From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH pve-firewall v3 11/18] firewall: move to arrow syntax for calling functions
Date: Tue, 12 Nov 2024 13:26:08 +0100 [thread overview]
Message-ID: <20241112122615.88854-12-s.hanreich@proxmox.com> (raw)
In-Reply-To: <20241112122615.88854-1-s.hanreich@proxmox.com>
Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
src/PVE/Firewall.pm | 80 ++++++++++++++++++++++-----------------------
1 file changed, 40 insertions(+), 40 deletions(-)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 4a13926..efd53fc 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1727,18 +1727,18 @@ sub verify_rule {
if (my $value = $rule->{$name}) {
if ($value =~ m/^\+/) {
if ($value =~ m@^\+(guest/|dc/|sdn/)?(${ipset_name_pattern})$@) {
- &$add_error($name, "no such ipset '$2'")
+ $add_error->($name, "no such ipset '$2'")
if !($cluster_conf->{ipset}->{$2}
|| ($fw_conf && $fw_conf->{ipset}->{$2})
|| ($cluster_conf->{sdn} && $cluster_conf->{sdn}->{ipset}->{$2}));
} else {
- &$add_error($name, "invalid ipset name '$value'");
+ $add_error->($name, "invalid ipset name '$value'");
}
} elsif ($value =~ m@^(guest/|dc/)?(${ip_alias_pattern})$@){
my $scope = $1 // "";
my $alias = lc($2);
- &$add_error($name, "no such alias '$value'")
+ $add_error->($name, "no such alias '$value'")
if !($cluster_conf->{aliases}->{$alias} || ($fw_conf && $fw_conf->{aliases}->{$alias}));
my $e;
@@ -1757,8 +1757,8 @@ sub verify_rule {
my $type = $rule->{type};
my $action = $rule->{action};
- &$add_error('type', "missing property") if !$type;
- &$add_error('action', "missing property") if !$action;
+ $add_error->('type', "missing property") if !$type;
+ $add_error->('action', "missing property") if !$action;
if ($type) {
my $valid_types = $rule_env_direction_lookup->{$rule_env}
@@ -1774,22 +1774,22 @@ sub verify_rule {
$add_error->('action', "unknown action '$action'")
if $action && ($action !~ m/^(ACCEPT|DROP|REJECT)$/);
} elsif ($type eq 'group') {
- &$add_error('type', "security groups not allowed")
+ $add_error->('type', "security groups not allowed")
if !$allow_groups;
- &$add_error('action', "invalid characters in security group name")
+ $add_error->('action', "invalid characters in security group name")
if $action && ($action !~ m/^${security_group_name_pattern}$/);
} else {
- &$add_error('type', "unknown rule type '$type'");
+ $add_error->('type', "unknown rule type '$type'");
}
}
if ($rule->{iface}) {
- &$add_error('type', "parameter -i not allowed for this rule type")
+ $add_error->('type', "parameter -i not allowed for this rule type")
if !$allow_iface;
eval { PVE::JSONSchema::pve_verify_iface($rule->{iface}); };
- &$add_error('iface', $@) if $@;
+ $add_error->('iface', $@) if $@;
if ($rule_env eq 'vm' || $rule_env eq 'ct') {
- &$add_error('iface', "value does not match the regex pattern 'net\\d+'")
+ $add_error->('iface', "value does not match the regex pattern 'net\\d+'")
if $rule->{iface} !~ m/^net(\d+)$/;
}
}
@@ -1798,14 +1798,14 @@ sub verify_rule {
if (my $preferred_name = $pve_fw_preferred_macro_names->{lc($rule->{macro})}) {
$rule->{macro} = $preferred_name;
} else {
- &$add_error('macro', "unknown macro '$rule->{macro}'");
+ $add_error->('macro', "unknown macro '$rule->{macro}'");
}
}
my $is_icmp = 0;
if ($rule->{proto}) {
eval { pve_fw_verify_protocol_spec($rule->{proto}); };
- &$add_error('proto', $@) if $@;
+ $add_error->('proto', $@) if $@;
&$set_ip_version(4) if $rule->{proto} eq 'icmp';
&$set_ip_version(6) if $rule->{proto} eq 'icmpv6';
&$set_ip_version(6) if $rule->{proto} eq 'ipv6-icmp';
@@ -1814,34 +1814,34 @@ sub verify_rule {
if ($rule->{dport}) {
eval { parse_port_name_number_or_range($rule->{dport}, $is_icmp); };
- &$add_error('dport', $@) if $@;
+ $add_error->('dport', $@) if $@;
my $proto = $rule->{proto};
- &$add_error('proto', "missing property - 'dport' requires this property")
