holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Fix 'refresh' traffic control treatment

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2738 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-09-28 18:29:11 +00:00
parent 6c76f878a8
commit 68390ca9d6
3 changed files with 34 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Shorewall/firewall
View File

@ -3822,12 +3822,13 @@ refresh_tc() {
done < $TMP_DIR/tcrules done < $TMP_DIR/tcrules
else else
setup_tc1 setup_tc1
fi
f=$(find_file tcstart) f=$(find_file tcstart)
if [ -x &f ]; then if [ -x $f ]; then
eval $f export CONFIG_PATH
fi eval $f
fi fi
} }

3
Shorewall/releasenotes.txt
View File

@ -8,6 +8,9 @@ Problems Corrected in 2.5.7:
ADMINISABSENTMINDED=Yes. That traffic is now enabled independent of ADMINISABSENTMINDED=Yes. That traffic is now enabled independent of
the setting of ADMINISABSENTMINDED. the setting of ADMINISABSENTMINDED.
2) The "shorewall refresh" command was clearing traffic shaping but not
reconfiguring it.
Problems Corrected in 2.5.6: Problems Corrected in 2.5.6:
1) The following fatal error could occur at startup: 1) The following fatal error could occur at startup:

52
Shorewall/tcstart
View File

@ -4,7 +4,7 @@
# (c) 2005 Arne Bernin <arne@ucbering.de> # (c) 2005 Arne Bernin <arne@ucbering.de>
# published under GPL Version 2 # published under GPL Version 2
if [ -z "$COMMAND" ]; then if [ "$SHOREWALL_LIBRARY" != Loaded ]; then
SHOREWALL_DIR=. SHOREWALL_DIR=.
SHARED_DIR=/usr/share/shorewall SHARED_DIR=/usr/share/shorewall
FUNCTIONS=$SHARED_DIR/functions FUNCTIONS=$SHARED_DIR/functions
@ -12,22 +12,22 @@ if [ -z "$COMMAND" ]; then
. $FUNCTIONS . $FUNCTIONS
ensure_and_save_command() ensure_and_save_command()
{ {
if ! eval $* ; then if ! eval $* ; then
[ -n "$TMP_DIR" ] && rm -rf $TMP_DIR [ -n "$TMP_DIR" ] && rm -rf $TMP_DIR
exit 2 exit 2
fi fi
} }
run_and_save_command() { eval $*; } run_and_save_command() { eval $*; }
save_progress_message() { echo $@; } save_progress_message() { echo $@; }
fatal_error() fatal_error()
{ {
echo " ERROR: $@" >&2 echo " ERROR: $@" >&2
[ -n "$TMP_DIR" ] && rm -rf $TMP_DIR [ -n "$TMP_DIR" ] && rm -rf $TMP_DIR
exit 2 exit 2
} }
TMP_DIR= TMP_DIR=
@ -99,17 +99,17 @@ setup_traffic_shaping()
;; ;;
*) *)
echo $1 echo $1
return 1 return 1
;; ;;
esac esac
done done
return 0 return 0
} }
get_defmark_for_dev() { get_defmark_for_dev() {
local searchdev searchmark device ceil prio options local searchdev searchmark device ceil prio options
searchdev=$1 searchdev=$1
while read device mark rate ceil prio options; do while read device mark rate ceil prio options; do
expandv device mark rate ceil prio options expandv device mark rate ceil prio options
options=$(separate_list $options | tr '[A-Z]' '[a-z]') options=$(separate_list $options | tr '[A-Z]' '[a-z]')
@ -132,14 +132,14 @@ setup_traffic_shaping()
while read device inband outband; do while read device inband outband; do
expandv device inband outband expandv device inband outband
tcdev="$device $inband $outband" tcdev="$device $inband $outband"
check_defmark_for_dev $device || fatal_error "Option default is not defined for any class in tcclasses for interface $device" check_defmark_for_dev $device || fatal_error "Option default is not defined for any class in tcclasses for interface $device"
case $interface in case $interface in
*:*|+) *:*|+)
fatal_error "Invalid Interface Name: $interface" fatal_error "Invalid Interface Name: $interface"
;; ;;
esac esac
list_search $device $devices && fatal_error "Interface $device is defined more than once in tcdevices" list_search $device $devices && fatal_error "Interface $device is defined more than once in tcdevices"
tc_all_devices="$tc_all_devices $device" tc_all_devices="$tc_all_devices $device"
done < $TMP_DIR/tcdevices done < $TMP_DIR/tcdevices
} }
@ -156,11 +156,11 @@ setup_traffic_shaping()
list_search "$device-$opt" $allopts && fatal_error "option $opt already defined in a chain for interface $device in tcclasses" list_search "$device-$opt" $allopts && fatal_error "option $opt already defined in a chain for interface $device in tcclasses"
allopts="$allopts $device-$opt" allopts="$allopts $device-$opt"
done done
wrongopt=$(check_tcclasses_options $options) || fatal_error "unknown option $wrongopt for class iface $device mark $mark in tcclasses file" wrongopt=$(check_tcclasses_options $options) || fatal_error "unknown option $wrongopt for class iface $device mark $mark in tcclasses file"
if [ -z "$ratew" ] ; then if [ -z "$ratew" ] ; then
fatal_error "device $device seems not to be configured in tcdevices" fatal_error "device $device seems not to be configured in tcdevices"
fi fi
list_search "$device-$mark" $classlist && fatal_error "Mark $mark for interface $device defined more than once in tcclasses" list_search "$device-$mark" $classlist && fatal_error "Mark $mark for interface $device defined more than once in tcclasses"
classlist="$classlist $device-$mark" classlist="$classlist $device-$mark"
done < $TMP_DIR/tcclasses done < $TMP_DIR/tcclasses
} }
@ -173,7 +173,7 @@ setup_traffic_shaping()
run_and_save_command qt tc qdisc del dev $device root run_and_save_command qt tc qdisc del dev $device root
run_and_save_command qt tc qdisc del dev $device ingress run_and_save_command qt tc qdisc del dev $device ingress
ensure_and_save_command tc qdisc add dev $device root handle 1: htb default 1$defmark ensure_and_save_command tc qdisc add dev $device root handle 1: htb default 1$defmark
ensure_and_save_command tc class add dev $device parent 1: classid 1:1 htb rate $outband ensure_and_save_command tc class add dev $device parent 1: classid 1:1 htb rate $outband
ensure_and_save_command tc qdisc add dev $device handle ffff: ingress ensure_and_save_command tc qdisc add dev $device handle ffff: ingress
ensure_and_save_command tc filter add dev $device parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${inband} burst 10k drop flowid :1 ensure_and_save_command tc filter add dev $device parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${inband} burst 10k drop flowid :1
} }
@ -186,11 +186,11 @@ setup_traffic_shaping()
if [ -z "$prio" ] ; then if [ -z "$prio" ] ; then
prio=1 prio=1
fi fi
case $rate in case $rate in
*full*) *full*)
rate=$(echo $rate | sed -e "s/full/$full/") rate=$(echo $rate | sed -e "s/full/$full/")
rate="$(($rate))kbit" rate="$(($rate))kbit"
;; ;;
esac esac
@ -200,7 +200,7 @@ setup_traffic_shaping()
ceil="$(($ceil))kbit" ceil="$(($ceil))kbit"
;; ;;
esac esac
ensure_and_save_command tc class add dev $device parent 1:1 classid 1:1$mark htb rate $rate ceil $ceil prio $prio quantum $(calculate_quantum $rate) ensure_and_save_command tc class add dev $device parent 1:1 classid 1:1$mark htb rate $rate ceil $ceil prio $prio quantum $(calculate_quantum $rate)
ensure_and_save_command tc qdisc add dev $device parent 1:1$mark handle 1$mark: sfq perturb 10 ensure_and_save_command tc qdisc add dev $device parent 1:1$mark handle 1$mark: sfq perturb 10
# add filters # add filters
@ -229,7 +229,7 @@ setup_traffic_shaping()
expandv device inband outband defmark ackmark expandv device inband outband defmark ackmark
tcdev="$device $inband $outband" tcdev="$device $inband $outband"
add_root_tc add_root_tc
progress_message " TC Device $tcdev Added." progress_message " TC Device $tcdev Added."
done < $TMP_DIR/tcdevices done < $TMP_DIR/tcdevices
fi fi
@ -241,7 +241,7 @@ setup_traffic_shaping()
tcdev="$device $mark $rate $ceil $prio $options" tcdev="$device $mark $rate $ceil $prio $options"
options=$(separate_list $options | tr '[A-Z]' '[a-z]') options=$(separate_list $options | tr '[A-Z]' '[a-z]')
add_tc_class add_tc_class
progress_message " TC Class \"$tcdev\" Added." progress_message " TC Class \"$tcdev\" Added."
done < $TMP_DIR/tcclasses done < $TMP_DIR/tcclasses
fi fi