Avoid unnecessary calls to getprotobynumber()

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8344 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-common/tcrules

@@ -10,6 +10,6 @@
 # See http://shorewall.net/PacketMarking.html for a detailed description of
 # the Netfilter/Shorewall packet marking mechanism.
 ###############################################################################
-#MARK	SOURCE		DEST		PROTO	DEST	SOURCE	USER	TEST	LENGTH	TOS
+#MARK	SOURCE		DEST		PROTO	DEST	SOURCE	USER	TEST	LENGTH	TOS   CONNBYTES
 #						PORT(S)	PORT(S)
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall-perl/Shorewall/Chains.pm

@@ -118,6 +118,7 @@ our %EXPORT_TAGS = (
 				       do_ratelimit
 				       do_user
 				       do_tos
+				       do_connbytes
 				       match_source_dev
 				       match_dest_dev
 				       iprange_match
@@ -1234,6 +1235,41 @@ sub do_tos( $ ) {
     $tos ne '-' ? "-m tos --tos $tos " : '';
 }
 
+my %dir = ( O => 'original' ,
+	    R => 'reply' ,
+	    B => 'both' );
+
+my %mode = ( P => 'packets' ,
+	     B => 'bytes' );
+
+#
+# Create a "-m connbytes" match for the passed argument
+#
+sub do_connbytes( $ ) {
+    my $connbytes = $_[0];
+
+    return '' if $connbytes eq '-';
+    #                                                                    1     2      3        5       6
+    fatal_error "Invalid CONNBYTES ($connbytes)" unless $connbytes =~ /^(!)? (\d+): (\d+)? ((:[ORB])(:[PB])?)?$/x;
+
+
+    my $invert = $1 || ''; $invert = '! ' if $invert;
+    my $min    = $2 || '';
+    my $max    = $3 || ''; fatal_error "Invalid byte range ($min:$max)" if $max ne '' and $min > $max;
+    my $dir    = $5 || ''; 
+    my $mode   = $6 || ''; 
+    
+    $dir  =~ s/://;
+    $mode =~ s/://;
+
+    my $rule   = "${invert}-m connbytes $min:$max ";
+
+    $rule .= "--connbytes-dir $dir{$dir} "    if $dir;
+    $rule .= "--connbytes-mode $mode{$mode} " if $mode;
+
+    $rule;
+}
+
 #
 # Match Source Interface
 #

Shorewall-perl/Shorewall/IPAddrs.pm

@@ -256,7 +256,7 @@ sub validate_port( $$ ) {
     if ( $port =~ /^(\d+)$/ ) {
 	return $port if $port <= 65535;
     } else {
-	$proto = getprotobynumber $proto if $proto =~ /^(\d+)$/;
+	$proto = proto_name $proto if $proto =~ /^(\d+)$/;
 	$value = getservbyname( $port, $proto );
     }
 

Shorewall-perl/Shorewall/Tc.pm

@@ -180,7 +180,7 @@ INIT {
 }
 
 sub process_tc_rule( $$$$$$$$$$ ) {
-    my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = @_;
+    my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes ) = @_;
 
     my $original_mark = $mark;
 
@@ -284,7 +284,7 @@ sub process_tc_rule( $$$$$$$$$$ ) {
 
     if ( ( my $result = expand_rule( ensure_chain( 'mangle' , $chain ) ,
 				     $restrictions{$chain} ,
-				     do_proto( $proto, $ports, $sports) . do_user( $user ) . do_test( $testval, $mask ) . do_tos( $tos ) ,
+				     do_proto( $proto, $ports, $sports) . do_user( $user ) . do_test( $testval, $mask ) . do_tos( $tos ) . do_connbytes( $connbytes ),
 				     $source ,
 				     $dest ,
 				     '' ,
@@ -873,7 +873,7 @@ sub setup_tc() {
 
 	while ( read_a_line ) {
 
-	    my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = split_line1 2, 10, 'tcrules file';
+	    my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes ) = split_line1 2, 11, 'tcrules file';
 
 	    if ( $mark eq 'COMMENT' ) {
 		process_comment;