holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Revise WIDE_TC_MARKS classid generation

Browse Source
This commit is contained in:
Tom Eastep 2009-04-20 17:54:33 -07:00
parent dcee6562a2
commit 82bf6eb3f5
8 changed files with 41 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -1509,7 +1509,7 @@ sub verify_mark( $ ) {
sub verify_small_mark( $ ) {
verify_mark ( (my $mark) = $_[0] );
fatal_error "Mark value ($mark) too large" if numeric_value( $mark ) > ( $config{WIDE_TC_MARKS} ? 0x03FF : 0xFF );
fatal_error "Mark value ($mark) too large" if numeric_value( $mark ) > ( $config{WIDE_TC_MARKS} ? 0x3FFF : 0xFF );
}
sub validate_mark( $ ) {

7
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -599,7 +599,7 @@ sub validate_tc_class( $$$$$$ ) {
$markval = numeric_value( $mark );
fatal_error "Invalid MARK ($markval)" unless defined $markval;
$classnumber = $config{WIDE_TC_MARKS} ? ( $devref->{number} << 10 ) | $mark : 1 . $mark;
$classnumber = $config{WIDE_TC_MARKS} ? ( $devref->{number} << 10 ) | $markval : $devnum . $markval;
fatal_error "Duplicate MARK ($mark)" if $tcref->{$classnumber};
}
} else {
@ -651,7 +651,8 @@ sub validate_tc_class( $$$$$$ ) {
} elsif ( $option =~ /^occurs=(.+)$/ ) {
my $val = $1;
$occurs = numeric_value($val);
fatal_error "Invalid 'occurs' ($val)" unless defined $occurs && $occurs;
fatal_error "Invalid 'occurs' ($val)" unless defined $occurs && $occurs > 0;
fatal_error "Invalid 'occurs' ($val)" if $occurs > ( $config{WIDE_TC_MARKS} ? 8191 : 255 );
fatal_error "Duplicate 'occurs'" if $tcref->{occurs} > 1;
if ( $occurs > 1 ) {
fatal_error "The 'occurs' option is not valid with 'classify'" if $devref->{classify};
@ -1025,7 +1026,7 @@ sub setup_tc() {
if ( $config{HIGH_ROUTE_MARKS} ) {
for my $chain qw(INPUT FORWARD POSTROUTING) {
insert_rule1 $mangle_table->{$chain}, 0, $config{WIDE_TC_MARKS} ? '-j MARK --and-mark 0x03FF' : '-j MARK --and-mark 0xFF';
insert_rule1 $mangle_table->{$chain}, 0, $config{WIDE_TC_MARKS} ? '-j MARK --and-mark 0x3FFF' : '-j MARK --and-mark 0xFF';
}
}
}

12
Shorewall/releasenotes.txt
View File

@ -82,20 +82,24 @@ None.
Shorewall generates a TC class Id from a mark value.
- Prior to 4.3.9, the class number was constructed by concatinating
the device number with the mark value.
the either '1' or '10' with the mark value. '10' is used when
there are more than 10 devices defined in /etc/shorewall/tcdevices.
- Beginning with 4.3.9, the class number is constructed by shifting
- In 4.3.9, the class number is constructed by shifting
the device number left by 10 bits and logically ORing the result
with the mark value.
- In 4.3.10, a new method is added; the mark value is logically
ORed with 0x40000000;
The WIDE_TC_MARKS option in shorewall.conf selects which
construction to use. WIDE_TC_MARKS=No (the default) produces
pre-4.3.9 behavior. WIDE_TC_MARKS=Yes produces the new behavior.
In addition to determining the method of constructing class Ids,
WIDE_TC_MARKS=Yes provides for larger mark values for traffic
shaping. Traffic shaping marks may have values up to 1023 with
WIDE_TC_MARKS=Yes. This means that when both WIDE_TC_MARKS=Yes and
shaping. Traffic shaping marks may have values up to 16383 (0x3fff)
with WIDE_TC_MARKS=Yes. This means that when both WIDE_TC_MARKS=Yes and
HIGH_ROUTE_MARKS=Yes, routing marks (/etc/shorewall/providers MARK
column) must be >= 65536 (0x10000) and must be a multiple of 65536
(0x1000, 0x20000, 0x30000, ...).

8
Shorewall/shorewall
View File

@ -1448,7 +1448,7 @@ usage() # $1 = exit status
echo " delete <interface>[:<host-list>] ... <zone>"
echo " drop <address> ..."
echo " dump [ -x ]"
echo " encode <devnum> <mark>"
echo " encode <mark>"
echo " export [ <directory1> ] [<user>@]<system>[:<directory2>]"
echo " forget [ <file name> ]"
echo " help"
@ -1996,11 +1996,11 @@ case "$COMMAND" in
;;
decode)
[ $# -eq 2 ] || usage 1
echo "Device = $(($2 >> 10)) Mark = $(($2 & 0x3ff))"
echo "Mark = $(($2 & 0x3fff))"
;;
encode)
[ $# -eq 3 ] || usage 1
echo "Class Number = $((($2 << 10) | $3))"
[ $# -eq 2 ] || usage 1
echo "Class Number = $((0x4000 | $2))"
;;
call)
get_config

