From 624c24f2c04a83eb3fc95f0512425bc4b4f3cd8c Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Tue, 5 May 2009 07:50:46 -0700
Subject: [PATCH] Sequentially assign class numbers when WIDE_TC_MARKS=Yes

---
 Shorewall/Perl/Shorewall/Tc.pm |  4 +++-
 Shorewall/releasenotes.txt     | 37 +++++++++++++++++-------------
 Shorewall/shorewall            | 10 --------
 docs/traffic_shaping.xml       | 23 +++----------------
 manpages/shorewall.xml         | 42 ----------------------------------
 5 files changed, 27 insertions(+), 89 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index fe6941b56..5d2702605 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -155,6 +155,7 @@ our @deferred_rules;
 #                              tablenumber   => <next u32 table to be allocated for this device>
 #                              default       => <default class mark value>
 #                              redirected    => [ <dev1>, <dev2>, ... ]
+#                              nextclass     => <number>
 #                                               }
 #
 our @tcdevices;
@@ -506,6 +507,7 @@ sub validate_tc_device( $$$$$ ) {
 			    tablenumber   => 1 ,
 			    redirected    => \@redirected ,
 			    default       => 0,
+			    nextclass     => 2,
 			  } ,
 
     push @tcdevices, $device;
@@ -617,7 +619,7 @@ sub validate_tc_class( $$$$$$ ) {
 	    if ( $classnumber ) {
 		fatal_error "Duplicate Class NUMBER ($classnumber)" if $tcref->{$classnumber};
 	    } else {
-		$classnumber = $config{WIDE_TC_MARKS} ? $markval < 0x100 ? 0x4000 | $markval : $markval : $devnum . $markval;
+		$classnumber = $config{WIDE_TC_MARKS} ? $tcref->{nextclass}++ : $devnum . $markval;
 		fatal_error "Duplicate MARK ($mark)" if $tcref->{$classnumber};
 	    }
 	}
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index fdfbb2ee2..e2c6739f0 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -66,6 +66,19 @@ released late in 2009.
     To avoid this warning, replace interface names by the corresponding
     network addresses (e.g., 192.168.144.0/24).
 
+5)  Previously, Shorewall has treated traffic shaping class IDs as
+    decimal numbers (or pairs of decimal numbers). That worked fine
+    until IPMARK was implemented. IPMARK requires Shorewall to generate
+    class Ids in numeric sequence. In 4.3.9, that didn't work correctly
+    because Shorewall was generating the sequence "..8,9,10,11..." when
+    the correct sequence was "...8,9,a,b,...". Shorewall now treats
+    class IDs as hex, like 'tc' and 'iptables' do.
+
+    This should only be an issue if you have more than 9 interfaces
+    defined in /etc/shorewall/tcdevices and if you use class IDs in
+    /etc/shorewall/tcrules. You will need to renumber the class IDs for
+    devices 10 and greater.
+
 ----------------------------------------------------------------------------
           P R O B L E M S   C O R R E C T E D   I N   4 . 3 . 10
 ----------------------------------------------------------------------------
@@ -105,19 +118,20 @@ None.
     Shorewall generates a TC class Id from a mark value. 
 
     - Prior to 4.3.9, the class number was constructed by concatinating
-      the either '1' or '10' with the mark value. '10' is used when
+      the mark value with the either '1' or '10'. '10' is used when
       there are more than 10 devices defined in /etc/shorewall/tcdevices.
 
     - In 4.3.9, the class number is constructed by shifting
       the device number left by 10 bits and logically ORing the result
       with the mark value.
 
-    - In 4.3.10, a new method is added; the mark value is logically
-      ORed with 0x4000.
+    - In 4.3.10, a new method is added; class numbers are assigned
+      sequentially beginning with 2.
 
     The WIDE_TC_MARKS option in shorewall.conf selects which
     construction to use. WIDE_TC_MARKS=No (the default) produces
-    pre-4.3.9 behavior. WIDE_TC_MARKS=Yes produces the new behavior.
+    pre-4.3.9 behavior. WIDE_TC_MARKS=Yes produces the new 4.3.10
+    behavior.
 
     In addition to determining the method of constructing class Ids,
     WIDE_TC_MARKS=Yes provides for larger mark values for traffic
@@ -127,17 +141,6 @@ None.
     column) must be >= 65536 (0x10000) and must be a multiple of 65536
     (0x1000, 0x20000, 0x30000, ...).
 
-    /sbin/shorewall supports an 'encode' and a 'decode' command for
-    mapping back and forth using the new  method:
-
-    Example:
-
-	$ shorewall encode 100 #Maps a MARK value to a class number
-	Class Number = 4064
-	$ shorewall decode 4064 #Maks a class number (hex) to a MARK value
-	Mark = 100
-	$
-
 2)  The implementation of IPMARK has changed. Please see item 16) in
     the  'New Features in 4.3' section below.
 
@@ -170,7 +173,9 @@ None.
     the same way as the first level classes can borrow from the root
     class.
 
