holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Redefine 'full' when used in a sub-class definition

Browse Source
This commit is contained in:
Tom Eastep 2009-08-24 11:56:16 -07:00
parent 4eb9e5db3d
commit 088e164f18
6 changed files with 75 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -1075,6 +1075,7 @@ sub ensure_manual_chain($) {
#
# Add all builtin chains to the chain table -- it is separate from initialize() for purely historical reasons.
# The function also initializes the target table with the pre-defined targets available for the specfied address family.
#
#
sub initialize_chain_table()
@ -1212,7 +1213,6 @@ sub finish_chain_section ($$) {
}
$chainref->{new} = @{$chainref->{rules}};
}
$comment = $savecomment;

58
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -163,6 +163,8 @@ our @deferred_rules;
# nextclass => <number>
# occurs => Has one or more occurring classes
# qdisc => htb|hfsc
# guarantee => <total RATE of classes seen so far>
# name => <interface>
# }
#
our @tcdevices;
@ -526,6 +528,8 @@ sub validate_tc_device( ) {
default => 0,
nextclass => 2,
qdisc => $qdisc,
guarantee => 0,
name => $device,
} ,
push @tcdevices, $device;
@ -535,8 +539,8 @@ sub validate_tc_device( ) {
progress_message " Tcdevice \"$currentline\" $done.";
}
sub convert_rate( $$$ ) {
my ($full, $rate, $column) = @_;
sub convert_rate( $$$$ ) {
my ($full, $rate, $column, $max) = @_;
if ( $rate =~ /\bfull\b/ ) {
$rate =~ s/\bfull\b/$full/g;
@ -550,7 +554,7 @@ sub convert_rate( $$$ ) {
}
fatal_error "$column may not be zero" unless $rate;
fatal_error "$column ($_[1]) exceeds OUT-BANDWIDTH" if $rate > $full;
fatal_error "$column ($_[1]) exceeds $max (${full}kbit)" if $rate > $full;
$rate;
}
@ -596,6 +600,7 @@ sub validate_tc_class( ) {
my $device = $devclass;
my $occurs = 1;
my $parentclass = 1;
my $parentref;
if ( $devclass =~ /:/ ) {
( $device, my ($number, $subnumber, $rest ) ) = split /:/, $device, 4;
@ -627,7 +632,11 @@ sub validate_tc_class( ) {
fatal_error "Missing class NUMBER" if $devref->{classify};
}
my $full = rate_to_kbit $devref->{out_bandwidth};
my $full = rate_to_kbit $devref->{out_bandwidth};
my $ratemax = $full;
my $ceilmax = $full;
my $ratename = 'OUT-BANDWIDTH';
my $ceilname = 'OUT-BANDWIDTH';
my $tcref = $tcclasses{$device};
@ -657,10 +666,14 @@ sub validate_tc_class( ) {
#
# Nested Class
#
my $parentref = $tcref->{$parentclass};
$parentref = $tcref->{$parentclass};
fatal_error "Unknown Parent class ($parentclass)" unless $parentref && $parentref->{occurs} == 1;
fatal_error "The parent class ($parentclass) specifies UMAX and/or DMAX; it cannot serve as a parent" if $parentref->{dmax};
$parentref->{leaf} = 0;
$ratemax = $parentref->{rate};
$ratename = q(the parent class's RATE);
$ceilmax = $parentref->{ceiling};
$ceilname = q(the parent class's CEIL);
}
my ( $umax, $dmax ) = ( '', '' );
@ -670,28 +683,35 @@ sub validate_tc_class( ) {
fatal_error "Invalid RATE ($rate)" if defined $rest;
$rate = convert_rate ( $full, $trate, 'RATE' );
$rate = convert_rate ( $ratemax, $trate, 'RATE', $ratename );
$dmax = convert_delay( $dmax );
$umax = convert_size( $umax );
fatal_error "DMAX must be specified when UMAX is specified" if $umax && ! $dmax;
} else {
$rate = convert_rate ( $full, $rate, 'RATE' );
$rate = convert_rate ( $ratemax, $rate, 'RATE' , $ratename );
}
if ( $parentref ) {
warning_message "Total RATE of sub classes ($parentref->{guarantee}kbits) exceeds RATE of parent class ($parentref->{rate}kbits)" if ( $parentref->{guarantee} += $rate ) > $parentref->{rate};
} else {
warning_message "Total RATE of classes ($devref->{guarantee}kbits) exceeds OUT-BANDWIDTH (${full}kbits)" if ( $devref->{guarantee} += $rate ) > $full;
}
fatal_error "Invalid PRIO ($prio)" unless defined numeric_value $prio;
$tcref->{$classnumber} = { tos => [] ,
rate => $rate ,
umax => $umax ,
dmax => $dmax ,
ceiling => convert_rate( $full, $ceil, 'CEIL' ) ,
priority => $prio eq '-' ? 1 : $prio ,
mark => $markval ,
flow => '' ,
pfifo => 0,
occurs => 1,
parent => $parentclass,
leaf => 1,
$tcref->{$classnumber} = { tos => [] ,
rate => $rate ,
umax => $umax ,
dmax => $dmax ,
ceiling => convert_rate( $ceilmax, $ceil, 'CEIL' , $ceilname ) ,
priority => $prio eq '-' ? 1 : $prio ,
mark => $markval ,
flow => '' ,
pfifo => 0,
occurs => 1,
parent => $parentclass,
leaf => 1,
guarantee => 0,
};
$tcref = $tcref->{$classnumber};

