7 +172,7 @@ __PACKAGE__->register_method({ }, returns => { type => 'array', - items => { + items => { type => "object", properties => { n => { @@ -196,8 +196,8 @@ __PACKAGE__->register_method({ my ($count, $lines) = PVE::Tools::dump_logfile("/var/log/pve-firewall.log", $param->{start}, $param->{limit}); $rpcenv->set_result_attrib('total', $count); - - return $lines; + + return $lines; }}); 1; diff --git a/src/PVE/API2/Firewall/IPSet.pm b/src/PVE/API2/Firewall/IPSet.pm index 068c1a4..e59a6f2 100644 --- a/src/PVE/API2/Firewall/IPSet.pm +++ b/src/PVE/API2/Firewall/IPSet.pm @@ -9,7 +9,7 @@ use PVE::Firewall; use base qw(PVE::RESTHandler); -my $api_properties = { +my $api_properties = { cidr => { description => "Network/IP specification in CIDR format.", type => 'string', format => 'IPorCIDRorAlias', @@ -41,7 +41,7 @@ sub save_config { sub rule_env { my ($class, $param) = @_; - + die "implement this in subclass"; } @@ -106,7 +106,7 @@ sub register_get_ipset { type => 'boolean', optional => 1, }, - digest => get_standard_option('pve-config-digest', { optional => 0} ), + digest => get_standard_option('pve-config-digest', { optional => 0} ), }, }, links => [ { rel => 'child', href => "{cidr}" } ], @@ -141,10 +141,10 @@ sub register_delete_ipset { returns => { type => 'null' }, code => sub { my ($param) = @_; - + my ($cluster_conf, $fw_conf, $ipset) = $class->load_config($param); - die "IPSet '$param->{name}' is not empty\n" + die "IPSet '$param->{name}' is not empty\n" if scalar(@$ipset); $class->save_ipset($param, $fw_conf, undef); @@ -181,9 +181,9 @@ sub register_create_ip { my ($cluster_conf, $fw_conf, $ipset) = $class->load_config($param); my $cidr = $param->{cidr}; - + foreach my $entry (@$ipset) { - raise_param_exc({ cidr => "address '$cidr' already exists" }) + raise_param_exc({ cidr => "address '$cidr' already exists" }) if $entry->{cidr} eq $cidr; } @@ -214,7 +214,7 @@ sub register_read_ip { $properties->{name} = $api_properties->{name}; $properties->{cidr} = $api_properties->{cidr}; - + $class->register_method({ name => 'read_ip', path => '{cidr}', @@ -318,13 +318,13 @@ sub register_delete_ip { PVE::Tools::assert_if_modified($digest, $param->{digest}); my $new = []; - + foreach my $entry (@$ipset) { push @$new, $entry if $entry->{cidr} ne $param->{cidr}; } $class->save_ipset($param, $fw_conf, $new); - + return undef; }}); } @@ -349,7 +349,7 @@ use base qw(PVE::API2::Firewall::IPSetBase); sub rule_env { my ($class, $param) = @_; - + return 'cluster'; } @@ -381,13 +381,13 @@ use base qw(PVE::API2::Firewall::IPSetBase); sub rule_env { my ($class, $param) = @_; - + return 'vm'; } -__PACKAGE__->additional_parameters({ +__PACKAGE__->additional_parameters({ node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid'), }); sub load_config { @@ -419,13 +419,13 @@ use base qw(PVE::API2::Firewall::IPSetBase); sub rule_env { my ($class, $param) = @_; - + return 'ct'; } -__PACKAGE__->additional_parameters({ +__PACKAGE__->additional_parameters({ node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid'), }); sub load_config { @@ -459,7 +459,7 @@ use base qw(PVE::RESTHandler); sub load_config { my ($class, $param) = @_; - + die "implement this in subclass"; #return ($cluster_conf, $fw_conf); @@ -473,7 +473,7 @@ sub save_config { sub rule_env { my ($class, $param) = @_; - + die "implement this in subclass"; } @@ -498,7 +498,7 @@ my $get_ipset_list = sub { my $res = []; foreach my $name (sort keys %{$fw_conf->{ipset}}) { - my $data = { + my $data = { name => $name, }; if (my $comment = $fw_conf->{ipset_comments}->{$name}) { @@ -531,10 +531,10 @@ sub register_index { type => 'array', items => { type => "object", - properties => { + properties => { name => get_standard_option('ipset-name'), digest => get_standard_option('pve-config-digest', { optional => 0} ), - comment => { + comment => { type => 'string', optional => 1, } @@ -544,10 +544,10 @@ sub register_index { }, code => sub { my ($param) = @_; - + my ($cluster_conf, $fw_conf) = $class->load_config($param); - return &$get_ipset_list($fw_conf); + return &$get_ipset_list($fw_conf); }}); } @@ -580,14 +580,14 @@ sub register_create { returns => { type => 'null' }, code => sub { my ($param) = @_; - + my ($cluster_conf, $fw_conf) = $class->load_config($param); if ($param->{rename}) { my (undef, $digest) = &$get_ipset_list($fw_conf); PVE::Tools::assert_if_modified($digest, $param->{digest}); - raise_param_exc({ name => "IPSet '$param->{rename}' does not exists" }) + raise_param_exc({ name => "IPSet '$param->{rename}' does not exist" }) if !$fw_conf->{ipset}->{$param->{rename}}; # prevent overwriting existing ipset @@ -601,9 +601,9 @@ sub register_create { $fw_conf->{ipset_comments}->{$param->{name}} = $comment; } $fw_conf->{ipset_comments}->{$param->{name}} = $param->{comment} if defined($param->{comment}); - } else { + } else { foreach my $name (keys %{$fw_conf->{ipset}}) { - raise_param_exc({ name => "IPSet '$name' already exists" }) + raise_param_exc({ name => "IPSet '$name' already exists" }) if $name eq $param->{name}; } @@ -634,13 +634,13 @@ use base qw(PVE::API2::Firewall::BaseIPSetList); sub rule_env { my ($class, $param) = @_; - + return 'cluster'; } sub load_config { my ($class, $param) = @_; - + my $cluster_conf = PVE::Firewall::load_clusterfw_conf(); return (undef, $cluster_conf); } @@ -654,10 +654,10 @@ sub save_config { __PACKAGE__->register_handlers(); __PACKAGE__->register_method ({ - subclass => "PVE::API2::Firewall::ClusterIPset", + subclass => "PVE::API2::Firewall::ClusterIPset", path => '{name}', - # set fragment delimiter (no subdirs) - we need that, because CIDR address contain a slash '/' - fragmentDelimiter => '', + # set fragment delimiter (no subdirs) - we need that, because CIDR address contain a slash '/' + fragmentDelimiter => '', }); package PVE::API2::Firewall::VMIPSetList; @@ -669,20 +669,20 @@ use PVE::Firewall; use base qw(PVE::API2::Firewall::BaseIPSetList); -__PACKAGE__->additional_parameters({ +__PACKAGE__->additional_parameters({ node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid'), }); sub rule_env { my ($class, $param) = @_; - + return 'vm'; } sub load_config { my ($class, $param) = @_; - + my $cluster_conf = PVE::Firewall::load_clusterfw_conf(); my $fw_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, 'vm', $param->{vmid}); return ($cluster_conf, $fw_conf); @@ -697,10 +697,10 @@ sub save_config { __PACKAGE__->register_handlers(); __PACKAGE__->register_method ({ - subclass => "PVE::API2::Firewall::VMIPset", + subclass => "PVE::API2::Firewall::VMIPset", path => '{name}', - # set fragment delimiter (no subdirs) - we need that, because CIDR address contain a slash '/' - fragmentDelimiter => '', + # set fragment delimiter (no subdirs) - we need that, because CIDR address contain a slash '/' + fragmentDelimiter => '', }); package