shorewall_code/Shorewall/clib.ecn

#!/bin/sh
#
# Shorewall 3.2 -- /usr/share/shorewall/clib.ecn
#
#     This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
#
#     (c) 2005,2006 - Tom Eastep (teastep@shorewall.net)
#
#	Complete documentation is available at http://shorewall.net
#
#	This program is free software; you can redistribute it and/or modify
#	it under the terms of Version 2 of the GNU General Public License
#	as published by the Free Software Foundation.
#
#	This program is distributed in the hope that it will be useful,
#	but WITHOUT ANY WARRANTY; without even the implied warranty of
#	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
#	GNU General Public License for more details.
#
#	You should have received a copy of the GNU General Public License
#	along with this program; if not, write to the Free Software
#	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA

#
# ECN Chain to an interface
#
ecn_chain() # $1 = interface
{
   echo $(chain_base $1)_ecn
}

#
# Setup ECN disabling rules
#
setup_ecn() # $1 = file name
{
    local interfaces=""
    local hosts=
    local h

    strip_file ecn $1

    progress_message2 "$DOING $1..."

    while read interface host; do
	expandv interface host
	list_search  $interface $ALL_INTERFACES || \
	    fatal_error "Unknown interface $interface"
	list_search $interface $interfaces || \
	    interfaces="$interfaces $interface"
	[ "x$host" = "x-" ] && host=
	for h in $(separate_list ${host:-0.0.0.0/0}); do
	    hosts="$hosts $interface:$h"
	done
    done < $TMP_DIR/ecn

    if [ -n "$interfaces" ]; then
	progress_message "$DOING ECN control on${interfaces}..."

	for interface in $interfaces; do
	    chain=$(ecn_chain $interface)
	    if havemanglechain $chain; then
		flushmangle $chain
	    else
		createmanglechain $chain
		run_iptables -t mangle -A POSTROUTING -p tcp -o $interface -j $chain
		run_iptables -t mangle -A OUTPUT      -p tcp -o $interface -j $chain
	    fi
	done

	for host in $hosts; do
	    interface=${host%:*}
	    h=${host#*:}
	    run_iptables -t mangle -A $(ecn_chain $interface) -p tcp $(dest_ip_range $h) -j ECN --ecn-tcp-remove
	    progress_message_and_save "   ECN Disabled to $h through $interface"
	done
    fi
}

CLIB_ECN_LOADED=Yes
More modularization git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4382 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2006-08-19 00:56:20 +02:00			`#!/bin/sh`
			`#`
			`# Shorewall 3.2 -- /usr/share/shorewall/clib.ecn`
			`#`
			`# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]`
			`#`
			`# (c) 2005,2006 - Tom Eastep (teastep@shorewall.net)`
			`#`
			`# Complete documentation is available at http://shorewall.net`
			`#`
			`# This program is free software; you can redistribute it and/or modify`
			`# it under the terms of Version 2 of the GNU General Public License`
			`# as published by the Free Software Foundation.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program; if not, write to the Free Software`
			`# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA`

			`#`
			`# ECN Chain to an interface`
			`#`
			`ecn_chain() # $1 = interface`
			`{`
			`echo $(chain_base $1)_ecn`
			`}`

			`#`
			`# Setup ECN disabling rules`
			`#`
			`setup_ecn() # $1 = file name`
			`{`
			`local interfaces=""`
			`local hosts=`
			`local h`

			`strip_file ecn $1`

			`progress_message2 "$DOING $1..."`

			`while read interface host; do`
			`expandv interface host`
			`list_search $interface $ALL_INTERFACES \|\| \`
			`fatal_error "Unknown interface $interface"`
			`list_search $interface $interfaces \|\| \`
			`interfaces="$interfaces $interface"`
			`[ "x$host" = "x-" ] && host=`
			`for h in $(separate_list ${host:-0.0.0.0/0}); do`
			`hosts="$hosts $interface:$h"`
			`done`
			`done < $TMP_DIR/ecn`

			`if [ -n "$interfaces" ]; then`
			`progress_message "$DOING ECN control on${interfaces}..."`

			`for interface in $interfaces; do`
			`chain=$(ecn_chain $interface)`
			`if havemanglechain $chain; then`
			`flushmangle $chain`
			`else`
			`createmanglechain $chain`
			`run_iptables -t mangle -A POSTROUTING -p tcp -o $interface -j $chain`
			`run_iptables -t mangle -A OUTPUT -p tcp -o $interface -j $chain`
			`fi`
			`done`

			`for host in $hosts; do`
			`interface=${host%:*}`
			`h=${host#*:}`
			`run_iptables -t mangle -A $(ecn_chain $interface) -p tcp $(dest_ip_range $h) -j ECN --ecn-tcp-remove`
			`progress_message_and_save " ECN Disabled to $h through $interface"`
			`done`
			`fi`
			`}`

			`CLIB_ECN_LOADED=Yes`