extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-15 04:04:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

Avoid unnecessary calls to getprotobynumber()

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8344 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-03-23 20:56:29 +00:00
parent 5571c24d95
commit 148415f23a
4 changed files with 41 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall-common/tcrules
View File

@ -10,6 +10,6 @@
# See http://shorewall.net/PacketMarking.html for a detailed description of
# the Netfilter/Shorewall packet marking mechanism.
###############################################################################
#MARK SOURCE DEST PROTO DEST SOURCE USER TEST LENGTH TOS
#MARK SOURCE DEST PROTO DEST SOURCE USER TEST LENGTH TOS CONNBYTES
# PORT(S) PORT(S)
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

36
Shorewall-perl/Shorewall/Chains.pm
View File

@ -118,6 +118,7 @@ our %EXPORT_TAGS = (
do_ratelimit
do_user
do_tos
do_connbytes
match_source_dev
match_dest_dev
iprange_match
@ -1234,6 +1235,41 @@ sub do_tos( $ ) {
$tos ne '-' ? "-m tos --tos $tos " : '';
}
my %dir = ( O => 'original' ,
R => 'reply' ,
B => 'both' );
my %mode = ( P => 'packets' ,
B => 'bytes' );
#
# Create a "-m connbytes" match for the passed argument
#
sub do_connbytes( $ ) {
my $connbytes = $_[0];
return '' if $connbytes eq '-';
# 1 2 3 5 6
fatal_error "Invalid CONNBYTES ($connbytes)" unless $connbytes =~ /^(!)? (\d+): (\d+)? ((:[ORB])(:[PB])?)?$/x;
my $invert = $1 || ''; $invert = '! ' if $invert;
my $min = $2 || '';
my $max = $3 || ''; fatal_error "Invalid byte range ($min:$max)" if $max ne '' and $min > $max;
my $dir = $5 || '';
my $mode = $6 || '';
$dir =~ s/://;
$mode =~ s/://;
my $rule = "${invert}-m connbytes $min:$max ";
$rule .= "--connbytes-dir $dir{$dir} " if $dir;
$rule .= "--connbytes-mode $mode{$mode} " if $mode;
$rule;
}
#
# Match Source Interface
#

2
Shorewall-perl/Shorewall/IPAddrs.pm
View File

@ -256,7 +256,7 @@ sub validate_port( $$ ) {
if ( $port =~ /^(\d+)$/ ) {
return $port if $port <= 65535;
} else {
$proto = getprotobynumber $proto if $proto =~ /^(\d+)$/;
$proto = proto_name $proto if $proto =~ /^(\d+)$/;
$value = getservbyname( $port, $proto );
}

6
Shorewall-perl/Shorewall/Tc.pm
View File

@ -180,7 +180,7 @@ INIT {
}
sub process_tc_rule( $$$$$$$$$$ ) {
my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = @_;
my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes ) = @_;
my $original_mark = $mark;
@ -284,7 +284,7 @@ sub process_tc_rule( $$$$$$$$$$ ) {
if ( ( my $result = expand_rule( ensure_chain( 'mangle' , $chain ) ,
$restrictions{$chain} ,
do_proto( $proto, $ports, $sports) . do_user( $user ) . do_test( $testval, $mask ) . do_tos( $tos ) ,
do_proto( $proto, $ports, $sports) . do_user( $user ) . do_test( $testval, $mask ) . do_tos( $tos ) . do_connbytes( $connbytes ),
$source ,
$dest ,
'' ,
@ -873,7 +873,7 @@ sub setup_tc() {
while ( read_a_line ) {
my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = split_line1 2, 10, 'tcrules file';
my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes ) = split_line1 2, 11, 'tcrules file';
if ( $mark eq 'COMMENT' ) {
process_comment;