PVE::API2::Firewall::CTIPSetList; @@ -712,20 +712,20 @@ use PVE::Firewall; use base qw(PVE::API2::Firewall::BaseIPSetList); -__PACKAGE__->additional_parameters({ +__PACKAGE__->additional_parameters({ node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid'), }); sub rule_env { my ($class, $param) = @_; - + return 'ct'; } sub load_config { my ($class, $param) = @_; - + my $cluster_conf = PVE::Firewall::load_clusterfw_conf(); my $fw_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, 'ct', $param->{vmid}); return ($cluster_conf, $fw_conf); @@ -740,10 +740,10 @@ sub save_config { __PACKAGE__->register_handlers(); __PACKAGE__->register_method ({ - subclass => "PVE::API2::Firewall::CTIPset", + subclass => "PVE::API2::Firewall::CTIPset", path => '{name}', - # set fragment delimiter (no subdirs) - we need that, because CIDR address contain a slash '/' - fragmentDelimiter => '', + # set fragment delimiter (no subdirs) - we need that, because CIDR address contain a slash '/' + fragmentDelimiter => '', }); 1; diff --git a/src/PVE/API2/Firewall/Rules.pm b/src/PVE/API2/Firewall/Rules.pm index f0bc562..0e93a4a 100644 --- a/src/PVE/API2/Firewall/Rules.pm +++ b/src/PVE/API2/Firewall/Rules.pm @@ -9,7 +9,7 @@ use PVE::Firewall; use base qw(PVE::RESTHandler); -my $api_properties = { +my $api_properties = { pos => { description => "Rule position.", type => 'integer', @@ -35,7 +35,7 @@ my $additional_param_hash = {}; sub rule_env { my ($class, $param) = @_; - + die "implement this in subclass"; } @@ -105,7 +105,7 @@ sub register_get_rule { my $properties = $class->additional_parameters(); $properties->{pos} = $api_properties->{pos}; - + my $rule_env = $class->rule_env(); $class->register_method({ @@ -182,9 +182,9 @@ sub register_get_rule { my ($cluster_conf, $fw_conf, $rules) = $class->load_config($param); my ($list, $digest) = PVE::Firewall::copy_list_with_digest($rules); - + die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$list); - + my $rule = $list->[$param->{pos}]; $rule->{pos} = $param->{pos}; @@ -200,7 +200,7 @@ sub register_create_rule { my $create_rule_properties = PVE::Firewall::add_rule_properties($properties); $create_rule_properties->{action}->{optional} = 0; $create_rule_properties->{type}->{optional} = 0; - + my $rule_env = $class->rule_env(); $class->register_method({ @@ -242,7 +242,7 @@ sub register_update_rule { my $properties = $class->additional_parameters(); $properties->{pos} = $api_properties->{pos}; - + my $rule_env = $class->rule_env(); $properties->{moveto} = { @@ -282,7 +282,7 @@ sub register_update_rule { PVE::Tools::assert_if_modified($digest, $param->{digest}); die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules); - + my $rule = $rules->[$param->{pos}]; my $moveto = $param->{moveto}; @@ -299,7 +299,7 @@ sub register_update_rule { $rules = $newrules; } else { PVE::Firewall::copy_rule_data($rule, $param); - + PVE::Firewall::delete_rule_properties($rule, $param->{'delete'}) if $param->{'delete'}; PVE::Firewall::verify_rule($rule, $cluster_conf, $fw_conf, $class->rule_env()); @@ -319,7 +319,7 @@ sub register_delete_rule { $properties->{pos} = $api_properties->{pos}; $properties->{digest} = get_standard_option('pve-config-digest'); - + my $rule_env = $class->rule_env(); $class->register_method({ @@ -342,11 +342,11 @@ sub register_delete_rule { my (undef, $digest) = PVE::Firewall::copy_list_with_digest($rules); PVE::Tools::assert_if_modified($digest, $param->{digest}); - + die "no rule at position $param->{pos}\n" if $param->{pos} >= scalar(@$rules); - + splice(@$rules, $param->{pos}, 1); - + $class->save_rules($param, $fw_conf, $rules); return undef; @@ -376,7 +376,7 @@ __PACKAGE__->additional_parameters({ group => get_standard_option('pve-security- sub rule_env { my ($class, $param) = @_; - + return 'group'; } @@ -413,17 +413,17 @@ __PACKAGE__->register_method({ }, parameters => { additionalProperties => 0, - properties => { + properties => { group => get_standard_option('pve-security-group-name'), }, }, returns => { type => 'null' }, code => sub { my ($param) = @_; - + my (undef, $cluster_conf, $rules) = __PACKAGE__->load_config($param); - die "Security group '$param->{group}' is not empty\n" + die "Security group '$param->{group}' is not empty\n" if scalar(@$rules); __PACKAGE__->save_rules($param, $cluster_conf, undef); @@ -442,7 +442,7 @@ use base qw(PVE::API2::Firewall::RulesBase); sub rule_env { my ($class, $param) = @_; - + return 'cluster'; } @@ -476,7 +476,7 @@ __PACKAGE__->additional_parameters({ node => get_standard_option('pve-node')}); sub rule_env { my ($class, $param) = @_; - + return 'host'; } @@ -507,14 +507,14 @@ use PVE::JSONSchema qw(get_standard_option); use base qw(PVE::API2::Firewall::RulesBase); -__PACKAGE__->additional_parameters({ +__PACKAGE__->additional_parameters({ node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid'), }); sub rule_env { my ($class, $param) = @_; - + return 'vm'; } @@ -545,14 +545,14 @@ use PVE::JSONSchema qw(get_standard_option); use base qw(PVE::API2::Firewall::RulesBase); -__PACKAGE__->additional_parameters({ +__PACKAGE__->additional_parameters({ node => get_standard_option('pve-node'), - vmid => get_standard_option('pve-vmid'), + vmid => get_standard_option('pve-vmid'), }); sub rule_env { my ($class, $param) = @_; - + return 'ct'; } diff --git a/src/PVE/API2/Firewall/VM.pm b/src/PVE/API2/Firewall/VM.pm index 2341b91..5b9b6dd 100644 --- a/src/PVE/API2/Firewall/VM.pm +++ b/src/PVE/API2/Firewall/VM.pm @@ -21,7 +21,7 @@ my $add_option_properties = sub { foreach my $k (keys %$option_properties) { $properties->{$k} = $option_properties->{$k}; } - + return $properties; }; @@ -130,7 +130,7 @@ sub register_handlers { if ($param->{delete}) { foreach my $opt (PVE::Tools::split_list($param->{delete})) { - raise_param_exc({ delete => "no such option '$opt'" }) + raise_param_exc({ delete => "no such option '$opt'" }) if !$option_properties->{$opt}; delete $vmfw_conf->{options}->{$opt}; } @@ -142,17 +142,17 @@ sub register_handlers { foreach my $k (keys %$option_properties) { next if !defined($param->{$k}); - $vmfw_conf->{options}->{$k} = $param->{$k}; + $vmfw_conf->{options}->{$k} = $param->{$k}; } PVE::Firewall::save_vmfw_conf($param->{vmid}, $vmfw_conf); - + return undef; }}); $class->register_method({ - name => 'log', - path => 'log', + name => 'log', + path => 'log', method => 'GET', description => "Read firewall log", proxyto => 'node', @@ -179,7 +179,7 @@ sub register_handlers { }, returns => { type => 'array', - items => { + items => { type => "object", properties => { n => { @@ -200,13 +200,13 @@ sub register_handlers { my $user = $rpcenv->get_user(); my $vmid = $param->{vmid}; - my ($count, $lines) = PVE::Tools::dump_logfile("/var/log/pve-firewall.log", + my ($count, $lines) = PVE::Tools::dump_logfile("/var/log/pve-firewall.log", $param->{start}, $param->{limit}, "^$vmid "); - + $rpcenv->set_result_attrib('total', $count); - - return $lines; + + return $lines; }}); @@ -235,7 +235,7 @@ sub register_handlers { type => 'array', items => { type => "object", - properties => { + properties => { type => { type => 'string', enum => ['alias', 'ipset'], @@ -243,7 +243,7 @@ sub register_handlers { name => { type => 'string', }, - comment => { + comment => { type => 'string', optional => 1, }, @@ -252,7 +252,7 @@ sub register_handlers { }, code => sub { my ($param) = @_; - + my $cluster_conf = PVE::Firewall::load_clusterfw_conf(); my $fw_conf = PVE::Firewall::load_vmfw_conf($cluster_conf, $rule_env, $param->{vmid}); @@ -263,7 +263,7 @@ sub register_handlers { next if !$conf; if (!$param->{type} || $param->{type} eq 'ipset') { foreach my $name (keys %{$conf->{ipset}}) { - my $data = { + my $data = { type => 'ipset', name => $name, ref => "+$name", @@ -278,7 +278,7 @@ sub register_handlers { if (!$param->{type} || $param->{type} eq 'alias') { foreach my $name (keys %{$conf->{aliases}}) { my $e = $conf->{aliases}->{$name}; - my $data = { + my $data = { type => 'alias', name => $name, ref => $name, @@ -292,8 +292,8 @@ sub register_handlers { my $res = []; foreach my $e (values %$ipsets) { push @$res, $e; }; foreach my $e (values %$aliases) { push @$res, $e; }; - - return $res; + + return $res; }}); } @@ -305,17 +305,17 @@ use warnings; use base qw(PVE::API2::Firewall::VMBase); __PACKAGE__->register_method ({ - subclass => "PVE::API2::Firewall::VMRules", + subclass => "PVE::API2::Firewall::VMRules", path => 'rules', }); __PACKAGE__->register_method ({ - subclass => "PVE::API2::Firewall::VMAliases", + subclass => "PVE::API2::Firewall::VMAliases", path => 'aliases', }); __PACKAGE__->register_method ({ - subclass => "PVE::API2::Firewall::VMIPSetList", + subclass => "PVE::API2::Firewall::VMIPSetList", path => 'ipset', }); @@ -329,17 +329,17 @@ use warnings; use base qw(PVE::API2::Firewall::VMBase); __PACKAGE__->register_method ({ - subclass => "PVE::API2::Firewall::CTRules", + subclass => "PVE::API2::Firewall::CTRules", path => 'rules', }); __PACKAGE__->register_method ({ - subclass => "PVE::API2::Firewall::CTAliases", + subclass => "PVE::API2::Firewall::CTAliases", path => 'aliases', }); __PACKAGE__->register_method ({ - subclass => "PVE::API2::Firewall::CTIPSetList", + subclass => "PVE::API2::Firewall::CTIPSetList", path => 'ipset', }); diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index ae67bcd..4a534d0 100644 --- a/src/PVE/Firewall.pm +++ b/src/PVE/Firewall.pm @@ -978,8 +978,8 @@ sub local_network { } # ipset names are limited to 31 characters, -# and we use '-v4' or '-v6' to indicate IP versions, -# and we use '_swap' suffix for atomic update, +# and we use '-v4' or '-v6' to indicate IP versions, +# and we use '_swap' suffix for atomic update, # for example PVEFW-${VMID}-${ipset_name}_swap my $max_iptables_ipset_name_length = 31 - length("PVEFW-") - length("_swap"); @@ -1672,7 +1672,7 @@ sub verify_rule { } if ($rule->{source}) { - eval { + eval { my $source_ipversion = parse_address_list($rule->{source}); &$set_ip_version($source_ipversion); }; @@ -1681,8 +1681,8 @@ sub verify_rule { } if ($rule->{dest}) { - eval { - my $dest_ipversion = parse_address_list($rule->{dest}); + eval { + my $dest_ipversion = parse_address_list($rule->{dest}); &$set_ip_version($dest_ipversion); }; &$add_error('dest', $@) if $@; @@ -2260,7 +2260,7 @@ sub ruleset_create_vm_chain { if (!