mirror of
https://github.com/firehol/firehol.git
synced 2024-06-30 19:02:21 +00:00
support for comma as a list separator; optimizations for fireqos
This commit is contained in:
Costa Tsaousis (ktsaou)
parent
2488287e5b
commit
1952feb160
@ -220,7 +220,7 @@ mark_value() {
|
||||
return 1
|
||||
fi
|
||||
|
||||
for x in ${@}
|
||||
for x in ${@//,/ }
|
||||
do
|
||||
local x=$[ x + 1 - 1 ]
|
||||
if [ $x -gt ${MARKS_MAX[$name]} -o $x -lt 0 ]
|
||||
@ -5322,7 +5322,7 @@ rule() {
|
||||
fi
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${inface}" = "any" && softwarning "Overwritting param: inface '${inface}' becomes '${1}'"
|
||||
local inface="${1}"
|
||||
local inface="${1//,/ }"
|
||||
else
|
||||
local outfacenot=
|
||||
if [ "${1}" = "not" -o "${1}" = "NOT" ]
|
||||
@ -5336,7 +5336,7 @@ rule() {
|
||||
fi
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${outface}" = "any" && softwarning "Overwritting param: outface '${outface}' becomes '${1}'"
|
||||
local outface="${1}"
|
||||
local outface="${1//,/ }"
|
||||
fi
|
||||
shift
|
||||
;;
|
||||
@ -5357,7 +5357,7 @@ rule() {
|
||||
fi
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${outface}" = "any" && softwarning "Overwritting param: outface '${outface}' becomes '${1}'"
|
||||
local outface="${1}"
|
||||
local outface="${1//,/ }"
|
||||
else
|
||||
local infacenot=
|
||||
if [ "${1}" = "not" -o "${1}" = "NOT" ]
|
||||
@ -5371,7 +5371,7 @@ rule() {
|
||||
fi
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${inface}" = "any" && softwarning "Overwritting param: inface '${inface}' becomes '${1}'"
|
||||
local inface="${1}"
|
||||
local inface="${1//,/ }"
|
||||
fi
|
||||
shift
|
||||
;;
|
||||
@ -5387,7 +5387,7 @@ rule() {
|
||||
local physinnot="!"
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${physin}" = "any" && softwarning "Overwritting param: physin '${physin}' becomes '${1}'"
|
||||
local physin="${1}"
|
||||
local physin="${1//,/ }"
|
||||
else
|
||||
local physoutnot=
|
||||
if [ "${1}" = "not" -o "${1}" = "NOT" ]
|
||||
@ -5396,7 +5396,7 @@ rule() {
|
||||
local physoutnot="!"
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${physout}" = "any" && softwarning "Overwritting param: physout '${physout}' becomes '${1}'"
|
||||
local physout="${1}"
|
||||
local physout="${1//,/ }"
|
||||
fi
|
||||
shift
|
||||
;;
|
||||
@ -5412,7 +5412,7 @@ rule() {
|
||||
local physoutnot="!"
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${physout}" = "any" && softwarning "Overwritting param: physout '${physout}' becomes '${1}'"
|
||||
local physout="${1}"
|
||||
local physout="${1//,/ }"
|
||||
else
|
||||
local physinnot=
|
||||
if [ "${1}" = "not" -o "${1}" = "NOT" ]
|
||||
@ -5421,7 +5421,7 @@ rule() {
|
||||
local physinnot="!"
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${physin}" = "any" && softwarning "Overwritting param: physin '${physin}' becomes '${1}'"
|
||||
local physin="${1}"
|
||||
local physin="${1//,/ }"
|
||||
fi
|
||||
shift
|
||||
;;
|
||||
@ -5435,7 +5435,7 @@ rule() {
|
||||
test ${nomac} -eq 0 && local macnot="!"
