Deimplement flawed rate limiting with simple TC

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-06-26 07:42:08 -07:00
parent fc95cb8dc6
commit 9e37fe1ffa
3 changed files with 9 additions and 63 deletions

View File

@ -443,7 +443,7 @@ sub process_flow($) {
}
sub process_simple_device() {
my ( $device , $type , $in_bandwidth , $out_part ) = split_line 1, 4, 'tcinterfaces';
my ( $device , $type , $in_bandwidth ) = split_line 1, 3, 'tcinterfaces';
fatal_error "Duplicate INTERFACE ($device)" if $tcdevices{$device};
fatal_error "Invalid INTERFACE name ($device)" if $device =~ /[:+]/;
@ -478,47 +478,7 @@ sub process_simple_device() {
"run_tc filter add dev $physical parent ffff: protocol all prio 10 u32 match ip src 0.0.0.0/0 police rate ${in_bandwidth}kbit burst 10k drop flowid :1\n"
) if $in_bandwidth;
if ( $out_part ne '-' ) {
my ( $out_bandwidth, $burst, $latency, $peak, $minburst ) = split ':', $out_part;
fatal_error "Invalid OUT-BANDWIDTH ($out_part)" if ( defined $minburst && $minburst =~ /:/ ) || $out_bandwidth eq '';
$out_bandwidth = rate_to_kbit( $out_bandwidth );
my $command = "run_tc qdisc add dev $physical root handle $number: tbf rate $out_bandwidth";
if ( defined $burst && $burst ne '' ) {
fatal_error "Invalid burst ($burst)" unless $burst =~ /^\d+(k|kb|m|mb|mbit|kbit|b)?$/;
$command .= " burst $burst";
} else {
fatal_error "Missing OUT-BANDWIDTH Burst ($out_part)";
}
if ( defined $latency && $latency ne '' ) {
fatal_error "Invalid latency ($latency)" unless $latency =~ /^\d+(s|sec|secs|ms|msec|msecs|us|usec|usecs)?$/;
$command .= " latency $latency"
} else {
fatal_error "Missing OUT-BANDWIDTH Latency ($out_part)";
}
if ( defined $peak && $peak ne '' ) {
$peak = rate_to_kbit( $peak );
$command .= " peakrate $peak";
}
if ( defined $minburst && $minburst ne '' ) {
fatal_error "Invalid minburst ($minburst)" unless $minburst =~ /^\d+(k|kb|m|mb|mbit|kbit|b)?$/;
$command .= " minburst $minburst";
}
emit $command;
my $id = $number; $number = in_hexp( $devnum |= 0x100 );
emit "run_tc qdisc add dev $physical parent $id: handle $number: prio bands 3 priomap $config{TC_PRIOMAP}";
} else {
emit "run_tc qdisc add dev $physical root handle $number: prio bands 3 priomap $config{TC_PRIOMAP}";
}
for ( my $i = 1; $i <= 3; $i++ ) {
emit "run_tc qdisc add dev $physical parent $number:$i handle ${number}${i}: sfq quantum 1875 limit 127 perturb 10";

View File

@ -1,18 +1,16 @@
Changes in Shorewall 4.4.11
1) Allow rate limiting with Simple Traffic Shaping.
1) Apply patch from Gabriel.
2) Apply patch from Gabriel.
2) Fix IPSET match detection when a pathname is specified for IPSET.
3) Fix IPSET match detection when a pathname is specified for IPSET.
3) Fix start priority of shorewall-init on Debian
4) Fix start priority of shorewall-init on Debian
4) Make IPv6 log and connections output readable.
5) Make IPv6 log and connections output readable.
5) Add REQUIRE_INTERFACE to shorewall*.conf
6) Add REQUIRE_INTERFACE to shorewall*.conf
7) Avoid run-time warnings when options are not listed in shorewall.conf.
6) Avoid run-time warnings when options are not listed in shorewall.conf.
Changes in Shorewall 4.4.10

View File

@ -258,19 +258,7 @@ None.
V. N E W F E A T U R E S I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) Beginning with this release, Simple Traffic Shaping allows rate
limiting of outbound traffic using a Token Bucket Filter (man
tc-tbf).
The /etc/shorewall/tcinterfaces file has an additional column
(OUT-BANDWIDTH).
The format of this column is:
<rate>:<burst>:<latency>[:<peakrate>[:<minburst>]]
See the tc and tc-tbf manpages for information about these
parameters.
None.
----------------------------------------------------------------------------
V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S