From 1fd17db3ca0715ad01bbc8df16d987605aa27a87 Mon Sep 17 00:00:00 2001 From: teastep Date: Fri, 14 Mar 2008 19:26:09 +0000 Subject: [PATCH] Finish phase 1 support for IFBs git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8294 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-common/changelog.txt | 2 ++ Shorewall-perl/Shorewall/Tc.pm | 10 +++++++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/Shorewall-common/changelog.txt b/Shorewall-common/changelog.txt index 8023aa21d..162633d00 100644 --- a/Shorewall-common/changelog.txt +++ b/Shorewall-common/changelog.txt @@ -6,6 +6,8 @@ Changes in 4.1.6 3) Add L2TP tunnel support. +4) Add support for IFB devices -- phase I. + Changes in 4.1.5 1) More ruleset optimization. diff --git a/Shorewall-perl/Shorewall/Tc.pm b/Shorewall-perl/Shorewall/Tc.pm index 546fdc04d..6232789c3 100644 --- a/Shorewall-perl/Shorewall/Tc.pm +++ b/Shorewall-perl/Shorewall/Tc.pm @@ -336,18 +336,23 @@ sub validate_tc_device( $$$$$ ) { } } + $inband = rate_to_kbit( $inband ); + my @redirected = (); @redirected = split_list( $redirected , 'device' ) if defined $redirected && $redirected ne '-'; + fatal_error "IN-BANDWIDTH must be zero for IFB devides" if @redirected && $inband; + for my $rdevice ( @redirected ) { fatal_error "Invalid device name ($rdevice)" if $rdevice =~ /[:+]/; my $rdevref = $tcdevices{$rdevice}; fatal_error "REDIRECTED device ($rdevice) has not been defined in this file" unless $rdevref; fatal_error "IN-BANDWIDTH must be zero for REDIRECTED devices" if $rdevref->{in_bandwidth} ne '0kbit'; + fatal_error "IFB may not be redirected" if @{$rdevref->{redirected}}; } - $tcdevices{$device} = { in_bandwidth => rate_to_kbit( $inband ) . 'kbit' , + $tcdevices{$device} = { in_bandwidth => $inband . 'kbit' , out_bandwidth => rate_to_kbit( $outband ) . 'kbit' , classify => $classify , redirected => \@redirected }; @@ -486,11 +491,10 @@ sub setup_traffic_shaping() { emit ( "run_tc qdisc add dev $device handle ffff: ingress", "run_tc filter add dev $device parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${inband}kbit burst 10k drop flowid :1" ); - } elsif ( @{$devref->{redirected}} ) { - emit ( "run_tc qdisc add dev $device handle ffff: ingress" ); } for my $rdev ( @{$devref->{redirected}} ) { + emit ( "run_tc qdisc add dev $rdev handle ffff: ingress" ); emit( "run_tc filter add dev $rdev parent ffff: protocol ip u32 match u32 0 0 action mirred egress redirect dev $device" ); }