mirror of
https://github.com/firehol/firehol.git
synced 2024-06-30 19:02:21 +00:00
centralized mark value calculation and error handling for all tools
This commit is contained in:
parent
23f52cd9dc
commit
2488287e5b
@ -198,6 +198,43 @@ markdef() {
|
||||
MARKS_TOTAL_BITS=$[ MARKS_TOTAL_BITS + bits ]
|
||||
}
|
||||
|
||||
mark_value() {
|
||||
local name="${1}"; shift
|
||||
local x=
|
||||
|
||||
if [ -z "${name}" ]
|
||||
then
|
||||
error "Cannot find the value of mark with name '${name}'."
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ -z "${1}" ]
|
||||
then
|
||||
error "Empty mark value given for mark ${name}."
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ -z "${MARKS_MASKS[$name]}" ]
|
||||
then
|
||||
error "Mark $name does not exist."
|
||||
return 1
|
||||
fi
|
||||
|
||||
for x in ${@}
|
||||
do
|
||||
local x=$[ x + 1 - 1 ]
|
||||
if [ $x -gt ${MARKS_MAX[$name]} -o $x -lt 0 ]
|
||||
then
|
||||
error "Cannot get mark $name of value $x. Mark $name is configured to get values from 0 to ${MARKS_MAX[$name]}. Change firehol-defaults.conf to add more."
|
||||
return 1
|
||||
fi
|
||||
|
||||
# echo "$[ x << ${MARKS_SHIFT[$name]} ]/${MARKS_MASKS[$name]}"
|
||||
printf "0x%08x/${MARKS_MASKS[$name]}\n" "$[ x << ${MARKS_SHIFT[$name]} ]"
|
||||
done
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
||||
@ -3282,7 +3319,8 @@ tproxy() {
|
||||
|
||||
if [ -z "${FIREHOL_TPROXY_MARK}" ]
|
||||
then
|
||||
FIREHOL_TPROXY_MARK="$[ MARKS_MAX[usermark] << MARKS_SHIFT[usermark] ]/${MARKS_MASKS[usermark]}"
|
||||
#FIREHOL_TPROXY_MARK="$[ MARKS_MAX[usermark] << MARKS_SHIFT[usermark] ]/${MARKS_MASKS[usermark]}"
|
||||
FIREHOL_TPROXY_MARK="$(mark_value usermark MARKS_MAX[usermark])"
|
||||
fi
|
||||
|
||||
local tproxy_action_options="tproxy-mark $FIREHOL_TPROXY_MARK"
|
||||
@ -3583,13 +3621,14 @@ connmark() {
|
||||
|
||||
set_work_function "Setting up rules for CONNMARK"
|
||||
|
||||
if [ "${num}" -lt 0 -o "${num}" -gt "${MARKS_MAX[connmark]}" ]
|
||||
then
|
||||
error "FireHOL is configured to use $[${MARKS_MAX[connmark]} + 1] connmarks (from 0 to ${MARKS_MAX[connmark]})."
|
||||
return 1
|
||||
fi
|
||||
|
||||
local mark="$[num << ${MARKS_SHIFT[connmark]}]/${MARKS_MASKS[connmark]}"
|
||||
#if [ "${num}" -lt 0 -o "${num}" -gt "${MARKS_MAX[connmark]}" ]
|
||||
#then
|
||||
# error "FireHOL is configured to use $[${MARKS_MAX[connmark]} + 1] connmarks (from 0 to ${MARKS_MAX[connmark]})."
|
||||
# return 1
|
||||
#fi
|
||||
#
|
||||
#local mark="$[num << ${MARKS_SHIFT[connmark]}]/${MARKS_MASKS[connmark]}"
|
||||
local mark="$(mark_value connmark $num)"
|
||||
|
||||
local chain=
|
||||
for chain in ${where}
|
||||
@ -3623,13 +3662,14 @@ custommark() {
|
||||
|
||||
set_work_function "Setting up rules for MARK"
|
||||
|
||||
if [ "${num}" -lt 0 -o "${num}" -gt "${MARKS_MAX[$name]}" ]
|
||||
then
|
||||
error "FireHOL is configured to use $[${MARKS_MAX[$name]} + 1] $name (from 0 to ${MARKS_MAX[$name]})."
