holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Fix ECN when MANGLE_FORWARD is not available.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-08-10 09:34:15 -07:00
parent 8eff66dcfd
commit 7708c251db
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Shorewall/Perl/Shorewall/Misc.pm
View File

@ -152,7 +152,10 @@ sub setup_ecn()
if ( my $fn = open_file 'ecn' ) { if ( my $fn = open_file 'ecn' ) {
first_entry "$doing $fn..."; first_entry( sub { progress_message2 "$doing $fn...";
require_capability 'MANGLE_ENABLED', 'Entries in the ecn file', '';
warning_message 'ECN will not be applied to forwarded packets' unless have_capability 'MANGLE_FORWARD';
} );
while ( read_a_line ) { while ( read_a_line ) {
@ -178,7 +181,7 @@ sub setup_ecn()
for my $interface ( @interfaces ) { for my $interface ( @interfaces ) {
my $chainref = ensure_chain 'mangle', ecn_chain( $interface ); my $chainref = ensure_chain 'mangle', ecn_chain( $interface );
add_ijump $mangle_table->{POSTROUTING} , j => $chainref, p => 'tcp', imatch_dest_dev( $interface ); add_ijump $mangle_table->{POSTROUTING} , j => $chainref, p => 'tcp', imatch_dest_dev( $interface ) if have_capability 'MANGLE_FORWARD';
add_ijump $mangle_table->{OUTPUT}, j => $chainref, p => 'tcp', imatch_dest_dev( $interface ); add_ijump $mangle_table->{OUTPUT}, j => $chainref, p => 'tcp', imatch_dest_dev( $interface );
} }