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${mac}" = "any" && softwarning "Overwritting param: mac '${mac}' becomes '${1}'"
|
||||
test ${nomac} -eq 0 && local mac="${1}"
|
||||
test ${nomac} -eq 0 && local mac="${1//,/ }"
|
||||
shift
|
||||
;;
|
||||
|
||||
@ -5471,12 +5471,12 @@ rule() {
|
||||
if running_ipv4; then
|
||||
test ${softwarnings} -eq 1 -a ! "${src4}" = "default" && softwarning "Overwritting param: src4 '${src4}' becomes '${1}'"
|
||||
#local src4=$(ipv4 eval_param "${1}")
|
||||
local src4="${1}"
|
||||
local src4="${1//,/ }"
|
||||
fi
|
||||
if running_ipv6; then
|
||||
test ${softwarnings} -eq 1 -a ! "${src6}" = "default" && softwarning "Overwritting param: src6 '${src6}' becomes '${1}'"
|
||||
# local src6=$(ipv6 eval_param "${1}")
|
||||
local src6="${1}"
|
||||
local src6="${1//,/ }"
|
||||
fi
|
||||
else
|
||||
if running_ipv4; then
|
||||
@ -5498,12 +5498,12 @@ rule() {
|
||||
if running_ipv4; then
|
||||
test ${softwarnings} -eq 1 -a ! "${dst4}" = "default" && softwarning "Overwritting param: dst4 '${dst4}' becomes '${1}'"
|
||||
#local dst4=$(ipv4 eval_param "${1}")
|
||||
local dst4="${1}"
|
||||
local dst4="${1//,/ }"
|
||||
fi
|
||||
if running_ipv6; then
|
||||
test ${softwarnings} -eq 1 -a ! "${dst6}" = "default" && softwarning "Overwritting param: dst6 '${dst6}' becomes '${1}'"
|
||||
#local dst6=$(ipv6 eval_param "${1}")
|
||||
local dst6="${1}"
|
||||
local dst6="${1//,/ }"
|
||||
fi
|
||||
fi
|
||||
pop_namespace
|
||||
@ -5542,12 +5542,12 @@ rule() {
|
||||
if running_ipv4; then
|
||||
test ${softwarnings} -eq 1 -a ! "${dst4}" = "default" && softwarning "Overwritting param: dst4 '${dst4}' becomes '${1}'"
|
||||
# local dst4=$(ipv4 eval_param "${1}")
|
||||
local dst4="${1}"
|
||||
local dst4="${1//,/ }"
|
||||
fi
|
||||
if running_ipv6; then
|
||||
test ${softwarnings} -eq 1 -a ! "${dst6}" = "default" && softwarning "Overwritting param: dst6 '${dst6}' becomes '${1}'"
|
||||
#local dst6=$(ipv6 eval_param "${1}")
|
||||
local dst6="${1}"
|
||||
local dst6="${1//,/ }"
|
||||
fi
|
||||
else
|
||||
if running_ipv4; then
|
||||
@ -5569,12 +5569,12 @@ rule() {
|
||||
if running_ipv4; then
|
||||
test ${softwarnings} -eq 1 -a ! "${src4}" = "default" && softwarning "Overwritting param: src6 '${src4}' becomes '${1}'"
|
||||
#local src4=$(ipv4 eval_param "${1}")
|
||||
local src4="${1}"
|
||||
local src4="${1//,/ }"
|
||||
fi
|
||||
if running_ipv6; then
|
||||
test ${softwarnings} -eq 1 -a ! "${src6}" = "default" && softwarning "Overwritting param: src6 '${src6}' becomes '${1}'"
|
||||
#local src6=$(ipv6 eval_param "${1}")
|
||||
local src6="${1}"
|
||||
local src6="${1//,/ }"
|
||||
fi
|
||||
fi
|
||||
pop_namespace
|
||||
@ -5642,7 +5642,7 @@ rule() {
|
||||
local sportnot="!"
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${sport}" = "any" && softwarning "Overwritting param: sport '${sport}' becomes '${1}'"
|
||||
local sport="${1}"
|
||||
local sport="${1//,/ }"
|
||||
else
|
||||
local dportnot=
|
||||
if [ "${1}" = "not" -o "${1}" = "NOT" ]
|
||||
@ -5651,7 +5651,7 @@ rule() {
|
||||
local dportnot="!"
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${dport}" = "any" && softwarning "Overwritting param: dport '${dport}' becomes '${1}'"
|
||||
local dport="${1}"
|
||||
local dport="${1//,/ }"
|
||||
fi
|
||||
shift
|
||||
;;
|
||||
@ -5667,7 +5667,7 @@ rule() {
|
||||
local dportnot="!"
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${dport}" = "any" && softwarning "Overwritting param: dport '${dport}' becomes '${1}'"
|
||||
local dport="${1}"
|
||||
local dport="${1//,/ }"
|
||||
else
|
||||
local sportnot=
|
||||
if [ "${1}" = "not" -o "${1}" = "NOT" ]
|
||||
@ -5676,7 +5676,7 @@ rule() {
|
||||
local sportnot="!"
