extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-27 01:53:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

Allow configuraton of a rate estimated policing filter

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-10-16 14:38:27 -07:00
parent ebc944f027
commit 4d83201843
1 changed files with 54 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -522,48 +522,67 @@ sub calculate_quantum( $$ ) {
} }
sub process_in_bandwidth( $ ) { sub process_in_bandwidth( $ ) {
my $in_bandwidth = shift; my $in_rate = shift;
return 0 if $in_rate eq '-';
my $in_burst = '10kb'; my $in_burst = '10kb';
my $in_mtu = 0; my $in_avrate = 0;
my $in_band = $in_rate;
my $burst;
my $in_interval = '250ms';
my $in_decay = '4sec';
unless ( $in_bandwidth eq '-' ) { if ( $in_rate =~ s/^~// ) {
if ( $in_bandwidth =~ /:/ ) { if ( $in_rate =~ /:/ ) {
my ( $in_band, $burst, $in_mtu ) = split /:/, $in_bandwidth, 3; ( $in_rate, $in_interval, $in_decay ) = split /:/, $in_rate, 3;
fatal_error "Invalid IN-BANDWIDTH ($in_band)" unless supplied( $in_interval ) && supplied( $in_decay );
fatal_error "Invalid Interval ($in_interval)" unless $in_interval =~ /^(?:(?:250|500)ms|(?:1|2|4|8)sec)$/;
fatal_error "Invalid Decay ($in_decay)" unless $in_decay =~ /^(?:500ms|(?:1|2|4|8|16|32|64)sec)$/;
if ( supplied $burst ) { if ( $in_decay =~ /ms/ ) {
fatal_error "Decay must be at least twice the interval" unless $in_interval eq '250ms';
} else {
unless ( $in_interval =~ /ms/ ) {
my ( $interval, $decay ) = ( $in_interval, $in_decay );
$interval =~ s/sec//;
$decay =~ s/sec//;
fatal_error "Decay must be at least twice the interval" unless $decay > $interval;
}
}
}
$in_avrate = rate_to_kbit( $in_rate );
$in_rate = 0;
} else {
if ( $in_band =~ /:/ ) {
( $in_band, $burst ) = split /:/, $in_rate, 2;
fatal_error "Invalid burst ($burst)" unless $burst =~ /^\d+(k|kb|m|mb|mbit|kbit|b)?$/; fatal_error "Invalid burst ($burst)" unless $burst =~ /^\d+(k|kb|m|mb|mbit|kbit|b)?$/;
$in_burst = $burst; $in_burst = $burst;
} }
if ( supplied $in_mtu ) { $in_rate = rate_to_kbit( $in_band );
fatal_error "Invalid IN-BANDWIDTH ($in_bandwidth)" if $in_mtu =~ /:/;
fatal_error "Invalid MTU ($in_mtu)" unless $in_mtu =~ /^\d+$/ && $in_mtu;
$in_mtu += 16;
} }
$in_bandwidth = rate_to_kbit( $in_band ); my @result = ( $in_rate, $in_burst, $in_avrate, $in_interval, $in_decay);
} else {
$in_bandwidth = rate_to_kbit( $in_bandwidth );
}
}
( $in_bandwidth, $in_burst, $in_mtu ); \@result;
} }
sub handle_in_bandwidth( $$$$ ) { sub handle_in_bandwidth( $$ ) {
my ($physical, $in_bandwidth, $in_burst, $in_mtu ) = @_; my ($physical, $arrayref ) = @_;;
my ($in_rate, $in_burst, $in_avrate, $interval, $decay ) = @$arrayref;
my $rate = int ( ( $in_bandwidth * 21 ) / 20 );
$in_bandwidth = int ( ( $in_bandwidth * 9 ) / 10 );
emit ( "run_tc qdisc add dev $physical handle ffff: ingress", emit ( "run_tc qdisc add dev $physical handle ffff: ingress",
"run_tc filter add dev $physical parent ffff: protocol all prio 10 " . "run_tc filter add dev $physical parent ffff: protocol all prio 10 " .
