holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Add MARK handling

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6179 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-05-01 18:30:10 +00:00
parent 15c8f371b1
commit a2453451db
3 changed files with 23 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Shorewall-perl/Shorewall/Accounting.pm
View File

@ -61,7 +61,7 @@ sub process_accounting_rule( $$$$$$$$$ ) {
my $target = ''; my $target = '';
my $rule = do_proto( $proto, $ports, $sports ) . do_user ( $user ) . do_test ( $mark ); my $rule = do_proto( $proto, $ports, $sports ) . do_user ( $user ) . do_test ( $mark, 0xFF );
my $rule2 = 0; my $rule2 = 0;
unless ( $action eq 'COUNT' ) { unless ( $action eq 'COUNT' ) {
@ -117,14 +117,14 @@ sub setup_accounting() {
while ( read_a_line ) { while ( read_a_line ) {
my ( $action, $chain, $source, $dest, $proto, $ports, $sports, $user ) = split_line 1, 8, 'Accounting File'; my ( $action, $chain, $source, $dest, $proto, $ports, $sports, $user, $mark ) = split_line 1, 9, 'Accounting File';
if ( $first_entry ) { if ( $first_entry ) {
progress_message2 "$doing $fn..."; progress_message2 "$doing $fn...";
$first_entry = 0; $first_entry = 0;
} }
process_accounting_rule $action, $chain, $source, $dest, $proto, $ports, $sports, $user; process_accounting_rule $action, $chain, $source, $dest, $proto, $ports, $sports, $user, $mark;
} }
if ( $filter_table->{accounting} ) { if ( $filter_table->{accounting} ) {

2
Shorewall-perl/Shorewall/Nat.pm
View File

@ -169,7 +169,7 @@ sub setup_one_masq($$$$$$$)
# #
# Handle Mark # Handle Mark
# #
rule .= do_test $mark if $mark ne '-'; $rule .= do_test( $mark, 0xFF) if $mark ne '-';
my $detectaddress = 0; my $detectaddress = 0;
# #

