mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-24 15:18:53 +01:00
Support for IFB (but don't document it yet)
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8288 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
9f37f6a4ca
commit
b0a5c577f4
@ -65,9 +65,31 @@ Migration Issues.
|
||||
5) The value of IMPLICIT_CONTINUE in shorewall.conf (and samples) has
|
||||
been changed from Yes to No.
|
||||
|
||||
Problems corrected in 4.1.6.
|
||||
Problems corrected in Shorewall-perl 4.1.6.
|
||||
|
||||
None.
|
||||
1) A problem introduced in 4.1.5 would result in the following error
|
||||
message.
|
||||
|
||||
ERROR: Internal error in create_netfilter_load()
|
||||
|
||||
2) Under Shorewall-perl, if an empty action was invoked or was named
|
||||
in one of the DEFAULT_xxx options in shorewall.conf, an
|
||||
iptables-restore error occured.
|
||||
|
||||
3) If $ADMIN was empty, then the rule:
|
||||
|
||||
ACCEPT loc:$ADMIN all
|
||||
|
||||
became
|
||||
|
||||
ACCEPT loc net
|
||||
|
||||
It is now flagged as an error.
|
||||
|
||||
Problems corrected in Shorewall-shell 4.1.6.
|
||||
|
||||
1) Specifying a value for ACCEPT_DEFAULT or QUEUE_DEFAULT resulted in
|
||||
a fatal error at compile time.
|
||||
|
||||
New Features in 4.1.6.
|
||||
|
||||
|
@ -297,6 +297,7 @@ sub process_tc_rule( $$$$$$$$$$ ) {
|
||||
sub rate_to_kbit( $ ) {
|
||||
my $rate = $_[0];
|
||||
|
||||
return 0 if $rate eq '-';
|
||||
return $1 if $rate =~ /^(\d+)kbit$/i;
|
||||
return $1 * 1000 if $rate =~ /^(\d+)mbit$/i;
|
||||
return $1 * 8000 if $rate =~ /^(\d+)mbps$/i;
|
||||
@ -337,10 +338,13 @@ sub validate_tc_device( $$$$$ ) {
|
||||
|
||||
my @redirected = ();
|
||||
|
||||
@redirected = split_list( $redirected , 'device' ) if defined $redirected && $redirected ne '-';;
|
||||
@redirected = split_list( $redirected , 'device' ) if defined $redirected && $redirected ne '-';
|
||||
|
||||
for my $rdevice ( @redirected ) {
|
||||
fatal_error "Invalid device name ($rdevice)" if $rdevice =~ /[:+]/;
|
||||
my $rdevref = $tcdevices{$rdevice};
|
||||
fatal_error "REDIRECTED device ($rdevice) has not been defined in this file" unless $rdevref;
|
||||
fatal_error "IN-BANDWIDTH must be zero for REDIRECTED devices" if $rdevref->{in_bandwidth} ne '0kbit';
|
||||
}
|
||||
|
||||
$tcdevices{$device} = { in_bandwidth => rate_to_kbit( $inband ) . 'kbit' ,
|
||||
@ -482,6 +486,8 @@ sub setup_traffic_shaping() {
|
||||
emit ( "run_tc qdisc add dev $device handle ffff: ingress",
|
||||
"run_tc filter add dev $device parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${inband}kbit burst 10k drop flowid :1"
|
||||
);
|
||||
} elsif ( @{$devref->{redirected}} ) {
|
||||
emit ( "run_tc qdisc add dev $device handle ffff: ingress" );
|
||||
}
|
||||
|
||||
for my $rdev ( @{$devref->{redirected}} ) {
|
||||
|
Loading…
Reference in New Issue
Block a user