holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Document WIDE_TC_MARKS

Browse Source
This commit is contained in:
Tom Eastep 2009-04-20 14:58:36 -07:00
parent bc3424995b
commit 7740d367bb
4 changed files with 148 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall6/lib.base
View File

@ -38,7 +38,7 @@ SHOREWALL_CAPVERSION=40309
[ -n "${VARDIR:=/var/lib/shorewall6}" ] [ -n "${VARDIR:=/var/lib/shorewall6}" ]
[ -n "${SHAREDIR:=/usr/share/shorewall6}" ] [ -n "${SHAREDIR:=/usr/share/shorewall6}" ]
[ -n "${CONFDIR:=/etc/shorewall6}" ] [ -n "${CONFDIR:=/etc/shorewall6}" ]
PERLSHAREDIR=/usr/share/shorewall [ -n "${PERLSHAREDIR:=/usr/share/shorewall}" ]
# #
# Message to stderr # Message to stderr

78
docs/traffic_shaping.xml
View File

@ -173,8 +173,10 @@
<listitem> <listitem>
<para>MARK - Netfilter has a facility for <para>MARK - Netfilter has a facility for
<firstterm>marking</firstterm> packets. Packet marks have a numeric <firstterm>marking</firstterm> packets. Packet marks have a numeric
value which is limited in Shorewall to the values 1-255. You assign value which is limited in Shorewall to the values 1-255 (1-1023 if you
packet marks to different types of traffic using entries in the set WIDE_TC_MARKS=Yes in <ulink
url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5) ). You
assign packet marks to different types of traffic using entries in the
<filename>/etc/shorewall/tcrules</filename> file.</para> <filename>/etc/shorewall/tcrules</filename> file.</para>
</listitem> </listitem>
</orderedlist> </orderedlist>
@ -431,12 +433,14 @@ ppp0 6000kbit 500kbit</programlisting>
</listitem> </listitem>
<listitem> <listitem>
<para>MARK - The mark value which is an integer in the range 1-255. <para>MARK - The mark value which is an integer in the range 1-255
You define these marks in the tcrules file, marking the traffic you (1-1023 if you set WIDE_TC_MARKS=Yes in <ulink
want to go into the queuing classes defined in here. You can use the url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5) ). You
same marks for different Interfaces. You must specify "-' in this define these marks in the tcrules file, marking the traffic you want
column if the device specified in the INTERFACE column has the to go into the queuing classes defined in here. You can use the same
<emphasis role="bold">classify</emphasis> option in marks for different Interfaces. You must specify "-' in this column
if the device specified in the INTERFACE column has the <emphasis
role="bold">classify</emphasis> option in
<filename>/etc/shorewall/tcdevices</filename>.</para> <filename>/etc/shorewall/tcdevices</filename>.</para>
</listitem> </listitem>
@ -610,7 +614,9 @@ ppp0 6000kbit 500kbit</programlisting>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
<para>MARK or CLASSIFY - MARK specifies the mark value is to be <para>MARK or CLASSIFY - MARK specifies the mark value is to be
assigned in case of a match. This is an integer in the range 1-255. assigned in case of a match. This is an integer in the range 1-255
(1-1023 if you set WIDE_TC_MARKS=Yes in <ulink
url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5) ).
This value may be optionally followed by <quote>:</quote> and either This value may be optionally followed by <quote>:</quote> and either
<quote>F</quote>, <quote>P</quote> or "T" to designate that the <quote>F</quote>, <quote>P</quote> or "T" to designate that the
marking will occur in the FORWARD, PREROUTING or POSTROUTING chains marking will occur in the FORWARD, PREROUTING or POSTROUTING chains
@ -716,12 +722,54 @@ ppp0 6000kbit 500kbit</programlisting>
$FW[:&lt;<emphasis>address</emphasis>&gt;] in which case, the $FW[:&lt;<emphasis>address</emphasis>&gt;] in which case, the
classify action takes place in the OUTPUT chain. When used with the classify action takes place in the OUTPUT chain. When used with the
builtin traffic shaper, the &lt;major&gt; class is the interface builtin traffic shaper, the &lt;major&gt; class is the interface
number and the &lt;minor&gt; class is either a) the MARK value of number and the &lt;minor&gt; class is either:</para>
the class preceded by the number "1" (MARK value 1 is &lt;minor&gt;
class 11, MARK value 22 is &lt;minor&gt; class 122, and so on) or b) <orderedlist>
The class number (if the <emphasis role="bold">classify</emphasis> <listitem>
option was specified in for the interface <para>Constructed from the mark. The method of construction
<filename>/etc/shorewall/interfaces</filename>)</para> depends on the setting of WIDE_TC_MARKS (<ulink
url="manpages/shorewall.conf.html">shorewall.conf</ulink>
(5)).</para>
<para>When WIDE_TC_MARKS=No (the default), the &lt;minor&gt;
class is:</para>
<itemizedlist>
<listitem>
<para>the MARK value of the class preceded by the number "1"
(MARK value 1 is &lt;minor&gt; class 11, MARK value 22 is
&lt;minor&gt; class 122, and so on)</para>
</listitem>
</itemizedlist>
<para>When SIDE_TC_MARKS=Yes, the &lt;minor&gt; class is:</para>
<itemizedlist>
<listitem>
<para>The number shifted 10 bits to the left (multiplied by
1024) and logically ORed with the MARK value. The
<command>shorewall encode</command> and <command>shorewall
decode</command> commands (<ulink
url="manpages/shorewall.html">shorewall</ulink> (8)) may be
used to translate a device number/mark pair to/from a
&lt;minor&gt; class.</para>
<para>Examples:</para>
<programlisting>$ <command>shorewall encode 1 100</command>
Class Number = 1124
$ <command>shorewall decode 1124</command>
Device = 1 Mark = 100</programlisting>
</listitem>
</itemizedlist>
</listitem>
<listitem>
<para>The class number (if the <emphasis
role="bold">classify</emphasis> option was specified in for the
interface <filename>/etc/shorewall/interfaces</filename>)</para>
</listitem>
</orderedlist>
</listitem> </listitem>
<listitem> <listitem>

