Shoerwall Version 4.3.12 is now available for testing.
----------------------------------------------------------------------------
P R O B L E M S C O R R E C T E D I N 4 . 3 . 12
----------------------------------------------------------------------------
1) A ''large quantum'' warning log message during restart has
been
eliminated. The log message occurred when an interface with a large
OUT-BANDWIDTH was defined in /etc/shorewall/tcdevices.
2) The ''shorewall reset'' command no longer generates this
error:
/sbin/shorewall: 885: report: not found
3) A mis-coded test after the ''findgw'' script was executed
caused the
value returned by that script to be ignored.
----------------------------------------------------------------------------
K N O W N P R O B L E M S R E M A I N I N G
----------------------------------------------------------------------------
None.
----------------------------------------------------------------------------
N E W F E A T U R E S I N 4 . 3 . 12
----------------------------------------------------------------------------
1) Support for the "Hierarchical Fair Service Curve" (HFSC) queuing
discipline has been added. HFSC is superior to the "Hierarchical
Token Bucket" queuing discipline where realtime traffic such as
VOIP is being used.
An excellent overview of HFSC on Linux may be found at
http://linux-ip.net/articles/hfsc.en/.
To use HFSC, several changes need to be made to your traffic
shaping configuration:
- To use HFSC on an interface rather than HTB, specify the
''hfsc'' option in the OPTIONS column in the
interfaces''s
entry in /etc/shorewall/tcdevices.
- Modify the RATE colum for each ''leaf'' class
(class with
no parent class specified) defined for the interface.
When using HFSC, the RATE column may specify 1, 2 or 3
pieces of information separated by colons (":").
1. The Guaranteed bandwidth (as always).
2. The Maximum delay (DMAX) that the first queued packet
in the class should experience. The delay is expressed
in milliseconds and may be followed by ''ms''
(e.g.,
10ms. Note that there may be no white space between the
number and ''ms'').
3. The maximum transmission unit (UMAX) for this class of
traffic. If not specified, the MTU of the interface is
used. The length is specified in bytes and may be
followed by ''b'' (e.g., 800b. Note that there
may be no
white space between the number and ''b'').
DMAX should be specified for each leaf class. The Shorewall
compiler will issue a warning if DMAX is omitted.
Example:
full/2:10ms:1500b
Guaranteed bandwidth is 1/2 of the devices
OUT-BANDWIDTH. Maximum delay is 10ms. Maximum packet
size is 1500 bytes.
2) Support for ipset bindings has been removed. Jozsef Kadlecsik has
already removed such support from ipset itself.
3) Optional TOS and LENGTH fields have been added to the tcfilters
file.
The TOS field may contain any of the following:
tos-minimize-delay
tos-maximuze-throughput
tos-maximize-reliability
tos-minimize-cost
tos-normal-service
Hex-number
Hex-number/Hex-number
The hex numbers must have exactly two digits.
The LENGTH value must be a numeric power of two between 32 and 8192
inclusive. Packets with a total length that is strictly less that
the specified value will match the rule.
4) Support for the ''norfc1918'' interface and host option has
been
removed. If ''norfc1918'' is specified for an entry in
either the
interfaces or the hosts file, a warning is issued and the option is
ignored.
Similarly, if RFC1918_STRICT=Yes or a non-empty RFC1918_LOG_LEVEL
is given in shorewall.conf, a warning will be issued and the option
will be ignored.
Users who currently use ''norfc1918'' are encouraged to
consider
using NULL_ROUTE_RFC1918=Yes instead.
Happy testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises
looking to deploy the next generation of Solaris that includes the latest
innovations from Sun and the OpenSource community. Download a copy and
enjoy capabilities such as Networking, Storage and Virtualization.
Go to: http://p.sf.net/sfu/opensolaris-get