mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-29 19:13:39 +01:00
Sequentially assign class numbers when WIDE_TC_MARKS=Yes
This commit is contained in:
parent
8f6130cca4
commit
624c24f2c0
@ -155,6 +155,7 @@ our @deferred_rules;
|
|||||||
# tablenumber => <next u32 table to be allocated for this device>
|
# tablenumber => <next u32 table to be allocated for this device>
|
||||||
# default => <default class mark value>
|
# default => <default class mark value>
|
||||||
# redirected => [ <dev1>, <dev2>, ... ]
|
# redirected => [ <dev1>, <dev2>, ... ]
|
||||||
|
# nextclass => <number>
|
||||||
# }
|
# }
|
||||||
#
|
#
|
||||||
our @tcdevices;
|
our @tcdevices;
|
||||||
@ -506,6 +507,7 @@ sub validate_tc_device( $$$$$ ) {
|
|||||||
tablenumber => 1 ,
|
tablenumber => 1 ,
|
||||||
redirected => \@redirected ,
|
redirected => \@redirected ,
|
||||||
default => 0,
|
default => 0,
|
||||||
|
nextclass => 2,
|
||||||
} ,
|
} ,
|
||||||
|
|
||||||
push @tcdevices, $device;
|
push @tcdevices, $device;
|
||||||
@ -617,7 +619,7 @@ sub validate_tc_class( $$$$$$ ) {
|
|||||||
if ( $classnumber ) {
|
if ( $classnumber ) {
|
||||||
fatal_error "Duplicate Class NUMBER ($classnumber)" if $tcref->{$classnumber};
|
fatal_error "Duplicate Class NUMBER ($classnumber)" if $tcref->{$classnumber};
|
||||||
} else {
|
} else {
|
||||||
$classnumber = $config{WIDE_TC_MARKS} ? $markval < 0x100 ? 0x4000 | $markval : $markval : $devnum . $markval;
|
$classnumber = $config{WIDE_TC_MARKS} ? $tcref->{nextclass}++ : $devnum . $markval;
|
||||||
fatal_error "Duplicate MARK ($mark)" if $tcref->{$classnumber};
|
fatal_error "Duplicate MARK ($mark)" if $tcref->{$classnumber};
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -66,6 +66,19 @@ released late in 2009.
|
|||||||
To avoid this warning, replace interface names by the corresponding
|
To avoid this warning, replace interface names by the corresponding
|
||||||
network addresses (e.g., 192.168.144.0/24).
|
network addresses (e.g., 192.168.144.0/24).
|
||||||
|
|
||||||
|
5) Previously, Shorewall has treated traffic shaping class IDs as
|
||||||
|
decimal numbers (or pairs of decimal numbers). That worked fine
|
||||||
|
until IPMARK was implemented. IPMARK requires Shorewall to generate
|
||||||
|
class Ids in numeric sequence. In 4.3.9, that didn't work correctly
|
||||||
|
because Shorewall was generating the sequence "..8,9,10,11..." when
|
||||||
|
the correct sequence was "...8,9,a,b,...". Shorewall now treats
|
||||||
|
class IDs as hex, like 'tc' and 'iptables' do.
|
||||||
|
|
||||||
|
This should only be an issue if you have more than 9 interfaces
|
||||||
|
defined in /etc/shorewall/tcdevices and if you use class IDs in
|
||||||
|
/etc/shorewall/tcrules. You will need to renumber the class IDs for
|
||||||
|
devices 10 and greater.
|
||||||
|
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
P R O B L E M S C O R R E C T E D I N 4 . 3 . 10
|
P R O B L E M S C O R R E C T E D I N 4 . 3 . 10
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
@ -105,19 +118,20 @@ None.
|
|||||||
Shorewall generates a TC class Id from a mark value.
|
Shorewall generates a TC class Id from a mark value.
|
||||||
|
|
||||||
- Prior to 4.3.9, the class number was constructed by concatinating
|
- Prior to 4.3.9, the class number was constructed by concatinating
|
||||||
the either '1' or '10' with the mark value. '10' is used when
|
the mark value with the either '1' or '10'. '10' is used when
|
||||||
there are more than 10 devices defined in /etc/shorewall/tcdevices.
|
there are more than 10 devices defined in /etc/shorewall/tcdevices.
|
||||||
|
|
||||||
- In 4.3.9, the class number is constructed by shifting
|
- In 4.3.9, the class number is constructed by shifting
|
||||||
the device number left by 10 bits and logically ORing the result
|
the device number left by 10 bits and logically ORing the result
|
||||||
with the mark value.
|
with the mark value.
