extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-26 01:23:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Sequentially assign class numbers when WIDE_TC_MARKS=Yes

Browse Source
This commit is contained in:
Tom Eastep 2009-05-05 07:50:46 -07:00
parent 8f6130cca4
commit 624c24f2c0
5 changed files with 27 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -155,6 +155,7 @@ our @deferred_rules;
# tablenumber => <next u32 table to be allocated for this device>
# default => <default class mark value>
# redirected => [ <dev1>, <dev2>, ... ]
# nextclass => <number>
# }
#
our @tcdevices;
@ -506,6 +507,7 @@ sub validate_tc_device( $$$$$ ) {
tablenumber => 1 ,
redirected => \@redirected ,
default => 0,
nextclass => 2,
} ,
push @tcdevices, $device;
@ -617,7 +619,7 @@ sub validate_tc_class( $$$$$$ ) {
if ( $classnumber ) {
fatal_error "Duplicate Class NUMBER ($classnumber)" if $tcref->{$classnumber};
} else {
$classnumber = $config{WIDE_TC_MARKS} ? $markval < 0x100 ? 0x4000 | $markval : $markval : $devnum . $markval;
$classnumber = $config{WIDE_TC_MARKS} ? $tcref->{nextclass}++ : $devnum . $markval;
fatal_error "Duplicate MARK ($mark)" if $tcref->{$classnumber};
}
}

37
Shorewall/releasenotes.txt
View File

@ -66,6 +66,19 @@ released late in 2009.
To avoid this warning, replace interface names by the corresponding
network addresses (e.g., 192.168.144.0/24).
5) Previously, Shorewall has treated traffic shaping class IDs as
decimal numbers (or pairs of decimal numbers). That worked fine
until IPMARK was implemented. IPMARK requires Shorewall to generate
class Ids in numeric sequence. In 4.3.9, that didn't work correctly
because Shorewall was generating the sequence "..8,9,10,11..." when
the correct sequence was "...8,9,a,b,...". Shorewall now treats
class IDs as hex, like 'tc' and 'iptables' do.
This should only be an issue if you have more than 9 interfaces
defined in /etc/shorewall/tcdevices and if you use class IDs in
/etc/shorewall/tcrules. You will need to renumber the class IDs for
devices 10 and greater.
----------------------------------------------------------------------------
P R O B L E M S C O R R E C T E D I N 4 . 3 . 10
----------------------------------------------------------------------------
@ -105,19 +118,20 @@ None.
Shorewall generates a TC class Id from a mark value.
- Prior to 4.3.9, the class number was constructed by concatinating
the either '1' or '10' with the mark value. '10' is used when
the mark value with the either '1' or '10'. '10' is used when
there are more than 10 devices defined in /etc/shorewall/tcdevices.
- In 4.3.9, the class number is constructed by shifting
the device number left by 10 bits and logically ORing the result
with the mark value.
- In 4.3.10, a new method is added; the mark value is logically
ORed with 0x4000.
- In 4.3.10, a new method is added; class numbers are assigned
sequentially beginning with 2.
The WIDE_TC_MARKS option in shorewall.conf selects which
construction to use. WIDE_TC_MARKS=No (the default) produces
pre-4.3.9 behavior. WIDE_TC_MARKS=Yes produces the new behavior.
pre-4.3.9 behavior. WIDE_TC_MARKS=Yes produces the new 4.3.10
behavior.
In addition to determining the method of constructing class Ids,
WIDE_TC_MARKS=Yes provides for larger mark values for traffic
@ -127,17 +141,6 @@ None.
column) must be >= 65536 (0x10000) and must be a multiple of 65536
(0x1000, 0x20000, 0x30000, ...).
/sbin/shorewall supports an 'encode' and a 'decode' command for
mapping back and forth using the new method:
Example:
$ shorewall encode 100 #Maps a MARK value to a class number
Class Number = 4064
$ shorewall decode 4064 #Maks a class number (hex) to a MARK value
Mark = 100
$
2) The implementation of IPMARK has changed. Please see item 16) in
the 'New Features in 4.3' section below.
@ -170,7 +173,9 @@ None.
the same way as the first level classes can borrow from the root
class.
To use nested classes, you must explicitly number your classes.
To use nested classes, you must explicitly number your
classes. That does not imply that you must use the 'classify'
option.
Example:

10
Shorewall/shorewall
View File

@ -1444,11 +1444,9 @@ usage() # $1 = exit status
echo " check [ -e ] [ <directory> ]"
echo " clear [ -f ]"
echo " compile [ -e ] [ -d ] [ <directory name> ] [ <path name> ]"
echo " decode <classnum>"
echo " delete <interface>[:<host-list>] ... <zone>"
echo " drop <address> ..."
echo " dump [ -x ]"
echo " encode <mark>"
echo " export [ <directory1> ] [<user>@]<system>[:<directory2>]"
echo " forget [ <file name> ]"
echo " help"
@ -1994,14 +1992,6 @@ case "$COMMAND" in
shift
restore_command $@
;;
decode)
[ $# -eq 2 ] || usage 1
echo "Mark =" $((0x$2 & 0x3fff))
;;
encode)
[ $# -eq 2 ] || usage 1
echo "Class Number = 4$(printf '0%x' $2)"
;;
call)
get_config
[ -n "$debugging" ] && set -x

23
docs/traffic_shaping.xml
View File

@ -726,7 +726,7 @@ ppp0 6000kbit 500kbit</programlisting>
<orderedlist>
<listitem>
<para>Constructed from the mark. The method of construction
<para>Constructed by Shorewall. The method of construction
depends on the setting of WIDE_TC_MARKS (<ulink
url="manpages/shorewall.conf.html">shorewall.conf</ulink>
(5)).</para>
@ -744,25 +744,8 @@ ppp0 6000kbit 500kbit</programlisting>
</listitem>
</itemizedlist>
<para>When SIDE_TC_MARKS=Yes, the &lt;minor&gt; class is:</para>
<itemizedlist>
<listitem>
<para>The number 0x4000 logically ORed with the MARK value.
The <command>shorewall encode</command> and
<command>shorewall decode</command> commands (<ulink
url="manpages/shorewall.html">shorewall</ulink> (8)) may be
used to translate a mark to/from a &lt;minor&gt;
class.</para>
<para>Examples:</para>
<programlisting>$ <command>shorewall encode 100</command>
Class Number = 16484
$ <command>shorewall decode 16484</command>
Mark = 100</programlisting>
</listitem>
</itemizedlist>
<para>When WIDE_TC_MARKS=Yes, the &lt;minor&gt; class is
assigned sequentially beginning with 2.</para>
</listitem>
<listitem>

42
manpages/shorewall.xml
View File

@ -95,18 +95,6 @@
<arg choice="opt"><replaceable>pathname</replaceable></arg>
</cmdsynopsis>
<cmdsynopsis>
<command>shorewall</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>decode</option><arg
choice="plain"><replaceable>classnum</replaceable></arg></arg>
</cmdsynopsis>
<cmdsynopsis>
<command>shorewall</command>
@ -150,18 +138,6 @@
<arg><option>-m</option></arg>
</cmdsynopsis>
<cmdsynopsis>
<command>shorewall</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>encode</option><arg
choice="plain"><replaceable> mark</replaceable></arg></arg>
</cmdsynopsis>
<cmdsynopsis>
<command>shorewall</command>
@ -747,15 +723,6 @@
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">decode</emphasis></term>
<listitem>
<para>Decomposes the <replaceable>classnum</replaceable> into its
component mark value.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">delete</emphasis></term>
@ -795,15 +762,6 @@
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">encode</emphasis></term>
<listitem>
<para>Displays the class number derived from the
<replaceable>mark</replaceable>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">export</emphasis></term>