extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-22 23:53:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Optional priority on hfsc classes

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-09-12 13:39:54 -07:00
parent e9b0e2f912
commit 75953a87cb
5 changed files with 139 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -1057,6 +1057,16 @@ my %validredoptions = ( min => RED_INTEGER,
ecn => RED_NONE, ecn => RED_NONE,
); );
sub validate_filter_priority( $$ ) {
my ( $priority, $kind ) = @_;
my $pri = numeric_value( $priority );
fatal_error "Invalid $kind priority ($priority)" unless defined $pri && $pri > 0 && $pri <= 65535;
$pri;
}
sub validate_tc_class( ) { sub validate_tc_class( ) {
my ( $devclass, $mark, $rate, $ceil, $prio, $options ) = my ( $devclass, $mark, $rate, $ceil, $prio, $options ) =
split_line 'tcclasses file', { interface => 0, mark => 1, rate => 2, ceil => 3, prio => 4, options => 5 }; split_line 'tcclasses file', { interface => 0, mark => 1, rate => 2, ceil => 3, prio => 4, options => 5 };
@ -1110,10 +1120,12 @@ sub validate_tc_class( ) {
my $tcref = $tcclasses{$device}; my $tcref = $tcclasses{$device};
fatal_error "Invalid PRIO ($prio)" unless defined numeric_value $prio; if ( $devref->{qdisc} eq 'htb' ) {
fatal_error "Invalid PRIO ($prio)" unless defined numeric_value $prio;
}
my $markval = 0; my $markval = 0;
my $markprio = ( $prio << 8 ) | 0x20; my $markprio;
if ( $mark ne '-' ) { if ( $mark ne '-' ) {
fatal_error "MARK may not be specified when TC_BITS=0" unless $config{TC_BITS}; fatal_error "MARK may not be specified when TC_BITS=0" unless $config{TC_BITS};
@ -1121,8 +1133,10 @@ sub validate_tc_class( ) {
( $mark, my $priority ) = split/:/, $mark, 2; ( $mark, my $priority ) = split/:/, $mark, 2;
if ( supplied $priority ) { if ( supplied $priority ) {
$markprio = numeric_value $priority; $markprio = validate_filter_priority( $priority, 'mark' );
fatal_error "Invalid mark priority ($priority)" unless defined $markprio && $markprio > 0; } else {
fatal_error "Missing mark priority" if $prio eq '-';
$markprio = ( $prio << 8 ) | 20;
} }
$markval = numeric_value( $mark ); $markval = numeric_value( $mark );
@ -1199,7 +1213,7 @@ sub validate_tc_class( ) {
dmax => $dmax , dmax => $dmax ,
ceiling => $ceil = ( supplied $ceil ? convert_rate( $ceilmax, $ceil, 'CEIL' , $ceilname ) : 0 ), ceiling => $ceil = ( supplied $ceil ? convert_rate( $ceilmax, $ceil, 'CEIL' , $ceilname ) : 0 ),
lsceil => $lsceil = ( $lsceil ? convert_rate( $ceilmax, $lsceil, 'LSCEIL', $ceilname ) : 0 ), lsceil => $lsceil = ( $lsceil ? convert_rate( $ceilmax, $lsceil, 'LSCEIL', $ceilname ) : 0 ),
priority => $prio eq '-' ? 1 : $prio , priority => $prio ,
mark => $markval , mark => $markval ,
markprio => $markprio , markprio => $markprio ,
flow => '' , flow => '' ,
@ -1222,20 +1236,20 @@ sub validate_tc_class( ) {
my $priority; my $priority;
my $optval; my $optval;
( $option, my $prio ) = split /:/, $option, 2; ( $option, my $pri ) = split /:/, $option, 2;
if ( $option =~ /^tos=(.+)/ || ( $optval = $tosoptions{$option} ) ) { if ( $option =~ /^tos=(.+)/ || ( $optval = $tosoptions{$option} ) ) {