+ $add_error->('proto', "missing property - 'dport' requires this property")
if !$proto;
- &$add_error('dport', "protocol '$proto' does not support ports")
+ $add_error->('dport', "protocol '$proto' does not support ports")
if !$PROTOCOLS_WITH_PORTS->{$proto} && !$is_icmp; #special cases
}
if (my $icmp_type = $rule ->{'icmp-type'}) {
my $proto = $rule->{proto};
- &$add_error('proto', "missing property - 'icmp-type' requires this property")
+ $add_error->('proto', "missing property - 'icmp-type' requires this property")
if !$is_icmp;
- &$add_error('icmp-type', "'icmp-type' cannot be specified together with 'dport'")
+ $add_error->('icmp-type', "'icmp-type' cannot be specified together with 'dport'")
if $rule->{dport};
if ($proto eq 'icmp' && !$icmp_type_names->{$icmp_type}) {
- &$add_error('icmp-type', "invalid icmp-type '$icmp_type' for proto 'icmp'");
+ $add_error->('icmp-type', "invalid icmp-type '$icmp_type' for proto 'icmp'");
} elsif (($proto eq 'icmpv6' || $proto eq 'ipv6-icmp') && !$icmpv6_type_names->{$icmp_type}) {
- &$add_error('icmp-type', "invalid icmp-type '$icmp_type' for proto '$proto'");
+ $add_error->('icmp-type', "invalid icmp-type '$icmp_type' for proto '$proto'");
}
}
if ($rule->{sport}) {
eval { parse_port_name_number_or_range($rule->{sport}, 0); };
- &$add_error('sport', $@) if $@;
+ $add_error->('sport', $@) if $@;
my $proto = $rule->{proto};
- &$add_error('proto', "missing property - 'sport' requires this property")
+ $add_error->('proto', "missing property - 'sport' requires this property")
if !$proto;
- &$add_error('sport', "protocol '$proto' does not support ports")
+ $add_error->('sport', "protocol '$proto' does not support ports")
if !$PROTOCOLS_WITH_PORTS->{$proto};
}
@@ -1850,7 +1850,7 @@ sub verify_rule {
my $source_ipversion = parse_address_list($rule->{source});
&$set_ip_version($source_ipversion);
};
- &$add_error('source', $@) if $@;
+ $add_error->('source', $@) if $@;
&$check_ipset_or_alias_property('source', $ipversion);
}
@@ -1859,7 +1859,7 @@ sub verify_rule {
my $dest_ipversion = parse_address_list($rule->{dest});
&$set_ip_version($dest_ipversion);
};
- &$add_error('dest', $@) if $@;
+ $add_error->('dest', $@) if $@;
&$check_ipset_or_alias_property('dest', $ipversion);
}
@@ -1871,10 +1871,10 @@ sub verify_rule {
if (ref($err) eq "PVE::Exception" && $err->{errors}) {
my $eh = $err->{errors};
foreach my $p (keys %$eh) {
- &$add_error($p, $eh->{$p});
+ $add_error->($p, $eh->{$p});
}
} else {
- &$add_error('macro', "$err");
+ $add_error->('macro', "$err");
}
}
}
@@ -3508,17 +3508,17 @@ sub save_vmfw_conf {
my $raw = '';
my $options = $vmfw_conf->{options};
- $raw .= &$format_options($options) if $options && scalar(keys %$options);
+ $raw .= $format_options->($options) if $options && scalar(keys %$options);
my $aliases = $vmfw_conf->{aliases};
- $raw .= &$format_aliases($aliases) if $aliases && scalar(keys %$aliases);
+ $raw .= $format_aliases->($aliases) if $aliases && scalar(keys %$aliases);
- $raw .= &$format_ipsets($vmfw_conf) if $vmfw_conf->{ipset};
+ $raw .= $format_ipsets->($vmfw_conf) if $vmfw_conf->{ipset};
my $rules = $vmfw_conf->{rules} || [];
if ($rules && scalar(@$rules)) {
$raw .= "[RULES]\n\n";
- $raw .= &$format_rules($rules, 1);
+ $raw .= $format_rules->($rules, 1);
$raw .= "\n";
}
@@ -3792,17 +3792,17 @@ sub save_clusterfw_conf {
my $raw = '';
my $options = $cluster_conf->{options};
- $raw .= &$format_options($options) if $options && scalar(keys %$options);
+ $raw .= $format_options->($options) if $options && scalar(keys %$options);
my $aliases = $cluster_conf->{aliases};
- $raw .= &$format_aliases($aliases) if $aliases && scalar(keys %$aliases);
+ $raw .= $format_aliases->($aliases) if $aliases && scalar(keys %$aliases);
- $raw .= &$format_ipsets($cluster_conf) if $cluster_conf->{ipset};
