Re: [Shorewall-users] Adding download control for internal interface - qdisk errors out
Tom Eastep wrote:
Nigel Aves wrote:
Thanks Tom, no hurry .
I've been able to reproduce the problem here.
Here's a patch:
patch /usr/share/shorewall/Shorewall/Tc.pm sfqclassnum.diff
Please let me know if it works for you.
-Tom
--
Tom Eastep\ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \
diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index bf052c2..bcf9ffe 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -1334,7 +1334,11 @@ sub setup_traffic_shaping() {
}
}
- emit( run_tc qdisc add dev $device parent $classid handle ${classnum}: sfq quantum \$quantum limit $tcref-{limit} perturb 10 ) if $tcref-{leaf} ! $tcref-{pfifo};
+ my $sfq = in_hex4( ( $devref-{number} 8 ) | $classnum );
+
+ if ( $tcref-{leaf} ! $tcref-{pfifo} ) {
+ emit( run_tc qdisc add dev $device parent $classid handle $sfq: sfq quantum \$quantum limit $tcref-{limit} perturb 10 );
+ }
#
# add filters
#
@@ -1344,7 +1348,7 @@ sub setup_traffic_shaping() {
}
}
- emit run_tc filter add dev $device protocol all prio 1 parent $classnum: handle $classnum flow hash keys $tcref-{flow} divisor 1024 if $tcref-{flow};
+ emit run_tc filter add dev $device protocol all prio 1 parent $sfq: handle $classnum flow hash keys $tcref-{flow} divisor 1024 if $tcref-{flow};
#
# options
#
signature.asc
Description: OpenPGP digital signature
--
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] Adding download control for internal interface - qdisk errors out
Tom, Patch worked perfectly ... Thank you. Nigel. -Original Message- From: Tom Eastep [mailto:teas...@shorewall.net] Sent: Wednesday, February 17, 2010 07:37 To: Shorewall Users Subject: Re: [Shorewall-users] Adding download control for internal interface - qdisk errors out Tom Eastep wrote: Nigel Aves wrote: Thanks Tom, no hurry . I've been able to reproduce the problem here. Here's a patch: patch /usr/share/shorewall/Shorewall/Tc.pm sfqclassnum.diff Please let me know if it works for you. -Tom -- Tom Eastep\ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \ -- Download Intelreg; Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] Adding download control for internal interface - qdisk errors out
Nigel Aves wrote: Please find enclosed a zip of the dump file I'll try to get to this in the next several days. Thanks, -Tom -- Tom Eastep\ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \ -- SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev ___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] Adding download control for internal interface - qdisk errors out
Thanks Tom, no hurry . -Original Message- From: Tom Eastep [mailto:teas...@shorewall.net] Sent: Tuesday, February 16, 2010 18:19 To: Shorewall Users Subject: Re: [Shorewall-users] Adding download control for internal interface - qdisk errors out Nigel Aves wrote: Please find enclosed a zip of the dump file I'll try to get to this in the next several days. Thanks, -Tom -- Tom Eastep\ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \ -- SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev ___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users -- SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev ___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
Re: [Shorewall-users] Adding download control for internal interface - qdisk errors out
Nigel Aves wrote: Thanks Tom, no hurry . I've been able to reproduce the problem here. -Tom -- Tom Eastep\ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \ signature.asc Description: OpenPGP digital signature -- SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
[Shorewall-users] Adding download control for internal interface - qdisk errors out
Shorewall version 4.4.7 I have managed to configure Shorewall successfully for traffic shaping on the upload and that all seems to be working ok. Today I'm trying to control downloading as well, rather than using Squids delay pools. I followed the on-line documentation but when I try to start Shorewall the following message pops up. Setting up Traffic Control... RTNETLINK answers: File exists ERROR: Command tc qdisc add dev eth1 parent 2:2 handle 2: sfq quantum 1500 limit 127 perturb 10 Failed Processing /etc/shorewall/stop ... I have had a hunt around and can not find out what I have done wrong. (No surprises there, I'm no sysadm type person). Any help as to what I have done wrong will be gratefully received. Nigel. Here are the files (when just using the ppp0 everything works perfectly, commented out the eth1 lines to get the firewall working) tcdevices ppp0 6200kbit 4400kbit eth1 - 100mbits tcclasses ppp01 5*full/100 full1 tcp-ack,tos-minimize-delay ppp02 47*full/100 full2 ppp03 10*full/100 full3 ppp04 5*full/100 full4 ppp05 29*full/100 full5 ppp06 4*full/100 full6 default #eth11 5*full/100 full1 tcp-ack #eth13 10*full/100 full2 #eth14 5*full/100 full3 #eth15 70*full/100 full4 #eth16 10*full/100 full5 default I think it's the tcclasses it does not like because if I keep the tcrules for just the ppp0 interface I still get the error message when I un-comment eth1 tcrules 1:F0.0.0.0/00.0.0.0/0 icmpecho-request 1:F0.0.0.0/00.0.0.0/0 icmpecho-reply 2:T207.224.48.222 0.0.0.0/0 tcp - 80,443 3:T0.0.0.0/00.0.0.0/0 tcp 53 3:T0.0.0.0/00.0.0.0/0 udp 53 # 3:Fppp0 eth1 tcp -53 # 3:Fppp0 eth1 udp -53 4:T0.0.0.0/00.0.0.0/0 tcp 25 4:T0.0.0.0/00.0.0.0/0 udp 25 # 4:Fppp0 eth1 tcp -25 # 4:Fppp0 eth1 udp -25 5:T0.0.0.0/00.0.0.0/0 tcp 80,443 # 5:Fppp0 eth1 tcp - 80,443 I've also tried not using eth1 but 192.168.1.0/24 -- SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev ___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
