Fixes for IPP2P -- fix 'shorewall flush' and multi-ISP

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2801 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-10-05 16:45:50 +00:00
parent c6d76edc6d
commit a66d94d609
2 changed files with 23 additions and 52 deletions

View File

@ -1261,13 +1261,7 @@ setup_providers()
add_a_provider() {
local t n iface option
case $MARKING_CHAIN in
tcfor)
;;
*)
fatal_error "MARK_IN_FORWARD_CHAIN=No is incompatible with multiple providers"
;;
esac
[ -z "$TC_ENABLED" ] && fatal_error "Providers require TC_ENABLED=Yes in shorewall.conf"
for t in $PROVIDERS; do
if [ "$t" = "$table" ]; then
@ -3146,24 +3140,18 @@ process_tc_rule()
do_ipp2p()
{
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
[ "x$port" = "x-" ] && port="ipp2p"
case $proto in
ipp2p|IPP2P|ipp2p:tcp|IPP2P:TCP)
[ "x$port" = "x-" ] && port="ipp2p"
r="${r}-p tcp -m ipp2p --${port} "
;;
ipp2p:udp|IPP2P:UDP)
[ "x$port" = "x-" ] && port="ipp2p"
r="${r}-p udp -m ipp2p --${port} "
;;
ipp2p:all|IPP2P:ALL)
[ "x$port" = "x-" ] && port="ipp2p"
r="${r}-m ipp2p --${port} "
*:*)
proto=${proto#*:}
;;
*)
fatal_error "Invalid IPP2P Protocol ${proto#*:}. Rule: \"$rule\""
proto=tcp
;;
esac
r="${r}-p $proto -m ipp2p --${port} "
}
add_a_tc_rule() {
@ -3552,22 +3540,15 @@ process_accounting_rule() {
do_ipp2p() {
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support"
case $proto in
ipp2p|IPP2P|ipp2p:tcp|IPP2P:TCP)
rule="$rule -p tcp -m ipp2p --${port:-ipp2p}"
port=
;;
ipp2p:udp|IPP2P:UDP)
rule="$rule -p udp -m ipp2p --${port:-ipp2p}"
port=
;;
ipp2p:all|IPP2P:ALL)
rule="$rule -m ipp2p --${port:-ipp2p}"
port=
*:*)
proto=${proto#*:}
;;
*)
fatal_error "Invalid IPP2P Protocol ${proto#*:}"
proto=tcp
;;
esac
rule="$rule -p $proto -m ipp2p --${port:-ipp2p}"
}
case $source in
@ -3863,8 +3844,8 @@ refresh_tc() {
#
# Flush the TC mangle chains
#
run_iptables -t mangle -F $chain
[ -n "$MARK_IN_FORWARD_CHAIN" ] && run_iptables -t mangle -F tcpre
run_iptables -t mangle -F tcfor
run_iptables -t mangle -F tcpre
run_iptables -t mangle -F tcout
run_iptables -t mangle -F tcpost
#
@ -3959,29 +3940,22 @@ add_an_action()
do_ipp2p() {
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
dports="-m ipp2p --${port:-ipp2p}"
case $proto in
ipp2p|IPP2P|ipp2p:tcp|IPP2P:TCP)
dports="-m ipp2p --${port:-ipp2p}"
port=
ipp2p|IPP2P)
proto=tcp
port=
do_ports
;;
ipp2p:udpIPP2P:UDP)
dports="-m ipp2p --${port:-ipp2p}"
port=
proto=udp
port=
do_ports
;;
ipp2p:all|IPP2P:ALL)
[ -n "$port" ] && \
fatal_error "Port number not allowed with protocol \"$proto\"; rule: \"$rule\""
dports="-m ipp2p --${port:-ipp2p}"
port=
proto=all
;;
*)
fatal_error "Invalid IPP2P protocol ${proto#*:}. Rule: \"$rule\""
;;
esac
}
@ -5300,23 +5274,20 @@ process_rule() # $1 = target
do_ipp2p() {
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
dports="-m ipp2p --${port:-ipp2p}"
case $proto in
ipp2p|IPP2P|ipp2p:tcp|IPP2P:TCP)
dports="-m ipp2p --${port:-ipp2p}"
port=
proto=tcp
do_ports
;;
ipp2p:udp|IPP2P:UDP)
dports="-m ipp2p --${port:-ipp2p}"
port=
proto=udp
do_ports
;;
ipp2p:all|IPP2P:ALL)
[ -n "$port" ] && \
fatal_error "Port number not allowed with protocol \"$proto\"; rule: \"$rule\""
dports="-m ipp2p --${port:-ipp2p}"
port=
proto=all
;;

View File

@ -400,7 +400,7 @@ RETAIN_ALIASES=No
# If you say "No" or "no" then traffic shaping is not enabled.
#
TC_ENABLED=No
TC_ENABLED=Yes
#
# Clear Traffic Shapping/Control
@ -417,7 +417,7 @@ TC_ENABLED=No
# If omitted, CLEAR_TC=Yes is assumed.
#
CLEAR_TC=Yes
CLEAR_TC=No
#
# Mark Packets in the forward chain