Complete Shared TC documentation

docs/traffic_shaping.xml

@@ -1278,6 +1278,58 @@ SAVE     0.0.0.0/0      0.0.0.0/0       all        -             -        -
 /sbin/shorewall refresh</programlisting>
     </section>
 
+    <section>
+      <title>Sharing a TC configuration between Shorewall and
+      Shorewall6</title>
+
+      <para>Beginning with Shorewall 4.4.15, the traffic-shaping configuration
+      in the tcdevices, tcclasses and tcfilters files can be shared between
+      Shorewall and Shorewall6. Only one of the products can control the
+      configuration but the other can configure CLASSIFY rules in its own
+      tcrules file that refer to the shared classes.</para>
+
+      <para>To defined the configuration in Shorewall and shared it with
+      Shorewall6:</para>
+
+      <itemizedlist>
+        <listitem>
+          <para>Set TC_ENABLED=Internal in <ulink
+          url="manpages/shorewall.conf.html">shorewall.conf</ulink>
+          (5).</para>
+        </listitem>
+
+        <listitem>
+          <para>Set TC_ENABLED=SHARED in <ulink
+          url="manpages6/shorewall6.conf.html">shorewall6.conf</ulink>
+          (5).</para>
+        </listitem>
+
+        <listitem>
+          <para>Create symbolic links from /etc/shorewall6 to
+          /etc/shorewall/tcdevices and /etc/shorewall/tcclasses:</para>
+
+          <programlisting>ln -s ../shorewall/tcdevices /etc/shorewall6/tcdevices
+ln -s ../shorewall/tcclasses /etc/shorewall6/tcclasses</programlisting>
+        </listitem>
+
+        <listitem>
+          <para>If you need to define IPv6 tcfilter entries, do so in
+          /etc/shorewall/tcfilters. That file now allows entries that apply to
+          IPv6.</para>
+        </listitem>
+      </itemizedlist>
+
+      <para>Shorewall6 compilations to have access to the tcdevices and
+      tcclasses files although it will create no output. That access allows
+      CLASSIFY rules in /etc/shorewall6/tcrules to be validated against the TC
+      configuration.</para>
+
+      <para>In this configuration, it is Shorewall that controls TC
+      configuration (except for IPv6 tcrules). You can reverse the settings in
+      the files if you want to control the configuration using
+      Shorewall6.</para>
+    </section>
+
     <section id="perIP">
       <title>Per-IP Traffic Shaping</title>
 

manpages/shorewall.conf.xml

@@ -1645,7 +1645,7 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
         role="bold">Yes</emphasis>|<emphasis
         role="bold">No</emphasis>|<emphasis
         role="bold">Internal</emphasis>|<emphasis
-        role="bold">Simple</emphasis>]</term>
+        role="bold">Simple</emphasis>|Shared]</term>
 
         <listitem>
           <para>If you say <emphasis role="bold">Yes</emphasis> or <emphasis
@@ -1667,6 +1667,16 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
           <para>If you set TC_ENABLED=Internal or internal or leave the option
           empty then Shorewall will use its builtin traffic shaper
           (tc4shorewall written by Arne Bernin.</para>
+
+          <para>Beginning with Shorewall 4.4.15, you can set
+          TC_ENABLED=Shared. This allows you to configure the tcdevices and
+          tcclasses in your Shorewall6 configuration yet make them available
+          to the compiler when compiling your Shorewall configuration. In
+          addition to setting TC_ENABLED=Shared, you need to create symbolic
+          links from your Shorewall configuration directory (normally
+          /etc/shorewall/) to the tcdevices and tcclasses files in your
+          Shorewall6 configuration directory (normally
+          /etc/shorewall6/).</para>
         </listitem>
       </varlistentry>
 

manpages6/shorewall6.conf.xml

@@ -1351,7 +1351,7 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
         <term><emphasis role="bold">TC_ENABLED=</emphasis>[<emphasis
         role="bold">Yes</emphasis>|<emphasis
         role="bold">No</emphasis>|<emphasis
-        role="bold">Internal</emphasis>]</term>
+        role="bold">Internal|Shared</emphasis>]</term>
 
         <listitem>
           <para>If you say <emphasis role="bold">Yes</emphasis> or <emphasis
@@ -1368,11 +1368,22 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
           empty then Shorewall6 will use its builtin traffic shaper
           (tc4shorewall6 written by Arne Bernin.</para>
 
+          <para>Beginning with Shorewall 4.4.15, if you set TC_ENABLED=Shared
+          or shared, then you should create symbolic links from your
+          Shorewall6 configuration directory (normally
+          <filename>/etc/shorewall6/</filename>) to your Shorewall
+          <filename>tcdevices</filename> and <filename>tcclasses</filename>
+          files. This allows the compiler to have access to your Shorewall
+          traffic shaping configuration so that it can validate CLASSIFY rules
+          in <ulink url="shorewall-tcrules.html">shorewall6-tcrules</ulink>
+          (5).</para>
+
           <warning>
             <para>If you also run Shorewall and if you have
             TC_ENABLED=Internal in your <ulink
             url="../manpages/shorewall.conf.html">shorewall-conf</ulink>(5),
-            then you will want TC_ENABLED=No in this file.</para>
+            then you will want TC_ENABLED=No or TC_ENABLED=Shared in this
+            file.</para>
           </warning>
         </listitem>
       </varlistentry>