Better diagnostics when IPP2P match is missing

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2784 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-04 16:20:30 +00:00 · 2005-10-04 16:20:30 +00:00 · 47a34926f4
commit 47a34926f4
parent 2adc6c07e9
3 changed files with 9 additions and 0 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -14,6 +14,8 @@ Changes in 2.5.7

 7) Add zone type to /var/lib/shorewall/zones.

+8) Give better diagnostics when IPP2P match isn't available.
+
 Changes in 2.5.6

 1) Finish install/fallback cleanup.
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@ -3206,6 +3206,7 @@ process_tc_rule()

 	case $proto in
 	    ipp2p|IPP2P)
+		[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
 		[ "x$port" = "x-" ] && port="ipp2p"
 		r="${r}-p tcp -m ipp2p --${port} "
 		;;
@ -3558,6 +3559,7 @@ process_accounting_rule() {
 	-|any|all)
 	    ;;
 	ipp2p)
+	   [ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support"
 	    rule="$rule -p tcp -m ipp2p --${port:-ipp2p}"
 	    port=
 	    ;;
@ -3978,6 +3980,7 @@ add_an_action()
 	    [ -n "$port" ]  && 	dports="--icmp-type $port"
 	    ;;
 	ipp2p)
+	    [ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
 	    dports="-m ipp2p --${port:-ipp2p}"
 	    port=
 	    proto=tcp
--- a/Shorewall/functions
+++ b/Shorewall/functions
@ -898,6 +898,7 @@ determine_capabilities() {
    CONNMARK=
    CONNMARK_MATCH=
    RAW_TABLE=
+    IPP2P_MATCH=

    qt $IPTABLES -N fooX1234
    qt $IPTABLES -A fooX1234 -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT             && CONNTRACK_MATCH=Yes
@ -909,6 +910,7 @@ determine_capabilities() {
    qt $IPTABLES -A fooX1234 -m recent --update -j ACCEPT                               && RECENT_MATCH=Yes
    qt $IPTABLES -A fooX1234 -m owner --cmd-owner foo -j ACCEPT                         && OWNER_MATCH=Yes
    qt $IPTABLES -A fooX1234 -m connmark --mark 2  -j ACCEPT                            && CONNMARK_MATCH=Yes
+    qt $IPTABLES -A fooX1234 -p tcp -m ipp2p --ipp2p -j ACCEPT                          && IPP2P_MATCH=Yes

    qt $IPTABLES -t mangle -N fooX1234
    qt $IPTABLES -t mangle -A fooX1234 -j ROUTE --oif eth0                              && ROUTE_TARGET=Yes
@ -966,6 +968,8 @@ report_capabilities() {
    report_capability "CONNMARK Target" $CONNMARK
    report_capability "Connmark Match" $CONNMARK_MATCH
    report_capability "Raw Table" $RAW_TABLE
+    report_capability "IPP2P Match" $IPP2P_MATCH
+
 }