Update Shorewall6 .conf files and manpage

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-19 16:54:10 -08:00 · 2011-11-19 16:54:10 -08:00 · 9d56fcab89
commit 9d56fcab89
parent 2fd3766be8
6 changed files with 164 additions and 4 deletions
--- a/Samples6/Universal/shorewall6.conf
+++ b/Samples6/Universal/shorewall6.conf
@ -183,4 +183,16 @@ SMURF_DISPOSITION=DROP

 TCP_FLAGS_DISPOSITION=DROP

-#LAST LINE -- DO NOT REMOVE
+################################################################################
+#			P A C K E T  M A R K  L A Y O U T
+################################################################################
+
+TC_BITS=
+
+PROVIDER_BITS=
+
+PROVIDER_OFFSET=
+
+MASK_BITS=
+
+ZONE_BITS=0
--- a/Samples6/one-interface/shorewall6.conf
+++ b/Samples6/one-interface/shorewall6.conf
@ -183,4 +183,16 @@ SMURF_DISPOSITION=DROP

 TCP_FLAGS_DISPOSITION=DROP

-#LAST LINE -- DO NOT REMOVE
+################################################################################
+#			P A C K E T  M A R K  L A Y O U T
+################################################################################
+
+TC_BITS=
+
+PROVIDER_BITS=
+
+PROVIDER_OFFSET=
+
+MASK_BITS=
+
+ZONE_BITS=0
--- a/Samples6/three-interfaces/shorewall6.conf
+++ b/Samples6/three-interfaces/shorewall6.conf
@ -183,4 +183,16 @@ SMURF_DISPOSITION=DROP

 TCP_FLAGS_DISPOSITION=DROP

-#LAST LINE -- DO NOT REMOVE
+################################################################################
+#			P A C K E T  M A R K  L A Y O U T
+################################################################################
+
+TC_BITS=
+
+PROVIDER_BITS=
+
+PROVIDER_OFFSET=
+
+MASK_BITS=
+
+ZONE_BITS=0
--- a/Samples6/two-interfaces/shorewall6.conf
+++ b/Samples6/two-interfaces/shorewall6.conf
@ -183,4 +183,16 @@ SMURF_DISPOSITION=DROP

 TCP_FLAGS_DISPOSITION=DROP

-#LAST LINE -- DO NOT REMOVE
+################################################################################
+#			P A C K E T  M A R K  L A Y O U T
+################################################################################
+
+TC_BITS=
+
+PROVIDER_BITS=
+
+PROVIDER_OFFSET=
+
+MASK_BITS=
+
+ZONE_BITS=0
--- a/Shorewall6/configfiles/shorewall6.conf
+++ b/Shorewall6/configfiles/shorewall6.conf
@ -182,3 +182,17 @@ SFILTER_DISPOSITION=DROP
 SMURF_DISPOSITION=DROP

 TCP_FLAGS_DISPOSITION=DROP
+
+################################################################################
+#			P A C K E T  M A R K  L A Y O U T
+################################################################################
+
+TC_BITS=
+
+PROVIDER_BITS=
+
+PROVIDER_OFFSET=
+
+MASK_BITS=
+
+ZONE_BITS=0
--- a/manpages6/shorewall6.conf.xml
+++ b/manpages6/shorewall6.conf.xml
@ -1112,6 +1112,55 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
        </listitem>
      </varlistentry>

