2006-08-27 20:42:30 +02:00
#!/bin/sh
#
2008-05-04 02:18:47 +02:00
# Shorewall 4.2 -- /usr/share/shorewall/lib.tc
2006-08-27 20:42:30 +02:00
#
2007-09-08 18:09:51 +02:00
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
2006-08-27 20:42:30 +02:00
#
2007-01-12 23:06:29 +01:00
# (c) 1999,2000,2001,2002,2003,2004,2005,2006,2007 - Tom Eastep (teastep@shorewall.net)
2006-08-27 20:42:30 +02:00
#
# tcstart from tc4shorewall Version 0.5
# (c) 2005 Arne Bernin <arne@ucbering.de>
# Modified by Tom Eastep for integration into the Shorewall distribution
# published under GPL Version 2#
#
# Complete documentation is available at http://shorewall.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
2007-09-08 18:09:51 +02:00
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
2006-09-09 17:03:44 +02:00
#
2006-10-31 20:01:23 +01:00
# This library is loaded by /usr/share/shorewall/compiler when TC_ENABLED=Internal
2006-09-09 17:03:44 +02:00
# and the tcdevices and/or the tcclasses file is non-empty. It is also loaded under
# the same circumstances by the compiled firewall script when processing the
# 'refresh' command.
#
2006-08-27 20:42:30 +02:00
#
# Arne Bernin's 'tc4shorewall'
#
setup_traffic_shaping()
{
2008-03-14 03:07:28 +01:00
local mtu
local r2q
local tc_all_devices
local device
local mark
local rate
local ceil
local prio
local options
local devfile
devfile=$(find_file tcdevices)
local classfile
classfile=$(find_file tcclasses)
local devnum
devnum=1
local last_device
last_device=
r2q=10
indent=
prefix=1
2006-08-27 20:42:30 +02:00
rate_to_kbit() {
2008-03-14 03:07:28 +01:00
local rateunit
local rate
2006-08-27 20:42:30 +02:00
rate=$1
rateunit=$( echo $rate | sed -e 's/[0-9]*//')
2008-02-10 22:50:05 +01:00
rate=$( echo $rate | sed -e 's/[a-zA-Z]*//g')
2006-08-27 20:42:30 +02:00
case $rateunit in
2006-10-25 21:32:59 +02:00
kbit|Kbit)
2006-08-27 20:42:30 +02:00
rate=$rate
;;
2006-10-25 21:32:59 +02:00
mbit|Mbit)
2006-08-27 20:42:30 +02:00
rate=$(expr $rate \* 1024)
;;
2006-10-25 21:32:59 +02:00
mbps|Mbps)
2006-08-27 20:42:30 +02:00
rate=$(expr $rate \* 8192)
;;
2006-10-25 21:32:59 +02:00
kbps|Kbps)
2006-08-27 20:42:30 +02:00
rate=$(expr $rate \* 8)
;;
*)
2006-10-25 21:32:59 +02:00
[ -n "$rateunit" ] && fatal_error "Invalid Rate ($1)"
2006-08-27 20:42:30 +02:00
rate=$(expr $rate / 128)
;;
esac
echo $rate
}
calculate_quantum() {
2008-03-14 03:07:28 +01:00
local rate
rate=$(rate_to_kbit $1)
2006-08-27 20:42:30 +02:00
echo $(( $rate * ( 128 / $r2q ) ))
}
# get given outbandwidth for device
get_outband_for_dev() {
2008-03-14 03:07:28 +01:00
local device
local inband
local outband
2006-08-27 20:42:30 +02:00
while read device inband outband; do
tcdev="$device $inband $outband"
if [ "$1" = "$device" ] ; then
echo $outband
return
fi
done < $TMP_DIR/tcdevices
}
check_tcclasses_options() {
while [ $# -gt 1 ]; do
shift
case $1 in
default|tcp-ack|tos-minimize-delay|tos-maximize-throughput|tos-maximize-reliability|tos-minimize-cost|tos-normal-service)
;;
tos=0x[0-9a-f][0-9a-f]|tos=0x[0-9a-f][0-9a-f]/0x[0-9a-f][0-9a-f])
;;
*)
echo $1
return 1
;;
esac
done
return 0
}
get_defmark_for_dev() {
2008-03-14 03:07:28 +01:00
local searchdev
local searchmark
local device
local ceil
local prio
local options
2006-08-27 20:42:30 +02:00
searchdev=$1
while read device mark rate ceil prio options; do
options=$(separate_list $options | tr '[A-Z]' '[a-z]')
tcdev="$device $mark $rate $ceil $prio $options"
if [ "$searchdev" = "$device" ] ; then
list_search "default" $options && echo $mark &&return 0
fi
done < $TMP_DIR/tcclasses
return 1
}
check_defmark_for_dev() {
get_defmark_for_dev $1 >/dev/null
}
validate_tcdevices_file() {
progress_message2 "Validating $devfile..."
