Документ взят из кэша поисковой машины. Адрес оригинального документа : http://mirror.msu.net/pub/gentoo-portage/net-misc/htbinit/files/htb_0.8.5_ipv6.diff
Дата изменения: Fri Oct 13 15:01:22 2006
Дата индексирования: Wed Sep 15 07:54:33 2010
Кодировка:
--- htb.init.old 2004-01-29 22:41:23.000000000 +0100
+++ htb.init 2006-09-07 23:32:58.000000000 +0200
@@ -275,6 +284,7 @@
### Filtering parameters
#
# RULE=[[saddr[/prefix]][:port[/mask]],][daddr[/prefix]][:port[/mask]]
+# RULEIPv6=[[saddr[/prefix]][_port[/mask]],][daddr[/prefix]][_port[/mask]]
#
# These parameters make up "u32" filter rules that select traffic for
# each of the classes. You can use multiple RULE fields per config.
@@ -300,9 +310,13 @@
# RULE=10.5.5.5:80,
# selects traffic going from port 80 of single host 10.5.5.5
#
+# RULEIPv6=3ffe:80fe:c28:1:45d1:3a1:5e2b:e6c8
+# selects traffic going to IPv6 host 3ffe:80fe:c28:1:45d1:3a1:5e2b:e6c8
+#
#
#
# REALM=[srealm,][drealm]
+# REALMIPv6=[srealm,][drealm]
#
# These parameters make up "route" filter rules that classify traffic
# according to packet source/destination realms. For information about
@@ -327,6 +341,7 @@
#
#
# MARK=
+# MARKIPv6=
#
# These parameters make up "fw" filter rules that select traffic for
# each of the classes accoring to firewall "mark". Mark is a decimal
@@ -414,6 +429,9 @@
PRIO_RULE_DEFAULT=${PRIO_RULE:-100}
PRIO_MARK_DEFAULT=${PRIO_MARK:-200}
PRIO_REALM_DEFAULT=${PRIO_REALM:-300}
+PRIO_RULEIPv6=${PRIO_RULEIPv6:-150}
+PRIO_MARKIPv6=${PRIO_MARKIPv6:-250}
+PRIO_REALMIPv6=${PRIO_REALMIPv6:-350}

### Default HTB_PATH & HTB_CACHE settings
HTB_PATH=${HTB_PATH:-/etc/sysconfig/htb}
@@ -818,6 +838,13 @@
prio $PRIO_MARK handle $mark fw classid 1:$CLASS
done ### mark

+ ### Create fw filter for MARKIPv6 fields
+ for mark in `htb_cfile_rules MARKIPv6`; do
+ ### Attach fw filter to root class
+ tc filter add dev $DEVICE parent 1:0 protocol ipv6 \
+ prio $PRIO_MARKIPv6 handle $mark fw classid 1:$CLASS
+ done ### markipv6
+
### Create route filter for REALM fields
for realm in `htb_cfile_rules REALM`; do
### Split realm into source & destination realms
@@ -833,6 +860,21 @@
${DREALM:+to $DREALM} classid 1:$CLASS
done ### realm

+ ### Create route filter for REALMIPv6 fields
+ for realm in `htb_cfile_rules REALMIPv6`; do
+ ### Split realm into source & destination realms
+ SREALM=${realm%%,*}; DREALM=${realm##*,}
+ [ "$SREALM" = "$DREALM" ] && SREALM=""
+
+ ### Convert asterisks to empty strings
+ SREALM=${SREALM#\*}; DREALM=${DREALM#\*}
+
+ ### Attach route filter to the root class
+ tc filter add dev $DEVICE parent 1:0 protocol ipv6 \
+ prio $PRIO_REALM route ${SREALM:+from $SREALM} \
+ ${DREALM:+to $DREALM} classid 1:$CLASS
+ done ### realmipv6
+
### Create u32 filter for RULE fields
for rule in `htb_cfile_rules RULE`; do
### Split rule into source & destination
@@ -876,6 +918,49 @@
prio $PRIO_RULE u32 $u32_s $u32_d classid 1:$CLASS
done ### rule

+ ### Create u32 filter for RULEIPv6 fields
+ for rule in `htb_cfile_rules RULEIPv6`; do
+ ### Split rule into source & destination
+ SRC=${rule%%,*}; DST=${rule##*,}
+ [ "$SRC" = "$rule" ] && SRC=""
+
+
+ ### Split destination into address, port & mask fields
+ DADDR=${DST%%_*}; DTEMP=${DST##*_}
+ [ "$DADDR" = "$DST" ] && DTEMP=""
+
+ DPORT=${DTEMP%%/*}; DMASK=${DTEMP##*/}
+ [ "$DPORT" = "$DTEMP" ] && DMASK="0xffff"
+
+
+ ### Split up source (if specified)
+ SADDR=""; SPORT=""
+ if [ -n "$SRC" ]; then
+ SADDR=${SRC%%_*}; STEMP=${SRC##*_}
+ [ "$SADDR" = "$SRC" ] && STEMP=""
+
+ SPORT=${STEMP%%/*}; SMASK=${STEMP##*/}
+ [ "$SPORT" = "$STEMP" ] && SMASK="0xffff"
+ fi
+
+
+ ### Convert asterisks to empty strings
+ SADDR=${SADDR#\*}; DADDR=${DADDR#\*}
+
+ ### Compose u32 filter rules
+ u32_s="${SPORT:+match ip6 sport $SPORT $SMASK}"
+ u32_s="${SADDR:+match ip6 src $SADDR} $u32_s"
+ u32_d="${DPORT:+match ip6 dport $DPORT $DMASK}"
+ u32_d="${DADDR:+match ip6 dst $DADDR} $u32_d"
+
+ ### Uncomment the following if you want to see parsed rules
+ #echo "$rule: $u32_s $u32_d"
+
+ ### Attach u32 filter to the appropriate class
+ tc filter add dev $DEVICE parent 1:0 protocol ipv6 \
+ prio $PRIO_RULEIPv6 u32 $u32_s $u32_d classid 1:$CLASS
+ done ### ruleipv6
+
[ "$1" = "compile" ] && echo
done ### classfile
;;