extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-26 01:23:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Sequentially assign class numbers when WIDE_TC_MARKS=Yes

Browse Source
This commit is contained in:
Tom Eastep 2009-05-05 07:50:46 -07:00
parent 8f6130cca4
commit 624c24f2c0
5 changed files with 27 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -155,6 +155,7 @@ our @deferred_rules;
# tablenumber => <next u32 table to be allocated for this device> # tablenumber => <next u32 table to be allocated for this device>
# default => <default class mark value> # default => <default class mark value>
# redirected => [ <dev1>, <dev2>, ... ] # redirected => [ <dev1>, <dev2>, ... ]
# nextclass => <number>
# } # }
# #
our @tcdevices; our @tcdevices;
@ -506,6 +507,7 @@ sub validate_tc_device( $$$$$ ) {
tablenumber => 1 , tablenumber => 1 ,
redirected => \@redirected , redirected => \@redirected ,
default => 0, default => 0,
nextclass => 2,
} , } ,
push @tcdevices, $device; push @tcdevices, $device;
@ -617,7 +619,7 @@ sub validate_tc_class( $$$$$$ ) {
if ( $classnumber ) { if ( $classnumber ) {
fatal_error "Duplicate Class NUMBER ($classnumber)" if $tcref->{$classnumber}; fatal_error "Duplicate Class NUMBER ($classnumber)" if $tcref->{$classnumber};
} else { } else {
$classnumber = $config{WIDE_TC_MARKS} ? $markval < 0x100 ? 0x4000 | $markval : $markval : $devnum . $markval; $classnumber = $config{WIDE_TC_MARKS} ? $tcref->{nextclass}++ : $devnum . $markval;
fatal_error "Duplicate MARK ($mark)" if $tcref->{$classnumber}; fatal_error "Duplicate MARK ($mark)" if $tcref->{$classnumber};
} }
} }

37
Shorewall/releasenotes.txt
View File

@ -66,6 +66,19 @@ released late in 2009.
To avoid this warning, replace interface names by the corresponding To avoid this warning, replace interface names by the corresponding
network addresses (e.g., 192.168.144.0/24). network addresses (e.g., 192.168.144.0/24).
5) Previously, Shorewall has treated traffic shaping class IDs as
decimal numbers (or pairs of decimal numbers). That worked fine
until IPMARK was implemented. IPMARK requires Shorewall to generate
class Ids in numeric sequence. In 4.3.9, that didn't work correctly
because Shorewall was generating the sequence "..8,9,10,11..." when
the correct sequence was "...8,9,a,b,...". Shorewall now treats
class IDs as hex, like 'tc' and 'iptables' do.
This should only be an issue if you have more than 9 interfaces
defined in /etc/shorewall/tcdevices and if you use class IDs in
/etc/shorewall/tcrules. You will need to renumber the class IDs for
devices 10 and greater.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
P R O B L E M S C O R R E C T E D I N 4 . 3 . 10 P R O B L E M S C O R R E C T E D I N 4 . 3 . 10
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
@ -105,19 +118,20 @@ None.
Shorewall generates a TC class Id from a mark value. Shorewall generates a TC class Id from a mark value.
- Prior to 4.3.9, the class number was constructed by concatinating - Prior to 4.3.9, the class number was constructed by concatinating
the either '1' or '10' with the mark value. '10' is used when the mark value with the either '1' or '10'. '10' is used when
there are more than 10 devices defined in /etc/shorewall/tcdevices. there are more than 10 devices defined in /etc/shorewall/tcdevices.
- In 4.3.9, the class number is constructed by shifting - In 4.3.9, the class number is constructed by shifting
the device number left by 10 bits and logically ORing the result the device number left by 10 bits and logically ORing the result
with the mark value. with the mark value.
- In 4.3.10, a new method is added; the mark value is logically - In 4.3.10, a new method is added; class numbers are assigned
ORed with 0x4000. sequentially beginning with 2.
The WIDE_TC_MARKS option in shorewall.conf selects which The WIDE_TC_MARKS option in shorewall.conf selects which
construction to use. WIDE_TC_MARKS=No (the default) produces construction to use. WIDE_TC_MARKS=No (the default) produces
pre-4.3.9 behavior. WIDE_TC_MARKS=Yes produces the new behavior. pre-4.3.9 behavior. WIDE_TC_MARKS=Yes produces the new 4.3.10
behavior.
In addition to determining the method of constructing class Ids, In addition to determining the method of constructing class Ids,
WIDE_TC_MARKS=Yes provides for larger mark values for traffic WIDE_TC_MARKS=Yes provides for larger mark values for traffic
@ -127,17 +141,6 @@ None.
column) must be >= 65536 (0x10000) and must be a multiple of 65536 column) must be >= 65536 (0x10000) and must be a multiple of 65536
(0x1000, 0x20000, 0x30000, ...). (0x1000, 0x20000, 0x30000, ...).
/sbin/shorewall supports an 'encode' and a 'decode' command for
mapping back and forth using the new method:
Example:
$ shorewall encode 100 #Maps a MARK value to a class number
Class Number = 4064
$ shorewall decode 4064 #Maks a class number (hex) to a MARK value
Mark = 100
$
2) The implementation of IPMARK has changed. Please see item 16) in 2) The implementation of IPMARK has changed. Please see item 16) in
the 'New Features in 4.3' section below. the 'New Features in 4.3' section below.
@ -170,7 +173,9 @@ None.
the same way as the first level classes can borrow from the root the same way as the first level classes can borrow from the root
class. class.
To use nested classes, you must explicitly number your classes. To use nested classes, you must explicitly number your
classes. That does not imply that you must use the 'classify'
option.
Example: Example:

