mirror of
https://gitlab.com/shorewall/code.git
synced 2025-05-30 06:28:51 +02:00
Redefine 'full' when used in a sub-class definition
This commit is contained in:
Tom Eastep
parent
4eb9e5db3d
commit
088e164f18
@ -1075,6 +1075,7 @@ sub ensure_manual_chain($) {
|
|||||||
|
|
||||||
#
|
#
|
||||||
# Add all builtin chains to the chain table -- it is separate from initialize() for purely historical reasons.
|
# Add all builtin chains to the chain table -- it is separate from initialize() for purely historical reasons.
|
||||||
|
# The function also initializes the target table with the pre-defined targets available for the specfied address family.
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
sub initialize_chain_table()
|
sub initialize_chain_table()
|
||||||
@ -1212,7 +1213,6 @@ sub finish_chain_section ($$) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
$chainref->{new} = @{$chainref->{rules}};
|
$chainref->{new} = @{$chainref->{rules}};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$comment = $savecomment;
|
$comment = $savecomment;
|
||||||
|
|||||||
@ -163,6 +163,8 @@ our @deferred_rules;
|
|||||||
# nextclass => <number>
|
# nextclass => <number>
|
||||||
# occurs => Has one or more occurring classes
|
# occurs => Has one or more occurring classes
|
||||||
# qdisc => htb|hfsc
|
# qdisc => htb|hfsc
|
||||||
|
# guarantee => <total RATE of classes seen so far>
|
||||||
|
# name => <interface>
|
||||||
# }
|
# }
|
||||||
#
|
#
|
||||||
our @tcdevices;
|
our @tcdevices;
|
||||||
@ -526,6 +528,8 @@ sub validate_tc_device( ) {
|
|||||||
default => 0,
|
default => 0,
|
||||||
nextclass => 2,
|
nextclass => 2,
|
||||||
qdisc => $qdisc,
|
qdisc => $qdisc,
|
||||||
|
guarantee => 0,
|
||||||
|
name => $device,
|
||||||
} ,
|
} ,
|
||||||
|
|
||||||
push @tcdevices, $device;
|
push @tcdevices, $device;
|
||||||
@ -535,8 +539,8 @@ sub validate_tc_device( ) {
|
|||||||
progress_message " Tcdevice \"$currentline\" $done.";
|
progress_message " Tcdevice \"$currentline\" $done.";
|
||||||
}
|
}
|
||||||
|
|
||||||
sub convert_rate( $$$ ) {
|
sub convert_rate( $$$$ ) {
|
||||||
my ($full, $rate, $column) = @_;
|
my ($full, $rate, $column, $max) = @_;
|
||||||
|
|
||||||
if ( $rate =~ /\bfull\b/ ) {
|
if ( $rate =~ /\bfull\b/ ) {
|
||||||
$rate =~ s/\bfull\b/$full/g;
|
$rate =~ s/\bfull\b/$full/g;
|
||||||
@ -550,7 +554,7 @@ sub convert_rate( $$$ ) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
fatal_error "$column may not be zero" unless $rate;
|
fatal_error "$column may not be zero" unless $rate;
|
||||||
fatal_error "$column ($_[1]) exceeds OUT-BANDWIDTH" if $rate > $full;
|
fatal_error "$column ($_[1]) exceeds $max (${full}kbit)" if $rate > $full;
|
||||||
|
|
||||||
$rate;
|
$rate;
|
||||||
}
|
}
|
||||||
@ -596,6 +600,7 @@ sub validate_tc_class( ) {
|
|||||||
my $device = $devclass;
|
my $device = $devclass;
|
||||||
my $occurs = 1;
|
my $occurs = 1;
|
||||||
my $parentclass = 1;
|
my $parentclass = 1;
|
||||||
|
my $parentref;
|
||||||
|
|
||||||
if ( $devclass =~ /:/ ) {
|
if ( $devclass =~ /:/ ) {
|
||||||
( $device, my ($number, $subnumber, $rest ) ) = split /:/, $device, 4;
|
( $device, my ($number, $subnumber, $rest ) ) = split /:/, $device, 4;
|
||||||
@ -627,7 +632,11 @@ sub validate_tc_class( ) {
|
|||||||
fatal_error "Missing class NUMBER" if $devref->{classify};
|
fatal_error "Missing class NUMBER" if $devref->{classify};
|
||||||
}
|
}
|
||||||
|
|
||||||
my $full = rate_to_kbit $devref->{out_bandwidth};
|
my $full = rate_to_kbit $devref->{out_bandwidth};
|
||||||
|
my $ratemax = $full;
|
||||||
|
my $ceilmax = $full;
|
||||||
|
my $ratename = 'OUT-BANDWIDTH';
