for ver in ipv4 ipv6; do
if [ -f /proc/sys/net/$ver/conf/$i/$opt ]; then
any=t
- run sysctl -q net/ipv4/conf/$i/$opt="$val"
+ run sysctl -q net/$ver/conf/$i/$opt="$val"
fi
done
case $any in
trace "netclass $name = $netclassindex"
eval from_$name=$(( $netclassindex << $BIT_FROM ))
eval to_$name=$(( $netclassindex << $BIT_TO ))
- eval _mask_$name=$(( 1 << ($netclassindex + $BIT_MASK) ))
+ eval fwd_$name=$(( 1 << ($netclassindex + $BIT_MASK) ))
nets="$nets $name"
;;
2)
- ## Pass 2. Compute the actual from and to values. We're a little bit
- ## clever during source classification, and set the TO field to
- ## all-bits-one, so that destination classification needs only a single
- ## AND operation.
- from=$(( ($netclassindex << $BIT_FROM) + (0xf << $BIT_TO) ))
+ ## Pass 2. Compute the actual from and to values. This is fiddly:
+ ## we want to preserve the other flags.
+ from=$(( ($netclassindex << $BIT_FROM) ))
+ frommask=$(( $MASK_FROM | $MASK_MASK ))
for net; do
- eval bit=\$_mask_$net
+ eval bit=\$fwd_$net
from=$(( $from + $bit ))
done
- to=$(( ($netclassindex << $BIT_TO) + \
- (0xf << $BIT_FROM) + \
- (1 << ($netclassindex + $BIT_MASK)) ))
- trace "from $name --> set $(printf %x $from)"
- trace " to $name --> and $(printf %x $from)"
+ to=$(( ($netclassindex << $BIT_TO) ))
+ tomask=$(( $MASK_MASK ^ (1 << ($netclassindex + $BIT_MASK)) ))
+ trace "from $name --> set $(printf %08x/%08x $from $frommask)"
+ trace " to $name --> and $(printf %08x/%08x $to $tomask)"
## Now establish the mark-from-NAME and mark-to-NAME chains.
clearchain mangle:mark-from-$name mangle:mark-to-$name
- run ip46tables -t mangle -A mark-from-$name -j MARK --set-mark $from
- run ip46tables -t mangle -A mark-to-$name -j MARK --and-mark $to
+ run ip46tables -t mangle -A mark-from-$name -j MARK \
+ --set-xmark $from/$frommask
+ run ip46tables -t mangle -A mark-to-$name -j MARK \
+ --set-xmark $to/$tomask
;;
esac
netclassindex=$(( $netclassindex + 1 ))
for n in $nn; do
addr=${n%/*}
base=${addr%::*}
- case $a in ::*) aa=$addr$a ;; *) aa=$a ;; esac
+ case $a6 in ::*) aa=$base$a6 ;; *) aa=$a6 ;; esac
eval host_inet6_$name=$aa
done
defhost () {
host=$1
addword allhosts $host
- eval host_type_$host=endsys
+ eval host_type_$host=server
}
-## router
+## hosttype TYPE
##
-## Declare the host to be a router, so it should forward packets and so on.
-router () {
- eval host_type_$host=router
+## Declare the host to have the given type.
+hosttype () {
+ type=$1
+ case $type in
+ router | server | client) ;;
+ *) echo >&2 "$0: bad host type \`$type'"; exit 1 ;;
+ esac
+ eval host_type_$host=$type
}
## iface IFACE NET ...