forked from extern/shorewall_code
Deimplement flawed rate limiting with simple TC
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
fc95cb8dc6
commit
9e37fe1ffa
@ -443,7 +443,7 @@ sub process_flow($) {
|
||||
}
|
||||
|
||||
sub process_simple_device() {
|
||||
my ( $device , $type , $in_bandwidth , $out_part ) = split_line 1, 4, 'tcinterfaces';
|
||||
my ( $device , $type , $in_bandwidth ) = split_line 1, 3, 'tcinterfaces';
|
||||
|
||||
fatal_error "Duplicate INTERFACE ($device)" if $tcdevices{$device};
|
||||
fatal_error "Invalid INTERFACE name ($device)" if $device =~ /[:+]/;
|
||||
@ -478,47 +478,7 @@ sub process_simple_device() {
|
||||
"run_tc filter add dev $physical parent ffff: protocol all prio 10 u32 match ip src 0.0.0.0/0 police rate ${in_bandwidth}kbit burst 10k drop flowid :1\n"
|
||||
) if $in_bandwidth;
|
||||
|
||||
if ( $out_part ne '-' ) {
|
||||
my ( $out_bandwidth, $burst, $latency, $peak, $minburst ) = split ':', $out_part;
|
||||
|
||||
fatal_error "Invalid OUT-BANDWIDTH ($out_part)" if ( defined $minburst && $minburst =~ /:/ ) || $out_bandwidth eq '';
|
||||
|
||||
$out_bandwidth = rate_to_kbit( $out_bandwidth );
|
||||
|
||||
my $command = "run_tc qdisc add dev $physical root handle $number: tbf rate $out_bandwidth";
|
||||
|
||||
if ( defined $burst && $burst ne '' ) {
|
||||
fatal_error "Invalid burst ($burst)" unless $burst =~ /^\d+(k|kb|m|mb|mbit|kbit|b)?$/;
|
||||
$command .= " burst $burst";
|
||||
} else {
|
||||
fatal_error "Missing OUT-BANDWIDTH Burst ($out_part)";
|
||||
}
|
||||
|
||||
if ( defined $latency && $latency ne '' ) {
|
||||
fatal_error "Invalid latency ($latency)" unless $latency =~ /^\d+(s|sec|secs|ms|msec|msecs|us|usec|usecs)?$/;
|
||||
$command .= " latency $latency"
|
||||
} else {
|
||||
fatal_error "Missing OUT-BANDWIDTH Latency ($out_part)";
|
||||
}
|
||||
|
||||
if ( defined $peak && $peak ne '' ) {
|
||||
$peak = rate_to_kbit( $peak );
|
||||
$command .= " peakrate $peak";
|
||||
}
|
||||
|
||||
if ( defined $minburst && $minburst ne '' ) {
|
||||
fatal_error "Invalid minburst ($minburst)" unless $minburst =~ /^\d+(k|kb|m|mb|mbit|kbit|b)?$/;
|
||||
$command .= " minburst $minburst";
|
||||
}
|
||||
|
||||
emit $command;
|
||||
|
||||
my $id = $number; $number = in_hexp( $devnum |= 0x100 );
|
||||
|
||||
emit "run_tc qdisc add dev $physical parent $id: handle $number: prio bands 3 priomap $config{TC_PRIOMAP}";
|
||||
} else {
|
||||
emit "run_tc qdisc add dev $physical root handle $number: prio bands 3 priomap $config{TC_PRIOMAP}";
|
||||
}
|
||||
emit "run_tc qdisc add dev $physical root handle $number: prio bands 3 priomap $config{TC_PRIOMAP}";
|
||||
|
||||
for ( my $i = 1; $i <= 3; $i++ ) {
|
||||
emit "run_tc qdisc add dev $physical parent $number:$i handle ${number}${i}: sfq quantum 1875 limit 127 perturb 10";
|
||||
|
||||
@ -1,18 +1,16 @@
|
||||
Changes in Shorewall 4.4.11
|
||||
|
||||
1) Allow rate limiting with Simple Traffic Shaping.
|
||||
1) Apply patch from Gabriel.
|
||||
|
||||
2) Apply patch from Gabriel.
|
||||
2) Fix IPSET match detection when a pathname is specified for IPSET.
|
||||
|
||||
3) Fix IPSET match detection when a pathname is specified for IPSET.
|
||||
3) Fix start priority of shorewall-init on Debian
|
||||
|
||||
4) Fix start priority of shorewall-init on Debian
|
||||
4) Make IPv6 log and connections output readable.
|
||||
|
||||
5) Make IPv6 log and connections output readable.
|
||||
5) Add REQUIRE_INTERFACE to shorewall*.conf
|
||||
|
||||
6) Add REQUIRE_INTERFACE to shorewall*.conf
|
||||
|
||||
7) Avoid run-time warnings when options are not listed in shorewall.conf.
|
||||
6) Avoid run-time warnings when options are not listed in shorewall.conf.
|
||||
|
||||
Changes in Shorewall 4.4.10
|
||||
|
||||
|
||||
@ -258,19 +258,7 @@ None.
|
||||
V. N E W F E A T U R E S I N T H I S R E L E A S E
|
||||
----------------------------------------------------------------------------
|
||||
|
||||
1) Beginning with this release, Simple Traffic Shaping allows rate
|
||||
limiting of outbound traffic using a Token Bucket Filter (man
|
||||
tc-tbf).
|
||||
|
||||
The /etc/shorewall/tcinterfaces file has an additional column
|
||||
(OUT-BANDWIDTH).
|
||||
|
||||
The format of this column is:
|
||||
|
||||
<rate>:<burst>:<latency>[:<peakrate>[:<minburst>]]
|
||||
|
||||
See the tc and tc-tbf manpages for information about these
|
||||
parameters.
|
||||
None.
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
|
||||
Loading…
Reference in New Issue
Block a user