Shorewall users - Apr 2011 - using -m string to place marks on packets

Hi Shorewall Users,

I am investigating using a custom iptables -m string rule to place
route marks on packets.

To do that, I would like to add a couple of rules into the mangle
table on chain tcout.

I ask for clarification on how to access this chain on the extension
script. Based on the shorewall docs, I have created the
''started'' file
and placed the followind on it:
use Shorewall::Chains;

my $chainref =
$chain_table{''mangle''}{''tcout''};

insert_rule( $chainref, 3, ''-p udp --sport 5060 -m string --string
"59799@200.219.209.250" --algo bm -j MARK --set-mark 0x100'');
insert_rule( $chainref, 4, ''-p udp --sport 5060 -m string --string
"28736@200.219.209.250" --algo bm -j MARK --set-mark 0x200'');

but compilation fails with:
Shorewall configuration compiled to /var/lib/shorewall/.restart
/var/lib/shorewall/.restart: line 952: syntax error near unexpected
token `$chainref,''
/var/lib/shorewall/.restart: line 952: `    insert_rule( $chainref, 3,
''-p udp --sport 5060 -m string --string
"59799@200.219.209.250" --algo
bm -j MARK --set-mark 0x100'');''

Can someone enlighten me on the proper syntax to be used on the
started file to place rules on tcout chain?

Thanks in advance,

Pedro

------------------------------------------------------------------------------
Xperia(TM) PLAY
It''s a major breakthrough. An authentic gaming
smartphone on the nation''s most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev

On 04/07/2011 07:41 AM, Pedro Bulach Gapski wrote:
> Hi Shorewall Users,
> 
> I am investigating using a custom iptables -m string rule to place
> route marks on packets.
> 
> To do that, I would like to add a couple of rules into the mangle
> table on chain tcout.
> 
> I ask for clarification on how to access this chain on the extension
> script. Based on the shorewall docs, I have created the
''started'' file
> and placed the followind on it:
> use Shorewall::Chains;
Two things:

a) I suggest that you use the ''start'' script rather than
''started''.
b) Both the ''start'' and ''started'' scripts
are executed at run time, not
at compile time and the run-time environment is a shell rather than
Perl. In the ''start'' script, you want:

	run_iptables -t mangle -i tcout 3 .....

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

------------------------------------------------------------------------------
Xperia(TM) PLAY
It''s a major breakthrough. An authentic gaming
smartphone on the nation''s most reliable network.
And it wants your games.
http://p.sf.net/sfu/verizon-sfdev