From f9ae28aeea1534733257e29fdf6d041272cf5879 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Mon, 24 Aug 2015 14:56:24 -0700 Subject: [PATCH] The -t option also converts the 'tos' file. Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Config.pm | 3 +- Shorewall/Perl/Shorewall/Tc.pm | 87 ++++++++++++++++++++++++++++++ Shorewall/manpages/shorewall.xml | 10 ++-- Shorewall6/manpages/shorewall6.xml | 10 ++-- 4 files changed, 101 insertions(+), 9 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 073375074..423fd50d2 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -4876,7 +4876,8 @@ EOF -f find_file 'blacklist' || -f find_file 'tcrules' || -f find_file 'routestopped' || - -f find_file 'notrack' + -f find_file 'notrack' || + -f find_file 'tos' ); } } else { diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm index 4d4cad6a8..217aa9f92 100644 --- a/Shorewall/Perl/Shorewall/Tc.pm +++ b/Shorewall/Perl/Shorewall/Tc.pm @@ -3139,6 +3139,81 @@ sub process_secmark_rule() { } } +sub convert_tos($$) { + my ( $mangle, $fn1 ) = @_; + + my $have_tos = 0; + + sub unlink_tos( $ ) { + my $fn = shift; + + if ( unlink $fn ) { + warning_message "Empty tos file ($fn) removed"; + } else { + warning_message "Unable to remove empty tos file $fn: $!"; + } + } + + if ( my $fn = open_file 'tos' ) { + while ( read_a_line( NORMAL_READ ) ) { + + $have_tos = 1; + + my ($src, $dst, $proto, $ports, $sports , $tos, $mark ) = + split_line( 'tos file entry', + { source => 0, dest => 1, proto => 2, dport => 3, sport => 4, tos => 5, mark => 6 } ); + + my $chain_designator = 'P'; + + decode_tos($tos, 1); + + my ( $srczone , $source , $remainder ); + + if ( $family == F_IPV4 ) { + ( $srczone , $source , $remainder ) = split( /:/, $src, 3 ); + fatal_error 'Invalid SOURCE' if defined $remainder; + } elsif ( $src =~ /^(.+?):<(.*)>\s*$/ || $src =~ /^(.+?):\[(.*)\]\s*$/ ) { + $srczone = $1; + $source = $2; + } else { + $srczone = $src; + } + + if ( $srczone eq firewall_zone ) { + $chain_designator = 'O'; + $src = $source || '-'; + } else { + $src =~ s/^all:?//; + } + + $dst =~ s/^all:?//; + + $src = '-' unless supplied $src; + $dst = '-' unless supplied $dst; + $proto = '-' unless supplied $proto; + $ports = '-' unless supplied $ports; + $sports = '-' unless supplied $sports; + $mark = '-' unless supplied $mark; + + print $mangle "TOS($tos):$chain_designator\t$src\t$dst\t$proto\t$ports\t$sports\t-\t$mark\n" + + } + + if ( $have_tos ) { + progress_message2 "Converted $fn to $fn1"; + if ( rename $fn, "$fn.bak" ) { + progress_message2 "$fn renamed $fn.bak"; + } else { + fatal_error "Cannot Rename $fn to $fn.bak: $!"; + } + } else { + unlink_tos( $fn ); + } + } elsif ( -f ( my $fn = find_file( 'tos' ) ) ) { + unlink_tos( $fn ); + } +} + # # Process the mangle file and setup traffic shaping # @@ -3226,6 +3301,8 @@ sub setup_tc( $ ) { } } + convert_tos( $mangle, $fn1 ); + close $mangle, directive_callback( 0 ) if $tcrules; } elsif ( $tcrules ) { @@ -3236,6 +3313,16 @@ sub setup_tc( $ ) { warning_message "Unable to remove empty tcrules file $fn: $!"; } } + + if ( -f ( my $fn = find_file( 'tos' ) ) ) { + my $fn1; + # + # We are going to convert this tosfile to the equivalent mangle file + # + open( $mangle , '>>', $fn1 = find_file('mangle') ) || fatal_error "Unable to open $fn1:$!"; + convert_tos( $mangle, $fn1 ); + close $mangle; + } } } elsif ( -f ( my $fn = find_file( 'tcrules' ) ) ) { warning_message "The tcrules file is no longer supported -- use '$product update -t' to convert $fn to an equivalent 'mangle' file"; diff --git a/Shorewall/manpages/shorewall.xml b/Shorewall/manpages/shorewall.xml index 5339732e9..171010034 100644 --- a/Shorewall/manpages/shorewall.xml +++ b/Shorewall/manpages/shorewall.xml @@ -2504,11 +2504,13 @@ url="/manpages/shorewall.conf.html">shorewall.conf(5). The option was added in Shorewall 4.6.0. - When specified, causes shorewall-tcrules(5) to be - converted to -t causes the tcrules file to be converted to shorewall-mangle(5). The old - file is renamed with a .bak suffix. + file is renamed with a .bak suffix. Beginning with Shorewall + 4.6.12.2, this option also causes the tos file to be converted to shorewall-mangle(5). There are some notable restrictions with the diff --git a/Shorewall6/manpages/shorewall6.xml b/Shorewall6/manpages/shorewall6.xml index e41b5f1c3..cd4a1ebbc 100644 --- a/Shorewall6/manpages/shorewall6.xml +++ b/Shorewall6/manpages/shorewall6.xml @@ -2381,11 +2381,13 @@ url="/manpages6/shorewall6.conf.html">shorewall6.conf(5). The option was added in Shorewall 4.6.0. - When specified, causes shorewall6-tcrules(5) to be - converted to -t causes the tcrules file to be converted to shorewall6-mangle(5). The old - file is renamed with a .bak suffix. + file is renamed with a .bak suffix. Beginning with Shorewall + 4.6.12.2, this option also causes the tos file to be converted to shorewall6-mangle(5). There are some notable restrictions with the