Allow a chain designator in CLASSIFY rules

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-12-18 12:20:42 +01:00 · 2011-12-22 15:41:16 -08:00 · 2011-12-22 15:41:16 -08:00 · ce735e9415
commit ce735e9415
parent e93dbdcb99
3 changed files with 78 additions and 5 deletions
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@ -104,6 +104,10 @@ my  %flow_keys = ( 'src'            => 1,
 		   'sk-gid'         => 1,
 		   'vlan-tag'       => 1 );

+my %designator = ( P => 'tcpre' ,
+		   F => 'tcfor' ,
+		   T => 'tcpost' );
+
 my  %tosoptions = ( 'tos-minimize-delay'       => '0x10/0x10' ,
 		    'tos-maximize-throughput'  => '0x08/0x08' ,
 		    'tos-maximize-reliability' => '0x04/0x04' ,
@ -207,15 +211,20 @@ sub process_tc_rule( ) {

    fatal_error "Invalid MARK ($originalmark)" unless supplied $mark;

+    my $chain  = $globals{MARKING_CHAIN};
+
    if ( $remainder ) { 
 	if ( $originalmark =~ /^\w+\(?.*\)$/ ) {
 	    $mark = $originalmark; # Most likely, an IPv6 address is included in the parameter list
 	} else {
-	    fatal_error "Invalid MARK ($originalmark)";
+	    fatal_error "Invalid MARK ($originalmark)" 
+		unless ( $mark =~ /^([0-9a-fA-F]+)$/ &&
+			 $designator =~ /^([0-9a-fA-F]+)$/ && 
+			 ( $chain = $designator{$remainder} ) );
+	    $mark  = join( ':', $mark, $designator );
 	}
    }

-    my $chain  = $globals{MARKING_CHAIN};
    my $target = 'MARK --set-mark';
    my $tcsref;
    my $connmark = 0;
@ -259,7 +268,8 @@ sub process_tc_rule( ) {
 	    require_capability ('CONNMARK' , "CONNMARK Rules", '' ) if $connmark;

 	} else {
-	    fatal_error "Invalid MARK ($originalmark)"   unless $mark =~ /^([0-9a-fA-F]+)$/ and $designator =~ /^([0-9a-fA-F]+)$/;
+	    fatal_error "Invalid MARK ($originalmark)"
+		unless $remainder || ( $mark =~ /^([0-9a-fA-F]+)$/ and $designator =~ /^([0-9a-fA-F]+)$/ );

 	    if ( $config{TC_ENABLED} eq 'Internal' || $config{TC_ENABLED} eq 'Shared' ) {
 		$originalmark = join( ':', normalize_hex( $mark ), normalize_hex( $designator ) );
@ -278,9 +288,12 @@ sub process_tc_rule( ) {
 		}
 	    }

-	    $chain   = 'tcpost';
+	    unless ( $remainder ) {
+		$chain = 'tcpost';
+		$mark  = $originalmark;
+	    }
+
 	    $classid = 1;
-	    $mark    = $originalmark;
 	    $target  = 'CLASSIFY --set-class';
 	}
    }
--- a/manpages/shorewall-tcrules.xml
+++ b/manpages/shorewall-tcrules.xml
@ -202,6 +202,36 @@
              preceded by the number 1 (MARK 1 corresponds to minor class 11,
              MARK 5 corresponds to minor class 15, MARK 22 corresponds to
              minor class 122, etc.).</para>
+
+              <para>Beginning with Shorewall 4.4.27, the classid may be
+              optionally followed by ':' and a capital letter designating the
+              chain where classification is to occur. </para>
+
+              <variablelist>
+                <varlistentry>
+                  <term>F</term>
+
+                  <listitem>
+                    <para>FORWARD chain.</para>
+                  </listitem>
+                </varlistentry>
+
+                <varlistentry>
+                  <term>P</term>
+
+                  <listitem>
+                    <para>PREROUTING chain.</para>
+                  </listitem>
+                </varlistentry>
+
+                <varlistentry>
+                  <term>T</term>
+
+                  <listitem>
+                    <para>POSTROUTING chain.</para>
+                  </listitem>
+                </varlistentry>
+              </variablelist>
            </listitem>

            <listitem>
--- a/manpages6/shorewall6-tcrules.xml
+++ b/manpages6/shorewall6-tcrules.xml
@ -202,6 +202,36 @@
              preceded by the number 1 (MARK 1 corresponds to minor class 11,
              MARK 5 corresponds to minor class 15, MARK 22 corresponds to
              minor class 122, etc.).</para>
+
+              <para>Beginning with Shorewall 4.4.27, the classid may be
+              optionally followed by ':' and a capital letter designating the
+              chain where classification is to occur.</para>
+
+              <variablelist>
+                <varlistentry>
+                  <term>F</term>
+
+                  <listitem>
+                    <para>FORWARD chain.</para>
+                  </listitem>
+                </varlistentry>
+
+                <varlistentry>
+                  <term>P</term>
+
+                  <listitem>
+                    <para>PREROUTING chain.</para>
+                  </listitem>
+                </varlistentry>
+
+                <varlistentry>
+                  <term>T</term>
+
+                  <listitem>
+                    <para>POSTROUTING chain.</para>
+                  </listitem>
+                </varlistentry>
+              </variablelist>
            </listitem>

            <listitem>