Add TOS field to tcfilters

2009-05-28 16:41:14 -07:00 · 2009-05-28 16:41:14 -07:00 · d33532d6cd
commit d33532d6cd
parent 97fa7a0513
6 changed files with 130 additions and 15 deletions
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@ -139,6 +139,11 @@ our %flow_keys = ( 'src'            => 1,
 		   'sk-gid'         => 1,
 		   'vlan-tag'       => 1 );

+our %tosoptions = ( 'tos-minimize-delay'       => 'tos=0x10/0x10' ,
+		    'tos-maximize-throughput'  => 'tos=0x08/0x08' ,
+		    'tos-maximize-reliability' => 'tos=0x04/0x04' ,
+		    'tos-minimize-cost'        => 'tos=0x02/0x02' ,
+		    'tos-normal-service'       => 'tos=0x00/0x1e' );
 our %classids;

 our @deferred_rules;
@ -589,13 +594,6 @@ sub dev_by_number( $ ) {

 sub validate_tc_class( ) {
    my ( $devclass, $mark, $rate, $ceil, $prio, $options ) = split_line 4, 6, 'tcclasses file';
-
-    my %tosoptions = ( 'tos-minimize-delay'       => 'tos=0x10/0x10' ,
-		       'tos-maximize-throughput'  => 'tos=0x08/0x08' ,
-		       'tos-maximize-reliability' => 'tos=0x04/0x04' ,
-		       'tos-minimize-cost'        => 'tos=0x02/0x02' ,
-		       'tos-normal-service'       => 'tos=0x00/0x1e' );
-
    my $classnumber = 0;
    my $devref;
    my $device = $devclass;
@ -784,7 +782,7 @@ my %validlengths = ( 32 => '0xffe0', 64 => '0xffc0', 128 => '0xff80', 256 => '0x
 # Process a record from the tcfilters file
 #
 sub process_tc_filter( ) {
-    my ( $devclass, $source, $dest , $proto, $portlist , $sportlist, $length ) = split_line 2, 7, 'tcfilters file';
+    my ( $devclass, $source, $dest , $proto, $portlist , $sportlist, $tos, $length ) = split_line 2, 8, 'tcfilters file';
    
    my ($device, $class, $rest ) = split /:/, $devclass, 3;

@ -819,6 +817,23 @@ sub process_tc_filter( ) {
 	$rule .= "\\\n   match ip dst $net/$mask";
    }

+    if ( $tos ne '-' ) {
+	my $tosval = $tosoptions{$tos};
+	my $mask;
+	$tos = $tosval if $tosval;
+
+	if ( $tos =~ /^0x[0-9a-f]{2}$/ ) {
+	    $mask = '0xff';
+	} elsif ( $tos =~ /^(0x[0-9a-f]{2})\/(0x[0-9a-f]{2})$/ ) {
+	    $tos = $1;
+	    $mask = $2;
+	} else {
+	    fatal_error "Invalid TOS ($tos)";
+	}
+
+	$rule .= "\\\n  match ip tos $tos $mask";
+    }
+	
    if ( $length ne '-' ) {
 	my $len = numeric_value( $length ) || 0;
 	my $mask = $validlengths{$len};
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -7,7 +7,7 @@ Changes in Shorewall 4.3.12
 3) Delete support for ipset binding. Jozsef has removed the capability
   from ipset.

-4) Add LENGTH column to tcfilters file.
+4) Add TOS and LENGTH columns to tcfilters file.

 Changes in Shorewall 4.3.11

--- a/Shorewall/configfiles/tcfilters
+++ b/Shorewall/configfiles/tcfilters
@ -5,7 +5,7 @@
 #
 # See http://shorewall.net/traffic_shaping.htm for additional information.
 #
-###############################################################################
-#INTERFACE:	SOURCE		DEST		PROTO	DEST	SOURCE   LENGTH
+##############################################################################################
+#INTERFACE:	SOURCE		DEST		PROTO	DEST	SOURCE   TOS		LENGTH
 #CLASS							PORT(S)	PORT(S)
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -156,10 +156,24 @@ None.
 2)  Support for ipset bindings has been removed. Jozsef Kadlecsik has
    already removed such support from ipset itself.

