holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Add TOS field to tcfilters

Browse Source
This commit is contained in:
Tom Eastep 2009-05-28 16:41:14 -07:00
parent 97fa7a0513
commit d33532d6cd
6 changed files with 130 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
Shorewall/Perl/Shorewall/Tc.pm
View File

@ -139,6 +139,11 @@ our %flow_keys = ( 'src' => 1,
'sk-gid' => 1, 'sk-gid' => 1,
'vlan-tag' => 1 ); 'vlan-tag' => 1 );
our %tosoptions = ( 'tos-minimize-delay' => 'tos=0x10/0x10' ,
'tos-maximize-throughput' => 'tos=0x08/0x08' ,
'tos-maximize-reliability' => 'tos=0x04/0x04' ,
'tos-minimize-cost' => 'tos=0x02/0x02' ,
'tos-normal-service' => 'tos=0x00/0x1e' );
our %classids; our %classids;
our @deferred_rules; our @deferred_rules;
@ -589,13 +594,6 @@ sub dev_by_number( $ ) {
sub validate_tc_class( ) { sub validate_tc_class( ) {
my ( $devclass, $mark, $rate, $ceil, $prio, $options ) = split_line 4, 6, 'tcclasses file'; my ( $devclass, $mark, $rate, $ceil, $prio, $options ) = split_line 4, 6, 'tcclasses file';
my %tosoptions = ( 'tos-minimize-delay' => 'tos=0x10/0x10' ,
'tos-maximize-throughput' => 'tos=0x08/0x08' ,
'tos-maximize-reliability' => 'tos=0x04/0x04' ,
'tos-minimize-cost' => 'tos=0x02/0x02' ,
'tos-normal-service' => 'tos=0x00/0x1e' );
my $classnumber = 0; my $classnumber = 0;
my $devref; my $devref;
my $device = $devclass; my $device = $devclass;
@ -784,7 +782,7 @@ my %validlengths = ( 32 => '0xffe0', 64 => '0xffc0', 128 => '0xff80', 256 => '0x
# Process a record from the tcfilters file # Process a record from the tcfilters file
# #
sub process_tc_filter( ) { sub process_tc_filter( ) {
my ( $devclass, $source, $dest , $proto, $portlist , $sportlist, $length ) = split_line 2, 7, 'tcfilters file'; my ( $devclass, $source, $dest , $proto, $portlist , $sportlist, $tos, $length ) = split_line 2, 8, 'tcfilters file';
my ($device, $class, $rest ) = split /:/, $devclass, 3; my ($device, $class, $rest ) = split /:/, $devclass, 3;
@ -819,6 +817,23 @@ sub process_tc_filter( ) {
$rule .= "\\\n match ip dst $net/$mask"; $rule .= "\\\n match ip dst $net/$mask";
} }
if ( $tos ne '-' ) {
my $tosval = $tosoptions{$tos};
my $mask;
$tos = $tosval if $tosval;
if ( $tos =~ /^0x[0-9a-f]{2}$/ ) {
$mask = '0xff';
} elsif ( $tos =~ /^(0x[0-9a-f]{2})\/(0x[0-9a-f]{2})$/ ) {
$tos = $1;
$mask = $2;
} else {
fatal_error "Invalid TOS ($tos)";
}
$rule .= "\\\n match ip tos $tos $mask";
}
if ( $length ne '-' ) { if ( $length ne '-' ) {
my $len = numeric_value( $length ) || 0; my $len = numeric_value( $length ) || 0;
my $mask = $validlengths{$len}; my $mask = $validlengths{$len};

2
Shorewall/changelog.txt
View File

@ -7,7 +7,7 @@ Changes in Shorewall 4.3.12
3) Delete support for ipset binding. Jozsef has removed the capability 3) Delete support for ipset binding. Jozsef has removed the capability
from ipset. from ipset.
4) Add LENGTH column to tcfilters file. 4) Add TOS and LENGTH columns to tcfilters file.
Changes in Shorewall 4.3.11 Changes in Shorewall 4.3.11

