extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-19 17:28:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add TC connmark support

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2020-07-07 15:39:23 -07:00
parent b617c8d224
commit 89201bd294
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
3 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Shorewall-core/lib.cli
View File

@ -25,7 +25,7 @@
# loaded after this one and replaces some of the functions declared here. # loaded after this one and replaces some of the functions declared here.
# #
SHOREWALL_CAPVERSION=50200 SHOREWALL_CAPVERSION=50207
if [ -z "$g_basedir" ]; then if [ -z "$g_basedir" ]; then
# #
@ -2878,6 +2878,7 @@ determine_capabilities() {
NETMAP_TARGET= NETMAP_TARGET=
NFLOG_SIZE= NFLOG_SIZE=
RESTORE_WAIT_OPTION= RESTORE_WAIT_OPTION=
CONNMARK_ACTION=
AMANDA_HELPER= AMANDA_HELPER=
FTP_HELPER= FTP_HELPER=
@ -3245,6 +3246,10 @@ determine_capabilities() {
BASIC_FILTER=Yes BASIC_FILTER=Yes
$TC filter add basic help 2>&1 | egrep -q match && BASIC_EMATCH=Yes $TC filter add basic help 2>&1 | egrep -q match && BASIC_EMATCH=Yes
fi fi
if $TC action add connmark help 2>&1 | grep -q ^Usage; then
CONNMARK_ACTION=Yes
fi
fi fi
[ -n "$IP" ] && $IP rule add help 2>&1 | grep -q /MASK && FWMARK_RT_MASK=Yes [ -n "$IP" ] && $IP rule add help 2>&1 | grep -q /MASK && FWMARK_RT_MASK=Yes
@ -3388,6 +3393,7 @@ report_capabilities_unsorted() {
report_capability "NETMAP Target (NETMAP_TARGET)" $NETMAP_TARGET report_capability "NETMAP Target (NETMAP_TARGET)" $NETMAP_TARGET
report_capability "--nflog-size support (NFLOG_SIZE)" $NFLOG_SIZE report_capability "--nflog-size support (NFLOG_SIZE)" $NFLOG_SIZE
report_capability "INPUT chain in nat table (NAT_INPUT_CHAIN)" $NAT_INPUT_CHAIN report_capability "INPUT chain in nat table (NAT_INPUT_CHAIN)" $NAT_INPUT_CHAIN
report_capability "TC connmark support (CONNMARK_ACTION)" $CONNMARK_ACTION
echo " Kernel Version (KERNELVERSION): $KERNELVERSION" echo " Kernel Version (KERNELVERSION): $KERNELVERSION"
echo " Capabilities Version (CAPVERSION): $CAPVERSION" echo " Capabilities Version (CAPVERSION): $CAPVERSION"
@ -3494,6 +3500,7 @@ report_capabilities_unsorted1() {
report_capability1 NFLOG_SIZE report_capability1 NFLOG_SIZE
report_capability1 RESTORE_WAIT_OPTION report_capability1 RESTORE_WAIT_OPTION
report_capability1 NAT_INPUT_CHAIN report_capability1 NAT_INPUT_CHAIN
report_capability1 CONNMARK_ACTION
report_capability1 AMANDA_HELPER report_capability1 AMANDA_HELPER
report_capability1 FTP_HELPER report_capability1 FTP_HELPER

11
Shorewall/Perl/Shorewall/Config.pm
View File

@ -502,6 +502,7 @@ our %capdesc = ( NAT_ENABLED => 'NAT',
RESTORE_WAIT_OPTION RESTORE_WAIT_OPTION
=> 'iptables-restore --wait option', => 'iptables-restore --wait option',
NAT_INPUT_CHAIN => 'INPUT chain in NAT table', NAT_INPUT_CHAIN => 'INPUT chain in NAT table',
CONNMARK_ACTION => 'TC connmark support',
# #
# Helpers # Helpers
# #
@ -883,8 +884,8 @@ sub initialize($;$$$$) {
TC_SCRIPT => '', TC_SCRIPT => '',
EXPORT => 0, EXPORT => 0,
KLUDGEFREE => '', KLUDGEFREE => '',
VERSION => '5.2.4.1', VERSION => '5.2.7-Beta1',
CAPVERSION => 50200 , CAPVERSION => 50207 ,
BLACKLIST_LOG_TAG => '', BLACKLIST_LOG_TAG => '',
RELATED_LOG_TAG => '', RELATED_LOG_TAG => '',
MACLIST_LOG_TAG => '', MACLIST_LOG_TAG => '',
@ -1178,6 +1179,7 @@ sub initialize($;$$$$) {
NFLOG_SIZE => undef, NFLOG_SIZE => undef,
RESTORE_WAIT_OPTION => undef, RESTORE_WAIT_OPTION => undef,
NAT_INPUT_CHAIN => undef, NAT_INPUT_CHAIN => undef,
CONNMARK_ACTION => undef ,
AMANDA_HELPER => undef, AMANDA_HELPER => undef,
FTP_HELPER => undef, FTP_HELPER => undef,
@ -5052,6 +5054,10 @@ sub Basic_Filter() {
$tc && system( "$tc filter add basic help 2>&1 | grep -q ^Usage" ) == 0; $tc && system( "$tc filter add basic help 2>&1 | grep -q ^Usage" ) == 0;
} }
sub Connmark_Action() {
$tc && system( "$tc action add connmark help 2>&1 | grep -q ^Usage" ) == 0;
}
sub Basic_Ematch() { sub Basic_Ematch() {
$tc && have_capability( 'BASIC_FILTER' ) && system( "$tc filter add basic help 2>&1 | egrep -q match" ) == 0; $tc && have_capability( 'BASIC_FILTER' ) && system( "$tc filter add basic help 2>&1 | egrep -q match" ) == 0;
} }
@ -5181,6 +5187,7 @@ our %detect_capability =
COMMENTS => \&Comments, COMMENTS => \&Comments,
CONNLIMIT_MATCH => \&Connlimit_Match, CONNLIMIT_MATCH => \&Connlimit_Match,
CONNMARK => \&Connmark, CONNMARK => \&Connmark,
CONNMARK_ACTION => \&Connmark_Action,
CONNMARK_MATCH => \&Connmark_Match, CONNMARK_MATCH => \&Connmark_Match,
CONNTRACK_MATCH => \&Conntrack_Match, CONNTRACK_MATCH => \&Conntrack_Match,
CPU_FANOUT => \&Cpu_Fanout, CPU_FANOUT => \&Cpu_Fanout,

1
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -459,6 +459,7 @@ sub validate_tc_device( ) {
fatal_error "Invalid tsize ($1)" unless defined $tsize; fatal_error "Invalid tsize ($1)" unless defined $tsize;
fatal_error q('tsize' requires 'linklayer') unless $linklayer; fatal_error q('tsize' requires 'linklayer') unless $linklayer;
} elsif ( $option eq 'connmark' ) { } elsif ( $option eq 'connmark' ) {
require_capability( 'CONNMARK_ACTION', q(The 'connmark' option), 's' );
$connmark = 1; $connmark = 1;
} else { } else {
fatal_error "Unknown device option ($option)"; fatal_error "Unknown device option ($option)";