On Fri, May 23, 2014 at 9:19 AM, Tom Eastep <teas...@shorewall.net> wrote:
> On 5/22/2014 7:35 PM, Lee Brown wrote:
>> Hi list,
>>
>> I recently installed shorewall 4.5.21.9 on Centos6.5 (2.6.32) on metal
>> and another install of 4.6.0 on Slackware 14.1 (3.10.17) in a KVM under
>> it. I notice that on both these systems shorewall show filters iterates
>> the devices but provides no output. I believe the 'tc' tool may have
>> changed behaviour.
>>
>> I can see tc filters being added via 'tc monitor', but a 'tc show
>> filters dev eth0' produces no output. 'tc show filters dev eth0 root'
>> provides some output and if you know all the parent id's, 'tc show
>> filters dev eth0 parent xxx:' gets output.
>>
>> From the slack KVM, I've included a tar of the /etc/shorewall directory,
>> which includes a file called dump.txt which is the output from shorewall
>> dump, plus a file called console to illustrate the problem. It's very
>> small.
>>
>> I used no filters on my previous systems which were Centos5.9 (2.6.18),
>> so I've no basis for when this may have been introduced.
>
> It looks to me as though 'tc filter ls' is broken. The manpage only
> shows 'tc filter show' as a valid command (where 'ls' is a synonym for
> 'show'). 'tc filter show [ parent ] root' works as you have observed,
> but 'tc filter show parent 1' does not, even though there are filters
> defined for qdisc 1. Similarly 'tc filter show parent ffff' doesn't
> work, even though 'ffff' is equivalent to 'root'.
>
> Attached is a hack that improves the output of 'shorewall show filters',
> but it's only a band-aid.
Thanks Tom,
I found this, right after the statement starting qt, line 256 or so
gets non-root filters for my particular example, but it feels pretty
distasteful. The awk code can be improved not to assume field 7, but
this is a hack anyway...maybe introduces awk as a dependency as well?
tc class show dev $device | awk '{print "echo && echo Node ",$7," &&
tc -s filter show dev '$device' parent ",$7}'|sh
YMMV -- lee
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