-    To use nested classes, you must explicitly number your classes.
+    To use nested classes, you must explicitly number your
+    classes. That does not imply that you must use the 'classify'
+    option.
 
     Example:
 
diff --git a/Shorewall/shorewall b/Shorewall/shorewall
index d0868cb99..f02fdf17d 100755
--- a/Shorewall/shorewall
+++ b/Shorewall/shorewall
@@ -1444,11 +1444,9 @@ usage() # $1 = exit status
     echo "   check [ -e ] [ <directory> ]"
     echo "   clear [ -f ]"
     echo "   compile [ -e ] [ -d ] [ <directory name> ] [ <path name> ]"
-    echo "   decode <classnum>"
     echo "   delete <interface>[:<host-list>] ... <zone>"
     echo "   drop <address> ..."
     echo "   dump [ -x ]"
-    echo "   encode <mark>"
     echo "   export [ <directory1> ] [<user>@]<system>[:<directory2>]"
     echo "   forget [ <file name> ]"
     echo "   help"
@@ -1994,14 +1992,6 @@ case "$COMMAND" in
 	shift
 	restore_command $@
         ;;
-    decode)
-	[ $# -eq 2 ] || usage 1
-	echo "Mark =" $((0x$2 & 0x3fff))
-	;;
-    encode)
-	[ $# -eq 2 ] || usage 1
-	echo "Class Number = 4$(printf '0%x' $2)"
-	;;
     call)
 	get_config
 	[ -n "$debugging" ] && set -x
diff --git a/docs/traffic_shaping.xml b/docs/traffic_shaping.xml
index 9c04741e8..8697aa1fc 100644
--- a/docs/traffic_shaping.xml
+++ b/docs/traffic_shaping.xml
@@ -726,7 +726,7 @@ ppp0           6000kbit         500kbit</programlisting>
 
           <orderedlist>
             <listitem>
-              <para>Constructed from the mark. The method of construction
+              <para>Constructed by Shorewall. The method of construction
               depends on the setting of WIDE_TC_MARKS (<ulink
               url="manpages/shorewall.conf.html">shorewall.conf</ulink>
               (5)).</para>
@@ -744,25 +744,8 @@ ppp0           6000kbit         500kbit</programlisting>
                 </listitem>
               </itemizedlist>
 
-              <para>When SIDE_TC_MARKS=Yes, the &lt;minor&gt; class is:</para>
-
-              <itemizedlist>
-                <listitem>
-                  <para>The number 0x4000 logically ORed with the MARK value.
-                  The <command>shorewall encode</command> and
-                  <command>shorewall decode</command> commands (<ulink
-                  url="manpages/shorewall.html">shorewall</ulink> (8)) may be
-                  used to translate a mark to/from a &lt;minor&gt;
-                  class.</para>
-
-                  <para>Examples:</para>
-
-                  <programlisting>$ <command>shorewall encode 100</command>
-Class Number = 16484
-$ <command>shorewall decode 16484</command>
-Mark = 100</programlisting>
-                </listitem>
-              </itemizedlist>
+              <para>When WIDE_TC_MARKS=Yes, the &lt;minor&gt; class is
+              assigned sequentially beginning with 2.</para>
             </listitem>
 
             <listitem>
diff --git a/manpages/shorewall.xml b/manpages/shorewall.xml
index 4fcea5d87..337dd37ee 100644
--- a/manpages/shorewall.xml
+++ b/manpages/shorewall.xml
@@ -95,18 +95,6 @@
       <arg choice="opt"><replaceable>pathname</replaceable></arg>
     </cmdsynopsis>
 
-    <cmdsynopsis>
-      <command>shorewall</command>
-
-      <arg
-      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
-
-      <arg>-<replaceable>options</replaceable></arg>
-
-      <arg choice="plain"><option>decode</option><arg
-      choice="plain"><replaceable>classnum</replaceable></arg></arg>
-    </cmdsynopsis>
-
     <cmdsynopsis>
       <command>shorewall</command>
 
@@ -150,18 +138,6 @@
       <arg><option>-m</option></arg>
     </cmdsynopsis>
 
-    <cmdsynopsis>
-      <command>shorewall</command>
-
-      <arg
-      choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
-
-      <arg>-<replaceable>options</replaceable></arg>
-
-      <arg choice="plain"><option>encode</option><arg
-      choice="plain"><replaceable> mark</replaceable></arg></arg>
-    </cmdsynopsis>
-
     <cmdsynopsis>
       <command>shorewall</command>
 
@@ -747,15 +723,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term><emphasis role="bold">decode</emphasis></term>
-
-        <listitem>
-          <para>Decomposes the <replaceable>classnum</replaceable> into its
-          component mark value.</para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term><emphasis role="bold">delete</emphasis></term>
 
@@ -795,15 +762,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term><emphasis role="bold">encode</emphasis></term>
-
-        <listitem>
-          <para>Displays the class number derived from the
-          <replaceable>mark</replaceable>.</para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term><emphasis role="bold">export</emphasis></term>