mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-23 08:03:11 +01:00
Add experimental support for IFBs
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8267 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
392b6eb8d1
commit
77be234a24
@ -2,6 +2,8 @@ Changes in 4.1.6
|
||||
|
||||
1) Deprecate IMPLICIT_CONTINUE=Yes
|
||||
|
||||
2) Add REDIRECTED INTERFACES column to tcdevices.
|
||||
|
||||
Changes in 4.1.5
|
||||
|
||||
1) More ruleset optimization.
|
||||
|
@ -65,12 +65,32 @@ Migration Issues.
|
||||
5) The value of IMPLICIT_CONTINUE in shorewall.conf (and samples) has
|
||||
been changed from Yes to No.
|
||||
|
||||
Problems corrected in 4.1.5.
|
||||
Problems corrected in 4.1.6.
|
||||
|
||||
None.
|
||||
|
||||
New Features in 4.1.6.
|
||||
|
||||
1) The default value for the IMPLICIT_CONTINUE option has been changed
|
||||
to 'No'.
|
||||
|
||||
2) A REDIRECTED INTERFACES option has been added to the tcdevices file
|
||||
to support using an IFB (Intermediate Functional Block) device.
|
||||
|
||||
IFBs can be used to shape incoming traffic by redirecting that
|
||||
traffic through the IFB.
|
||||
|
||||
To use this feature:
|
||||
|
||||
a) Specify the name of your IFB in the INTERFACE column.
|
||||
b) List the redirected device names (comma-separated) in the
|
||||
REDIRECTED INTERFACES column.
|
||||
|
||||
Packets that are input from the redirected interface(s) will appear
|
||||
as output packets on the IFB.
|
||||
|
||||
This support should be considered EXPERIMENTAL.
|
||||
|
||||
New Features in Shorewall 4.1.
|
||||
|
||||
1) Shorewall 4.1 contains support for multiple Internet providers
|
||||
|
@ -6,5 +6,6 @@
|
||||
# See http://shorewall.net/traffic_shaping.htm for additional information.
|
||||
#
|
||||
###############################################################################
|
||||
#INTERFACE IN-BANDWITH OUT-BANDWIDTH OPTIONS
|
||||
#INTERFACE IN-BANDWITH OUT-BANDWIDTH OPTIONS REDIRECTED
|
||||
# INTERFACES
|
||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
||||
|
@ -309,8 +309,8 @@ sub calculate_quantum( $$ ) {
|
||||
int( ( $rate * 125 ) / $r2q );
|
||||
}
|
||||
|
||||
sub validate_tc_device( $$$$ ) {
|
||||
my ( $device, $inband, $outband , $options ) = @_;
|
||||
sub validate_tc_device( $$$$$ ) {
|
||||
my ( $device, $inband, $outband , $options , $redirected ) = @_;
|
||||
|
||||
fatal_error "Duplicate device ($device)" if $tcdevices{$device};
|
||||
fatal_error "Invalid device name ($device)" if $device =~ /[:+]/;
|
||||
@ -327,9 +327,18 @@ sub validate_tc_device( $$$$ ) {
|
||||
}
|
||||
}
|
||||
|
||||
my @redirected;
|
||||
|
||||
@redirected = split_list( $redirected , 'device' ) if defined $redirected;
|
||||
|
||||
for my $rdevice ( @redirected ) {
|
||||
fatal_error "Invalid device name ($rdevice)" if $rdevice =~ /[:+]/;
|
||||
}
|
||||
|
||||
$tcdevices{$device} = { in_bandwidth => rate_to_kbit( $inband ) . 'kbit' ,
|
||||
out_bandwidth => rate_to_kbit( $outband ) . 'kbit' ,
|
||||
classify => $classify };
|
||||
classify => $classify ,
|
||||
redirected => \@redirected };
|
||||
|
||||
push @tcdevices, $device;
|
||||
|
||||
@ -415,10 +424,10 @@ sub setup_traffic_shaping() {
|
||||
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ( $device, $inband, $outband, $options ) = split_line 3, 4, 'tcdevices';
|
||||
my ( $device, $inband, $outband, $options , $redirected ) = split_line 3, 5, 'tcdevices';
|
||||
|
||||
fatal_error "Invalid tcdevices entry" if $outband eq '-';
|
||||
validate_tc_device( $device, $inband, $outband , $options );
|
||||
validate_tc_device( $device, $inband, $outband , $options , $redirected );
|
||||
}
|
||||
}
|
||||
|
||||
@ -467,6 +476,10 @@ sub setup_traffic_shaping() {
|
||||
);
|
||||
}
|
||||
|
||||
for my $rdev ( @{$devref->{redirected}} ) {
|
||||
emit( "run_tc filter add dev $rdev parent ffff: protocol ip u32 match u32 0 0 action mirred egress redirect dev $device" );
|
||||
}
|
||||
|
||||
$devref->{number} = $devnum++;
|
||||
|
||||
save_progress_message_short " TC Device $device defined.";
|
||||
|
Loading…
Reference in New Issue
Block a user