forked from extern/shorewall_code
Final batch of quoting changes for tonight
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5715 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
f0c92595a3
commit
dd98eab8ee
@ -1407,8 +1407,9 @@ sub emitr( $ ) {
|
|||||||
|
|
||||||
sub create_netfilter_load() {
|
sub create_netfilter_load() {
|
||||||
|
|
||||||
emit 'setup_netfilter()';
|
emitj( 'setup_netfilter()',
|
||||||
emit '{';
|
'{'
|
||||||
|
);
|
||||||
push_indent;
|
push_indent;
|
||||||
|
|
||||||
for ( values %interfaceaddrs ) {
|
for ( values %interfaceaddrs ) {
|
||||||
@ -1418,11 +1419,12 @@ sub create_netfilter_load() {
|
|||||||
emit '';
|
emit '';
|
||||||
|
|
||||||
if ( $slowstart ) {
|
if ( $slowstart ) {
|
||||||
emit 'TEMPFILE=$(mktempfile)';
|
emitj( 'TEMPFILE=$(mktempfile)',
|
||||||
emit '[ -n "$TEMPFILE" ] || fatal_error "Cannot create temporary file in /tmp"';
|
'[ -n "$TEMPFILE" ] || fatal_error "Cannot create temporary file in /tmp"',
|
||||||
emit '';
|
'',
|
||||||
emit 'exec 3>>$TEMPFILE';
|
'exec 3>>$TEMPFILE',
|
||||||
emit '';
|
''
|
||||||
|
);
|
||||||
} else {
|
} else {
|
||||||
emit 'iptables-restore << __EOF__';
|
emit 'iptables-restore << __EOF__';
|
||||||
$state = CAT_STATE;
|
$state = CAT_STATE;
|
||||||
@ -1464,14 +1466,16 @@ sub create_netfilter_load() {
|
|||||||
emit '';
|
emit '';
|
||||||
|
|
||||||
if ( $slowstart ) {
|
if ( $slowstart ) {
|
||||||
emit ' exec 3>&-';
|
emitj( ' exec 3>&-',
|
||||||
emit '';
|
'',
|
||||||
emit 'iptables-restore < $TEMPFILE';
|
'iptables-restore < $TEMPFILE'
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
emit 'if [ $? != 0 ]; then';
|
emitj( 'if [ $? != 0 ]; then',
|
||||||
emit ' fatal_error "iptables-restore Failed"';
|
' fatal_error "iptables-restore Failed"',
|
||||||
emit "fi\n";
|
"fi\n"
|
||||||
|
);
|
||||||
|
|
||||||
emit 'rm -f $TEMPFILE' if $slowstart;
|
emit 'rm -f $TEMPFILE' if $slowstart;
|
||||||
|
|
||||||
|
|||||||
@ -82,15 +82,16 @@ sub setup_providers() {
|
|||||||
sub copy_table( $$ ) {
|
sub copy_table( $$ ) {
|
||||||
my ( $duplicate, $number ) = @_;
|
my ( $duplicate, $number ) = @_;
|
||||||
|
|
||||||
emit "ip route show table $duplicate | while read net route; do";
|
emitj( "ip route show table $duplicate | while read net route; do",
|
||||||
emit ' case $net in';
|
' case $net in',
|
||||||
emit ' default|nexthop)';
|
' default|nexthop)',
|
||||||
emit ' ;;';
|
' ;;',
|
||||||
emit ' *)';
|
' *)',
|
||||||
emit " run_ip route add table $number \$net \$route";
|
" run_ip route add table $number \$net \$route",
|
||||||
emit ' ;;';
|
' ;;',
|
||||||
emit ' esac';
|
' esac',
|
||||||
emit "done\n";
|
"done\n"
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
sub copy_and_edit_table( $$$ ) {
|
sub copy_and_edit_table( $$$ ) {
|
||||||
@ -221,11 +222,12 @@ sub setup_providers() {
|
|||||||
fatal_error "Duplicate mark value ( $mark )" if $num == $val;
|
fatal_error "Duplicate mark value ( $mark )" if $num == $val;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
emit "qt ip rule del fwmark $mark";
|
|
||||||
my $pref = 10000 + $val;
|
my $pref = 10000 + $val;
|
||||||
emit "run_ip rule add fwmark $mark pref $pref table $number";
|
|
||||||
emit "echo \"qt ip rule del fwmark $mark\" >> \${VARDIR}/undo_routing";
|
emitj( "qt ip rule del fwmark $mark",
|
||||||
|
"run_ip rule add fwmark $mark pref $pref table $number",
