On 06/05/2016 02:19 PM, Felix Eckhofer wrote: > Hey. > > We are currently experimenting with TC_ENABLED=Simple and it seems that > when we add more than 9 interfaces to tcinterfaces, shorewall fails to > start. > It does not matter in which order the interfaces are listed or if they > are "external" or "internal" (only the first two fields are set), I > always get (from "shorewall trace start"): > > + setup_br166_tc > + interface_is_up br166 > + ip -4 link list dev br166 > + grep -e [<,]UP[,>] > + [ -n 43: br166: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc > noqueue state UP mode DEFAULT group default ] > + qt tc qdisc del dev br166 root > + tc qdisc del dev br166 root > + qt tc qdisc del dev br166 ingress > + tc qdisc del dev br166 ingress > + run_tc qdisc add dev br166 root handle a: prio bands 3 priomap 1 2 > 2 2 1 2 0 0 1 1 1 1 1 1 1 1 > + tc qdisc add dev br166 root handle a: prio bands 3 priomap 1 2 2 2 > 1 2 0 0 1 1 1 1 1 1 1 1 > + run_tc qdisc add dev br166 parent a:1 handle a1: sfq quantum 1875 > limit 127 perturb 10 > + tc qdisc add dev br166 parent a:1 handle a1: sfq quantum 1875 > limit 127 perturb 10 > + run_tc filter add dev br166 protocol all prio 17 parent a: handle > 1 fw classid a:1 > + tc filter add dev br166 protocol all prio 17 parent a: handle 1 fw > classid a:1 > + run_tc filter add dev br166 protocol all prio 1 parent a1: handle > a1 flow hash keys dst divisor 1024 > + tc filter add dev br166 protocol all prio 1 parent a1: handle a1 > flow hash keys dst divisor 1024 > Illegal "handle" > + error_message ERROR: Command "tc filter add dev br166 protocol all > prio 1 parent a1: handle a1 flow hash keys dst divisor 1024" Failed > + echo ERROR: Command "tc filter add dev br166 protocol all prio > 1 parent a1: handle a1 flow hash keys dst divisor 1024" Failed > ERROR: Command "tc filter add dev br166 protocol all prio 1 > parent a1: handle a1 flow hash keys dst divisor 1024" Failed > > This is running shorewall 4.6.4.3-2 from Debian jessie. > >
Please try the attached patch -- it will apply with a considerable offset.
patch /usr/share/shorewall/Shorewall/tc.pm < FLOW_HANDLE.patch
Thanks,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index c3f4969..5c0e857 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -350,9 +350,10 @@ sub process_simple_device() {
for ( my $i = 1; $i <= 3; $i++ ) {
my $prio = 16 | $i;
+ my $j = $i + 3;
emit "run_tc qdisc add dev $physical parent $number:$i handle ${number}${i}: sfq quantum 1875 limit 127 perturb 10";
emit "run_tc filter add dev $physical protocol all prio $prio parent $number: handle $i fw classid $number:$i";
- emit "run_tc filter add dev $physical protocol all prio 1 parent ${number}$i: handle ${number}${i} flow hash keys $type divisor 1024" if $type ne '-' && have_capability 'FLOW_FILTER';
+ emit "run_tc filter add dev $physical protocol all prio 1 parent ${number}$i: handle $j flow hash keys $type divisor 1024" if $type ne '-' && have_capability 'FLOW_FILTER';
emit '';
}
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
