extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 09:47:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

Implement TTL support in tcrules.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-09-24 16:17:52 -07:00
parent dbf5f17b41
commit da5b6b99d4
3 changed files with 68 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -390,8 +390,26 @@ sub process_tc_rule( ) {
} }
$target .= ' --tproxy-mark'; $target .= ' --tproxy-mark';
} } elsif ( $target eq 'TTL' ) {
fatal_error "Invalid TTL specification( $cmd/$rest )" if $rest;
fatal_error "Chain designator $designator not allowed with TTL" if $designator && ! ( $designator eq 'F' );
$chain = 'tcfor';
$cmd =~ /^TTL\(([-+]?\d+)\)$/;
my $param = $1;
fatal_error "Invalid TTL specification( $cmd )" unless $param && ( $param = abs $param ) < 256;
if ( $1 =~ /^\+/ ) {
$target .= " --ttl-inc $param";
} elsif ( $1 =~ /\-/ ) {
$target .= " --ttl-dec $param";
} else {
$target .= " --ttl-set $param";
}
}
if ( $rest ) { if ( $rest ) {
fatal_error "Invalid MARK ($originalmark)" if $marktype == NOMARK; fatal_error "Invalid MARK ($originalmark)" if $marktype == NOMARK;
@ -1806,6 +1824,12 @@ sub setup_tc() {
mark => HIGHMARK, mark => HIGHMARK,
mask => '', mask => '',
connmark => '' }, connmark => '' },
{ match => sub( $ ) { $_[0] =~ /^TTL/ },
target => 'TTL',
mark => NOMARK,
mask => '',
connmark => 0
}
); );
if ( my $fn = open_file 'tcrules' ) { if ( my $fn = open_file 'tcrules' ) {

19
manpages/shorewall-tcrules.xml
View File

@ -415,6 +415,25 @@ SAME $FW 0.0.0.0/0 tcp 80,443</programlisting>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</listitem> </listitem>
<listitem>
<para><emphasis role="bold">TTL</emphasis>([<emphasis
role="bold">-</emphasis>|<emphasis
role="bold">+</emphasis>]<replaceable>number</replaceable>)</para>
<para>Added in Shorewall 4.4.24. May be option followed by
<emphasis role="bold">:F</emphasis> but the resulting rule is
always added to the FORWARD chain. If <emphasis
role="bold">+</emphasis> is included, packets matching the rule
will have their TTL incremented by
<replaceable>number</replaceable>. Similarly, if <emphasis
role="bold">-</emphasis> is included, matching packets have
their TTL decremented by <replaceable>number</replaceable>. If
neither <emphasis role="bold">+</emphasis> nor <emphasis
role="bold">-</emphasis> is given, the TTL of matching packets
is set to <replaceable>number</replaceable>. The valid range of
values for <replaceable>number</replaceable> is 1-255.</para>
</listitem>
</orderedlist> </orderedlist>
</listitem> </listitem>
</varlistentry> </varlistentry>

29
manpages6/shorewall6-tcrules.xml
View File

@ -312,6 +312,25 @@ SAME $FW 0.0.0.0/0 tcp 80,443</programlisting>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</listitem> </listitem>
<listitem>
<para><emphasis role="bold">TTL</emphasis>([<emphasis
role="bold">-</emphasis>|<emphasis
role="bold">+</emphasis>]<replaceable>number</replaceable>)</para>
<para>Added in Shorewall 4.4.24. May be option followed by
<emphasis role="bold">:F</emphasis> but the resulting rule is
always added to the FORWARD chain. If <emphasis
role="bold">+</emphasis> is included, packets matching the rule
will have their TTL incremented by
<replaceable>number</replaceable>. Similarly, if <emphasis
role="bold">-</emphasis> is included, matching packets have
their TTL decremented by <replaceable>number</replaceable>. If
neither <emphasis role="bold">+</emphasis> nor <emphasis
role="bold">-</emphasis> is given, the TTL of matching packets
is set to <replaceable>number</replaceable>. The valid range of
values for <replaceable>number</replaceable> is 1-255.</para>
</listitem>
</orderedlist> </orderedlist>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -794,10 +813,10 @@ SAME $FW 0.0.0.0/0 tcp 80,443</programlisting>
<para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), <para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
shorewall6-blacklist(5), shorewall6-ecn(5), shorewall6-exclusion(5), shorewall6-blacklist(5), shorewall6-ecn(5), shorewall6-exclusion(5),
shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5),
shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
shorewall6-route_rules(5), shorewall6-routestopped(5), shorewall6-providers(5), shorewall6-route_rules(5),
shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5),
shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tos(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),
shorewall6-tunnels(5), shorewall6-zones(5)</para> shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)</para>
</refsect1> </refsect1>
</refentry> </refentry>