|
||||||
|
"echo \"qt ip rule del fwmark $mark\" >> \${VARDIR}/undo_routing"
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
$providers{$table} = {};
|
$providers{$table} = {};
|
||||||
@ -265,11 +267,13 @@ sub setup_providers() {
|
|||||||
" run_ip rule add from \$address pref \$(( $rulebase + \$rulenum )) table $number",
|
" run_ip rule add from \$address pref \$(( $rulebase + \$rulenum )) table $number",
|
||||||
" echo \"qt ip rule del from \$address\" >> \${VARDIR}/undo_routing",
|
" echo \"qt ip rule del from \$address\" >> \${VARDIR}/undo_routing",
|
||||||
' rulenum=$(($rulenum + 1))',
|
' rulenum=$(($rulenum + 1))',
|
||||||
'done' );
|
'done'
|
||||||
|
);
|
||||||
} else {
|
} else {
|
||||||
emit "\nfind_interface_addresses $interface | while read address; do";
|
emitj( "\nfind_interface_addresses $interface | while read address; do",
|
||||||
emit ' qt ip rule del from $address';
|
' qt ip rule del from $address',
|
||||||
emit 'done';
|
'done'
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
emit "\nprogress_message \" Provider $table ($number) Added\"\n";
|
emit "\nprogress_message \" Provider $table ($number) Added\"\n";
|
||||||
@ -278,8 +282,9 @@ sub setup_providers() {
|
|||||||
emit 'else';
|
emit 'else';
|
||||||
|
|
||||||
if ( $optional ) {
|
if ( $optional ) {
|
||||||
emit " error_message \"WARNING: Interface $interface is not configured -- Provider $table ($number) not Added\"";
|
emitj( " error_message \"WARNING: Interface $interface is not configured -- Provider $table ($number) not Added\"",
|
||||||
emit " ${iface}_up=";
|
" ${iface}_up="
|
||||||
|
);
|
||||||
} else {
|
} else {
|
||||||
emit " fatal_error \"ERROR: Interface $interface is not configured -- Provider $table ($number) Cannot be Added\"";
|
emit " fatal_error \"ERROR: Interface $interface is not configured -- Provider $table ($number) Cannot be Added\"";
|
||||||
}
|
}
|
||||||
@ -329,9 +334,10 @@ sub setup_providers() {
|
|||||||
|
|
||||||
$priority = "priority $priority";
|
$priority = "priority $priority";
|
||||||
|
|
||||||
emit "qt ip rule del $source $dest $priority";
|
emitj( "qt ip rule del $source $dest $priority",
|
||||||
emit "run_ip rule add $source $dest $priority table $provider";
|
"run_ip rule add $source $dest $priority table $provider",
|
||||||
emit "echo \"qt ip rule del $source $dest $priority\" >> \${VARDIR}/undo_routing";
|
"echo \"qt ip rule del $source $dest $priority\" >> \${VARDIR}/undo_routing"
|
||||||
|
);
|
||||||
progress_message " Routing rule \"$line\" $done";
|
progress_message " Routing rule \"$line\" $done";
|
||||||
}
|
}
|
||||||
#
|
#
|
||||||
@ -340,6 +346,7 @@ sub setup_providers() {
|
|||||||
progress_message2 "$doing $fn ...";
|
progress_message2 "$doing $fn ...";
|
||||||
|
|
||||||
emit "\nif [ -z \"\$NOROUTES\" ]; then";
|
emit "\nif [ -z \"\$NOROUTES\" ]; then";
|
||||||
|
|
||||||
push_indent;
|
push_indent;
|
||||||
|
|
||||||
emitj ( '#',
|
emitj ( '#',
|
||||||
@ -399,6 +406,7 @@ sub setup_providers() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
emit 'cat > /etc/iproute2/rt_tables <<EOF';
|
emit 'cat > /etc/iproute2/rt_tables <<EOF';
|
||||||
|
|
||||||
emit_unindented join( "\n",
|
emit_unindented join( "\n",
|
||||||
'#',
|
'#',
|
||||||
'# reserved values',
|
'# reserved values',
|
||||||
@ -412,8 +420,7 @@ sub setup_providers() {
