From 77be234a244f3bc6131b9e176d5a2f9171331115 Mon Sep 17 00:00:00 2001 From: teastep Date: Wed, 5 Mar 2008 16:16:04 +0000 Subject: [PATCH] Add experimental support for IFBs git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8267 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-common/changelog.txt | 2 ++ Shorewall-common/releasenotes.txt | 22 +++++++++++++++++++++- Shorewall-common/tcdevices | 3 ++- Shorewall-perl/Shorewall/Tc.pm | 23 ++++++++++++++++++----- 4 files changed, 43 insertions(+), 7 deletions(-) diff --git a/Shorewall-common/changelog.txt b/Shorewall-common/changelog.txt index 7888ace67..a576e83fe 100644 --- a/Shorewall-common/changelog.txt +++ b/Shorewall-common/changelog.txt @@ -2,6 +2,8 @@ Changes in 4.1.6 1) Deprecate IMPLICIT_CONTINUE=Yes +2) Add REDIRECTED INTERFACES column to tcdevices. + Changes in 4.1.5 1) More ruleset optimization. diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt index 70e195ee2..2d1f85d89 100644 --- a/Shorewall-common/releasenotes.txt +++ b/Shorewall-common/releasenotes.txt @@ -65,12 +65,32 @@ Migration Issues. 5) The value of IMPLICIT_CONTINUE in shorewall.conf (and samples) has been changed from Yes to No. -Problems corrected in 4.1.5. +Problems corrected in 4.1.6. None. New Features in 4.1.6. +1) The default value for the IMPLICIT_CONTINUE option has been changed + to 'No'. + +2) A REDIRECTED INTERFACES option has been added to the tcdevices file + to support using an IFB (Intermediate Functional Block) device. + + IFBs can be used to shape incoming traffic by redirecting that + traffic through the IFB. + + To use this feature: + + a) Specify the name of your IFB in the INTERFACE column. + b) List the redirected device names (comma-separated) in the + REDIRECTED INTERFACES column. + + Packets that are input from the redirected interface(s) will appear + as output packets on the IFB. + + This support should be considered EXPERIMENTAL. + New Features in Shorewall 4.1. 1) Shorewall 4.1 contains support for multiple Internet providers diff --git a/Shorewall-common/tcdevices b/Shorewall-common/tcdevices index ae65e7611..f1a3e5363 100644 --- a/Shorewall-common/tcdevices +++ b/Shorewall-common/tcdevices @@ -6,5 +6,6 @@ # See http://shorewall.net/traffic_shaping.htm for additional information. # ############################################################################### -#INTERFACE IN-BANDWITH OUT-BANDWIDTH OPTIONS +#INTERFACE IN-BANDWITH OUT-BANDWIDTH OPTIONS REDIRECTED +# INTERFACES #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Shorewall-perl/Shorewall/Tc.pm b/Shorewall-perl/Shorewall/Tc.pm index 9598c8918..92307c9a0 100644 --- a/Shorewall-perl/Shorewall/Tc.pm +++ b/Shorewall-perl/Shorewall/Tc.pm @@ -309,8 +309,8 @@ sub calculate_quantum( $$ ) { int( ( $rate * 125 ) / $r2q ); } -sub validate_tc_device( $$$$ ) { - my ( $device, $inband, $outband , $options ) = @_; +sub validate_tc_device( $$$$$ ) { + my ( $device, $inband, $outband , $options , $redirected ) = @_; fatal_error "Duplicate device ($device)" if $tcdevices{$device}; fatal_error "Invalid device name ($device)" if $device =~ /[:+]/; @@ -327,9 +327,18 @@ sub validate_tc_device( $$$$ ) { } } + my @redirected; + + @redirected = split_list( $redirected , 'device' ) if defined $redirected; + + for my $rdevice ( @redirected ) { + fatal_error "Invalid device name ($rdevice)" if $rdevice =~ /[:+]/; + } + $tcdevices{$device} = { in_bandwidth => rate_to_kbit( $inband ) . 'kbit' , out_bandwidth => rate_to_kbit( $outband ) . 'kbit' , - classify => $classify }; + classify => $classify , + redirected => \@redirected }; push @tcdevices, $device; @@ -415,10 +424,10 @@ sub setup_traffic_shaping() { while ( read_a_line ) { - my ( $device, $inband, $outband, $options ) = split_line 3, 4, 'tcdevices'; + my ( $device, $inband, $outband, $options , $redirected ) = split_line 3, 5, 'tcdevices'; fatal_error "Invalid tcdevices entry" if $outband eq '-'; - validate_tc_device( $device, $inband, $outband , $options ); + validate_tc_device( $device, $inband, $outband , $options , $redirected ); } } @@ -467,6 +476,10 @@ sub setup_traffic_shaping() { ); } + for my $rdev ( @{$devref->{redirected}} ) { + emit( "run_tc filter add dev $rdev parent ffff: protocol ip u32 match u32 0 0 action mirred egress redirect dev $device" ); + } + $devref->{number} = $devnum++; save_progress_message_short " TC Device $device defined.";