extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-18 19:48:19 +01:00
Code Issues Packages Projects Releases Wiki Activity

The -t option also converts the 'tos' file.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2015-08-24 14:56:24 -07:00
parent 463206a3eb
commit f9ae28aeea
4 changed files with 101 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Shorewall/Perl/Shorewall/Config.pm
View File

@ -4876,7 +4876,8 @@ EOF
-f find_file 'blacklist' || -f find_file 'blacklist' ||
-f find_file 'tcrules' || -f find_file 'tcrules' ||
-f find_file 'routestopped' || -f find_file 'routestopped' ||
-f find_file 'notrack' -f find_file 'notrack' ||
-f find_file 'tos'
); );
} }
} else { } else {

87
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -3139,6 +3139,81 @@ sub process_secmark_rule() {
} }
} }
sub convert_tos($$) {
my ( $mangle, $fn1 ) = @_;
my $have_tos = 0;
sub unlink_tos( $ ) {
my $fn = shift;
if ( unlink $fn ) {
warning_message "Empty tos file ($fn) removed";
} else {
warning_message "Unable to remove empty tos file $fn: $!";
}
}
if ( my $fn = open_file 'tos' ) {
while ( read_a_line( NORMAL_READ ) ) {
$have_tos = 1;
my ($src, $dst, $proto, $ports, $sports , $tos, $mark ) =
split_line( 'tos file entry',
{ source => 0, dest => 1, proto => 2, dport => 3, sport => 4, tos => 5, mark => 6 } );
my $chain_designator = 'P';
decode_tos($tos, 1);
my ( $srczone , $source , $remainder );
if ( $family == F_IPV4 ) {
( $srczone , $source , $remainder ) = split( /:/, $src, 3 );
fatal_error 'Invalid SOURCE' if defined $remainder;
} elsif ( $src =~ /^(.+?):<(.*)>\s*$/ || $src =~ /^(.+?):\[(.*)\]\s*$/ ) {
$srczone = $1;
$source = $2;
} else {
$srczone = $src;
}
if ( $srczone eq firewall_zone ) {
$chain_designator = 'O';
$src = $source || '-';
} else {
$src =~ s/^all:?//;
}
$dst =~ s/^all:?//;
$src = '-' unless supplied $src;
$dst = '-' unless supplied $dst;
$proto = '-' unless supplied $proto;
$ports = '-' unless supplied $ports;
$sports = '-' unless supplied $sports;
$mark = '-' unless supplied $mark;
print $mangle "TOS($tos):$chain_designator\t$src\t$dst\t$proto\t$ports\t$sports\t-\t$mark\n"
}
if ( $have_tos ) {
progress_message2 "Converted $fn to $fn1";
if ( rename $fn, "$fn.bak" ) {
progress_message2 "$fn renamed $fn.bak";
} else {
fatal_error "Cannot Rename $fn to $fn.bak: $!";
}
} else {
unlink_tos( $fn );
}
} elsif ( -f ( my $fn = find_file( 'tos' ) ) ) {
unlink_tos( $fn );
}
}
# #
# Process the mangle file and setup traffic shaping # Process the mangle file and setup traffic shaping
# #
@ -3226,6 +3301,8 @@ sub setup_tc( $ ) {
} }
} }
convert_tos( $mangle, $fn1 );
close $mangle, directive_callback( 0 ) if $tcrules; close $mangle, directive_callback( 0 ) if $tcrules;
} elsif ( $tcrules ) { } elsif ( $tcrules ) {
@ -3236,6 +3313,16 @@ sub setup_tc( $ ) {
warning_message "Unable to remove empty tcrules file $fn: $!"; warning_message "Unable to remove empty tcrules file $fn: $!";
} }
} }
if ( -f ( my $fn = find_file( 'tos' ) ) ) {
my $fn1;
#
# We are going to convert this tosfile to the equivalent mangle file
#
open( $mangle , '>>', $fn1 = find_file('mangle') ) || fatal_error "Unable to open $fn1:$!";
convert_tos( $mangle, $fn1 );
close $mangle;
}
} }
} elsif ( -f ( my $fn = find_file( 'tcrules' ) ) ) { } elsif ( -f ( my $fn = find_file( 'tcrules' ) ) ) {
warning_message "The tcrules file is no longer supported -- use '$product update -t' to convert $fn to an equivalent 'mangle' file"; warning_message "The tcrules file is no longer supported -- use '$product update -t' to convert $fn to an equivalent 'mangle' file";

10
Shorewall/manpages/shorewall.xml
View File

@ -2504,11 +2504,13 @@
url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para> url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
<para>The <option>-t</option> option was added in Shorewall 4.6.0. <para>The <option>-t</option> option was added in Shorewall 4.6.0.
When specified, <option>-t</option> causes <ulink When specified, <option>-t</option> causes the <emphasis
url="shorewall-tcrules.html">shorewall-tcrules(5)</ulink> to be role="bold">tcrules</emphasis> file to be converted to <ulink
converted to <ulink
url="shorewall-mangle.html">shorewall-mangle(5)</ulink>. The old url="shorewall-mangle.html">shorewall-mangle(5)</ulink>. The old
file is renamed with a .bak suffix.</para> file is renamed with a .bak suffix. Beginning with Shorewall
4.6.12.2, this option also causes the <emphasis
role="bold">tos</emphasis> file to be converted to <ulink
url="shorewall-mangle.html">shorewall-mangle(5)</ulink>.</para>
<important> <important>
<para>There are some notable restrictions with the <para>There are some notable restrictions with the

10
Shorewall6/manpages/shorewall6.xml
View File

@ -2381,11 +2381,13 @@
url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para> url="/manpages6/shorewall6.conf.html">shorewall6.conf</ulink>(5).</para>
<para>The <option>-t</option> option was added in Shorewall 4.6.0. <para>The <option>-t</option> option was added in Shorewall 4.6.0.
When specified, <option>-t</option> causes <ulink When specified, <option>-t</option> causes the <emphasis
url="shorewall6-tcrules.html">shorewall6-tcrules(5)</ulink> to be role="bold">tcrules</emphasis> file to be converted to <ulink
converted to <ulink
url="shorewall6-mangle.html">shorewall6-mangle(5)</ulink>. The old url="shorewall6-mangle.html">shorewall6-mangle(5)</ulink>. The old
file is renamed with a .bak suffix.</para> file is renamed with a .bak suffix. Beginning with Shorewall
4.6.12.2, this option also causes the <emphasis
role="bold">tos</emphasis> file to be converted to <ulink
url="shorewall6-mangle.html">shorewall6-mangle(5)</ulink>.</para>
<important> <important>
<para>There are some notable restrictions with the <para>There are some notable restrictions with the