if ( supplied $prio ) { if ( supplied $pri ) {
$priority = numeric_value $prio; $priority = validate_filter_priority( $pri, 'mark' );
fatal_error "Invalid tos priority ($prio)" unless defined $priority && $priority > 0;
} else { } else {
$priority = ( $tcref->{priority} << 8 ) | 0x10; fatal_error "Missing TOS priority" if $prio eq '-';
$priority = ( $prio << 8 ) | 10;
} }
$option = "tos=$optval" if $optval; $option = "tos=$optval" if $optval;
} elsif ( supplied $prio ) { } elsif ( supplied $pri ) {
$option = join ':', $option, $prio; $option = join ':', $option, $pri;
} }
if ( $option eq 'default' ) { if ( $option eq 'default' ) {
@ -1245,11 +1259,10 @@ sub validate_tc_class( ) {
} elsif ( $option =~ /tcp-ack(:(\d+|0x[0-0a-fA-F]))?$/ ) { } elsif ( $option =~ /tcp-ack(:(\d+|0x[0-0a-fA-F]))?$/ ) {
fatal_error "The $option option is not valid with 'occurs" if $tcref->{occurs} > 1; fatal_error "The $option option is not valid with 'occurs" if $tcref->{occurs} > 1;
if ( $1 ) { if ( $1 ) {
my $priority = numeric_value $2; $tcref->{tcp_ack} = validate_filter_priority( $2, 'tcp-ack' );
fatal_error "Invalid tcp-ack priority ($prio)" unless defined $priority && $priority > 0;
$tcref->{tcp_ack} = $priority;
} else { } else {
$tcref->{tcp_ack} = ( $tcref->{priority} << 8 ) | 0x10; fatal_error "Missing tcp-ack priority" if $prio eq '-';
$tcref->{tcp_ack} = ( $prio << 8 ) | 10;
} }
} elsif ( $option =~ /^tos=0x[0-9a-f]{2}$/ ) { } elsif ( $option =~ /^tos=0x[0-9a-f]{2}$/ ) {
fatal_error "The $option option is not valid with 'occurs" if $tcref->{occurs} > 1; fatal_error "The $option option is not valid with 'occurs" if $tcref->{occurs} > 1;
@ -1397,10 +1410,7 @@ sub process_tc_filter() {
my ( $ip, $ip32, $prio , $lo ) = $family == F_IPV4 ? ('ip', 'ip', 10, 2 ) : ('ipv6', 'ip6', 11 , 4 ); my ( $ip, $ip32, $prio , $lo ) = $family == F_IPV4 ? ('ip', 'ip', 10, 2 ) : ('ipv6', 'ip6', 11 , 4 );
if ( $priority ne '-' ) { $prio = validate_filter_priority( $priority, 'filter' ) unless $priority eq '-';
$prio = numeric_value $priority;
fatal_error "Invalid priority ($priority)" unless defined $prio && $prio > 0;
}
my $devref; my $devref;
@ -1936,7 +1946,6 @@ sub process_traffic_shaping() {
$classids{$classid}=$devname; $classids{$classid}=$devname;
my $priority = $tcref->{priority} << 8;
my $parent = in_hexp $tcref->{parent}; my $parent = in_hexp $tcref->{parent};
emit ( "[ \$${dev}_mtu -gt $quantum ] && quantum=\$${dev}_mtu || quantum=$quantum" ); emit ( "[ \$${dev}_mtu -gt $quantum ] && quantum=\$${dev}_mtu || quantum=$quantum" );
@ -2002,7 +2011,7 @@ sub process_traffic_shaping() {
# #
# options # options
# #
emit( "run_tc filter add dev $device parent $devicenumber:0 protocol ip prio " . ( $priority | 0x10 ) . ' u32' . emit( "run_tc filter add dev $device parent $devicenumber:0 protocol ip prio $tcref->{tcp_ack} u32" .
"\\\n match ip protocol 6 0xff" . "\\\n match ip protocol 6 0xff" .
"\\\n match u8 0x05 0x0f at 0" . "\\\n match u8 0x05 0x0f at 0" .
"\\\n match u16 0x0000 0xffc0 at 2" . "\\\n match u16 0x0000 0xffc0 at 2" .

