extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-05-20 16:10:50 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add 'Mark in any table' capability

Browse Source
This commit is contained in:
Tom Eastep 2010-08-27 08:35:33 -07:00
parent a1cd2ba0f3
commit 57bcfee559
5 changed files with 20 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Shorewall/Perl/Shorewall/Config.pm
View File

@ -252,6 +252,7 @@ our %capdesc = ( NAT_ENABLED => 'NAT',
TPROXY_TARGET => 'TPROXY Target', TPROXY_TARGET => 'TPROXY Target',
FLOW_FILTER => 'Flow Classifier', FLOW_FILTER => 'Flow Classifier',
FWMARK_RT_MASK => 'fwmark route mask', FWMARK_RT_MASK => 'fwmark route mask',
MARK_ANYWHERE => 'Mark in any table',
CAPVERSION => 'Capability Version', CAPVERSION => 'Capability Version',
KERNELVERSION => 'Kernel Version', KERNELVERSION => 'Kernel Version',
); );
@ -347,7 +348,7 @@ sub initialize( $ ) {
STATEMATCH => '-m state --state', STATEMATCH => '-m state --state',
UNTRACKED => 0, UNTRACKED => 0,
VERSION => "4.4.13-Beta2", VERSION => "4.4.13-Beta2",
CAPVERSION => 40411 , CAPVERSION => 40413 ,
); );
# #
@ -677,6 +678,7 @@ sub initialize( $ ) {
OLD_HL_MATCH => undef, OLD_HL_MATCH => undef,
FLOW_FILTER => undef, FLOW_FILTER => undef,
FWMARK_RT_MASK => undef, FWMARK_RT_MASK => undef,
MARK_ANYWHERE => undef,
CAPVERSION => undef, CAPVERSION => undef,
KERNELVERSION => undef, KERNELVERSION => undef,
); );
@ -2474,6 +2476,10 @@ sub Fwmark_Rt_Mask() {
$ip && system( "$ip rule add help 2>&1 | grep -q /MASK" ) == 0; $ip && system( "$ip rule add help 2>&1 | grep -q /MASK" ) == 0;
} }
sub Mark_Anywhere() {
qt1( "$iptables -A $sillyname -j MARK --set-mark 5" );
}
our %detect_capability = our %detect_capability =
( ADDRTYPE => \&Addrtype, ( ADDRTYPE => \&Addrtype,
CLASSIFY_TARGET => \&Classify_Target, CLASSIFY_TARGET => \&Classify_Target,
@ -2501,6 +2507,7 @@ our %detect_capability =
MANGLE_ENABLED => \&Mangle_Enabled, MANGLE_ENABLED => \&Mangle_Enabled,
MANGLE_FORWARD => \&Mangle_Forward, MANGLE_FORWARD => \&Mangle_Forward,
MARK => \&Mark, MARK => \&Mark,
MARK_ANYWHERE => \&Mark_Anywhere,
MULTIPORT => \&Multiport, MULTIPORT => \&Multiport,
NAT_ENABLED => \&Nat_Enabled, NAT_ENABLED => \&Nat_Enabled,
NEW_CONNTRACK_MATCH => \&New_Conntrack_Match, NEW_CONNTRACK_MATCH => \&New_Conntrack_Match,
@ -2644,6 +2651,8 @@ sub determine_capabilities() {
$capabilities{LOG_TARGET} = detect_capability( 'LOG_TARGET' ); $capabilities{LOG_TARGET} = detect_capability( 'LOG_TARGET' );
$capabilities{LOGMARK_TARGET} = detect_capability( 'LOGMARK_TARGET' ); $capabilities{LOGMARK_TARGET} = detect_capability( 'LOGMARK_TARGET' );
$capabilities{FLOW_FILTER} = detect_capability( 'FLOW_FILTER' ); $capabilities{FLOW_FILTER} = detect_capability( 'FLOW_FILTER' );
$capabilities{FWMARK_RT_MASK} = detect_capability( 'FWMARK_RT_MASK' );
$capabilities{MARK_ANYWHERE} = detect_capability( 'MARK_ANYWHERE' );
qt1( "$iptables -F $sillyname" ); qt1( "$iptables -F $sillyname" );

2
Shorewall/lib.base
View File

@ -29,7 +29,7 @@
# #
SHOREWALL_LIBVERSION=40407 SHOREWALL_LIBVERSION=40407
SHOREWALL_CAPVERSION=40412 SHOREWALL_CAPVERSION=40413
[ -n "${VARDIR:=/var/lib/shorewall}" ] [ -n "${VARDIR:=/var/lib/shorewall}" ]
[ -n "${SHAREDIR:=/usr/share/shorewall}" ] [ -n "${SHAREDIR:=/usr/share/shorewall}" ]

