Add STATISTIC_MATCH capability

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall-core/lib.base

@@ -27,8 +27,8 @@
 #   and /usr/share/shorewall[6]-lite/shorecap.
 #
 
-SHOREWALL_LIBVERSION=40407
+SHOREWALL_LIBVERSION=40500
-SHOREWALL_CAPVERSION=40427
+SHOREWALL_CAPVERSION=40500
 
 [ -n "${g_program:=shorewall}" ]
 [ -n "${VARDIR:=/var/lib/$g_program}" ]

Shorewall-core/lib.cli

@@ -1923,6 +1923,7 @@ determine_capabilities() {
     IPTABLES_S=
     BASIC_FILTER=
     CT_TARGET=
+    STATISTIC_MATCH=
 
     chain=fooX$$
 
@@ -2120,6 +2121,7 @@ determine_capabilities() {
     qt $g_tool -A $chain -j ULOG && ULOG_TARGET=Yes
     qt $g_tool -A $chain -j NFLOG && NFLOG_TARGET=Yes
     qt $g_tool -A $chain -j MARK --set-mark 5 && MARK_ANYWHERE=Yes
+    qt $g_tool -A $chain -m statistic --mode nth --every 2 --packet 1 && STATISTIC_MATCH=Yes
 
     if [ $g_family -eq 4 ]; then
 	qt $g_tool -A $chain -j ACCOUNT --addr 192.168.1.0/29 --tname $chain && ACCOUNT_TARGET=Yes
@@ -2229,6 +2231,7 @@ report_capabilities() {
 	report_capability "AUDIT Target" $AUDIT_TARGET
 	report_capability "ipset V5" $IPSET_V5
 	report_capability "Condition Match" $CONDITION_MATCH
+	report_capability "Statistic Match" $STATISTIC_MATCH
 	
 	if [ $g_family -eq 4 ]; then
 	    report_capability "iptables -S" $IPTABLES_S
@@ -2314,6 +2317,7 @@ report_capabilities1() {
     report_capability1 IPTABLES_S
     report_capability1 BASIC_FILTER
     report_capability1 CT_TARGET
+    report_capability1 STATISTIC_MATCH
 
     echo CAPVERSION=$SHOREWALL_CAPVERSION
     echo KERNELVERSION=$KERNELVERSION

Shorewall/Perl/Shorewall/Config.pm

@@ -289,6 +289,8 @@ my  %capdesc = ( NAT_ENABLED     => 'NAT',
 		 IPTABLES_S      => 'iptables -S',
 		 BASIC_FILTER    => 'Basic Filter',
 		 CT_TARGET       => 'CT Target',
+		 STATISTICS_MATCH => 
+		                    'Statistics Match',
 		 CAPVERSION      => 'Capability Version',
 		 KERNELVERSION   => 'Kernel Version',
 	       );
@@ -453,7 +455,7 @@ sub initialize( $ ) {
 		    STATEMATCH => '-m state --state',
 		    UNTRACKED  => 0,
 		    VERSION    => "4.4.22.1",
-		    CAPVERSION => 40427 ,
+		    CAPVERSION => 40500 ,
 		  );
     #
     # From shorewall.conf file
@@ -678,6 +680,7 @@ sub initialize( $ ) {
 	       IPTABLES_S => undef,
 	       BASIC_FILTER => undef,
 	       CT_TARGET => undef,
+	       STATISTICS_MATCH => undef,
 	       CAPVERSION => undef,
 	       KERNELVERSION => undef,
 	       );
@@ -2759,6 +2762,10 @@ sub Ct_Target() {
     $ct_target;
 }
 
+sub Statistics_Match() {
+    qt1( "$iptables -A $sillyname -m statistic --mode nth --every 2 --packet 1" );
+}
+
 our %detect_capability =
     ( ACCOUNT_TARGET =>\&Account_Target,
       AUDIT_TARGET => \&Audit_Target,
@@ -2813,6 +2820,7 @@ our %detect_capability =
       RAWPOST_TABLE => \&Rawpost_Table,
       REALM_MATCH => \&Realm_Match,
       RECENT_MATCH => \&Recent_Match,
+      STATISTICS_MATCH => \&Statistics_Match,
       TCPMSS_MATCH => \&Tcpmss_Match,
       TIME_MATCH => \&Time_Match,
       TPROXY_TARGET => \&Tproxy_Target,