From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 3A6C81FF168
	for <inbox@lore.proxmox.com>; Tue, 12 Nov 2024 13:28:23 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id F30FF1F9DD;
	Tue, 12 Nov 2024 13:26:30 +0100 (CET)
From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Tue, 12 Nov 2024 13:26:08 +0100
Message-Id: <20241112122615.88854-12-s.hanreich@proxmox.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20241112122615.88854-1-s.hanreich@proxmox.com>
References: <20241112122615.88854-1-s.hanreich@proxmox.com>
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.242 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery
 methods
 RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_NONE                0.001 SPF: sender does not publish an SPF Record
Subject: [pve-devel] [PATCH pve-firewall v3 11/18] firewall: move to arrow
 syntax for calling functions
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
 src/PVE/Firewall.pm | 80 ++++++++++++++++++++++-----------------------
 1 file changed, 40 insertions(+), 40 deletions(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 4a13926..efd53fc 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1727,18 +1727,18 @@ sub verify_rule {
 	if (my $value = $rule->{$name}) {
 	    if ($value =~ m/^\+/) {
 		if ($value =~ m@^\+(guest/|dc/|sdn/)?(${ipset_name_pattern})$@) {
-		    &$add_error($name, "no such ipset '$2'")
+		    $add_error->($name, "no such ipset '$2'")
 			if !($cluster_conf->{ipset}->{$2}
 			    || ($fw_conf && $fw_conf->{ipset}->{$2})
 			    || ($cluster_conf->{sdn} && $cluster_conf->{sdn}->{ipset}->{$2}));
 
 		} else {
-		    &$add_error($name, "invalid ipset name '$value'");
+		    $add_error->($name, "invalid ipset name '$value'");
 		}
 	    } elsif ($value =~ m@^(guest/|dc/)?(${ip_alias_pattern})$@){
 		my $scope = $1 // "";
 		my $alias = lc($2);
-		&$add_error($name, "no such alias '$value'")
+		$add_error->($name, "no such alias '$value'")
 		    if !($cluster_conf->{aliases}->{$alias} || ($fw_conf && $fw_conf->{aliases}->{$alias}));
 
 		my $e;
@@ -1757,8 +1757,8 @@ sub verify_rule {
     my $type = $rule->{type};
     my $action = $rule->{action};
 
-    &$add_error('type', "missing property") if !$type;
-    &$add_error('action', "missing property") if !$action;
+    $add_error->('type', "missing property") if !$type;
+    $add_error->('action', "missing property") if !$action;
 
     if ($type) {
 	my $valid_types = $rule_env_direction_lookup->{$rule_env}
@@ -1774,22 +1774,22 @@ sub verify_rule {
 	    $add_error->('action', "unknown action '$action'")
 		if $action && ($action !~ m/^(ACCEPT|DROP|REJECT)$/);
 	} elsif ($type eq 'group') {
-	    &$add_error('type', "security groups not allowed")
+	    $add_error->('type', "security groups not allowed")
 		if !$allow_groups;
-	    &$add_error('action', "invalid characters in security group name")
+	    $add_error->('action', "invalid characters in security group name")
 		if $action && ($action !~ m/^${security_group_name_pattern}$/);
 	} else {
-	    &$add_error('type', "unknown rule type '$type'");
+	    $add_error->('type', "unknown rule type '$type'");
 	}
     }
 
     if ($rule->{iface}) {
-	&$add_error('type', "parameter -i not allowed for this rule type")
+	$add_error->('type', "parameter -i not allowed for this rule type")
 	    if !$allow_iface;
 	eval { PVE::JSONSchema::pve_verify_iface($rule->{iface}); };
-	&$add_error('iface', $@) if $@;
+	$add_error->('iface', $@) if $@;
     	if ($rule_env eq 'vm' || $rule_env eq 'ct') {
-	    &$add_error('iface', "value does not match the regex pattern 'net\\d+'")
+	    $add_error->('iface', "value does not match the regex pattern 'net\\d+'")
 		if $rule->{iface} !~  m/^net(\d+)$/;
 	}
     }
@@ -1798,14 +1798,14 @@ sub verify_rule {
 	if (my $preferred_name = $pve_fw_preferred_macro_names->{lc($rule->{macro})}) {
 	    $rule->{macro} = $preferred_name;
 	} else {
-	    &$add_error('macro', "unknown macro '$rule->{macro}'");
+	    $add_error->('macro', "unknown macro '$rule->{macro}'");
 	}
     }
 
