mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-22 15:43:30 +01:00
update -t also converts the 'tos' file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
e0734a45ee
commit
dc2406d25b
@ -2145,7 +2145,7 @@ sub split_line2( $$;$$$ ) {
|
||||
#
|
||||
# This file supports INLINE or IPTABLES
|
||||
#
|
||||
if ( $currentline =~ /^\s*INLINE(?:\(.*\)|:.*)?\s/ || $currentline =~ /^\s*IP6?TABLES(?:\(.*\)|:.*)?\s/ ) {
|
||||
if ( $currentline =~ /^\s*INLINE(?:\(.*\)(:.*)?|:.*)?\s/ || $currentline =~ /^\s*IP6?TABLES(?:\(.*\)|:.*)?\s/ ) {
|
||||
$inline_matches = $pairs;
|
||||
|
||||
if ( $columns =~ /^(\s*|.*[^&@%]){(.*)}\s*$/ ) {
|
||||
@ -4970,7 +4970,8 @@ EOF
|
||||
-f find_file 'blacklist' ||
|
||||
-f find_file 'tcrules' ||
|
||||
-f find_file 'routestopped' ||
|
||||
-f find_file 'notrack'
|
||||
-f find_file 'notrack' ||
|
||||
-f find_file 'tos'
|
||||
);
|
||||
}
|
||||
} else {
|
||||
@ -5549,13 +5550,13 @@ sub get_configuration( $$$$$ ) {
|
||||
my $match = have_capability( 'OLD_HL_MATCH' ) ? 'hashlimit' : 'hashlimit-upto';
|
||||
my $units;
|
||||
|
||||
if ( $rate =~ /^[sd]:((\d+)(\/(sec|min|seconds|minutes|hour|day))):(\d+)$/ ) {
|
||||
if ( $rate =~ /^[sd]:((\d+)(\/(sec|min|second|minute|hour|day))):(\d+)$/ ) {
|
||||
fatal_error "Invalid rate ($1)" unless $2;
|
||||
fatal_error "Invalid burst value ($5)" unless $5;
|
||||
|
||||
$limit .= "--$match $1 --hashlimit-burst $5 --hashlimit-name lograte --hashlimit-mode ";
|
||||
$units = $4;
|
||||
} elsif ( $rate =~ /^[sd]:((\d+)(\/(sec|min|seconds|minutes|hour|day))?)$/ ) {
|
||||
} elsif ( $rate =~ /^[sd]:((\d+)(\/(sec|min|second|minute|hour|day))?)$/ ) {
|
||||
fatal_error "Invalid rate ($1)" unless $2;
|
||||
$limit .= "--$match $1 --hashlimit-name lograte --hashlimit-mode ";
|
||||
$units = $4;
|
||||
@ -5575,11 +5576,11 @@ sub get_configuration( $$$$$ ) {
|
||||
|
||||
$limit .= "--hashlimit-htable-expire $expire ";
|
||||
}
|
||||
} elsif ( $rate =~ /^((\d+)(\/(sec|min|seconds|minutes|hour|day))):(\d+)$/ ) {
|
||||
} elsif ( $rate =~ /^((\d+)(\/(sec|min|second|minute|hour|day))):(\d+)$/ ) {
|
||||
fatal_error "Invalid rate ($1)" unless $2;
|
||||
fatal_error "Invalid burst value ($5)" unless $5;
|
||||
$limit = "-m limit --limit $1 --limit-burst $5 ";
|
||||
} elsif ( $rate =~ /^(\d+)(\/(sec|min|seconds|minutes|hour|day))?$/ ) {
|
||||
} elsif ( $rate =~ /^(\d+)(\/(sec|min|second|minute|hour|day))?$/ ) {
|
||||
fatal_error "Invalid rate (${1}${2})" unless $1;
|
||||
$limit = "-m limit --limit $rate ";
|
||||
} else {
|
||||
|
@ -3161,11 +3161,90 @@ sub process_secmark_rule() {
|
||||
}
|
||||
}
|
||||
|
||||
sub convert_tos($$) {
|
||||
my ( $mangle, $fn1 ) = @_;
|
||||
|
||||
my $have_tos = 0;
|
||||
|
||||
sub unlink_tos( $ ) {
|
||||
my $fn = shift;
|
||||
|
||||
if ( unlink $fn ) {
|
||||
warning_message "Empty tos file ($fn) removed";
|
||||
} else {
|
||||
warning_message "Unable to remove empty tos file $fn: $!";
|
||||
}
|
||||
}
|
||||
|
||||
if ( my $fn = open_file 'tos' ) {
|
||||
