diff --git a/Shorewall6/lib.base b/Shorewall6/lib.base
index c25bea42c..25ae588f9 100644
--- a/Shorewall6/lib.base
+++ b/Shorewall6/lib.base
@@ -38,7 +38,7 @@ SHOREWALL_CAPVERSION=40309
[ -n "${VARDIR:=/var/lib/shorewall6}" ]
[ -n "${SHAREDIR:=/usr/share/shorewall6}" ]
[ -n "${CONFDIR:=/etc/shorewall6}" ]
-PERLSHAREDIR=/usr/share/shorewall
+[ -n "${PERLSHAREDIR:=/usr/share/shorewall}" ]
#
# Message to stderr
diff --git a/docs/traffic_shaping.xml b/docs/traffic_shaping.xml
index 004a99ec4..165781027 100644
--- a/docs/traffic_shaping.xml
+++ b/docs/traffic_shaping.xml
@@ -173,8 +173,10 @@
MARK - Netfilter has a facility for
marking packets. Packet marks have a numeric
- value which is limited in Shorewall to the values 1-255. You assign
- packet marks to different types of traffic using entries in the
+ value which is limited in Shorewall to the values 1-255 (1-1023 if you
+ set WIDE_TC_MARKS=Yes in shorewall.conf (5) ). You
+ assign packet marks to different types of traffic using entries in the
/etc/shorewall/tcrules file.
@@ -431,12 +433,14 @@ ppp0 6000kbit 500kbit
- MARK - The mark value which is an integer in the range 1-255.
- You define these marks in the tcrules file, marking the traffic you
- want to go into the queuing classes defined in here. You can use the
- same marks for different Interfaces. You must specify "-' in this
- column if the device specified in the INTERFACE column has the
- classify option in
+ MARK - The mark value which is an integer in the range 1-255
+ (1-1023 if you set WIDE_TC_MARKS=Yes in shorewall.conf (5) ). You
+ define these marks in the tcrules file, marking the traffic you want
+ to go into the queuing classes defined in here. You can use the same
+ marks for different Interfaces. You must specify "-' in this column
+ if the device specified in the INTERFACE column has the classify option in
/etc/shorewall/tcdevices.
@@ -610,7 +614,9 @@ ppp0 6000kbit 500kbit
MARK or CLASSIFY - MARK specifies the mark value is to be
- assigned in case of a match. This is an integer in the range 1-255.
+ assigned in case of a match. This is an integer in the range 1-255
+ (1-1023 if you set WIDE_TC_MARKS=Yes in shorewall.conf (5) ).
This value may be optionally followed by :
and either
F
, P
or "T" to designate that the
marking will occur in the FORWARD, PREROUTING or POSTROUTING chains
@@ -716,12 +722,54 @@ ppp0 6000kbit 500kbit
$FW[:<address>] in which case, the
classify action takes place in the OUTPUT chain. When used with the
builtin traffic shaper, the <major> class is the interface
- number and the <minor> class is either a) the MARK value of
- the class preceded by the number "1" (MARK value 1 is <minor>
- class 11, MARK value 22 is <minor> class 122, and so on) or b)
- The class number (if the classify
- option was specified in for the interface
- /etc/shorewall/interfaces)
+ number and the <minor> class is either:
+
+
+
+ Constructed from the mark. The method of construction
+ depends on the setting of WIDE_TC_MARKS (shorewall.conf
+ (5)).
+
+ When WIDE_TC_MARKS=No (the default), the <minor>
+ class is:
+
+
+
+ the MARK value of the class preceded by the number "1"
+ (MARK value 1 is <minor> class 11, MARK value 22 is
+ <minor> class 122, and so on)
+
+
+
+ When SIDE_TC_MARKS=Yes, the <minor> class is:
+
+
+
+ The number shifted 10 bits to the left (multiplied by
+ 1024) and logically ORed with the MARK value. The
+ shorewall encode and shorewall
+ decode commands (shorewall (8)) may be
+ used to translate a device number/mark pair to/from a
+ <minor> class.
+
+ Examples:
+
+ $ shorewall encode 1 100
+Class Number = 1124
+$ shorewall decode 1124
+Device = 1 Mark = 100
+
+
+
+
+
+ The class number (if the classify option was specified in for the
+ interface /etc/shorewall/interfaces)
+
+
diff --git a/manpages/shorewall.conf.xml b/manpages/shorewall.conf.xml
index ffa69d22f..b8308072c 100644
--- a/manpages/shorewall.conf.xml
+++ b/manpages/shorewall.conf.xml
@@ -598,14 +598,15 @@ net all DROP infothen the chain name is 'net2all'
Prior to version 3.2.0, it was not possible to use connection
marking in shorewall-tcrules(5) if you
- have a multi-ISP configuration that uses the track option.
+ url="shorewall-tcrules.html">shorewall-tcrules(5) if you had
+ a multi-ISP configuration that uses the track option.
- Beginning with release 3.2.0, you may now set
- HIGH_ROUTE_MARKS=Yes in to effectively divide the packet mark and
- connection mark into two 8-byte mark fields.
+ Beginning with release 3.2.0, you may set HIGH_ROUTE_MARKS=Yes
+ in to effectively divide the packet mark and connection mark into
+ two mark fields.
- When you do this:
+ The width of the fields are determined by the setting of
+ WIDE_TC_MARKS. If WIDE_TC_MARKS=No (the default):
@@ -625,13 +626,33 @@ net all DROP infothen the chain name is 'net2all'
of 1-255 and may still not be set in the PREROUTING
chain.
+
+
+ When WIDE_TC_MARKS=Yes:
+
+
+
+ The MARK field in the providers file must have a value
+ that is a multiple of 65536 (using hex representation, the
+ values are 0x010000-0xFF0000 with the low-order 16 bits being
+ zero).
+
- When you SAVE or RESTORE in tcrules, only the TC mark
- value is saved or restored. Shorewall handles saving and
- restoring the routing (provider) marks.
+ You may only set those mark values in the PREROUTING
+ chain.
+
+
+
+ Marks used for traffic shaping must be in the range of
+ 1-1023 and may still not be set in the PREROUTING chain.
+
+ Regardless of the setting of WIDE_TC_MARKS, when you SAVE or
+ RESTORE in tcrules, only the TC mark value is saved or restored.
+ Shorewall handles saving and restoring the routing (provider)
+ marks.
@@ -1700,6 +1721,19 @@ net all DROP infothen the chain name is 'net2all'
If not specified, then 2 is assumed.
+
+
+ WIDE_ROUTE_MARKS={Yes|No}
+
+
+ When set to No (the default), traffic shaping marks are 8
+ bytes wide (possible values are 1-255). When WIDE_ROUTE_MARKS=Yes,
+ traffic shaping marks are 10 bytes wide (values 1-1023). The setting
+ of WIDE_ROUTE_MARKS also has an effect on the HIGH_ROUTE_MARKS
+ option (see above).
+
+
diff --git a/manpages6/shorewall6.conf.xml b/manpages6/shorewall6.conf.xml
index 9479957fc..426447d74 100644
--- a/manpages6/shorewall6.conf.xml
+++ b/manpages6/shorewall6.conf.xml
@@ -456,9 +456,12 @@ net all DROP infothen the chain name is 'net2all'
You may set HIGH_ROUTE_MARKS=Yes in to effectively divide the
- packet mark and connection mark into two 8-byte mark fields.
+ packet mark and connection mark into two mark fields.
- When you do this:
+ The width of the fields are determined by the setting of the
+ WIDE_TC_MARKS option.
+
+ When WIDE_TC_MARKS=No (the default):
@@ -478,13 +481,33 @@ net all DROP infothen the chain name is 'net2all'
of 1-255 and may still not be set in the PREROUTING
chain.
+
+
+ When WIDE_TC_MARKS=Yes:
+
+
+
+ The MARK field in the providers file must have a value
+ that is a multiple of 65536 (using hex representation, the
+ values are 0x010000-0xFF0000 with the low-order 16 bits being
+ zero).
+
- When you SAVE or RESTORE in tcrules, only the TC mark
- value is saved or restored. Shorewall6 handles saving and
- restoring the routing (provider) marks.
+ You may only set those mark values in the PREROUTING
+ chain.
+
+
+
+ Marks used for traffic shaping must be in the range of
+ 1-1023 and may still not be set in the PREROUTING chain.
+
+ Regardless of the setting of WIDE_TC_MARKS, when you SAVE or
+ RESTORE in tcrules, only the TC mark value is saved or restored.
+ Shorewall handles saving and restoring the routing (provider)
+ marks.
@@ -1187,6 +1210,19 @@ net all DROP infothen the chain name is 'net2all'
If not specified, then 2 is assumed.
+
+
+ WIDE_ROUTE_MARKS={Yes|No}
+
+
+ When set to No (the default), traffic shaping marks are 8
+ bytes wide (possible values are 1-255). When WIDE_ROUTE_MARKS=Yes,
+ traffic shaping marks are 10 bytes wide (values 1-1023). The setting
+ of WIDE_ROUTE_MARKS also has an effect on the HIGH_ROUTE_MARKS
+ option (see above).
+
+