Don't create ingress qdisc for device with IN-BANDWIDTH == 0

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4831 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/changelog.txt

@@ -19,6 +19,8 @@ Changes in 3.3.5
 
 9)  Implement -c option to [re]load command.
 
+10) Don't create ingress qdisc if IN-BANDWIDTH = 0.
+
 Changes in 3.3.4
 
 1)  Make exclusion work with "show zones"

Shorewall/compiler

@@ -2527,6 +2527,8 @@ process_rules()
 
     do_it() # $1 = "Yes" if the target is a macro.
     {
+	local intrazone=
+
 	expandv xprotocol xports xcports xaddress xratelimit xuserspec
 
 	if [ -z "$SECTIONS" ]; then

Shorewall/lib.tc

@@ -193,8 +193,11 @@ setup_traffic_shaping()
 	save_command "${dev}_mtu=\$(get_device_mtu $device)"
 	run_tc "class add dev $device parent $devnum: classid $devnum:1 htb rate $outband mtu \$${dev}_mtu"
 
-	run_tc qdisc add dev $device handle ffff: ingress
-	run_tc filter add dev $device parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${inband} burst 10k drop flowid :1
+	if [ ${inband} -gt 0 ]; then
+	    run_tc qdisc add dev $device handle ffff: ingress
+	    run_tc filter add dev $device parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${inband} burst 10k drop flowid :1
+	fi
+
 	eval ${dev}_devnum=$devnum
 	devnum=$(($devnum + 1))
 

Shorewall/releasenotes.txt

@@ -71,6 +71,10 @@ Other Changes in 3.3.5.
     If the file "capabilities" does not currently exist in the 
     export directory then "-c" is automatically assumed.
 
+4)  If 0 (zero) is specified for the IN-BANDWIDTH in
+    /etc/shorewall/tcdevices then no ingress qdisc will be created for
+    the device.
+
 Migration Considerations:
 
 1)  Shorewall supports the notion of "default actions". A default