2008-03-14 03:07:28 +01:00
local device
local inband
local outband
2006-08-27 20:42:30 +02:00
while read device inband outband; do
tcdev="$device $inband $outband"
check_defmark_for_dev $device || fatal_error "Option default is not defined for any class in tcclasses for interface $device"
case $interface in
*:*|+)
fatal_error "Invalid Interface Name: $interface"
;;
esac
list_search $device $devices && fatal_error "Interface $device is defined more than once in tcdevices"
2006-10-25 21:32:59 +02:00
inband=$(rate_to_kbit $inband)
outband=$(rate_to_kbit $outband)
2006-08-27 20:42:30 +02:00
tc_all_devices="$tc_all_devices $device"
done < $TMP_DIR/tcdevices
}
validate_tcclasses_file() {
progress_message2 "Validating $classfile..."
2008-03-14 03:07:28 +01:00
local classlist
local device
local mark
local rate
local ceil
local prio
local bandw
local wrongopt
local allopts
local opt
2006-08-27 20:42:30 +02:00
allopts=""
while read device mark rate ceil prio options; do
tcdev="$device $mark $rate $ceil $prio $options"
ratew=$(get_outband_for_dev $device)
options=$(separate_list $options | tr '[A-Z]' '[a-z]')
for opt in $options; do
case $opt in
tos=0x??)
opt="$opt/0xff"
;;
esac
list_search "$device-$opt" $allopts && fatal_error "option $opt already defined in a chain for interface $device in tcclasses"
allopts="$allopts $device-$opt"
done
wrongopt=$(check_tcclasses_options $options) || fatal_error "unknown option $wrongopt for class iface $device mark $mark in tcclasses file"
if [ -z "$ratew" ] ; then
fatal_error "device $device seems not to be configured in tcdevices"
fi
list_search "$device-$mark" $classlist && fatal_error "Mark $mark for interface $device defined more than once in tcclasses"
#
# Convert HEX/OCTAL mark representation to decimal
#
mark=$(($mark))
verify_mark $mark
[ $mark -lt 256 ] || fatal_error "Invalid Mark Value"
classlist="$classlist $device-$mark"
done < $TMP_DIR/tcclasses
}
add_root_tc() {
2008-03-14 03:07:28 +01:00
local defmark
local dev
2006-08-27 20:42:30 +02:00
dev=$(chain_base $device)
2007-08-09 17:16:08 +02:00
save_command "if interface_is_up $device; then"
2006-08-27 20:42:30 +02:00
indent="$INDENT"
INDENT="$INDENT "
save_command ${dev}_exists=Yes
save_command qt tc qdisc del dev $device root
save_command qt tc qdisc del dev $device ingress
defmark=$(get_defmark_for_dev $device)
2007-01-27 20:02:35 +01:00
run_tc qdisc add dev $device root handle $devnum: htb default ${prefix}${defmark}
2006-08-27 20:42:30 +02:00
save_command "${dev}_mtu=\$(get_device_mtu $device)"
run_tc "class add dev $device parent $devnum: classid $devnum:1 htb rate $outband mtu \$${dev}_mtu"
2006-11-10 20:01:43 +01:00
if [ $(rate_to_kbit ${inband}) -gt 0 ]; then
2006-11-10 19:53:12 +01:00
run_tc qdisc add dev $device handle ffff: ingress
2008-01-04 19:50:33 +01:00
run_tc filter add dev $device parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${inband} burst 10k drop flowid :1
2006-11-10 19:53:12 +01:00
fi
2006-08-27 20:42:30 +02:00
eval ${dev}_devnum=$devnum
devnum=$(($devnum + 1))
save_progress_message_short " TC Device $tcdev defined."
