Added "shorewall show classifiers" command

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@360 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/changelog.txt

@@ -10,19 +10,22 @@ Changes since 1.3.11
 
 5. Replaced 'sed' invocation in separate_list() by shell code (speedup).
 
-6. Replace 'wc' invocation in list_count() by shell code (speedup)
+6. Replaced 'wc' invocation in list_count() by shell code (speedup)
 
-7. Replace 'sed' invocation in run_iptables() by shell code and
-   optomize (speedup)
+7. Replaced 'sed' invocation in run_iptables() by shell code and
+   optomized (speedup)
 
 8. Only read the interfaces file once (speedup)
 
 9. Only read the policy file once (speedup)
 
-10. Remove redundant function input_chains() (duplicate of first_chains()) 
+10. Removed redundant function input_chains() (duplicate of first_chains()) 
 
-11. Generate an error if 'lo' is defined in the interfaces file.
+11. Generated an error if 'lo' is defined in the interfaces file.
 
-12. Clarify error message where ORIGINAL DEST is specified on an
+12. Clarified error message where ORIGINAL DEST is specified on an
     ACCEPT, DROP or REJECT rule.
+
+13. Added "shorewall show classifiers" command and added packet
+    classification filter display to "shorewall monitor"
  

Shorewall/releasenotes.txt

@@ -2,12 +2,14 @@ This is a minor release of Shorewall that has a couple of new features.
 
 New features include:
 
-1) "shorewall refresh" now reloads the traffic shaping rules.
+1) "shorewall refresh" now reloads the traffic shaping rules (tcrules
+   and tcstart).
 2) "shorewall debug [re]start" now turns off debugging after an error
    occurs. This places the point of the failure near the end of the
    trace rather than up in the middle of it.
 3) "shorewall [re]start" has been speeded up by approximately 40% with
    my configuration. Your milage may vary. 
 
-
-
+4) A "shorewall show classifiers" command has been added which shows
+   the current packet classification filters. The output from this
+   command is also added as a separate page in "shorewall monitor"

Shorewall/shorewall

@@ -58,6 +58,7 @@
 #	   shorewall show nat			   Display the rules in the nat table
 #	   shorewall show {mangle|tos}		   Display the rules in the mangle table
 #	   shorewall show tc			   Display traffic control info
+#	   shorewall show classifiers		   Display classifiers
 #	   shorewall version			   Display the installed version id
 #	   shorewall check			   Verify the more heavily-used
 #						   configuration files.
@@ -294,6 +295,34 @@ show_tc() {
 
 }
 
+#
+# Show classifier information
+#
+show_classifiers() {
+
+    show_one_classifier() {
+	local device=${1%@*}
+	qdisc=`tc qdisc list dev $device`
+
+	if [ -n "$qdisc" ]; then
+	    echo Device $device:
+	    tc -s filter ls dev $device
+	    echo
+	fi
+    }
+
+    ip link list | \
+    while read inx interface details; do
+	case $inx in
+	[0-9]*)
+	    show_one_classifier ${interface%:}
+	    ;;
+	*)
+	    ;;
+	esac
+    done
+
+}
 #
 # Monitor the Firewall
 #
@@ -383,6 +412,15 @@ monitor_firewall() # $1 = timeout -- if negative, prompt each time that
 	echo
 	show_tc
 	timed_read
+
+	clear
+	echo "$banner `date`"
+	echo
+	echo
+	echo "Packet Classifiers"
+	echo
+	show_classifiers
+	timed_read
     done
 }
 
@@ -450,7 +488,7 @@ usage() # $1 = exit status
     echo "where <command> is one of:"
     echo "   add <interface>[:<host>] <zone>"
     echo "   delete <interface>[:<host>] <zone>"
-    echo "   show [<chain>|connections|log|nat|tc|tos]"
+    echo "   show [<chain>|classifiers|connections|log|nat|tc|tos]"
     echo "   start"
     echo "   stop"
     echo "   reset"
@@ -629,6 +667,11 @@ case "$1" in
 	    echo
 	    show_tc
 	    ;;
+	classifiers)
+	    echo "Shorewall-$version Clasifiers at $HOSTNAME - `date`"
+	    echo
+	    show_classifiers
+	    ;;
 	*)
 	    echo "Shorewall-$version Chain $2 at $HOSTNAME - `date`"
 	    echo