extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-25 09:03:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Implement HL manipulation for IPv6

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-10-09 14:01:40 -07:00
parent 668926c2a6
commit 99b21fdfc5
2 changed files with 32 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -394,6 +394,7 @@ sub process_tc_rule( ) {
$target .= ' --tproxy-mark'; $target .= ' --tproxy-mark';
} elsif ( $target eq 'TTL' ) { } elsif ( $target eq 'TTL' ) {
fatal_error "TTL is not supported in IPv6 - use HL instead" if $family == F_IPV6;
fatal_error "Invalid TTL specification( $cmd/$rest )" if $rest; fatal_error "Invalid TTL specification( $cmd/$rest )" if $rest;
fatal_error "Chain designator $designator not allowed with TTL" if $designator && ! ( $designator eq 'F' ); fatal_error "Chain designator $designator not allowed with TTL" if $designator && ! ( $designator eq 'F' );
@ -412,6 +413,26 @@ sub process_tc_rule( ) {
} else { } else {
$target .= " --ttl-set $param"; $target .= " --ttl-set $param";
} }
} elsif ( $target eq 'HL' ) {
fatal_error "HL is not supported in IPv4 - use TTL instead" if $family == F_IPV4;
fatal_error "Invalid HL specification( $cmd/$rest )" if $rest;
fatal_error "Chain designator $designator not allowed with HL" if $designator && ! ( $designator eq 'F' );
$chain = 'tcfor';
$cmd =~ /^HL\(([-+]?\d+)\)$/;
my $param = $1;
fatal_error "Invalid HL specification( $cmd )" unless $param && ( $param = abs $param ) < 256;
if ( $1 =~ /^\+/ ) {
$target .= " --hl-inc $param";
} elsif ( $1 =~ /\-/ ) {
$target .= " --hl-dec $param";
} else {
$target .= " --hl-set $param";
}
} }
if ( $rest ) { if ( $rest ) {
@ -1845,6 +1866,12 @@ sub setup_tc() {
mark => NOMARK, mark => NOMARK,
mask => '', mask => '',
connmark => 0 connmark => 0
},
{ match => sub( $ ) { $_[0] =~ /^HL/ },
target => 'HL',
mark => NOMARK,
mask => '',
connmark => 0
} }
); );

10
manpages6/shorewall6-tcrules.xml
View File

@ -316,7 +316,7 @@ SAME $FW 0.0.0.0/0 tcp 80,443</programlisting>
</listitem> </listitem>
<listitem> <listitem>
<para><emphasis role="bold">TTL</emphasis>([<emphasis <para><emphasis role="bold">HL</emphasis>([<emphasis
role="bold">-</emphasis>|<emphasis role="bold">-</emphasis>|<emphasis
role="bold">+</emphasis>]<replaceable>number</replaceable>)</para> role="bold">+</emphasis>]<replaceable>number</replaceable>)</para>
@ -324,13 +324,13 @@ SAME $FW 0.0.0.0/0 tcp 80,443</programlisting>
<emphasis role="bold">:F</emphasis> but the resulting rule is <emphasis role="bold">:F</emphasis> but the resulting rule is
always added to the FORWARD chain. If <emphasis always added to the FORWARD chain. If <emphasis
role="bold">+</emphasis> is included, packets matching the rule role="bold">+</emphasis> is included, packets matching the rule
will have their TTL incremented by will have their HL (hop limit) incremented by
<replaceable>number</replaceable>. Similarly, if <emphasis <replaceable>number</replaceable>. Similarly, if <emphasis
role="bold">-</emphasis> is included, matching packets have role="bold">-</emphasis> is included, matching packets have
their TTL decremented by <replaceable>number</replaceable>. If their HL decremented by <replaceable>number</replaceable>. If
neither <emphasis role="bold">+</emphasis> nor <emphasis neither <emphasis role="bold">+</emphasis> nor <emphasis
role="bold">-</emphasis> is given, the TTL of matching packets role="bold">-</emphasis> is given, the HL of matching packets is
is set to <replaceable>number</replaceable>. The valid range of set to <replaceable>number</replaceable>. The valid range of
values for <replaceable>number</replaceable> is 1-255.</para> values for <replaceable>number</replaceable> is 1-255.</para>
</listitem> </listitem>
</orderedlist> </orderedlist>