holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Implement 'stat' provider option -- phase 1

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-01-05 16:49:26 -08:00
parent 252bba215e
commit cda4c6ed11
2 changed files with 23 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Shorewall/Perl/Shorewall/Config.pm
View File

@ -289,7 +289,7 @@ my %capdesc = ( NAT_ENABLED => 'NAT',
IPTABLES_S => 'iptables -S', IPTABLES_S => 'iptables -S',
BASIC_FILTER => 'Basic Filter', BASIC_FILTER => 'Basic Filter',
CT_TARGET => 'CT Target', CT_TARGET => 'CT Target',
STATISTICS_MATCH => STATISTIC_MATCH =>
'Statistics Match', 'Statistics Match',
CAPVERSION => 'Capability Version', CAPVERSION => 'Capability Version',
KERNELVERSION => 'Kernel Version', KERNELVERSION => 'Kernel Version',
@ -680,7 +680,7 @@ sub initialize( $ ) {
IPTABLES_S => undef, IPTABLES_S => undef,
BASIC_FILTER => undef, BASIC_FILTER => undef,
CT_TARGET => undef, CT_TARGET => undef,
STATISTICS_MATCH => undef, STATISTIC_MATCH => undef,
CAPVERSION => undef, CAPVERSION => undef,
KERNELVERSION => undef, KERNELVERSION => undef,
); );
@ -2762,7 +2762,7 @@ sub Ct_Target() {
$ct_target; $ct_target;
} }
sub Statistics_Match() { sub Statistic_Match() {
qt1( "$iptables -A $sillyname -m statistic --mode nth --every 2 --packet 1" ); qt1( "$iptables -A $sillyname -m statistic --mode nth --every 2 --packet 1" );
} }
@ -2820,7 +2820,7 @@ our %detect_capability =
RAWPOST_TABLE => \&Rawpost_Table, RAWPOST_TABLE => \&Rawpost_Table,
REALM_MATCH => \&Realm_Match, REALM_MATCH => \&Realm_Match,
RECENT_MATCH => \&Recent_Match, RECENT_MATCH => \&Recent_Match,
STATISTICS_MATCH => \&Statistics_Match, STATISTIC_MATCH => \&Statistic_Match,
TCPMSS_MATCH => \&Tcpmss_Match, TCPMSS_MATCH => \&Tcpmss_Match,
TIME_MATCH => \&Time_Match, TIME_MATCH => \&Time_Match,
TPROXY_TARGET => \&Tproxy_Target, TPROXY_TARGET => \&Tproxy_Target,
@ -2957,6 +2957,7 @@ sub determine_capabilities() {
$capabilities{IPTABLES_S} = detect_capability( 'IPTABLES_S' ); $capabilities{IPTABLES_S} = detect_capability( 'IPTABLES_S' );
$capabilities{BASIC_FILTER} = detect_capability( 'BASIC_FILTER' ); $capabilities{BASIC_FILTER} = detect_capability( 'BASIC_FILTER' );
$capabilities{CT_TARGET} = detect_capability( 'CT_TARGET' ); $capabilities{CT_TARGET} = detect_capability( 'CT_TARGET' );
$capabilities{STATISTIC_MATCH} = detect_capability( 'STATISTIC_MATCH' );
qt1( "$iptables -F $sillyname" ); qt1( "$iptables -F $sillyname" );

25
Shorewall/Perl/Shorewall/Providers.pm
View File

@ -53,6 +53,7 @@ my @routemarked_providers;
my %routemarked_interfaces; my %routemarked_interfaces;
our @routemarked_interfaces; our @routemarked_interfaces;
my %provider_interfaces; my %provider_interfaces;
my @stat_providers;
my $balancing; my $balancing;
my $fallback; my $fallback;
@ -82,14 +83,15 @@ use constant { ROUTEMARKED_SHARED => 1, ROUTEMARKED_UNSHARED => 2 };
sub initialize( $ ) { sub initialize( $ ) {
$family = shift; $family = shift;
@routemarked_providers = (); @routemarked_providers = ();
%routemarked_interfaces = (); %routemarked_interfaces = ();
@routemarked_interfaces = (); @routemarked_interfaces = ();
%provider_interfaces = (); %provider_interfaces = ();
$balancing = 0; @stat_providers = ();
$fallback = 0; $balancing = 0;
$first_default_route = 1; $fallback = 0;
$first_fallback_route = 1; $first_default_route = 1;
$first_fallback_route = 1;
%providers = ( local => { number => LOCAL_TABLE , mark => 0 , optional => 0 ,routes => [], rules => [] } , %providers = ( local => { number => LOCAL_TABLE , mark => 0 , optional => 0 ,routes => [], rules => [] } ,
main => { number => MAIN_TABLE , mark => 0 , optional => 0 ,routes => [], rules => [] } , main => { number => MAIN_TABLE , mark => 0 , optional => 0 ,routes => [], rules => [] } ,
@ -366,8 +368,8 @@ sub process_a_provider() {
$gateway = ''; $gateway = '';
} }
my ( $loose, $track, $balance , $default, $default_balance, $optional, $mtu, $local ) = my ( $loose, $track, $balance , $default, $default_balance, $optional, $mtu, $local , $stat ) =
(0, $config{TRACK_PROVIDERS}, 0 , 0, $config{USE_DEFAULT_RT} ? 1 : 0, interface_is_optional( $interface ), '' , 0 ); (0, $config{TRACK_PROVIDERS}, 0 , 0, $config{USE_DEFAULT_RT} ? 1 : 0, interface_is_optional( $interface ), '' , 0 , 0);
unless ( $options eq '-' ) { unless ( $options eq '-' ) {
for my $option ( split_list $options, 'option' ) { for my $option ( split_list $options, 'option' ) {
@ -408,6 +410,8 @@ sub process_a_provider() {
$local = 1; $local = 1;
$track = 0 if $config{TRACK_PROVIDERS}; $track = 0 if $config{TRACK_PROVIDERS};
$default_balance = 0 if $config{USE_DEFAULT_RT}; $default_balance = 0 if $config{USE_DEFAULT_RT};
} elsif ( $option eq 'stat' ) {
$stat = 1;
} else { } else {
fatal_error "Invalid option ($option)"; fatal_error "Invalid option ($option)";
} }
@ -488,6 +492,7 @@ sub process_a_provider() {
duplicate => $duplicate , duplicate => $duplicate ,
address => $address , address => $address ,
local => $local , local => $local ,
stat => $stat ,
rules => [] , rules => [] ,
routes => [] , routes => [] ,
}; };
@ -506,6 +511,12 @@ sub process_a_provider() {
push @routemarked_providers, $providers{$table}; push @routemarked_providers, $providers{$table};
} }
if ( $stat ) {
require_capability 'STATISTIC_MATCH', q(The 'stat' option), 's';
fatal_error q('stat' requires either 'balance' or 'fallback=<weight>') unless $balance || $default > 0;
push @stat_providers, $providers{$table};
}
push @providers, $table; push @providers, $table;
progress_message " Provider \"$currentline\" $done"; progress_message " Provider \"$currentline\" $done";