shorewall_code/Shorewall/clib.tcrules

133 lines
3.3 KiB
Plaintext
Raw Normal View History

#!/bin/sh
#
# Shorewall 3.2 -- /usr/share/shorewall/clib.tcrules
#
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
#
# (c) 2005,2006 - Tom Eastep (teastep@shorewall.net)
#
# Complete documentation is available at http://shorewall.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
#
# Generate a command to run tc
#
run_tc() {
save_command run_tc $@
}
#
# Setup queuing and classes
#
setup_tc1() {
local mark_part=
#
# Create the TC mangle chains
#
createmanglechain tcpre
if [ -n "$MANGLE_FORWARD" ]; then
createmanglechain tcfor
createmanglechain tcpost
fi
createmanglechain tcout
#
# Process the TC Rules File
#
while read mark sources dests proto ports sports user testval length tos; do
expandv mark sources dests proto ports sports user testval length tos
rule=$(echo "$mark $sources $dests $proto $ports $sports $user $testval $length $tos")
process_tc_rule
done < $TMP_DIR/tcrules
#
# Link to the TC mangle chains from the main chains
#
#
# Route marks are restored in PREROUTING/OUTPUT prior to these rules. We only send
# packets that are not part of a marked connection to the 'tcpre/tcout' chains.
#
if [ -n "$ROUTEMARK_INTERFACES" -a -z "$TC_EXPERT" ]; then
mark_part="-m mark --mark 0/0xFF00"
#
# But let marks in tcpre override those assigned by 'track'
#
for interface in $ROUTEMARK_INTERFACES; do
run_iptables -t mangle -A PREROUTING -i $interface -j tcpre
done
fi
run_iptables -t mangle -A PREROUTING $mark_part -j tcpre
run_iptables -t mangle -A OUTPUT $mark_part -j tcout
if [ -n "$MANGLE_FORWARD" ]; then
run_iptables -t mangle -A FORWARD -j tcfor
run_iptables -t mangle -A POSTROUTING -j tcpost
fi
if [ -n "$HIGH_ROUTE_MARKS" ]; then
for chain in INPUT FORWARD; do
run_iptables -t mangle -I $chain -j MARK --and-mark 0xFF
done
fi
if [ -n "$TC_SCRIPT" ]; then
save_progress_message "Setting up Traffic Control..."
append_file $TC_SCRIPT
elif [ -n "$TC_ENABLED" ]; then
setup_traffic_shaping
fi
}
setup_tc() {
progress_message2 "$DOING Traffic Control Rules..."
setup_tc1
}
#
# Clear Traffic Shaping
#
delete_tc()
{
clear_one_tc() {
save_command "tc qdisc del dev $1 root 2> /dev/null"
save_command "tc qdisc del dev $1 ingress 2> /dev/null"
}
save_progress_message "Clearing Traffic Control/QOS"
append_file tcclear
indent >&3 << __EOF__
ip link list | while read inx interface details; do
case \$inx in
[0-9]*)
qt tc qdisc del dev \${interface%:} root
qt tc qdisc del dev \${interface%:} ingress
;;
*)
;;
esac
done
__EOF__
}
CLIB_TCRULES_LOADED=Yes