Implement the -t update option.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2014-02-15 09:36:13 -08:00
parent 3c5975a106
commit 669d15e2cf
6 changed files with 82 additions and 25 deletions

View File

@ -3530,6 +3530,7 @@ shorewall_cli() {
g_doing="Compiling" g_doing="Compiling"
g_directives= g_directives=
g_inline= g_inline=
g_tcrules=
VERBOSE= VERBOSE=
VERBOSITY=1 VERBOSITY=1

View File

@ -584,8 +584,8 @@ EOF
# #
sub compiler { sub compiler {
my ( $scriptfilename, $directory, $verbosity, $timestamp , $debug, $chains , $log , $log_verbosity, $preview, $confess , $update , $annotate , $convert, $config_path, $shorewallrc , $shorewallrc1 , $directives, $inline ) = my ( $scriptfilename, $directory, $verbosity, $timestamp , $debug, $chains , $log , $log_verbosity, $preview, $confess , $update , $annotate , $convert, $config_path, $shorewallrc , $shorewallrc1 , $directives, $inline, $tcrules ) =
( '', '', -1, '', 0, '', '', -1, 0, 0, 0, 0, , 0 , '' , '/usr/share/shorewall/shorewallrc', '' , 0 , 0 ); ( '', '', -1, '', 0, '', '', -1, 0, 0, 0, 0, , 0 , '' , '/usr/share/shorewall/shorewallrc', '' , 0 , 0 , 0 );
$export = 0; $export = 0;
$test = 0; $test = 0;
@ -625,6 +625,7 @@ sub compiler {
annotate => { store => \$annotate, validate=> \&validate_boolean } , annotate => { store => \$annotate, validate=> \&validate_boolean } ,
inline => { store => \$inline, validate=> \&validate_boolean } , inline => { store => \$inline, validate=> \&validate_boolean } ,
directives => { store => \$directives, validate=> \&validate_boolean } , directives => { store => \$directives, validate=> \&validate_boolean } ,
tcrules => { store => \$tcrules, validate=> \&validate_boolean } ,
config_path => { store => \$config_path } , config_path => { store => \$config_path } ,
shorewallrc => { store => \$shorewallrc } , shorewallrc => { store => \$shorewallrc } ,
shorewallrc1 => { store => \$shorewallrc1 } , shorewallrc1 => { store => \$shorewallrc1 } ,
@ -794,7 +795,7 @@ sub compiler {
# #
# TCRules and Traffic Shaping # TCRules and Traffic Shaping
# #
setup_tc; setup_tc( $tcrules );
if ( $scriptfilename || $debug ) { if ( $scriptfilename || $debug ) {
pop_indent; pop_indent;

View File

@ -4817,7 +4817,9 @@ EOF
progress_message3 "No update required to configuration file $configfile"; progress_message3 "No update required to configuration file $configfile";
} }
exit 0 unless $directives || -f find_file 'blacklist'; exit 0 unless ( $directives ||
-f find_file 'blacklist' ||
-f find_file 'tcrules' );
} }
} else { } else {
fatal_error "$fn does not exist"; fatal_error "$fn does not exist";

View File

@ -135,6 +135,10 @@ our %restrictions = ( tcpre => PREROUTE_RESTRICT ,
our $family; our $family;
our $tcrules;
our $mangle;
our $divertref; # DIVERT chain our $divertref; # DIVERT chain
our %validstates = ( NEW => 0, our %validstates = ( NEW => 0,
@ -934,7 +938,18 @@ sub process_tc_rule1( $$$$$$$$$$$$$$$$ ) {
} }
} }
if ( $tcrules ) {
$command = ( $command ? "$command($mark)" : $mark ) . $designator;
my $line = ( $family == F_IPV6 ?
"$command\t$source\t$dest\t$proto\t$ports\t$sports\t$user\t$testval\t$length\t$tos\t$connbytes\t$helper\t$headers\t$probability\t$dscp\t$state" :
"$command\t$source\t$dest\t$proto\t$ports\t$sports\t$user\t$testval\t$length\t$tos\t$connbytes\t$helper\t$probability\t$dscp\t$state" );
#
# Supress superfluous trailinc dashes
#
$line =~ s/(?:\t-)+$//;
print $mangle "$line\n";
} else {
process_mangle_rule1( 'TC', process_mangle_rule1( 'TC',
( $command ? "$command($mark)" : $mark ) . $designator , ( $command ? "$command($mark)" : $mark ) . $designator ,
$source, $source,
@ -952,6 +967,7 @@ sub process_tc_rule1( $$$$$$$$$$$$$$$$ ) {
$probability, $probability,
$dscp, $dscp,
$state ); $state );
}
} }
sub process_tc_rule( ) { sub process_tc_rule( ) {
@ -3072,7 +3088,8 @@ sub process_secmark_rule() {
# #
# Process the tcrules file and setup traffic shaping # Process the tcrules file and setup traffic shaping
# #
sub setup_tc() { sub setup_tc( $ ) {
$tcrules = $_[0];
if ( $config{MANGLE_ENABLED} ) { if ( $config{MANGLE_ENABLED} ) {
ensure_mangle_chain 'tcpre'; ensure_mangle_chain 'tcpre';
@ -3126,14 +3143,33 @@ sub setup_tc() {
my $fn; my $fn;
if ( $fn = open_file( 'tcrules' , 2, 1 ) ) { if ( $fn = open_file( 'tcrules' , 2, 1 ) ) {
my $fn1;
if ( $tcrules ) {
#
# We are going to convert this tcrules file to the equivalent mangle file
#
open( $mangle , '>>', $fn1 = find_file('mangle') ) || fatal_error "Unable to open $fn1:$!";
}
first_entry "$doing $fn..."; first_entry "$doing $fn...";
process_tc_rule, $have_tcrules++ while read_a_line( NORMAL_READ ); process_tc_rule, $have_tcrules++ while read_a_line( NORMAL_READ );
if ( $have_tcrules ) { if ( $have_tcrules ) {
warning_message "Non-empty tcrules file ($fn); please move its contents to the mangle file"; if ( $mangle ) {
progress_message2 "Converted $fn to $fn1";
if ( rename $fn, "$fn.bak" ) {
progress_message2 "$fn renamed $fn.bak";
} else {
fatal_error "Cannot Rename $fn to $fn.bak: $!";
} }
} else {
warning_message "Non-empty tcrules file ($fn); consider running '$product update -t'";
}
}
close $mangle if $tcrules;
} }
if ( my $fn = open_file( 'mangle', 1, 1 ) ) { if ( my $fn = open_file( 'mangle', 1, 1 ) ) {