|
||||||
|
my $ceilname = 'OUT-BANDWIDTH';
|
||||||
|
|
||||||
my $tcref = $tcclasses{$device};
|
my $tcref = $tcclasses{$device};
|
||||||
|
|
||||||
@ -657,10 +666,14 @@ sub validate_tc_class( ) {
|
|||||||
#
|
#
|
||||||
# Nested Class
|
# Nested Class
|
||||||
#
|
#
|
||||||
my $parentref = $tcref->{$parentclass};
|
$parentref = $tcref->{$parentclass};
|
||||||
fatal_error "Unknown Parent class ($parentclass)" unless $parentref && $parentref->{occurs} == 1;
|
fatal_error "Unknown Parent class ($parentclass)" unless $parentref && $parentref->{occurs} == 1;
|
||||||
fatal_error "The parent class ($parentclass) specifies UMAX and/or DMAX; it cannot serve as a parent" if $parentref->{dmax};
|
fatal_error "The parent class ($parentclass) specifies UMAX and/or DMAX; it cannot serve as a parent" if $parentref->{dmax};
|
||||||
$parentref->{leaf} = 0;
|
$parentref->{leaf} = 0;
|
||||||
|
$ratemax = $parentref->{rate};
|
||||||
|
$ratename = q(the parent class's RATE);
|
||||||
|
$ceilmax = $parentref->{ceiling};
|
||||||
|
$ceilname = q(the parent class's CEIL);
|
||||||
}
|
}
|
||||||
|
|
||||||
my ( $umax, $dmax ) = ( '', '' );
|
my ( $umax, $dmax ) = ( '', '' );
|
||||||
@ -670,28 +683,35 @@ sub validate_tc_class( ) {
|
|||||||
|
|
||||||
fatal_error "Invalid RATE ($rate)" if defined $rest;
|
fatal_error "Invalid RATE ($rate)" if defined $rest;
|
||||||
|
|
||||||
$rate = convert_rate ( $full, $trate, 'RATE' );
|
$rate = convert_rate ( $ratemax, $trate, 'RATE', $ratename );
|
||||||
$dmax = convert_delay( $dmax );
|
$dmax = convert_delay( $dmax );
|
||||||
$umax = convert_size( $umax );
|
$umax = convert_size( $umax );
|
||||||
fatal_error "DMAX must be specified when UMAX is specified" if $umax && ! $dmax;
|
fatal_error "DMAX must be specified when UMAX is specified" if $umax && ! $dmax;
|
||||||
} else {
|
} else {
|
||||||
$rate = convert_rate ( $full, $rate, 'RATE' );
|
$rate = convert_rate ( $ratemax, $rate, 'RATE' , $ratename );
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( $parentref ) {
|
||||||
|
warning_message "Total RATE of sub classes ($parentref->{guarantee}kbits) exceeds RATE of parent class ($parentref->{rate}kbits)" if ( $parentref->{guarantee} += $rate ) > $parentref->{rate};
|
||||||
|
} else {
|
||||||
|
warning_message "Total RATE of classes ($devref->{guarantee}kbits) exceeds OUT-BANDWIDTH (${full}kbits)" if ( $devref->{guarantee} += $rate ) > $full;
|
||||||
}
|
}
|
||||||
|
|
||||||
fatal_error "Invalid PRIO ($prio)" unless defined numeric_value $prio;
|
fatal_error "Invalid PRIO ($prio)" unless defined numeric_value $prio;
|
||||||
|
|
||||||
$tcref->{$classnumber} = { tos => [] ,
|
$tcref->{$classnumber} = { tos => [] ,
|
||||||
rate => $rate ,
|
rate => $rate ,
|
||||||
umax => $umax ,
|
umax => $umax ,
|
||||||
dmax => $dmax ,
|
dmax => $dmax ,
|
||||||
ceiling => convert_rate( $full, $ceil, 'CEIL' ) ,
|
ceiling => convert_rate( $ceilmax, $ceil, 'CEIL' , $ceilname ) ,
|
||||||
priority => $prio eq '-' ? 1 : $prio ,
|
priority => $prio eq '-' ? 1 : $prio ,
|
||||||
mark => $markval ,
|
mark => $markval ,
|
||||||
flow => '' ,
|
flow => '' ,
|
||||||
pfifo => 0,
|
pfifo => 0,
|
||||||
occurs => 1,
|
occurs => 1,
|
||||||
parent => $parentclass,
|
parent => $parentclass,
|
||||||
leaf => 1,
|
leaf => 1,
|
||||||
|
guarantee => 0,
|
||||||
};
|
};
|
||||||
|
|
||||||
$tcref = $tcref->{$classnumber};
|
$tcref = $tcref->{$classnumber};
|
||||||
|
|||||||
@ -12,6 +12,8 @@ Changes in Shorewall 4.4.1
|
|||||||
|
|
||||||
6) Add 'clean' target to Makefile.
|
6) Add 'clean' target to Makefile.
|
||||||
|
|
||||||
|
7) Redefine 'full' for sub-classes.
