Add NEW_TOS_MATCH capability

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-04-09 14:04:16 -07:00
parent 477e2bc455
commit 186f71fa96
3 changed files with 16 additions and 3 deletions

View File

@ -25,7 +25,7 @@
# loaded after this one and replaces some of the functions declared here. # loaded after this one and replaces some of the functions declared here.
# #
SHOREWALL_CAPVERSION=40514 SHOREWALL_CAPVERSION=40515
[ -n "${g_program:=shorewall}" ] [ -n "${g_program:=shorewall}" ]
@ -2200,6 +2200,7 @@ determine_capabilities() {
ARPTABLESJF= ARPTABLESJF=
MASQUERADE_TGT= MASQUERADE_TGT=
UDPLITEREDIRECT= UDPLITEREDIRECT=
NEW_TOS_MATCH=
AMANDA_HELPER= AMANDA_HELPER=
FTP_HELPER= FTP_HELPER=
@ -2371,6 +2372,7 @@ determine_capabilities() {
qt $g_tool -t mangle -A $chain -j DSCP --set-dscp 0 && DSCP_TARGET=Yes qt $g_tool -t mangle -A $chain -j DSCP --set-dscp 0 && DSCP_TARGET=Yes
qt $g_tool -t mangle -A $chain -m rpfilter && RPFILTER_MATCH=Yes qt $g_tool -t mangle -A $chain -m rpfilter && RPFILTER_MATCH=Yes
qt $g_tool -t mangle -A $chain -j CHECKSUM --checksum-fill && CHECKSUM_TARGET=Yes qt $g_tool -t mangle -A $chain -j CHECKSUM --checksum-fill && CHECKSUM_TARGET=Yes
qt $g_tool -t mangle -A $chain -m tos --tos 0x10/0xff && NEW_TOS_MATCH=Yes
qt $g_tool -t mangle -F $chain qt $g_tool -t mangle -F $chain
qt $g_tool -t mangle -X $chain qt $g_tool -t mangle -X $chain
@ -2612,6 +2614,7 @@ report_capabilities_unsorted() {
report_capability "Arptables JF" $ARPTABLESJF report_capability "Arptables JF" $ARPTABLESJF
report_capability "MASQUERADE Target" $MASQUERADE_TGT report_capability "MASQUERADE Target" $MASQUERADE_TGT
report_capability "UDPLITE Port Redirection" $UDPLITEREDIRECT report_capability "UDPLITE Port Redirection" $UDPLITEREDIRECT
report_capability "New tos Match" $NEW_TOS_MATCH
report_capability "Amanda Helper" $AMANDA_HELPER report_capability "Amanda Helper" $AMANDA_HELPER
report_capability "FTP Helper" $FTP_HELPER report_capability "FTP Helper" $FTP_HELPER
@ -2733,6 +2736,7 @@ report_capabilities_unsorted1() {
report_capability1 ARPTABLESJF report_capability1 ARPTABLESJF
report_capability1 MASQUERADE_TGT report_capability1 MASQUERADE_TGT
report_capability1 UDPLITEREDIRECT report_capability1 UDPLITEREDIRECT
report_capability1 NEW_TOS_MATCH
report_capability1 AMANDA_HELPER report_capability1 AMANDA_HELPER
report_capability1 FTP_HELPER report_capability1 FTP_HELPER

View File

@ -4791,10 +4791,11 @@ sub decode_tos( $$ ) {
return ''; return '';
} }
my $mask = 0xff; my $mask = have_capability( 'NEW_TOS_MATCH' ) ? 0xff : '';
my $value; my $value;
if ( $tos =~ m"^(.+)/(.+)$" ) { if ( $tos =~ m"^(.+)/(.+)$" ) {
require_capability 'NEW_TOS_MATCH', 'A mask', 's';
$value = numeric_value $1; $value = numeric_value $1;
$mask = numeric_value $2; $mask = numeric_value $2;
} elsif ( ! defined ( $value = numeric_value( $tos ) ) ) { } elsif ( ! defined ( $value = numeric_value( $tos ) ) ) {

