diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm index f8f68e2a4..93e580673 100644 --- a/Shorewall/Perl/Shorewall/Chains.pm +++ b/Shorewall/Perl/Shorewall/Chains.pm @@ -1509,7 +1509,7 @@ sub verify_mark( $ ) { sub verify_small_mark( $ ) { verify_mark ( (my $mark) = $_[0] ); - fatal_error "Mark value ($mark) too large" if numeric_value( $mark ) > ( $config{WIDE_TC_MARKS} ? 0x03FF : 0xFF ); + fatal_error "Mark value ($mark) too large" if numeric_value( $mark ) > ( $config{WIDE_TC_MARKS} ? 0x3FFF : 0xFF ); } sub validate_mark( $ ) { diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm index f0b24e001..867bada9e 100644 --- a/Shorewall/Perl/Shorewall/Tc.pm +++ b/Shorewall/Perl/Shorewall/Tc.pm @@ -599,7 +599,7 @@ sub validate_tc_class( $$$$$$ ) { $markval = numeric_value( $mark ); fatal_error "Invalid MARK ($markval)" unless defined $markval; - $classnumber = $config{WIDE_TC_MARKS} ? ( $devref->{number} << 10 ) | $mark : 1 . $mark; + $classnumber = $config{WIDE_TC_MARKS} ? ( $devref->{number} << 10 ) | $markval : $devnum . $markval; fatal_error "Duplicate MARK ($mark)" if $tcref->{$classnumber}; } } else { @@ -651,7 +651,8 @@ sub validate_tc_class( $$$$$$ ) { } elsif ( $option =~ /^occurs=(.+)$/ ) { my $val = $1; $occurs = numeric_value($val); - fatal_error "Invalid 'occurs' ($val)" unless defined $occurs && $occurs; + fatal_error "Invalid 'occurs' ($val)" unless defined $occurs && $occurs > 0; + fatal_error "Invalid 'occurs' ($val)" if $occurs > ( $config{WIDE_TC_MARKS} ? 8191 : 255 ); fatal_error "Duplicate 'occurs'" if $tcref->{occurs} > 1; if ( $occurs > 1 ) { fatal_error "The 'occurs' option is not valid with 'classify'" if $devref->{classify}; @@ -1025,7 +1026,7 @@ sub setup_tc() { if ( $config{HIGH_ROUTE_MARKS} ) { for my $chain qw(INPUT FORWARD POSTROUTING) { - insert_rule1 $mangle_table->{$chain}, 0, $config{WIDE_TC_MARKS} ? '-j MARK --and-mark 0x03FF' : '-j MARK --and-mark 0xFF'; + insert_rule1 $mangle_table->{$chain}, 0, $config{WIDE_TC_MARKS} ? '-j MARK --and-mark 0x3FFF' : '-j MARK --and-mark 0xFF'; } } } diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 107885791..bf9722918 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -82,20 +82,24 @@ None. Shorewall generates a TC class Id from a mark value. - Prior to 4.3.9, the class number was constructed by concatinating - the device number with the mark value. + the either '1' or '10' with the mark value. '10' is used when + there are more than 10 devices defined in /etc/shorewall/tcdevices. - - Beginning with 4.3.9, the class number is constructed by shifting + - In 4.3.9, the class number is constructed by shifting the device number left by 10 bits and logically ORing the result with the mark value. + - In 4.3.10, a new method is added; the mark value is logically + ORed with 0x40000000; + The WIDE_TC_MARKS option in shorewall.conf selects which construction to use. WIDE_TC_MARKS=No (the default) produces pre-4.3.9 behavior. WIDE_TC_MARKS=Yes produces the new behavior. In addition to determining the method of constructing class Ids, WIDE_TC_MARKS=Yes provides for larger mark values for traffic - shaping. Traffic shaping marks may have values up to 1023 with - WIDE_TC_MARKS=Yes. This means that when both WIDE_TC_MARKS=Yes and + shaping. Traffic shaping marks may have values up to 16383 (0x3fff) + with WIDE_TC_MARKS=Yes. This means that when both WIDE_TC_MARKS=Yes and HIGH_ROUTE_MARKS=Yes, routing marks (/etc/shorewall/providers MARK column) must be >= 65536 (0x10000) and must be a multiple of 65536 (0x1000, 0x20000, 0x30000, ...). diff --git a/Shorewall/shorewall b/Shorewall/shorewall index d3231e86f..b1de7de28 100755 --- a/Shorewall/shorewall +++ b/Shorewall/shorewall @@ -1448,7 +1448,7 @@ usage() # $1 = exit status echo " delete [:] ... " echo " drop