|
||||||
|
|
||||||
Changes in Shorewall 4.4.0
|
Changes in Shorewall 4.4.0
|
||||||
|
|
||||||
1) Fix 'compile ... -' so that it no longer requires '-v-1'
|
1) Fix 'compile ... -' so that it no longer requires '-v-1'
|
||||||
|
|||||||
@ -208,7 +208,24 @@ None.
|
|||||||
accepts all SNAT flags without verifying them and returns them to
|
accepts all SNAT flags without verifying them and returns them to
|
||||||
iptables when asked.
|
iptables when asked.
|
||||||
|
|
||||||
2) A 'clean' target has been added to the Makefiles.
|
2) A 'clean' target has been added to the Makefiles.
|
||||||
|
|
||||||
|
3) The meaning of 'full' has been redefined when used in the context
|
||||||
|
of a sub-class. Previously, 'full' always meant the OUT-BANDWIDTH
|
||||||
|
of the device. In the case of a sub-class, however, that definition
|
||||||
|
is awkward to use because the sub-class is limited by the parent
|
||||||
|
class.
|
||||||
|
|
||||||
|
Beginning with this release, 'full' in a sub-class definition
|
||||||
|
refers to the specified rate defined for the parent class. So
|
||||||
|
'full' used in the RATE column refers to the parent class's RATE;
|
||||||
|
when used in the CEIL column, 'full' refers to the parent class's
|
||||||
|
CEIL.
|
||||||
|
|
||||||
|
As part of this change, the compiler now issues a warning if the
|
||||||
|
sum of the top-level classes' RATEs exceeds the OUT-BANDWIDTH of
|
||||||
|
the device. Similarly, a warning is issued if the sum of the RATEs
|
||||||
|
of a class's sub-classes exceeds the rate of the CLASS.
|
||||||
|
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
N E W F E A T U R E S I N 4 . 4
|
N E W F E A T U R E S I N 4 . 4
|
||||||
|
|||||||
@ -104,6 +104,10 @@
|
|||||||
</varlistentry>
|
</varlistentry>
|
||||||
</variablelist>
|
</variablelist>
|
||||||
|
|
||||||
|
<para>Note that in a sub-class (a class that has a specified parent
|
||||||
|
class), full refers to the RATE or CEIL of the parent class rather
|
||||||
|
than to the OUT-BANDWIDTH of the device.</para>
|
||||||
|
|
||||||
<para>DO NOT add a unit to the rate if it is calculated !</para>
|
<para>DO NOT add a unit to the rate if it is calculated !</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
@ -113,7 +117,7 @@
|
|||||||
<variablelist>
|
<variablelist>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><emphasis role="bold">INTERFACE</emphasis> -
|
<term><emphasis role="bold">INTERFACE</emphasis> -
|
||||||
<emphasis>interface</emphasis>[:<emphasis>parent</emphasis>][:<emphasis>class</emphasis>]</term>
|
<emphasis>interface</emphasis>[[:<emphasis>parent</emphasis>]:<emphasis>class</emphasis>]</term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Name of <emphasis>interface</emphasis>. Each interface may be
|
<para>Name of <emphasis>interface</emphasis>. Each interface may be
|
||||||
@ -206,8 +210,9 @@
|
|||||||
when more needed services (e.g. ssh) are not used.</para>
|
when more needed services (e.g. ssh) are not used.</para>
|
||||||
|
|
||||||
<para>You can use the value <emphasis role="bold">full</emphasis> in
|
<para>You can use the value <emphasis role="bold">full</emphasis> in
|
||||||
here for setting the maximum bandwidth to the defined output
|
here for setting the maximum bandwidth to the RATE of the parent
|
||||||
bandwidth of that interface.</para>
|
class, or the OUT-BANDWIDTH of the device if there is no parent
|
||||||
|
class.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
|||||||
@ -104,6 +104,10 @@
|
|||||||
</varlistentry>
|
</varlistentry>
|
||||||
</variablelist>
|
</variablelist>
|
||||||
|
|
||||||
|
<para>Note that in a sub-class (a class that has a specified parent
|
||||||
|
class), full refers to the RATE or CEIL of the parent class rather
|
||||||
|
than to the OUT-BANDWIDTH of the device.</para>
|
||||||
|
|
||||||
<para>DO NOT add a unit to the rate if it is calculated !</para>
|
<para>DO NOT add a unit to the rate if it is calculated !</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
@ -202,8 +206,9 @@
|
|||||||
when more needed services (e.g. ssh) are not used.</para>
|
when more needed services (e.g. ssh) are not used.</para>
|
||||||
|
|
||||||
<para>You can use the value <emphasis role="bold">full</emphasis> in
|
<para>You can use the value <emphasis role="bold">full</emphasis> in
|
||||||
here for setting the maximum bandwidth to the defined output
|
here for setting the maximum bandwidth to the RATE of the parent
|
||||||
bandwidth of that interface.</para>
|
class, or the OUT-BANDWIDTH of the device if there is no parent
|
||||||
|
class.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user