extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-25 04:01:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Revise WIDE_TC_MARKS classid generation

Browse Source
This commit is contained in:
Tom Eastep 2009-04-20 17:54:33 -07:00
parent dcee6562a2
commit 82bf6eb3f5
8 changed files with 41 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -1509,7 +1509,7 @@ sub verify_mark( $ ) {
sub verify_small_mark( $ ) { sub verify_small_mark( $ ) {
verify_mark ( (my $mark) = $_[0] ); verify_mark ( (my $mark) = $_[0] );
fatal_error "Mark value ($mark) too large" if numeric_value( $mark ) > ( $config{WIDE_TC_MARKS} ? 0x03FF : 0xFF ); fatal_error "Mark value ($mark) too large" if numeric_value( $mark ) > ( $config{WIDE_TC_MARKS} ? 0x3FFF : 0xFF );
} }
sub validate_mark( $ ) { sub validate_mark( $ ) {

7
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -599,7 +599,7 @@ sub validate_tc_class( $$$$$$ ) {
$markval = numeric_value( $mark ); $markval = numeric_value( $mark );
fatal_error "Invalid MARK ($markval)" unless defined $markval; fatal_error "Invalid MARK ($markval)" unless defined $markval;
$classnumber = $config{WIDE_TC_MARKS} ? ( $devref->{number} << 10 ) | $mark : 1 . $mark; $classnumber = $config{WIDE_TC_MARKS} ? ( $devref->{number} << 10 ) | $markval : $devnum . $markval;
fatal_error "Duplicate MARK ($mark)" if $tcref->{$classnumber}; fatal_error "Duplicate MARK ($mark)" if $tcref->{$classnumber};
} }
} else { } else {
@ -651,7 +651,8 @@ sub validate_tc_class( $$$$$$ ) {
} elsif ( $option =~ /^occurs=(.+)$/ ) { } elsif ( $option =~ /^occurs=(.+)$/ ) {
my $val = $1; my $val = $1;
$occurs = numeric_value($val); $occurs = numeric_value($val);
fatal_error "Invalid 'occurs' ($val)" unless defined $occurs && $occurs; fatal_error "Invalid 'occurs' ($val)" unless defined $occurs && $occurs > 0;
fatal_error "Invalid 'occurs' ($val)" if $occurs > ( $config{WIDE_TC_MARKS} ? 8191 : 255 );
fatal_error "Duplicate 'occurs'" if $tcref->{occurs} > 1; fatal_error "Duplicate 'occurs'" if $tcref->{occurs} > 1;
if ( $occurs > 1 ) { if ( $occurs > 1 ) {
fatal_error "The 'occurs' option is not valid with 'classify'" if $devref->{classify}; fatal_error "The 'occurs' option is not valid with 'classify'" if $devref->{classify};
@ -1025,7 +1026,7 @@ sub setup_tc() {
if ( $config{HIGH_ROUTE_MARKS} ) { if ( $config{HIGH_ROUTE_MARKS} ) {
for my $chain qw(INPUT FORWARD POSTROUTING) { for my $chain qw(INPUT FORWARD POSTROUTING) {
insert_rule1 $mangle_table->{$chain}, 0, $config{WIDE_TC_MARKS} ? '-j MARK --and-mark 0x03FF' : '-j MARK --and-mark 0xFF'; insert_rule1 $mangle_table->{$chain}, 0, $config{WIDE_TC_MARKS} ? '-j MARK --and-mark 0x3FFF' : '-j MARK --and-mark 0xFF';
} }
} }
} }

