Add NEW_TOS_MATCH capability

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-11-08 08:44:05 +01:00 · 2013-04-09 14:04:16 -07:00 · 2013-04-09 14:04:16 -07:00 · 186f71fa96
commit 186f71fa96
parent 477e2bc455
3 changed files with 16 additions and 3 deletions
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@ -25,7 +25,7 @@
 # loaded after this one and replaces some of the functions declared here.
 #

-SHOREWALL_CAPVERSION=40514
+SHOREWALL_CAPVERSION=40515

 [ -n "${g_program:=shorewall}" ]

@ -2200,6 +2200,7 @@ determine_capabilities() {
    ARPTABLESJF=
    MASQUERADE_TGT=
    UDPLITEREDIRECT=
+    NEW_TOS_MATCH=

    AMANDA_HELPER=
    FTP_HELPER=
@ -2371,6 +2372,7 @@ determine_capabilities() {
 	qt $g_tool -t mangle -A $chain -j DSCP --set-dscp 0 && DSCP_TARGET=Yes
 	qt $g_tool -t mangle -A $chain -m rpfilter && RPFILTER_MATCH=Yes
 	qt $g_tool -t mangle -A $chain -j CHECKSUM --checksum-fill && CHECKSUM_TARGET=Yes
+	qt $g_tool -t mangle -A $chain -m tos --tos 0x10/0xff && NEW_TOS_MATCH=Yes

 	qt $g_tool -t mangle -F $chain
 	qt $g_tool -t mangle -X $chain
@ -2612,6 +2614,7 @@ report_capabilities_unsorted() {
    report_capability "Arptables JF" $ARPTABLESJF
    report_capability "MASQUERADE Target" $MASQUERADE_TGT
    report_capability "UDPLITE Port Redirection" $UDPLITEREDIRECT
+    report_capability "New tos Match" $NEW_TOS_MATCH

    report_capability "Amanda Helper" $AMANDA_HELPER
    report_capability "FTP Helper" $FTP_HELPER
@ -2733,6 +2736,7 @@ report_capabilities_unsorted1() {
    report_capability1 ARPTABLESJF
    report_capability1 MASQUERADE_TGT
    report_capability1 UDPLITEREDIRECT
+    report_capability1 NEW_TOS_MATCH

    report_capability1 AMANDA_HELPER
    report_capability1 FTP_HELPER
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@ -4791,10 +4791,11 @@ sub decode_tos( $$ ) {
 	return '';
    }

-    my $mask = 0xff;
+    my $mask = have_capability( 'NEW_TOS_MATCH' ) ? 0xff : '';
    my $value;

    if ( $tos =~ m"^(.+)/(.+)$" ) {
+	require_capability 'NEW_TOS_MATCH', 'A mask', 's';
 	$value = numeric_value $1;
 	$mask  = numeric_value $2;
    } elsif ( ! defined ( $value = numeric_value( $tos ) ) ) {
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -362,6 +362,7 @@ our %capdesc = ( NAT_ENABLED     => 'NAT',
 		 ARPTABLESJF     => 'Arptables JF',
 		 MASQUERADE_TGT  => 'MASQUERADE Target',
 		 UDPLITEREDIRECT => 'UDPLITE Port Redirection',
+		 NEW_TOS_MATCH   => 'New tos Match',

 		 AMANDA_HELPER   => 'Amanda Helper',
 		 FTP_HELPER      => 'FTP Helper',
@ -656,7 +657,7 @@ sub initialize( $;$$) {
 		    KLUDGEFREE              => '',
 		    STATEMATCH              => '-m state --state',
 		    VERSION                 => "4.5.13-Beta3",
-		    CAPVERSION              => 40514 ,
+		    CAPVERSION              => 40515 ,
 		  );
    #
    # From shorewall.conf file
@ -912,6 +913,7 @@ sub initialize( $;$$) {
 	       ARPTABLESJF => undef,
 	       MASQUERADE_TGT => undef,
 	       UDPLITEREDIRECT => undef,
+	       NEW_TOS_MATCH => undef,

 	       AMANDA_HELPER => undef,
 	       FTP_HELPER => undef,
@ -3769,6 +3771,10 @@ sub Xconnmark() {
    have_capability( 'XCONNMARK_MATCH' ) && have_capability( 'XMARK' ) && qt1( "$iptables -t mangle -A $sillyname -j CONNMARK --save-mark --mask 0xFF" );
 }

+sub New_Tos_Match() {
+    qt1( "$iptables -t mangle -A $sillyname -m tos --tos 0x10/0xff" );
+}
+
 sub Classify_Target() {
    have_capability( 'MANGLE_ENABLED' ) && qt1( "$iptables -t mangle -A $sillyname -j CLASSIFY --set-class 1:1" );
 }
@ -4146,6 +4152,7 @@ our %detect_capability =
      OLD_CONNTRACK_MATCH => \&Old_Conntrack_Match,
      OLD_HL_MATCH => \&Old_Hashlimit_Match,
      OLD_IPP2P_MATCH => \&Old_Ipp2p_Match,
+      NEW_TOS_MATCH => \&New_Tos_Match,
      OWNER_MATCH => \&Owner_Match,
      OWNER_NAME_MATCH => \&Owner_Name_Match,
      PERSISTENT_SNAT => \&Persistent_Snat,
@ -4311,6 +4318,7 @@ sub determine_capabilities() {
 	$capabilities{CHECKSUM_TARGET} = detect_capability( 'CHECKSUM_TARGET' );
 	$capabilities{MASQUERADE_TGT}  = detect_capability( 'MASQUERADE_TGT' );
 	$capabilities{UDPLITEREDIRECT} = detect_capability( 'UDPLITEREDIRECT' );
+	$capabilities{NEW_TOS_MATCH}   = detect_capability( 'NEW_TOS_MATCH' );
 	
 	if ( have_capability 'CT_TARGET' ) {
 	    $capabilities{$_} = detect_capability $_ for ( values( %helpers_map ) );