37
Shorewall-perl/Shorewall/Rules.pm
View File

@ -72,7 +72,7 @@ sub process_tos() {
while ( read_a_line ) { while ( read_a_line ) {
my ($src, $dst, $proto, $sports, $ports , $tos ) = split_line 6, 6, 'tos file'; my ($src, $dst, $proto, $sports, $ports , $tos, $mark ) = split_line 6, 7, 'tos file';
if ( $first_entry ) { if ( $first_entry ) {
progress_message2 "$doing $fn..."; progress_message2 "$doing $fn...";
@ -103,7 +103,7 @@ sub process_tos() {
expand_rule expand_rule
$chainref , $chainref ,
$restriction , $restriction ,
do_proto( $proto, $ports, $sports ) , do_proto( $proto, $ports, $sports ) . do_test( $mark , 0xFF ) ,
$src , $src ,
$dst , $dst ,
'' , '' ,
@ -768,13 +768,13 @@ sub setup_mac_lists( $ ) {
} }
} }
sub process_rule1 ( $$$$$$$$$ ); sub process_rule1 ( $$$$$$$$$$ );
# #
# Expand a macro rule from the rules file # Expand a macro rule from the rules file
# #
sub process_macro ( $$$$$$$$$$$ ) { sub process_macro ( $$$$$$$$$$$$ ) {
my ($macrofile, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user) = @_; my ($macrofile, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark ) = @_;
my $standard = ( $macrofile =~ /^($globals{SHAREDIR})/ ); my $standard = ( $macrofile =~ /^($globals{SHAREDIR})/ );
@ -841,7 +841,7 @@ sub process_macro ( $$$$$$$$$$$ ) {
$mrate = merge_macro_column $mrate, $rate; $mrate = merge_macro_column $mrate, $rate;
$muser = merge_macro_column $muser, $user; $muser = merge_macro_column $muser, $user;
process_rule1 $mtarget, $msource, $mdest, $mproto, $mports, $msports, $origdest, $mrate, $muser; process_rule1 $mtarget, $msource, $mdest, $mproto, $mports, $msports, $origdest, $mrate, $muser, $mark;
progress_message " Rule \"$line\" $done"; progress_message " Rule \"$line\" $done";
} }
@ -854,8 +854,8 @@ sub process_macro ( $$$$$$$$$$$ ) {
# #
# Once a rule has been completely resolved by macro expansion and wildcard (source and/or dest zone == 'all'), it is processed by this function. # Once a rule has been completely resolved by macro expansion and wildcard (source and/or dest zone == 'all'), it is processed by this function.
# #
sub process_rule1 ( $$$$$$$$$ ) { sub process_rule1 ( $$$$$$$$$$ ) {
my ( $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user ) = @_; my ( $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user, $mark ) = @_;
my ( $action, $loglevel) = split_action $target; my ( $action, $loglevel) = split_action $target;
my ( $basictarget, $param ) = split '/', $action; my ( $basictarget, $param ) = split '/', $action;
my $rule = ''; my $rule = '';
@ -883,7 +883,8 @@ sub process_rule1 ( $$$$$$$$$ ) {
$sports, $sports,
$origdest, $origdest,
$ratelimit, $ratelimit,
$user; $user,
$mark;
return; return;
} }
# #
@ -961,7 +962,7 @@ sub process_rule1 ( $$$$$$$$$ ) {
# #
# Generate Fixed part of the rule # Generate Fixed part of the rule
# #
$rule = join( '', do_proto($proto, $ports, $sports), do_ratelimit( $ratelimit ) , do_user( $user ) ); $rule = join( '', do_proto($proto, $ports, $sports), do_ratelimit( $ratelimit ) , do_user( $user ) , do_test( $mark , 0xFF ) );
# #
# Generate NAT rule(s), if any # Generate NAT rule(s), if any
@ -1111,8 +1112,8 @@ sub process_rule1 ( $$$$$$$$$ ) {
# #
# Deals with the ugliness of wildcard zones ('all' in rules). # Deals with the ugliness of wildcard zones ('all' in rules).
# #
sub process_rule ( $$$$$$$$$ ) { sub process_rule ( $$$$$$$$$$ ) {
my ( $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user ) = @_; my ( $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user, $mark ) = @_;
my $intrazone = 0; my $intrazone = 0;
my $includesrcfw = 1; my $includesrcfw = 1;
my $includedstfw = 1; my $includedstfw = 1;
@ -1182,7 +1183,7 @@ sub process_rule ( $$$$$$$$$ ) {
next if $action eq $policy; next if $action eq $policy;
} }
} }
process_rule1 $target, $zone, $zone1 , $proto, $ports, $sports, $origdest, $ratelimit, $user; process_rule1 $target, $zone, $zone1 , $proto, $ports, $sports, $origdest, $ratelimit, $user, $mark;
} }
} }
} }
@ -1202,7 +1203,7 @@ sub process_rule ( $$$$$$$$$ ) {
next if $action eq $policy; next if $action eq $policy;
} }
} }
process_rule1 $target, $zone, $dest , $proto, $ports, $sports, $origdest, $ratelimit, $user; process_rule1 $target, $zone, $dest , $proto, $ports, $sports, $origdest, $ratelimit, $user, $mark;
} }
} }
} }
@ -1224,11 +1225,11 @@ sub process_rule ( $$$$$$$$$ ) {
} }
} }
} }
process_rule1 $target, $source, $zone , $proto, $ports, $sports, $origdest, $ratelimit, $user; process_rule1 $target, $source, $zone , $proto, $ports, $sports, $origdest, $ratelimit, $user, $mark;
} }
} }
} else { } else {
process_rule1 $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user; process_rule1 $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user, $mark;
} }
progress_message " Rule \"$thisline\" $done"; progress_message " Rule \"$thisline\" $done";
@ -1245,7 +1246,7 @@ sub process_rules() {
while ( read_a_line ) { while ( read_a_line ) {
my ( $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user ) = split_line 3, 9, 'rules file'; my ( $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user, $mark ) = split_line 3, 10, 'rules file';
if ( $first_entry ) { if ( $first_entry ) {
progress_message2 "$doing $fn..."; progress_message2 "$doing $fn...";
@ -1279,7 +1280,7 @@ sub process_rules() {
if ( "\L$source" =~ /^none(:.*)?$/ || "\L$dest" =~ /^none(:.*)?$/ ) { if ( "\L$source" =~ /^none(:.*)?$/ || "\L$dest" =~ /^none(:.*)?$/ ) {
progress_message "Rule \"$line\" ignored." progress_message "Rule \"$line\" ignored."
} else { } else {
process_rule $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user; process_rule $target, $source, $dest, $proto, $ports, $sports, $origdest, $ratelimit, $user, $mark;
} }
} }
} }