Support for IFB (but don't document it yet)

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8288 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2008-03-13 23:27:29 +00:00 · 2008-03-13 23:27:29 +00:00 · b0a5c577f4
commit b0a5c577f4
parent 9f37f6a4ca
2 changed files with 31 additions and 3 deletions
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@ -65,9 +65,31 @@ Migration Issues.
 5)  The value of IMPLICIT_CONTINUE in shorewall.conf (and samples) has
    been changed from Yes to No.

-Problems corrected in 4.1.6.
+Problems corrected in Shorewall-perl 4.1.6.

-None.
+1)  A problem introduced in 4.1.5 would result in the following error
+    message.
+
+	ERROR: Internal error in create_netfilter_load()	
+
+2)  Under Shorewall-perl, if an empty action was invoked or was named
+    in one of the DEFAULT_xxx options in shorewall.conf, an
+    iptables-restore error occured.
+
+3)  If $ADMIN was empty, then the rule:
+
+       ACCEPT loc:$ADMIN all
+
+    became
+
+       ACCEPT loc   net
+
+    It is now flagged as an error.
+
+Problems corrected in Shorewall-shell 4.1.6.
+
+1)  Specifying a value for ACCEPT_DEFAULT or QUEUE_DEFAULT resulted in
+    a fatal error at compile time. 

 New Features in 4.1.6.

--- a/Shorewall-perl/Shorewall/Tc.pm
+++ b/Shorewall-perl/Shorewall/Tc.pm
@ -297,6 +297,7 @@ sub process_tc_rule( $$$$$$$$$$ ) {
 sub rate_to_kbit( $ ) {
    my $rate = $_[0];

+    return 0           if $rate eq '-';
    return $1          if $rate =~ /^(\d+)kbit$/i;
    return $1 * 1000   if $rate =~ /^(\d+)mbit$/i;
    return $1 * 8000   if $rate =~ /^(\d+)mbps$/i;
@ -337,10 +338,13 @@ sub validate_tc_device( $$$$$ ) {

    my @redirected = ();

-    @redirected = split_list( $redirected , 'device' ) if defined $redirected && $redirected ne '-';;
+    @redirected = split_list( $redirected , 'device' ) if defined $redirected && $redirected ne '-';

    for my $rdevice ( @redirected ) {
 	fatal_error "Invalid device name ($rdevice)" if $rdevice =~ /[:+]/;
+	my $rdevref = $tcdevices{$rdevice};
+	fatal_error "REDIRECTED device ($rdevice) has not been defined in this file" unless $rdevref;
+	fatal_error "IN-BANDWIDTH must be zero for REDIRECTED devices" if $rdevref->{in_bandwidth} ne '0kbit';
    }

    $tcdevices{$device} = { in_bandwidth  => rate_to_kbit( $inband ) . 'kbit' ,
@ -482,6 +486,8 @@ sub setup_traffic_shaping() {
 	    emit ( "run_tc qdisc add dev $device handle ffff: ingress",
 		   "run_tc filter add dev $device parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${inband}kbit burst 10k drop flowid :1"
 		   );
+	} elsif ( @{$devref->{redirected}} ) {
+	    emit ( "run_tc qdisc add dev $device handle ffff: ingress" );
 	}

 	for my $rdev ( @{$devref->{redirected}} ) {