|
||||||
|
|
||||||
- In 4.3.10, a new method is added; the mark value is logically
|
- In 4.3.10, a new method is added; class numbers are assigned
|
||||||
ORed with 0x4000.
|
sequentially beginning with 2.
|
||||||
|
|
||||||
The WIDE_TC_MARKS option in shorewall.conf selects which
|
The WIDE_TC_MARKS option in shorewall.conf selects which
|
||||||
construction to use. WIDE_TC_MARKS=No (the default) produces
|
construction to use. WIDE_TC_MARKS=No (the default) produces
|
||||||
pre-4.3.9 behavior. WIDE_TC_MARKS=Yes produces the new behavior.
|
pre-4.3.9 behavior. WIDE_TC_MARKS=Yes produces the new 4.3.10
|
||||||
|
behavior.
|
||||||
|
|
||||||
In addition to determining the method of constructing class Ids,
|
In addition to determining the method of constructing class Ids,
|
||||||
WIDE_TC_MARKS=Yes provides for larger mark values for traffic
|
WIDE_TC_MARKS=Yes provides for larger mark values for traffic
|
||||||
@ -127,17 +141,6 @@ None.
|
|||||||
column) must be >= 65536 (0x10000) and must be a multiple of 65536
|
column) must be >= 65536 (0x10000) and must be a multiple of 65536
|
||||||
(0x1000, 0x20000, 0x30000, ...).
|
(0x1000, 0x20000, 0x30000, ...).
|
||||||
|
|
||||||
/sbin/shorewall supports an 'encode' and a 'decode' command for
|
|
||||||
mapping back and forth using the new method:
|
|
||||||
|
|
||||||
Example:
|
|
||||||
|
|
||||||
$ shorewall encode 100 #Maps a MARK value to a class number
|
|
||||||
Class Number = 4064
|
|
||||||
$ shorewall decode 4064 #Maks a class number (hex) to a MARK value
|
|
||||||
Mark = 100
|
|
||||||
$
|
|
||||||
|
|
||||||
2) The implementation of IPMARK has changed. Please see item 16) in
|
2) The implementation of IPMARK has changed. Please see item 16) in
|
||||||
the 'New Features in 4.3' section below.
|
the 'New Features in 4.3' section below.
|
||||||
|
|
||||||
@ -170,7 +173,9 @@ None.
|
|||||||
the same way as the first level classes can borrow from the root
|
the same way as the first level classes can borrow from the root
|
||||||
class.
|
class.
|
||||||
|
|
||||||
To use nested classes, you must explicitly number your classes.
|
To use nested classes, you must explicitly number your
|
||||||
|
classes. That does not imply that you must use the 'classify'
|
||||||
|
option.
|
||||||
|
|
||||||
Example:
|
Example:
|
||||||
|
|
||||||
|
@ -1444,11 +1444,9 @@ usage() # $1 = exit status
|
|||||||
echo " check [ -e ] [ <directory> ]"
|
echo " check [ -e ] [ <directory> ]"
|
||||||
echo " clear [ -f ]"
|
echo " clear [ -f ]"
|
||||||
echo " compile [ -e ] [ -d ] [ <directory name> ] [ <path name> ]"
|
echo " compile [ -e ] [ -d ] [ <directory name> ] [ <path name> ]"
|
||||||
echo " decode <classnum>"
|
|
||||||
echo " delete <interface>[:<host-list>] ... <zone>"
|
echo " delete <interface>[:<host-list>] ... <zone>"
|
||||||
echo " drop <address> ..."
|
echo " drop <address> ..."