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${sport}" = "any" && softwarning "Overwritting param: sport '${sport}' becomes '${1}'"
|
||||
local sport="${1}"
|
||||
local sport="${1//,/ }"
|
||||
fi
|
||||
shift
|
||||
;;
|
||||
@ -5690,7 +5690,7 @@ rule() {
|
||||
local protonot="!"
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${proto}" = "any" && softwarning "Overwritting param: proto '${proto}' becomes '${1}'"
|
||||
local proto="${1}"
|
||||
local proto="${1//,/ }"
|
||||
shift
|
||||
;;
|
||||
|
||||
@ -5705,13 +5705,7 @@ rule() {
|
||||
local marknot="!"
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${mark}" = "any" && softwarning "Overwritting param: mark '${mark}' becomes ${markname} '${1}'"
|
||||
local mark=
|
||||
local num=
|
||||
for num in ${1}
|
||||
do
|
||||
#local mark="${mark} $[num << ${MARKS_SHIFT[$markname]}]/${MARKS_MASKS[$markname]}"
|
||||
local mark="${mark} $(mark_value $markname $num)"
|
||||
done
|
||||
local mark="${mark} $(mark_value $markname ${1//,/ })"
|
||||
shift
|
||||
;;
|
||||
|
||||
@ -5724,13 +5718,7 @@ rule() {
|
||||
local marknot="!"
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${mark}" = "any" && softwarning "Overwritting param: mark '${mark}' becomes usermark '${1}'"
|
||||
local mark=
|
||||
local num=
|
||||
for num in ${1}
|
||||
do
|
||||
#local mark="${mark} $[num << ${MARKS_SHIFT[usermark]}]/${MARKS_MASKS[usermark]}"
|
||||
local mark="${mark} $(mark_value usermark $num)"
|
||||
done
|
||||
local mark="${mark} $(mark_value usermark ${1//,/ })"
|
||||
shift
|
||||
;;
|
||||
|
||||
@ -5743,13 +5731,7 @@ rule() {
|
||||
local marknot="!"
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${mark}" = "any" && softwarning "Overwritting param: mark '${mark}' becomes connmark '${1}'"
|
||||
local mark=
|
||||
local num=
|
||||
for num in ${1}
|
||||
do
|
||||
#local mark="${mark} $[num << ${MARKS_SHIFT[connmark]}]/${MARKS_MASKS[connmark]}"
|
||||
local mark="${mark} $(mark_value connmark $num)"
|
||||
done
|
||||
local mark="${mark} $(mark_value connmark ${1//,/ })"
|
||||
shift
|
||||
;;
|
||||
|
||||
@ -5762,7 +5744,7 @@ rule() {
|
||||
local marknot="!"
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${mark}" = "any" && softwarning "Overwritting param: mark '${mark}' becomes '${1}'"
|
||||
local mark="${1}"
|
||||
local mark="${1//,/ }"
|
||||
shift
|
||||
;;
|
||||
|
||||
@ -5775,7 +5757,7 @@ rule() {
|
||||
local tosnot="!"
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${tos}" = "any" && softwarning "Overwritting param: tos '${tos}' becomes '${1}'"
|
||||
local tos="${1}"
|
||||
local tos="${1//,/ }"
|
||||
shift
|
||||
;;
|
||||
|
||||
@ -5788,13 +5770,13 @@ rule() {
|
||||
local dscpnot="!"
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${dscp}" = "any" && softwarning "Overwritting param: dscp '${dscp}' becomes '${1}'"
|
||||
local dscp="${1}"
|
||||
local dscp="${1//,/ }"
|
||||
shift
|
||||
|
||||
if [ "${dscp}" = "class" ]
|
||||
then
|
||||
local dscptype="-class"
|
||||
local dscp="${1}"
|
||||
local dscp="${1//,/ }"
|
||||
shift
|
||||
fi
|
||||
;;
|
||||
@ -6094,7 +6076,7 @@ rule() {
|
||||
test ${noowner} -eq 0 && local uidnot="!"
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${uid}" = "any" && softwarning "Overwritting param: uid '${uid}' becomes '${1}'"
|
||||
test ${noowner} -eq 0 && local uid="${1}"
|
||||
test ${noowner} -eq 0 && local uid="${1//,/ }"
|
||||
shift
|
||||
;;
|
||||
|
||||
@ -6107,7 +6089,7 @@ rule() {
|
||||
test ${noowner} -eq 0 && local gidnot="!"
