From 95abeaea2407464464d4da4f8fa8caaf5f6212d7 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 1 Dec 2013 09:25:32 -0800 Subject: [PATCH] Finish INLINE in the tcrules file. Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Tc.pm | 20 ++++++++++++---- Shorewall/manpages/shorewall-tcrules.xml | 27 ++++++++++++++++++++++ Shorewall6/manpages/shorewall6-tcrules.xml | 26 +++++++++++++++++++++ 3 files changed, 69 insertions(+), 4 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm index 433d5add9..93b6478a6 100644 --- a/Shorewall/Perl/Shorewall/Tc.pm +++ b/Shorewall/Perl/Shorewall/Tc.pm @@ -207,7 +207,7 @@ sub initialize( $ ) { sub process_tc_rule1( $$$$$$$$$$$$$$$$ ) { my ( $originalmark, $source, $dest, $proto, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state ) = @_; -our %tccmd; + our %tccmd; unless ( %tccmd ) { %tccmd = ( SAVE => { match => sub ( $ ) { $_[0] eq 'SAVE' } , @@ -316,6 +316,15 @@ our %tccmd; fatal_error 'MARK must be specified' if $originalmark eq '-'; + my $inline; + my $raw = ''; + + if ( $inline = ( $originalmark =~ /^INLINE\((.+)\)(:.*)?$/ ) ) { + $originalmark = $1; + $originalmark .= $2 if $2; + $raw = get_inline_matches; + } + my ( $mark, $designator, $remainder ) = split( /:/, $originalmark, 3 ); fatal_error "Invalid MARK ($originalmark)" unless supplied $mark; @@ -557,9 +566,12 @@ our %tccmd; assert ( $cmd eq 'INLINE' ); $matches = get_inline_matches; - if ( $matches =~ /^(.*\s+)-j\s+(.+) $/ ) { - $matches = $1; - $target = $2; + if ( $matches =~ /^(.*\s+)-j\s+(.+)$/ ) { + $matches = $1; + $target = $2; + my $action = $target; + $action = $1 if $action =~ /^(.+?)\s/; + fatal_error "Unknown target ($action)" unless $targets{$action} || $builtin_target{$action}; } else { $target = ''; } diff --git a/Shorewall/manpages/shorewall-tcrules.xml b/Shorewall/manpages/shorewall-tcrules.xml index 101a9da32..1239442fc 100644 --- a/Shorewall/manpages/shorewall-tcrules.xml +++ b/Shorewall/manpages/shorewall-tcrules.xml @@ -473,6 +473,33 @@ in your kernel and iptables. + + INLINE[(action)] + + Added in Shorewall 4.6.0. Allows you to place your own + ip[6]tables matches at the end of the line following a semicolon + (";"). If an action is specified, the + compiler procedes as if that action + had been specified in this column. If no action is specified, + then you may include your own jump ("-j + target + [option] ...") after any matches + specified at the end of the rule. If the target is not one known + to Shorewall, then it must be defined as a builtin action in + shorewall-actions + (5). + + The following rules are equivalent: + + 2:P eth0 - tcp 22 +INLINE(2):P eth0 - tcp 22 +INLINE(2):P eth0 - ; -p tcp +INLINE eth0 - tcp 22 ; -j MARK --set-mark 2 +INLINE eth0 - ; -p tcp -j MARK --set-mark 2 + + + IPMARK ‒ Assigns a mark to each matching packet based on the either the source or diff --git a/Shorewall6/manpages/shorewall6-tcrules.xml b/Shorewall6/manpages/shorewall6-tcrules.xml index 62580b8df..9242975f4 100644 --- a/Shorewall6/manpages/shorewall6-tcrules.xml +++ b/Shorewall6/manpages/shorewall6-tcrules.xml @@ -503,6 +503,32 @@ in your kernel and ip6tables. + + INLINE[(action)] + + Added in Shorewall 4.6.0. Allows you to place your own + ip[6]tables matches at the end of the line following a semicolon + (";"). If an action is specified, the + compiler procedes as if that action + had been specified in this column. If no action is specified, + then you may include your own jump ("-j + target + [option] ...") after any matches + specified at the end of the rule. If the target is not one known + to Shorewall, then it must be defined as a builtin action in + shorewall6-actions + (5). + + The following rules are equivalent: + + 2:P eth0 - tcp 22 +INLINE(2):P eth0 - tcp 22 +INLINE(2):P eth0 - ; -p tcp +INLINE eth0 - tcp 22 ; -j MARK --set-mark 2 +INLINE eth0 - ; -p tcp -j MARK --set-mark 2 + + RESTORE[/mask] --