     my $is_icmp = 0;
     if ($rule->{proto}) {
 	eval { pve_fw_verify_protocol_spec($rule->{proto}); };
-	&$add_error('proto', $@) if $@;
+	$add_error->('proto', $@) if $@;
 	&$set_ip_version(4) if $rule->{proto} eq 'icmp';
 	&$set_ip_version(6) if $rule->{proto} eq 'icmpv6';
 	&$set_ip_version(6) if $rule->{proto} eq 'ipv6-icmp';
@@ -1814,34 +1814,34 @@ sub verify_rule {
 
     if ($rule->{dport}) {
 	eval { parse_port_name_number_or_range($rule->{dport}, $is_icmp); };
-	&$add_error('dport', $@) if $@;
+	$add_error->('dport', $@) if $@;
 	my $proto = $rule->{proto};
-	&$add_error('proto', "missing property - 'dport' requires this property")
+	$add_error->('proto', "missing property - 'dport' requires this property")
 	    if !$proto;
-	&$add_error('dport', "protocol '$proto' does not support ports")
+	$add_error->('dport', "protocol '$proto' does not support ports")
 	    if !$PROTOCOLS_WITH_PORTS->{$proto} && !$is_icmp; #special cases
     }
 
     if (my $icmp_type = $rule ->{'icmp-type'}) {
 	my $proto = $rule->{proto};
-	&$add_error('proto', "missing property - 'icmp-type' requires this property")
+	$add_error->('proto', "missing property - 'icmp-type' requires this property")
 	    if !$is_icmp;
-	&$add_error('icmp-type', "'icmp-type' cannot be specified together with 'dport'")
+	$add_error->('icmp-type', "'icmp-type' cannot be specified together with 'dport'")
 	    if $rule->{dport};
 	if ($proto eq 'icmp' && !$icmp_type_names->{$icmp_type}) {
-	    &$add_error('icmp-type', "invalid icmp-type '$icmp_type' for proto 'icmp'");
+	    $add_error->('icmp-type', "invalid icmp-type '$icmp_type' for proto 'icmp'");
 	} elsif (($proto eq 'icmpv6' || $proto eq 'ipv6-icmp') && !$icmpv6_type_names->{$icmp_type}) {
-	    &$add_error('icmp-type', "invalid icmp-type '$icmp_type' for proto '$proto'");
+	    $add_error->('icmp-type', "invalid icmp-type '$icmp_type' for proto '$proto'");
 	}
     }
 
     if ($rule->{sport}) {
 	eval { parse_port_name_number_or_range($rule->{sport}, 0); };
-	&$add_error('sport', $@) if $@;
+	$add_error->('sport', $@) if $@;
 	my $proto = $rule->{proto};
-	&$add_error('proto', "missing property - 'sport' requires this property")
+	$add_error->('proto', "missing property - 'sport' requires this property")
 	    if !$proto;
-	&$add_error('sport', "protocol '$proto' does not support ports")
+	$add_error->('sport', "protocol '$proto' does not support ports")
 	    if !$PROTOCOLS_WITH_PORTS->{$proto};
     }
 
@@ -1850,7 +1850,7 @@ sub verify_rule {
 	    my $source_ipversion = parse_address_list($rule->{source});
 	    &$set_ip_version($source_ipversion);
 	};
-	&$add_error('source', $@) if $@;
+	$add_error->('source', $@) if $@;
 	&$check_ipset_or_alias_property('source', $ipversion);
     }
 
@@ -1859,7 +1859,7 @@ sub verify_rule {
 	    my $dest_ipversion = parse_address_list($rule->{dest});
 	    &$set_ip_version($dest_ipversion);
 	};
-	&$add_error('dest', $@) if $@;
+	$add_error->('dest', $@) if $@;
 	&$check_ipset_or_alias_property('dest', $ipversion);
     }
 
