[Shorewall-users] tcclasses warning when using occurs option

Sun, 23 Oct 2016 07:08:21 -0700 

Hi all

I am experimenting with traffic shaping. I use 5.0.13.1 on CentOS 7 with
added xtables-addons. I have BASIC_FILTERS=Yes . Currently I am trying
trying per-ip traffic shaping. I understand that this should not be the most
wise thing to do, but being that today it seems that most
bandwidth-consuming applications go on ports 80 and 443 (at least in the
networks I administer) it is otherwise difficult to distinguish say, Windows
updates from regular www traffic.

I have the follow in tcdevices:

#NUMBER:        IN-BANDWITH     OUT-BANDWIDTH   OPTIONS         REDIRECTED
#INTERFACE                                                      INTERFACES
1:eth0                10mbit                  10mbit

And the following in tcclasses:
##INTERFACE:CLASS       MARK    RATE:           CEIL    PRIORITY
OPTIONS
##                              DMAX:UMAX
1:101                   -       full/256        full            1
occurs=255
1:240                   240     full/4          full            2
default
1:250                   250     full/8          full*8/10       5

When I start shorewall, I get the following warning:
Compiling /etc/shorewallConWinUpdEIPDiv/tcclasses...
Use of uninitialized value in numeric eq (==) at
/usr/share/perl5/vendor_perl/Shorewall/Tc.pm line 830, <$currentfile> line
11.
   Priority of the eth1 packet mark 240 filter is 532
   Priority of the eth1 packet mark 250 filter is 1300

It seems not that much of a hassle, in fact rules compilation continues. But
I fixed it with:

--- Tc.pm.orig  2016-10-23 07:41:55.000000000 +0200
+++ Tc.pm       2016-10-23 15:46:38.282562876 +0200
@@ -827,7 +827,7 @@
                fatal_error "Invalid 'occurs' ($val)"
unless defined $occurs && $occurs > 1 && $occurs <= 256;
                fatal_error "Invalid 'occurs' ($val)"
if $occurs > $globals{TC_MAX};
                fatal_error q(Duplicate 'occurs')
if $tcref->{occurs} > 1;
-               fatal_error q(The 'occurs' option is not valid with
'default')      if $devref->{default} == $classnumber;
+               fatal_error q(The 'occurs' option is not valid with
'default')      if defined($devref->{default}) && $devref->{default} ==
$classnumber;
                fatal_error q(The 'occurs' option is not valid with 'tos')
if @{$tcref->{tos}};
                warning_message "MARK ($mark) is ignored on an occurring
class"     if $mark ne '-';

I wander if this can be the right solution, or if other checks should be
performed to prevent the default class to overlap with "occurs" classes.

Thank you for your attention.
Luigi


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to