(defined($options->{dhcp}) && $options->{dhcp} == 0)) { if ($ipversion == 4) { if ($direction eq 'OUT') { - ruleset_generate_rule($ruleset, $chain, $ipversion, + ruleset_generate_rule($ruleset, $chain, $ipversion, { action => 'PVEFW-SET-ACCEPT-MARK', proto => 'udp', sport => 68, dport => 67 }); } else { @@ -2838,7 +2838,7 @@ sub parse_ip_or_cidr { my ($cidr) = @_; my $ipversion; - + if ($cidr =~ m!^(?:$IPV6RE)(/(\d+))?$!) { $cidr =~ s|/128$||; $ipversion = 6; @@ -2925,7 +2925,7 @@ sub generic_fw_config_parser { warn "$prefix: $err"; next; } - + $res->{$section}->{$group} = []; $res->{group_comments}->{$group} = decode('utf8', $comment) if $comment; @@ -2941,7 +2941,7 @@ sub generic_fw_config_parser { $section = 'ipset'; $group = lc($1); my $comment = $2; - eval { + eval { die "ipset name too long\n" if length($group) > $max_ipset_name_length; die "invalid ipset name '$group'\n" if $group !~ m/^${ipset_name_pattern}$/; }; @@ -3010,7 +3010,7 @@ sub generic_fw_config_parser { $errors->{nomatch} = "nomatch not supported by kernel"; } - eval { + eval { if ($cidr =~ m/^${ip_alias_pattern}$/) { resolve_alias($cluster_conf, $res, $cidr); # make sure alias exists } else { @@ -3188,7 +3188,7 @@ my $format_aliases = sub { my $format_ipsets = sub { my ($fw_conf) = @_; - + my $raw = ''; foreach my $ipset (sort keys %{$fw_conf->{ipset}}) { @@ -3279,12 +3279,12 @@ sub read_vm_firewall_configs { foreach my $vmid (keys %{$vmdata->{qemu}}) { my $vmfw_conf = load_vmfw_conf($cluster_conf, 'vm', $vmid, $dir); - next if !$vmfw_conf->{options}; # skip if file does not exists + next if !$vmfw_conf->{options}; # skip if file does not exist $vmfw_configs->{$vmid} = $vmfw_conf; } foreach my $vmid (keys %{$vmdata->{lxc}}) { my $vmfw_conf = load_vmfw_conf($cluster_conf, 'ct', $vmid, $dir); - next if !$vmfw_conf->{options}; # skip if file does not exists + next if !$vmfw_conf->{options}; # skip if file does not exist $vmfw_configs->{$vmid} = $vmfw_conf; } @@ -3475,7 +3475,7 @@ sub save_clusterfw_conf { $raw .= &$format_aliases($aliases) if $aliases && scalar(keys %$aliases); $raw .= &$format_ipsets($cluster_conf) if $cluster_conf->{ipset}; - + my $rules = $cluster_conf->{rules}; if ($rules && scalar(@$rules)) { $raw .= "[RULES]\n\n"; @@ -3728,7 +3728,7 @@ sub compile_ipsets { my $localnet_ver; ($localnet, $localnet_ver) = parse_ip_or_cidr(local_network() || '127.0.0.0/8'); - $cluster_conf->{aliases}->{local_network} = { + $cluster_conf->{aliases}->{local_network} = { name => 'local_network', cidr => $localnet, ipversion => $localnet_ver }; } @@ -4441,7 +4441,7 @@ sub remove_pvefw_chains_ipset { my $ipset_chains = ipset_get_chains(); my $cmdlist = ""; - + foreach my $chain (keys %$ipset_chains) { $cmdlist .= "flush $chain\n"; $cmdlist .= "destroy $chain\n"; diff --git a/src/PVE/FirewallSimulator.pm b/src/PVE/FirewallSimulator.pm index 188c38f..4f46b74 100644 --- a/src/PVE/FirewallSimulator.pm +++ b/src/PVE/FirewallSimulator.pm @@ -34,7 +34,7 @@ sub debug { return $debug; } - + sub reset_trace { $trace = ''; } @@ -120,22 +120,22 @@ sub rule_match { return undef if $cstate eq 'INVALID'; # no match return undef if $cstate eq 'RELATED,ESTABLISHED'; # no match - + next if $cstate =~ m/NEW/; - + die "cstate test '$cstate' not implemented\n"; } if ($rule =~ s/^-m addrtype --src-type (\S+)\s*//) { my $atype = $1; - die "missing source address type (srctype)\n" + die "missing source address type (srctype)\n" if !