Finish CONNBYTES

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8345 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-common/changelog.txt

@@ -6,6 +6,8 @@ Changes in 4.1.7
 
 3)  Allow user exits to detect gateway.
 
+4)  Add CONNBYTES column to tcrules.
+
 Changes in 4.1.6
 
 1)  Deprecate IMPLICIT_CONTINUE=Yes

Shorewall-common/releasenotes.txt

@@ -106,6 +106,50 @@ New Features in 4.1.7.
 
 	      ETH0_1_GATEWAY=$(uci get /var/state/network.wan0.gateway)
 
+2)  A new CONNBYTES column has been added to the tcrules file. The
+    contents are:
+
+	     [!]<min>:[<max>[:{O|R|B}[:{B|P|A}]]]
+
+    !     matches if the the packet/byte count is not within the range 
+          defined by <min> and <max>.
+
+    <min> is an integer which defines the beginning of a byte/packet
+          range.
+
+    <max> is an integer which defines the end of a byte/packet range. 
+          If omitted, only the beginning of the range is checked.
+
+    The first letter gives the direction which the range refers to:
+
+    O    - The original direction of the connection.
+    R    - The opposite direction from the original connection.
+    B    - The total of both directions.
+
+    If omitted, 'B' is assumed.
+
+    The second letter determins what the range refers to.
+
+    B    - Bytes
+    P    - Packets
+    A    - Average packet size.
+
+    If omitted, 'B' is assumed.
+
+    Examples:
+
+	1000000:          - Connection has transferred a total of
+                            at least 1,000,000 bytes.
+
+        1000000::R        - Connection has transferred at least
+                            1,000,000 bytes in the direction opposite
+                            of the original direction (typical of a
+                            large download).
+
+        1000000::O:P      - Connection has sent at least 1,000,000
+			    packets in the direction of the original
+			    connection. 
+
 New Features in Shorewall 4.1.
 
 1)  Shorewall 4.1 contains support for multiple Internet providers

Shorewall-perl/Shorewall/Chains.pm

@@ -1256,18 +1256,13 @@ sub do_connbytes( $ ) {
     my $invert = $1 || ''; $invert = '! ' if $invert;
     my $min    = $2 || '';
     my $max    = $3 || ''; fatal_error "Invalid byte range ($min:$max)" if $max ne '' and $min > $max;
-    my $dir    = $5 || ''; 
-    my $mode   = $6 || ''; 
+    my $dir    = $5 || 'B'; 
+    my $mode   = $6 || 'B'; 
     
     $dir  =~ s/://;
     $mode =~ s/://;
 
-    my $rule   = "${invert}-m connbytes $min:$max ";
-
-    $rule .= "--connbytes-dir $dir{$dir} "    if $dir;
-    $rule .= "--connbytes-mode $mode{$mode} " if $mode;
-
-    $rule;
+    "${invert}-m connbytes $min:$max --connbytes-dir $dir{$dir} --connbytes-mode $mode{$mode} ";
 }
 
 #

Shorewall-perl/Shorewall/Tc.pm

@@ -179,7 +179,7 @@ INIT {
     initialize;
 }
 
-sub process_tc_rule( $$$$$$$$$$ ) {
+sub process_tc_rule( $$$$$$$$$$$ ) {
     my ( $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes ) = @_;
 
     my $original_mark = $mark;
@@ -878,7 +878,7 @@ sub setup_tc() {
 	    if ( $mark eq 'COMMENT' ) {
 		process_comment;
 	    } else {
-		process_tc_rule $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos
+		process_tc_rule $mark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos, $connbytes;
 	    }
 
 	}