From 9e37fe1ffa30c5589b62107991692c18cbce65e7 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sat, 26 Jun 2010 07:42:08 -0700 Subject: [PATCH] Deimplement flawed rate limiting with simple TC Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Tc.pm | 44 ++-------------------------------- Shorewall/changelog.txt | 14 +++++------ Shorewall/releasenotes.txt | 14 +---------- 3 files changed, 9 insertions(+), 63 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm index 857d1ff3d..9ab530e2d 100644 --- a/Shorewall/Perl/Shorewall/Tc.pm +++ b/Shorewall/Perl/Shorewall/Tc.pm @@ -443,7 +443,7 @@ sub process_flow($) { } sub process_simple_device() { - my ( $device , $type , $in_bandwidth , $out_part ) = split_line 1, 4, 'tcinterfaces'; + my ( $device , $type , $in_bandwidth ) = split_line 1, 3, 'tcinterfaces'; fatal_error "Duplicate INTERFACE ($device)" if $tcdevices{$device}; fatal_error "Invalid INTERFACE name ($device)" if $device =~ /[:+]/; @@ -478,47 +478,7 @@ sub process_simple_device() { "run_tc filter add dev $physical parent ffff: protocol all prio 10 u32 match ip src 0.0.0.0/0 police rate ${in_bandwidth}kbit burst 10k drop flowid :1\n" ) if $in_bandwidth; - if ( $out_part ne '-' ) { - my ( $out_bandwidth, $burst, $latency, $peak, $minburst ) = split ':', $out_part; - - fatal_error "Invalid OUT-BANDWIDTH ($out_part)" if ( defined $minburst && $minburst =~ /:/ ) || $out_bandwidth eq ''; - - $out_bandwidth = rate_to_kbit( $out_bandwidth ); - - my $command = "run_tc qdisc add dev $physical root handle $number: tbf rate $out_bandwidth"; - - if ( defined $burst && $burst ne '' ) { - fatal_error "Invalid burst ($burst)" unless $burst =~ /^\d+(k|kb|m|mb|mbit|kbit|b)?$/; - $command .= " burst $burst"; - } else { - fatal_error "Missing OUT-BANDWIDTH Burst ($out_part)"; - } - - if ( defined $latency && $latency ne '' ) { - fatal_error "Invalid latency ($latency)" unless $latency =~ /^\d+(s|sec|secs|ms|msec|msecs|us|usec|usecs)?$/; - $command .= " latency $latency" - } else { - fatal_error "Missing OUT-BANDWIDTH Latency ($out_part)"; - } - - if ( defined $peak && $peak ne '' ) { - $peak = rate_to_kbit( $peak ); - $command .= " peakrate $peak"; - } - - if ( defined $minburst && $minburst ne '' ) { - fatal_error "Invalid minburst ($minburst)" unless $minburst =~ /^\d+(k|kb|m|mb|mbit|kbit|b)?$/; - $command .= " minburst $minburst"; - } - - emit $command; - - my $id = $number; $number = in_hexp( $devnum |= 0x100 ); - - emit "run_tc qdisc add dev $physical parent $id: handle $number: prio bands 3 priomap $config{TC_PRIOMAP}"; - } else { - emit "run_tc qdisc add dev $physical root handle $number: prio bands 3 priomap $config{TC_PRIOMAP}"; - } + emit "run_tc qdisc add dev $physical root handle $number: prio bands 3 priomap $config{TC_PRIOMAP}"; for ( my $i = 1; $i <= 3; $i++ ) { emit "run_tc qdisc add dev $physical parent $number:$i handle ${number}${i}: sfq quantum 1875 limit 127 perturb 10"; diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 3d60071ed..55a6ccfd3 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -1,18 +1,16 @@ Changes in Shorewall 4.4.11 -1) Allow rate limiting with Simple Traffic Shaping. +1) Apply patch from Gabriel. -2) Apply patch from Gabriel. +2) Fix IPSET match detection when a pathname is specified for IPSET. -3) Fix IPSET match detection when a pathname is specified for IPSET. +3) Fix start priority of shorewall-init on Debian -4) Fix start priority of shorewall-init on Debian +4) Make IPv6 log and connections output readable. -5) Make IPv6 log and connections output readable. +5) Add REQUIRE_INTERFACE to shorewall*.conf -6) Add REQUIRE_INTERFACE to shorewall*.conf - -7) Avoid run-time warnings when options are not listed in shorewall.conf. +6) Avoid run-time warnings when options are not listed in shorewall.conf. Changes in Shorewall 4.4.10 diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 10f7a13aa..2fda62b9d 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -258,19 +258,7 @@ None. V. N E W F E A T U R E S I N T H I S R E L E A S E ---------------------------------------------------------------------------- -1) Beginning with this release, Simple Traffic Shaping allows rate - limiting of outbound traffic using a Token Bucket Filter (man - tc-tbf). - - The /etc/shorewall/tcinterfaces file has an additional column - (OUT-BANDWIDTH). - - The format of this column is: - - ::[:[:]] - - See the tc and tc-tbf manpages for information about these - parameters. +None. ---------------------------------------------------------------------------- V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S