@@ -1871,10 +1871,10 @@ sub verify_rule {
 	    if (ref($err) eq "PVE::Exception" && $err->{errors}) {
 		my $eh = $err->{errors};
 		foreach my $p (keys %$eh) {
-		    &$add_error($p, $eh->{$p});
+		    $add_error->($p, $eh->{$p});
 		}
 	    } else {
-		&$add_error('macro', "$err");
+		$add_error->('macro', "$err");
 	    }
 	}
     }
@@ -3508,17 +3508,17 @@ sub save_vmfw_conf {
     my $raw = '';
 
     my $options = $vmfw_conf->{options};
-    $raw .= &$format_options($options) if $options && scalar(keys %$options);
+    $raw .= $format_options->($options) if $options && scalar(keys %$options);
 
     my $aliases = $vmfw_conf->{aliases};
-    $raw .= &$format_aliases($aliases) if $aliases && scalar(keys %$aliases);
+    $raw .= $format_aliases->($aliases) if $aliases && scalar(keys %$aliases);
 
-    $raw .= &$format_ipsets($vmfw_conf) if $vmfw_conf->{ipset};
+    $raw .= $format_ipsets->($vmfw_conf) if $vmfw_conf->{ipset};
 
     my $rules = $vmfw_conf->{rules} || [];
     if ($rules && scalar(@$rules)) {
 	$raw .= "[RULES]\n\n";
-	$raw .= &$format_rules($rules, 1);
+	$raw .= $format_rules->($rules, 1);
 	$raw .= "\n";
     }
 
@@ -3792,17 +3792,17 @@ sub save_clusterfw_conf {
     my $raw = '';
 
     my $options = $cluster_conf->{options};
-    $raw .= &$format_options($options) if $options && scalar(keys %$options);
+    $raw .= $format_options->($options) if $options && scalar(keys %$options);
 
     my $aliases = $cluster_conf->{aliases};
-    $raw .= &$format_aliases($aliases) if $aliases && scalar(keys %$aliases);
+    $raw .= $format_aliases->($aliases) if $aliases && scalar(keys %$aliases);
 
-    $raw .= &$format_ipsets($cluster_conf) if $cluster_conf->{ipset};
+    $raw .= $format_ipsets->($cluster_conf) if $cluster_conf->{ipset};
 
     my $rules = $cluster_conf->{rules};
     if ($rules && scalar(@$rules)) {
 	$raw .= "[RULES]\n\n";
-	$raw .= &$format_rules($rules, 1);
+	$raw .= $format_rules->($rules, 1);
 	$raw .= "\n";
     }
 
@@ -3816,7 +3816,7 @@ sub save_clusterfw_conf {
 		$raw .= "[group $group]\n\n";
 	    }
 
-	    $raw .= &$format_rules($rules, 0);
+	    $raw .= $format_rules->($rules, 0);
 	    $raw .= "\n";
 	}
     }
@@ -3857,12 +3857,12 @@ sub save_hostfw_conf {
     my $raw = '';
 
     my $options = $hostfw_conf->{options};
-    $raw .= &$format_options($options) if $options && scalar(keys %$options);
+    $raw .= $format_options->($options) if $options && scalar(keys %$options);
 
     my $rules = $hostfw_conf->{rules};
     if ($rules && scalar(@$rules)) {
 	$raw .= "[RULES]\n\n";
-	$raw .= &$format_rules($rules, 1);
+	$raw .= $format_rules->($rules, 1);
 	$raw .= "\n";
     }
 
@@ -3899,12 +3899,12 @@ sub save_vnetfw_conf {
     my $raw = '';
 
     my $options = $conf->{options};
-    $raw .= &$format_options($options) if $options && scalar(keys %$options);
+    $raw .= $format_options->($options) if $options && scalar(keys %$options);
 
     my $rules = $conf->{rules};
     if ($rules && scalar(@$rules)) {
 	$raw .= "[RULES]\n\n";
-	$raw .= &$format_rules($rules, 1);
+	$raw .= $format_rules->($rules, 1);
 	$raw .= "\n";
     }
 
-- 
2.39.5


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel