holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Add ECN processing

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5732 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-03-28 18:48:43 +00:00
parent d08dca7c6b
commit 9302a9c148
2 changed files with 61 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
New/Shorewall/Rules.pm
View File

@ -38,6 +38,7 @@ use strict;
our @ISA = qw(Exporter); our @ISA = qw(Exporter);
our @EXPORT = qw( process_tos our @EXPORT = qw( process_tos
setup_ecn
add_common_rules add_common_rules
setup_mac_lists setup_mac_lists
process_criticalhosts process_criticalhosts
@ -114,6 +115,62 @@ sub process_tos() {
} }
} }
#
# Setup ECN disabling rules
#
sub setup_ecn()
{
my %interfaces;
my @hosts;
if ( -s "$ENV{TMP_DIR}/ecn" ) {
progress_message2 join( '' , '$doing ', find_file( 'ecn' ), '...' );
open ECN, "$ENV{TMP_DIR}/ecn" or fatal_error "Unable to open stripped ecn file: $!";
while ( $line = <ECN> ) {
my ($interface, $hosts ) = split_line 2, 'ecn file';
fatal_error "Unknown interface ( $interface ) in ECN entry \"$line\"" unless known_interface $interface;
$interfaces{$interface} = 1;
$hosts = ALLIPv4 if $hosts eq '-';
for my $host( split /,/, $hosts ) {
push @hosts, [ $interface, $host ];
}
}
close ECN;
if ( @hosts ) {
my @interfaces = ( keys %interfaces );
progress_message "$doing ECN control on @interfaces...";
for my $interface ( @interfaces ) {
my $chainref = ensure_chain 'mangle', ecn_chain( $interface );
if ( $capabilities{MANGLE_FORWARD} ) {
add_rule $mangle_table->{POSTROUTING}, "-p tcp -o $interface -j $chainref->{name}";
} else {
add_rule $mangle_table->{PREROUTING}, "-p tcp -o $interface -j $chainref->{name}";
add_rule $mangle_table->{OUTPUT}, "-p tcp -o $interface -j $chainref->{name}";
}
}
for my $host ( @hosts ) {
my ( $interface, $net ) = ( @$host );
add_rule $mangle_table->{ecn_chain $interface}, join ('', '-p tcp ', match_dest_net( $net ) , ' -j ECN --ecn-tcp-remove' );
}
}
}
}
sub add_rule_pair( $$$$ ) { sub add_rule_pair( $$$$ ) {
my ($chainref , $predicate , $target , $level ) = @_; my ($chainref , $predicate , $target , $level ) = @_;

4
New/compiler.pl
View File

@ -754,6 +754,10 @@ sub compiler( $ ) {
# #
process_tos; process_tos;
# #
# ECN
#
setup_ecn;
#
# Setup Masquerading/SNAT # Setup Masquerading/SNAT
# #
progress_message2 "$doing Masq file..."; progress_message2 "$doing Masq file...";