22
docs/traffic_shaping.xml
View File

@ -434,7 +434,7 @@ ppp0 6000kbit 500kbit</programlisting>
<listitem>
<para>MARK - The mark value which is an integer in the range 1-255
(1-1023 if you set WIDE_TC_MARKS=Yes in <ulink
(1-16383 if you set WIDE_TC_MARKS=Yes in <ulink
url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5) ). You
define these marks in the tcrules file, marking the traffic you want
to go into the queuing classes defined in here. You can use the same
@ -615,7 +615,7 @@ ppp0 6000kbit 500kbit</programlisting>
<listitem>
<para>MARK or CLASSIFY - MARK specifies the mark value is to be
assigned in case of a match. This is an integer in the range 1-255
(1-1023 if you set WIDE_TC_MARKS=Yes in <ulink
(1-16383 if you set WIDE_TC_MARKS=Yes in <ulink
url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5) ).
This value may be optionally followed by <quote>:</quote> and either
<quote>F</quote>, <quote>P</quote> or "T" to designate that the
@ -737,8 +737,10 @@ ppp0 6000kbit 500kbit</programlisting>
<itemizedlist>
<listitem>
<para>the MARK value of the class preceded by the number "1"
(MARK value 1 is &lt;minor&gt; class 11, MARK value 22 is
&lt;minor&gt; class 122, and so on)</para>
or "10" (MARK value 1 is &lt;minor&gt; class 11, MARK value
22 is &lt;minor&gt; class 122, and so on). "10" is used
where there are more than 10 devices defined in <link
linkend="tcdevices">/etc/shorewall/tcdevices</link>.</para>
</listitem>
</itemizedlist>
@ -751,15 +753,15 @@ ppp0 6000kbit 500kbit</programlisting>
<command>shorewall encode</command> and <command>shorewall
decode</command> commands (<ulink
url="manpages/shorewall.html">shorewall</ulink> (8)) may be
used to translate a device number/mark pair to/from a
&lt;minor&gt; class.</para>
used to translate a mark to/from a &lt;minor&gt;
class.</para>
<para>Examples:</para>
<programlisting>$ <command>shorewall encode 1 100</command>
Class Number = 1124
$ <command>shorewall decode 1124</command>
Device = 1 Mark = 100</programlisting>
<programlisting>$ <command>shorewall encode 100</command>
Class Number = 16484
$ <command>shorewall decode 16484</command>
Mark = 100</programlisting>
</listitem>
</itemizedlist>
</listitem>

10
manpages/shorewall.conf.xml
View File

@ -645,7 +645,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<listitem>
<para>Marks used for traffic shaping must be in the range of
1-1023 and may still not be set in the PREROUTING chain.</para>
1-16383 and may still not be set in the PREROUTING chain.</para>
</listitem>
</orderedlist>
@ -1723,14 +1723,14 @@ net all DROP info</programlisting>then the chain name is 'net2all'
</varlistentry>
<varlistentry>
<term><emphasis role="bold">WIDE_ROUTE_MARKS=</emphasis>{<emphasis
<term><emphasis role="bold">WIDE_TC_MARKS=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
<listitem>
<para>When set to No (the default), traffic shaping marks are 8
bytes wide (possible values are 1-255). When WIDE_ROUTE_MARKS=Yes,
traffic shaping marks are 10 bytes wide (values 1-1023). The setting
of WIDE_ROUTE_MARKS also has an effect on the HIGH_ROUTE_MARKS
bytes wide (possible values are 1-255). When WIDE_TC_MARKS=Yes,
traffic shaping marks are 14 bytes wide (values 1-16383). The
setting of WIDE_TC_MARKS also has an effect on the HIGH_ROUTE_MARKS
option (see above).</para>
</listitem>
</varlistentry>

6
manpages/shorewall.xml
View File

@ -159,8 +159,7 @@
<arg>-<replaceable>options</replaceable></arg>
<arg choice="plain"><option>encode</option><arg
choice="plain"><replaceable>devnum</replaceable><replaceable>
mark</replaceable></arg></arg>
choice="plain"><replaceable> mark</replaceable></arg></arg>
</cmdsynopsis>
<cmdsynopsis>
@ -748,7 +747,7 @@
<listitem>
<para>Decomposes the <replaceable>classnum</replaceable> into its
component device number and mark value.</para>
component mark value.</para>
</listitem>
</varlistentry>
@ -796,7 +795,6 @@
<listitem>
<para>Displays the class number derived from the
<replaceable>devnum</replaceable> and
<replaceable>mark</replaceable>.</para>
</listitem>
</varlistentry>

10
manpages6/shorewall6.conf.xml
View File

@ -500,7 +500,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
<listitem>
<para>Marks used for traffic shaping must be in the range of
1-1023 and may still not be set in the PREROUTING chain.</para>
1-16383 and may still not be set in the PREROUTING chain.</para>
</listitem>
</orderedlist>
@ -1212,14 +1212,14 @@ net all DROP info</programlisting>then the chain name is 'net2all'
</varlistentry>
<varlistentry>
<term><emphasis role="bold">WIDE_ROUTE_MARKS=</emphasis>{<emphasis
<term><emphasis role="bold">WIDE_TC_MARKS=</emphasis>{<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>}</term>
<listitem>
<para>When set to No (the default), traffic shaping marks are 8
bytes wide (possible values are 1-255). When WIDE_ROUTE_MARKS=Yes,
traffic shaping marks are 10 bytes wide (values 1-1023). The setting
of WIDE_ROUTE_MARKS also has an effect on the HIGH_ROUTE_MARKS
bytes wide (possible values are 1-255). When WIDE_TC_MARKS=Yes,
traffic shaping marks are 14 bytes wide (values 1-16383). The
setting of WIDE_TC_MARKS also has an effect on the HIGH_ROUTE_MARKS
option (see above).</para>
</listitem>
</varlistentry>