From 9d6e0fd9ed4c944a4b3adf52c58002ad79d78743 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 9 Sep 2012 14:48:32 -0700 Subject: [PATCH] Add a PRIORITY column to the tcfilters file. Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Tc.pm | 7 ++++++- Shorewall/configfiles/tcfilters | 4 ++-- Shorewall/manpages/shorewall-tcfilters.xml | 11 +++++++++++ Shorewall6/configfiles/tcfilters | 4 ++-- Shorewall6/manpages/shorewall6-tcfilters.xml | 13 ++++++++++++- 5 files changed, 33 insertions(+), 6 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm index 8ac2140dc..5a16818ec 100644 --- a/Shorewall/Perl/Shorewall/Tc.pm +++ b/Shorewall/Perl/Shorewall/Tc.pm @@ -1353,7 +1353,7 @@ my %validlengths = ( 32 => '0xffe0', 64 => '0xffc0', 128 => '0xff80', 256 => '0x # sub process_tc_filter() { - my ( $devclass, $source, $dest , $proto, $portlist , $sportlist, $tos, $length ) = split_line 'tcfilters file', { class => 0, source => 1, dest => 2, proto => 3, dport => 4, sport => 5, tos => 6, length => 7 }; + my ( $devclass, $source, $dest , $proto, $portlist , $sportlist, $tos, $length, $priority ) = split_line 'tcfilters file', { class => 0, source => 1, dest => 2, proto => 3, dport => 4, sport => 5, tos => 6, length => 7 , priority => 8 }; fatal_error 'CLASS must be specified' if $devclass eq '-'; @@ -1365,6 +1365,11 @@ sub process_tc_filter() { my ( $ip, $ip32, $prio , $lo ) = $family == F_IPV4 ? ('ip', 'ip', 10, 2 ) : ('ipv6', 'ip6', 11 , 4 ); + if ( $priority ne '-' ) { + $prio = numeric_value $priority; + fatal_error "Invalid priority ($priority)" unless defined $prio && $prio >= 12; + } + my $devref; if ( $device =~ /^[\da-fA-F]+$/ && ! $tcdevices{$device} ) { diff --git a/Shorewall/configfiles/tcfilters b/Shorewall/configfiles/tcfilters index 97b7bafa6..b73c89a57 100644 --- a/Shorewall/configfiles/tcfilters +++ b/Shorewall/configfiles/tcfilters @@ -5,6 +5,6 @@ # # See http://shorewall.net/traffic_shaping.htm for additional information. # -############################################################################################## -#INTERFACE: SOURCE DEST PROTO DEST SOURCE TOS LENGTH +######################################################################################################## +#INTERFACE: SOURCE DEST PROTO DEST SOURCE TOS LENGTH PRIORITY #CLASS PORT(S) PORT(S) diff --git a/Shorewall/manpages/shorewall-tcfilters.xml b/Shorewall/manpages/shorewall-tcfilters.xml index 50dee7db6..55c9671e1 100644 --- a/Shorewall/manpages/shorewall-tcfilters.xml +++ b/Shorewall/manpages/shorewall-tcfilters.xml @@ -189,6 +189,17 @@ number will match the rule. + + + PRIORITY - [-|number] + + + Added in Shorewall 4.5.8. Specifies the rule priority. If not + given, priority 10 is assumed. The priority value must be >= + 12. + + diff --git a/Shorewall6/configfiles/tcfilters b/Shorewall6/configfiles/tcfilters index f745e9cbd..dcfb3073b 100644 --- a/Shorewall6/configfiles/tcfilters +++ b/Shorewall6/configfiles/tcfilters @@ -5,6 +5,6 @@ # # See http://shorewall.net/traffic_shaping.htm for additional information. # -############################################################################################## -#INTERFACE: SOURCE DEST PROTO DEST SOURCE TOS LENGTH +######################################################################################################## +#INTERFACE: SOURCE DEST PROTO DEST SOURCE TOS LENGTH PRIORITY #CLASS PORT(S) PORT(S) diff --git a/Shorewall6/manpages/shorewall6-tcfilters.xml b/Shorewall6/manpages/shorewall6-tcfilters.xml index ca4d287f6..4d3977343 100644 --- a/Shorewall6/manpages/shorewall6-tcfilters.xml +++ b/Shorewall6/manpages/shorewall6-tcfilters.xml @@ -185,6 +185,17 @@ number will match the rule. + + + PRIORITY - [-|number] + + + Added in Shorewall 4.5.8. Specifies the rule priority. If not + given, priority 11 is assumed. The priority value must be >= + 12. + + @@ -200,7 +211,7 @@ ALL cannot be used because IPv4 ICMP and IPv6 ICMP are two different protocols. - #CLASS SOURCE DEST PROTO DEST + #CLASS SOURCE DEST PROTO DEST # PORT IPV4