Re: [Shorewall-users] traffic shaping peculiarities (replacement patch)

[Tom Eastep]

On 5/8/11 3:13 PM, Tom Eastep wrote:
> On 5/8/11 2:36 PM, Tom Eastep wrote:
>> On 5/7/11 9:59 AM, Mr Dash Four wrote:
>>
>>>> In *all* Shorewall configuration files, an interface name in the SOURCE
>>>> column specifies the interface on which the traffic *enters* the
>>>> firewall (-i option in iptables).
>>>>   
>>> My point is that if a class is defined for a particular interface (as is
>>> "a:11" in my case for eth0) this will ever produce only one match and
>>> that is when this interface is involved, isn't that so?
>>
>> No -- it will match traffic going to 10.1.1.1 out of *any* inteface. It
>> will only be useful if the traffic is going out of eth0. Attached is a
>> patch that interprets this rule:
> 
> Please do not apply this patch. I'm working on a replacement

Here's the correct patch.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________

commit 4736956f1365d7ec7f9b3f007bbc476e9a390d79
Author: Tom Eastep <teas...@shorewall.net>
Date:   Sun May 8 15:46:49 2011 -0700

    Correct earlier patch

diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index 528c894..f9d22e1 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -258,6 +258,12 @@ sub process_tc_rule( ) {
                $originalmark = join( ':', normalize_hex( $mark ), 
normalize_hex( $designator ) );
                fatal_error "Unknown Class ($originalmark)}" unless ( $device = 
$classids{$originalmark} );
                fatal_error "IFB Classes may not be specified in tcrules" if 
@{$tcdevices{$device}{redirected}};
+
+               if ( $dest eq '-' ) {
+                   $dest = $device;
+               } else {
+                   $dest = join( ':', $device, $dest ) unless $dest =~ 
/^[[:alpha:]]/;
+               }
            }
 
            $chain   = 'tcpost';

signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users