Hi folks,
I've been working on my traffic shaping setup lately and ran into a bit
of a wall when using shorewall6 and TC_ENABLED=Shared with classify mode
(not packet marks). I'm using shorewall 4.4.25.3-1 from Debian Wheezy.
My setup is as follows:
tcdevices:
eth1.1 - 700kbit classify
tcclasses:
eth1.1:110 - 4*full/10 full 10
tcp-ack,tos-minimize-delay
eth1.1:120 - 5*full/10 full 20
default
eth1.1:130 - 1*full/10 full 30
shorewall/tcrules:
1:110 81.187.55.86 - udp
1:110 - 81.187.55.86 udp
1:110 - - icmp
1:110 81.187.55.94 - udp - 27005
1:110 - 81.187.55.94 udp 27005
1:110 - - tcp 53
1:110 - - udp 53
1:110 - - all - - -
- :512
1:130 - - - - - -
- - Minimize-Cost
shorewall6/tcrules:
1:110 - - ipv6-icmp
1:110 - - tcp domain
1:110 - - udp domain
1:110 - - tcp - domain
1:110 - - udp - domain
1:110 - - all - - -
- :512
1:130 - - all - - -
- - Minimize-Cost
Shorewall (IPv4) starts up fine. The problem starts when I try to
check/start shorewall6. When I do this, I get:
ERROR: Unknown Class (1:110)} : /etc/shorewall6/tcrules (line 16)
Am I missing something?
Looking at the code in Perl/Shorewall/Tc.pm, it seems as though the
%classids hash isn't populated if TC_ENABLED=Shared. The attached patch
fixes this for me.
Cheers,
Chris
--
Chris Boot
[email protected]
--- Tc.pm.orig 2011-11-11 15:50:20.000000000 +0000
+++ Tc.pm 2011-12-05 19:26:31.355007782 +0000
@@ -1716,6 +1716,26 @@
pop_indent;
emit "}\n";
+ } else {
+ for my $class ( @tcclasses ) {
+ #
+ # The class number in the tcclasses array is expressed in
decimal.
+ #
+ my ( $d, $decimalclassnum ) = split /:/, $class;
+
+ next unless $d eq $devname;
+ #
+ # For inclusion in 'tc' commands, we also need the hex
representation
+ #
+ my $classnum = in_hexp $decimalclassnum;
+ #
+ # The decimal value of the class number is also used as the key
for the hash at $tcclasses{$device}
+ #
+ my $devicenumber = in_hexp $devref->{number};
+ my $classid = join( ':', $devicenumber, $classnum);
+
+ $classids{$classid}=$device;
+ }
}
}
}
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
