forked from extern/shorewall_code
Add NEW_TOS_MATCH capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
477e2bc455
commit
186f71fa96
@ -25,7 +25,7 @@
|
|||||||
# loaded after this one and replaces some of the functions declared here.
|
# loaded after this one and replaces some of the functions declared here.
|
||||||
#
|
#
|
||||||
|
|
||||||
SHOREWALL_CAPVERSION=40514
|
SHOREWALL_CAPVERSION=40515
|
||||||
|
|
||||||
[ -n "${g_program:=shorewall}" ]
|
[ -n "${g_program:=shorewall}" ]
|
||||||
|
|
||||||
@ -2200,6 +2200,7 @@ determine_capabilities() {
|
|||||||
ARPTABLESJF=
|
ARPTABLESJF=
|
||||||
MASQUERADE_TGT=
|
MASQUERADE_TGT=
|
||||||
UDPLITEREDIRECT=
|
UDPLITEREDIRECT=
|
||||||
|
NEW_TOS_MATCH=
|
||||||
|
|
||||||
AMANDA_HELPER=
|
AMANDA_HELPER=
|
||||||
FTP_HELPER=
|
FTP_HELPER=
|
||||||
@ -2371,6 +2372,7 @@ determine_capabilities() {
|
|||||||
qt $g_tool -t mangle -A $chain -j DSCP --set-dscp 0 && DSCP_TARGET=Yes
|
qt $g_tool -t mangle -A $chain -j DSCP --set-dscp 0 && DSCP_TARGET=Yes
|
||||||
qt $g_tool -t mangle -A $chain -m rpfilter && RPFILTER_MATCH=Yes
|
qt $g_tool -t mangle -A $chain -m rpfilter && RPFILTER_MATCH=Yes
|
||||||
qt $g_tool -t mangle -A $chain -j CHECKSUM --checksum-fill && CHECKSUM_TARGET=Yes
|
qt $g_tool -t mangle -A $chain -j CHECKSUM --checksum-fill && CHECKSUM_TARGET=Yes
|
||||||
|
qt $g_tool -t mangle -A $chain -m tos --tos 0x10/0xff && NEW_TOS_MATCH=Yes
|
||||||
|
|
||||||
qt $g_tool -t mangle -F $chain
|
qt $g_tool -t mangle -F $chain
|
||||||
qt $g_tool -t mangle -X $chain
|
qt $g_tool -t mangle -X $chain
|
||||||
@ -2612,6 +2614,7 @@ report_capabilities_unsorted() {
|
|||||||
report_capability "Arptables JF" $ARPTABLESJF
|
report_capability "Arptables JF" $ARPTABLESJF
|
||||||
report_capability "MASQUERADE Target" $MASQUERADE_TGT
|
report_capability "MASQUERADE Target" $MASQUERADE_TGT
|
||||||
report_capability "UDPLITE Port Redirection" $UDPLITEREDIRECT
|
report_capability "UDPLITE Port Redirection" $UDPLITEREDIRECT
|
||||||
|
report_capability "New tos Match" $NEW_TOS_MATCH
|
||||||
|
|
||||||
report_capability "Amanda Helper" $AMANDA_HELPER
|
report_capability "Amanda Helper" $AMANDA_HELPER
|
||||||
report_capability "FTP Helper" $FTP_HELPER
|
report_capability "FTP Helper" $FTP_HELPER
|
||||||
@ -2733,6 +2736,7 @@ report_capabilities_unsorted1() {
|
|||||||
report_capability1 ARPTABLESJF
|
report_capability1 ARPTABLESJF
|
||||||
report_capability1 MASQUERADE_TGT
|
report_capability1 MASQUERADE_TGT
|
||||||
report_capability1 UDPLITEREDIRECT
|
report_capability1 UDPLITEREDIRECT
|
||||||
|
report_capability1 NEW_TOS_MATCH
|
||||||
|
|
||||||
report_capability1 AMANDA_HELPER
|
report_capability1 AMANDA_HELPER
|
||||||
report_capability1 FTP_HELPER
|
report_capability1 FTP_HELPER
|
||||||
|
@ -4791,10 +4791,11 @@ sub decode_tos( $$ ) {
|
|||||||
return '';
|
return '';
|
||||||
}
|
}
|
||||||
|
|
||||||
my $mask = 0xff;
|
my $mask = have_capability( 'NEW_TOS_MATCH' ) ? 0xff : '';
|
||||||
my $value;
|
my $value;
|
||||||
|
|
||||||
if ( $tos =~ m"^(.+)/(.+)$" ) {
|
if ( $tos =~ m"^(.+)/(.+)$" ) {
|
||||||
|
require_capability 'NEW_TOS_MATCH', 'A mask', 's';
|
||||||
$value = numeric_value $1;
|
$value = numeric_value $1;
|
||||||
$mask = numeric_value $2;
|
$mask = numeric_value $2;
|
||||||
} elsif ( ! defined ( $value = numeric_value( $tos ) ) ) {
|
} elsif ( ! defined ( $value = numeric_value( $tos ) ) ) {
|
||||||
|
@ -362,6 +362,7 @@ our %capdesc = ( NAT_ENABLED => 'NAT',
|
|||||||
ARPTABLESJF => 'Arptables JF',
|
ARPTABLESJF => 'Arptables JF',
|
||||||
MASQUERADE_TGT => 'MASQUERADE Target',
|
MASQUERADE_TGT => 'MASQUERADE Target',
|
||||||
UDPLITEREDIRECT => 'UDPLITE Port Redirection',
|
UDPLITEREDIRECT => 'UDPLITE Port Redirection',
|
||||||
|
NEW_TOS_MATCH => 'New tos Match',
|
||||||
|
|
||||||
AMANDA_HELPER => 'Amanda Helper',
|
AMANDA_HELPER => 'Amanda Helper',
|
||||||
FTP_HELPER => 'FTP Helper',
|
FTP_HELPER => 'FTP Helper',
|
||||||
@ -656,7 +657,7 @@ sub initialize( $;$$) {
|
|||||||
KLUDGEFREE => '',
|
KLUDGEFREE => '',
|
||||||
STATEMATCH => '-m state --state',
|
STATEMATCH => '-m state --state',
|
||||||
VERSION => "4.5.13-Beta3",
|
VERSION => "4.5.13-Beta3",
|
||||||
CAPVERSION => 40514 ,
|
CAPVERSION => 40515 ,
|
||||||
);
|
);
|
||||||
#
|
#
|
||||||
# From shorewall.conf file
|
# From shorewall.conf file
|
||||||
@ -912,6 +913,7 @@ sub initialize( $;$$) {
|
|||||||
ARPTABLESJF => undef,
|
ARPTABLESJF => undef,
|
||||||
MASQUERADE_TGT => undef,
|
MASQUERADE_TGT => undef,
|
||||||
UDPLITEREDIRECT => undef,
|
UDPLITEREDIRECT => undef,
|
||||||
|
NEW_TOS_MATCH => undef,
|
||||||
|
|
||||||
AMANDA_HELPER => undef,
|
AMANDA_HELPER => undef,
|
||||||
FTP_HELPER => undef,
|
FTP_HELPER => undef,
|
||||||
@ -3769,6 +3771,10 @@ sub Xconnmark() {
|
|||||||
have_capability( 'XCONNMARK_MATCH' ) && have_capability( 'XMARK' ) && qt1( "$iptables -t mangle -A $sillyname -j CONNMARK --save-mark --mask 0xFF" );
|
have_capability( 'XCONNMARK_MATCH' ) && have_capability( 'XMARK' ) && qt1( "$iptables -t mangle -A $sillyname -j CONNMARK --save-mark --mask 0xFF" );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sub New_Tos_Match() {
|
||||||
|
qt1( "$iptables -t mangle -A $sillyname -m tos --tos 0x10/0xff" );
|
||||||
|
}
|
||||||
|
|
||||||
sub Classify_Target() {
|
sub Classify_Target() {
|
||||||
have_capability( 'MANGLE_ENABLED' ) && qt1( "$iptables -t mangle -A $sillyname -j CLASSIFY --set-class 1:1" );
|
have_capability( 'MANGLE_ENABLED' ) && qt1( "$iptables -t mangle -A $sillyname -j CLASSIFY --set-class 1:1" );
|
||||||
}
|
}
|
||||||
@ -4146,6 +4152,7 @@ our %detect_capability =
|
|||||||
OLD_CONNTRACK_MATCH => \&Old_Conntrack_Match,
|
OLD_CONNTRACK_MATCH => \&Old_Conntrack_Match,
|
||||||
OLD_HL_MATCH => \&Old_Hashlimit_Match,
|
OLD_HL_MATCH => \&Old_Hashlimit_Match,
|
||||||
OLD_IPP2P_MATCH => \&Old_Ipp2p_Match,
|
OLD_IPP2P_MATCH => \&Old_Ipp2p_Match,
|
||||||
|
NEW_TOS_MATCH => \&New_Tos_Match,
|
||||||
OWNER_MATCH => \&Owner_Match,
|
OWNER_MATCH => \&Owner_Match,
|
||||||
OWNER_NAME_MATCH => \&Owner_Name_Match,
|
OWNER_NAME_MATCH => \&Owner_Name_Match,
|
||||||
PERSISTENT_SNAT => \&Persistent_Snat,
|
PERSISTENT_SNAT => \&Persistent_Snat,
|
||||||
@ -4311,6 +4318,7 @@ sub determine_capabilities() {
|
|||||||
$capabilities{CHECKSUM_TARGET} = detect_capability( 'CHECKSUM_TARGET' );
|
$capabilities{CHECKSUM_TARGET} = detect_capability( 'CHECKSUM_TARGET' );
|
||||||
$capabilities{MASQUERADE_TGT} = detect_capability( 'MASQUERADE_TGT' );
|
$capabilities{MASQUERADE_TGT} = detect_capability( 'MASQUERADE_TGT' );
|
||||||
$capabilities{UDPLITEREDIRECT} = detect_capability( 'UDPLITEREDIRECT' );
|
$capabilities{UDPLITEREDIRECT} = detect_capability( 'UDPLITEREDIRECT' );
|
||||||
|
$capabilities{NEW_TOS_MATCH} = detect_capability( 'NEW_TOS_MATCH' );
|
||||||
|
|
||||||
if ( have_capability 'CT_TARGET' ) {
|
if ( have_capability 'CT_TARGET' ) {
|
||||||
$capabilities{$_} = detect_capability $_ for ( values( %helpers_map ) );
|
$capabilities{$_} = detect_capability $_ for ( values( %helpers_map ) );
|
||||||
|
Loading…
Reference in New Issue
Block a user