From 5b4e9eb8e673b4942635f6ea7b490b892641f1fc Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Mon, 11 Jan 2010 15:30:33 -0800 Subject: [PATCH] Revert change with migration issue Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Tc.pm | 8 +++++++- Shorewall/releasenotes.txt | 10 ---------- 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm index ba45897b7..ba947448c 100644 --- a/Shorewall/Perl/Shorewall/Tc.pm +++ b/Shorewall/Perl/Shorewall/Tc.pm @@ -1182,7 +1182,13 @@ sub setup_tc() { my $mark_part = ''; - $mark_part = '-m mark --mark 0/' . in_hex( $globals{PROVIDER_MASK} ) . ' ' if @routemarked_interfaces && ! $config{TC_EXPERT}; + if ( @routemarked_interfaces && ! $config{TC_EXPERT} ) { + $mark_part = '-m mark --mark 0/' . in_hex( $globals{PROVIDER_MASK} ) . ' '; + + for my $interface ( @routemarked_interfaces ) { + add_rule $mangle_table->{PREROUTING} , match_source_dev( $interface ) . "-j tcpre"; + } + } add_jump $mangle_table->{PREROUTING} , 'tcpre', 0, $mark_part; add_jump $mangle_table->{OUTPUT} , 'tcout', 0, $mark_part; diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 99d84ab87..a59a2bed3 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -169,11 +169,6 @@ Shorewall 4.4.6 now, if the zone has :0.0.0.0/0 (even with exclusions), then it may have no additional members in /etc/shorewall/hosts. -13) Prior versions of Shorewall applied PREROUTING marking rules to all - packets from 'tracked' provider interfaces when - TC_EXPERT=No. Beginning with Shorewall 4.4.6, packets from these - interfaces will only have those rules applied when TC_EXPERT=Yes. - ---------------------------------------------------------------------------- P R O B L E M S C O R R E C T E D I N 4 . 4 . 6 ---------------------------------------------------------------------------- @@ -187,11 +182,6 @@ Shorewall 4.4.6 verifying the existence of the correct ipset utility before using it to save the contents of the sets. -2) Prior versions of Shorewall incorrectly applied PREROUTING marking - rules to all packets from 'tracked' provider interfaces when - TC_EXPERT=No. Beginning with Shorewall 4.4.6, packets from these - interfaces will only have those rules applied when TC_EXPERT=Yes. - ---------------------------------------------------------------------------- K N O W N P R O B L E M S R E M A I N I N G ----------------------------------------------------------------------------