diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index 5a16818ec..7ba27e85b 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -833,8 +833,9 @@ sub process_simple_device() {
}
for ( my $i = 1; $i <= 3; $i++ ) {
+ my $prio = 16 + $i;
emit "run_tc qdisc add dev $physical parent $number:$i handle ${number}${i}: sfq quantum 1875 limit 127 perturb 10";
- emit "run_tc filter add dev $physical protocol all prio 2 parent $number: handle $i fw classid $number:$i";
+ emit "run_tc filter add dev $physical protocol all prio $prio parent $number: handle $i fw classid $number:$i";
emit "run_tc filter add dev $physical protocol all prio 1 parent ${number}$i: handle ${number}${i} flow hash keys $type divisor 1024" if $type ne '-' && have_capability 'FLOW_FILTER';
emit '';
}
@@ -1367,7 +1368,7 @@ sub process_tc_filter() {
if ( $priority ne '-' ) {
$prio = numeric_value $priority;
- fatal_error "Invalid priority ($priority)" unless defined $prio && $prio >= 12;
+ fatal_error "Invalid priority ($priority)" unless defined $prio && $prio > 0;
}
my $devref;
@@ -1963,14 +1964,14 @@ sub process_traffic_shaping() {
# add filters
#
unless ( $mark eq '-' ) {
- emit "run_tc filter add dev $device protocol all parent $devicenumber:0 prio " . ( $priority | 20 ) . " handle $mark fw classid $classid" if $tcref->{occurs} == 1;
+ emit "run_tc filter add dev $device protocol all parent $devicenumber:0 prio " . ( $priority | 0x20 ) . " handle $mark fw classid $classid" if $tcref->{occurs} == 1;
}
emit "run_tc filter add dev $device protocol all prio 1 parent $sfqinhex: handle $classnum flow hash keys $tcref->{flow} divisor 1024" if $tcref->{flow};
#
# options
#
- emit( "run_tc filter add dev $device parent $devicenumber:0 protocol ip prio " . ( $priority | 10 ) . ' u32' .
+ emit( "run_tc filter add dev $device parent $devicenumber:0 protocol ip prio " . ( $priority | 0x10 ) . ' u32' .
"\\\n match ip protocol 6 0xff" .
"\\\n match u8 0x05 0x0f at 0" .
"\\\n match u16 0x0000 0xffc0 at 2" .
@@ -1978,7 +1979,7 @@ sub process_traffic_shaping() {
for my $tospair ( @{$tcref->{tos}} ) {
my ( $tos, $mask ) = split q(/), $tospair;
- emit "run_tc filter add dev $device parent $devicenumber:0 protocol ip prio " . ( $priority | 10 ) . " u32 match ip tos $tos $mask flowid $classid";
+ emit "run_tc filter add dev $device parent $devicenumber:0 protocol ip prio " . ( $priority | 0x10 ) . " u32 match ip tos $tos $mask flowid $classid";
}
save_progress_message_short qq(" TC Class $classid defined.");
diff --git a/Shorewall/manpages/shorewall-tcfilters.xml b/Shorewall/manpages/shorewall-tcfilters.xml
index 55c9671e1..3e17c8ae2 100644
--- a/Shorewall/manpages/shorewall-tcfilters.xml
+++ b/Shorewall/manpages/shorewall-tcfilters.xml
@@ -192,12 +192,40 @@
PRIORITY - [-|number]
+ role="bold">-|priority]
- Added in Shorewall 4.5.8. Specifies the rule priority. If not
- given, priority 10 is assumed. The priority value must be >=
- 12.
+ Added in Shorewall 4.5.8. Specifies the rule
+ priority. If not given,
+ priority 10 is assumed. The
+ priority value must be > 0.
+
+ The priority values used by other Shorewall-generated filters
+ are as follows:
+
+
+
+ Classify by packet mark - class
+ priority LOR 32.
+
+
+
+ Ingress policing - 10
+
+
+
+ Simple TC ACK packets - 1
+
+
+
+ Complex TC ACK packets - class
+ priority LOR 16.
+
+
+
+ Class with 'occurs' - 65535
+
+
diff --git a/Shorewall6/manpages/shorewall6-tcfilters.xml b/Shorewall6/manpages/shorewall6-tcfilters.xml
index 4d3977343..f84c61095 100644
--- a/Shorewall6/manpages/shorewall6-tcfilters.xml
+++ b/Shorewall6/manpages/shorewall6-tcfilters.xml
@@ -192,8 +192,35 @@
Added in Shorewall 4.5.8. Specifies the rule priority. If not
- given, priority 11 is assumed. The priority value must be >=
- 12.
+ given, priority 11 is assumed. The priority value must be >
+ 0.
+
+ The priority values used by other Shorewall-generated filters
+ are as follows:
+
+
+
+ Classify by packet mark - class
+ priority LOR 32.
+
+
+
+ Ingress policing - 10
+
+
+
+ Simple TC ACK packets - 1
+
+
+
+ Complex TC ACK packets - class
+ priority LOR 16.
+
+
+
+ Class with 'occurs' - 65535
+
+
@@ -246,6 +273,6 @@
http://shorewall.net/PacketMarking.html
-
+