mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-24 15:18:53 +01:00
Finish fast per-IP classifier
This commit is contained in:
parent
3e0a55f072
commit
4a9a8534e3
@ -616,6 +616,7 @@ sub validate_tc_class( $$$$$$ ) {
|
|||||||
flow => '' ,
|
flow => '' ,
|
||||||
pfifo => 0,
|
pfifo => 0,
|
||||||
occurs => 1,
|
occurs => 1,
|
||||||
|
src => 1,
|
||||||
};
|
};
|
||||||
|
|
||||||
$tcref = $tcref->{$classnumber};
|
$tcref = $tcref->{$classnumber};
|
||||||
@ -649,17 +650,18 @@ sub validate_tc_class( $$$$$$ ) {
|
|||||||
} elsif ( $option eq 'pfifo' ) {
|
} elsif ( $option eq 'pfifo' ) {
|
||||||
fatal_error "The 'pfifo'' option is not allowed with 'flow='" if $tcref->{flow};
|
fatal_error "The 'pfifo'' option is not allowed with 'flow='" if $tcref->{flow};
|
||||||
$tcref->{pfifo} = 1;
|
$tcref->{pfifo} = 1;
|
||||||
} elsif ( $option =~ /^occurs=(.+)$/ ) {
|
} elsif ( $option =~ /^occurs=(\d+([ds]?))$/ ) {
|
||||||
my $val = $1;
|
my $val = $1;
|
||||||
$occurs = numeric_value($val);
|
$occurs = numeric_value($val);
|
||||||
fatal_error "Invalid 'occurs' ($val)" unless defined $occurs && $occurs > 0;
|
$tcref->{src} = 0 if $2 eq 'd';
|
||||||
|
fatal_error "Invalid 'occurs' ($val)" unless defined $occurs && $occurs > 0 && $occurs <= 256;
|
||||||
fatal_error "Invalid 'occurs' ($val)" if $occurs > ( $config{WIDE_TC_MARKS} ? 8191 : 255 );
|
fatal_error "Invalid 'occurs' ($val)" if $occurs > ( $config{WIDE_TC_MARKS} ? 8191 : 255 );
|
||||||
fatal_error "Duplicate 'occurs'" if $tcref->{occurs} > 1;
|
fatal_error "Duplicate 'occurs'" if $tcref->{occurs} > 1;
|
||||||
if ( $occurs > 1 ) {
|
if ( $occurs > 1 ) {
|
||||||
fatal_error "The 'occurs' option is not valid with 'classify'" if $devref->{classify};
|
|
||||||
fatal_error "The 'occurs' option is not valid with 'default'" if $devref->{default} == $classnumber;
|
fatal_error "The 'occurs' option is not valid with 'default'" if $devref->{default} == $classnumber;
|
||||||
fatal_error "The 'occurs' option is not valid with 'tos'" if @{$tcref->{tos}};
|
fatal_error "The 'occurs' option is not valid with 'tos'" if @{$tcref->{tos}};
|
||||||
}
|
}
|
||||||
|
$tcref->{occurs} = $occurs;
|
||||||
} else {
|
} else {
|
||||||
fatal_error "Unknown option ($option)";
|
fatal_error "Unknown option ($option)";
|
||||||
}
|
}
|
||||||
@ -678,7 +680,7 @@ sub validate_tc_class( $$$$$$ ) {
|
|||||||
rate => $tcref->{rate} ,
|
rate => $tcref->{rate} ,
|
||||||
ceiling => $tcref->{ceiling} ,
|
ceiling => $tcref->{ceiling} ,
|
||||||
priority => $tcref->{priority} ,
|
priority => $tcref->{priority} ,
|
||||||
mark => ++$markval ,
|
mark => $tcref->{classify} ? 0 : ++$markval ,
|
||||||
flow => $tcref->{flow} ,
|
flow => $tcref->{flow} ,
|
||||||
pfifo => $tcref->{pfifo},
|
pfifo => $tcref->{pfifo},
|
||||||
};
|
};
|
||||||
@ -712,7 +714,9 @@ sub process_tc_filter( $$$$$$ ) {
|
|||||||
|
|
||||||
$tcref = $tcref->{$classnum};
|
$tcref = $tcref->{$classnum};
|
||||||
|
|
||||||
fatal_error "Unknown CLASS ($devclass)" unless $tcref;
|
fatal_error "Unknown CLASS ($devclass)" unless $tcref && $tcref->{occurs};
|
||||||
|
|
||||||
|
my $occurs = $tcref->{occurs};
|
||||||
|
|
||||||
my $rule = "filter add dev $device protocol ip parent $devnum:0 prio 10 u32";
|
my $rule = "filter add dev $device protocol ip parent $devnum:0 prio 10 u32";
|
||||||
|
|
||||||
@ -731,15 +735,33 @@ sub process_tc_filter( $$$$$$ ) {
|
|||||||
unless ( $proto eq '-' ) {
|
unless ( $proto eq '-' ) {
|
||||||
$protonumber = resolve_proto $proto;
|
$protonumber = resolve_proto $proto;
|
||||||
fatal_error "Unknown PROTO ($proto)" unless defined $protonumber;
|
fatal_error "Unknown PROTO ($proto)" unless defined $protonumber;
|
||||||
|
fatal_error "PROTO not permitted in this rule" unless $occurs == 1;
|
||||||
$rule .= "\\\n match ip protocol $protonumber 0xff" if $protonumber;
|
$rule .= "\\\n match ip protocol $protonumber 0xff" if $protonumber;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $portlist eq '-' && $sportlist eq '-' ) {
|
if ( $portlist eq '-' && $sportlist eq '-' ) {
|
||||||
emit( "\nrun_tc $rule\\" ,
|
if ( $occurs == 1 ) {
|
||||||
" flowid $devref->{number}:$class" ,
|
emit( "\nrun_tc $rule\\" ,
|
||||||
'' );
|
" flowid $devref->{number}:$class" ,
|
||||||
|
'' );
|
||||||
|
} else {
|
||||||
|
my $offset = $tcref->{src} ? 12 : 16;
|
||||||
|
my $tnum = $devref->{tablenumber}++;
|
||||||
|
my $bucket;
|
||||||
|
|
||||||
|
emit( "\nrun_tc filter add dev $device parent $devnum:0 protocol ip prio 10 handle $tnum: u32 divisor $occurs" );
|
||||||
|
|
||||||
|
for ( my $i = 0; $i < $occurs; $i++ ) {
|
||||||
|
$class = in_hexp $classnum++;
|
||||||
|
$bucket = in_hexp $i;
|
||||||
|
emit( "run_tc filter add dev $device protocol ip parent $devnum:0 prio 10 u32 ht $tnum:$bucket match u32 0x00000000 0x000000 at 12 flowid $devref->{number}:$class" );
|
||||||
|
}
|
||||||
|
|
||||||
|
emit( "\nrun_tc $rule\\",
|
||||||
|
" link $tnum: hashkey mask ff at $offset\\" );
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
|
fatal_error "Ports may not be specified without a PROTO" unless $protonumber;
|
||||||
our $lastrule;
|
our $lastrule;
|
||||||
our $lasttnum;
|
our $lasttnum;
|
||||||
#
|
#
|
||||||
|
Loading…
Reference in New Issue
Block a user