mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-29 11:04:03 +01:00
Sequentially assign class numbers when WIDE_TC_MARKS=Yes
This commit is contained in:
parent
8f6130cca4
commit
624c24f2c0
@ -155,6 +155,7 @@ our @deferred_rules;
|
||||
# tablenumber => <next u32 table to be allocated for this device>
|
||||
# default => <default class mark value>
|
||||
# redirected => [ <dev1>, <dev2>, ... ]
|
||||
# nextclass => <number>
|
||||
# }
|
||||
#
|
||||
our @tcdevices;
|
||||
@ -506,6 +507,7 @@ sub validate_tc_device( $$$$$ ) {
|
||||
tablenumber => 1 ,
|
||||
redirected => \@redirected ,
|
||||
default => 0,
|
||||
nextclass => 2,
|
||||
} ,
|
||||
|
||||
push @tcdevices, $device;
|
||||
@ -617,7 +619,7 @@ sub validate_tc_class( $$$$$$ ) {
|
||||
if ( $classnumber ) {
|
||||
fatal_error "Duplicate Class NUMBER ($classnumber)" if $tcref->{$classnumber};
|
||||
} else {
|
||||
$classnumber = $config{WIDE_TC_MARKS} ? $markval < 0x100 ? 0x4000 | $markval : $markval : $devnum . $markval;
|
||||
$classnumber = $config{WIDE_TC_MARKS} ? $tcref->{nextclass}++ : $devnum . $markval;
|
||||
fatal_error "Duplicate MARK ($mark)" if $tcref->{$classnumber};
|
||||
}
|
||||
}
|
||||
|
@ -66,6 +66,19 @@ released late in 2009.
|
||||
To avoid this warning, replace interface names by the corresponding
|
||||
network addresses (e.g., 192.168.144.0/24).
|
||||
|
||||
5) Previously, Shorewall has treated traffic shaping class IDs as
|
||||
decimal numbers (or pairs of decimal numbers). That worked fine
|
||||
until IPMARK was implemented. IPMARK requires Shorewall to generate
|
||||
class Ids in numeric sequence. In 4.3.9, that didn't work correctly
|
||||
because Shorewall was generating the sequence "..8,9,10,11..." when
|
||||
the correct sequence was "...8,9,a,b,...". Shorewall now treats
|
||||
class IDs as hex, like 'tc' and 'iptables' do.
|
||||
|
||||
This should only be an issue if you have more than 9 interfaces
|
||||
defined in /etc/shorewall/tcdevices and if you use class IDs in
|
||||
/etc/shorewall/tcrules. You will need to renumber the class IDs for
|
||||
devices 10 and greater.
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
P R O B L E M S C O R R E C T E D I N 4 . 3 . 10
|
||||
----------------------------------------------------------------------------
|
||||
@ -105,19 +118,20 @@ None.
|
||||
Shorewall generates a TC class Id from a mark value.
|
||||
|
||||
- Prior to 4.3.9, the class number was constructed by concatinating
|
||||
the either '1' or '10' with the mark value. '10' is used when
|
||||
the mark value with the either '1' or '10'. '10' is used when
|
||||
there are more than 10 devices defined in /etc/shorewall/tcdevices.
|
||||
|
||||
- In 4.3.9, the class number is constructed by shifting
|
||||
the device number left by 10 bits and logically ORing the result
|
||||
with the mark value.
|
||||
|
||||
- In 4.3.10, a new method is added; the mark value is logically
|
||||
ORed with 0x4000.
|
||||
- In 4.3.10, a new method is added; class numbers are assigned
|
||||
sequentially beginning with 2.
|
||||
|
||||
The WIDE_TC_MARKS option in shorewall.conf selects which
|
||||
construction to use. WIDE_TC_MARKS=No (the default) produces
|
||||
pre-4.3.9 behavior. WIDE_TC_MARKS=Yes produces the new behavior.
|
||||
pre-4.3.9 behavior. WIDE_TC_MARKS=Yes produces the new 4.3.10
|
||||
behavior.
|
||||
|
||||
In addition to determining the method of constructing class Ids,
|
||||
WIDE_TC_MARKS=Yes provides for larger mark values for traffic
|
||||
@ -127,17 +141,6 @@ None.
|
||||
column) must be >= 65536 (0x10000) and must be a multiple of 65536
|
||||
(0x1000, 0x20000, 0x30000, ...).
|
||||
|
||||
/sbin/shorewall supports an 'encode' and a 'decode' command for
|
||||
mapping back and forth using the new method:
|
||||
|
||||
Example:
|
||||
|
||||
$ shorewall encode 100 #Maps a MARK value to a class number
|
||||
Class Number = 4064
|
||||
$ shorewall decode 4064 #Maks a class number (hex) to a MARK value
|
||||
Mark = 100
|
||||
$
|
||||
|
||||
2) The implementation of IPMARK has changed. Please see item 16) in
|
||||
the 'New Features in 4.3' section below.
