diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index 505cb13f2..789313bd0 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -139,6 +139,11 @@ our %flow_keys = ( 'src' => 1,
'sk-gid' => 1,
'vlan-tag' => 1 );
+our %tosoptions = ( 'tos-minimize-delay' => 'tos=0x10/0x10' ,
+ 'tos-maximize-throughput' => 'tos=0x08/0x08' ,
+ 'tos-maximize-reliability' => 'tos=0x04/0x04' ,
+ 'tos-minimize-cost' => 'tos=0x02/0x02' ,
+ 'tos-normal-service' => 'tos=0x00/0x1e' );
our %classids;
our @deferred_rules;
@@ -589,13 +594,6 @@ sub dev_by_number( $ ) {
sub validate_tc_class( ) {
my ( $devclass, $mark, $rate, $ceil, $prio, $options ) = split_line 4, 6, 'tcclasses file';
-
- my %tosoptions = ( 'tos-minimize-delay' => 'tos=0x10/0x10' ,
- 'tos-maximize-throughput' => 'tos=0x08/0x08' ,
- 'tos-maximize-reliability' => 'tos=0x04/0x04' ,
- 'tos-minimize-cost' => 'tos=0x02/0x02' ,
- 'tos-normal-service' => 'tos=0x00/0x1e' );
-
my $classnumber = 0;
my $devref;
my $device = $devclass;
@@ -784,7 +782,7 @@ my %validlengths = ( 32 => '0xffe0', 64 => '0xffc0', 128 => '0xff80', 256 => '0x
# Process a record from the tcfilters file
#
sub process_tc_filter( ) {
- my ( $devclass, $source, $dest , $proto, $portlist , $sportlist, $length ) = split_line 2, 7, 'tcfilters file';
+ my ( $devclass, $source, $dest , $proto, $portlist , $sportlist, $tos, $length ) = split_line 2, 8, 'tcfilters file';
my ($device, $class, $rest ) = split /:/, $devclass, 3;
@@ -819,6 +817,23 @@ sub process_tc_filter( ) {
$rule .= "\\\n match ip dst $net/$mask";
}
+ if ( $tos ne '-' ) {
+ my $tosval = $tosoptions{$tos};
+ my $mask;
+ $tos = $tosval if $tosval;
+
+ if ( $tos =~ /^0x[0-9a-f]{2}$/ ) {
+ $mask = '0xff';
+ } elsif ( $tos =~ /^(0x[0-9a-f]{2})\/(0x[0-9a-f]{2})$/ ) {
+ $tos = $1;
+ $mask = $2;
+ } else {
+ fatal_error "Invalid TOS ($tos)";
+ }
+
+ $rule .= "\\\n match ip tos $tos $mask";
+ }
+
if ( $length ne '-' ) {
my $len = numeric_value( $length ) || 0;
my $mask = $validlengths{$len};
diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index ab823c757..03efb1dfe 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -7,7 +7,7 @@ Changes in Shorewall 4.3.12
3) Delete support for ipset binding. Jozsef has removed the capability
from ipset.
-4) Add LENGTH column to tcfilters file.
+4) Add TOS and LENGTH columns to tcfilters file.
Changes in Shorewall 4.3.11
diff --git a/Shorewall/configfiles/tcfilters b/Shorewall/configfiles/tcfilters
index 450876109..ee21b3054 100644
--- a/Shorewall/configfiles/tcfilters
+++ b/Shorewall/configfiles/tcfilters
@@ -5,7 +5,7 @@
#
# See http://shorewall.net/traffic_shaping.htm for additional information.
#
-###############################################################################
-#INTERFACE: SOURCE DEST PROTO DEST SOURCE LENGTH
+##############################################################################################
+#INTERFACE: SOURCE DEST PROTO DEST SOURCE TOS LENGTH
#CLASS PORT(S) PORT(S)
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index bdb97821b..5ff26d41c 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -156,10 +156,24 @@ None.
2) Support for ipset bindings has been removed. Jozsef Kadlecsik has
already removed such support from ipset itself.
-3) A LENGTH field has been added to the tcfilters file. The value must
- be a numeric power of two between 32 and 8192 inclusive. Packets
- with a total length that is strictly less that the specified value
- will match the rule.
+3) Optional TOS and LENGTH fields have been added to the tcfilters
+ file.
+
+ The TOS field may contain any of the following:
+
+ tos-minimize-delay
+ tos-maximuze-throughput
+ tos-maximize-reliability
+ tos-minimize-cost
+ tos-normal-service
+ Hex-number
+ Hex-number/Hex-number
+
+ The hex numbers must have exactly two digits.
+
+ The LENGTH value must be a numeric power of two between 32 and 8192
+ inclusive. Packets with a total length that is strictly less that
+ the specified value will match the rule.
----------------------------------------------------------------------------
N E W F E A T U R E S IN 4 . 3
diff --git a/docs/traffic_shaping.xml b/docs/traffic_shaping.xml
index 5d36d09b3..6d8edd06b 100644
--- a/docs/traffic_shaping.xml
+++ b/docs/traffic_shaping.xml
@@ -1663,6 +1663,48 @@ eth0 192.168.1.0/24 206.124.146.179
+
+ TOS
+
+
+ Specifies the value of the TOS field. The value can be any
+ of the following:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ hex-number
+
+
+
+ hex-number/hex-number
+
+
+
+ The hex-numbers must be exactly
+ two digits (e.g., 0x04).
+
+
+
LENGTH
diff --git a/manpages/shorewall-tcfilters.xml b/manpages/shorewall-tcfilters.xml
index 2986d261c..ad3242e5a 100644
--- a/manpages/shorewall-tcfilters.xml
+++ b/manpages/shorewall-tcfilters.xml
@@ -108,6 +108,50 @@
+
+ TOS (Optional) - [-|tos]
+
+
+ Specifies the value of the TOS field. The
+ tos value can be any of the
+ following:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ hex-number
+
+
+
+ hex-number/hex-number
+
+
+
+ The hex-numbers must be exactly two
+ digits (e.g., 0x04)x.
+
+
+
LENGTH (Optional) - [-|number]