> Mike Lander wrote: > > >>> > >>> In the meantime, see if the attached patch corrects your problem. > >>> > >>> patch /usr/share/shorewall-perl/Shorewall/Tc.pm < tcpriority.diff > >>> > >> Also in 4.4, the priority of the fw and the option-generated classifiers > >> are adjusted in a way that is similar to the simple patch I posted. > > > > I think I will try 4.4 and I will let you know. > > Please don't if you are going to put this into production. 4.4 is still > in Beta. > > It would help me if you could test the patch .... > > -Tom
Been to see someone off at seatac. Back now I applied the patch and defintely changed the classifiers. Below is firewall with that sends 14 tos the other firewall below this Device eth1: filter parent 2: protocol ip pref 10 u32 filter parent 2: protocol ip pref 10 u32 fh 800: ht divisor 1 filter parent 2: protocol ip pref 10 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 2:11 (rule hit 349 success 220) match 00140000/00fc0000 at 0 (success 220 ) filter parent 2: protocol ip pref 10 u32 fh 800::801 order 2049 key ht 800 bkt 0 flowid 2:11 (rule hit 129 success 0) match 001c0000/00fc0000 at 0 (success 0 ) filter parent 2: protocol ip pref 10 u32 fh 800::802 order 2050 key ht 800 bkt 0 flowid 2:12 (rule hit 129 success 22) protocol 6 (success 99 ) match 05000000/0f00ffc0 at 0 (success 77 ) match 00100000/00ff0000 at 32 (success 22 ) filter parent 2: protocol ip pref 10 u32 fh 800::803 order 2051 key ht 800 bkt 0 flowid 2:12 (rule hit 107 success 0) match 00100000/00100000 at 0 (success 0 ) filter parent 2: protocol all pref 20 fw filter parent 2: protocol all pref 20 fw handle 0x1 classid 2:11 filter parent 2: protocol all pref 20 fw handle 0x2 classid 2:12 filter parent 2: protocol all pref 20 fw handle 0x3 classid 2:13 filter parent 2: protocol all pref 20 fw handle 0x4 classid 2:14 Device tun0: filter parent 3: protocol ip pref 10 u32 filter parent 3: protocol ip pref 10 u32 fh 800: ht divisor 1 filter parent 3: protocol ip pref 10 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 3:11 (rule hit 175 success 175) match 00140000/00fc0000 at 0 (success 175 ) filter parent 3: protocol ip pref 10 u32 fh 800::801 order 2049 key ht 800 bkt 0 flowid 3:11 (rule hit 0 success 0) match 001c0000/00fc0000 at 0 (success 0 ) filter parent 3: protocol ip pref 10 u32 fh 800::802 order 2050 key ht 800 bkt 0 flowid 3:12 (rule hit 0 success 0) protocol 6 (success 0 ) match 05000000/0f00ffc0 at 0 (success 0 ) match 00100000/00ff0000 at 32 (success 0 ) filter parent 3: protocol ip pref 10 u32 fh 800::803 order 2051 key ht 800 bkt 0 flowid 3:12 (rule hit 0 success 0) match 00100000/00100000 at 0 (success 0 ) filter parent 3: protocol all pref 20 fw filter parent 3: protocol all pref 20 fw handle 0x1 classid 3:11 filter parent 3: protocol all pref 20 fw handle 0x2 classid 3:12 filter parent 3: protocol all pref 20 fw handle 0x3 classid 3:13 filter parent 3: protocol all pref 20 fw handle 0x4 classid 3:14 Mothership firewall 1c tos Device eth1: filter parent 2: protocol ip pref 10 u32 filter parent 2: protocol ip pref 10 u32 fh 800: ht divisor 1 filter parent 2: protocol ip pref 10 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 2:11 (rule hit 1179 success 0) match 00140000/00fc0000 at 0 (success 0 ) filter parent 2: protocol ip pref 10 u32 fh 800::801 order 2049 key ht 800 bkt 0 flowid 2:11 (rule hit 1179 success 205) match 001c0000/00fc0000 at 0 (success 205 ) filter parent 2: protocol ip pref 10 u32 fh 800::802 order 2050 key ht 800 bkt 0 flowid 2:12 (rule hit 974 success 0) match 00060000/00ff0000 at 8 (success 0 ) match 05000000/0f00ffc0 at 0 (success 0 ) match 00100000/00ff0000 at 32 (success 0 ) filter parent 2: protocol ip pref 10 u32 fh 800::803 order 2051 key ht 800 bkt 0 flowid 2:12 (rule hit 974 success 0) match 00100000/00100000 at 0 (success 0 ) filter parent 2: protocol all pref 20 fw filter parent 2: protocol all pref 20 fw handle 0x1 classid 2:11 filter parent 2: protocol all pref 20 fw handle 0x2 classid 2:12 filter parent 2: protocol all pref 20 fw handle 0x3 classid 2:13 filter parent 2: protocol all pref 20 fw handle 0x4 classid 2:14 Device tun2: filter parent 5: protocol ip pref 10 u32 filter parent 5: protocol ip pref 10 u32 fh 800: ht divisor 1 filter parent 5: protocol ip pref 10 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 5:11 (rule hit 158 success 0) match 00140000/00fc0000 at 0 (success 0 ) filter parent 5: protocol ip pref 10 u32 fh 800::801 order 2049 key ht 800 bkt 0 flowid 5:11 (rule hit 158 success 158) match 001c0000/00fc0000 at 0 (success 158 ) filter parent 5: protocol ip pref 10 u32 fh 800::802 order 2050 key ht 800 bkt 0 flowid 5:12 (rule hit 0 success 0) match 00060000/00ff0000 at 8 (success 0 ) match 05000000/0f00ffc0 at 0 (success 0 ) match 00100000/00ff0000 at 32 (success 0 ) filter parent 5: protocol ip pref 10 u32 fh 800::803 order 2051 key ht 800 bkt 0 flowid 5:12 (rule hit 0 success 0) match 00100000/00100000 at 0 (success 0 ) filter parent 5: protocol all pref 20 fw filter parent 5: protocol all pref 20 fw handle 0x1 classid 5:11 filter parent 5: protocol all pref 20 fw handle 0x2 classid 5:12 filter parent 5: protocol all pref 20 fw handle 0x3 classid 5:13 filter parent 5: protocol all pref 20 fw handle 0x4 classid 5:14 Does this look better? Thank you, Mike > -- ------------------------------------------------------------------------------ Are you an open source citizen? Join us for the Open Source Bridge conference! Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250. Need another reason to go? 24-hour hacker lounge. Register today! http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