|
||||
return 1
|
||||
fi
|
||||
|
||||
local mark="$[num << ${MARKS_SHIFT[$name]}]/${MARKS_MASKS[$name]}"
|
||||
#if [ "${num}" -lt 0 -o "${num}" -gt "${MARKS_MAX[$name]}" ]
|
||||
#then
|
||||
# error "FireHOL is configured to use $[${MARKS_MAX[$name]} + 1] $name (from 0 to ${MARKS_MAX[$name]})."
|
||||
# return 1
|
||||
#fi
|
||||
#
|
||||
#local mark="$[num << ${MARKS_SHIFT[$name]}]/${MARKS_MASKS[$name]}"
|
||||
local mark="$(mark_value $name $num)"
|
||||
|
||||
rule table mangle chain "${where}" custom '-m conntrack --ctstate NEW' "${@}" action MARK to "${mark}" || return 1
|
||||
|
||||
@ -5669,7 +5709,8 @@ rule() {
|
||||
local num=
|
||||
for num in ${1}
|
||||
do
|
||||
local mark="${mark} $[num << ${MARKS_SHIFT[$markname]}]/${MARKS_MASKS[$markname]}"
|
||||
#local mark="${mark} $[num << ${MARKS_SHIFT[$markname]}]/${MARKS_MASKS[$markname]}"
|
||||
local mark="${mark} $(mark_value $markname $num)"
|
||||
done
|
||||
shift
|
||||
;;
|
||||
@ -5687,7 +5728,8 @@ rule() {
|
||||
local num=
|
||||
for num in ${1}
|
||||
do
|
||||
local mark="${mark} $[num << ${MARKS_SHIFT[usermark]}]/${MARKS_MASKS[usermark]}"
|
||||
#local mark="${mark} $[num << ${MARKS_SHIFT[usermark]}]/${MARKS_MASKS[usermark]}"
|
||||
local mark="${mark} $(mark_value usermark $num)"
|
||||
done
|
||||
shift
|
||||
;;
|
||||
@ -5705,7 +5747,8 @@ rule() {
|
||||
local num=
|
||||
for num in ${1}
|
||||
do
|
||||
local mark="${mark} $[num << ${MARKS_SHIFT[connmark]}]/${MARKS_MASKS[connmark]}"
|
||||
#local mark="${mark} $[num << ${MARKS_SHIFT[connmark]}]/${MARKS_MASKS[connmark]}"
|
||||
local mark="${mark} $(mark_value connmark $num)"
|
||||
done
|
||||
shift
|
||||
;;
|
||||
@ -7089,7 +7132,7 @@ softwarning() {
|
||||
echo >&2
|
||||
echo >&2 "--------------------------------------------------------------------------------"
|
||||
echo >&2 "WARNING"
|
||||
echo >&2 "WHAT : ${work_function}"
|
||||
echo >&2 "WHEN : ${work_function}"
|
||||
echo >&2 "WHY :" "$@"
|
||||
printf >&2 "COMMAND: "; printf >&2 "%q " "${work_realcmd[@]}"; echo >&2
|
||||
echo >&2 "MODE :" "${FIREHOL_NS_CURR}"
|
||||
@ -7113,7 +7156,7 @@ error() {
|
||||
echo >&2
|
||||
echo >&2 "--------------------------------------------------------------------------------"
|
||||
echo >&2 "ERROR #: ${work_error}"
|
||||
echo >&2 "WHAT : ${work_function}"
|
||||
echo >&2 "WHEN : ${work_function}"
|
||||
echo >&2 "WHY :" "$@"
|
||||
printf >&2 "COMMAND: "; printf >&2 "%q " "${work_realcmd[@]}"; echo >&2
|
||||
echo >&2 "MODE :" "${FIREHOL_NS_CURR}"
|
||||
|
@ -287,6 +287,45 @@ then
|
||||
source "${FIREHOL_SPOOL_DIR}/marks.conf" || exit 1
|
||||
fi
|
||||
|
||||
mark_value() {
|
||||
local name="${1}"; shift
|
||||
local x=
|
||||
|
||||
if [ -z "${name}" ]
|
||||
then
|
||||
error "Cannot find the value of mark with name '${name}'."
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ -z "${1}" ]
|
||||
then
|
||||
error "Empty mark value given for mark ${name}."