+      <varlistentry id="MASK_BITS">
+        <term><emphasis
+        role="bold">MASK_BITS</emphasis>=[<replaceable>number</replaceable>]</term>
+
+        <listitem>
+          <para>Added in Shorewall 4.4.26. Number of bits on the right of the
+          32-bit packet mark to be masked when clearing the traffic shaping
+          mark. Must be &gt;= TC_BITS and &lt;= PROVIDER_OFFSET (if
+          PROVIDER_OFFSET &gt; 0). Default value and the default values of the
+          other mark layout options is determined as follows:</para>
+
+          <table frame="none">
+            <title>Default Packet Mark Layout</title>
+
+            <tgroup cols="2">
+              <tbody>
+                <row>
+                  <entry>WIDE_TC_MARKS=No, HIGH_ROUTE_MARKS=No</entry>
+
+                  <entry>TC_BITS=8, PROVIDER_BITS=8, PROVIDER_OFFSET=0,
+                  MASK_BITS=8</entry>
+                </row>
+
+                <row>
+                  <entry>WIDE_TC_MARKS=No, HIGH_ROUTE_MARKS=Yes</entry>
+
+                  <entry>TC_BITS=8, PROVIDER_BITS=8, PROVIDER_OFFSET=8,
+                  MASK_BITS=8</entry>
+                </row>
+
+                <row>
+                  <entry>WIDE_TC_MARKS=Yes, HIGH_ROUTE_MARKS=No</entry>
+
+                  <entry>TC_BITS=14, PROVIDER_BITS=8, PROVIDER_OFFSET=0,
+                  MASK_BITS=16</entry>
+                </row>
+
+                <row>
+                  <entry>WIDE_TC_MARKS=Yes, HIGH_ROUTE_MARKS=Yes</entry>
+
+                  <entry>TC_BITS=14, PROVIDER_BITS=8, PROVIDER_OFFSET=16,
+                  MASK_BITS=16</entry>
+                </row>
+              </tbody>
+            </tgroup>
+          </table>
+        </listitem>
+      </varlistentry>
+
      <varlistentry>
        <term><emphasis role="bold">MODULE_SUFFIX=</emphasis>[<emphasis
        role="bold">"</emphasis><emphasis>extension</emphasis> ...<emphasis
@ -1298,6 +1347,31 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
        </listitem>
      </varlistentry>

+      <varlistentry>
+        <term><emphasis
+        role="bold">PROVIDER_BITS</emphasis>=[<replaceable>number</replaceable>]</term>
+
+        <listitem>
+          <para>Added in Shorewall 4.4.26. The number of bits in the 32-bit
+          packet mark to be used for provider numbers. May be zero. See <link
+          linkend="MASK_BITS">MASK_BITS</link> above for default value.</para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><emphasis
+        role="bold">PROVIDER_OFFSET</emphasis>=[<replaceable>number</replaceable>]</term>
+
+        <listitem>
+          <para>Added in Shorewall 4.4.26. The offset from the right
+          (low-order end) of the provider number field in the 32-bit packet
+          mark. If non-zero, must be &gt;= TC_BITS (Shorewall automatically
+          adjusts PROVIDER_OFFSET's value). PROVIDER_OFFSET + PROVIDER_BITS +
+          ZONE_BITS must be &lt; 32. See <link
+          linkend="MASK_BITS">MASK_BITS</link> above for default value.</para>
+        </listitem>
+      </varlistentry>
+
      <varlistentry>
        <term><emphasis
        role="bold">RCP_COMMAND="</emphasis><replaceable>command</replaceable><emphasis
@ -1505,6 +1579,18 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
        </listitem>
      </varlistentry>

+      <varlistentry>
+        <term><emphasis
+        role="bold">TC_BITS</emphasis>=[<replaceable>number</replaceable>]</term>
+
+        <listitem>
+          <para>Added in Shorewall 4.4.26. The number of bits at the low end
+          of the 32-bit packet mark to be used for traffic shaping marking.
+          May be zero. See <link linkend="MASK_BITS">MASK_BITS</link> above
+          for default value.</para>
+        </listitem>
+      </varlistentry>
+
      <varlistentry>
        <term><emphasis role="bold">TC_ENABLED=</emphasis>[<emphasis
        role="bold">Yes</emphasis>|<emphasis
@ -1743,6 +1829,18 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
        </listitem>
      </varlistentry>

+      <varlistentry>
+        <term><emphasis
+        role="bold">ZONE_BITS</emphasis>=[<replaceable>number</replaceable>]</term>
+
+        <listitem>
+          <para>Added in Shorewall 4.4.26. When non-zero, enables automatic
+          packet marking by source zone and determines the number of bits in
+          the 32-bit packet mark to be used for the zone mark. Default value
+          is 0.</para>
+        </listitem>
+      </varlistentry>
+
      <varlistentry>
        <term><emphasis
        role="bold">ZONE2ZONE</emphasis>={<option>2</option>|<option>-</option>}</term>