66
Shorewall/manpages/shorewall-tcclasses.xml
View File

@ -232,17 +232,32 @@
<emphasis>priority</emphasis></term> <emphasis>priority</emphasis></term>
<listitem> <listitem>
<para>The <emphasis>priority</emphasis> in which classes will be <para>For HTB:</para>
serviced by the packet shaping scheduler and also the priority in
which bandwidth in excess of the rate will be given to each
class.</para>
<para>Higher priority classes will experience less delay since they <blockquote>
are serviced first. Priority values are serviced in ascending order <para>The <emphasis>priority</emphasis> in which classes will be
(e.g. 0 is higher priority than 1).</para> serviced by the packet shaping scheduler and also the priority in
which bandwidth in excess of the rate will be given to each
class.</para>
<para>Classes may be set to the same priority, in which case they <para>Higher priority classes will experience less delay since
will be serviced as equals.</para> they are serviced first. Priority values are serviced in ascending
order (e.g. 0 is higher priority than 1).</para>
<para>Classes may be set to the same priority, in which case they
will be serviced as equals.</para>
</blockquote>
<para>For both HTB and HFSC, the <emphasis>priority</emphasis> is
used to calculate the priority of Shorewall-generated classification
filters that refer to the class. The rules for classes with lower
numeric priorities will appear before those with higher numeric
priorities.</para>
<para>Beginning with Shorewall 4.5.8, the PRIORITY may be omitted,
providing that a priority is specified in the MARK column and with
the <emphasis role="bold">tcp-ack</emphasis> and <emphasis
role="bold">tos</emphasis> options.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -275,7 +290,7 @@
<varlistentry> <varlistentry>
<term><emphasis <term><emphasis
role="bold">tos=0x</emphasis><emphasis>value</emphasis>[/0x<emphasis>mask</emphasis>] role="bold">tos=0x</emphasis><emphasis>value</emphasis>[/0x<emphasis>mask</emphasis>][:<replaceable>priority</replaceable>]
(mask defaults to 0xff)</term> (mask defaults to 0xff)</term>
<listitem> <listitem>
@ -283,18 +298,34 @@
<emphasis>value</emphasis>/<emphasis>mask</emphasis> <emphasis>value</emphasis>/<emphasis>mask</emphasis>
combination of the IP packet's TOS/Precedence/DiffSrv octet combination of the IP packet's TOS/Precedence/DiffSrv octet
(aka the TOS byte).</para> (aka the TOS byte).</para>
<para>Beginning with Shorewall 4.5.8, the
<replaceable>value/mask</replaceable> may be followed by a
colon (":") and a <replaceable>priority</replaceable>. This
priority determines the order in which filter rules are
processed during packet classification. If not specified, the
value (<replaceable>class priority</replaceable> &lt;&lt; 8) |
10) is used.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis <term><emphasis
role="bold">tos-</emphasis><emphasis>tosname</emphasis></term> role="bold">tos-</emphasis><emphasis>tosname</emphasis>[:<replaceable>priority</replaceable>]</term>
<listitem> <listitem>
<para>Aliases for the following TOS octet value and mask <para>Aliases for the following TOS octet value and mask
encodings. TOS encodings of the "TOS byte" have been encodings. TOS encodings of the "TOS byte" have been
deprecated in favor of diffserve classes, but programs like deprecated in favor of diffserve classes, but programs like
ssh, rlogin, and ftp still use them.</para> ssh, rlogin, and ftp still use them. </para>
<para>Beginning with Shorewall 4.5.8, the
<replaceable>tos-name</replaceable> may be followed by a colon
(":") and a <replaceable>priority</replaceable>. This priority
determines the order in which filter rules are processed
during packet classification. If not specified, the value
(<replaceable>class priority</replaceable> &lt;&lt; 8) | 10)
is used.</para>
<programlisting> <emphasis role="bold">tos-minimize-delay</emphasis> 0x10/0x10 <programlisting> <emphasis role="bold">tos-minimize-delay</emphasis> 0x10/0x10
<emphasis role="bold">tos-maximize-throughput</emphasis> 0x08/0x08 <emphasis role="bold">tos-maximize-throughput</emphasis> 0x08/0x08
@ -310,7 +341,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">tcp-ack</emphasis></term> <term><emphasis
role="bold">tcp-ack[:<replaceable>priority</replaceable>]</emphasis></term>
<listitem> <listitem>
<para>If defined, causes a tc filter to be created that puts <para>If defined, causes a tc filter to be created that puts
@ -320,7 +352,13 @@
limited to 64 bytes because we want only packets WITHOUT limited to 64 bytes because we want only packets WITHOUT
payload to match.</para> payload to match.</para>
<para/> <para>Beginning with Shorewall 4.5.8, the <emphasis
role="bold">tcp-ack</emphasis> may be followed by a colon
(":") and a <replaceable>priority</replaceable>. This priority
determines the order in which filter rules are processed
during packet classification. If not specified, the value
(<replaceable>class priority</replaceable> &lt;&lt; 8) | 20)
is used.</para>
<note> <note>
<para>This option is only valid for ONE class per <para>This option is only valid for ONE class per

