Add an ECN action to shorewall-mangle(8)

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-11-07 16:24:01 +01:00 · 2016-02-26 09:33:16 -08:00 · 2016-02-26 09:33:16 -08:00 · 6c88eb6916
commit 6c88eb6916
parent f265596613
3 changed files with 35 additions and 0 deletions
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@ -499,6 +499,25 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) {
 	    },
 	},

+	ECN       => {
+	    defaultchain   => POSTROUTING,
+	    allowedchains  => PREROUTING | FORWARD | OUTPUT | INPUT | POSTROUTING,
+	    minparams      => 0,
+	    maxparams      => 0,
+	    function       => sub() {
+		fatal_error "The ECN target is only available with IPv4" if $family == F_IPV6;
+
+		if ( $proto eq '-' ) {
+		    $proto = TCP;
+		} else {
+		    $proto = resolve_proto( $proto ) || 0;
+		    fatal_error "Only PROTO tcp (6) is allowed with the ECN action" unless $proto == TCP;
+		}
+
+		$target = 'ECN --ecn-tcp-remove';
+	    }
+	},
+
 	HL        => {
 	    defaultchain   => FORWARD,
 	    allowedchains  => PREROUTING | FORWARD,
--- a/Shorewall/manpages/shorewall-mangle.xml
+++ b/Shorewall/manpages/shorewall-mangle.xml
@ -339,6 +339,18 @@ DIVERTHA        -               -               tcp</programlisting>
              </listitem>
            </varlistentry>

+            <varlistentry>
+              <term><emphasis role="bold">ECN</emphasis></term>
+
+              <listitem>
+                <para>Added in Shorewall 5.0.6 as an alternative to entries in
+                <ulink url="shorewall-ecn.html">shorewall-ecn(5)</ulink>. If a
+                PROTO is specified, it must be 'tcp' (6). If no PROTO is
+                supplied, TCP is assumed. This action causes all ECN bits in
+                the TCP header to be cleared.</para>
+              </listitem>
+            </varlistentry>
+
            <varlistentry>
              <term><emphasis
              role="bold">IMQ</emphasis>(<replaceable>number</replaceable>)</term>
--- a/docs/ECN.xml
+++ b/docs/ECN.xml
@ -118,6 +118,10 @@
          </tgroup>
        </table></para>
    </example>
+
+    <para>Beginning with Shorewall 5.0.6, you may also specify clearing of the
+    ECN flags through use of the ECN action in <ulink
+    url="manpages/shorewall-ecn.html">shorewall-mangle(8)</ulink>.</para>
  </section>

  <lot/>