10
Shorewall/shorewall
View File

@ -1444,11 +1444,9 @@ usage() # $1 = exit status
echo " check [ -e ] [ <directory> ]" echo " check [ -e ] [ <directory> ]"
echo " clear [ -f ]" echo " clear [ -f ]"
echo " compile [ -e ] [ -d ] [ <directory name> ] [ <path name> ]" echo " compile [ -e ] [ -d ] [ <directory name> ] [ <path name> ]"
echo " decode <classnum>"
echo " delete <interface>[:<host-list>] ... <zone>" echo " delete <interface>[:<host-list>] ... <zone>"
echo " drop <address> ..." echo " drop <address> ..."
echo " dump [ -x ]" echo " dump [ -x ]"
echo " encode <mark>"
echo " export [ <directory1> ] [<user>@]<system>[:<directory2>]" echo " export [ <directory1> ] [<user>@]<system>[:<directory2>]"
echo " forget [ <file name> ]" echo " forget [ <file name> ]"
echo " help" echo " help"
@ -1994,14 +1992,6 @@ case "$COMMAND" in
shift shift
restore_command $@ restore_command $@
;; ;;
decode)
[ $# -eq 2 ] || usage 1
echo "Mark =" $((0x$2 & 0x3fff))
;;
encode)
[ $# -eq 2 ] || usage 1
echo "Class Number = 4$(printf '0%x' $2)"
;;
call) call)
get_config get_config
[ -n "$debugging" ] && set -x [ -n "$debugging" ] && set -x

23
docs/traffic_shaping.xml
View File

@ -726,7 +726,7 @@ ppp0 6000kbit 500kbit</programlisting>
<orderedlist> <orderedlist>
<listitem> <listitem>
<para>Constructed from the mark. The method of construction <para>Constructed by Shorewall. The method of construction
depends on the setting of WIDE_TC_MARKS (<ulink depends on the setting of WIDE_TC_MARKS (<ulink
url="manpages/shorewall.conf.html">shorewall.conf</ulink> url="manpages/shorewall.conf.html">shorewall.conf</ulink>
(5)).</para> (5)).</para>
@ -744,25 +744,8 @@ ppp0 6000kbit 500kbit</programlisting>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
<para>When SIDE_TC_MARKS=Yes, the &lt;minor&gt; class is:</para> <para>When WIDE_TC_MARKS=Yes, the &lt;minor&gt; class is
assigned sequentially beginning with 2.</para>
<itemizedlist>
<listitem>
<para>The number 0x4000 logically ORed with the MARK value.
The <command>shorewall encode</command> and
<command>shorewall decode</command> commands (<ulink
url="manpages/shorewall.html">shorewall</ulink> (8)) may be
used to translate a mark to/from a &lt;minor&gt;
class.</para>
<para>Examples:</para>
<programlisting>$ <command>shorewall encode 100</command>
Class Number = 16484
$ <command>shorewall decode 16484</command>
Mark = 100</programlisting>
</listitem>
</itemizedlist>
</listitem> </listitem>
<listitem> <listitem>

42
manpages/shorewall.xml
View File

@ -95,18 +95,6 @@
<arg choice="opt"><replaceable>pathname</replaceable></arg> <arg choice="opt"><replaceable>pathname</replaceable></arg>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis>
<command>shorewall</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>decode</option><arg
choice="plain"><replaceable>classnum</replaceable></arg></arg>
</cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
<command>shorewall</command> <command>shorewall</command>
@ -150,18 +138,6 @@
<arg><option>-m</option></arg> <arg><option>-m</option></arg>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis>
<command>shorewall</command>
<arg
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
<arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>encode</option><arg
choice="plain"><replaceable> mark</replaceable></arg></arg>
</cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
<command>shorewall</command> <command>shorewall</command>
@ -747,15 +723,6 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><emphasis role="bold">decode</emphasis></term>
<listitem>
<para>Decomposes the <replaceable>classnum</replaceable> into its
component mark value.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">delete</emphasis></term> <term><emphasis role="bold">delete</emphasis></term>
@ -795,15 +762,6 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><emphasis role="bold">encode</emphasis></term>
<listitem>
<para>Displays the class number derived from the
<replaceable>mark</replaceable>.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">export</emphasis></term> <term><emphasis role="bold">export</emphasis></term>