|
||||
|
||||
@ -170,7 +173,9 @@ None.
|
||||
the same way as the first level classes can borrow from the root
|
||||
class.
|
||||
|
||||
To use nested classes, you must explicitly number your classes.
|
||||
To use nested classes, you must explicitly number your
|
||||
classes. That does not imply that you must use the 'classify'
|
||||
option.
|
||||
|
||||
Example:
|
||||
|
||||
|
@ -1444,11 +1444,9 @@ usage() # $1 = exit status
|
||||
echo " check [ -e ] [ <directory> ]"
|
||||
echo " clear [ -f ]"
|
||||
echo " compile [ -e ] [ -d ] [ <directory name> ] [ <path name> ]"
|
||||
echo " decode <classnum>"
|
||||
echo " delete <interface>[:<host-list>] ... <zone>"
|
||||
echo " drop <address> ..."
|
||||
echo " dump [ -x ]"
|
||||
echo " encode <mark>"
|
||||
echo " export [ <directory1> ] [<user>@]<system>[:<directory2>]"
|
||||
echo " forget [ <file name> ]"
|
||||
echo " help"
|
||||
@ -1994,14 +1992,6 @@ case "$COMMAND" in
|
||||
shift
|
||||
restore_command $@
|
||||
;;
|
||||
decode)
|
||||
[ $# -eq 2 ] || usage 1
|
||||
echo "Mark =" $((0x$2 & 0x3fff))
|
||||
;;
|
||||
encode)
|
||||
[ $# -eq 2 ] || usage 1
|
||||
echo "Class Number = 4$(printf '0%x' $2)"
|
||||
;;
|
||||
call)
|
||||
get_config
|
||||
[ -n "$debugging" ] && set -x
|
||||
|
@ -726,7 +726,7 @@ ppp0 6000kbit 500kbit</programlisting>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>Constructed from the mark. The method of construction
|
||||
<para>Constructed by Shorewall. The method of construction
|
||||
depends on the setting of WIDE_TC_MARKS (<ulink
|
||||
url="manpages/shorewall.conf.html">shorewall.conf</ulink>
|
||||
(5)).</para>
|
||||
@ -744,25 +744,8 @@ ppp0 6000kbit 500kbit</programlisting>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>When SIDE_TC_MARKS=Yes, the <minor> class is:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>The number 0x4000 logically ORed with the MARK value.
|
||||
The <command>shorewall encode</command> and
|
||||
<command>shorewall decode</command> commands (<ulink
|
||||
url="manpages/shorewall.html">shorewall</ulink> (8)) may be
|
||||
used to translate a mark to/from a <minor>
|
||||
class.</para>
|
||||
|
||||
<para>Examples:</para>
|
||||
|
||||
<programlisting>$ <command>shorewall encode 100</command>
|
||||
Class Number = 16484
|
||||
$ <command>shorewall decode 16484</command>
|
||||
Mark = 100</programlisting>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
<para>When WIDE_TC_MARKS=Yes, the <minor> class is
|
||||
assigned sequentially beginning with 2.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
|
@ -95,18 +95,6 @@
|
||||
<arg choice="opt"><replaceable>pathname</replaceable></arg>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
<command>shorewall</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>-<replaceable>options</replaceable></arg>
|
||||
|
||||
<arg choice="plain"><option>decode</option><arg
|
||||
choice="plain"><replaceable>classnum</replaceable></arg></arg>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
<command>shorewall</command>
|
||||
|
||||
@ -150,18 +138,6 @@
|
||||
<arg><option>-m</option></arg>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
<command>shorewall</command>
|
||||
|
||||
<arg
|
||||
choice="opt"><option>trace</option>|<option>debug</option><arg><option>nolock</option></arg></arg>
|
||||
|
||||
<arg>-<replaceable>options</replaceable></arg>
|
||||
|
||||
<arg choice="plain"><option>encode</option><arg
|
||||
choice="plain"><replaceable> mark</replaceable></arg></arg>
|
||||
</cmdsynopsis>
|
||||
|
||||
<cmdsynopsis>
|
||||
<command>shorewall</command>
|
||||
|
||||
@ -747,15 +723,6 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">decode</emphasis></term>
|
||||
|
||||
<listitem>
|
||||
<para>Decomposes the <replaceable>classnum</replaceable> into its
|
||||
component mark value.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">delete</emphasis></term>
|
||||
|
||||
@ -795,15 +762,6 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">encode</emphasis></term>
|
||||
|
||||
<listitem>
|
||||
<para>Displays the class number derived from the
|
||||
<replaceable>mark</replaceable>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">export</emphasis></term>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user