forked from extern/shorewall_code
Add 'user marks'
This commit is contained in:
parent
aac343b476
commit
6a1fea3a40
@ -2143,9 +2143,9 @@ sub verify_mark( $ ) {
|
||||
|
||||
if ( $value > $mask ) {
|
||||
#
|
||||
# Not a valid TC mark -- must be a provider mark
|
||||
# Not a valid TC mark -- must be a provider mark or a user mark
|
||||
#
|
||||
fatal_error "Invalid Mark or Mask value ($mark)" unless ( $value & $globals{PROVIDER_MASK} ) == $value;
|
||||
fatal_error "Invalid Mark or Mask value ($mark)" unless ( $value & $globals{PROVIDER_MASK} ) == $value || ( $value & $globals{USER_MASK} ) == $value;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -3033,6 +3033,12 @@ sub get_configuration( $ ) {
|
||||
$globals{PROVIDER_MIN} = 1 << $config{PROVIDER_OFFSET};
|
||||
$globals{PROVIDER_MASK} = make_mask( $config{PROVIDER_BITS} ) << $config{PROVIDER_OFFSET};
|
||||
|
||||
if ( ( my $userbits = $config{PROVIDER_OFFSET} - $config{TC_BITS} ) > 0 ) {
|
||||
$globals{USER_MASK} = make_mask( $userbits ) << $config{TC_BITS};
|
||||
} else {
|
||||
$globals{USER_MASK} = 0;
|
||||
}
|
||||
|
||||
if ( defined ( $val = $config{ZONE2ZONE} ) ) {
|
||||
fatal_error "Invalid ZONE2ZONE value ( $val )" unless $val =~ /^[2-]$/;
|
||||
} else {
|
||||
|
@ -313,7 +313,7 @@ tcp 6 19 TIME_WAIT src=206.124.146.176 dst=192.136.34.98 sport=58597 dport=
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
<para> The relationship between these options is shown in this
|
||||
<para>The relationship between these options is shown in this
|
||||
diagram.</para>
|
||||
|
||||
<graphic align="left" fileref="images/MarkGeometry.png" valign="top" />
|
||||
@ -358,6 +358,13 @@ tcp 6 19 TIME_WAIT src=206.124.146.176 dst=192.136.34.98 sport=58597 dport=
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
|
||||
<para>The existence of both TC_BITS and MASK_BITS is owed to the way that
|
||||
WIDE_TC_MARKS was originally implemented. Note that TC_BITS is 14 rather
|
||||
than 16 when WIDE_TC_MARKS=Yes.</para>
|
||||
|
||||
<para>Beginning with Shorewall 4.4.12, the field between MASK_BITS and
|
||||
PROVIDER_OFFSET can be used for any purpose you want. </para>
|
||||
</section>
|
||||
|
||||
<section id="Shorewall">
|
||||
|
Binary file not shown.
Binary file not shown.
Before Width: | Height: | Size: 12 KiB After Width: | Height: | Size: 13 KiB |
Loading…
Reference in New Issue
Block a user