4
Shorewall/manpages/shorewall-tcfilters.xml
View File

@ -206,7 +206,7 @@
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>Classify by packet mark - ( <replaceable>class <para>Classify by packet mark - ( <replaceable>class
priority</replaceable> &lt;&lt; 8 ) LOR 32.</para> priority</replaceable> &lt;&lt; 8 ) | 20.</para>
</listitem> </listitem>
<listitem> <listitem>
@ -219,7 +219,7 @@
<listitem> <listitem>
<para>Complex TC ACK packets - ( <replaceable>class <para>Complex TC ACK packets - ( <replaceable>class
priority</replaceable> &lt;&lt; 8 ) LOR 16.</para> priority</replaceable> &lt;&lt; 8 ) | 10.</para>
</listitem> </listitem>
<listitem> <listitem>

65
Shorewall6/manpages/shorewall6-tcclasses.xml
View File

@ -229,17 +229,33 @@
<emphasis>priority</emphasis></term> <emphasis>priority</emphasis></term>
<listitem> <listitem>
<para>The <emphasis>priority</emphasis> in which classes will be <para>For HTB:</para>
serviced by the packet shaping scheduler and also the priority in
which bandwidth in excess of the rate will be given to each
class.</para>
<para>Higher priority classes will experience less delay since they <blockquote>
are serviced first. Priority values are serviced in ascending order <para>The <emphasis>priority</emphasis> in which classes will be
(e.g. 0 is higher priority than 1).</para> serviced by the packet shaping scheduler and also the priority in
which bandwidth in excess of the rate will be given to each
class.</para>
<para>Classes may be set to the same priority, in which case they <para>Higher priority classes will experience less delay since
will be serviced as equals.</para> they are serviced first. Priority values are serviced in ascending
order (e.g. 0 is higher priority than 1).</para>
<para>Classes may be set to the same priority, in which case they
will be serviced as equals.</para>
</blockquote>
<para>For both HTB and HFSC, the <emphasis>priority</emphasis> is
used to calculate the priority of Shorewall-generated classification
filters that refer to the class. The rules for classes with lower
numeric priorities will appear before those with higher numeric
priorities.</para>
<para>Beginning with Shorewall 4.5.8, the PRIORITY may be omitted,
providing that a <replaceable>priority</replaceable> is specified in
the MARK column and with the <emphasis
role="bold">tcp-ack</emphasis> and <emphasis
role="bold">tos</emphasis> options.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -270,7 +286,7 @@
<varlistentry> <varlistentry>
<term><emphasis <term><emphasis
role="bold">tos=0x</emphasis><emphasis>value</emphasis>[/0x<emphasis>mask</emphasis>] role="bold">tos=0x</emphasis><emphasis>value</emphasis>[/0x<emphasis>mask</emphasis>][:<replaceable>priority</replaceable>]
(mask defaults to 0xff)</term> (mask defaults to 0xff)</term>
<listitem> <listitem>
@ -278,12 +294,20 @@
<emphasis>value</emphasis>/<emphasis>mask</emphasis> <emphasis>value</emphasis>/<emphasis>mask</emphasis>
combination of the IP packet's TOS/Precedence/DiffSrv octet combination of the IP packet's TOS/Precedence/DiffSrv octet
(aka the TOS byte).</para> (aka the TOS byte).</para>
<para>Beginning with Shorewall 4.5.8, the
