Add rawpost table detection

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2025-01-08 22:58:50 +01:00 · 2011-08-13 11:14:29 -07:00 · 2011-08-13 11:14:29 -07:00 · 97121116a3
commit 97121116a3
parent 37b08dd991
3 changed files with 18 additions and 2 deletions
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -279,6 +279,7 @@ my  %capdesc = ( NAT_ENABLED     => 'NAT',
 		 HEADER_MATCH    => 'Header Match',
 		 ACCOUNT_TARGET  => 'ACCOUNT Target',
 		 AUDIT_TARGET    => 'AUDIT Target',
+		 RAWPOST_TABLE   => 'Rawpost Table',
 		 CAPVERSION      => 'Capability Version',
 		 KERNELVERSION   => 'Kernel Version',
 	       );
@ -436,7 +437,7 @@ sub initialize( $ ) {
 		    STATEMATCH => '-m state --state',
 		    UNTRACKED  => 0,
 		    VERSION    => "4.4.22.1",
-		    CAPVERSION => 40421 ,
+		    CAPVERSION => 40423 ,
 		  );
    #
    # From shorewall.conf file
@ -624,6 +625,7 @@ sub initialize( $ ) {
 	       CONNMARK_MATCH => undef,
 	       XCONNMARK_MATCH => undef,
 	       RAW_TABLE => undef,
+	       RAWPOST_TABLE => undef,
 	       IPP2P_MATCH => undef,
 	       OLD_IPP2P_MATCH => undef,
 	       CLASSIFY_TARGET => undef,
@ -2525,6 +2527,10 @@ sub Raw_Table() {
    qt1( "$iptables -t raw -L -n" );
 }

+sub Rawpost_Table() {
+    qt1( "$iptables -t rawpost -L -n" );
+}
+
 sub Old_IPSet_Match() {
    my $ipset  = $config{IPSET} || 'ipset';
    my $result = 0;
@ -2707,6 +2713,7 @@ our %detect_capability =
      PHYSDEV_MATCH => \&Physdev_Match,
      POLICY_MATCH => \&Policy_Match,
      RAW_TABLE => \&Raw_Table,
+      RAWPOST_TABLE => \&Rawpost_Table,
      REALM_MATCH => \&Realm_Match,
      RECENT_MATCH => \&Recent_Match,
      TCPMSS_MATCH => \&Tcpmss_Match,
@ -2820,6 +2827,7 @@ sub determine_capabilities() {

 	$capabilities{MANGLE_FORWARD}  = detect_capability( 'MANGLE_FORWARD' );
 	$capabilities{RAW_TABLE}       = detect_capability( 'RAW_TABLE' );
+	$capabilities{RAWPOST_TABLE}   = detect_capability( 'RAWPOST_TABLE' );
 	$capabilities{IPSET_MATCH}     = detect_capability( 'IPSET_MATCH' );
 	$capabilities{USEPKTTYPE}      = detect_capability( 'USEPKTTYPE' );
 	$capabilities{ADDRTYPE}        = detect_capability( 'ADDRTYPE' );
--- a/Shorewall/lib.cli
+++ b/Shorewall/lib.cli
@ -1690,6 +1690,7 @@ determine_capabilities() {
    CONNMARK_MATCH=
    XCONNMARK_MATCH=
    RAW_TABLE=
+    RAWPOST_TABLE=
    IPP2P_MATCH=
    OLD_IPP2P_MATCH=
    LENGTH_MATCH=
@ -1826,7 +1827,8 @@ determine_capabilities() {
 	qt $IPTABLES -t mangle -L FORWARD -n && MANGLE_FORWARD=Yes
    fi

-    qt $IPTABLES -t raw	   -L -n && RAW_TABLE=Yes
+    qt $IPTABLES -t raw	    -L -n && RAW_TABLE=Yes
+    qt $IPTABLES -t rawpost -L -n && RAWPOST_TABLE=Yes

    if qt mywhich ipset; then
 	qt ipset -X $chain # Just in case something went wrong the last time
@ -1934,6 +1936,7 @@ report_capabilities() {
 	report_capability "Connmark Match" $CONNMARK_MATCH
 	[ -n "$CONNMARK_MATCH" ] && report_capability "Extended Connmark Match" $XCONNMARK_MATCH
 	report_capability "Raw Table" $RAW_TABLE
+	report_capability "Rawpost Table" $RAWPOST_TABLE
 	report_capability "IPP2P Match" $IPP2P_MATCH
 	[ -n "$OLD_IPP2P_MATCH" ] && report_capability "Old IPP2P Match Syntax" $OLD_IPP2P_MATCH
 	report_capability "CLASSIFY Target" $CLASSIFY_TARGET
@ -2004,6 +2007,7 @@ report_capabilities1() {
    report_capability1 CONNMARK_MATCH
    report_capability1 XCONNMARK_MATCH
    report_capability1 RAW_TABLE
+    report_capability1 RAWPOST_TABLE
    report_capability1 IPP2P_MATCH
    report_capability1 OLD_IPP2P_MATCH
    report_capability1 CLASSIFY_TARGET
--- a/Shorewall6/lib.cli
+++ b/Shorewall6/lib.cli
@ -1519,6 +1519,7 @@ determine_capabilities() {
    CONNMARK_MATCH=
    XCONNMARK_MATCH=
    RAW_TABLE=
+    RAWPOST_TABLE=
    IPP2P_MATCH=
    OLD_IPP2P_MATCH=
    LENGTH_MATCH=
@ -1664,6 +1665,7 @@ determine_capabilities() {
    fi

    qt $IP6TABLES -t raw	   -L -n && RAW_TABLE=Yes
+    qt $IP6TABLES -t rawpost	   -L -n && RAWPOST_TABLE=Yes

    if qt mywhich ipset; then
 	qt ipset -X $chain # Just in case something went wrong the last time
@ -1764,6 +1766,7 @@ report_capabilities() {
 	report_capability "Connmark Match" $CONNMARK_MATCH
 	[ -n "$CONNMARK_MATCH" ] && report_capability "Extended Connmark Match" $XCONNMARK_MATCH
 	report_capability "Raw Table" $RAW_TABLE
+	report_capability "Rawpost Table" $RAWPOST_TABLE
 	report_capability "IPP2P Match" $IPP2P_MATCH
 	[ -n "$OLD_IPP2P_MATCH" ] && report_capability "Old IPP2P Match Syntax" $OLD_IPP2P_MATCH
 	report_capability "CLASSIFY Target" $CLASSIFY_TARGET
@ -1831,6 +1834,7 @@ report_capabilities1() {
    report_capability1 CONNMARK_MATCH
    report_capability1 XCONNMARK_MATCH
    report_capability1 RAW_TABLE
+    report_capability1 RAWPOST_TABLE
    report_capability1 IPP2P_MATCH
    report_capability1 OLD_IPP2P_MATCH
    report_capability1 CLASSIFY_TARGET