diff --git a/Shorewall-common/changelog.txt b/Shorewall-common/changelog.txt index bbc03405e..168bbe395 100644 --- a/Shorewall-common/changelog.txt +++ b/Shorewall-common/changelog.txt @@ -12,6 +12,8 @@ Changes in 4.1.7 6) Add MANGLE_ENABLED option. +7) Fix priority mingling in tc filters. + Changes in 4.1.6 1) Deprecate IMPLICIT_CONTINUE=Yes diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt index 69eb7e1f1..716d584f9 100644 --- a/Shorewall-common/releasenotes.txt +++ b/Shorewall-common/releasenotes.txt @@ -79,6 +79,16 @@ Problems corrected in Shorewall-perl 4.1.7. 2) Trailing columns containing '-' would outwit Shorewall-perl's detection of 'too few columns' errors. +3) 'shorewall start' could fail with an error similar to the following: + + RTNETLINK answers: Invalid argument + We have an error talking to the kernel + ERROR: Command "tc filter add dev bond0.207 parent 1:0 protocol ip + pref 10 u32 match ip protocol 6 0xff match u8 0x05 0x0f at 0 match u16 + 0x0000 0xffc0 at 2 match u8 0x10 0xff at 33 flowid 1:11" Failed + /sbin/shorewall: line 723: 755 Terminated + $SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart + New Features in 4.1.7. 1) If an interface fails when using balanced multi-ISP routing, the diff --git a/Shorewall-perl/Shorewall/Tc.pm b/Shorewall-perl/Shorewall/Tc.pm index 6954f561a..72e8027a5 100644 --- a/Shorewall-perl/Shorewall/Tc.pm +++ b/Shorewall-perl/Shorewall/Tc.pm @@ -787,11 +787,11 @@ sub setup_traffic_shaping() { # # add filters # - emit "run_tc filter add dev $device protocol ip parent $devicenumber:0 pref 10 handle $mark fw classid $classid" unless $devref->{classify}; + emit "run_tc filter add dev $device protocol ip parent $devicenumber:0 prio 1 handle $mark fw classid $classid" unless $devref->{classify}; # #options # - emit "run_tc filter add dev $device parent $devref->{number}:0 protocol ip pref 10 u32 match ip protocol 6 0xff match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 2 match u8 0x10 0xff at 33 flowid $classid" if $tcref->{tcp_ack}; + emit "run_tc filter add dev $device parent $devref->{number}:0 protocol ip prio 10 u32 match ip protocol 6 0xff match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 2 match u8 0x10 0xff at 33 flowid $classid" if $tcref->{tcp_ack}; for my $tospair ( @{$tcref->{tos}} ) { my ( $tos, $mask ) = split q(/), $tospair;