extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-22 23:53:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Implement EXMARK capability

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-01-05 09:33:29 -08:00
parent 556170c990
commit ab1dc03986
3 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Shorewall/Perl/Shorewall/Config.pm
View File

@ -226,6 +226,7 @@ our %capdesc = ( NAT_ENABLED => 'NAT',
KLUDGEFREE => 'Repeat match', KLUDGEFREE => 'Repeat match',
MARK => 'MARK Target', MARK => 'MARK Target',
XMARK => 'Extended Mark Target', XMARK => 'Extended Mark Target',
EXMARK => 'Extended Mark Target 2',
MANGLE_FORWARD => 'Mangle FORWARD Chain', MANGLE_FORWARD => 'Mangle FORWARD Chain',
COMMENTS => 'Comments', COMMENTS => 'Comments',
ADDRTYPE => 'Address Type Match', ADDRTYPE => 'Address Type Match',
@ -604,6 +605,7 @@ sub initialize( $ ) {
KLUDGEFREE => undef, KLUDGEFREE => undef,
MARK => undef, MARK => undef,
XMARK => undef, XMARK => undef,
EXMARK => undef,
MANGLE_FORWARD => undef, MANGLE_FORWARD => undef,
COMMENTS => undef, COMMENTS => undef,
ADDRTYPE => undef, ADDRTYPE => undef,
@ -2068,6 +2070,7 @@ sub determine_capabilities( $ ) {
if ( qt1( "$iptables -t mangle -A $sillyname -j MARK --set-mark 1" ) ) { if ( qt1( "$iptables -t mangle -A $sillyname -j MARK --set-mark 1" ) ) {
$capabilities{MARK} = 1; $capabilities{MARK} = 1;
$capabilities{XMARK} = qt1( "$iptables -t mangle -A $sillyname -j MARK --and-mark 0xFF" ); $capabilities{XMARK} = qt1( "$iptables -t mangle -A $sillyname -j MARK --and-mark 0xFF" );
$capabilities{EXMARK} = qt1( "$iptables -t mangle -A $sillyname -j MARK --set-mark 1/0xFF" );
} }
if ( qt1( "$iptables -t mangle -A $sillyname -j CONNMARK --save-mark" ) ) { if ( qt1( "$iptables -t mangle -A $sillyname -j CONNMARK --save-mark" ) ) {

4
Shorewall/lib.base
View File

@ -813,6 +813,7 @@ determine_capabilities() {
KLUDGEFREE= KLUDGEFREE=
MARK= MARK=
XMARK= XMARK=
EXMARK=
MANGLE_FORWARD= MANGLE_FORWARD=
COMMENTS= COMMENTS=
ADDRTYPE= ADDRTYPE=
@ -914,6 +915,7 @@ determine_capabilities() {
if qt $IPTABLES -t mangle -A $chain -j MARK --set-mark 1; then if qt $IPTABLES -t mangle -A $chain -j MARK --set-mark 1; then
MARK=Yes MARK=Yes
qt $IPTABLES -t mangle -A $chain -j MARK --and-mark 0xFF && XMARK=Yes qt $IPTABLES -t mangle -A $chain -j MARK --and-mark 0xFF && XMARK=Yes
qt $IPTABLES -t mangle -A $chain -j MARK --set-mark 1/0xFF && EXMARK=Yes
fi fi
if qt $IPTABLES -t mangle -A $chain -j CONNMARK --save-mark; then if qt $IPTABLES -t mangle -A $chain -j CONNMARK --save-mark; then
@ -1011,6 +1013,7 @@ report_capabilities() {
report_capability "Repeat match" $KLUDGEFREE report_capability "Repeat match" $KLUDGEFREE
report_capability "MARK Target" $MARK report_capability "MARK Target" $MARK
[ -n "$MARK" ] && report_capability "Extended MARK Target" $XMARK [ -n "$MARK" ] && report_capability "Extended MARK Target" $XMARK
[ -n "$XMARK" ] && report_capability "Extended MARK Target 2" $EXMARK
report_capability "Mangle FORWARD Chain" $MANGLE_FORWARD report_capability "Mangle FORWARD Chain" $MANGLE_FORWARD
report_capability "Comments" $COMMENTS report_capability "Comments" $COMMENTS
report_capability "Address Type Match" $ADDRTYPE report_capability "Address Type Match" $ADDRTYPE
@ -1070,6 +1073,7 @@ report_capabilities1() {
report_capability1 KLUDGEFREE report_capability1 KLUDGEFREE
report_capability1 MARK report_capability1 MARK
report_capability1 XMARK report_capability1 XMARK
report_capability1 EXMARK
report_capability1 MANGLE_FORWARD report_capability1 MANGLE_FORWARD
report_capability1 COMMENTS report_capability1 COMMENTS
report_capability1 ADDRTYPE report_capability1 ADDRTYPE

4
Shorewall6/lib.base
View File

@ -722,6 +722,7 @@ determine_capabilities() {
KLUDGEFREE= KLUDGEFREE=
MARK= MARK=
XMARK= XMARK=
EXMARK=
MANGLE_FORWARD= MANGLE_FORWARD=
COMMENTS= COMMENTS=
ADDRTYPE= ADDRTYPE=
@ -822,6 +823,7 @@ determine_capabilities() {
if qt $IP6TABLES -t mangle -A $chain -j MARK --set-mark 1; then if qt $IP6TABLES -t mangle -A $chain -j MARK --set-mark 1; then
MARK=Yes MARK=Yes
qt $IP6TABLES -t mangle -A $chain -j MARK --and-mark 0xFF && XMARK=Yes qt $IP6TABLES -t mangle -A $chain -j MARK --and-mark 0xFF && XMARK=Yes
qt $IP6TABLES -t mangle -A $chain -j MARK --set-mark 1/0xFF && EXMARK=Yes
fi fi
if qt $IP6TABLES -t mangle -A $chain -j CONNMARK --save-mark; then if qt $IP6TABLES -t mangle -A $chain -j CONNMARK --save-mark; then
@ -917,6 +919,7 @@ report_capabilities() {
report_capability "Repeat match" $KLUDGEFREE report_capability "Repeat match" $KLUDGEFREE
report_capability "MARK Target" $MARK report_capability "MARK Target" $MARK
[ -n "$MARK" ] && report_capability "Extended MARK Target" $XMARK [ -n "$MARK" ] && report_capability "Extended MARK Target" $XMARK
[ -n "$XMARK" ] && report_capability "Extended MARK Target 2" $EXMARK
report_capability "Mangle FORWARD Chain" $MANGLE_FORWARD report_capability "Mangle FORWARD Chain" $MANGLE_FORWARD
report_capability "Comments" $COMMENTS report_capability "Comments" $COMMENTS
report_capability "Address Type Match" $ADDRTYPE report_capability "Address Type Match" $ADDRTYPE
@ -973,6 +976,7 @@ report_capabilities1() {
report_capability1 KLUDGEFREE report_capability1 KLUDGEFREE
report_capability1 MARK report_capability1 MARK
report_capability1 XMARK report_capability1 XMARK
report_capability1 EXMARK
report_capability1 MANGLE_FORWARD report_capability1 MANGLE_FORWARD
report_capability1 COMMENTS report_capability1 COMMENTS
report_capability1 ADDRTYPE report_capability1 ADDRTYPE