extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-11 16:18:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix 'check -e' and traffic shaping

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4372 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-08-17 17:46:25 +00:00
parent f9685d5ddd
commit 9f69be3295
2 changed files with 69 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

118
Shorewall/functions
View File

@ -1512,7 +1512,7 @@ log_rule_limit() # $1 = log level, $2 = chain, $3 = display Chain $4 = dispositi
error_message "WARNING: Log Prefix shortened to \"$prefix\"" error_message "WARNING: Log Prefix shortened to \"$prefix\""
fi fi
[ "$COMMAND" = compile ] && prefix="\"$prefix\"" [ "$COMMAND" = compile -o "$COMMAND" = check ] && prefix="\"$prefix\""
case $level in case $level in
ULOG) ULOG)
@ -1727,45 +1727,55 @@ setup_traffic_shaping()
dev=$(chain_base $device) dev=$(chain_base $device)
if [ $COMMAND = compile ]; then case $COMMAND in
save_command "if qt ip link ls dev $device; then" compile|check)
indent="$INDENT" save_command "if qt ip link ls dev $device; then"
INDENT="$INDENT " indent="$INDENT"
save_command ${dev}_exists=Yes INDENT="$INDENT "
save_command qt tc qdisc del dev $device root save_command ${dev}_exists=Yes
save_command qt tc qdisc del dev $device ingress save_command qt tc qdisc del dev $device root
elif ! qt ip link ls dev $device; then save_command qt tc qdisc del dev $device ingress
error_message "WARNING: Device $device not found -- traffic-shaping configuration skipped" ;;
return 1 *)
fi if ! qt ip link ls dev $device; then
error_message "WARNING: Device $device not found -- traffic-shaping configuration skipped"
return 1
fi
;;
esac
defmark=$(get_defmark_for_dev $device) defmark=$(get_defmark_for_dev $device)
run_tc qdisc add dev $device root handle $devnum: htb default 1$defmark run_tc qdisc add dev $device root handle $devnum: htb default 1$defmark
if [ $COMMAND = compile ]; then case $COMMAND in
save_command "${dev}_mtu=\$(get_device_mtu $device)" compile|check)
run_tc "class add dev $device parent $devnum: classid $devnum:1 htb rate $outband mtu \$${dev}_mtu" save_command "${dev}_mtu=\$(get_device_mtu $device)"
else run_tc "class add dev $device parent $devnum: classid $devnum:1 htb rate $outband mtu \$${dev}_mtu"
run_tc class add dev $device parent $devnum: classid $devnum:1 htb rate $outband mtu $(get_device_mtu $device) ;;
fi *)
run_tc class add dev $device parent $devnum: classid $devnum:1 htb rate $outband mtu $(get_device_mtu $device)
;;
esac
run_tc qdisc add dev $device handle ffff: ingress run_tc qdisc add dev $device handle ffff: ingress
run_tc filter add dev $device parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${inband} burst 10k drop flowid :1 run_tc filter add dev $device parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${inband} burst 10k drop flowid :1
eval ${dev}_devnum=$devnum eval ${dev}_devnum=$devnum
devnum=$(($devnum + 1)) devnum=$(($devnum + 1))
if [ $COMMAND = compile ]; then case $COMMAND in
save_progress_message_short " TC Device $tcdev defined." compile|check)
INDENT="$indent" save_progress_message_short " TC Device $tcdev defined."
save_command else INDENT="$indent"
INDENT="$INDENT " save_command else
save_command error_message "\"WARNING: Device $device not found -- traffic-shaping configuration skipped\"" INDENT="$INDENT "
save_command "${dev}_exists=" save_command error_message "\"WARNING: Device $device not found -- traffic-shaping configuration skipped\""
