On 09/13/2012 04:56 PM, Mr Dash Four wrote:
>> See shorewall-tcclasses(5) and shorewall6-tcclasses(5) for
>> additional information.
>>From man shorewall-tcfilters: "Added in Shorewall 4.5.8. Specifies the rule
>>priority. If not given, priority 10 is assumed." That's wrong and needs
>>changing.
Yep.
>>From man shorewall-tcdevices: "OPTIONS -
>>{-|{classify|hfsc|linklayer={ethernet|atm|adsl}|tsize=tsize|mtu=mtu|mpu=mpu|overhead=overhead}
>> ,...}" - incomplete. "htb" is also allowed and needs to be explained.
>>Further down on the same man page:
>
> The default priority values used by other Shorewall-generated filters are as
> follows:
> * Classify by packet mark - ( class priority << 8 ) | 20.
> * Ingress policing - 10
> * Simple TC ACK packets - 1
> * Complex TC ACK packets - ( class priority << 8 ) | 10.
> * Classify by TOS - ( class priority << 8 ) | 15.
> * Class with 'occurs' - 65535
>
> Neither of which applies in my test case & real life scenario as I do *not*
> use MARK (see my previous post on the subject):
This is simply documenting the behavior that has been in effect since at
least Shorewall 4.4.6 (released January 2010).
>
> 1. Class priority is assigned as specified in the PRIORITY column in
> tcclasses, which is what I wanted in the first place.
And which has been the case since day 1 for HTB. Since priority is not
supported for HFSC, the priority isn't assigned to those classes.
> 2. Filter priority is specified as 1-7 (in that order) for each "filter add"
> statement if no PRIORITY value is specified in tcfilters.
Which is now the behavior. Although my testing indicates that where
there are multiple filters at the same priority, it's 'first match wins'.
> 3. Filter priority is assigned as specified in the PRIORITY column in
> tcfilters, which is, again, what I wanted.
>
>> 3) The PRIORITY column in the tcclasses file is now optional for HFSC
>> classes. If that priority is omitted, then an explicit priority
>> must be specified for the MARK value and for the 'tcp-ack' and
>> 'tos*' options.
> You also need to explain my case where I do *not* use MARK, but CLASSIFY and
> PRIORITY instead.
I thought it was self-evident that if you don't use MARK, 'tcp-ack' or
'tos*', then you don't need the priority.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Got visibility?
Most devs has no idea what their production app looks like.
Find out how fast your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219671;13503038;y?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Shorewall-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-devel
