From 54ba4ed879cf7cac0238a5b3ce2bd853b71b4a29 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 23 Oct 2011 07:56:53 -0700 Subject: [PATCH] Add MARK column to route_rules Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Providers.pm | 20 ++++++++++++++++---- Shorewall/configfiles/route_rules | 4 ++-- Shorewall6/configfiles/route_rules | 4 ++-- docs/MultiISP.xml | 14 ++++++++++++++ manpages/shorewall-route_rules.xml | 18 ++++++++++++++++-- manpages6/shorewall6-route_rules.xml | 26 ++++++++++++++++++++------ 6 files changed, 70 insertions(+), 16 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index 7da485a7c..bc4121e45 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -777,7 +777,7 @@ sub add_a_provider( $$ ) { } sub add_an_rtrule( ) { - my ( $source, $dest, $provider, $priority ) = split_line 'route_rules file', { source => 0, dest => 1, provider => 2, priority => 3 }; + my ( $source, $dest, $provider, $priority, $originalmark ) = split_line 'route_rules file', { source => 0, dest => 1, provider => 2, priority => 3 , mark => 4 }; our $current_if; @@ -840,13 +840,25 @@ sub add_an_rtrule( ) { $source = "iif $source"; } + my $mark = ''; + my $mask; + + if ( $originalmark ne '-' ) { + validate_mark( $originalmark ); + + ( $mark, $mask ) = split '/' , $originalmark; + $mask = $globals{PROVIDER_MASK} unless supplied $mask; + + $mark = ' fwmark ' . in_hex( $mark ) . '/' . in_hex( $mask ); + } + fatal_error "Invalid priority ($priority)" unless $priority && $priority =~ /^\d{1,5}$/; $priority = "priority $priority"; - push @{$providerref->{rules}}, "qt \$IP -$family rule del $source $dest $priority" if $config{DELETE_THEN_ADD}; - push @{$providerref->{rules}}, "run_ip rule add $source $dest $priority table $number"; - push @{$providerref->{rules}}, "echo \"qt \$IP -$family rule del $source $dest $priority\" >> \${VARDIR}/undo_${provider}_routing"; + push @{$providerref->{rules}}, "qt \$IP -$family rule del $source ${dest}${mark} $priority" if $config{DELETE_THEN_ADD}; + push @{$providerref->{rules}}, "run_ip rule add $source ${dest}${mark} $priority table $number"; + push @{$providerref->{rules}}, "echo \"qt \$IP -$family rule del $source ${dest}${mark} $priority\" >> \${VARDIR}/undo_${provider}_routing"; progress_message " Routing rule \"$currentline\" $done"; } diff --git a/Shorewall/configfiles/route_rules b/Shorewall/configfiles/route_rules index 6682b6e24..543b703b0 100644 --- a/Shorewall/configfiles/route_rules +++ b/Shorewall/configfiles/route_rules @@ -4,5 +4,5 @@ # For information about entries in this file, type "man shorewall-route_rules" # # For additional information, see http://www.shorewall.net/MultiISP.html -############################################################################## -#SOURCE DEST PROVIDER PRIORITY +#################################################################################### +#SOURCE DEST PROVIDER PRIORITY MASK diff --git a/Shorewall6/configfiles/route_rules b/Shorewall6/configfiles/route_rules index ba58d6e18..3766cc63c 100644 --- a/Shorewall6/configfiles/route_rules +++ b/Shorewall6/configfiles/route_rules @@ -4,5 +4,5 @@ # For information about entries in this file, type "man shorewall6-route_rules" # # For additional information, see http://www.shorewall.net/MultiISP.html -############################################################################## -#SOURCE DEST PROVIDER PRIORITY +#################################################################################### +#SOURCE DEST PROVIDER PRIORITY MASK diff --git a/docs/MultiISP.xml b/docs/MultiISP.xml index 5bd842eeb..5974cbf01 100644 --- a/docs/MultiISP.xml +++ b/docs/MultiISP.xml @@ -1055,6 +1055,20 @@ gateway:~ # which they appear in the file. + + + MARK (Optional - added in Shorewall 4.4.25) + + + Mark and optional mask in the form + mark[/mask]. + For this rule to be applied to a packet, the packet's mark value + must match the mark when logically + anded with the mask. If a + mask is not supplied, Shorewall + supplies a suitable provider mask. + + diff --git a/manpages/shorewall-route_rules.xml b/manpages/shorewall-route_rules.xml index 9bf5faed7..bebfd96d4 100644 --- a/manpages/shorewall-route_rules.xml +++ b/manpages/shorewall-route_rules.xml @@ -113,6 +113,20 @@ + + + MARK - + {-|mark[/mask]} + + + Optional -- added in Shorewall 4.4.25. For this rule to be + applied to a packet, the packet's mark value must match the + mark when logically anded with the + mask. If a + mask is not supplied, Shorewall supplies + a suitable provider mask. + + @@ -127,7 +141,7 @@ You want all traffic coming in on eth1 to be routed to the ISP1 provider. - #SOURCE DEST PROVIDER PRIORITY + #SOURCE DEST PROVIDER PRIORITY MASK eth1 - ISP1 1000 @@ -144,7 +158,7 @@ is the subnet chosen in your OpenVPN configuration (server 10.8.0.0 255.255.255.0). - #SOURCE DEST PROVIDER PRIORITY + #SOURCE DEST PROVIDER PRIORITY MASK - 10.8.0.0/24 main 1000 diff --git a/manpages6/shorewall6-route_rules.xml b/manpages6/shorewall6-route_rules.xml index 6a22b8970..305330fda 100644 --- a/manpages6/shorewall6-route_rules.xml +++ b/manpages6/shorewall6-route_rules.xml @@ -113,6 +113,20 @@ + + + MARK - + {-|mark[/mask]} + + + Optional -- added in Shorewall 4.4.25. For this rule to be + applied to a packet, the packet's mark value must match the + mark when logically anded with the + mask. If a + mask is not supplied, Shorewall supplies + a suitable provider mask. + + @@ -127,7 +141,7 @@ You want all traffic coming in on eth1 to be routed to the ISP1 provider. - #SOURCE DEST PROVIDER PRIORITY + #SOURCE DEST PROVIDER PRIORITY MASK eth1 - ISP1 1000 @@ -149,10 +163,10 @@ shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), - shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), - shorewall6-providers(5), shorewall6-routestopped(5), shorewall6-rules(5), - shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), - shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-tunnels(5), - shorewall6-zones(5) + shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), + shorewall6-policy(5), shorewall6-providers(5), shorewall6-routestopped(5), + shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), + shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5), + shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)