View File

@ -362,6 +362,7 @@ our %capdesc = ( NAT_ENABLED => 'NAT',
ARPTABLESJF => 'Arptables JF', ARPTABLESJF => 'Arptables JF',
MASQUERADE_TGT => 'MASQUERADE Target', MASQUERADE_TGT => 'MASQUERADE Target',
UDPLITEREDIRECT => 'UDPLITE Port Redirection', UDPLITEREDIRECT => 'UDPLITE Port Redirection',
NEW_TOS_MATCH => 'New tos Match',
AMANDA_HELPER => 'Amanda Helper', AMANDA_HELPER => 'Amanda Helper',
FTP_HELPER => 'FTP Helper', FTP_HELPER => 'FTP Helper',
@ -656,7 +657,7 @@ sub initialize( $;$$) {
KLUDGEFREE => '', KLUDGEFREE => '',
STATEMATCH => '-m state --state', STATEMATCH => '-m state --state',
VERSION => "4.5.13-Beta3", VERSION => "4.5.13-Beta3",
CAPVERSION => 40514 , CAPVERSION => 40515 ,
); );
# #
# From shorewall.conf file # From shorewall.conf file
@ -912,6 +913,7 @@ sub initialize( $;$$) {
ARPTABLESJF => undef, ARPTABLESJF => undef,
MASQUERADE_TGT => undef, MASQUERADE_TGT => undef,
UDPLITEREDIRECT => undef, UDPLITEREDIRECT => undef,
NEW_TOS_MATCH => undef,
AMANDA_HELPER => undef, AMANDA_HELPER => undef,
FTP_HELPER => undef, FTP_HELPER => undef,
@ -3769,6 +3771,10 @@ sub Xconnmark() {
have_capability( 'XCONNMARK_MATCH' ) && have_capability( 'XMARK' ) && qt1( "$iptables -t mangle -A $sillyname -j CONNMARK --save-mark --mask 0xFF" ); have_capability( 'XCONNMARK_MATCH' ) && have_capability( 'XMARK' ) && qt1( "$iptables -t mangle -A $sillyname -j CONNMARK --save-mark --mask 0xFF" );
} }
sub New_Tos_Match() {
qt1( "$iptables -t mangle -A $sillyname -m tos --tos 0x10/0xff" );
}
sub Classify_Target() { sub Classify_Target() {
have_capability( 'MANGLE_ENABLED' ) && qt1( "$iptables -t mangle -A $sillyname -j CLASSIFY --set-class 1:1" ); have_capability( 'MANGLE_ENABLED' ) && qt1( "$iptables -t mangle -A $sillyname -j CLASSIFY --set-class 1:1" );
} }
@ -4146,6 +4152,7 @@ our %detect_capability =
OLD_CONNTRACK_MATCH => \&Old_Conntrack_Match, OLD_CONNTRACK_MATCH => \&Old_Conntrack_Match,
OLD_HL_MATCH => \&Old_Hashlimit_Match, OLD_HL_MATCH => \&Old_Hashlimit_Match,
OLD_IPP2P_MATCH => \&Old_Ipp2p_Match, OLD_IPP2P_MATCH => \&Old_Ipp2p_Match,
NEW_TOS_MATCH => \&New_Tos_Match,
OWNER_MATCH => \&Owner_Match, OWNER_MATCH => \&Owner_Match,
OWNER_NAME_MATCH => \&Owner_Name_Match, OWNER_NAME_MATCH => \&Owner_Name_Match,
PERSISTENT_SNAT => \&Persistent_Snat, PERSISTENT_SNAT => \&Persistent_Snat,
@ -4311,6 +4318,7 @@ sub determine_capabilities() {
$capabilities{CHECKSUM_TARGET} = detect_capability( 'CHECKSUM_TARGET' ); $capabilities{CHECKSUM_TARGET} = detect_capability( 'CHECKSUM_TARGET' );
$capabilities{MASQUERADE_TGT} = detect_capability( 'MASQUERADE_TGT' ); $capabilities{MASQUERADE_TGT} = detect_capability( 'MASQUERADE_TGT' );
$capabilities{UDPLITEREDIRECT} = detect_capability( 'UDPLITEREDIRECT' ); $capabilities{UDPLITEREDIRECT} = detect_capability( 'UDPLITEREDIRECT' );
$capabilities{NEW_TOS_MATCH} = detect_capability( 'NEW_TOS_MATCH' );
if ( have_capability 'CT_TARGET' ) { if ( have_capability 'CT_TARGET' ) {
$capabilities{$_} = detect_capability $_ for ( values( %helpers_map ) ); $capabilities{$_} = detect_capability $_ for ( values( %helpers_map ) );