|
||||||
echo " dump [ -x ]"
|
echo " dump [ -x ]"
|
||||||
echo " encode <mark>"
|
|
||||||
echo " export [ <directory1> ] [<user>@]<system>[:<directory2>]"
|
echo " export [ <directory1> ] [<user>@]<system>[:<directory2>]"
|
||||||
echo " forget [ <file name> ]"
|
echo " forget [ <file name> ]"
|
||||||
echo " help"
|
echo " help"
|
||||||
@ -1994,14 +1992,6 @@ case "$COMMAND" in
|
|||||||
shift
|
shift
|
||||||
restore_command $@
|
restore_command $@
|
||||||
;;
|
;;
|
||||||
decode)
|
|
||||||
[ $# -eq 2 ] || usage 1
|
|
||||||
echo "Mark =" $((0x$2 & 0x3fff))
|
|
||||||
;;
|
|
||||||
encode)
|
|
||||||
[ $# -eq 2 ] || usage 1
|
|
||||||
echo "Class Number = 4$(printf '0%x' $2)"
|
|
||||||
;;
|
|
||||||
call)
|
call)
|
||||||
get_config
|
get_config
|
||||||
[ -n "$debugging" ] && set -x
|
[ -n "$debugging" ] && set -x
|
||||||
|
@ -726,7 +726,7 @@ ppp0 6000kbit 500kbit</programlisting>
|
|||||||
|
|
||||||
<orderedlist>
|
<orderedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>Constructed from the mark. The method of construction
|
<para>Constructed by Shorewall. The method of construction
|
||||||
depends on the setting of WIDE_TC_MARKS (<ulink
|
depends on the setting of WIDE_TC_MARKS (<ulink
|
||||||
url="manpages/shorewall.conf.html">shorewall.conf</ulink>
|
url="manpages/shorewall.conf.html">shorewall.conf</ulink>
|
||||||
(5)).</para>
|
(5)).</para>
|
||||||
@ -744,25 +744,8 @@ ppp0 6000kbit 500kbit</programlisting>
|
|||||||
</listitem>
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
|
|
||||||
<para>When SIDE_TC_MARKS=Yes, the <minor> class is:</para>
|
<para>When WIDE_TC_MARKS=Yes, the <minor> class is
|
||||||
|
assigned sequentially beginning with 2.</para>
|
||||||
<itemizedlist>
|
|
||||||
<listitem>
|
|
||||||
<para>The number 0x4000 logically ORed with the MARK value.
|
|
||||||
The <command>shorewall encode</command> and
|
|
||||||
<command>shorewall decode</command> commands (<ulink
|
|
||||||
url="manpages/shorewall.html">shorewall</ulink> (8)) may be
|
|
||||||
used to translate a mark to/from a <minor>
|
|
||||||
class.</para>
|
|
||||||
|
|
||||||
<para>Examples:</para>
|
|
||||||
|
|
||||||
<programlisting>$ <command>shorewall encode 100</command>
|
|
||||||
Class Number = 16484
|
|
||||||
$ <command>shorewall decode 16484</command>
|
|
||||||
Mark = 100</programlisting>
|
|
||||||
</listitem>
|
|
||||||
</itemizedlist>
|
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
|
@ -95,18 +95,6 @@
|
|||||||
<arg choice="opt"><replaceable>pathname</replaceable></arg>
|
<arg choice="opt"><replaceable>pathname</replaceable></arg>
|
||||||
</cmdsynopsis>
|
</cmdsynopsis>
|
||||||
|
|
||||||
<cmdsynopsis>
|
|
||||||
<command>shorewall</command>
|
|
||||||
|
|
||||||
<arg
|
|
||||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
|
||||||
|
|
||||||
<arg>-<replaceable>options</replaceable></arg>
|
|
||||||
|
|
||||||
<arg choice="plain"><option>decode</option><arg
|
|
||||||
choice="plain"><replaceable>classnum</replaceable></arg></arg>
|
|
||||||
</cmdsynopsis>
|
|
||||||
|
|
||||||
<cmdsynopsis>
|
<cmdsynopsis>
|
||||||
<command>shorewall</command>
|
<command>shorewall</command>
|
||||||
|
|
||||||
@ -150,18 +138,6 @@
|
|||||||
<arg><option>-m</option></arg>
|
<arg><option>-m</option></arg>
|
||||||
</cmdsynopsis>
|
</cmdsynopsis>
|
||||||
|
|
||||||
<cmdsynopsis>
|
|
||||||
<command>shorewall</command>
|
|
||||||
|
|
||||||
<arg
|
|
||||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
|
||||||
|
|
||||||
<arg>-<replaceable>options</replaceable></arg>
|
|
||||||
|
|
||||||
<arg choice="plain"><option>encode</option><arg
|
|
||||||
choice="plain"><replaceable> mark</replaceable></arg></arg>
|
|
||||||
</cmdsynopsis>
|
|
||||||
|
|
||||||
<cmdsynopsis>
|
<cmdsynopsis>
|
||||||
<command>shorewall</command>
|
<command>shorewall</command>
|
||||||
|
|
||||||
@ -747,15 +723,6 @@
|
|||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term><emphasis role="bold">decode</emphasis></term>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Decomposes the <replaceable>classnum</replaceable> into its
|
|
||||||
component mark value.</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><emphasis role="bold">delete</emphasis></term>
|
<term><emphasis role="bold">delete</emphasis></term>
|
||||||
|
|
||||||
@ -795,15 +762,6 @@
|
|||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
|
||||||
<term><emphasis role="bold">encode</emphasis></term>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>Displays the class number derived from the
|
|
||||||
<replaceable>mark</replaceable>.</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><emphasis role="bold">export</emphasis></term>
|
<term><emphasis role="bold">export</emphasis></term>
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user