mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-19 17:28:35 +02:00
Add OPTIONS to tcdevices
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7837 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
1855f85527
commit
9f7cfc8489
@ -14,7 +14,7 @@ Changes in 4.1.2
|
||||
|
||||
7) Tighten up HIGH_ROUTE_MARKS in the OUTPUT chain.
|
||||
|
||||
8) Tweak 'track'.
|
||||
8) Add 'nomarks' OPTION to tcdevices.
|
||||
|
||||
Changes in 4.1.1
|
||||
|
||||
|
@ -151,6 +151,46 @@ Other changes in Shorewall 4.1.2.
|
||||
b) After the -v and -q options are applied, the resulting value is
|
||||
adjusted to fall within the range -1 through 2.
|
||||
|
||||
4) The tcdevices file has been extended to include an OPTIONS
|
||||
column. Currently only a single option is defined.
|
||||
|
||||
classify When specified, you must use explicit CLASSIFY tcrules
|
||||
to classify traffic by class. Shorewall will not create
|
||||
any CLASSIFY rules to classify traffic by mark value.
|
||||
|
||||
The 'classify' option should be specified when you want to do all
|
||||
classification using CLASSIFY tcrules. Because CLASSIFY is not a
|
||||
terminating target, every packet passes through all CLASSIFY
|
||||
rules. 'classify' can prevent packets from having to pass through
|
||||
useless additional rules.
|
||||
|
||||
Example:
|
||||
|
||||
/etc/shorewall/tcdevices
|
||||
|
||||
#INTERFACE IN-BANDWITH OUT-BANDWIDTH OPTIONS
|
||||
$EXT_IF 1300kbit 384kbit classify
|
||||
|
||||
/etc/shorewall/tcclasses
|
||||
|
||||
#INTERFACE MARK RATE CEIL PRIORITY OPTIONS
|
||||
$EXT_IF 10 5*full/10 full 1 tcp-ack,tos-minimize-delay
|
||||
$EXT_IF 20 2*full/10 6*full/10 2 default
|
||||
$EXT_IF 30 2*full/10 6*full/10 3
|
||||
|
||||
/etc/shorewall/tcrules
|
||||
|
||||
#MARK SOURCE DEST PROTO PORT(S) SOURCE
|
||||
# PORT(S)
|
||||
1:110 192.168.0.0/22 $EXT_IF
|
||||
1:130 206.124.146.177 $EXT_IF tcp - 873
|
||||
|
||||
This example shows my own simple traffic shaping configuration. I
|
||||
have three classes; one for traffic from our local network, one for
|
||||
rsync from the master shorewall.net server, and one for all other
|
||||
DMZ traffic. I use CLASSIFY rules to assign traffic to the first
|
||||
and third class and let the rest default to the second class.
|
||||
|
||||
Migration Issues.
|
||||
|
||||
1) Previously, when HIGH_ROUTE_MARKS=Yes, Shorewall allowed non-zero
|
||||
|
@ -6,5 +6,5 @@
|
||||
# See http://shorewall.net/traffic_shaping.htm for additional information.
|
||||
#
|
||||
###############################################################################
|
||||
#INTERFACE IN-BANDWITH OUT-BANDWIDTH
|
||||
#INTERFACE IN-BANDWITH OUT-BANDWIDTH OPTIONS
|
||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
||||
|
@ -318,8 +318,8 @@ sub calculate_quantum( $$ ) {
|
||||
int( ( $rate * 125 ) / $r2q );
|
||||
}
|
||||
|
||||
sub validate_tc_device( $$$ ) {
|
||||
my ( $device, $inband, $outband ) = @_;
|
||||
sub validate_tc_device( $$$$ ) {
|
||||
my ( $device, $inband, $outband , $options ) = @_;
|
||||
|
||||
fatal_error "Duplicate device ($device)" if $tcdevices{$device};
|
||||
fatal_error "Invalid device name ($device)" if $device =~ /[:+]/;
|
||||
@ -327,6 +327,17 @@ sub validate_tc_device( $$$ ) {
|
||||
$tcdevices{$device} = {};
|
||||
$tcdevices{$device}{in_bandwidth} = rate_to_kbit( $inband ) . 'kbit';
|
||||
$tcdevices{$device}{out_bandwidth} = rate_to_kbit( $outband ) . 'kbit';
|
||||
$tcdevices{$device}{classify} = 0;
|
||||
|
||||
if ( $options ne '-' ) {
|
||||
for my $option ( split /,/, $options ) {
|
||||
if ( $option eq 'classify' ) {
|
||||
$tcdevices{$device}{classify} = 1;
|
||||
} else {
|
||||
fatal_error "Unknown device option ($option)";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
push @tcdevices, $device;
|
||||
|
||||
@ -412,10 +423,10 @@ sub setup_traffic_shaping() {
|
||||
|
||||
while ( read_a_line ) {
|
||||
|
||||
my ( $device, $inband, $outband ) = split_line 3, 3, 'tcdevices';
|
||||
my ( $device, $inband, $outband, $options ) = split_line 3, 4, 'tcdevices';
|
||||
|
||||
fatal_error "Invalid tcdevices entry" if $outband eq '-';
|
||||
validate_tc_device( $device, $inband, $outband );
|
||||
validate_tc_device( $device, $inband, $outband , $options );
|
||||
}
|
||||
}
|
||||
|
||||
@ -510,10 +521,12 @@ sub setup_traffic_shaping() {
|
||||
#
|
||||
# add filters
|
||||
#
|
||||
if ( "$capabilities{CLASSIFY_TARGET}" && known_interface $device ) {
|
||||
push @deferred_rules, match_dest_dev( $device ) . "-m mark --mark $mark/0xFF -j CLASSIFY --set-class $classid";
|
||||
} else {
|
||||
emit "run_tc filter add dev $device protocol ip parent $devnum:0 prio 1 handle $mark fw classid $classid";
|
||||
unless ( $devref->{classify} ) {
|
||||
if ( "$capabilities{CLASSIFY_TARGET}" && known_interface $device ) {
|
||||
push @deferred_rules, match_dest_dev( $device ) . "-m mark --mark $mark/0xFF -j CLASSIFY --set-class $classid";
|
||||
} else {
|
||||
emit "run_tc filter add dev $device protocol ip parent $devnum:0 prio 1 handle $mark fw classid $classid";
|
||||
}
|
||||
}
|
||||
#
|
||||
#options
|
||||
|
Loading…
x
Reference in New Issue
Block a user