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ -z "${MARKS_MASKS[$name]}" ]
|
||||
then
|
||||
error "Mark $name does not exist."
|
||||
return 1
|
||||
fi
|
||||
|
||||
for x in ${@}
|
||||
do
|
||||
local x=$[ x + 1 - 1 ]
|
||||
if [ $x -gt ${MARKS_MAX[$name]} -o $x -lt 0 ]
|
||||
then
|
||||
error "Cannot get mark $name of value $x. Mark $name is configured to get values from 0 to ${MARKS_MAX[$name]}. Change firehol-defaults.conf to add more."
|
||||
return 1
|
||||
fi
|
||||
|
||||
#echo "$[ x << ${MARKS_SHIFT[$name]} ]/${MARKS_MASKS[$name]}"
|
||||
printf "0x%08x/${MARKS_MASKS[$name]}\n" "$[ x << ${MARKS_SHIFT[$name]} ]"
|
||||
done
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
|
||||
save() {
|
||||
@ -2078,7 +2117,7 @@ match() {
|
||||
local marktype="$2"
|
||||
local mark="$3"
|
||||
shift 2
|
||||
if [ -z "${MARKS_BITS[$marktype]}" ]
|
||||
if [ -z "${MARKS_MASKS[$marktype]}" ]
|
||||
then
|
||||
error "Mark type '${marktype}' is not defined."
|
||||
return 1
|
||||
@ -2569,7 +2608,8 @@ match() {
|
||||
# local mark_arg="handle $tmark fw"
|
||||
local mark_arg="u32 match mark `echo "$tmark" | tr "/" " "`"
|
||||
else
|
||||
local mark_arg="u32 match mark $[tmark << ${MARKS_SHIFT[$marktype]}] ${MARKS_MASKS[$marktype]}"
|
||||
# local mark_arg="u32 match mark $[tmark << ${MARKS_SHIFT[$marktype]}] ${MARKS_MASKS[$marktype]}"
|
||||
local mark_arg="u32 match mark $(mark_value $marktype $tmark)"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
@ -176,6 +176,44 @@ then
|
||||
source "${FIREHOL_SPOOL_DIR}/marks.conf" || exit 1
|
||||
fi
|
||||
|
||||
mark_value() {
|
||||
local name="${1}"; shift
|
||||
local x=
|
||||
|
||||
if [ -z "${name}" ]
|
||||
then
|
||||
error "Cannot find the value of mark with name '${name}'."
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ -z "${1}" ]
|
||||
then
|
||||
error "Empty mark value given for mark ${name}."
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ -z "${MARKS_MASKS[$name]}" ]
|
||||
then
|
||||
error "Mark $name does not exist."
|
||||
return 1
|
||||
fi
|
||||
|
||||
for x in ${@}
|
||||
do
|
||||
local x=$[ x + 1 - 1 ]
|
||||
if [ $x -gt ${MARKS_MAX[$name]} -o $x -lt 0 ]
|
||||
then
|
||||
error "Cannot get mark $name of value $x. Mark $name is configured to get values from 0 to ${MARKS_MAX[$name]}. Change firehol-defaults.conf to add more."
|
||||
return 1
|
||||
fi
|
||||
|
||||
#echo "$[ x << ${MARKS_SHIFT[$name]} ]/${MARKS_MASKS[$name]}"
|
||||
printf "0x%08x/${MARKS_MASKS[$name]}\n" "$[ x << ${MARKS_SHIFT[$name]} ]"
|
||||
done
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
# -----------------------------------------------------------------------------
|
||||
|
||||
LB_RESULT_CODE=1
|
||||
@ -1223,7 +1261,7 @@ rules() {
|
||||
custommark)
|
||||
local marktype="${2}"; shift
|
||||
local cmd="mark"
|
||||
if [ -z "${MARKS_BITS[$marktype]}" ]
|
||||
if [ -z "${MARKS_MASKS[$marktype]}" ]
|
||||
then
|
||||
error "Mark type '${marktype}' is not defined."
|
||||
exit 1
|
||||
@ -1293,7 +1331,8 @@ rules() {
|
||||
local x=
|
||||
for x in $1
|
||||
do
|
||||
mark+=(`printf "0x%x/${MARKS_MASKS[$marktype]}" "$[x << ${MARKS_SHIFT[$marktype]}]"`)
|
||||
# mark+=(`printf "0x%x/${MARKS_MASKS[$marktype]}" "$[x << ${MARKS_SHIFT[$marktype]}]"`)
|
||||
mark+=( $(mark_value $marktype $x) )
|
||||
done
|
||||
fi
|
||||
;;
|
||||
|
Loading…
Reference in New Issue
Block a user