Srinivasa Hebbar
2008-Feb-20 08:54 UTC
route_rules and shorewall generated provider mark rules in "ip rule"
Hello, When I have providers value with HIGH_ROUTE_MARKS=YES, the mark values above 0x400 causes the preference of "ip rule" for the shorewall generated mark rules goes beyond 11000. According to the man route_rules, 11000 to 11999 is reserved for rules defined in route_rules. The following patch in lib.providers fixes the problem. < #My changes -ssh < if [ -n "$HIGH_ROUTE_MARKS" ]; then < # HIGH_ROUTE_MARKS is Yes < pref=$(($mark >> 8)) < else < pref=$mark < fi < #My changes -ssh < < < run_ip rule add fwmark $mark pref $((10000 + $pref)) table $number ---> run_ip rule add fwmark $mark pref $((10000 + $mark)) table $numberOutput from ip rule before the patch: ------------------------------------------------------------ 0: from all lookup local 10256: from all fwmark 0x100 lookup wan1 11000: from all to 192.168.3.0/24 lookup wan1 20000: from 192.168.2.16 lookup wan1 32766: from all lookup main 32767: from all lookup default Out from ip rule after the patch: -------------------------------------------------- 0: from all lookup local 10010: from all fwmark 0xa00 lookup wan1 11000: from all to 192.168.3.0/24 lookup wan1 20000: from 192.168.2.16 lookup wan1 32766: from all lookup main 32767: from all lookup default I am using shorewall 3.4.4 ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Tom Eastep
2008-Feb-20 15:41 UTC
Re: route_rules and shorewall generated provider mark rules in "ip rule"
Srinivasa Hebbar wrote:> Hello, > > When I have providers value with HIGH_ROUTE_MARKS=YES, the mark values above > 0x400 causes the preference of "ip rule" for the shorewall generated mark > rules goes beyond 11000. According to the man route_rules, 11000 to 11999 is > reserved for rules defined in route_rules.I''ve applied a similar change. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/