On 5/22/2014 7:35 PM, Lee Brown wrote: > Hi list, > > I recently installed shorewall 4.5.21.9 on Centos6.5 (2.6.32) on metal > and another install of 4.6.0 on Slackware 14.1 (3.10.17) in a KVM under > it. I notice that on both these systems shorewall show filters iterates > the devices but provides no output. I believe the 'tc' tool may have > changed behaviour. > > I can see tc filters being added via 'tc monitor', but a 'tc show > filters dev eth0' produces no output. 'tc show filters dev eth0 root' > provides some output and if you know all the parent id's, 'tc show > filters dev eth0 parent xxx:' gets output. > > From the slack KVM, I've included a tar of the /etc/shorewall directory, > which includes a file called dump.txt which is the output from shorewall > dump, plus a file called console to illustrate the problem. It's very > small. > > I used no filters on my previous systems which were Centos5.9 (2.6.18), > so I've no basis for when this may have been introduced.
It looks to me as though 'tc filter ls' is broken. The manpage only shows 'tc filter show' as a valid command (where 'ls' is a synonym for 'show'). 'tc filter show [ parent ] root' works as you have observed, but 'tc filter show parent 1' does not, even though there are filters defined for qdisc 1. Similarly 'tc filter show parent ffff' doesn't work, even though 'ffff' is equivalent to 'root'. Attached is a hack that improves the output of 'shorewall show filters', but it's only a band-aid. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli
index 1a9f371..d9226d5 100644
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -252,6 +252,7 @@ show_classifiers() {
if [ -n "$qdisc" ]; then
echo Device $device:
+ qt tc -s filter ls root dev $device && tc -s filter ls root dev $device | grep -v '^$'
tc -s filter ls dev $device
echo
fi
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