$pkg->{srctype}; return undef if $atype ne $pkg->{srctype}; } if ($rule =~ s/^-m addrtype --dst-type (\S+)\s*//) { my $atype = $1; - die "missing destination address type (dsttype)\n" + die "missing destination address type (dsttype)\n" if !$pkg->{dsttype}; return undef if $atype ne $pkg->{dsttype}; } @@ -178,7 +178,7 @@ sub rule_match { return undef if !$ip->overlaps(Net::IP->new($pkg->{source})); # no match next; } - + if ($rule =~ s/^-d (\S+)\s*//) { die "missing destination" if !$pkg->{dest}; my $ip = Net::IP->new($1); @@ -248,7 +248,7 @@ sub rule_match { } if ($rule =~ s/^-j NFLOG --nflog-prefix \"[^\"]+\"$//) { - return undef; + return undef; } last; @@ -261,7 +261,7 @@ sub ruleset_simulate_chain { my ($ruleset, $ipset_ruleset, $chain, $pkg) = @_; add_trace("ENTER chain $chain\n"); - + my $counter = 0; if ($chain eq 'PVEFW-Drop') { @@ -289,7 +289,7 @@ sub ruleset_simulate_chain { next; } add_trace("MATCH: $rule\n"); - + if ($action eq 'ACCEPT' || $action eq 'DROP' || $action eq 'REJECT') { add_trace("TERMINATE chain $chain: $action\n"); return ($action, $counter); @@ -382,7 +382,7 @@ sub route_packet { $pkg->{iface_out} = $from_info->{fwbr} || die 'internal error'; $pkg->{physdev_in} = $from_info->{tapdev} || die 'internal error'; $pkg->{physdev_out} = $from_info->{fwln} || die 'internal error'; - + } elsif ($route_state eq 'fwbr-in') { $chain = 'PVEFW-FORWARD'; @@ -393,7 +393,7 @@ sub route_packet { $pkg->{physdev_out} = $target->{tapdev} || die 'internal error'; } elsif ($route_state =~ m/^vmbr\d+$/) { - + die "missing physdev_in - internal error?" if !$physdev_in; $pkg->{physdev_in} = $physdev_in; @@ -443,7 +443,7 @@ sub route_packet { my ($res, $ctr) = ruleset_simulate_chain($ruleset, $ipset_ruleset, $chain, $pkg); $rule_check_counter += $ctr; return ($res, $ipt_invocation_counter, $rule_check_counter) if $res ne 'ACCEPT'; - } + } $route_state = $next_route_state; @@ -494,9 +494,9 @@ sub simulate_firewall { my $from = $test->{from} || die "missing 'from' field"; my $to = $test->{to} || die "missing 'to' field"; my $action = $test->{action} || die "missing 'action'"; - + my $testid = $test->{id}; - + die "from/to needs to be different" if $from eq $to; my $pkg = { @@ -545,14 +545,14 @@ sub simulate_firewall { return 'SKIPPED' if !$have_lxc; my $vmid = $1; $from_info = extract_ct_info($vmdata, $vmid, 0); - $start_state = 'fwbr-out'; + $start_state = 'fwbr-out'; $pkg->{mac_source} = $from_info->{macaddr}; } elsif ($from =~ m/^vm(\d+)(i(\d))?$/) { return 'SKIPPED' if !$have_qemu_server; my $vmid = $1; my $netnum = $3 || 0; $from_info = extract_vm_info($vmdata, $vmid, $netnum); - $start_state = 'fwbr-out'; + $start_state = 'fwbr-out'; $pkg->{mac_source} = $from_info->{macaddr}; } else { die "unable to parse \"from => '$from'\"\n"; @@ -593,16 +593,16 @@ sub simulate_firewall { $pkg->{source} = '100.100.1.2' if !defined($pkg->{source}); $pkg->{dest} = '100.200.3.4' if !defined($pkg->{dest}); - my ($res, $ic, $rc) = route_packet($ruleset, $ipset_ruleset, $pkg, + my ($res, $ic, $rc) = route_packet($ruleset, $ipset_ruleset, $pkg, $from_info, $target, $start_state); add_trace("IPT statistics: invocation = $ic, checks = $rc\n"); - + return $res if $action eq 'QUERY'; die "test failed ($res != $action)\n" if $action ne $res; - return undef; + return undef; } 1;