Add undocumented LOGMARK log level

Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9851 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/Perl/Shorewall/Chains.pm

@@ -1968,6 +1968,9 @@ sub log_rule_limit( $$$$$$$$ ) {
 	    $prefix = "-j $level --ulog-prefix \"$prefix\" ";
 	} elsif  ( $level =~ /^NFLOG/ ) {
 	    $prefix = "-j $level --nflog-prefix \"$prefix\" ";
+	} elsif ( $level =~ '^LOGMARK' ) {
+	    $prefix = join( '', substr( $prefix, 0, 12 ) , ':' ) if length $prefix > 13;
+	    $prefix = "-j LOGMARK --log-level $level --log-prefix \"$prefix\" ";
 	} else {
 	    $prefix = "-j LOG $globals{LOGPARMS}--log-level $level --log-prefix \"$prefix\" ";
 	}

Shorewall/Perl/Shorewall/Config.pm

@@ -235,6 +235,7 @@ our %capdesc = ( NAT_ENABLED     => 'NAT',
 		 CONNLIMIT_MATCH => 'Connlimit Match',
 		 TIME_MATCH      => 'Time Match',
 		 GOTO_TARGET     => 'Goto Support',
+		 LOGMARK_TARGET  => 'LOGMARK Target',
 		 CAPVERSION      => 'Capability Version',
 	       );
 #
@@ -322,7 +323,7 @@ sub initialize( $ ) {
 		    EXPORT => 0,
 		    UNTRACKED => 0,
 		    VERSION => "4.3.9",
-		    CAPVERSION => 40205 ,
+		    CAPVERSION => 40309 ,
 		  );
 
     #
@@ -450,7 +451,8 @@ sub initialize( $ ) {
 			 PANIC   => 0,
 			 NONE    => '',
 			 ULOG    => 'ULOG',
-			 NFLOG   => 'NFLOG');
+			 NFLOG   => 'NFLOG',
+		         LOGMARK => 'LOGMARK' );
     } else {
 	$globals{SHAREDIR} = '/usr/share/shorewall6';
 	$globals{CONFDIR}  = '/etc/shorewall6';	
@@ -549,7 +551,8 @@ sub initialize( $ ) {
 			 EMERG   => 0,
 			 PANIC   => 0,
 			 NONE    => '',
-			 NFLOG   => 'NFLOG');
+			 NFLOG   => 'NFLOG',
+		         LOGMARK => 'LOGMARK' );
 	}
     #
     # From parsing the capabilities file
@@ -594,6 +597,7 @@ sub initialize( $ ) {
 	       CONNLIMIT_MATCH => undef,
 	       TIME_MATCH => undef,
 	       GOTO_TARGET => undef,
+	       LOGMARK_TARGET => undef,
 	       CAPVERSION => undef,
 	       );
     #
@@ -1684,6 +1688,11 @@ sub validate_level( $ ) {
 	    return $rawlevel;
 	}
 
+	if ( $level eq 'LOGMARK' ) {
+	    require_capability( 'LOGMARK_TARGET' , 'LOGMARK', 's' );
+	    return 'LOGMARK';
+	}
+
 	level_error( $rawlevel );
     }
 
@@ -1960,6 +1969,7 @@ sub determine_capabilities( $ ) {
     $capabilities{CONNLIMIT_MATCH} = qt1( "$iptables -A $sillyname -m connlimit --connlimit-above 8" );
     $capabilities{TIME_MATCH}      = qt1( "$iptables -A $sillyname -m time --timestart 11:00" );
     $capabilities{GOTO_TARGET}     = qt1( "$iptables -A $sillyname -g $sillyname1" );
+    $capabilities{LOGMARK_TARGET}  = qt1( "$iptables -A $sillyname -j LOGMARK" );
 
     qt1( "$iptables -F $sillyname" );
     qt1( "$iptables -X $sillyname" );

Shorewall/lib.base

@@ -30,7 +30,7 @@
 #
 
 SHOREWALL_LIBVERSION=40000
-SHOREWALL_CAPVERSION=40205
+SHOREWALL_CAPVERSION=40309
 
 [ -n "${VARDIR:=/var/lib/shorewall}" ]
 [ -n "${SHAREDIR:=/usr/share/shorewall}" ]
@@ -1082,6 +1082,7 @@ determine_capabilities() {
     CONNLIMIT_MATCH=
     TIME_MATCH=
     GOTO_TARGET=
+    LOGMARK_TARGET=
 
     chain=fooX$$
 
@@ -1204,6 +1205,7 @@ determine_capabilities() {
     qt $IPTABLES -A $chain -m connlimit --connlimit-above 8 -j DROP && CONNLIMIT_MATCH=Yes
     qt $IPTABLES -A $chain -m time --timestart 23:00 -j DROP && TIME_MATCH=Yes
     qt $IPTABLES -A $chain -g $chain1 && GOTO_TARGET=Yes
+    qt $IPTABLES -A $chain -j LOGMARK && LOGMARK_TARGET=Yes
 
     qt $IPTABLES -F $chain
     qt $IPTABLES -X $chain
@@ -1267,6 +1269,7 @@ report_capabilities() {
 	report_capability "Connlimit Match" $CONNLIMIT_MATCH
 	report_capability "Time Match" $TIME_MATCH
 	report_capability "Goto Support" $GOTO_TARGET
+	report_capability "LOGMARK Target" $LOGMARK_TARGET
     fi
 
     [ -n "$PKTTYPE" ] || USEPKTTYPE=
@@ -1321,6 +1324,7 @@ report_capabilities1() {
     report_capability1 CONNLIMIT_MATCH
     report_capability1 TIME_MATCH
     report_capability1 GOTO_TARGET
+    report_capability1 LOGMARK_TARGET
     
     echo CAPVERSION=$SHOREWALL_CAPVERSION
 }