Add OPTIONS to tcdevices

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7837 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-06-21 02:08:48 +02:00 · 2007-12-06 17:26:37 +00:00 · 2007-12-06 17:26:37 +00:00 · 9f7cfc8489
commit 9f7cfc8489
parent 1855f85527
4 changed files with 63 additions and 10 deletions
--- a/Shorewall-common/changelog.txt
+++ b/Shorewall-common/changelog.txt
@ -14,7 +14,7 @@ Changes in 4.1.2

 7)  Tighten up HIGH_ROUTE_MARKS in the OUTPUT chain.

-8)  Tweak 'track'.
+8)  Add 'nomarks' OPTION to tcdevices.

 Changes in 4.1.1

--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@ -151,6 +151,46 @@ Other changes in Shorewall 4.1.2.
    b) After the -v and -q options are applied, the resulting value is
       adjusted to fall within the range -1 through 2.

+4)  The tcdevices file has been extended to include an OPTIONS
+    column. Currently only a single option is defined.
+
+    classify   When specified, you must use explicit CLASSIFY tcrules
+	       to classify traffic by class. Shorewall will not create
+               any CLASSIFY rules to classify traffic by mark value.
+
+    The 'classify' option should be specified when you want to do all
+    classification using CLASSIFY tcrules. Because CLASSIFY is not a
+    terminating target, every packet passes through all CLASSIFY
+    rules. 'classify' can prevent packets from having to pass through
+    useless additional rules.
+
+    Example:
+
+    /etc/shorewall/tcdevices
+
+	#INTERFACE	IN-BANDWITH	OUT-BANDWIDTH	OPTIONS
+	$EXT_IF		1300kbit	384kbit		classify
+
+    /etc/shorewall/tcclasses
+
+	#INTERFACE MARK	RATE	  CEIL	    PRIORITY OPTIONS
+	$EXT_IF	   10	5*full/10 full	    1	     tcp-ack,tos-minimize-delay
+	$EXT_IF	   20	2*full/10 6*full/10 2	     default
+	$EXT_IF	   30	2*full/10 6*full/10 3
+
+    /etc/shorewall/tcrules
+
+	#MARK	SOURCE		DEST	PROTO	PORT(S)	SOURCE
+	#                                               PORT(S)
+	1:110	192.168.0.0/22	$EXT_IF         
+	1:130	206.124.146.177 $EXT_IF	tcp     -       873
+
+    This example shows my own simple traffic shaping configuration. I
+    have three classes; one for traffic from our local network, one for
+    rsync from the master shorewall.net server, and one for all other
+    DMZ traffic. I use CLASSIFY rules to assign traffic to the first
+    and third class and let the rest default to the second class.
+
 Migration Issues.

 1)  Previously, when HIGH_ROUTE_MARKS=Yes, Shorewall allowed non-zero
--- a/Shorewall-common/tcdevices
+++ b/Shorewall-common/tcdevices
@ -6,5 +6,5 @@
 # See http://shorewall.net/traffic_shaping.htm for additional information.
 #
 ###############################################################################
-#INTERFACE	IN-BANDWITH	OUT-BANDWIDTH
+#INTERFACE	IN-BANDWITH	OUT-BANDWIDTH		OPTIONS
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall-perl/Shorewall/Tc.pm
+++ b/Shorewall-perl/Shorewall/Tc.pm
@ -318,8 +318,8 @@ sub calculate_quantum( $$ ) {
    int( ( $rate * 125 ) / $r2q );
 }

-sub validate_tc_device( $$$ ) {
-    my ( $device, $inband, $outband ) = @_;
+sub validate_tc_device( $$$$ ) {
+    my ( $device, $inband, $outband , $options ) = @_;

    fatal_error "Duplicate device ($device)"    if $tcdevices{$device};
    fatal_error "Invalid device name ($device)" if $device =~ /[:+]/;
@ -327,6 +327,17 @@ sub validate_tc_device( $$$ ) {
    $tcdevices{$device} = {};
    $tcdevices{$device}{in_bandwidth}  = rate_to_kbit( $inband ) . 'kbit';
    $tcdevices{$device}{out_bandwidth} = rate_to_kbit( $outband ) . 'kbit';
+    $tcdevices{$device}{classify} = 0;
+
+    if ( $options ne '-' ) {
+	for my $option ( split /,/, $options ) {
+	    if ( $option eq 'classify' ) {
+		$tcdevices{$device}{classify} = 1;
+	    } else {
+		fatal_error "Unknown device option ($option)";
+	    }
+	}
+    }

    push @tcdevices, $device;

@ -412,10 +423,10 @@ sub setup_traffic_shaping() {

 	while ( read_a_line ) {

-	    my ( $device, $inband, $outband ) = split_line 3, 3, 'tcdevices';
+	    my ( $device, $inband, $outband, $options ) = split_line 3, 4, 'tcdevices';

 	    fatal_error "Invalid tcdevices entry" if $outband eq '-';
-	    validate_tc_device( $device, $inband, $outband );
+	    validate_tc_device( $device, $inband, $outband , $options );
 	}
    }

@ -510,10 +521,12 @@ sub setup_traffic_shaping() {
 	#
 	# add filters
 	#
-	if ( "$capabilities{CLASSIFY_TARGET}" && known_interface $device ) {
-	    push @deferred_rules, match_dest_dev( $device ) . "-m mark --mark $mark/0xFF -j CLASSIFY --set-class $classid";
-	} else {
-	    emit "run_tc filter add dev $device protocol ip parent $devnum:0 prio 1 handle $mark fw classid $classid";
+	unless ( $devref->{classify} ) {
+	    if ( "$capabilities{CLASSIFY_TARGET}" && known_interface $device ) {
+		push @deferred_rules, match_dest_dev( $device ) . "-m mark --mark $mark/0xFF -j CLASSIFY --set-class $classid";
+	    } else {
+		emit "run_tc filter add dev $device protocol ip parent $devnum:0 prio 1 handle $mark fw classid $classid";
+	    }
 	}
 	#
 	#options