extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-23 16:13:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

Finish phase 1 support for IFBs

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8294 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2008-03-14 19:26:09 +00:00
parent da96e54116
commit 1fd17db3ca
2 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall-common/changelog.txt
View File

@ -6,6 +6,8 @@ Changes in 4.1.6
3) Add L2TP tunnel support. 3) Add L2TP tunnel support.
4) Add support for IFB devices -- phase I.
Changes in 4.1.5 Changes in 4.1.5
1) More ruleset optimization. 1) More ruleset optimization.

10
Shorewall-perl/Shorewall/Tc.pm
View File

@ -336,18 +336,23 @@ sub validate_tc_device( $$$$$ ) {
} }
} }
$inband = rate_to_kbit( $inband );
my @redirected = (); my @redirected = ();
@redirected = split_list( $redirected , 'device' ) if defined $redirected && $redirected ne '-'; @redirected = split_list( $redirected , 'device' ) if defined $redirected && $redirected ne '-';
fatal_error "IN-BANDWIDTH must be zero for IFB devides" if @redirected && $inband;
for my $rdevice ( @redirected ) { for my $rdevice ( @redirected ) {
fatal_error "Invalid device name ($rdevice)" if $rdevice =~ /[:+]/; fatal_error "Invalid device name ($rdevice)" if $rdevice =~ /[:+]/;
my $rdevref = $tcdevices{$rdevice}; my $rdevref = $tcdevices{$rdevice};
fatal_error "REDIRECTED device ($rdevice) has not been defined in this file" unless $rdevref; fatal_error "REDIRECTED device ($rdevice) has not been defined in this file" unless $rdevref;
fatal_error "IN-BANDWIDTH must be zero for REDIRECTED devices" if $rdevref->{in_bandwidth} ne '0kbit'; fatal_error "IN-BANDWIDTH must be zero for REDIRECTED devices" if $rdevref->{in_bandwidth} ne '0kbit';
fatal_error "IFB may not be redirected" if @{$rdevref->{redirected}};
} }
$tcdevices{$device} = { in_bandwidth => rate_to_kbit( $inband ) . 'kbit' , $tcdevices{$device} = { in_bandwidth => $inband . 'kbit' ,
out_bandwidth => rate_to_kbit( $outband ) . 'kbit' , out_bandwidth => rate_to_kbit( $outband ) . 'kbit' ,
classify => $classify , classify => $classify ,
redirected => \@redirected }; redirected => \@redirected };
@ -486,11 +491,10 @@ sub setup_traffic_shaping() {
emit ( "run_tc qdisc add dev $device handle ffff: ingress", emit ( "run_tc qdisc add dev $device handle ffff: ingress",
"run_tc filter add dev $device parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${inband}kbit burst 10k drop flowid :1" "run_tc filter add dev $device parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${inband}kbit burst 10k drop flowid :1"
); );
} elsif ( @{$devref->{redirected}} ) {
emit ( "run_tc qdisc add dev $device handle ffff: ingress" );
} }
for my $rdev ( @{$devref->{redirected}} ) { for my $rdev ( @{$devref->{redirected}} ) {
emit ( "run_tc qdisc add dev $rdev handle ffff: ingress" );
emit( "run_tc filter add dev $rdev parent ffff: protocol ip u32 match u32 0 0 action mirred egress redirect dev $device" ); emit( "run_tc filter add dev $rdev parent ffff: protocol ip u32 match u32 0 0 action mirred egress redirect dev $device" );
} }