From 4d3081179425345c42086761f7f441b4c04d8523 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 20 Nov 2011 12:29:17 -0800 Subject: [PATCH] Implement 'show marks' Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Compiler.pm | 4 +++ Shorewall/Perl/Shorewall/Config.pm | 48 ++++++++++++++++++++++++++++ Shorewall/Perl/Shorewall/Zones.pm | 1 + Shorewall/lib.cli | 6 ++++ Shorewall/shorewall | 1 + Shorewall6/lib.cli | 6 ++++ Shorewall6/shorewall6 | 1 + manpages/shorewall.xml | 25 +++------------ manpages6/shorewall6.xml | 24 +++++++------- 9 files changed, 83 insertions(+), 33 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm index 1e14b4c0c..962bfff6b 100644 --- a/Shorewall/Perl/Shorewall/Compiler.pm +++ b/Shorewall/Perl/Shorewall/Compiler.pm @@ -432,6 +432,10 @@ sub generate_script_3($) { save_policies; emit_unindented '__EOF__'; + emit 'cat > ${VARDIR}/marks << __EOF__'; + dump_mark_layout; + emit_unindented '__EOF__'; + pop_indent; emit "fi\n"; diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 2edfe7fe3..ac8e59595 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -126,6 +126,7 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script run_user_exit1 run_user_exit2 generate_aux_config + dump_mark_layout $product $Product @@ -3754,6 +3755,7 @@ sub get_configuration( $$$ ) { } if ( ( my $userbits = $config{PROVIDER_OFFSET} - $config{TC_BITS} ) > 0 ) { + $globals{USER_MASK} = make_mask( $userbits ) << $config{TC_BITS}; } else { $globals{USER_MASK} = 0; @@ -4122,6 +4124,52 @@ sub generate_aux_config() { finalize_aux_config; } +sub dump_mark_layout() { + sub dumpout( $$$$$ ) { + my ( $name, $bits, $min, $max, $mask ) = @_; + + if ( $bits ) { + if ( $min == $max ) { + emit_unindented "$name:" . $min . ' mask ' . in_hex( $mask ); + } else { + emit_unindented "$name:" . join('-', $min, $max ) . ' (' . join( '-', in_hex( $min ), in_hex( $max ) ) . ') mask ' . in_hex( $mask ); + } + } else { + emit_unindented "$name: Not Enabled"; + } + } + + dumpout( "Traffic Shaping", + $config{TC_BITS}, + 0, + $globals{TC_MAX}, + $globals{TC_MASK} ); + + dumpout( "User", + $globals{USER_MASK}, + $globals{TC_MAX} + 1, + $globals{USER_MASK}, + $globals{USER_MASK} ); + + dumpout( "Provider", + $config{PROVIDER_BITS}, + $globals{PROVIDER_MIN}, + $globals{PROVIDER_MASK}, + $globals{PROVIDER_MASK} ); + + dumpout( "Zone", + $config{ZONE_BITS}, + 1 << $globals{ZONE_OFFSET}, + $globals{ZONE_MASK}, + $globals{ZONE_MASK} ); + + dumpout( "Exclusion", + 1, + $globals{EXCLUSION_MASK}, + $globals{EXCLUSION_MASK}, + $globals{EXCLUSION_MASK} ); +} + END { cleanup; } diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm index 30936c1a8..406e61845 100644 --- a/Shorewall/Perl/Shorewall/Zones.pm +++ b/Shorewall/Perl/Shorewall/Zones.pm @@ -651,6 +651,7 @@ sub dump_zone_contents() { my $entry = "$zone $zonetypes{$type}"; $entry .= ":$zoneref->{bridge}" if $type & BPORT; + $entry .= ( " mark=" . in_hex( $zoneref->{mark} ) ) if exists $zoneref->{mark}; if ( $hostref ) { for my $type ( sort keys %$hostref ) { diff --git a/Shorewall/lib.cli b/Shorewall/lib.cli index a94bd1192..bc7236e92 100644 --- a/Shorewall/lib.cli +++ b/Shorewall/lib.cli @@ -751,6 +751,12 @@ show_command() { [ $# -gt 1 ] && usage 1 perip_accounting ;; + marks) + [ $# -gt 1 ] && usage 1 + echo "$g_product $SHOREWALL_VERSION Mark Layout at $g_hostname - $(date)" + echo + [ -f ${VARDIR}/marks ] && cat ${VARDIR}/marks; + ;; *) if [ "$g_product" = Shorewall ]; then case $1 in diff --git a/Shorewall/shorewall b/Shorewall/shorewall index 03998778e..7da8c1f61 100755 --- a/Shorewall/shorewall +++ b/Shorewall/shorewall @@ -1536,6 +1536,7 @@ usage() # $1 = exit status echo " show [ -m ] log []" echo " show macro " echo " show macros" + echo " show marks" echo " show [ -x ] mangle|nat|raw|rawpost|routing" echo " show policies" echo " show tc [ device ]" diff --git a/Shorewall6/lib.cli b/Shorewall6/lib.cli index 0e5257ac8..180eb5064 100644 --- a/Shorewall6/lib.cli +++ b/Shorewall6/lib.cli @@ -710,6 +710,12 @@ show_command() { echo [ -f ${VARDIR}/policies ] && cat ${VARDIR}/policies; ;; + marks) + [ $# -gt 1 ] && usage 1 + echo "$g_product $SHOREWALL_VERSION Mark Layout at $g_hostname - $(date)" + echo + [ -f ${VARDIR}/marks ] && cat ${VARDIR}/marks; + ;; *) if [ "$g_product" = Shorewall6 ]; then case $1 in diff --git a/Shorewall6/shorewall6 b/Shorewall6/shorewall6 index 1cba63cfa..8e4ce1ddb 100755 --- a/Shorewall6/shorewall6 +++ b/Shorewall6/shorewall6 @@ -1530,6 +1530,7 @@ usage() # $1 = exit status echo " show [ -m ] log []" echo " show macro " echo " show macros" + echo " show marks" echo " show [ -x ] mangle|raw|routing" echo " show policies" echo " show tc [ device ]" diff --git a/manpages/shorewall.xml b/manpages/shorewall.xml index 6649986f7..46763e04a 100644 --- a/manpages/shorewall.xml +++ b/manpages/shorewall.xml @@ -493,7 +493,7 @@ + choice="req"> @@ -523,18 +523,6 @@ - - shorewall - - | - - -options - - - - - - shorewall @@ -1368,15 +1356,12 @@ - mangle + marks - Displays the Netfilter mangle table using the command - iptables -t mangle -L -n - -v.The -x option - is passed directly through to iptables and causes actual - packet and byte counts to be displayed. Without this option, - those counts are abbreviated. + Added in Shorewall 4.4.26. Displays the various fields + in packet marks giving the min and max value (in both decimal + and hex) and the applicable mask (in hex). diff --git a/manpages6/shorewall6.xml b/manpages6/shorewall6.xml index 9911d2b34..a885b6b6c 100644 --- a/manpages6/shorewall6.xml +++ b/manpages6/shorewall6.xml @@ -426,19 +426,7 @@ - - - - shorewall6 - - | - - -options - - - - + choice="req"> @@ -1223,6 +1211,16 @@ + + marks + + + Added in Shorewall 4.4.26. Displays the various fields + in packet marks giving the min and max value (in both decimal + and hex) and the applicable mask (in hex). + + + policies