extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-02-04 11:59:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add LENGTH column to tcfilters file

Browse Source
This commit is contained in:
Tom Eastep 2009-05-28 14:29:33 -07:00
parent d35274d7d9
commit 97fa7a0513
6 changed files with 45 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -778,11 +778,13 @@ sub validate_tc_class( ) {
progress_message " Tcclass \"$currentline\" $done.";
}
my %validlengths = ( 32 => '0xffe0', 64 => '0xffc0', 128 => '0xff80', 256 => '0xff00', 512 => '0xfe00', 1024 => '0xfc00', 2048 => '0xf800', 4096 => '0xf000', 8192 => '0xe000' );
#
# Process a record from the tcfilters file
#
sub process_tc_filter( ) {
my ( $devclass, $source, $dest , $proto, $portlist , $sportlist ) = split_line 2, 6, 'tcfilters file';
my ( $devclass, $source, $dest , $proto, $portlist , $sportlist, $length ) = split_line 2, 7, 'tcfilters file';
my ($device, $class, $rest ) = split /:/, $devclass, 3;
@ -817,6 +819,13 @@ sub process_tc_filter( ) {
$rule .= "\\\n match ip dst $net/$mask";
}
if ( $length ne '-' ) {
my $len = numeric_value( $length ) || 0;
my $mask = $validlengths{$len};
fatal_error "Invalid LENGTH ($length)" unless $mask;
$rule .="\\\n match u16 0x0000 $mask at 2";
}
my $protonumber = 0;
unless ( $proto eq '-' ) {

2
Shorewall/changelog.txt
View File

@ -7,6 +7,8 @@ Changes in Shorewall 4.3.12
3) Delete support for ipset binding. Jozsef has removed the capability
from ipset.
4) Add LENGTH column to tcfilters file.
Changes in Shorewall 4.3.11
1) Reduce the number of arguments passed in may cases.

2
Shorewall/configfiles/tcfilters
View File

@ -6,6 +6,6 @@
# See http://shorewall.net/traffic_shaping.htm for additional information.
#
###############################################################################
#INTERFACE: SOURCE DEST PROTO DEST SOURCE
#INTERFACE: SOURCE DEST PROTO DEST SOURCE LENGTH
#CLASS PORT(S) PORT(S)
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

8
Shorewall/releasenotes.txt
View File

@ -153,6 +153,14 @@ None.
OUT-BANDWIDTH. Maximum delay is 10ms. Maximum packet
size is 1500 bytes.
2) Support for ipset bindings has been removed. Jozsef Kadlecsik has
already removed such support from ipset itself.
3) A LENGTH field has been added to the tcfilters file. The value must
be a numeric power of two between 32 and 8192 inclusive. Packets
with a total length that is strictly less that the specified value
will match the rule.
----------------------------------------------------------------------------
N E W F E A T U R E S IN 4 . 3
----------------------------------------------------------------------------

10
docs/traffic_shaping.xml
View File

@ -1662,6 +1662,16 @@ eth0 192.168.1.0/24 206.124.146.179</programlisting></para>
are supported.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>LENGTH</term>
<listitem>
<para>Must be a power of 2 between 32 and 8192 inclusive. Packets
with a total length that is strictly less than the specified value
will match the rule.</para>
</listitem>
</varlistentry>
</variablelist>
<para>Example:</para>

13
manpages/shorewall-tcfilters.xml
View File

@ -1,4 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<refentry>
<refmeta>
<refentrytitle>shorewall-tcfilters</refentrytitle>
@ -105,6 +107,17 @@
<para>Source port.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">LENGTH</emphasis> (Optional) - [<emphasis
role="bold">-</emphasis>|<emphasis>number</emphasis>]</term>
<listitem>
<para>Must be a power of 2 between 32 and 8192 inclusive. Packets
with a total length that is strictly less than the specified
<replaceable>number</replaceable> will match the rule.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>