-3)  A LENGTH field has been added to the tcfilters file. The value must
-    be a numeric power of two between 32 and 8192 inclusive. Packets
-    with a total length that is strictly less that the specified value
-    will match the rule. 
+3)  Optional TOS and LENGTH fields have been added to the tcfilters
+    file.
+
+    The TOS field may contain any of the following:
+
+    	tos-minimize-delay
+	tos-maximuze-throughput
+	tos-maximize-reliability
+	tos-minimize-cost
+	tos-normal-service
+	Hex-number
+	Hex-number/Hex-number
+
+    The hex numbers must have exactly two digits.
+
+    The LENGTH value must be a numeric power of two between 32 and 8192
+    inclusive. Packets with a total length that is strictly less that
+    the specified value will match the rule. 

 ----------------------------------------------------------------------------
                 N E W   F E A T U R E S   IN   4 . 3
--- a/docs/traffic_shaping.xml
+++ b/docs/traffic_shaping.xml
@ -1663,6 +1663,48 @@ eth0              192.168.1.0/24   206.124.146.179</programlisting></para>
          </listitem>
        </varlistentry>

+        <varlistentry>
+          <term>TOS</term>
+
+          <listitem>
+            <para>Specifies the value of the TOS field. The value can be any
+            of the following:</para>
+
+            <itemizedlist>
+              <listitem>
+                <para><option>tos-minimize-delay</option></para>
+              </listitem>
+
+              <listitem>
+                <para><option>tos-maximuze-throughput</option></para>
+              </listitem>
+
+              <listitem>
+                <para><option>tos-maximize-reliability</option></para>
+              </listitem>
+
+              <listitem>
+                <para><option>tos-minimize-cost</option></para>
+              </listitem>
+
+              <listitem>
+                <para><option>tos-normal-service</option></para>
+              </listitem>
+
+              <listitem>
+                <para><replaceable>hex-number</replaceable></para>
+              </listitem>
+
+              <listitem>
+                <para><replaceable>hex-number</replaceable>/<replaceable>hex-number</replaceable></para>
+              </listitem>
+            </itemizedlist>
+
+            <para>The <replaceable>hex-number</replaceable>s must be exactly
+            two digits (e.g., 0x04).</para>
+          </listitem>
+        </varlistentry>
+
        <varlistentry>
          <term>LENGTH</term>

--- a/manpages/shorewall-tcfilters.xml
+++ b/manpages/shorewall-tcfilters.xml
@ -108,6 +108,50 @@
        </listitem>
      </varlistentry>

+      <varlistentry>
+        <term><emphasis role="bold">TOS</emphasis> (Optional) - [<emphasis
+        role="bold">-</emphasis>|<emphasis>tos</emphasis>]</term>
+
+        <listitem>
+          <para>Specifies the value of the TOS field. The
+          <replaceable>tos</replaceable> value can be any of the
+          following:</para>
+
+          <itemizedlist>
+            <listitem>
+              <para><option>tos-minimize-delay</option></para>
+            </listitem>
+
+            <listitem>
+              <para><option>tos-maximuze-throughput</option></para>
+            </listitem>
+
+            <listitem>
+              <para><option>tos-maximize-reliability</option></para>
+            </listitem>
+
+            <listitem>
+              <para><option>tos-minimize-cost</option></para>
+            </listitem>
+
+            <listitem>
+              <para><option>tos-normal-service</option></para>
+            </listitem>
+
+            <listitem>
+              <para><replaceable>hex-number</replaceable></para>
+            </listitem>
+
+            <listitem>
+              <para><replaceable>hex-number</replaceable>/<replaceable>hex-number</replaceable></para>
+            </listitem>
+          </itemizedlist>
+
+          <para>The <replaceable>hex-number</replaceable>s must be exactly two
+          digits (e.g., 0x04)x.</para>
+        </listitem>
+      </varlistentry>
+
      <varlistentry>
        <term><emphasis role="bold">LENGTH</emphasis> (Optional) - [<emphasis
        role="bold">-</emphasis>|<emphasis>number</emphasis>]</term>