while ( read_a_line( NORMAL_READ ) ) {
|
||||
|
||||
$have_tos = 1;
|
||||
|
||||
my ($src, $dst, $proto, $ports, $sports , $tos, $mark ) =
|
||||
split_line( 'tos file entry',
|
||||
{ source => 0, dest => 1, proto => 2, dport => 3, sport => 4, tos => 5, mark => 6 } );
|
||||
|
||||
my $chain_designator = 'P';
|
||||
|
||||
decode_tos($tos, 1);
|
||||
|
||||
my ( $srczone , $source , $remainder );
|
||||
|
||||
if ( $family == F_IPV4 ) {
|
||||
( $srczone , $source , $remainder ) = split( /:/, $src, 3 );
|
||||
fatal_error 'Invalid SOURCE' if defined $remainder;
|
||||
} elsif ( $src =~ /^(.+?):<(.*)>\s*$/ || $src =~ /^(.+?):\[(.*)\]\s*$/ ) {
|
||||
$srczone = $1;
|
||||
$source = $2;
|
||||
} else {
|
||||
$srczone = $src;
|
||||
}
|
||||
|
||||
if ( $srczone eq firewall_zone ) {
|
||||
$chain_designator = 'O';
|
||||
$src = $source || '-';
|
||||
} else {
|
||||
$src =~ s/^all:?//;
|
||||
}
|
||||
|
||||
$dst =~ s/^all:?//;
|
||||
|
||||
$src = '-' unless supplied $src;
|
||||
$dst = '-' unless supplied $dst;
|
||||
$proto = '-' unless supplied $proto;
|
||||
$ports = '-' unless supplied $ports;
|
||||
$sports = '-' unless supplied $sports;
|
||||
$mark = '-' unless supplied $mark;
|
||||
|
||||
print $mangle "TOS($tos):$chain_designator\t$src\t$dst\t$proto\t$ports\t$sports\t-\t$mark\n"
|
||||
|
||||
}
|
||||
|
||||
if ( $have_tos ) {
|
||||
progress_message2 "Converted $fn to $fn1";
|
||||
if ( rename $fn, "$fn.bak" ) {
|
||||
progress_message2 "$fn renamed $fn.bak";
|
||||
} else {
|
||||
fatal_error "Cannot Rename $fn to $fn.bak: $!";
|
||||
}
|
||||
} else {
|
||||
unlink_tos( $fn );
|
||||
}
|
||||
} elsif ( -f ( $fn = find_file( 'tos' ) ) ) {
|
||||
if ( unlink $fn ) {
|
||||
warning_message "Empty tos file ($fn) removed";
|
||||
} else {
|
||||
warning_message "Unable to remove empty tos file $fn: $!";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# Process the mangle file and setup traffic shaping
|
||||
#
|
||||
sub setup_tc( $ ) {
|
||||
$tcrules = $_[0];
|
||||
my $convert = $_[0];
|
||||
|
||||
if ( $config{MANGLE_ENABLED} ) {
|
||||
ensure_mangle_chain 'tcpre';
|
||||
@ -3221,7 +3300,7 @@ sub setup_tc( $ ) {
|
||||
if ( $fn = open_file( 'tcrules' , 2, 1 ) ) {
|
||||
my $fn1;
|
||||
|
||||
if ( $tcrules ) {
|
||||
if ( $convert ) {
|
||||
#
|
||||
# We are going to convert this tcrules file to the equivalent mangle file
|
||||
#
|
||||
@ -3234,29 +3313,43 @@ sub setup_tc( $ ) {
|
||||
|
||||
process_tc_rule, $have_tcrules++ while read_a_line( NORMAL_READ );
|
||||
|
||||
if ( $have_tcrules ) {
|
||||
if ( $mangle ) {
|
||||
if ( $convert ) {
|
||||
if ( $have_tcrules ) {
|
||||
progress_message2 "Converted $fn to $fn1";
|
||||
if ( rename $fn, "$fn.bak" ) {
|
||||
progress_message2 "$fn renamed $fn.bak";
|
||||
} else {
|
||||
fatal_error "Cannot Rename $fn to $fn.bak: $!";
|
||||
}
|
||||
|
||||
close $mangle, directive_callback( 0 );
|
||||
} else {
|
||||
warning_message "Non-empty tcrules file ($fn); consider running '$product update -t'";
|
||||
}
|
||||
} elsif ( $tcrules ) {
