forked from extern/shorewall_code
Support for IFB (but don't document it yet)
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8288 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
9f37f6a4ca
commit
b0a5c577f4
@ -65,9 +65,31 @@ Migration Issues.
|
|||||||
5) The value of IMPLICIT_CONTINUE in shorewall.conf (and samples) has
|
5) The value of IMPLICIT_CONTINUE in shorewall.conf (and samples) has
|
||||||
been changed from Yes to No.
|
been changed from Yes to No.
|
||||||
|
|
||||||
Problems corrected in 4.1.6.
|
Problems corrected in Shorewall-perl 4.1.6.
|
||||||
|
|
||||||
None.
|
1) A problem introduced in 4.1.5 would result in the following error
|
||||||
|
message.
|
||||||
|
|
||||||
|
ERROR: Internal error in create_netfilter_load()
|
||||||
|
|
||||||
|
2) Under Shorewall-perl, if an empty action was invoked or was named
|
||||||
|
in one of the DEFAULT_xxx options in shorewall.conf, an
|
||||||
|
iptables-restore error occured.
|
||||||
|
|
||||||
|
3) If $ADMIN was empty, then the rule:
|
||||||
|
|
||||||
|
ACCEPT loc:$ADMIN all
|
||||||
|
|
||||||
|
became
|
||||||
|
|
||||||
|
ACCEPT loc net
|
||||||
|
|
||||||
|
It is now flagged as an error.
|
||||||
|
|
||||||
|
Problems corrected in Shorewall-shell 4.1.6.
|
||||||
|
|
||||||
|
1) Specifying a value for ACCEPT_DEFAULT or QUEUE_DEFAULT resulted in
|
||||||
|
a fatal error at compile time.
|
||||||
|
|
||||||
New Features in 4.1.6.
|
New Features in 4.1.6.
|
||||||
|
|
||||||
|
@ -297,6 +297,7 @@ sub process_tc_rule( $$$$$$$$$$ ) {
|
|||||||
sub rate_to_kbit( $ ) {
|
sub rate_to_kbit( $ ) {
|
||||||
my $rate = $_[0];
|
my $rate = $_[0];
|
||||||
|
|
||||||
|
return 0 if $rate eq '-';
|
||||||
return $1 if $rate =~ /^(\d+)kbit$/i;
|
return $1 if $rate =~ /^(\d+)kbit$/i;
|
||||||
return $1 * 1000 if $rate =~ /^(\d+)mbit$/i;
|
return $1 * 1000 if $rate =~ /^(\d+)mbit$/i;
|
||||||
return $1 * 8000 if $rate =~ /^(\d+)mbps$/i;
|
return $1 * 8000 if $rate =~ /^(\d+)mbps$/i;
|
||||||
@ -337,10 +338,13 @@ sub validate_tc_device( $$$$$ ) {
|
|||||||
|
|
||||||
my @redirected = ();
|
my @redirected = ();
|
||||||
|
|
||||||
@redirected = split_list( $redirected , 'device' ) if defined $redirected && $redirected ne '-';;
|
@redirected = split_list( $redirected , 'device' ) if defined $redirected && $redirected ne '-';
|
||||||
|
|
||||||
for my $rdevice ( @redirected ) {
|
for my $rdevice ( @redirected ) {
|
||||||
fatal_error "Invalid device name ($rdevice)" if $rdevice =~ /[:+]/;
|
fatal_error "Invalid device name ($rdevice)" if $rdevice =~ /[:+]/;
|
||||||
|
my $rdevref = $tcdevices{$rdevice};
|
||||||
|
fatal_error "REDIRECTED device ($rdevice) has not been defined in this file" unless $rdevref;
|
||||||
|
fatal_error "IN-BANDWIDTH must be zero for REDIRECTED devices" if $rdevref->{in_bandwidth} ne '0kbit';
|
||||||
}
|
}
|
||||||
|
|
||||||
$tcdevices{$device} = { in_bandwidth => rate_to_kbit( $inband ) . 'kbit' ,
|
$tcdevices{$device} = { in_bandwidth => rate_to_kbit( $inband ) . 'kbit' ,
|
||||||
@ -482,6 +486,8 @@ sub setup_traffic_shaping() {
|
|||||||
emit ( "run_tc qdisc add dev $device handle ffff: ingress",
|
emit ( "run_tc qdisc add dev $device handle ffff: ingress",
|
||||||
"run_tc filter add dev $device parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${inband}kbit burst 10k drop flowid :1"
|
"run_tc filter add dev $device parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${inband}kbit burst 10k drop flowid :1"
|
||||||
);
|
);
|
||||||
|
} elsif ( @{$devref->{redirected}} ) {
|
||||||
|
emit ( "run_tc qdisc add dev $device handle ffff: ingress" );
|
||||||
}
|
}
|
||||||
|
|
||||||
for my $rdev ( @{$devref->{redirected}} ) {
|
for my $rdev ( @{$devref->{redirected}} ) {
|
||||||
|
Loading…
Reference in New Issue
Block a user