extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-24 06:29:03 +01:00
Code Issues Packages Projects Releases Wiki Activity

Simplify tcfilter generation -- take 2

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2009-05-02 09:46:54 -07:00
parent ababc533f1
commit 8216a4e721
2 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Shorewall/Perl/Shorewall/IPAddrs.pm
View File

@ -263,11 +263,8 @@ sub ip_range_explicit( $ ) {
sub decompose_net( $ ) { sub decompose_net( $ ) {
my $net = $_[0]; my $net = $_[0];
return ( qw/0x00000000 0x00000000/ ) if $net eq '-';
( $net, my $vlsm ) = validate_net( $net , 0 ); ( $net, my $vlsm ) = validate_net( $net , 0 );
( encodeaddr( $net) , $vlsm );
( in_hex8( $net ) , vlsm_to_mask( $vlsm ) );
} }

25
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -706,19 +706,25 @@ sub process_tc_filter( $$$$$$ ) {
fatal_error "No Classes were defined for INTERFACE $device" unless $tcref; fatal_error "No Classes were defined for INTERFACE $device" unless $tcref;
$tcref = $tcref->{$class}; my $classnum = hex_value $class;
fatal_error "Invalid CLASS ($class)" unless defined $classnum;
$tcref = $tcref->{$classnum};
fatal_error "Unknown CLASS ($devclass)" unless $tcref; fatal_error "Unknown CLASS ($devclass)" unless $tcref;
my $rule = "filter add dev $device protocol ip parent $devnum:0 prio 10 u32"; my $rule = "filter add dev $device protocol ip parent $devnum:0 prio 10 u32";
my ( $net , $mask ) = decompose_net( $source ); if ( $source ne '-' ) {
my ( $net , $mask ) = decompose_net( $source );
$rule .= "\\\n match ip src $net/$mask";
}
$rule .= "\\\n match u32 $net $mask at 12" unless $mask eq '0x00000000'; if ( $dest ne '-' ) {
my ( $net , $mask ) = decompose_net( $dest );
( $net , $mask ) = decompose_net( $dest ); $rule .= "\\\n match ip dst $net/$mask";
}
$rule .= "\\\n match u32 $net $mask at 16" unless $mask eq '0x00000000';
my $protonumber = 0; my $protonumber = 0;
@ -726,10 +732,7 @@ sub process_tc_filter( $$$$$$ ) {
$protonumber = resolve_proto $proto; $protonumber = resolve_proto $proto;
fatal_error "Unknown PROTO ($proto)" unless defined $protonumber; fatal_error "Unknown PROTO ($proto)" unless defined $protonumber;
if ( $protonumber ) { $rule .= "\\\n match ip protocol $protonumber 0xff" if $protonumber;
my $pnumber = in_hex2 $protonumber;
$rule .= "\\\n match u8 $pnumber 0xff at 9";
}
} }
if ( $portlist eq '-' && $sportlist eq '-' ) { if ( $portlist eq '-' && $sportlist eq '-' ) {