|
||||
close $mangle, directive_callback( 0 );
|
||||
|
||||
if ( -f ( my $fn = find_file( 'tcrules' ) ) ) {
|
||||
} elsif ( -f ( my $fn = find_file( 'tcrules' ) ) ) {
|
||||
if ( unlink $fn ) {
|
||||
warning_message "Empty tcrules file ($fn) removed";
|
||||
} else {
|
||||
warning_message "Unable to remove empty tcrules file $fn: $!";
|
||||
}
|
||||
}
|
||||
|
||||
convert_tos( $mangle, $fn1 );
|
||||
|
||||
close $mangle, directive_callback( 0 );
|
||||
}
|
||||
} elsif ( $convert ) {
|
||||
if ( -f ( my $fn = find_file( 'tcrules' ) ) ) {
|
||||
if ( unlink $fn ) {
|
||||
warning_message "Empty tcrules file ($fn) removed";
|
||||
} else {
|
||||
warning_message "Unable to remove empty tcrules file $fn: $!";
|
||||
}
|
||||
}
|
||||
|
||||
if ( -f ( my $fn = find_file( 'tos' ) ) ) {
|
||||
my $fn1;
|
||||
#
|
||||
# We are going to convert this tosfile to the equivalent mangle file
|
||||
#
|
||||
open( $mangle , '>>', $fn1 = find_file('mangle') ) || fatal_error "Unable to open $fn1:$!";
|
||||
convert_tos( $mangle, $fn1 );
|
||||
close $mangle;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -2316,11 +2316,13 @@
|
||||
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
|
||||
|
||||
<para>The <option>-t</option> option was added in Shorewall 4.6.0.
|
||||
When specified, <option>-t</option> causes <ulink
|
||||
url="shorewall-tcrules.html">shorewall-tcrules(5)</ulink> to be
|
||||
converted to <ulink
|
||||
When specified, <option>-t</option> causes the <emphasis
|
||||
role="bold">tcrules</emphasis> file to be converted to <ulink
|
||||
url="shorewall-mangle.html">shorewall-mangle(5)</ulink>. The old
|
||||
file is renamed with a .bak suffix.</para>
|
||||
file is renamed with a .bak suffix. Beginning with Shorewall
|
||||
4.6.12.2, this option also causes the <emphasis
|
||||
role="bold">tos</emphasis> file to be converted to <ulink
|
||||
url="shorewall-mangle.html">shorewall-mangle(5)</ulink>.</para>
|
||||
|
||||
<important>
|
||||
<para>There are some notable restrictions with the
|
||||
|
@ -2185,11 +2185,13 @@
|
||||
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
|
||||
|
||||
<para>The <option>-t</option> option was added in Shorewall 4.6.0.
|
||||
When specified, <option>-t</option> causes <ulink
|
||||
url="shorewall6-tcrules.html">shorewall6-tcrules(5)</ulink> to be
|
||||
converted to <ulink
|
||||
When specified, <option>-t</option> causes the <emphasis
|
||||
role="bold">tcrules</emphasis> file to be converted to <ulink
|
||||
url="shorewall6-mangle.html">shorewall6-mangle(5)</ulink>. The old
|
||||
file is renamed with a .bak suffix.</para>
|
||||
file is renamed with a .bak suffix. Beginning with Shorewall
|
||||
4.6.12.2, this option also causes the <emphasis
|
||||
role="bold">tos</emphasis> file to be converted to <ulink
|
||||
url="shorewall6-mangle.html">shorewall6-mangle(5)</ulink>.</para>
|
||||
|
||||
<important>
|
||||
<para>There are some notable restrictions with the
|
||||
|
Loading…
Reference in New Issue
Block a user