diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli index 3cdd3036b..759b8eaa1 100644 --- a/Shorewall-core/lib.cli +++ b/Shorewall-core/lib.cli @@ -3530,6 +3530,7 @@ shorewall_cli() { g_doing="Compiling" g_directives= g_inline= + g_tcrules= VERBOSE= VERBOSITY=1 diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm index d3a98c7da..5163f63b4 100644 --- a/Shorewall/Perl/Shorewall/Compiler.pm +++ b/Shorewall/Perl/Shorewall/Compiler.pm @@ -584,8 +584,8 @@ EOF # sub compiler { - my ( $scriptfilename, $directory, $verbosity, $timestamp , $debug, $chains , $log , $log_verbosity, $preview, $confess , $update , $annotate , $convert, $config_path, $shorewallrc , $shorewallrc1 , $directives, $inline ) = - ( '', '', -1, '', 0, '', '', -1, 0, 0, 0, 0, , 0 , '' , '/usr/share/shorewall/shorewallrc', '' , 0 , 0 ); + my ( $scriptfilename, $directory, $verbosity, $timestamp , $debug, $chains , $log , $log_verbosity, $preview, $confess , $update , $annotate , $convert, $config_path, $shorewallrc , $shorewallrc1 , $directives, $inline, $tcrules ) = + ( '', '', -1, '', 0, '', '', -1, 0, 0, 0, 0, , 0 , '' , '/usr/share/shorewall/shorewallrc', '' , 0 , 0 , 0 ); $export = 0; $test = 0; @@ -625,6 +625,7 @@ sub compiler { annotate => { store => \$annotate, validate=> \&validate_boolean } , inline => { store => \$inline, validate=> \&validate_boolean } , directives => { store => \$directives, validate=> \&validate_boolean } , + tcrules => { store => \$tcrules, validate=> \&validate_boolean } , config_path => { store => \$config_path } , shorewallrc => { store => \$shorewallrc } , shorewallrc1 => { store => \$shorewallrc1 } , @@ -794,7 +795,7 @@ sub compiler { # # TCRules and Traffic Shaping # - setup_tc; + setup_tc( $tcrules ); if ( $scriptfilename || $debug ) { pop_indent; diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 60667e0ac..c3ccbfe88 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -4817,7 +4817,9 @@ EOF progress_message3 "No update required to configuration file $configfile"; } - exit 0 unless $directives || -f find_file 'blacklist'; + exit 0 unless ( $directives || + -f find_file 'blacklist' || + -f find_file 'tcrules' ); } } else { fatal_error "$fn does not exist"; diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm index b4da4d87c..c313cb36d 100644 --- a/Shorewall/Perl/Shorewall/Tc.pm +++ b/Shorewall/Perl/Shorewall/Tc.pm @@ -135,6 +135,10 @@ our %restrictions = ( tcpre => PREROUTE_RESTRICT , our $family; +our $tcrules; + +our $mangle; + our $divertref; # DIVERT chain our %validstates = ( NEW => 0, @@ -934,24 +938,36 @@ sub process_tc_rule1( $$$$$$$$$$$$$$$$ ) { } } + if ( $tcrules ) { + $command = ( $command ? "$command($mark)" : $mark ) . $designator; + my $line = ( $family == F_IPV6 ? + "$command\t$source\t$dest\t$proto\t$ports\t$sports\t$user\t$testval\t$length\t$tos\t$connbytes\t$helper\t$headers\t$probability\t$dscp\t$state" : + "$command\t$source\t$dest\t$proto\t$ports\t$sports\t$user\t$testval\t$length\t$tos\t$connbytes\t$helper\t$probability\t$dscp\t$state" ); + # + # Supress superfluous trailinc dashes + # + $line =~ s/(?:\t-)+$//; - process_mangle_rule1( 'TC', - ( $command ? "$command($mark)" : $mark ) . $designator , - $source, - $dest, - $proto, - $ports, - $sports, - $user, - $testval, - $length, - $tos, - $connbytes, - $helper, - $headers, - $probability, - $dscp, - $state ); + print $mangle "$line\n"; + } else { + process_mangle_rule1( 'TC', + ( $command ? "$command($mark)" : $mark ) . $designator , + $source, + $dest, + $proto, + $ports, + $sports, + $user, + $testval, + $length, + $tos, + $connbytes, + $helper, + $headers, + $probability, + $dscp, + $state ); + } } sub process_tc_rule( ) { @@ -3072,7 +3088,8 @@ sub process_secmark_rule() { # # Process the tcrules file and setup traffic shaping # -sub setup_tc() { +sub setup_tc( $ ) { + $tcrules = $_[0]; if ( $config{MANGLE_ENABLED} ) { ensure_mangle_chain 'tcpre'; @@ -3126,14 +3143,33 @@ sub setup_tc() { my $fn; if ( $fn = open_file( 'tcrules' , 2, 1 ) ) { + my $fn1; + + if ( $tcrules ) { + # + # We are going to convert this tcrules file to the equivalent mangle file + # + open( $mangle , '>>', $fn1 = find_file('mangle') ) || fatal_error "Unable to open $fn1:$!"; + } first_entry "$doing $fn..."; process_tc_rule, $have_tcrules++ while read_a_line( NORMAL_READ ); if ( $have_tcrules ) { - warning_message "Non-empty tcrules file ($fn); please move its contents to the mangle file"; + if ( $mangle ) { + progress_message2 "Converted $fn to $fn1"; + if ( rename $fn, "$fn.bak" ) { + progress_message2 "$fn renamed $fn.bak"; + } else { + fatal_error "Cannot Rename $fn to $fn.bak: $!"; + } + } else { + warning_message "Non-empty tcrules file ($fn); consider running '$product update -t'"; + } } + + close $mangle if $tcrules; } if ( my $fn = open_file( 'mangle', 1, 1 ) ) { diff --git a/Shorewall/Perl/compiler.pl b/Shorewall/Perl/compiler.pl index a657fd953..94dd2b8d5 100755 --- a/Shorewall/Perl/compiler.pl +++ b/Shorewall/Perl/compiler.pl @@ -41,6 +41,7 @@ # --shorewallrc1= # Path to export shorewallrc file. # --config_path= # Search path for config files # --inline # Update alternative column specifications +# --tcrules # Create mangle from tcrules # use strict; use FindBin; @@ -75,6 +76,7 @@ usage: compiler.pl [