2
Shorewall/changelog.txt
View File

@ -12,6 +12,8 @@ Changes in Shorewall 4.4.1
6) Add 'clean' target to Makefile.
7) Redefine 'full' for sub-classes.
Changes in Shorewall 4.4.0
1) Fix 'compile ... -' so that it no longer requires '-v-1'

19
Shorewall/releasenotes.txt
View File

@ -208,7 +208,24 @@ None.
accepts all SNAT flags without verifying them and returns them to
iptables when asked.
2) A 'clean' target has been added to the Makefiles.
2) A 'clean' target has been added to the Makefiles.
3) The meaning of 'full' has been redefined when used in the context
of a sub-class. Previously, 'full' always meant the OUT-BANDWIDTH
of the device. In the case of a sub-class, however, that definition
is awkward to use because the sub-class is limited by the parent
class.
Beginning with this release, 'full' in a sub-class definition
refers to the specified rate defined for the parent class. So
'full' used in the RATE column refers to the parent class's RATE;
when used in the CEIL column, 'full' refers to the parent class's
CEIL.
As part of this change, the compiler now issues a warning if the
sum of the top-level classes' RATEs exceeds the OUT-BANDWIDTH of
the device. Similarly, a warning is issued if the sum of the RATEs
of a class's sub-classes exceeds the rate of the CLASS.
----------------------------------------------------------------------------
N E W F E A T U R E S I N 4 . 4

11
manpages/shorewall-tcclasses.xml
View File

@ -104,6 +104,10 @@
</varlistentry>
</variablelist>
<para>Note that in a sub-class (a class that has a specified parent
class), full refers to the RATE or CEIL of the parent class rather
than to the OUT-BANDWIDTH of the device.</para>
<para>DO NOT add a unit to the rate if it is calculated !</para>
</listitem>
</itemizedlist>
@ -113,7 +117,7 @@
<variablelist>
<varlistentry>
<term><emphasis role="bold">INTERFACE</emphasis> -
<emphasis>interface</emphasis>[:<emphasis>parent</emphasis>][:<emphasis>class</emphasis>]</term>
<emphasis>interface</emphasis>[[:<emphasis>parent</emphasis>]:<emphasis>class</emphasis>]</term>
<listitem>
<para>Name of <emphasis>interface</emphasis>. Each interface may be
@ -206,8 +210,9 @@
when more needed services (e.g. ssh) are not used.</para>
<para>You can use the value <emphasis role="bold">full</emphasis> in
here for setting the maximum bandwidth to the defined output
bandwidth of that interface.</para>
here for setting the maximum bandwidth to the RATE of the parent
class, or the OUT-BANDWIDTH of the device if there is no parent
class.</para>
</listitem>
</varlistentry>

9
manpages6/shorewall6-tcclasses.xml
View File

@ -104,6 +104,10 @@
</varlistentry>
</variablelist>
<para>Note that in a sub-class (a class that has a specified parent
class), full refers to the RATE or CEIL of the parent class rather
than to the OUT-BANDWIDTH of the device.</para>
<para>DO NOT add a unit to the rate if it is calculated !</para>
</listitem>
</itemizedlist>
@ -202,8 +206,9 @@
when more needed services (e.g. ssh) are not used.</para>
<para>You can use the value <emphasis role="bold">full</emphasis> in
here for setting the maximum bandwidth to the defined output
bandwidth of that interface.</para>
here for setting the maximum bandwidth to the RATE of the parent
class, or the OUT-BANDWIDTH of the device if there is no parent
class.</para>
</listitem>
</varlistentry>