+ $raw .= $format_ipsets->($cluster_conf) if $cluster_conf->{ipset};
my $rules = $cluster_conf->{rules};
if ($rules && scalar(@$rules)) {
$raw .= "[RULES]\n\n";
- $raw .= &$format_rules($rules, 1);
+ $raw .= $format_rules->($rules, 1);
$raw .= "\n";
}
@@ -3816,7 +3816,7 @@ sub save_clusterfw_conf {
$raw .= "[group $group]\n\n";
}
- $raw .= &$format_rules($rules, 0);
+ $raw .= $format_rules->($rules, 0);
$raw .= "\n";
}
}
@@ -3857,12 +3857,12 @@ sub save_hostfw_conf {
my $raw = '';
my $options = $hostfw_conf->{options};
- $raw .= &$format_options($options) if $options && scalar(keys %$options);
+ $raw .= $format_options->($options) if $options && scalar(keys %$options);
my $rules = $hostfw_conf->{rules};
if ($rules && scalar(@$rules)) {
$raw .= "[RULES]\n\n";
- $raw .= &$format_rules($rules, 1);
+ $raw .= $format_rules->($rules, 1);
$raw .= "\n";
}
@@ -3899,12 +3899,12 @@ sub save_vnetfw_conf {
my $raw = '';
my $options = $conf->{options};
- $raw .= &$format_options($options) if $options && scalar(keys %$options);
+ $raw .= $format_options->($options) if $options && scalar(keys %$options);
my $rules = $conf->{rules};
if ($rules && scalar(@$rules)) {
$raw .= "[RULES]\n\n";
- $raw .= &$format_rules($rules, 1);
+ $raw .= $format_rules->($rules, 1);
$raw .= "\n";
}
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2024-11-12 12:28 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-12 12:25 [pve-devel] [PATCH docs/firewall/manager/network/proxmox{-ve-rs, -firewall} v3 00/18] add forward chain firewalling for hosts and vnets Stefan Hanreich
2024-11-12 12:25 ` [pve-devel] [PATCH proxmox-ve-rs v3 01/18] firewall: add forward direction Stefan Hanreich
2024-11-12 12:25 ` [pve-devel] [PATCH proxmox-ve-rs v3 02/18] firewall: add bridge firewall config parser Stefan Hanreich
2024-11-12 12:26 ` [pve-devel] [PATCH proxmox-ve-rs v3 03/18] config: firewall: add tests for interface and directions Stefan Hanreich
2024-11-12 12:26 ` [pve-devel] [PATCH proxmox-ve-rs v3 04/18] host: add struct representing bridge names Stefan Hanreich
2024-11-12 12:26 ` [pve-devel] [PATCH proxmox-firewall v3 05/18] nftables: derive additional traits for nftables types Stefan Hanreich
2024-11-12 12:26 ` [pve-devel] [PATCH proxmox-firewall v3 06/18] sdn: add support for loading vnet-level firewall config Stefan Hanreich
2024-11-12 12:26 ` [pve-devel] [PATCH proxmox-firewall v3 07/18] sdn: create forward firewall rules Stefan Hanreich
2024-11-12 12:26 ` [pve-devel] [PATCH proxmox-firewall v3 08/18] use std::mem::take over drain() Stefan Hanreich
2024-11-12 12:26 ` [pve-devel] [PATCH pve-firewall v3 09/18] sdn: add vnet firewall configuration Stefan Hanreich
2024-11-12 12:26 ` [pve-devel] [PATCH pve-firewall v3 10/18] api: add vnet endpoints Stefan Hanreich
2024-11-12 12:26 ` Stefan Hanreich [this message]
2024-11-12 12:26 ` [pve-devel] [PATCH pve-manager v3 12/18] firewall: add forward direction to rule panel Stefan Hanreich
2024-11-12 12:26 ` [pve-devel] [PATCH pve-manager v3 13/18] firewall: add vnet to firewall options component Stefan Hanreich
2024-11-12 12:26 ` [pve-devel] [PATCH pve-manager v3 14/18] firewall: make base_url dynamically configurable in " Stefan Hanreich
2024-11-12 12:26 ` [pve-devel] [PATCH pve-manager v3 15/18] sdn: add firewall panel Stefan Hanreich
2024-11-12 12:26 ` [pve-devel] [PATCH pve-manager v3 16/18] firewall: rules: show warning when creating forward rules Stefan Hanreich
2024-11-12 12:26 ` [pve-devel] [PATCH pve-network v3 17/18] firewall: add endpoints for vnet-level firewall Stefan Hanreich
2024-11-12 12:26 ` [pve-devel] [PATCH pve-docs v3 18/18] firewall: add documentation for forward direction Stefan Hanreich
2024-11-13 15:37 ` Hannes Duerr
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241112122615.88854-12-s.hanreich@proxmox.com \
--to=s.hanreich@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox