Add MARK column to route_rules

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-23 07:56:53 -07:00 · 2011-10-23 07:56:53 -07:00 · 54ba4ed879
commit 54ba4ed879
parent 2316162d86
6 changed files with 70 additions and 16 deletions
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@ -777,7 +777,7 @@ sub add_a_provider( $$ ) {
 }

 sub add_an_rtrule( ) {
-    my ( $source, $dest, $provider, $priority ) = split_line 'route_rules file', { source => 0, dest => 1, provider => 2, priority => 3 };
+    my ( $source, $dest, $provider, $priority, $originalmark ) = split_line 'route_rules file', { source => 0, dest => 1, provider => 2, priority => 3 , mark => 4 };

    our $current_if;

@ -840,13 +840,25 @@ sub add_an_rtrule( ) {
 	$source = "iif $source";
    }

+    my $mark = '';
+    my $mask;
+
+    if ( $originalmark ne '-' ) {
+	validate_mark( $originalmark );
+
+	( $mark, $mask ) = split '/' , $originalmark;
+	$mask = $globals{PROVIDER_MASK} unless supplied $mask;
+
+	$mark = ' fwmark ' . in_hex( $mark ) . '/' . in_hex( $mask );
+    }
+
    fatal_error "Invalid priority ($priority)" unless $priority && $priority =~ /^\d{1,5}$/;

    $priority = "priority $priority";

-    push @{$providerref->{rules}}, "qt \$IP -$family rule del $source $dest $priority" if $config{DELETE_THEN_ADD};
-    push @{$providerref->{rules}}, "run_ip rule add $source $dest $priority table $number";
-    push @{$providerref->{rules}}, "echo \"qt \$IP -$family rule del $source $dest $priority\" >> \${VARDIR}/undo_${provider}_routing";
+    push @{$providerref->{rules}}, "qt \$IP -$family rule del $source ${dest}${mark} $priority" if $config{DELETE_THEN_ADD};
+    push @{$providerref->{rules}}, "run_ip rule add $source ${dest}${mark} $priority table $number";
+    push @{$providerref->{rules}}, "echo \"qt \$IP -$family rule del $source ${dest}${mark} $priority\" >> \${VARDIR}/undo_${provider}_routing";

    progress_message "   Routing rule \"$currentline\" $done";
 }
--- a/Shorewall/configfiles/route_rules
+++ b/Shorewall/configfiles/route_rules
@ -4,5 +4,5 @@
 # For information about entries in this file, type "man shorewall-route_rules"
 #
 # For additional information, see http://www.shorewall.net/MultiISP.html
-##############################################################################
-#SOURCE			DEST			PROVIDER	PRIORITY
+####################################################################################
+#SOURCE			DEST			PROVIDER	PRIORITY	MASK
--- a/Shorewall6/configfiles/route_rules
+++ b/Shorewall6/configfiles/route_rules
@ -4,5 +4,5 @@
 # For information about entries in this file, type "man shorewall6-route_rules"
 #
 # For additional information, see http://www.shorewall.net/MultiISP.html
-##############################################################################
-#SOURCE			DEST			PROVIDER	PRIORITY
+####################################################################################
+#SOURCE			DEST			PROVIDER	PRIORITY	MASK
--- a/docs/MultiISP.xml
+++ b/docs/MultiISP.xml
@ -1055,6 +1055,20 @@ gateway:~ #</programlisting>
              which they appear in the file.</para>
            </listitem>
          </varlistentry>
+
+          <varlistentry>
+            <term>MARK (Optional - added in Shorewall 4.4.25)</term>
+
+            <listitem>
+              <para>Mark and optional mask in the form
+              <replaceable>mark</replaceable>[/<replaceable>mask</replaceable>].
+              For this rule to be applied to a packet, the packet's mark value
+              must match the <replaceable>mark</replaceable> when logically
+              anded with the <replaceable>mask</replaceable>. If a
+              <replaceable>mask</replaceable> is not supplied, Shorewall
+              supplies a suitable provider mask.</para>
+            </listitem>
+          </varlistentry>
        </variablelist>
      </section>

--- a/manpages/shorewall-route_rules.xml
+++ b/manpages/shorewall-route_rules.xml
@ -113,6 +113,20 @@
          </variablelist>
        </listitem>
      </varlistentry>
+
+      <varlistentry>
+        <term><emphasis role="bold">MARK -
+        {-|<replaceable>mark</replaceable>[/<replaceable>mask</replaceable>]}</emphasis></term>
+
+        <listitem>
+          <para>Optional -- added in Shorewall 4.4.25. For this rule to be
+          applied to a packet, the packet's mark value must match the
+          <replaceable>mark</replaceable> when logically anded with the
+          <replaceable>mask</replaceable>. If a
+          <replaceable>mask</replaceable> is not supplied, Shorewall supplies
+          a suitable provider mask.</para>
+        </listitem>
+      </varlistentry>
    </variablelist>
  </refsect1>

@ -127,7 +141,7 @@
          <para>You want all traffic coming in on eth1 to be routed to the
          ISP1 provider.</para>

-          <programlisting>        #SOURCE                 DEST            PROVIDER        PRIORITY
+          <programlisting>        #SOURCE                 DEST            PROVIDER        PRIORITY      MASK
        eth1                    -               ISP1            1000
 </programlisting>
        </listitem>
@ -144,7 +158,7 @@
          is the subnet chosen in your OpenVPN configuration (server 10.8.0.0
          255.255.255.0).</para>

-          <programlisting>         #SOURCE                 DEST            PROVIDER        PRIORITY
+          <programlisting>         #SOURCE                 DEST            PROVIDER        PRIORITY     MASK
         -                       10.8.0.0/24     main            1000
 </programlisting>
        </listitem>
--- a/manpages6/shorewall6-route_rules.xml
+++ b/manpages6/shorewall6-route_rules.xml
@ -113,6 +113,20 @@
          </variablelist>
        </listitem>
      </varlistentry>
+
+      <varlistentry>
+        <term><emphasis role="bold">MARK -
+        {-|<replaceable>mark</replaceable>[/<replaceable>mask</replaceable>]}</emphasis></term>
+
+        <listitem>
+          <para>Optional -- added in Shorewall 4.4.25. For this rule to be
+          applied to a packet, the packet's mark value must match the
+          <replaceable>mark</replaceable> when logically anded with the
+          <replaceable>mask</replaceable>. If a
+          <replaceable>mask</replaceable> is not supplied, Shorewall supplies
+          a suitable provider mask.</para>
+        </listitem>
+      </varlistentry>
    </variablelist>
  </refsect1>

@ -127,7 +141,7 @@
          <para>You want all traffic coming in on eth1 to be routed to the
          ISP1 provider.</para>

-          <programlisting>        #SOURCE                 DEST            PROVIDER        PRIORITY
+          <programlisting>        #SOURCE                 DEST            PROVIDER        PRIORITY    MASK
        eth1                    -               ISP1            1000
 </programlisting>
        </listitem>
@ -149,10 +163,10 @@

    <para>shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5),
    shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5),
-    shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5),
-    shorewall6-providers(5), shorewall6-routestopped(5), shorewall6-rules(5),
-    shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5),
-    shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-tunnels(5),
-    shorewall6-zones(5)</para>
+    shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5),
+    shorewall6-policy(5), shorewall6-providers(5), shorewall6-routestopped(5),
+    shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5),
+    shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5),
+    shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)</para>
  </refsect1>
 </refentry>