mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-21 10:18:58 +02:00
Avoid unnecessary calls to getprotobynumber()
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8344 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
5571c24d95
commit
148415f23a
@ -10,6 +10,6 @@
|
|||||||
# See http://shorewall.net/PacketMarking.html for a detailed description of
|
# See http://shorewall.net/PacketMarking.html for a detailed description of
|
||||||
# the Netfilter/Shorewall packet marking mechanism.
|
# the Netfilter/Shorewall packet marking mechanism.
|
||||||
###############################################################################
|
###############################################################################
|
||||||
#MARK SOURCE DEST PROTO DEST SOURCE USER TEST LENGTH TOS
|
#MARK SOURCE DEST PROTO DEST SOURCE USER TEST LENGTH TOS CONNBYTES
|
||||||
# PORT(S) PORT(S)
|
# PORT(S) PORT(S)
|
||||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
||||||
|
@ -118,6 +118,7 @@ our %EXPORT_TAGS = (
|
|||||||
do_ratelimit
|
do_ratelimit
|
||||||
do_user
|
do_user
|
||||||
do_tos
|
do_tos
|
||||||
|
do_connbytes
|
||||||
match_source_dev
|
match_source_dev
|
||||||
match_dest_dev
|
match_dest_dev
|
||||||
iprange_match
|
iprange_match
|
||||||
@ -1234,6 +1235,41 @@ sub do_tos( $ ) {
|
|||||||
$tos ne '-' ? "-m tos --tos $tos " : '';
|
$tos ne '-' ? "-m tos --tos $tos " : '';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
my %dir = ( O => 'original' ,
|
||||||
|
R => 'reply' ,
|
||||||
|
B => 'both' );
|
||||||
|
|
||||||
|
my %mode = ( P => 'packets' ,
|
||||||
|
B => 'bytes' );
|
||||||
|
|
||||||
|
#
|
||||||
|
# Create a "-m connbytes" match for the passed argument
|
||||||
|
#
|
||||||
|
sub do_connbytes( $ ) {
|
||||||
|
my $connbytes = $_[0];
|
||||||
|
|
||||||
|
return '' if $connbytes eq '-';
|
||||||
|
# 1 2 3 5 6
|
||||||
|
fatal_error "Invalid CONNBYTES ($connbytes)" unless $connbytes =~ /^(!)? (\d+): (\d+)? ((:[ORB])(:[PB])?)?$/x;
|
||||||
|
|
||||||
|
|
||||||
|
my $invert = $1 || ''; $invert = '! ' if $invert;
|
||||||
|
my $min = $2 || '';
|
||||||
|
my $max = $3 || ''; fatal_error "Invalid byte range ($min:$max)" if $max ne '' and $min > $max;
|
||||||
|
my $dir = $5 || '';
|
||||||
|
my $mode = $6 || '';
|
||||||
|
|
||||||
|
$dir =~ s/://;
|
||||||
|
$mode =~ s/://;
|
||||||
|
|
||||||
|
my $rule = "${invert}-m connbytes $min:$max ";
|
||||||
|
|
||||||
|
$rule .= "--connbytes-dir $dir{$dir} " if $dir;
|
||||||
|
$rule .= "--connbytes-mode $mode{$mode} " if $mode;
|
||||||
|
|
||||||
|
$rule;
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Match Source Interface
|
# Match Source Interface
|
||||||
#
|
#
|
||||||
|
@ -256,7 +256,7 @@ sub validate_port( $$ ) {
|
|||||||
if ( $port =~ /^(\d+)$/ ) {
|
if ( $port =~ /^(\d+)$/ ) {
|
||||||
return $port if $port <= 65535;
|
return $port if $port <= 65535;
|
||||||
} else {
|
} else {
|
||||||
$proto = getprotobynumber $proto if $proto =~ /^(\d+)$/;
|
$proto = proto_name $proto if $proto =~ /^(\d+)$/;
|
||||||
$value = getservbyname( $port, $proto );
|
$value = getservbyname( $port, $proto );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -180,7 +180,7 @@ INIT {
|
|||||||
}
|
}
|
||||||
|
|
||||||
sub process_tc_rule( $$$$$$$$$$ ) {
|
sub process_tc_rule( $$$$$$$$$$ ) {
|
||||||
my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = @_;
|
my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes ) = @_;
|
||||||
|
|
||||||
my $original_mark = $mark;
|
my $original_mark = $mark;
|
||||||
|
|
||||||
@ -284,7 +284,7 @@ sub process_tc_rule( $$$$$$$$$$ ) {
|
|||||||
|
|
||||||
if ( ( my $result = expand_rule( ensure_chain( 'mangle' , $chain ) ,
|
if ( ( my $result = expand_rule( ensure_chain( 'mangle' , $chain ) ,
|
||||||
$restrictions{$chain} ,
|
$restrictions{$chain} ,
|
||||||
do_proto( $proto, $ports, $sports) . do_user( $user ) . do_test( $testval, $mask ) . do_tos( $tos ) ,
|
do_proto( $proto, $ports, $sports) . do_user( $user ) . do_test( $testval, $mask ) . do_tos( $tos ) . do_connbytes( $connbytes ),
|
||||||
$source ,
|
$source ,
|
||||||
$dest ,
|
$dest ,
|
||||||
'' ,
|
'' ,
|
||||||
@ -873,7 +873,7 @@ sub setup_tc() {
|
|||||||
|
|
||||||
while ( read_a_line ) {
|
while ( read_a_line ) {
|
||||||
|
|
||||||
my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos ) = split_line1 2, 10, 'tcrules file';
|
my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes ) = split_line1 2, 11, 'tcrules file';
|
||||||
|
|
||||||
if ( $mark eq 'COMMENT' ) {
|
if ( $mark eq 'COMMENT' ) {
|
||||||
process_comment;
|
process_comment;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user