4
Shorewall/configfiles/tcfilters
View File

@ -5,7 +5,7 @@
# #
# See http://shorewall.net/traffic_shaping.htm for additional information. # See http://shorewall.net/traffic_shaping.htm for additional information.
# #
############################################################################### ##############################################################################################
#INTERFACE: SOURCE DEST PROTO DEST SOURCE LENGTH #INTERFACE: SOURCE DEST PROTO DEST SOURCE TOS LENGTH
#CLASS PORT(S) PORT(S) #CLASS PORT(S) PORT(S)
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

22
Shorewall/releasenotes.txt
View File

@ -156,10 +156,24 @@ None.
2) Support for ipset bindings has been removed. Jozsef Kadlecsik has 2) Support for ipset bindings has been removed. Jozsef Kadlecsik has
already removed such support from ipset itself. already removed such support from ipset itself.
3) A LENGTH field has been added to the tcfilters file. The value must 3) Optional TOS and LENGTH fields have been added to the tcfilters
be a numeric power of two between 32 and 8192 inclusive. Packets file.
with a total length that is strictly less that the specified value
will match the rule. The TOS field may contain any of the following:
tos-minimize-delay
tos-maximuze-throughput
tos-maximize-reliability
tos-minimize-cost
tos-normal-service
Hex-number
Hex-number/Hex-number
The hex numbers must have exactly two digits.
The LENGTH value must be a numeric power of two between 32 and 8192
inclusive. Packets with a total length that is strictly less that
the specified value will match the rule.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
N E W F E A T U R E S IN 4 . 3 N E W F E A T U R E S IN 4 . 3

42
docs/traffic_shaping.xml
View File

@ -1663,6 +1663,48 @@ eth0 192.168.1.0/24 206.124.146.179</programlisting></para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>TOS</term>
<listitem>
<para>Specifies the value of the TOS field. The value can be any
of the following:</para>
<itemizedlist>
<listitem>
<para><option>tos-minimize-delay</option></para>
</listitem>
<listitem>
<para><option>tos-maximuze-throughput</option></para>
</listitem>
<listitem>
<para><option>tos-maximize-reliability</option></para>
</listitem>
<listitem>
<para><option>tos-minimize-cost</option></para>
</listitem>
<listitem>
<para><option>tos-normal-service</option></para>
</listitem>
<listitem>
<para><replaceable>hex-number</replaceable></para>
</listitem>
<listitem>
<para><replaceable>hex-number</replaceable>/<replaceable>hex-number</replaceable></para>
</listitem>
</itemizedlist>
<para>The <replaceable>hex-number</replaceable>s must be exactly
two digits (e.g., 0x04).</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term>LENGTH</term> <term>LENGTH</term>

44
manpages/shorewall-tcfilters.xml
View File

@ -108,6 +108,50 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><emphasis role="bold">TOS</emphasis> (Optional) - [<emphasis
role="bold">-</emphasis>|<emphasis>tos</emphasis>]</term>
<listitem>
<para>Specifies the value of the TOS field. The
<replaceable>tos</replaceable> value can be any of the
following:</para>
<itemizedlist>
<listitem>
<para><option>tos-minimize-delay</option></para>
</listitem>
<listitem>
<para><option>tos-maximuze-throughput</option></para>
</listitem>
<listitem>
<para><option>tos-maximize-reliability</option></para>
</listitem>
<listitem>
<para><option>tos-minimize-cost</option></para>
</listitem>
<listitem>
<para><option>tos-normal-service</option></para>
</listitem>
<listitem>
<para><replaceable>hex-number</replaceable></para>
</listitem>
<listitem>
<para><replaceable>hex-number</replaceable>/<replaceable>hex-number</replaceable></para>
</listitem>
</itemizedlist>
<para>The <replaceable>hex-number</replaceable>s must be exactly two
digits (e.g., 0x04)x.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">LENGTH</emphasis> (Optional) - [<emphasis <term><emphasis role="bold">LENGTH</emphasis> (Optional) - [<emphasis
role="bold">-</emphasis>|<emphasis>number</emphasis>]</term> role="bold">-</emphasis>|<emphasis>number</emphasis>]</term>