12
Shorewall/releasenotes.txt
View File

@ -82,20 +82,24 @@ None.
Shorewall generates a TC class Id from a mark value. Shorewall generates a TC class Id from a mark value.
- Prior to 4.3.9, the class number was constructed by concatinating - Prior to 4.3.9, the class number was constructed by concatinating
the device number with the mark value. the either '1' or '10' with the mark value. '10' is used when
there are more than 10 devices defined in /etc/shorewall/tcdevices.
- Beginning with 4.3.9, the class number is constructed by shifting - In 4.3.9, the class number is constructed by shifting
the device number left by 10 bits and logically ORing the result the device number left by 10 bits and logically ORing the result
with the mark value. with the mark value.
- In 4.3.10, a new method is added; the mark value is logically
ORed with 0x40000000;
The WIDE_TC_MARKS option in shorewall.conf selects which The WIDE_TC_MARKS option in shorewall.conf selects which
construction to use. WIDE_TC_MARKS=No (the default) produces construction to use. WIDE_TC_MARKS=No (the default) produces
pre-4.3.9 behavior. WIDE_TC_MARKS=Yes produces the new behavior. pre-4.3.9 behavior. WIDE_TC_MARKS=Yes produces the new behavior.
In addition to determining the method of constructing class Ids, In addition to determining the method of constructing class Ids,
WIDE_TC_MARKS=Yes provides for larger mark values for traffic WIDE_TC_MARKS=Yes provides for larger mark values for traffic
shaping. Traffic shaping marks may have values up to 1023 with shaping. Traffic shaping marks may have values up to 16383 (0x3fff)
WIDE_TC_MARKS=Yes. This means that when both WIDE_TC_MARKS=Yes and with WIDE_TC_MARKS=Yes. This means that when both WIDE_TC_MARKS=Yes and
HIGH_ROUTE_MARKS=Yes, routing marks (/etc/shorewall/providers MARK HIGH_ROUTE_MARKS=Yes, routing marks (/etc/shorewall/providers MARK
column) must be >= 65536 (0x10000) and must be a multiple of 65536 column) must be >= 65536 (0x10000) and must be a multiple of 65536
(0x1000, 0x20000, 0x30000, ...). (0x1000, 0x20000, 0x30000, ...).

8
Shorewall/shorewall
View File

@ -1448,7 +1448,7 @@ usage() # $1 = exit status
echo " delete <interface>[:<host-list>] ... <zone>" echo " delete <interface>[:<host-list>] ... <zone>"
echo " drop <address> ..." echo " drop <address> ..."
echo " dump [ -x ]" echo " dump [ -x ]"
echo " encode <devnum> <mark>" echo " encode <mark>"
echo " export [ <directory1> ] [<user>@]<system>[:<directory2>]" echo " export [ <directory1> ] [<user>@]<system>[:<directory2>]"
echo " forget [ <file name> ]" echo " forget [ <file name> ]"
echo " help" echo " help"
@ -1996,11 +1996,11 @@ case "$COMMAND" in
;; ;;
decode) decode)
[ $# -eq 2 ] || usage 1 [ $# -eq 2 ] || usage 1
echo "Device = $(($2 >> 10)) Mark = $(($2 & 0x3ff))" echo "Mark = $(($2 & 0x3fff))"
;; ;;
encode) encode)
[ $# -eq 3 ] || usage 1 [ $# -eq 2 ] || usage 1
echo "Class Number = $((($2 << 10) | $3))" echo "Class Number = $((0x4000 | $2))"
;; ;;
call) call)
get_config get_config

22
docs/traffic_shaping.xml
View File

@ -434,7 +434,7 @@ ppp0 6000kbit 500kbit</programlisting>
<listitem> <listitem>
<para>MARK - The mark value which is an integer in the range 1-255 <para>MARK - The mark value which is an integer in the range 1-255
(1-1023 if you set WIDE_TC_MARKS=Yes in <ulink (1-16383 if you set WIDE_TC_MARKS=Yes in <ulink
url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5) ). You url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5) ). You
define these marks in the tcrules file, marking the traffic you want define these marks in the tcrules file, marking the traffic you want
to go into the queuing classes defined in here. You can use the same to go into the queuing classes defined in here. You can use the same
@ -615,7 +615,7 @@ ppp0 6000kbit 500kbit</programlisting>
<listitem> <listitem>
<para>MARK or CLASSIFY - MARK specifies the mark value is to be <para>MARK or CLASSIFY - MARK specifies the mark value is to be
assigned in case of a match. This is an integer in the range 1-255 assigned in case of a match. This is an integer in the range 1-255
(1-1023 if you set WIDE_TC_MARKS=Yes in <ulink (1-16383 if you set WIDE_TC_MARKS=Yes in <ulink
url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5) ). url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5) ).
This value may be optionally followed by <quote>:</quote> and either This value may be optionally followed by <quote>:</quote> and either
<quote>F</quote>, <quote>P</quote> or "T" to designate that the <quote>F</quote>, <quote>P</quote> or "T" to designate that the
@ -737,8 +737,10 @@ ppp0 6000kbit 500kbit</programlisting>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>the MARK value of the class preceded by the number "1" <para>the MARK value of the class preceded by the number "1"
(MARK value 1 is &lt;minor&gt; class 11, MARK value 22 is or "10" (MARK value 1 is &lt;minor&gt; class 11, MARK value
&lt;minor&gt; class 122, and so on)</para> 22 is &lt;minor&gt; class 122, and so on). "10" is used
where there are more than 10 devices defined in <link
linkend="tcdevices">/etc/shorewall/tcdevices</link>.</para>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
@ -751,15 +753,15 @@ ppp0 6000kbit 500kbit</programlisting>
<command>shorewall encode</command> and <command>shorewall <command>shorewall encode</command> and <command>shorewall
decode</command> commands (<ulink decode</command> commands (<ulink
url="manpages/shorewall.html">shorewall</ulink> (8)) may be url="manpages/shorewall.html">shorewall</ulink> (8)) may be
used to translate a device number/mark pair to/from a used to translate a mark to/from a &lt;minor&gt;
&lt;minor&gt; class.</para> class.</para>
<para>Examples:</para> <para>Examples:</para>
<programlisting>$ <command>shorewall encode 1 100</command> <programlisting>$ <command>shorewall encode 100</command>
Class Number = 1124 Class Number = 16484
$ <command>shorewall decode 1124</command> $ <command>shorewall decode 16484</command>
Device = 1 Mark = 100</programlisting> Mark = 100</programlisting>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</listitem> </listitem>