View File

@ -41,6 +41,7 @@
# --shorewallrc1=<path> # Path to export shorewallrc file. # --shorewallrc1=<path> # Path to export shorewallrc file.
# --config_path=<path-list> # Search path for config files # --config_path=<path-list> # Search path for config files
# --inline # Update alternative column specifications # --inline # Update alternative column specifications
# --tcrules # Create mangle from tcrules
# #
use strict; use strict;
use FindBin; use FindBin;
@ -75,6 +76,7 @@ usage: compiler.pl [ <option> ... ] [ <filename> ]
[ --shorewallrc1=<pathname> ] [ --shorewallrc1=<pathname> ]
[ --config_path=<path-list> ] [ --config_path=<path-list> ]
[ --inline ] [ --inline ]
[ --tcrules ]
_EOF_ _EOF_
exit shift @_; exit shift @_;
@ -104,6 +106,7 @@ my $config_path = '';
my $shorewallrc = ''; my $shorewallrc = '';
my $shorewallrc1 = ''; my $shorewallrc1 = '';
my $inline = 0; my $inline = 0;
my $tcrules = 0;
Getopt::Long::Configure ('bundling'); Getopt::Long::Configure ('bundling');
@ -137,6 +140,7 @@ my $result = GetOptions('h' => \$help,
'update' => \$update, 'update' => \$update,
'convert' => \$convert, 'convert' => \$convert,
'inline' => \$inline, 'inline' => \$inline,
'tcrules' => \$tcrules,
'config_path=s' => \$config_path, 'config_path=s' => \$config_path,
'shorewallrc=s' => \$shorewallrc, 'shorewallrc=s' => \$shorewallrc,
'shorewallrc1=s' => \$shorewallrc1, 'shorewallrc1=s' => \$shorewallrc1,
@ -165,5 +169,6 @@ compiler( script => $ARGV[0] || '',
config_path => $config_path, config_path => $config_path,
shorewallrc => $shorewallrc, shorewallrc => $shorewallrc,
shorewallrc1 => $shorewallrc1, shorewallrc1 => $shorewallrc1,
inline => $inline inline => $inline,
tcrules => $tcrules,
); );

View File

@ -422,6 +422,7 @@ compiler() {
[ -n "$g_convert" ] && options="$options --convert" [ -n "$g_convert" ] && options="$options --convert"
[ -n "$g_annotate" ] && options="$options --annotate" [ -n "$g_annotate" ] && options="$options --annotate"
[ -n "$g_directives" ] && options="$options --directives" [ -n "$g_directives" ] && options="$options --directives"
[ -n "$g_tcrules" ] && options="$options --tcrules"
[ -n "$g_inline" ] && options="$options --inline" [ -n "$g_inline" ] && options="$options --inline"
if [ -n "$PERL" ]; then if [ -n "$PERL" ]; then
@ -841,6 +842,17 @@ update_command() {
g_directives=Yes g_directives=Yes
option=${option#D} option=${option#D}
;; ;;
t*)
g_tcrules=Yes
option=${option#t}
;;
A*)
g_inline=Yes
g_convert=Yes
g_directives=Yes
g_tcrules=Yes
option=${option#A}
;;
*) *)
usage 1 usage 1
;; ;;
@ -1686,7 +1698,7 @@ usage() # $1 = exit status
echo " status" echo " status"
echo " stop" echo " stop"
echo " try <directory> [ <timeout> ]" echo " try <directory> [ <timeout> ]"
echo " update [ -a ] [ -b ] [ -r ] [ -T ] [ -D ] [ -i ] [ <directory> ]" echo " update [ -a ] [ -b ] [ -r ] [ -T ] [ -D ] [ -i ] [-t] [-A] [ <directory> ]"
echo " version [ -a ]" echo " version [ -a ]"
echo echo
exit $1 exit $1