Beta 2 is now available for testing.
Problems Corrected:
1) When a logical device name was specified in the REDIRECTED
INTERFACES column of /etc/shorewall/tcdevices, that name was used
in the generated script rather than the device''s physical
name. Unless the two were the same, this caused start/restart
failure. Shorewall now uses the physical name.
Note: This defect repair was also released in Shorewall 4.5.5.1.
New Features:
1) It is now possible to specify the LS (linksharing) rate for an HFSC
class in /etc/shorewall/tcclasses. See shorewall-tcclasses (5) for
details.
2) It is now possible to specify that a leaf class will use the RED
(Random Early Detection) queuing discipline rather than SFQ or
pfifo. A new class OPTION is defined:
red=(<red option>=<value>, ...)
When specified on a leaf class, causes the class to use the RED
(Random Early Detection) queuing discipline rather than
SFQ. See tc-red (8) for additional information.
Allowable <red option>s are:
min <min>
Average queue size in bytes at which marking becomes a
possibility.
max <max>
At this average queue size, the marking probability is
maximal. Must be at least twice <min> to prevent
synchronous retransmits, higher for low <min>.
probability <probability>
Maximum probability for marking, specified as a floating
point number from 0.0 to 1.0. Suggested values are 0.01 or
0.02 (1 or 2%, respectively).
limit <limit>
Hard limit on the real (not average) queue size in bytes.
Further packets are dropped. Should be set higher than
<max>+<burst>. It is advised to set this a few times
higher
than <max>. Shorewall requires that <limit> be at least
twice <min>.
burst <burst>
Used for determining how fast the average queue size is
influenced by the real queue size. Larger values make the
calculation more sluggish, allowing longer bursts of
traffic before marking starts. Real life experiments
support the following guide<80><90>line:
(<min>+<min>+<max>)/(3*<avpkt>).
avpkt <avpkt>
Optional. Specified in bytes. Used with burst to determine
the time constant for average queue size calculations. 1000
is a good value and is the Shorewall default.
bandwidth <bandwidth>
Optional. This rate is used for calculating the average
queue size after some idle time. Should be set to the
bandwidth of your interface. Does not mean that RED will
shape for you!
ecn
RED can either ''mark'' or
''drop''. Explicit Congestion
Notification (ECN) allows RED to notify remote hosts that
their rate exceeds the amount of bandwidth
available. Non-ECN capable hosts can only be notified by
dropping a packet. If this parameter is specified, packets
which indicate that their hosts honor ECN will only be
marked and not dropped, unless the queue size hits limit
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/