INDENT="$indent" save_command "${dev}_exists="
save_command "fi" INDENT="$indent"
save_command save_command "fi"
fi save_command
;;
esac
return 0 return 0
} }
@ -1775,13 +1785,16 @@ setup_traffic_shaping()
dev=$(chain_base $device) dev=$(chain_base $device)
if [ $COMMAND = compile ]; then case $COMMAND in
save_command "if [ -n \"\$${dev}_exists\" ] ; then" compile|check)
indent="$INDENT" save_command "if [ -n \"\$${dev}_exists\" ] ; then"
INDENT="$INDENT " indent="$INDENT"
else INDENT="$INDENT "
qt ip link ls dev $device || return 1 ;;
fi *)
qt ip link ls dev $device || return 1
;;
esac
full=$(get_outband_for_dev $device) full=$(get_outband_for_dev $device)
full=$(rate_to_kbit $full) full=$(rate_to_kbit $full)
@ -1816,14 +1829,17 @@ setup_traffic_shaping()
quantum=$(calculate_quantum $rate) quantum=$(calculate_quantum $rate)
if [ $COMMAND = compile ]; then case $COMMAND in
save_command "[ \$${dev}_mtu -gt $quantum ] && quantum=\$${dev}_mtu || quantum=$quantum" compile|check)
run_tc "class add dev $device parent $devnum:1 classid $classid htb rate $rate ceil $ceil prio $prio mtu \$${dev}_mtu quantum \$quantum" save_command "[ \$${dev}_mtu -gt $quantum ] && quantum=\$${dev}_mtu || quantum=$quantum"
else run_tc "class add dev $device parent $devnum:1 classid $classid htb rate $rate ceil $ceil prio $prio mtu \$${dev}_mtu quantum \$quantum"
[ "$last_device" = $device ] || mtu=$(get_device_mtu $device) ;;
[ $mtu -gt $quantum ] && quantum=$mtu *)
run_tc class add dev $device parent $devnum:1 classid $classid htb rate $rate ceil $ceil prio $prio mtu $mtu quantum $quantum [ "$last_device" = $device ] || mtu=$(get_device_mtu $device)
fi [ $mtu -gt $quantum ] && quantum=$mtu
run_tc class add dev $device parent $devnum:1 classid $classid htb rate $rate ceil $ceil prio $prio mtu $mtu quantum $quantum
;;
esac
run_tc qdisc add dev $device parent $classid handle 1$mark: sfq perturb 10 run_tc qdisc add dev $device parent $classid handle 1$mark: sfq perturb 10
# add filters # add filters
@ -1852,12 +1868,14 @@ setup_traffic_shaping()
run_tc filter add dev $device parent $devnum:0 protocol ip prio 10 u32 match ip tos ${tospair%%/*} $tosmask flowid $classid run_tc filter add dev $device parent $devnum:0 protocol ip prio 10 u32 match ip tos ${tospair%%/*} $tosmask flowid $classid
done done
if [ $COMMAND = compile ]; then case $COMMAND in
save_progress_message_short " TC Class $tcdev defined." compile|check)
INDENT="$indent" save_progress_message_short " TC Class $tcdev defined."
save_command fi INDENT="$indent"
save_command save_command fi
fi save_command
;;
esac
return 0 return 0
} }

3
Shorewall/shorewall
View File

@ -61,8 +61,7 @@
# shorewall show classifiers Display classifiers # shorewall show classifiers Display classifiers
# shorewall show capabilities Display iptables/kernel capabilities # shorewall show capabilities Display iptables/kernel capabilities
# shorewall version Display the installed version id # shorewall version Display the installed version id
# shorewall check Verify the more heavily-used # shorewall check [ -e ] [ <directory> ] Dry-run compilation.
# configuration files.
# shorewall try <directory> [ <timeout> ] Try a new configuration and if # shorewall try <directory> [ <timeout> ] Try a new configuration and if
# it doesn't work, revert to the # it doesn't work, revert to the
# standard one. If a timeout is supplied # standard one. If a timeout is supplied