|
|||||||
'#',
|
'#',
|
||||||
"EOF\n" );
|
"EOF\n" );
|
||||||
|
|
||||||
emit 'echocommand=$(find_echo)';
|
emit "echocommand=\$(find_echo)\n";
|
||||||
emit '';
|
|
||||||
|
|
||||||
for my $table ( @providers ) {
|
for my $table ( @providers ) {
|
||||||
emit "\$echocommand \"$providers{$table}{number}\\t$table\" >> /etc/iproute2/rt_tables";
|
emit "\$echocommand \"$providers{$table}{number}\\t$table\" >> /etc/iproute2/rt_tables";
|
||||||
@ -437,8 +444,7 @@ sub setup_providers() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
emit '';
|
emit "\nrun_ip route flush cache";
|
||||||
emit 'run_ip route flush cache';
|
|
||||||
pop_indent;
|
pop_indent;
|
||||||
emit "fi\n";
|
emit "fi\n";
|
||||||
|
|
||||||
|
|||||||
@ -398,18 +398,20 @@ sub setup_traffic_shaping() {
|
|||||||
|
|
||||||
push_indent;
|
push_indent;
|
||||||
|
|
||||||
emit "${dev}_exists=Yes";
|
emitj( "${dev}_exists=Yes",
|
||||||
emit "qt tc qdisc del dev $device root";
|
"qt tc qdisc del dev $device root",
|
||||||
emit "qt tc qdisc del dev $device ingress";
|
"qt tc qdisc del dev $device ingress",
|
||||||
emit "run_tc qdisc add dev $device root handle $devnum: htb default ${prefix}${defmark}";
|
"run_tc qdisc add dev $device root handle $devnum: htb default ${prefix}${defmark}",
|
||||||
emit "${dev}_mtu=\$(get_device_mtu $device)";
|
"${dev}_mtu=\$(get_device_mtu $device)",
|
||||||
emit "run_tc class add dev $device parent $devnum: classid $devnum:1 htb rate $devref->{out_bandwidth} mtu \$${dev}_mtu";
|
"run_tc class add dev $device parent $devnum: classid $devnum:1 htb rate $devref->{out_bandwidth} mtu \$${dev}_mtu"
|
||||||
|
);
|
||||||
|
|
||||||
my $inband = rate_to_kbit $devref->{in_bandwidth};
|
my $inband = rate_to_kbit $devref->{in_bandwidth};
|
||||||
|
|
||||||
if ( $inband ) {
|
if ( $inband ) {
|
||||||
emit "run_tc qdisc add dev $device handle ffff: ingress";
|
emitj( "run_tc qdisc add dev $device handle ffff: ingress",
|
||||||
emit "run_tc filter add dev $device parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${inband}kbit burst 10k drop flowid :1";
|
"run_tc filter add dev $device parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${inband}kbit burst 10k drop flowid :1"
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
$devref->{number} = $devnum++;
|
$devref->{number} = $devnum++;
|
||||||
@ -449,9 +451,10 @@ sub setup_traffic_shaping() {
|
|||||||
$lastdevice = $device;
|
$lastdevice = $device;
|
||||||
}
|
}
|
||||||
|
|
||||||
emit "[ \$${dev}_mtu -gt $quantum ] && quantum=\$${dev}_mtu || quantum=$quantum";
|
emitj( "[ \$${dev}_mtu -gt $quantum ] && quantum=\$${dev}_mtu || quantum=$quantum",
|
||||||
emit "run_tc class add dev $device parent $devref->{number}:1 classid $classid htb rate $rate ceil $tcref->{ceiling} prio $tcref->{priority} mtu \$${dev}_mtu quantum \$quantum";
|
"run_tc class add dev $device parent $devref->{number}:1 classid $classid htb rate $rate ceil $tcref->{ceiling} prio $tcref->{priority} mtu \$${dev}_mtu quantum \$quantum",
|
||||||
emit "run_tc qdisc add dev $device parent $classid handle ${prefix}${mark}: sfq perturb 10";
|
"run_tc qdisc add dev $device parent $classid handle ${prefix}${mark}: sfq perturb 10"
|
||||||
|
);
|
||||||
#
|
#
|
||||||
# add filters
|
# add filters
|
||||||
#
|
#
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user