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${gid}" = "any" && softwarning "Overwritting param: gid '${gid}' becomes '${1}'"
|
||||
test ${noowner} -eq 0 && local gid="${1}"
|
||||
test ${noowner} -eq 0 && local gid="${1//,/ }"
|
||||
shift
|
||||
;;
|
||||
|
||||
@ -6120,7 +6102,7 @@ rule() {
|
||||
test ${noowner} -eq 0 && local pidnot="!"
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${pid}" = "any" && softwarning "Overwritting param: pid '${pid}' becomes '${1}'"
|
||||
test ${noowner} -eq 0 && local pid="${1}"
|
||||
test ${noowner} -eq 0 && local pid="${1//,/ }"
|
||||
shift
|
||||
;;
|
||||
|
||||
@ -6133,7 +6115,7 @@ rule() {
|
||||
test ${noowner} -eq 0 && local sidnot="!"
|
||||
fi
|
||||
test ${softwarnings} -eq 1 -a ! "${sid}" = "any" && softwarning "Overwritting param: sid '${sid}' becomes '${1}'"
|
||||
test ${noowner} -eq 0 && local sid="${1}"
|
||||
test ${noowner} -eq 0 && local sid="${1//,/ }"
|
||||
shift
|
||||
;;
|
||||
|
||||
|
||||
106
sbin/fireqos.in
106
sbin/fireqos.in
@ -309,7 +309,7 @@ mark_value() {
|
||||
return 1
|
||||
fi
|
||||
|
||||
for x in ${@}
|
||||
for x in ${@//,/ }
|
||||
do
|
||||
local x=$[ x + 1 - 1 ]
|
||||
if [ $x -gt ${MARKS_MAX[$name]} -o $x -lt 0 ]
|
||||
@ -1921,9 +1921,13 @@ EOF
|
||||
}
|
||||
|
||||
find_port_masks() {
|
||||
# echo >&2 "${FUNCNAME} ${@}"
|
||||
local from=$(($1))
|
||||
local to=$(($2))
|
||||
|
||||
test -z "$from" && local from="$to"
|
||||
test -z "$from" && return 1
|
||||
|
||||
if [ -z "$to" ]
|
||||
then
|
||||
[ $FIREQOS_DEBUG_PORTS -eq 1 ] && echo >&2 "$from/0xffff"
|
||||
@ -1972,15 +1976,24 @@ find_port_masks() {
|
||||
}
|
||||
|
||||
expand_ports() {
|
||||
while [ ! -z "$1" ]
|
||||
# echo >&2 "${FUNCNAME} ${@}"
|
||||
local i=
|
||||
for i in ${@//,/ }
|
||||
do
|
||||
local p=`echo $1 | $tr_cmd ":-" " "`
|
||||
case $p in
|
||||
case "${i}" in
|
||||
any|all)
|
||||
echo $p
|
||||
echo "${i}"
|
||||
;;
|
||||
|
||||
*) find_port_masks $p
|
||||
|
||||
*:*)
|
||||
find_port_masks ${i//:/ }
|
||||
;;
|
||||
|
||||
*-*)
|
||||
find_port_masks ${i//-/ }
|
||||
;;
|
||||
|
||||
*) find_port_masks ${i}
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
@ -2002,6 +2015,7 @@ match46() {
|
||||
|
||||
match_count=0
|
||||
match() {
|
||||
# echo >&2 "${FUNCNAME} ${@}"
|
||||
match_count=$[match_count + 1]
|
||||
|
||||
if [ "z$1" = "z-ns" ]
|
||||
@ -2021,8 +2035,7 @@ match() {
|
||||
local dst=any
|
||||
local ip=any
|
||||
local tos=any
|
||||
local mark=any
|
||||
local marktype=
|
||||
local mark=
|
||||
local srcmac=any
|
||||
local dstmac=any
|
||||
local class=$class_name
|
||||
@ -2093,71 +2106,58 @@ match() {
|
||||
local proto="$1"
|
||||
;;
|
||||
|
||||
tos|priority)
|
||||
local tos="$2"
|
||||
tos)
|
||||
local tos="${2//,/ }"
|
||||
shift
|
||||
;;
|
||||
|
||||
connmark|connmarks)
|
||||
test ! "${mark}" = "any" && warning "Overwritting mark '${marktype}/${mark}' with 'connmark/${2}'"
|
||||
local marktype="connmark"
|
||||
local mark="$2"
|
||||
local mark="${mark} $(mark_value connmark ${2//,/ })"
|
||||
shift
|
||||
;;
|
||||
|
||||
mark|marks)
|
||||
test ! "${mark}" = "any" && warning "Overwritting mark '${marktype}/${mark}' with 'usermark/${2}'"
|
||||
local marktype="usermark"
|
||||
local mark="$2"
|
||||
local mark="${mark} $(mark_value usermark ${2//,/ })"
|
||||
shift
|
||||
;;
|
||||
|
||||
custommark|custommarks)
|
||||
test ! "${mark}" = "any" && warning "Overwritting mark '${marktype}/${mark}' with '${2}/${3}'"
|
||||
local marktype="$2"
|
||||
local mark="$3"
|
||||
local mark="${mark} $(mark_value $2 ${3//,/ })"
|
||||
shift 2
|
||||
if [ -z "${MARKS_MASKS[$marktype]}" ]
|
||||
then
|
||||
error "Mark type '${marktype}' is not defined."
