From 31a8ab66f49ad26b376d552ec468b21e15835daf Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Mon, 7 Jun 2010 10:46:43 -0700
Subject: Rearrange Qos commands for Larkspur

Current (Kenwood and earlier):
set qos-policy traffic-shaper TS { ...classes }
set qos-policy traffic-limiter TL { ...classes }
seq qos-policy network-emulator NE ...
set qos-policy random-detect RD ...
set qos-policy rate-limiter RC ...
set qos-policy round-robin RR ...

set interfaces ethernet eth0 qos-policy out TS
set interfaces ethernet eth0 qos-policy in TL

New (Larkspur and later):
set traffic-policy shaper TS { ...classes }
set traffic-policy limiter TL { ...classes }
seq traffic-policy network-emulator NE ...
set traffic-policy random-detect RD ...
set traffic-policy rate-control RC ...
set traffic-policy round-robin RR ...

set interfaces ethernet eth0 traffic-policy out TS
set interfaces ethernet eth0 traffic-policy in TL
set interfaces ethernet eth0 redirect ifb0
set interfaces ethernet eth0 mirror eth2

Note:
 1. Only one of the following is allowed:  "redirect", or "mirror"
 2. Traffic-policy limiter is allowed with redirection/mirror and takes place
    before mirror/redirect action (NEW)
 3. Limiter policy may applied on output (NEW)
 4. Only limiter policies can be applied on input (same as previous releases)

This does add some new functionality (#2, and #3) which are possible because
of how filter classes are implemented.
---
 interface-templates/redirect/node.def | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 interface-templates/redirect/node.def

(limited to 'interface-templates/redirect')

diff --git a/interface-templates/redirect/node.def b/interface-templates/redirect/node.def
new file mode 100644
index 0000000..6f0bd60
--- /dev/null
+++ b/interface-templates/redirect/node.def
@@ -0,0 +1,12 @@
+type: txt
+help: Set incoming packet redirection destination
+allowed: /opt/vyatta/sbin/vyatta-interfaces.pl --skip=$IFNAME --show=all
+
+syntax: /opt/vyatta/sbin/vyatta-interfaces.pl --dev=$IFNAME --check=all
+commit:expression: $VAR(../mirror) == "";\
+		   "interface $VAR(../@) : can not redirect and mirror on $IFNAME"
+
+commit:expression: $VAR(../traffic-policy/in) == ""; \
+		   "interface $VAR(../@) : can not use ingress policy and redirect on $IFNAME"
+
+end: /opt/vyatta/sbin/vyatta-qos.pl --update-action $IFNAME
-- 
cgit v1.2.3


From ded90a0249827911e86c343ad67ae0d2074b6008 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Wed, 9 Jun 2010 10:45:46 -0700
Subject: Block attempts to mirror/redirect to self

---
 interface-templates/mirror/node.def   | 3 +++
 interface-templates/redirect/node.def | 4 ++++
 2 files changed, 7 insertions(+)

(limited to 'interface-templates/redirect')

diff --git a/interface-templates/mirror/node.def b/interface-templates/mirror/node.def
index cbb3bde..f19ae06 100644
--- a/interface-templates/mirror/node.def
+++ b/interface-templates/mirror/node.def
@@ -2,6 +2,9 @@ type: txt
 help: Set incoming packet mirroring destination
 allowed: ${vyatta_sbindir}/vyatta-interfaces.pl --skip=$IFNAME --show=all
 
+syntax: $VAR(@) != $VAR(../@) ;\
+	 "interface $VAR(../@): mirroring to same interface not allowed"
+
 syntax: /opt/vyatta/sbin/vyatta-interfaces.pl --dev=$IFNAME --check=all
 
 commit:expression: $VAR(../redirect) == ""; \
diff --git a/interface-templates/redirect/node.def b/interface-templates/redirect/node.def
index 6f0bd60..e94e8a8 100644
--- a/interface-templates/redirect/node.def
+++ b/interface-templates/redirect/node.def
@@ -2,7 +2,11 @@ type: txt
 help: Set incoming packet redirection destination
 allowed: /opt/vyatta/sbin/vyatta-interfaces.pl --skip=$IFNAME --show=all
 
+syntax: $VAR(@) != $VAR(../@) ;\
+	 "interface $VAR(../@): redirect to same interface not allowed"
+
 syntax: /opt/vyatta/sbin/vyatta-interfaces.pl --dev=$IFNAME --check=all
+
 commit:expression: $VAR(../mirror) == "";\
 		   "interface $VAR(../@) : can not redirect and mirror on $IFNAME"
 
-- 
cgit v1.2.3