"\\\n estimator 1sec 8sec basic\\" ); "\\\n estimator $interval $decay basic\\" );
if ( $in_mtu ) { if ( $in_rate ) {
emit( " police mpu 64 rate ${rate}kbit burst $in_burst mtu=${in_mtu} avrate ${in_bandwidth}kbit action drop\n" ); emit( " police mpu 64 rate ${rate}kbit burst $in_burst action drop\n" );
} else { } else {
emit( " police mpu 64 rate ${rate}kbit burst $in_burst avrate ${in_bandwidth}kbit action drop\n" ); emit( " police avrate ${in_avrate}kbit action drop\n" );
} }
} }
@ -580,7 +599,7 @@ sub process_flow($) {
} }
sub process_simple_device() { sub process_simple_device() {
my ( $device , $type , $in_bandwidth , $out_part ) = split_line 'tcinterfaces', { interface => 0, type => 1, in_bandwidth => 2, out_bandwidth => 3 }; my ( $device , $type , $in_rate , $out_part ) = split_line 'tcinterfaces', { interface => 0, type => 1, in_bandwidth => 2, out_bandwidth => 3 };
fatal_error 'INTERFACE must be specified' if $device eq '-'; fatal_error 'INTERFACE must be specified' if $device eq '-';
fatal_error "Duplicate INTERFACE ($device)" if $tcdevices{$device}; fatal_error "Duplicate INTERFACE ($device)" if $tcdevices{$device};
@ -605,7 +624,7 @@ sub process_simple_device() {
} }
} }
( $in_bandwidth , my ($in_burst, $in_mtu ) ) = process_in_bandwidth( $in_bandwidth ); $in_rate = process_in_bandwidth( $in_rate );
emit( '', emit( '',
@ -625,7 +644,7 @@ sub process_simple_device() {
"qt \$TC qdisc del dev $physical ingress\n" "qt \$TC qdisc del dev $physical ingress\n"
); );
handle_in_bandwidth( $physical, $in_bandwidth, $in_burst, $in_mtu ) unless $in_bandwidth eq '-'; handle_in_bandwidth( $physical, $in_rate ) if $in_rate;
if ( $out_part ne '-' ) { if ( $out_part ne '-' ) {
my ( $out_bandwidth, $burst, $latency, $peak, $minburst ) = split ':', $out_part; my ( $out_bandwidth, $burst, $latency, $peak, $minburst ) = split ':', $out_part;
@ -777,11 +796,9 @@ sub validate_tc_device( ) {
} }
} }
( $inband , my ($in_burst, $in_mtu ) ) = process_in_bandwidth( $inband ); $inband = process_in_bandwidth( $inband );
$tcdevices{$device} = { in_bandwidth => rate_to_kbit( $inband ), $tcdevices{$device} = { in_bandwidth => $inband,
in_burst => $in_burst,
in_mtu => $in_mtu,
out_bandwidth => rate_to_kbit( $outband ) . 'kbit', out_bandwidth => rate_to_kbit( $outband ) . 'kbit',
number => $devnumber, number => $devnumber,
classify => $classify, classify => $classify,
@ -1581,7 +1598,7 @@ sub process_traffic_shaping() {
qq(fi) ); qq(fi) );
} }
handle_in_bandwidth( $device, $devref->{in_bandwidth}, $devref->{in_burst}, $devref->{in_mtu}) if $devref->{in_bandwidth}; handle_in_bandwidth( $device, $devref->{in_bandwidth} ) if $devref->{in_bandwidth};
for my $rdev ( @{$devref->{redirected}} ) { for my $rdev ( @{$devref->{redirected}} ) {
emit ( "run_tc qdisc add dev $rdev handle ffff: ingress" ); emit ( "run_tc qdisc add dev $rdev handle ffff: ingress" );