..." echo " dump [ -x ]" - echo " encode " + echo " encode " echo " export [ ] [@][:]" echo " forget [ ]" echo " help" @@ -1996,11 +1996,11 @@ case "$COMMAND" in ;; decode) [ $# -eq 2 ] || usage 1 - echo "Device = $(($2 >> 10)) Mark = $(($2 & 0x3ff))" + echo "Mark = $(($2 & 0x3fff))" ;; encode) - [ $# -eq 3 ] || usage 1 - echo "Class Number = $((($2 << 10) | $3))" + [ $# -eq 2 ] || usage 1 + echo "Class Number = $((0x4000 | $2))" ;; call) get_config diff --git a/docs/traffic_shaping.xml b/docs/traffic_shaping.xml index 165781027..653d08ac3 100644 --- a/docs/traffic_shaping.xml +++ b/docs/traffic_shaping.xml @@ -434,7 +434,7 @@ ppp0 6000kbit 500kbit MARK - The mark value which is an integer in the range 1-255 - (1-1023 if you set WIDE_TC_MARKS=Yes in shorewall.conf (5) ). You define these marks in the tcrules file, marking the traffic you want to go into the queuing classes defined in here. You can use the same @@ -615,7 +615,7 @@ ppp0 6000kbit 500kbit MARK or CLASSIFY - MARK specifies the mark value is to be assigned in case of a match. This is an integer in the range 1-255 - (1-1023 if you set WIDE_TC_MARKS=Yes in shorewall.conf (5) ). This value may be optionally followed by : and either F, P or "T" to designate that the @@ -737,8 +737,10 @@ ppp0 6000kbit 500kbit the MARK value of the class preceded by the number "1" - (MARK value 1 is <minor> class 11, MARK value 22 is - <minor> class 122, and so on) + or "10" (MARK value 1 is <minor> class 11, MARK value + 22 is <minor> class 122, and so on). "10" is used + where there are more than 10 devices defined in /etc/shorewall/tcdevices. @@ -751,15 +753,15 @@ ppp0 6000kbit 500kbit shorewall encode and shorewall decode commands (shorewall (8)) may be - used to translate a device number/mark pair to/from a - <minor> class. + used to translate a mark to/from a <minor> + class. Examples: - $ shorewall encode 1 100 -Class Number = 1124 -$ shorewall decode 1124 -Device = 1 Mark = 100 + $ shorewall encode 100 +Class Number = 16484 +$ shorewall decode 16484 +Mark = 100 diff --git a/manpages/shorewall.conf.xml b/manpages/shorewall.conf.xml index b8308072c..cb1df30cf 100644 --- a/manpages/shorewall.conf.xml +++ b/manpages/shorewall.conf.xml @@ -645,7 +645,7 @@ net all DROP infothen the chain name is 'net2all' Marks used for traffic shaping must be in the range of - 1-1023 and may still not be set in the PREROUTING chain. + 1-16383 and may still not be set in the PREROUTING chain. @@ -1723,14 +1723,14 @@ net all DROP infothen the chain name is 'net2all' - WIDE_ROUTE_MARKS={WIDE_TC_MARKS={Yes|No} When set to No (the default), traffic shaping marks are 8 - bytes wide (possible values are 1-255). When WIDE_ROUTE_MARKS=Yes, - traffic shaping marks are 10 bytes wide (values 1-1023). The setting - of WIDE_ROUTE_MARKS also has an effect on the HIGH_ROUTE_MARKS + bytes wide (possible values are 1-255). When WIDE_TC_MARKS=Yes, + traffic shaping marks are 14 bytes wide (values 1-16383). The + setting of WIDE_TC_MARKS also has an effect on the HIGH_ROUTE_MARKS option (see above). diff --git a/manpages/shorewall.xml b/manpages/shorewall.xml index 8c5fe0694..cc9fd0626 100644 --- a/manpages/shorewall.xml +++ b/manpages/shorewall.xml @@ -159,8 +159,7 @@ -options devnum - mark + choice="plain"> mark @@ -748,7 +747,7 @@ Decomposes the classnum into its - component device number and mark value. + component mark value. @@ -796,7 +795,6 @@ Displays the class number derived from the - devnum and mark. diff --git a/manpages6/shorewall6.conf.xml b/manpages6/shorewall6.conf.xml index 426447d74..9d424f039 100644 --- a/manpages6/shorewall6.conf.xml +++ b/manpages6/shorewall6.conf.xml @@ -500,7 +500,7 @@ net all DROP infothen the chain name is 'net2all' Marks used for traffic shaping must be in the range of - 1-1023 and may still not be set in the PREROUTING chain. + 1-16383 and may still not be set in the PREROUTING chain. @@ -1212,14 +1212,14 @@ net all DROP infothen the chain name is 'net2all' - WIDE_ROUTE_MARKS={WIDE_TC_MARKS={Yes|No} When set to No (the default), traffic shaping marks are 8 - bytes wide (possible values are 1-255). When WIDE_ROUTE_MARKS=Yes, - traffic shaping marks are 10 bytes wide (values 1-1023). The setting - of WIDE_ROUTE_MARKS also has an effect on the HIGH_ROUTE_MARKS + bytes wide (possible values are 1-255). When WIDE_TC_MARKS=Yes, + traffic shaping marks are 14 bytes wide (values 1-16383). The + setting of WIDE_TC_MARKS also has an effect on the HIGH_ROUTE_MARKS option (see above).