Add 'user marks'

This commit is contained in:
Tom Eastep 2010-07-27 11:02:36 -07:00
parent aac343b476
commit 6a1fea3a40
5 changed files with 16 additions and 3 deletions

View File

@ -2143,9 +2143,9 @@ sub verify_mark( $ ) {
if ( $value > $mask ) { if ( $value > $mask ) {
# #
# Not a valid TC mark -- must be a provider mark # Not a valid TC mark -- must be a provider mark or a user mark
# #
fatal_error "Invalid Mark or Mask value ($mark)" unless ( $value & $globals{PROVIDER_MASK} ) == $value; fatal_error "Invalid Mark or Mask value ($mark)" unless ( $value & $globals{PROVIDER_MASK} ) == $value || ( $value & $globals{USER_MASK} ) == $value;
} }
} }

View File

@ -3033,6 +3033,12 @@ sub get_configuration( $ ) {
$globals{PROVIDER_MIN} = 1 << $config{PROVIDER_OFFSET}; $globals{PROVIDER_MIN} = 1 << $config{PROVIDER_OFFSET};
$globals{PROVIDER_MASK} = make_mask( $config{PROVIDER_BITS} ) << $config{PROVIDER_OFFSET}; $globals{PROVIDER_MASK} = make_mask( $config{PROVIDER_BITS} ) << $config{PROVIDER_OFFSET};
if ( ( my $userbits = $config{PROVIDER_OFFSET} - $config{TC_BITS} ) > 0 ) {
$globals{USER_MASK} = make_mask( $userbits ) << $config{TC_BITS};
} else {
$globals{USER_MASK} = 0;
}
if ( defined ( $val = $config{ZONE2ZONE} ) ) { if ( defined ( $val = $config{ZONE2ZONE} ) ) {
fatal_error "Invalid ZONE2ZONE value ( $val )" unless $val =~ /^[2-]$/; fatal_error "Invalid ZONE2ZONE value ( $val )" unless $val =~ /^[2-]$/;
} else { } else {

View File

@ -313,7 +313,7 @@ tcp 6 19 TIME_WAIT src=206.124.146.176 dst=192.136.34.98 sport=58597 dport=
</varlistentry> </varlistentry>
</variablelist> </variablelist>
<para> The relationship between these options is shown in this <para>The relationship between these options is shown in this
diagram.</para> diagram.</para>
<graphic align="left" fileref="images/MarkGeometry.png" valign="top" /> <graphic align="left" fileref="images/MarkGeometry.png" valign="top" />
@ -358,6 +358,13 @@ tcp 6 19 TIME_WAIT src=206.124.146.176 dst=192.136.34.98 sport=58597 dport=
</tbody> </tbody>
</tgroup> </tgroup>
</table> </table>
<para>The existence of both TC_BITS and MASK_BITS is owed to the way that
WIDE_TC_MARKS was originally implemented. Note that TC_BITS is 14 rather
than 16 when WIDE_TC_MARKS=Yes.</para>
<para>Beginning with Shorewall 4.4.12, the field between MASK_BITS and
PROVIDER_OFFSET can be used for any purpose you want. </para>
</section> </section>
<section id="Shorewall"> <section id="Shorewall">

Binary file not shown.

Binary file not shown.

Before

Width:  |  Height:  |  Size: 12 KiB

After

Width:  |  Height:  |  Size: 13 KiB