52
manpages/shorewall.conf.xml
View File

@ -598,14 +598,15 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<listitem> <listitem>
<para>Prior to version 3.2.0, it was not possible to use connection <para>Prior to version 3.2.0, it was not possible to use connection
marking in <ulink marking in <ulink
url="shorewall-tcrules.html">shorewall-tcrules</ulink>(5) if you url="shorewall-tcrules.html">shorewall-tcrules</ulink>(5) if you had
have a multi-ISP configuration that uses the track option.</para> a multi-ISP configuration that uses the track option.</para>
<para>Beginning with release 3.2.0, you may now set <para>Beginning with release 3.2.0, you may set HIGH_ROUTE_MARKS=Yes
HIGH_ROUTE_MARKS=Yes in to effectively divide the packet mark and in to effectively divide the packet mark and connection mark into
connection mark into two 8-byte mark fields.</para> two mark fields.</para>
<para>When you do this:</para> <para>The width of the fields are determined by the setting of
WIDE_TC_MARKS. If WIDE_TC_MARKS=No (the default):</para>
<orderedlist numeration="loweralpha"> <orderedlist numeration="loweralpha">
<listitem> <listitem>
@ -625,13 +626,33 @@ net all DROP info</programlisting>then the chain name is 'net2all'
of 1-255 and may still not be set in the PREROUTING of 1-255 and may still not be set in the PREROUTING
chain.</para> chain.</para>
</listitem> </listitem>
</orderedlist>
<para>When WIDE_TC_MARKS=Yes:</para>
<orderedlist numeration="loweralpha">
<listitem>
<para>The MARK field in the providers file must have a value
that is a multiple of 65536 (using hex representation, the
values are 0x010000-0xFF0000 with the low-order 16 bits being
zero).</para>
</listitem>
<listitem> <listitem>
<para>When you SAVE or RESTORE in tcrules, only the TC mark <para>You may only set those mark values in the PREROUTING
value is saved or restored. Shorewall handles saving and chain.</para>
restoring the routing (provider) marks.</para> </listitem>
<listitem>
<para>Marks used for traffic shaping must be in the range of
1-1023 and may still not be set in the PREROUTING chain.</para>
</listitem> </listitem>
</orderedlist> </orderedlist>
<para>Regardless of the setting of WIDE_TC_MARKS, when you SAVE or
RESTORE in tcrules, only the TC mark value is saved or restored.
Shorewall handles saving and restoring the routing (provider)
marks.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1700,6 +1721,19 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<para>If not specified, then 2 is assumed.</para> <para>If not specified, then 2 is assumed.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><emphasis role="bold">WIDE_ROUTE_MARKS=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
<listitem>
<para>When set to No (the default), traffic shaping marks are 8
bytes wide (possible values are 1-255). When WIDE_ROUTE_MARKS=Yes,
traffic shaping marks are 10 bytes wide (values 1-1023). The setting
of WIDE_ROUTE_MARKS also has an effect on the HIGH_ROUTE_MARKS
option (see above).</para>
</listitem>
</varlistentry>
</variablelist> </variablelist>
</refsect1> </refsect1>

