From 152c7f8eefeea6d69b0b72ca1bb2e8345f66acd9 Mon Sep 17 00:00:00 2001
From: Daniil Baturin <daniil@baturin.org>
Date: Sun, 18 Nov 2018 19:11:57 +0100
Subject: T573: add support for matching IPv6 hop limit.

Patch by Ray Patrick Soucy.
---
 lib/Vyatta/IpTables/Rule.pm | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

(limited to 'lib/Vyatta')

diff --git a/lib/Vyatta/IpTables/Rule.pm b/lib/Vyatta/IpTables/Rule.pm
index 08772a1..5172011 100755
--- a/lib/Vyatta/IpTables/Rule.pm
+++ b/lib/Vyatta/IpTables/Rule.pm
@@ -59,7 +59,12 @@ my %fields = (
     },
     _disable     => undef,
     _ip_version  => undef,
-    _comment     => undef
+    _comment     => undef,
+    _hop_limit  => {
+        _eq      => undef,
+        _lt      => undef,
+        _gt      => undef,
+    }
 );
 
 my %dummy_rule = (
@@ -112,7 +117,12 @@ my %dummy_rule = (
     },
     _disable     => undef,
     _ip_version  => undef,
-    _comment     => undef
+    _comment     => undef,
+    _hop_limit  => {
+        _eq      => undef,
+        _lt      => undef,
+        _gt      => undef,
+    }
 );
 
 my $DEBUG = 'false';
@@ -206,6 +216,10 @@ sub setup_base {
 
     $self->{_disable} = $config->$exists_func("disable");
 
+    $self->{_hop_limit}->{_eq} = $config->$val_func("hop-limit eq");
+    $self->{_hop_limit}->{_lt} = $config->$val_func("hop-limit lt");
+    $self->{_hop_limit}->{_gt} = $config->$val_func("hop-limit gt");
+
     # TODO: need $config->exists("$level source") in Vyatta::Config.pm
     $src->$addr_setup("$level source");
     $dst->$addr_setup("$level destination");
@@ -255,6 +269,7 @@ sub print {
     print "mod table: $self->{_mod_table}\n"     if defined $self->{_mod_table};
     print "mod dscp: $self->{_mod_dscp}\n"       if defined $self->{_mod_dscp};
     print "mod tcp-mss: $self->{_mod_tcpmss}\n"  if defined $self->{_mod_tcpmss};
+    print "hop-limit: $self->{_hop_limit}\n"     if defined $self->{_hop_limit};
 
     $src->print();
     $dst->print();
@@ -423,6 +438,16 @@ sub rule {
         }
     }
 
+    # Setup HL rule if configured
+    #
+    if ( defined($self->{_hop_limit}->{_eq}) ) {
+        $rule .= " -m hl --hl-eq $self->{_hop_limit}->{_eq}";
+    } elsif ( defined($self->{_hop_limit}->{_lt}) ) {
+        $rule .= " -m hl --hl-lt $self->{_hop_limit}->{_lt}";
+    } elsif ( defined($self->{_hop_limit}->{_gt}) ) {
+        $rule .= " -m hl --hl-gt $self->{_hop_limit}->{_gt}";
+    }
+
     # add the source and destination rules
     ($srcrule, $err_str) = $src->rule();
     return ($err_str,) if (!defined($srcrule));
-- 
cgit v1.2.3