extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-05-31 23:15:48 +02:00
Code Issues Packages Projects Releases Wiki Activity

Use fwmark classifier for unknown interfaces

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5013 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-11-28 00:05:52 +00:00
parent 1573d32665
commit b8c694e86f
3 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/changelog.txt
View File

@ -6,6 +6,8 @@ Changes in 3.3.6
3) Use export directory's modules file with -e.
4) Use fwmark tc filter with unknown interfaces.
Changes in 3.3.5
1) Restore default route when there are no 'balance' providers.

8
Shorewall/lib.tc
View File

@ -254,12 +254,18 @@ setup_traffic_shaping()
run_tc "class add dev $device parent $devnum:1 classid $classid htb rate $rate ceil $ceil prio $prio mtu \$${dev}_mtu quantum \$quantum"
run_tc qdisc add dev $device parent $classid handle 1$mark: sfq perturb 10
# add filters
if [ -n "$CLASSIFY_TARGET" ]; then
run_iptables -t mangle -A tcpost $(match_dest_dev $device) -m mark --mark $mark/0xFF -j CLASSIFY --set-class $classid
if known_interface $device; then
run_iptables -t mangle -A tcpost -o $device -m mark --mark $mark/0xFF -j CLASSIFY --set-class $classid
else
run_tc filter add dev $device protocol ip parent $devnum:0 prio 1 handle $mark fw classid $classid
fi
else
run_tc filter add dev $device protocol ip parent $devnum:0 prio 1 handle $mark fw classid $classid
fi
#options
list_search "tcp-ack" $options && run_tc filter add dev $device parent $devnum:0 protocol ip prio 10 u32 match ip protocol 6 0xff match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 2 match u8 0x10 0xff at 33 flowid $classid
list_search "tos-minimize-delay" $options && options="$options tos=0x10/0x10"

5
Shorewall/releasenotes.txt
View File

@ -54,6 +54,11 @@ Other Changes in 3.3.6
compiled, then that file will be copied into the compiled script
and used on the firewall system.
3) Shorewall now uses tc fwmark filters to classify packets for
traffic shaping when the DEVICE isn't an interface described in
/etc/shorewall/interfaces. This is in preparation for the upcoming
change to the way that --physdev-out works in iptables/Netfilter.
Migration Considerations:
1) Shorewall supports the notion of "default actions". A default