46
manpages6/shorewall6.conf.xml
View File

@ -456,9 +456,12 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<listitem> <listitem>
<para>You may set HIGH_ROUTE_MARKS=Yes in to effectively divide the <para>You may set HIGH_ROUTE_MARKS=Yes in to effectively divide the
packet mark and connection mark into two 8-byte mark fields.</para> packet mark and connection mark into two mark fields.</para>
<para>When you do this:</para> <para>The width of the fields are determined by the setting of the
WIDE_TC_MARKS option.</para>
<para>When WIDE_TC_MARKS=No (the default):</para>
<orderedlist numeration="loweralpha"> <orderedlist numeration="loweralpha">
<listitem> <listitem>
@ -478,13 +481,33 @@ net all DROP info</programlisting>then the chain name is 'net2all'
of 1-255 and may still not be set in the PREROUTING of 1-255 and may still not be set in the PREROUTING
chain.</para> chain.</para>
</listitem> </listitem>
</orderedlist>
<para>When WIDE_TC_MARKS=Yes:</para>
<orderedlist numeration="loweralpha">
<listitem>
<para>The MARK field in the providers file must have a value
that is a multiple of 65536 (using hex representation, the
values are 0x010000-0xFF0000 with the low-order 16 bits being
zero).</para>
</listitem>
<listitem> <listitem>
<para>When you SAVE or RESTORE in tcrules, only the TC mark <para>You may only set those mark values in the PREROUTING
value is saved or restored. Shorewall6 handles saving and chain.</para>
restoring the routing (provider) marks.</para> </listitem>
<listitem>
<para>Marks used for traffic shaping must be in the range of
1-1023 and may still not be set in the PREROUTING chain.</para>
</listitem> </listitem>
</orderedlist> </orderedlist>
<para>Regardless of the setting of WIDE_TC_MARKS, when you SAVE or
RESTORE in tcrules, only the TC mark value is saved or restored.
Shorewall handles saving and restoring the routing (provider)
marks.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -1187,6 +1210,19 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<para>If not specified, then 2 is assumed.</para> <para>If not specified, then 2 is assumed.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><emphasis role="bold">WIDE_ROUTE_MARKS=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
<listitem>
<para>When set to No (the default), traffic shaping marks are 8
bytes wide (possible values are 1-255). When WIDE_ROUTE_MARKS=Yes,
traffic shaping marks are 10 bytes wide (values 1-1023). The setting
of WIDE_ROUTE_MARKS also has an effect on the HIGH_ROUTE_MARKS
option (see above).</para>
</listitem>
</varlistentry>
</variablelist> </variablelist>
</refsect1> </refsect1>