<replaceable>value/mask</replaceable> may be followed by a
colon (":") and a <replaceable>priority</replaceable>. This
priority determines the order in which filter rules are
processed during packet classification. If not specified, the
value (<replaceable>class priority</replaceable> &lt;&lt; 8) |
10) is used.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis <term><emphasis
role="bold">tos-</emphasis><emphasis>tosname</emphasis></term> role="bold">tos-</emphasis><emphasis>tosname</emphasis>[:<replaceable>priority</replaceable>]</term>
<listitem> <listitem>
<para>Aliases for the following TOS octet value and mask <para>Aliases for the following TOS octet value and mask
@ -297,6 +321,14 @@
<emphasis role="bold">tos-minimize-cost</emphasis> 0x02/0x02 <emphasis role="bold">tos-minimize-cost</emphasis> 0x02/0x02
<emphasis role="bold">tos-normal-service</emphasis> 0x00/0x1e</programlisting> <emphasis role="bold">tos-normal-service</emphasis> 0x00/0x1e</programlisting>
<para>Beginning with Shorewall 4.5.8, the
<replaceable>tos-name</replaceable> may be followed by a colon
(":") and a <replaceable>priority</replaceable>. This priority
determines the order in which filter rules are processed
during packet classification. If not specified, the value
(<replaceable>class priority</replaceable> &lt;&lt; 8) | 10)
is used.</para>
<note> <note>
<para>Each of these options is only valid for ONE class per <para>Each of these options is only valid for ONE class per
interface.</para> interface.</para>
@ -305,7 +337,8 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">tcp-ack</emphasis></term> <term><emphasis
role="bold">tcp-ack</emphasis>[:<replaceable>priority</replaceable>]</term>
<listitem> <listitem>
<para>If defined, causes a tc filter to be created that puts <para>If defined, causes a tc filter to be created that puts
@ -315,7 +348,13 @@
limited to 64 bytes because we want only packets WITHOUT limited to 64 bytes because we want only packets WITHOUT
payload to match.</para> payload to match.</para>
<para/> <para>Beginning with Shorewall 4.5.8, the <emphasis
role="bold">tcp-ack</emphasis> may be followed by a colon
(":") and a <replaceable>priority</replaceable>. This priority
determines the order in which filter rules are processed
during packet classification. If not specified, the value
(<replaceable>class priority</replaceable> &lt;&lt; 8) | 20)
is used.</para>
<note> <note>
<para>This option is only valid for ONE class per <para>This option is only valid for ONE class per

4
Shorewall6/manpages/shorewall6-tcfilters.xml
View File

@ -201,7 +201,7 @@
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>Classify by packet mark - ( <replaceable>class <para>Classify by packet mark - ( <replaceable>class
priority</replaceable> &lt;&lt; 8 ) LOR 32.</para> priority</replaceable> &lt;&lt; 8 ) | 20.</para>
</listitem> </listitem>
<listitem> <listitem>
@ -214,7 +214,7 @@
<listitem> <listitem>
<para>Complex TC ACK packets - ( <replaceable>class <para>Complex TC ACK packets - ( <replaceable>class
priority</replaceable> &lt;&lt; 8 ) LOR 16.</para> priority</replaceable> &lt;&lt; 8 ) | 20.</para>
</listitem> </listitem>
<listitem> <listitem>