4
Shorewall/lib.cli
View File

@ -1576,6 +1576,7 @@ determine_capabilities() {
PERSISTENT_SNAT= PERSISTENT_SNAT=
FLOW_FILTER= FLOW_FILTER=
FWMARK_RT_MASK= FWMARK_RT_MASK=
MARK_ANYWHERE=
chain=fooX$$ chain=fooX$$
@ -1713,6 +1714,7 @@ determine_capabilities() {
qt $IPTABLES -A $chain -g $chain1 && GOTO_TARGET=Yes qt $IPTABLES -A $chain -g $chain1 && GOTO_TARGET=Yes
qt $IPTABLES -A $chain -j LOGMARK && LOGMARK_TARGET=Yes qt $IPTABLES -A $chain -j LOGMARK && LOGMARK_TARGET=Yes
qt $IPTABLES -A $chain -j LOG || LOG_TARGET= qt $IPTABLES -A $chain -j LOG || LOG_TARGET=
qt $IPTABLES -A $chain -j MARK --set-mark 5 && MARK_ANYWHERE=Yes
qt $IPTABLES -F $chain qt $IPTABLES -F $chain
qt $IPTABLES -X $chain qt $IPTABLES -X $chain
@ -1792,6 +1794,7 @@ report_capabilities() {
report_capability "TPROXY Target" $TPROXY_TARGET report_capability "TPROXY Target" $TPROXY_TARGET
report_capability "FLOW Classifier" $FLOW_FILTER report_capability "FLOW Classifier" $FLOW_FILTER
report_capability "fwmark route mask" $FWMARK_RT_MASK report_capability "fwmark route mask" $FWMARK_RT_MASK
report_capability "Mark in any table" $MARK_ANYWHERE
fi fi
[ -n "$PKTTYPE" ] || USEPKTTYPE= [ -n "$PKTTYPE" ] || USEPKTTYPE=
@ -1856,6 +1859,7 @@ report_capabilities1() {
report_capability1 TPROXY_TARGET report_capability1 TPROXY_TARGET
report_capability1 FLOW_FILTER report_capability1 FLOW_FILTER
report_capability1 FWMARK_RT_MASK report_capability1 FWMARK_RT_MASK
report_capability1 MARK_ANYWHERE
echo CAPVERSION=$SHOREWALL_CAPVERSION echo CAPVERSION=$SHOREWALL_CAPVERSION
echo KERNELVERSION=$KERNELVERSION echo KERNELVERSION=$KERNELVERSION

2
Shorewall6/lib.base
View File

@ -33,7 +33,7 @@
# #
SHOREWALL_LIBVERSION=40407 SHOREWALL_LIBVERSION=40407
SHOREWALL_CAPVERSION=40412 SHOREWALL_CAPVERSION=40413
[ -n "${VARDIR:=/var/lib/shorewall6}" ] [ -n "${VARDIR:=/var/lib/shorewall6}" ]
[ -n "${SHAREDIR:=/usr/share/shorewall6}" ] [ -n "${SHAREDIR:=/usr/share/shorewall6}" ]

4
Shorewall6/lib.cli
View File

@ -1263,6 +1263,7 @@ determine_capabilities() {
LOG_TARGET=Yes LOG_TARGET=Yes
FLOW_FILTER= FLOW_FILTER=
FWMARK_RT_MASK= FWMARK_RT_MASK=
MARK_ANYWHERE=
chain=fooX$$ chain=fooX$$
@ -1404,6 +1405,7 @@ determine_capabilities() {
qt $IP6TABLES -A $chain -m time --timestart 23:00 -j DROP && TIME_MATCH=Yes qt $IP6TABLES -A $chain -m time --timestart 23:00 -j DROP && TIME_MATCH=Yes
qt $IP6TABLES -A $chain -g $chain1 && GOTO_TARGET=Yes qt $IP6TABLES -A $chain -g $chain1 && GOTO_TARGET=Yes
qt $IP6TABLES -A $chain -j LOG || LOG_TARGET= qt $IP6TABLES -A $chain -j LOG || LOG_TARGET=
qt $IP6TABLES -A $chain -j MARK --set-mark 5 && MARK_ANYWHERE=Yes
qt $IP6TABLES -F $chain qt $IP6TABLES -F $chain
qt $IP6TABLES -X $chain qt $IP6TABLES -X $chain
@ -1480,6 +1482,7 @@ report_capabilities() {
report_capability "TPROXY Target" $TPROXY_TARGET report_capability "TPROXY Target" $TPROXY_TARGET
report_capability "FLOW Classifier" $FLOW_FILTER report_capability "FLOW Classifier" $FLOW_FILTER
report_capability "fwmark route mask" $FWMARK_RT_MASK report_capability "fwmark route mask" $FWMARK_RT_MASK
report_capability "Mark in any table" $MARK_ANYWHERE
fi fi
[ -n "$PKTTYPE" ] || USEPKTTYPE= [ -n "$PKTTYPE" ] || USEPKTTYPE=
@ -1541,6 +1544,7 @@ report_capabilities1() {
report_capability1 TPROXY_TARGET report_capability1 TPROXY_TARGET
report_capability1 FLOW_FILTER report_capability1 FLOW_FILTER
report_capability1 FWMARK_RT_MASK report_capability1 FWMARK_RT_MASK
report_capability1 MARK_ANYWHERE
echo CAPVERSION=$SHOREWALL_CAPVERSION echo CAPVERSION=$SHOREWALL_CAPVERSION
echo KERNELVERSION=$KERNELVERSION echo KERNELVERSION=$KERNELVERSION