From ab1dc03986791df705863625bfad2127635fbf94 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 5 Jan 2010 09:33:29 -0800 Subject: [PATCH] Implement EXMARK capability Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Config.pm | 3 +++ Shorewall/lib.base | 4 ++++ Shorewall6/lib.base | 4 ++++ 3 files changed, 11 insertions(+) diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index a2a694e27..55cd9dee6 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -226,6 +226,7 @@ our %capdesc = ( NAT_ENABLED => 'NAT', KLUDGEFREE => 'Repeat match', MARK => 'MARK Target', XMARK => 'Extended Mark Target', + EXMARK => 'Extended Mark Target 2', MANGLE_FORWARD => 'Mangle FORWARD Chain', COMMENTS => 'Comments', ADDRTYPE => 'Address Type Match', @@ -604,6 +605,7 @@ sub initialize( $ ) { KLUDGEFREE => undef, MARK => undef, XMARK => undef, + EXMARK => undef, MANGLE_FORWARD => undef, COMMENTS => undef, ADDRTYPE => undef, @@ -2068,6 +2070,7 @@ sub determine_capabilities( $ ) { if ( qt1( "$iptables -t mangle -A $sillyname -j MARK --set-mark 1" ) ) { $capabilities{MARK} = 1; $capabilities{XMARK} = qt1( "$iptables -t mangle -A $sillyname -j MARK --and-mark 0xFF" ); + $capabilities{EXMARK} = qt1( "$iptables -t mangle -A $sillyname -j MARK --set-mark 1/0xFF" ); } if ( qt1( "$iptables -t mangle -A $sillyname -j CONNMARK --save-mark" ) ) { diff --git a/Shorewall/lib.base b/Shorewall/lib.base index ce9dbf696..b658e85dd 100644 --- a/Shorewall/lib.base +++ b/Shorewall/lib.base @@ -813,6 +813,7 @@ determine_capabilities() { KLUDGEFREE= MARK= XMARK= + EXMARK= MANGLE_FORWARD= COMMENTS= ADDRTYPE= @@ -914,6 +915,7 @@ determine_capabilities() { if qt $IPTABLES -t mangle -A $chain -j MARK --set-mark 1; then MARK=Yes qt $IPTABLES -t mangle -A $chain -j MARK --and-mark 0xFF && XMARK=Yes + qt $IPTABLES -t mangle -A $chain -j MARK --set-mark 1/0xFF && EXMARK=Yes fi if qt $IPTABLES -t mangle -A $chain -j CONNMARK --save-mark; then @@ -1011,6 +1013,7 @@ report_capabilities() { report_capability "Repeat match" $KLUDGEFREE report_capability "MARK Target" $MARK [ -n "$MARK" ] && report_capability "Extended MARK Target" $XMARK + [ -n "$XMARK" ] && report_capability "Extended MARK Target 2" $EXMARK report_capability "Mangle FORWARD Chain" $MANGLE_FORWARD report_capability "Comments" $COMMENTS report_capability "Address Type Match" $ADDRTYPE @@ -1070,6 +1073,7 @@ report_capabilities1() { report_capability1 KLUDGEFREE report_capability1 MARK report_capability1 XMARK + report_capability1 EXMARK report_capability1 MANGLE_FORWARD report_capability1 COMMENTS report_capability1 ADDRTYPE diff --git a/Shorewall6/lib.base b/Shorewall6/lib.base index 49c6ce4b2..ea597f81b 100644 --- a/Shorewall6/lib.base +++ b/Shorewall6/lib.base @@ -722,6 +722,7 @@ determine_capabilities() { KLUDGEFREE= MARK= XMARK= + EXMARK= MANGLE_FORWARD= COMMENTS= ADDRTYPE= @@ -822,6 +823,7 @@ determine_capabilities() { if qt $IP6TABLES -t mangle -A $chain -j MARK --set-mark 1; then MARK=Yes qt $IP6TABLES -t mangle -A $chain -j MARK --and-mark 0xFF && XMARK=Yes + qt $IP6TABLES -t mangle -A $chain -j MARK --set-mark 1/0xFF && EXMARK=Yes fi if qt $IP6TABLES -t mangle -A $chain -j CONNMARK --save-mark; then @@ -917,6 +919,7 @@ report_capabilities() { report_capability "Repeat match" $KLUDGEFREE report_capability "MARK Target" $MARK [ -n "$MARK" ] && report_capability "Extended MARK Target" $XMARK + [ -n "$XMARK" ] && report_capability "Extended MARK Target 2" $EXMARK report_capability "Mangle FORWARD Chain" $MANGLE_FORWARD report_capability "Comments" $COMMENTS report_capability "Address Type Match" $ADDRTYPE @@ -973,6 +976,7 @@ report_capabilities1() { report_capability1 KLUDGEFREE report_capability1 MARK report_capability1 XMARK + report_capability1 EXMARK report_capability1 MANGLE_FORWARD report_capability1 COMMENTS report_capability1 ADDRTYPE