extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-17 20:01:09 +01:00
Code Issues Packages Projects Releases Wiki Activity

Finish CONNBYTES

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8345 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-03-23 22:23:12 +00:00
parent 148415f23a
commit 3d55331074
4 changed files with 51 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall-common/changelog.txt
View File

@ -6,6 +6,8 @@ Changes in 4.1.7
3) Allow user exits to detect gateway. 3) Allow user exits to detect gateway.
4) Add CONNBYTES column to tcrules.
Changes in 4.1.6 Changes in 4.1.6
1) Deprecate IMPLICIT_CONTINUE=Yes 1) Deprecate IMPLICIT_CONTINUE=Yes

44
Shorewall-common/releasenotes.txt
View File

@ -106,6 +106,50 @@ New Features in 4.1.7.
ETH0_1_GATEWAY=$(uci get /var/state/network.wan0.gateway) ETH0_1_GATEWAY=$(uci get /var/state/network.wan0.gateway)
2) A new CONNBYTES column has been added to the tcrules file. The
contents are:
[!]<min>:[<max>[:{O|R|B}[:{B|P|A}]]]
! matches if the the packet/byte count is not within the range
defined by <min> and <max>.
<min> is an integer which defines the beginning of a byte/packet
range.
<max> is an integer which defines the end of a byte/packet range.
If omitted, only the beginning of the range is checked.
The first letter gives the direction which the range refers to:
O - The original direction of the connection.
R - The opposite direction from the original connection.
B - The total of both directions.
If omitted, 'B' is assumed.
The second letter determins what the range refers to.
B - Bytes
P - Packets
A - Average packet size.
If omitted, 'B' is assumed.
Examples:
1000000: - Connection has transferred a total of
at least 1,000,000 bytes.
1000000::R - Connection has transferred at least
1,000,000 bytes in the direction opposite
of the original direction (typical of a
large download).
1000000::O:P - Connection has sent at least 1,000,000
packets in the direction of the original
connection.
New Features in Shorewall 4.1. New Features in Shorewall 4.1.
1) Shorewall 4.1 contains support for multiple Internet providers 1) Shorewall 4.1 contains support for multiple Internet providers

11
Shorewall-perl/Shorewall/Chains.pm
View File

@ -1256,18 +1256,13 @@ sub do_connbytes( $ ) {
my $invert = $1 || ''; $invert = '! ' if $invert; my $invert = $1 || ''; $invert = '! ' if $invert;
my $min = $2 || ''; my $min = $2 || '';
my $max = $3 || ''; fatal_error "Invalid byte range ($min:$max)" if $max ne '' and $min > $max; my $max = $3 || ''; fatal_error "Invalid byte range ($min:$max)" if $max ne '' and $min > $max;
my $dir = $5 || ''; my $dir = $5 || 'B';
my $mode = $6 || ''; my $mode = $6 || 'B';
$dir =~ s/://; $dir =~ s/://;
$mode =~ s/://; $mode =~ s/://;
my $rule = "${invert}-m connbytes $min:$max "; "${invert}-m connbytes $min:$max --connbytes-dir $dir{$dir} --connbytes-mode $mode{$mode} ";
$rule .= "--connbytes-dir $dir{$dir} " if $dir;
$rule .= "--connbytes-mode $mode{$mode} " if $mode;
$rule;
} }
# #

4
Shorewall-perl/Shorewall/Tc.pm
View File

@ -179,7 +179,7 @@ INIT {
initialize; initialize;
} }
sub process_tc_rule( $$$$$$$$$$ ) { sub process_tc_rule( $$$$$$$$$$$ ) {
my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes ) = @_; my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes ) = @_;
my $original_mark = $mark; my $original_mark = $mark;
@ -878,7 +878,7 @@ sub setup_tc() {
if ( $mark eq 'COMMENT' ) { if ( $mark eq 'COMMENT' ) {
process_comment; process_comment;
} else { } else {
process_tc_rule $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos process_tc_rule $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos, $connbytes;
} }
} }