Merge branch '4.4.27' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall into 4.4.27

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-26 13:22:30 -08:00 · 2011-12-26 13:22:30 -08:00 · 1c2ab238a5
commit 1c2ab238a5
parent 3541767881 be4cb9d26a
3 changed files with 14 additions and 3 deletions
--- a/Shorewall/Perl/Shorewall/IPAddrs.pm
+++ b/Shorewall/Perl/Shorewall/IPAddrs.pm
@ -55,6 +55,7 @@ our @EXPORT = qw( ALLIPv4
 		  DCCP
 		  IPv6_ICMP
 		  SCTP
+		  GRE

 		  validate_address
 		  validate_net
@ -117,6 +118,7 @@ use constant { ALLIPv4             => '0.0.0.0/0' ,
 	       TCP                 => 6,
 	       UDP                 => 17,
 	       DCCP                => 33,
+	       GRE                 => 47,
 	       IPv6_ICMP           => 58,
 	       SCTP                => 132,
 	       UDPLITE             => 136 };
--- a/Shorewall/Perl/Shorewall/Raw.pm
+++ b/Shorewall/Perl/Shorewall/Raw.pm
@ -59,6 +59,7 @@ sub process_notrack_rule( $$$$$$$ ) {

    my $target = $action;
    my $exception_rule = '';
+    my $rule = do_proto( $proto, $ports, $sports ) . do_user ( $user );

    unless ( $action eq 'NOTRACK' ) {
 	(  $target, my ( $option, $args, $junk ) ) = split ':', $action, 4;
@ -96,7 +97,7 @@ sub process_notrack_rule( $$$$$$$ ) {

    expand_rule( $chainref ,
 		 $restriction ,
-		 do_proto( $proto, $ports, $sports ) . do_user ( $user ) ,
+		 $rule,
 		 $source ,
 		 $dest ,
 		 '' ,
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@ -488,7 +488,7 @@ sub process_tc_rule( ) {
 				     do_length( $length ) .
 				     do_tos( $tos ) .
 				     do_connbytes( $connbytes ) .
-				     do_helper( $helper ) .
+				     do_helper( $helper, $proto ) .
 				     do_headers( $headers ) ,
 				     $source ,
 				     $dest ,
@ -1451,7 +1451,15 @@ sub process_tc_priority() {

    fatal_error "Invalid PRIORITY ($band)" unless $val && $val <= 3;

-    my $rule = do_helper( $helper ) . "-j MARK --set-mark $band";
+    my $rule;
+
+    unless ( $helper eq '-' ) {
+	fatal_error( "A PROTO is required when a HELPER is specified" ) if $proto eq '-';
+	fatal_error( "Unknown protocol" ) unless defined resolve_protocol( $proto );
+	$rule = do_helper( $helper, $proto ) . "-j MARK --set-mark $band";
+    } else {
+	$rule = '';
+    }

    $rule .= join('', '/', in_hex( $globals{TC_MASK} ) ) if have_capability( 'EXMARK' );