10
manpages/shorewall.conf.xml
View File

@ -645,7 +645,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<listitem> <listitem>
<para>Marks used for traffic shaping must be in the range of <para>Marks used for traffic shaping must be in the range of
1-1023 and may still not be set in the PREROUTING chain.</para> 1-16383 and may still not be set in the PREROUTING chain.</para>
</listitem> </listitem>
</orderedlist> </orderedlist>
@ -1723,14 +1723,14 @@ net all DROP info</programlisting>then the chain name is 'net2all'
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">WIDE_ROUTE_MARKS=</emphasis>{<emphasis <term><emphasis role="bold">WIDE_TC_MARKS=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term> role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
<listitem> <listitem>
<para>When set to No (the default), traffic shaping marks are 8 <para>When set to No (the default), traffic shaping marks are 8
bytes wide (possible values are 1-255). When WIDE_ROUTE_MARKS=Yes, bytes wide (possible values are 1-255). When WIDE_TC_MARKS=Yes,
traffic shaping marks are 10 bytes wide (values 1-1023). The setting traffic shaping marks are 14 bytes wide (values 1-16383). The
of WIDE_ROUTE_MARKS also has an effect on the HIGH_ROUTE_MARKS setting of WIDE_TC_MARKS also has an effect on the HIGH_ROUTE_MARKS
option (see above).</para> option (see above).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

6
manpages/shorewall.xml
View File

@ -159,8 +159,7 @@
<arg>-<replaceable>options</replaceable></arg> <arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>encode</option><arg <arg choice="plain"><option>encode</option><arg
choice="plain"><replaceable>devnum</replaceable><replaceable> choice="plain"><replaceable> mark</replaceable></arg></arg>
mark</replaceable></arg></arg>
</cmdsynopsis> </cmdsynopsis>
<cmdsynopsis> <cmdsynopsis>
@ -748,7 +747,7 @@
<listitem> <listitem>
<para>Decomposes the <replaceable>classnum</replaceable> into its <para>Decomposes the <replaceable>classnum</replaceable> into its
component device number and mark value.</para> component mark value.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -796,7 +795,6 @@
<listitem> <listitem>
<para>Displays the class number derived from the <para>Displays the class number derived from the
<replaceable>devnum</replaceable> and
<replaceable>mark</replaceable>.</para> <replaceable>mark</replaceable>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

10
manpages6/shorewall6.conf.xml
View File

@ -500,7 +500,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<listitem> <listitem>
<para>Marks used for traffic shaping must be in the range of <para>Marks used for traffic shaping must be in the range of
1-1023 and may still not be set in the PREROUTING chain.</para> 1-16383 and may still not be set in the PREROUTING chain.</para>
</listitem> </listitem>
</orderedlist> </orderedlist>
@ -1212,14 +1212,14 @@ net all DROP info</programlisting>then the chain name is 'net2all'
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">WIDE_ROUTE_MARKS=</emphasis>{<emphasis <term><emphasis role="bold">WIDE_TC_MARKS=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term> role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
<listitem> <listitem>
<para>When set to No (the default), traffic shaping marks are 8 <para>When set to No (the default), traffic shaping marks are 8
bytes wide (possible values are 1-255). When WIDE_ROUTE_MARKS=Yes, bytes wide (possible values are 1-255). When WIDE_TC_MARKS=Yes,
traffic shaping marks are 10 bytes wide (values 1-1023). The setting traffic shaping marks are 14 bytes wide (values 1-16383). The
of WIDE_ROUTE_MARKS also has an effect on the HIGH_ROUTE_MARKS setting of WIDE_TC_MARKS also has an effect on the HIGH_ROUTE_MARKS
option (see above).</para> option (see above).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>