INDENT="$indent"
save_command else
INDENT="$INDENT "
2007-08-09 17:16:08 +02:00
save_command error_message "\"WARNING: Device $device is not in the UP state -- traffic-shaping configuration skipped\""
2006-08-27 20:42:30 +02:00
save_command "${dev}_exists="
INDENT="$indent"
save_command "fi"
save_command
return 0
}
add_tc_class() {
2008-03-14 03:07:28 +01:00
local full
local classid
local tospair
local tosmask
local quantum
2006-08-27 20:42:30 +02:00
full=$(get_outband_for_dev $device)
full=$(rate_to_kbit $full)
if [ -z "$prio" ] ; then
prio=1
fi
case $rate in
*full*)
rate=$(echo $rate | sed -e "s/full/$full/")
rate="$(($rate))kbit"
;;
esac
case $ceil in
*full*)
ceil=$(echo $ceil | sed -e "s/full/$full/")
ceil="$(($ceil))kbit"
;;
esac
eval devnum=\$${dev}_devnum
#
# Convert HEX/OCTAL mark representation to decimal
#
mark=$(($mark))
2007-01-27 20:02:35 +01:00
classid=$devnum:${prefix}${mark}
2006-08-27 20:42:30 +02:00
[ -n "$devnum" ] || fatal_error "Device $device not defined in $devfile"
quantum=$(calculate_quantum $rate)
save_command "[ \$${dev}_mtu -gt $quantum ] && quantum=\$${dev}_mtu || quantum=$quantum"
run_tc "class add dev $device parent $devnum:1 classid $classid htb rate $rate ceil $ceil prio $prio mtu \$${dev}_mtu quantum \$quantum"
2007-01-27 20:02:35 +01:00
run_tc qdisc add dev $device parent $classid handle ${prefix}${mark}: sfq perturb 10
2006-11-28 17:56:28 +01:00
#
2006-08-27 20:42:30 +02:00
# add filters
2006-11-28 17:56:28 +01:00
#
if [ -n "$CLASSIFY_TARGET" ] && known_interface $device; then
run_iptables -t mangle -A tcpost -o $device -m mark --mark $mark/0xFF -j CLASSIFY --set-class $classid
2006-08-27 20:42:30 +02:00
else
run_tc filter add dev $device protocol ip parent $devnum:0 prio 1 handle $mark fw classid $classid
fi
2006-11-28 17:56:28 +01:00
#
2006-08-27 20:42:30 +02:00
#options
2006-11-28 17:56:28 +01:00
#
2006-08-27 20:42:30 +02:00
list_search "tcp-ack" $options && run_tc filter add dev $device parent $devnum:0 protocol ip prio 10 u32 match ip protocol 6 0xff match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 2 match u8 0x10 0xff at 33 flowid $classid
list_search "tos-minimize-delay" $options && options="$options tos=0x10/0x10"
list_search "tos-maximize-throughput" $options && options="$options tos=0x08/0x08"
list_search "tos-maximize-reliability" $options && options="$options tos=0x04/0x04"
list_search "tos-minimize-cost" $options && options="$options tos=0x02/0x02"
list_search "tos-normal-service" $options && options="$options tos=0x00/0x1e"
for tospair in $(list_walk "tos=" $options) ; do
case $tospair in
*/*)
tosmask=${tospair##*/}
;;
*)
tosmask=0xff
;;
esac
run_tc filter add dev $device parent $devnum:0 protocol ip prio 10 u32 match ip tos ${tospair%%/*} $tosmask flowid $classid
done
save_progress_message_short " TC Class $tcdev defined."
return 0
}
2006-10-31 20:01:23 +01:00
finish_device() {
INDENT="$indent"
save_command fi
save_command
}
2006-08-27 20:42:30 +02:00
validate_tcdevices_file
validate_tcclasses_file
2006-11-01 19:57:35 +01:00
cat >&3 << __EOF__
#
# Set up Traffic Shaping
#
setup_traffic_shaping()
{
__EOF__
INDENT=" "
2006-08-27 20:42:30 +02:00
if [ -s $TMP_DIR/tcdevices ]; then
2007-01-27 20:02:35 +01:00
[ $(list_count1 $all_tc_devices) -gt 10 ] && prefix=10
2006-08-27 20:42:30 +02:00
save_progress_message "Setting up Traffic Control..."
progress_message2 "$DOING $devfile..."
while read device inband outband; do
tcdev="$device $inband $outband"
add_root_tc && progress_message " TC Device $tcdev defined."
done < $TMP_DIR/tcdevices
fi
if [ -s $TMP_DIR/tcclasses ]; then
progress_message2 "$DOING $classfile..."
2006-10-31 17:25:24 +01:00
last_device=
2006-08-27 20:42:30 +02:00
while read device mark rate ceil prio options; do
tcdev="$device $mark $rate $ceil $prio $options"
options=$(separate_list $options | tr '[A-Z]' '[a-z]')
2006-10-31 17:25:24 +01:00
dev=$(chain_base $device)
if [ "$device" != "$last_device" ]; then
2006-10-31 20:01:23 +01:00
[ -n "$last_device" ] && finish_device
2006-10-31 17:25:24 +01:00
save_command "if [ -n \"\$${dev}_exists\" ] ; then"
indent="$INDENT"
INDENT="$INDENT "
last_device=$device
else
save_command
fi
2006-08-27 20:42:30 +02:00
add_tc_class && progress_message " TC Class $tcdev defined."
done < $TMP_DIR/tcclasses
2006-10-31 17:25:24 +01:00
2006-10-31 20:01:23 +01:00
[ -n "$last_device" ] && finish_device
2006-11-01 19:57:35 +01:00
2006-08-27 20:42:30 +02:00
fi
2006-11-01 19:57:35 +01:00
INDENT=
save_command "}"
save_command
2006-08-27 20:42:30 +02:00
}