|
||||
return 1
|
||||
fi
|
||||
;;
|
||||
|
||||
rawmark|rawmarks)
|
||||
test ! "${mark}" = "any" && warning "Overwritting mark '${marktype}/${mark}' with '${2}'"
|
||||
local marktype=
|
||||
local mark="$2"
|
||||
local mark="${mark} ${2//,/ }"
|
||||
shift
|
||||
;;
|
||||
|
||||
proto|protocol|protocols)
|
||||
local proto="$2"
|
||||
local proto="${2//,/ }"
|
||||
shift
|
||||
;;
|
||||
|
||||
port|ports)
|
||||
local port="$2"
|
||||
local port="${2//,/ }"
|
||||
shift
|
||||
;;
|
||||
|
||||
sport|sports)
|
||||
local sport="$2"
|
||||
local sport="${2//,/ }"
|
||||
shift
|
||||
;;
|
||||
|
||||
dport|dports)
|
||||
local dport="$2"
|
||||
local dport="${2//,/ }"
|
||||
shift
|
||||
;;
|
||||
|
||||
src)
|
||||
local src="$2"
|
||||
local src="${2//,/ }"
|
||||
shift
|
||||
;;
|
||||
|
||||
dst)
|
||||
local dst="$2"
|
||||
local dst="${2//,/ }"
|
||||
shift
|
||||
;;
|
||||
|
||||
@ -2167,7 +2167,7 @@ match() {
|
||||
;;
|
||||
|
||||
ip|ips|net|nets|host|hosts)
|
||||
local ip="$2"
|
||||
local ip="${2//,/ }"
|
||||
shift
|
||||
;;
|
||||
|
||||
@ -2206,12 +2206,14 @@ match() {
|
||||
;;
|
||||
|
||||
srcmac|smac)
|
||||
local srcmac=`echo "$2" | sed -e "s/://g"`
|
||||
local srcmac="${2//,/ }"
|
||||
local srcmac="${srcmac//:/}"
|
||||
shift
|
||||
;;
|
||||
|
||||
dstmac|dmac)
|
||||
local dstmac=`echo "$2" | sed -e "s/://g"`
|
||||
local dstmac="${2//,/ }"
|
||||
local dstmac="${dstmac//:/}"
|
||||
shift
|
||||
;;
|
||||
|
||||
@ -2222,6 +2224,8 @@ match() {
|
||||
shift
|
||||
done
|
||||
|
||||
test -z "${mark}" && local mark="any"
|
||||
|
||||
# if reverse, flip src/dst sport/dport
|
||||
if [ $reverse -eq 1 ]
|
||||
then
|
||||
@ -2244,16 +2248,9 @@ match() {
|
||||
class_matchid=$((class_matchid + 1))
|
||||
fi
|
||||
|
||||
local p=`echo $port | $tr_cmd "," " "`; local port=`expand_ports $p`
|
||||
local p=`echo $sport | $tr_cmd "," " "`; local sport=`expand_ports $p`
|
||||
local p=`echo $dport | $tr_cmd "," " "`; local dport=`expand_ports $p`
|
||||
|
||||
local proto=`echo $proto | $tr_cmd "," " "`;
|
||||
local ip=`echo $ip | $tr_cmd "," " "`;
|
||||
local src=`echo $src | $tr_cmd "," " "`;
|
||||
local dst=`echo $dst | $tr_cmd "," " "`;
|
||||
local mark=`echo $mark | $tr_cmd "," " "`;
|
||||
local tos=`echo $tos | $tr_cmd "," " "`;
|
||||
local port="$(expand_ports $port)"
|
||||
local sport="$(expand_ports $sport)"
|
||||
local dport="$(expand_ports $dport)"
|
||||
|
||||
[ -z "$proto" ] && error "Cannot accept empty protocol." && return 1
|
||||
[ -z "$port" ] && error "Cannot accept empty ports." && return 1
|
||||
@ -2264,8 +2261,8 @@ match() {
|
||||
[ -z "$ip" ] && error "Cannot accept empty IPs." && return 1
