Report used/required capabilities

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-11-27 18:13:13 +01:00 · 2013-02-18 08:48:18 -08:00 · 2013-02-18 08:48:18 -08:00 · 088fc1a3a3
commit 088fc1a3a3
parent 6d92d293b8
2 changed files with 41 additions and 2 deletions
--- a/Shorewall/Perl/Shorewall/Compiler.pm
+++ b/Shorewall/Perl/Shorewall/Compiler.pm
@ -903,6 +903,10 @@ sub compiler {
 	# And generate the auxilary config file
 	#
 	enable_script, generate_aux_config if $export;
+	#
+	# Report used/required capabilities
+	#
+	report_used_capabilities;
    } else {
 	#
 	# Just checking the configuration
@ -954,6 +958,10 @@ sub compiler {
 	    process_routestopped;
 	    process_stoppedrules;
 	}
+	#
+	# Report used/required capabilities
+	#
+	report_used_capabilities;

 	if ( $family == F_IPV4 ) {
 	    progress_message3 "Shorewall configuration verified";
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -66,6 +66,7 @@ our @EXPORT = qw(

 		 have_capability
 		 require_capability
+		 report_used_capabilities
 		 kernel_version
                );

@ -380,6 +381,8 @@ our %capdesc = ( NAT_ENABLED     => 'NAT',
 		 KERNELVERSION   => 'Kernel Version',
 	       );

+our %used;
+
 use constant {
 	       ICMP                => 1,
 	       TCP                 => 6,
@ -4128,6 +4131,8 @@ sub have_capability( $ ) {

    $setting = $capabilities{ $capability } = detect_capability( $capability ) unless defined $setting;

+    $used{$capability} = 1 if $setting;
+
    $setting;
 }

@ -4276,6 +4281,8 @@ sub require_capability( $$$ ) {
    my ( $capability, $description, $singular ) = @_;

    fatal_error "$description require${singular} $capdesc{$capability} in your kernel and iptables" unless have_capability $capability;
+
+    $used{$capability} = 2;
 }

 #
@ -4574,7 +4581,8 @@ sub read_capabilities() {
 #
 # Get the system's capabilities, either by probing or by reading a capabilities file
 #
-sub get_capabilities( $ ) {
+sub get_capabilities( $ ) 
+{
    my $export = $_[0];

    if ( ! $export && $> == 0 ) { # $> == $EUID
@ -4937,8 +4945,17 @@ sub get_configuration( $$$$ ) {
    $helpers_aliases{sip}  = 'sip-0',  $capabilities{SIP_HELPER}  = 1 if $capabilities{SIP0_HELPER};
    $helpers_aliases{tftp} = 'tftp-0', $capabilities{TFTP_HELPER} = 1 if $capabilities{TFTP0_HELPER};

-    $globals{STATEMATCH} = '-m conntrack --ctstate' if have_capability 'CONNTRACK_MATCH';
+    #
+    # Now initialize the used capabilities hash
+    #
+    %used     = ();

+    if ( have_capability 'CONNTRACK_MATCH') {
+	$globals{STATEMATCH} = '-m conntrack --ctstate';
+	$used{CONNTRACK_MATCH} = 2;
+    } else {
+	$used{STATE_MATCH} = 2;
+    }
    #
    # The following is not documented as it is not likely useful to the user base in general 
    # Going forward, it allows me to create a configuration that will work on multiple
@ -5767,6 +5784,20 @@ sub dump_mark_layout() {
 	     $globals{TPROXY_MARK} );
 }

+sub report_used_capabilities() {
+    if ( $verbosity > 1 ) {
+	progress_message2 "Configuration uses these capabilities ('*' denotes required):";
+
+	for ( sort grep $_ ne 'KERNELVERSION', keys %used ) {
+	    if ( $used{$_} > 1 ) {
+		progress_message2 "   $_*";
+	    } else { 
+		progress_message2 "   $_";
+	    }
+	}
+    }
+}
+
 END {
    cleanup;
 }