On Mon, Jun 22, 2009 at 12:31:57PM -0700, Tom Eastep wrote: > Tom Eastep wrote: > > Lennart Sorensen wrote: > > > >> After all tcclasses already supports arbitrary tos byte values, while > >> tcrules only supports the 5 fixed tos values. > > > > That is completely untrue. The TOS column can contain a > > <numeric-value>[/<mask>] just as the tcclasses file can. The optional > > <mask> is currently undocumentated, unfortunately. > > > >> Adding a new column to > >> the end of tcrules for dscp target matching should be fully backwards > >> compatible with existing configs (even though having it next to TOS > >> would have been nice, but not worth it). > >> > >> dscp can either be the numerical value (0-32 I believe), or a diffserv > >> name (CS0-CS7, BE, AF[1-4][1-3], EF). > >> > >> Does this look acceptable? Adding a mangle target for dscp is going to > >> be a bit more work of course. > >> > >> I did NOT test this patch. I have a variant against 4.0.15 which I > >> tested and it nicely creates rules in iptables. It is almost the same > >> though just varying due to the differences between 4.0 and the git tree. > > > > The problem with patches like this that only worry about the code is > > that they are incomplete. > > > > - The patch doesn't update Shorewall/configfiles/tcrules > > - The patch doesn't update manpages/shorewall-tcrules.xml > > - The patch doesn't update manpages6/shorewall6-tcrules.xml > > - The patch doesn't update docs/traffic_shaping.xml > > > > So when I get a patch like this, I'm not very enthusiastic to merge it > > right into my tree. Especially this one which largely duplicates a > > function that is already available (given that the DSCP field is a > > sub-field of the TOS byte). > > I've taken a look at this and it appears to me that specifying both DSCP > and TOS in a single rule is pointless. So I've put together a change the > lets a single TOS column handle both. It will be included in Beta 3.
Well that sounds like a nice way to do it. I agree specifying both is actually rather stupid. I still can't figure out why iptables accepts hex values for --tos when it seems to object to anything other than the standard 5 values). Maybe I have too old an iptables or 2.6.26 is too old a kernel. -- Len Sorensen ------------------------------------------------------------------------------ Are you an open source citizen? Join us for the Open Source Bridge conference! Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250. Need another reason to go? 24-hour hacker lounge. Register today! http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