|
||||
[ -z "$tos" ] && error "Cannot accept empty TOS." && return 1
|
||||
[ -z "$mark" ] && error "Cannot accept empty MARK." && return 1
|
||||
[ -z "$srcmac" ] && error "Cannot accept empty source MAC." && return 1
|
||||
[ -z "$dstmac" ] && error "Cannot accept empty destination MAC." && return 1
|
||||
[ -z "$srcmac" ] && error "Cannot accept empty source MAC." && return 1
|
||||
[ -z "$dstmac" ] && error "Cannot accept empty destination MAC." && return 1
|
||||
|
||||
[ ! "$port" = "any" -a ! "$sport" = "any" ] && error "Cannot match 'port' and 'sport'." && exit 1
|
||||
[ ! "$port" = "any" -a ! "$dport" = "any" ] && error "Cannot match 'port' and 'dport'." && exit 1
|
||||
@ -2603,14 +2600,9 @@ match() {
|
||||
local mark_arg=
|
||||
case "$tmark" in
|
||||
any) ;;
|
||||
*) if [ -z "${marktype}" ]
|
||||
then
|
||||
# local mark_arg="handle $tmark fw"
|
||||
local mark_arg="u32 match mark `echo "$tmark" | tr "/" " "`"
|
||||
else
|
||||
# local mark_arg="u32 match mark $[tmark << ${MARKS_SHIFT[$marktype]}] ${MARKS_MASKS[$marktype]}"
|
||||
local mark_arg="u32 match mark $(mark_value $marktype $tmark)"
|
||||
fi
|
||||
*)
|
||||
# local mark_arg="handle $tmark fw"
|
||||
local mark_arg="u32 match mark ${tmark//\// }"
|
||||
;;
|
||||
esac
|
||||
|
||||
|
||||
@ -198,7 +198,7 @@ mark_value() {
|
||||
return 1
|
||||
fi
|
||||
|
||||
for x in ${@}
|
||||
for x in ${@//,/ }
|
||||
do
|
||||
local x=$[ x + 1 - 1 ]
|
||||
if [ $x -gt ${MARKS_MAX[$name]} -o $x -lt 0 ]
|
||||
@ -535,18 +535,18 @@ gateway() {
|
||||
;;
|
||||
|
||||
gateway|gw|via)
|
||||
local gw="${2}"
|
||||
local gw="${2//,/ }"
|
||||
shift
|
||||
;;
|
||||
|
||||
src|from)
|
||||
local src="${2}"
|
||||
local src="${2//,/ }"
|
||||
shift
|
||||
;;
|
||||
|
||||
check)
|
||||
local check="${2}"
|
||||
local dst="${3}"
|
||||
local dst="${3//,/ }"
|
||||
shift 2
|
||||
;;
|
||||
|
||||
@ -1326,21 +1326,16 @@ rules() {
|
||||
mark)
|
||||
if [ -z "${marktype}" ]
|
||||
then
|
||||
mark+=("$1")
|
||||
mark+=( ${1//,/ } )
|
||||
else
|
||||
local x=
|
||||
for x in $1
|
||||
do
|
||||
# mark+=(`printf "0x%x/${MARKS_MASKS[$marktype]}" "$[x << ${MARKS_SHIFT[$marktype]}]"`)
|
||||
mark+=( $(mark_value $marktype $x) )
|
||||
done
|
||||
mark+=( $(mark_value $marktype ${1//,/ }) )
|
||||
fi
|
||||
;;
|
||||
|
||||
tos) tos+=("$1");;
|
||||
src) src+=("$1");;
|
||||
dst) dst+=("$1");;
|
||||
inface) inface+=("$1");;
|
||||
tos) tos+=( ${1//,/ } );;
|
||||
src) src+=( ${1//,/ } );;
|
||||
dst) dst+=( ${1//,/ } );;
|
||||
inface) inface+=( ${1//,/ } );;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
|
||||
Loading…
Reference in New Issue
Block a user