Tom Eastep wrote: > Tom Eastep wrote: >> [email protected] wrote: >>> As suspected, Yet another error: >>> iptables-restore v1.3.5: Bad MARK value `1/255' >> Iptables 1.3.5 ( included in Centos 5.3 ) doesn't support specification >> of a mask in --set-mark (or --and-mark or --or-mark). I'll see what I >> can do but it will be after work before I'm able to look at this further. > > I took a quick look at this and it was trivial to work around. > > patch /usr/share/shorewall/Shorewall/Tc.pm < mark.diff >
Crap -- I attached the wrong patch. Correct patch this time. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index b78e396..9584741 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -227,9 +227,9 @@ sub process_tc_rule( ) {
fatal_error "Invalid chain designator for source $fw" unless $tcsref->{fw};
}
- $chain = $tcsref->{chain} if $tcsref->{chain};
- $target = $tcsref->{target} if $tcsref->{target};
- $mark = "$mark/$globals{TC_MASK}" if $connmark = $tcsref->{connmark};
+ $chain = $tcsref->{chain} if $tcsref->{chain};
+ $target = $tcsref->{target} if $tcsref->{target};
+ $mark = "$mark/" . in_hex( $globals{TC_MASK} ) if $connmark = $tcsref->{connmark};
require_capability ('CONNMARK' , "CONNMARK Rules", '' ) if $connmark;
@@ -1080,12 +1080,7 @@ sub process_tc_priority() {
fatal_error "Invalid PRIORITY ($band)" unless $val && $val <= 3;
- my $rule = join( '',
- do_helper( $helper ) ,
- "-j MARK --set-mark ",
- $band ,
- '/' ,
- $globals{TC_MASK} );
+ my $rule = do_helper( $helper ) . "-j MARK --set-mark $band";
if ( $interface ne '-' ) {
fatal_error "Invalid combination of columns" unless $address eq '-' && $proto eq '-' && $ports eq '-';
@@ -1150,8 +1145,8 @@ sub setup_simple_traffic_shaping() {
clear_comment;
if ( $ipp2p ) {
- insert_rule1 $mangle_table->{tcpost} , 0 , "-m mark --mark 0/$globals{TC_MASK} -j CONNMARK --restore-mark --ctmask $globals{TC_MASK}";
- add_rule $mangle_table->{tcpost} , "-m mark ! --mark 0/$globals{TC_MASK} -j CONNMARK --save-mark --ctmask $globals{TC_MASK}";
+ insert_rule1 $mangle_table->{tcpost} , 0 , '-m mark --mark 0/' . in_hex( $globals{TC_MASK} ) . ' -j CONNMARK --restore-mark --ctmask ' . in_hex( $globals{TC_MASK} );
+ add_rule $mangle_table->{tcpost} , '-m mark ! --mark 0/' . in_hex( $globals{TC_MASK} ) . ' -j CONNMARK --save-mark --ctmask ' . in_hex( $globals{TC_MASK} );
}
}
}
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
