Redefine tc filter priorities

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-09-10 10:03:16 -07:00
parent b4098ff5dd
commit f6e3107c00
3 changed files with 68 additions and 12 deletions

View File

@ -833,8 +833,9 @@ sub process_simple_device() {
} }
for ( my $i = 1; $i <= 3; $i++ ) { for ( my $i = 1; $i <= 3; $i++ ) {
my $prio = 16 + $i;
emit "run_tc qdisc add dev $physical parent $number:$i handle ${number}${i}: sfq quantum 1875 limit 127 perturb 10"; emit "run_tc qdisc add dev $physical parent $number:$i handle ${number}${i}: sfq quantum 1875 limit 127 perturb 10";
emit "run_tc filter add dev $physical protocol all prio 2 parent $number: handle $i fw classid $number:$i"; emit "run_tc filter add dev $physical protocol all prio $prio parent $number: handle $i fw classid $number:$i";
emit "run_tc filter add dev $physical protocol all prio 1 parent ${number}$i: handle ${number}${i} flow hash keys $type divisor 1024" if $type ne '-' && have_capability 'FLOW_FILTER'; emit "run_tc filter add dev $physical protocol all prio 1 parent ${number}$i: handle ${number}${i} flow hash keys $type divisor 1024" if $type ne '-' && have_capability 'FLOW_FILTER';
emit ''; emit '';
} }
@ -1367,7 +1368,7 @@ sub process_tc_filter() {
if ( $priority ne '-' ) { if ( $priority ne '-' ) {
$prio = numeric_value $priority; $prio = numeric_value $priority;
fatal_error "Invalid priority ($priority)" unless defined $prio && $prio >= 12; fatal_error "Invalid priority ($priority)" unless defined $prio && $prio > 0;
} }
my $devref; my $devref;
@ -1963,14 +1964,14 @@ sub process_traffic_shaping() {
# add filters # add filters
# #
unless ( $mark eq '-' ) { unless ( $mark eq '-' ) {
emit "run_tc filter add dev $device protocol all parent $devicenumber:0 prio " . ( $priority | 20 ) . " handle $mark fw classid $classid" if $tcref->{occurs} == 1; emit "run_tc filter add dev $device protocol all parent $devicenumber:0 prio " . ( $priority | 0x20 ) . " handle $mark fw classid $classid" if $tcref->{occurs} == 1;
} }
emit "run_tc filter add dev $device protocol all prio 1 parent $sfqinhex: handle $classnum flow hash keys $tcref->{flow} divisor 1024" if $tcref->{flow}; emit "run_tc filter add dev $device protocol all prio 1 parent $sfqinhex: handle $classnum flow hash keys $tcref->{flow} divisor 1024" if $tcref->{flow};
# #
# options # options
# #
emit( "run_tc filter add dev $device parent $devicenumber:0 protocol ip prio " . ( $priority | 10 ) . ' u32' . emit( "run_tc filter add dev $device parent $devicenumber:0 protocol ip prio " . ( $priority | 0x10 ) . ' u32' .
"\\\n match ip protocol 6 0xff" . "\\\n match ip protocol 6 0xff" .
"\\\n match u8 0x05 0x0f at 0" . "\\\n match u8 0x05 0x0f at 0" .
"\\\n match u16 0x0000 0xffc0 at 2" . "\\\n match u16 0x0000 0xffc0 at 2" .
@ -1978,7 +1979,7 @@ sub process_traffic_shaping() {
for my $tospair ( @{$tcref->{tos}} ) { for my $tospair ( @{$tcref->{tos}} ) {
my ( $tos, $mask ) = split q(/), $tospair; my ( $tos, $mask ) = split q(/), $tospair;
emit "run_tc filter add dev $device parent $devicenumber:0 protocol ip prio " . ( $priority | 10 ) . " u32 match ip tos $tos $mask flowid $classid"; emit "run_tc filter add dev $device parent $devicenumber:0 protocol ip prio " . ( $priority | 0x10 ) . " u32 match ip tos $tos $mask flowid $classid";
} }
save_progress_message_short qq(" TC Class $classid defined."); save_progress_message_short qq(" TC Class $classid defined.");

View File

@ -192,12 +192,40 @@
<varlistentry> <varlistentry>
<term><emphasis role="bold">PRIORITY</emphasis> - [<emphasis <term><emphasis role="bold">PRIORITY</emphasis> - [<emphasis
role="bold">-</emphasis>|<emphasis>number</emphasis>]</term> role="bold">-</emphasis>|<emphasis>priority</emphasis>]</term>
<listitem> <listitem>
<para>Added in Shorewall 4.5.8. Specifies the rule priority. If not <para>Added in Shorewall 4.5.8. Specifies the rule
given, priority 10 is assumed. The priority value must be &gt;= <replaceable>priority</replaceable>. If not given,
12.</para> <replaceable>priority</replaceable> 10 is assumed. The
<replaceable>priority</replaceable> value must be &gt; 0.</para>
<para>The priority values used by other Shorewall-generated filters
are as follows:</para>
<itemizedlist>
<listitem>
<para>Classify by packet mark - <replaceable>class
priority</replaceable> LOR 32.</para>
</listitem>
<listitem>
<para>Ingress policing - 10</para>
</listitem>
<listitem>
<para>Simple TC ACK packets - 1</para>
</listitem>
<listitem>
<para>Complex TC ACK packets - <replaceable>class
priority</replaceable> LOR 16.</para>
</listitem>
<listitem>
<para>Class with 'occurs' - 65535</para>
</listitem>
</itemizedlist>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>

View File

@ -192,8 +192,35 @@
<listitem> <listitem>
<para>Added in Shorewall 4.5.8. Specifies the rule priority. If not <para>Added in Shorewall 4.5.8. Specifies the rule priority. If not
given, priority 11 is assumed. The priority value must be &gt;= given, priority 11 is assumed. The priority value must be &gt;
12.</para> 0.</para>
<para>The priority values used by other Shorewall-generated filters
are as follows:</para>
<itemizedlist>
<listitem>
<para>Classify by packet mark - <replaceable>class
priority</replaceable> LOR 32.</para>
</listitem>
<listitem>
<para>Ingress policing - 10</para>
</listitem>
<listitem>
<para>Simple TC ACK packets - 1</para>
</listitem>
<listitem>
<para>Complex TC ACK packets - <replaceable>class
priority</replaceable> LOR 16.</para>
</listitem>
<listitem>
<para>Class with 'occurs' - 65535</para>
</listitem>
</itemizedlist>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>
@ -246,6 +273,6 @@
<para><ulink <para><ulink
url="http://shorewall.net/PacketMarking.html">http://shorewall.net/PacketMarking.html</ulink></para> url="http://shorewall.net/PacketMarking.html">http://shorewall.net/PacketMarking.html</ulink></para>
<para/> <para></para>
</refsect1> </refsect1>
</refentry> </refentry>