rpms / firewalld

Clone
Source Code
GIT

Blame SOURCES/0053-fix-nftables-packet-marks-with-masks.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c9 c9-beta
  1.   725d6a1f3687696146fa7d1f8f1bc512623b6dae
  2.   SOURCES
  3.   0053-fix-nftables-packet-marks-with-masks.patch
Blob History Raw
725d6a 
From 08cb6f0c7abca95fa898020bb9f3ba3f4bfbf148 Mon Sep 17 00:00:00 2001
725d6a 
From: Eric Garver <eric@garver.life>
725d6a 
Date: Fri, 28 Aug 2020 13:15:34 -0400
725d6a 
Subject: [PATCH 53/62] fix(nftables): packet marks with masks
725d6a
725d6a 
(cherry picked from commit e296b926ae5dc4cbc277b6dd755d045e73ed4411)
725d6a 
(cherry picked from commit 371efe757f2bde20b4301a78ed3c48ec1d31bf5e)
725d6a 
---
725d6a 
 src/firewall/core/fw_zone.py  | 2 ++
725d6a 
 src/firewall/core/nftables.py | 9 +++++++--
725d6a 
 2 files changed, 9 insertions(+), 2 deletions(-)
725d6a
725d6a 
diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
725d6a 
index 129306b6f969..6eaed4232405 100644
725d6a 
--- a/src/firewall/core/fw_zone.py
725d6a 
+++ b/src/firewall/core/fw_zone.py
725d6a 
@@ -1719,6 +1719,8 @@ class FirewallZone(object):
725d6a 
                 if enable:
725d6a 
                     transaction.add_chain(zone, table, "INPUT")
725d6a 
                     transaction.add_chain(zone, table, "FORWARD_IN")
725d6a 
+                if enable and type(rule.action) == Rich_Mark:
725d6a 
+                    transaction.add_chain(zone, "mangle", "PREROUTING")
725d6a
725d6a 
                 rules = backend.build_zone_icmp_block_rules(enable, zone, ict, rule)
725d6a 
                 transaction.add_rules(backend, rules)
725d6a 
diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py
725d6a 
index 0198200b2372..76668a60468f 100644
725d6a 
--- a/src/firewall/core/nftables.py
725d6a 
+++ b/src/firewall/core/nftables.py
725d6a 
@@ -1043,8 +1043,13 @@ class nftables(object):
725d6a 
                                                 zone=zone)
725d6a 
             table = "mangle"
725d6a 
             chain = "%s_%s_%s" % (table, target, chain_suffix)
725d6a 
-            rule_action = {"mangle": {"key": {"meta": {"key": "mark"}},
725d6a 
-                                      "value": rich_rule.action.set}}
725d6a 
+            value = rich_rule.action.set.split("/")
725d6a 
+            if len(value) > 1:
725d6a 
+                rule_action = {"mangle": {"key": {"meta": {"key": "mark"}},
725d6a 
+                                          "value": {"^": [{"&": [{"meta": {"key": "mark"}}, value[1]]}, value[0]]}}}
725d6a 
+            else:
725d6a 
+                rule_action = {"mangle": {"key": {"meta": {"key": "mark"}},
725d6a 
+                                          "value": value[0]}}
725d6a 
         else:
725d6a 
             raise FirewallError(INVALID_RULE,
725d6a 
                                 "Unknown action %s" % type(rich_rule.action))
725d6a 
--
725d6a 
2.28.0
725d6a

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation