holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Make tc4shorewall play nice with save/restore

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2619 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-09-01 15:16:11 +00:00
parent 177bdf4070
commit 757ebcd164
4 changed files with 30 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Shorewall/changelog.txt
View File

@ -14,6 +14,9 @@ Changes in 2.5.4
7) Merge 'tc4shorewall' 7) Merge 'tc4shorewall'
8) Modify tc4shorewall so that it plays well with Shorewall
save/restore.
Changes in 2.5.3 Changes in 2.5.3
1) Allow exclusion lists in /etc/shorewall/tcrules. 1) Allow exclusion lists in /etc/shorewall/tcrules.

12
Shorewall/firewall
View File

@ -3346,12 +3346,16 @@ setup_tc1() {
f=$(find_file tcstart) f=$(find_file tcstart)
if [ -x $f ]; then if [ -f $f ]; then
run_user_exit tcstart run_user_exit tcstart
save_progress_message "Restoring Traffic Control..." f=$(find_file tcstart) # In case the script used this variable
save_command $(find_file tcstart)
if [ $f != /usr/share/shorewall/tcstart ]; then
save_progress_message "Restoring Traffic Control..."
save_command . $f
fi
fi fi
} }
@ -3752,8 +3756,6 @@ refresh_tc() {
rule=$(echo "$mark $sources $dests $proto $ports $sports") rule=$(echo "$mark $sources $dests $proto $ports $sports")
process_tc_rule process_tc_rule
done < $TMP_DIR/tcrules done < $TMP_DIR/tcrules
run_user_exit tcstart
else else
setup_tc1 setup_tc1
fi fi

4
Shorewall/releasenotes.txt
View File

@ -226,6 +226,10 @@ Migration Considerations:
ACCEPT them. See http://www.shorewall.net/VPNBasics.html for ACCEPT them. See http://www.shorewall.net/VPNBasics.html for
information on the rules generated by entries in the tunnels file. information on the rules generated by entries in the tunnels file.
10) In previous releases, the "refresh" command would run your tcstart
script. Beginning with this release, "refresh" will not run the
tcstart script.
New Features in Shorewall 2.5.* New Features in Shorewall 2.5.*
1) Error and warning messages are made easier to spot by using 1) Error and warning messages are made easier to spot by using

50
Shorewall/tcstart
View File

@ -5,25 +5,6 @@
# published under GPL Version 2 # published under GPL Version 2
if [ -z "$COMMAND" ]; then
SHOREWALL_DIR=.
SHARED_DIR=/usr/share/shorewall
FUNCTIONS=$SHARED_DIR/functions
. $FUNCTIONS
elif [ "$COMMAND" = restore ]; then
cd /etc/shorewall
SHOREWALL_DIR=.
fi
if [ -z "$COMMAND" -o "$COMMAND" = restore ]; then
run_tc() { tc $@; }
fatal_error() { echo " ERROR: $@" >&2; exit 2; }
TMP_DIR=
TMP_DIR=$(mktempdir)
fi
setup_traffic_shaping() setup_traffic_shaping()
{ {
local mtu r2q tc_all_devices device mark rate ceil prio options local mtu r2q tc_all_devices device mark rate ceil prio options
@ -160,12 +141,12 @@ setup_traffic_shaping()
add_root_tc() { add_root_tc() {
local defmark local defmark
defmark=$(get_defmark_for_dev $device) defmark=$(get_defmark_for_dev $device)
tc qdisc del dev $device root 2>/dev/null > /dev/null run_and_save_command "tc qdisc del dev $device root 2>/dev/null > /dev/null"
tc qdisc del dev $device ingress 2>/dev/null > /dev/null run_and_save_command "tc qdisc del dev $device ingress 2>/dev/null > /dev/null"
run_tc qdisc add dev $device root handle 1: htb default 1$defmark ensure_and_save_command tc qdisc add dev $device root handle 1: htb default 1$defmark
run_tc class add dev $device parent 1: classid 1:1 htb rate $outband ensure_and_save_command tc class add dev $device parent 1: classid 1:1 htb rate $outband
run_tc qdisc add dev $device handle ffff: ingress ensure_and_save_command tc qdisc add dev $device handle ffff: ingress
run_tc filter add dev $device parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${inband} burst 10k drop flowid :1 ensure_and_save_command tc filter add dev $device parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${inband} burst 10k drop flowid :1
} }
add_tc_class() { add_tc_class() {
@ -193,17 +174,17 @@ setup_traffic_shaping()
esac esac
#set +x #set +x
run_tc class add dev $device parent 1:1 classid 1:1$mark htb rate $rate ceil $ceil prio $prio quantum $(calculate_quantum $rate) ensure_and_save_command tc class add dev $device parent 1:1 classid 1:1$mark htb rate $rate ceil $ceil prio $prio quantum $(calculate_quantum $rate)
run_tc qdisc add dev $device parent 1:1$mark handle 1$mark: sfq perturb 10 ensure_and_save_command tc qdisc add dev $device parent 1:1$mark handle 1$mark: sfq perturb 10
# add filters # add filters
run_tc filter add dev $device protocol ip parent 1:0 prio 1 handle $mark fw classid 1:1$mark ensure_and_save_command tc filter add dev $device protocol ip parent 1:0 prio 1 handle $mark fw classid 1:1$mark
# options # options
list_search "tcp-ack" $options && run_tc filter add dev $device parent 1:0 protocol ip prio 10 u32 match ip protocol 6 0xff match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 2 match u8 0x10 0xff at 33 flowid 1:1$mark list_search "tcp-ack" $options && ensure_and_save_command tc filter add dev $device parent 1:0 protocol ip prio 10 u32 match ip protocol 6 0xff match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 2 match u8 0x10 0xff at 33 flowid 1:1$mark
list_search "tos-minimize-delay" $options && run_tc filter add dev $device parent 1:0 protocol ip prio 10 u32 match ip tos 0x10 0xff flowid 1:1$mark list_search "tos-minimize-delay" $options && ensure_and_save_command tc filter add dev $device parent 1:0 protocol ip prio 10 u32 match ip tos 0x10 0xff flowid 1:1$mark
list_search "tos-minimize-cost" $options && run_tc filter add dev $device parent 1:0 protocol ip prio 10 u32 match ip tos 0x02 0xff flowid 1:1$mark list_search "tos-minimize-cost" $options && ensure_and_save_command tc filter add dev $device parent 1:0 protocol ip prio 10 u32 match ip tos 0x02 0xff flowid 1:1$mark
list_search "tos-maximize-troughput" $options && run_tc filter add dev $device parent 1:0 protocol ip prio 10 u32 match ip tos 0x08 0xff flowid 1:1$mark list_search "tos-maximize-troughput" $options && ensure_and_save_command tc filter add dev $device parent 1:0 protocol ip prio 10 u32 match ip tos 0x08 0xff flowid 1:1$mark
list_search "tos-minimize-reliability" $options && run_tc filter add dev $device parent 1:0 protocol ip prio 10 u32 match ip tos 0x04 0xff flowid 1:1$mark list_search "tos-minimize-reliability" $options && ensure_and_save_command tc filter add dev $device parent 1:0 protocol ip prio 10 u32 match ip tos 0x04 0xff flowid 1:1$mark
list_search "tos-normal-service" $options && run_tc filter add dev $device parent 1:0 protocol ip prio 10 u32 match ip tos 0x00 0xff flowid 1:1$mark list_search "tos-normal-service" $options && ensure_and_save_command tc filter add dev $device parent 1:0 protocol ip prio 10 u32 match ip tos 0x00 0xff flowid 1:1$mark
# tcp # tcp
set +x set +x
} }
@ -215,6 +196,7 @@ setup_traffic_shaping()
validate_tcclasses_file validate_tcclasses_file
if [ -s $TMP_DIR/tcdevices ]; then if [ -s $TMP_DIR/tcdevices ]; then
save_progress_message "Restoring Traffic Control..."
echo "Processing tcdevices..." echo "Processing tcdevices..."
while read device inband outband defmark ackmark; do while read device inband outband defmark ackmark; do