extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-28 02:23:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Report used/required capabilities

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-02-18 08:48:18 -08:00
parent 6d92d293b8
commit 088fc1a3a3
2 changed files with 41 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Shorewall/Perl/Shorewall/Compiler.pm
View File

@ -903,6 +903,10 @@ sub compiler {
# And generate the auxilary config file # And generate the auxilary config file
# #
enable_script, generate_aux_config if $export; enable_script, generate_aux_config if $export;
#
# Report used/required capabilities
#
report_used_capabilities;
} else { } else {
# #
# Just checking the configuration # Just checking the configuration
@ -954,6 +958,10 @@ sub compiler {
process_routestopped; process_routestopped;
process_stoppedrules; process_stoppedrules;
} }
#
# Report used/required capabilities
#
report_used_capabilities;
if ( $family == F_IPV4 ) { if ( $family == F_IPV4 ) {
progress_message3 "Shorewall configuration verified"; progress_message3 "Shorewall configuration verified";

35
Shorewall/Perl/Shorewall/Config.pm
View File

@ -66,6 +66,7 @@ our @EXPORT = qw(
have_capability have_capability
require_capability require_capability
report_used_capabilities
kernel_version kernel_version
); );
@ -380,6 +381,8 @@ our %capdesc = ( NAT_ENABLED => 'NAT',
KERNELVERSION => 'Kernel Version', KERNELVERSION => 'Kernel Version',
); );
our %used;
use constant { use constant {
ICMP => 1, ICMP => 1,
TCP => 6, TCP => 6,
@ -4128,6 +4131,8 @@ sub have_capability( $ ) {
$setting = $capabilities{ $capability } = detect_capability( $capability ) unless defined $setting; $setting = $capabilities{ $capability } = detect_capability( $capability ) unless defined $setting;
$used{$capability} = 1 if $setting;
$setting; $setting;
} }
@ -4276,6 +4281,8 @@ sub require_capability( $$$ ) {
my ( $capability, $description, $singular ) = @_; my ( $capability, $description, $singular ) = @_;
fatal_error "$description require${singular} $capdesc{$capability} in your kernel and iptables" unless have_capability $capability; fatal_error "$description require${singular} $capdesc{$capability} in your kernel and iptables" unless have_capability $capability;
$used{$capability} = 2;
} }
# #
@ -4574,7 +4581,8 @@ sub read_capabilities() {
# #
# Get the system's capabilities, either by probing or by reading a capabilities file # Get the system's capabilities, either by probing or by reading a capabilities file
# #
sub get_capabilities( $ ) { sub get_capabilities( $ )
{
my $export = $_[0]; my $export = $_[0];
if ( ! $export && $> == 0 ) { # $> == $EUID if ( ! $export && $> == 0 ) { # $> == $EUID
@ -4937,8 +4945,17 @@ sub get_configuration( $$$$ ) {
$helpers_aliases{sip} = 'sip-0', $capabilities{SIP_HELPER} = 1 if $capabilities{SIP0_HELPER}; $helpers_aliases{sip} = 'sip-0', $capabilities{SIP_HELPER} = 1 if $capabilities{SIP0_HELPER};
$helpers_aliases{tftp} = 'tftp-0', $capabilities{TFTP_HELPER} = 1 if $capabilities{TFTP0_HELPER}; $helpers_aliases{tftp} = 'tftp-0', $capabilities{TFTP_HELPER} = 1 if $capabilities{TFTP0_HELPER};
$globals{STATEMATCH} = '-m conntrack --ctstate' if have_capability 'CONNTRACK_MATCH'; #
# Now initialize the used capabilities hash
#
%used = ();
if ( have_capability 'CONNTRACK_MATCH') {
$globals{STATEMATCH} = '-m conntrack --ctstate';
$used{CONNTRACK_MATCH} = 2;
} else {
$used{STATE_MATCH} = 2;
}
# #
# The following is not documented as it is not likely useful to the user base in general # The following is not documented as it is not likely useful to the user base in general
# Going forward, it allows me to create a configuration that will work on multiple # Going forward, it allows me to create a configuration that will work on multiple
@ -5767,6 +5784,20 @@ sub dump_mark_layout() {
$globals{TPROXY_MARK} ); $globals{TPROXY_MARK} );
} }
sub report_used_capabilities() {
if ( $verbosity > 1 ) {
progress_message2 "Configuration uses these capabilities ('*' denotes required):";
for ( sort grep $_ ne 'KERNELVERSION', keys %used ) {
if ( $used{$_} > 1 ) {
progress_message2 " $_*";
} else {
progress_message2 " $_";
}
}
}
}
END { END {
cleanup; cleanup;
} }