summaryrefslogtreecommitdiff
blob: 815f99545a618627bf44a25406c84bedd9c2d5d4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
--- htb.init.old	2004-01-29 22:41:23.000000000 +0100
+++ htb.init		2006-09-07 23:32:58.000000000 +0200
@@ -275,6 +284,7 @@
 ### Filtering parameters
 #
 # RULE=[[saddr[/prefix]][:port[/mask]],][daddr[/prefix]][:port[/mask]]
+# RULEIPv6=[[saddr[/prefix]][_port[/mask]],][daddr[/prefix]][_port[/mask]]
 #
 #	These parameters make up "u32" filter rules that select traffic for
 #	each of the classes. You can use multiple RULE fields per config.
@@ -300,9 +310,13 @@
 #	RULE=10.5.5.5:80,
 #		selects traffic going from port 80 of single host 10.5.5.5
 #
+#	RULEIPv6=3ffe:80fe:c28:1:45d1:3a1:5e2b:e6c8
+#		selects traffic going to IPv6 host 3ffe:80fe:c28:1:45d1:3a1:5e2b:e6c8
+#
 #
 #
 # REALM=[srealm,][drealm]
+# REALMIPv6=[srealm,][drealm]
 #
 #	These parameters make up "route" filter rules that classify traffic
 #	according to packet source/destination realms. For information about
@@ -327,6 +341,7 @@
 #
 #
 # MARK=<mark>
+# MARKIPv6=<mark>
 #
 #	These parameters make up "fw" filter rules that select traffic for
 #	each of the classes accoring to firewall "mark". Mark is a decimal
@@ -414,6 +429,9 @@
 PRIO_RULE_DEFAULT=${PRIO_RULE:-100}
 PRIO_MARK_DEFAULT=${PRIO_MARK:-200}
 PRIO_REALM_DEFAULT=${PRIO_REALM:-300}
+PRIO_RULEIPv6=${PRIO_RULEIPv6:-150}
+PRIO_MARKIPv6=${PRIO_MARKIPv6:-250}
+PRIO_REALMIPv6=${PRIO_REALMIPv6:-350}
 
 ### Default HTB_PATH & HTB_CACHE settings
 HTB_PATH=${HTB_PATH:-/etc/sysconfig/htb}
@@ -818,6 +838,13 @@
 		prio $PRIO_MARK handle $mark fw classid 1:$CLASS
 	done ### mark
 
+	### Create fw filter for MARKIPv6 fields
+	for mark in `htb_cfile_rules MARKIPv6`; do
+               ### Attach fw filter to root class
+               tc filter add dev $DEVICE parent 1:0 protocol ipv6 \
+               prio $PRIO_MARKIPv6 handle $mark fw classid 1:$CLASS
+	done ### markipv6
+
 	### Create route filter for REALM fields
 	for realm in `htb_cfile_rules REALM`; do
 		### Split realm into source & destination realms
@@ -833,6 +860,21 @@
 		${DREALM:+to $DREALM} classid 1:$CLASS
 	done ### realm
 
+	### Create route filter for REALMIPv6 fields
+	for realm in `htb_cfile_rules REALMIPv6`; do
+               ### Split realm into source & destination realms
+               SREALM=${realm%%,*}; DREALM=${realm##*,}
+               [ "$SREALM" = "$DREALM" ] && SREALM=""
+
+               ### Convert asterisks to empty strings
+               SREALM=${SREALM#\*}; DREALM=${DREALM#\*}
+
+               ### Attach route filter to the root class
+               tc filter add dev $DEVICE parent 1:0 protocol ipv6 \
+               prio $PRIO_REALM route ${SREALM:+from $SREALM} \
+               ${DREALM:+to $DREALM} classid 1:$CLASS
+	done ### realmipv6
+
 	### Create u32 filter for RULE fields
 	for rule in `htb_cfile_rules RULE`; do
 		### Split rule into source & destination
@@ -876,6 +918,49 @@
 		prio $PRIO_RULE u32 $u32_s $u32_d classid 1:$CLASS
 	done ### rule
 
+       ### Create u32 filter for RULEIPv6 fields
+       for rule in `htb_cfile_rules RULEIPv6`; do
+               ### Split rule into source & destination
+               SRC=${rule%%,*}; DST=${rule##*,}
+               [ "$SRC" = "$rule" ] && SRC=""
+
+
+               ### Split destination into address, port & mask fields
+               DADDR=${DST%%_*}; DTEMP=${DST##*_}
+               [ "$DADDR" = "$DST" ] && DTEMP=""
+
+               DPORT=${DTEMP%%/*}; DMASK=${DTEMP##*/}
+               [ "$DPORT" = "$DTEMP" ] && DMASK="0xffff"
+
+
+               ### Split up source (if specified)
+               SADDR=""; SPORT=""
+               if [ -n "$SRC" ]; then
+                       SADDR=${SRC%%_*}; STEMP=${SRC##*_}
+                       [ "$SADDR" = "$SRC" ] && STEMP=""
+
+                       SPORT=${STEMP%%/*}; SMASK=${STEMP##*/}
+                       [ "$SPORT" = "$STEMP" ] && SMASK="0xffff"
+               fi
+
+
+               ### Convert asterisks to empty strings
+               SADDR=${SADDR#\*}; DADDR=${DADDR#\*}
+
+               ### Compose u32 filter rules
+               u32_s="${SPORT:+match ip6 sport $SPORT $SMASK}"
+               u32_s="${SADDR:+match ip6 src $SADDR} $u32_s"
+               u32_d="${DPORT:+match ip6 dport $DPORT $DMASK}"
+               u32_d="${DADDR:+match ip6 dst $DADDR} $u32_d"
+
+               ### Uncomment the following if you want to see parsed rules
+               #echo "$rule: $u32_s $u32_d"
+
+               ### Attach u32 filter to the appropriate class
+               tc filter add dev $DEVICE parent 1:0 protocol ipv6 \
+               prio $PRIO_RULEIPv6 u32 $u32_s $u32_d classid 1:$CLASS
+	done ### ruleipv6
+
 	[ "$1" = "compile" ] && echo
 done ### classfile
 ;;