Update documentation for net TC features

Shorewall-init/install.sh

@@ -23,7 +23,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.13-RC1
+VERSION=4.4.13-Beta5
 
 usage() # $1 = exit status
 {

Shorewall-init/shorewall-init.spec

@@ -1,6 +1,6 @@
 %define name shorewall-init
 %define version 4.4.13
-%define release 0RC1
+%define release 0Beta5
 
 Summary: Shorewall-init adds functionality to Shoreline Firewall (Shorewall).
 Name: %{name}
@@ -99,8 +99,8 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 
 %changelog
-* Sat Sep 11 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0RC1
+* Mon Sep 13 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.13-0Beta5
 * Sat Sep 04 2010 Tom Eastep tom@shorewall.net
 - Updated to 4.4.13-0Beta4
 * Mon Aug 30 2010 Tom Eastep tom@shorewall.net

Shorewall-init/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.13-RC1
+VERSION=4.4.13-Beta5
 
 usage() # $1 = exit status
 {

Shorewall-lite/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.13-RC1
+VERSION=4.4.13-Beta5
 
 usage() # $1 = exit status
 {

Shorewall-lite/shorewall-lite.spec

@@ -1,6 +1,6 @@
 %define name shorewall-lite
 %define version 4.4.13
-%define release 0RC1
+%define release 0Beta5
 
 Summary: Shoreline Firewall Lite is an iptables-based firewall for Linux systems.
 Name: %{name}
@@ -102,8 +102,8 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 
 %changelog
-* Sat Sep 11 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0RC1
+* Mon Sep 13 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.13-0Beta5
 * Sat Sep 04 2010 Tom Eastep tom@shorewall.net
 - Updated to 4.4.13-0Beta4
 * Mon Aug 30 2010 Tom Eastep tom@shorewall.net

Shorewall-lite/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.13-RC1
+VERSION=4.4.13-Beta5
 
 usage() # $1 = exit status
 {

Shorewall/Perl/Shorewall/Config.pm

@@ -347,7 +347,7 @@ sub initialize( $ ) {
 		    EXPORT => 0,
 		    STATEMATCH => '-m state --state',
 		    UNTRACKED => 0,
-		    VERSION => "4.4.13-RC1",
+		    VERSION => "4.4.13-Beta5",
 		    CAPVERSION => 40413 ,
 		  );
 

Shorewall/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.13-RC1
+VERSION=4.4.13-Beta5
 
 usage() # $1 = exit status
 {

Shorewall/known_problems.txt

@@ -1 +1 @@
-There are no known problems in Shorewall 4.4.13-RC1
+There are no known problems in Shorewall 4.4.13-Beta5

Shorewall/releasenotes.txt

@@ -1,6 +1,6 @@
 ----------------------------------------------------------------------------
                       S H O R E W A L L  4 . 4 . 1 3
-                                  R C  1
+                              B E T A  5
 ----------------------------------------------------------------------------
 
 I.    PROBLEMS CORRECTED IN THIS RELEASE
@@ -199,6 +199,33 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
     interfaces. Packets arriving on these interfaces is passed against
     the blacklist entries with the 'to' option.
 
+    As part of this change, the OPTIONS may now be a comma-separated
+    list of 'to' and 'from'.
+
+5)  There is now an OUT-BANDWIDTH column in
+    /etc/shorewall/tcinterfaces.
+
+    The format of this column is:
+
+    	<rate>[:[<burst>][:[<latency>][:[<peak>][:[<minburst>]]]]]
+
+    These terms are described in tc-tbf(8). Shorewall supplies default
+    values as follows:
+
+    	   <burst>   = 10kb
+	   <latency> = 200ms
+
+    The remaining terms are defaulted by tc.
+
+6)  The IN-BANDWIDTH column in both /etc/shorewall/tcdevices and
+    /etc/shorewall/tcinterfaces now accept an optional burst parameter.
+
+        <rate>[:<burst>]
+
+    The default burst is 10kb. A larger burst can help make the <rate>
+    more accurate; often for fast lines, the enforced rate is well
+    below the specified <rate>.
+
 ----------------------------------------------------------------------------
              I V.  R E L E A S E  4 . 4  H I G H L I G H T S
 ----------------------------------------------------------------------------

Shorewall/shorewall.spec

@@ -1,6 +1,6 @@
 %define name shorewall
 %define version 4.4.13
-%define release 0RC1
+%define release 0Beta5
 
 Summary: Shoreline Firewall is an iptables-based firewall for Linux systems.
 Name: %{name}
@@ -108,8 +108,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt Contrib/* Samples
 
 %changelog
-* Sat Sep 11 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0RC1
+* Mon Sep 13 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.13-0Beta5
 * Sat Sep 04 2010 Tom Eastep tom@shorewall.net
 - Updated to 4.4.13-0Beta4
 * Mon Aug 30 2010 Tom Eastep tom@shorewall.net

Shorewall/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.13-RC1
+VERSION=4.4.13-Beta5
 
 usage() # $1 = exit status
 {

Shorewall6-lite/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.13-RC1
+VERSION=4.4.13-Beta5
 
 usage() # $1 = exit status
 {

Shorewall6-lite/shorewall6-lite.spec

@@ -1,6 +1,6 @@
 %define name shorewall6-lite
 %define version 4.4.13
-%define release 0RC1
+%define release 0Beta5
 
 Summary: Shoreline Firewall 6 Lite is an ip6tables-based firewall for Linux systems.
 Name: %{name}
@@ -93,8 +93,8 @@ fi
 %doc COPYING changelog.txt releasenotes.txt
 
 %changelog
-* Sat Sep 11 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0RC1
+* Mon Sep 13 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.13-0Beta5
 * Sat Sep 04 2010 Tom Eastep tom@shorewall.net
 - Updated to 4.4.13-0Beta4
 * Mon Aug 30 2010 Tom Eastep tom@shorewall.net

Shorewall6-lite/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.13-RC1
+VERSION=4.4.13-Beta5
 
 usage() # $1 = exit status
 {

Shorewall6/install.sh

@@ -22,7 +22,7 @@
 #       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 #
 
-VERSION=4.4.13-RC1
+VERSION=4.4.13-Beta5
 
 usage() # $1 = exit status
 {

Shorewall6/shorewall6.spec

@@ -1,6 +1,6 @@
 %define name shorewall6
 %define version 4.4.13
-%define release 0RC1
+%define release 0Beta5
 
 Summary: Shoreline Firewall 6 is an ip6tables-based firewall for Linux systems.
 Name: %{name}
@@ -98,8 +98,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn ipv6 Samples6
 
 %changelog
-* Sat Sep 11 2010 Tom Eastep tom@shorewall.net
-- Updated to 4.4.13-0RC1
+* Mon Sep 13 2010 Tom Eastep tom@shorewall.net
+- Updated to 4.4.13-0Beta5
 * Sat Sep 04 2010 Tom Eastep tom@shorewall.net
 - Updated to 4.4.13-0Beta4
 * Mon Aug 30 2010 Tom Eastep tom@shorewall.net

Shorewall6/uninstall.sh

@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Shorewall Firewall
 
-VERSION=4.4.13-RC1
+VERSION=4.4.13-Beta5
 
 usage() # $1 = exit status
 {

manpages/shorewall-tcinterfaces.xml

@@ -80,6 +80,22 @@
               <para>Bytes per second.</para>
             </listitem>
           </varlistentry>
+
+          <varlistentry>
+            <term>k or kb</term>
+
+            <listitem>
+              <para>Kilo bytes.</para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term>m or mb</term>
+
+            <listitem>
+              <para>Megabytes.</para>
+            </listitem>
+          </varlistentry>
         </variablelist>
       </listitem>
 
@@ -123,7 +139,8 @@
       </varlistentry>
 
       <varlistentry>
-        <term>IN-BANDWIDTH - [<replaceable>rate</replaceable>]</term>
+        <term>IN-BANDWIDTH -
+        [<replaceable>rate</replaceable>[:<replaceable>burst</replaceable>]]</term>
 
         <listitem>
           <para>Optional. If specified, enables ingress policing on the
@@ -140,6 +157,34 @@
           firewall to the upstream router as you gradually increase the
           setting.The optimal setting is at the point beyond which the ping
           time increases sharply as you increase the setting.</para>
+
+          <para>The <replaceable>burst</replaceable> option was added in
+          Shorewall 4.4.13. If not supplied, 10kb is assumed. A larger
+          <replaceable>burst</replaceable> size can help make the
+          <replaceable>rate</replaceable> estimate more accurate on fast
+          lines. The default <replaceable>burst</replaceable> often make the
+          enforced rate mush less that the specified
+          <replaceable>rate</replaceable>.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>OUT-BANDWIDTH -
+        [<replaceable>rate</replaceable>[:[<replaceable>burst</replaceable>][:[<replaceable>latency</replaceable>][:[<replaceable>peek</replaceable>][:[<replaceable>minburst</replaceable>]]]]]]</term>
+
+        <listitem>
+          <para>Added in Shorewall 4.4.13. The terms are defined in
+          tc-tbf(8).</para>
+
+          <para>Shorewall provides defaults as follows:</para>
+
+          <simplelist>
+            <member><replaceable>burst</replaceable> - 10kb</member>
+
+            <member><replaceable>latency</replaceable> - 200ms</member>
+          </simplelist>
+
+          <para>The remaining options are defaulted by tc(8).</para>
         </listitem>
       </varlistentry>
     </variablelist>
@@ -159,8 +204,8 @@
     shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5),
     shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
     shorewall-providers(5), shorewall-proxyarp(5), shorewall-route_rules(5),
-    shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5),
-    shorewall-tcpri(5), shorewall-tcrules(5), shorewall-tos(5),
-    shorewall-tunnels(5), shorewall-zones(5)</para>
+    shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
+    shorewall-secmarks(5), shorewall-tcpri(5), shorewall-tcrules(5),
+    shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)</para>
   </refsect1>
 </refentry>

manpages6/shorewall6-tcinterfaces.xml

@@ -80,6 +80,22 @@
               <para>Bytes per second.</para>
             </listitem>
           </varlistentry>
+
+          <varlistentry>
+            <term>k or kb</term>
+
+            <listitem>
+              <para>Kilo bytes.</para>
+            </listitem>
+          </varlistentry>
+
+          <varlistentry>
+            <term>m or mb</term>
+
+            <listitem>
+              <para>Megabytes.</para>
+            </listitem>
+          </varlistentry>
         </variablelist>
       </listitem>
 
@@ -123,7 +139,8 @@
       </varlistentry>
 
       <varlistentry>
-        <term>IN-BANDWIDTH - [<replaceable>rate</replaceable>]</term>
+        <term>IN-BANDWIDTH -
+        [<replaceable>rate</replaceable>[:<replaceable>burst</replaceable>]]</term>
 
         <listitem>
           <para>Optional. If specified, enables ingress policing on the
@@ -140,6 +157,34 @@
           firewall to the upstream router as you gradually increase the
           setting.The optimal setting is at the point beyond which the ping
           time increases sharply as you increase the setting.</para>
+
+          <para>The <replaceable>burst</replaceable> option was added in
+          Shorewall 4.4.13. If not supplied, 10kb is assumed. A larger
+          <replaceable>burst</replaceable> size can help make the
+          <replaceable>rate</replaceable> estimate more accurate on fast
+          lines. The default <replaceable>burst</replaceable> often make the
+          enforced rate mush less that the specified
+          <replaceable>rate</replaceable>.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>OUT-BANDWIDTH -
+        [<replaceable>rate</replaceable>[:[<replaceable>burst</replaceable>][:[<replaceable>latency</replaceable>][:[<replaceable>peek</replaceable>][:[<replaceable>minburst</replaceable>]]]]]]</term>
+
+        <listitem>
+          <para>Added in Shorewall 4.4.13. The terms are defined in
+          tc-tbf(8).</para>
+
+          <para>Shorewall provides defaults as follows:</para>
+
+          <simplelist>
+            <member><replaceable>burst</replaceable> - 10kb</member>
+
+            <member><replaceable>latency</replaceable> - 200ms</member>
+          </simplelist>
+
+          <para>The remaining options are defaulted by tc(8).</para>
         </listitem>
       </varlistentry>
     </variablelist>
@@ -158,7 +203,8 @@
     shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-maclist(5),
     shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5),
     shorewall6-route_rules(5), shorewall6-routestopped(5),
-    shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcpri,
-    shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5)</para>
+    shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5),
+    shorewall6-tcpri, shorewall6-tos(5), shorewall6-tunnels(5),
+    shorewall6-zones(5)</para>
   </refsect1>
 </refentry>