640766 – net-firewall/shorewall: doesn't support >=sys-apps/iproute2-4.13 changed tc syntax

Bug 640766 - net-firewall/shorewall: doesn't support >=sys-apps/iproute2-4.13 changed tc syntax

Summary: net-firewall/shorewall: doesn't support >=sys-apps/iproute2-4.13 changed tc s...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Thomas Deutschmann (RETIRED)

URL:	https://sourceforge.net/p/shorewall/m...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-12-11 21:06 UTC by Alexander Stoll
Modified:	2017-12-18 21:49 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Stoll 2017-12-11 21:06:01 UTC

iproute2-4.14.1-r1 has gone stable on x86 and has obviously different parameters for tc command as in last stable 4.4.0

net-firewall/shorewall has no support for this new commands and when internal traffic control is enabled in configuration it bails out on startup like this:

Setting up Traffic Control...
"rate" or "avrate" MUST be specified.
Illegal "police"
   ERROR: Command "tc filter add dev ppp0 parent ffff: protocol all prio 10 basic police mpu 64 drop rate 55378kbit burst 10kb" Failed

So you end up with a disrupted network connection...

This should be escalated upstream for shorewall to support newer iproute2 packages.

Comment 1 Chris Ribble 2017-12-18 00:44:38 UTC

I have the same problem. The only way to get past this on my router is to either

1. Downgrade to iproute2 4.4.0
2. Disable traffic shaping (TC_ENABLED=No in shorewall.conf)

One of these is obvious completely unacceptable (disabling traffic shaping); the other is annoying, but I can cope.

If the issue is that shorewall cannot work with this version of iproute2, perhaps it should not be marked as stable?

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2017-12-18 21:40:48 UTC

@ Alexander: Thanks for posting this upstream.

Comment 3 Larry the Git Cow gentoo-dev

2017-12-18 21:49:04 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=19ac770e31c1093fb8cb7fa1b48e24d3b0964a81

commit 19ac770e31c1093fb8cb7fa1b48e24d3b0964a81
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2017-12-18 21:48:32 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2017-12-18 21:48:32 +0000

    net-firewall/shorewall: Rev bump to fix >=sys-apps/iproute2-4.13.0 support
    
    Closes: https://bugs.gentoo.org/640766
    Package-Manager: Portage-2.3.19, Repoman-2.3.6

 .../shorewall-add-iproute2-4.13.0+-support.patch   |  18 +
 net-firewall/shorewall/shorewall-5.1.9-r1.ebuild   | 457 +++++++++++++++++++++
 2 files changed, 475 insertions(+)

Additionally, it has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4323c70f3a4ad12e2de769f987cf7344fcc7c34e

commit 4323c70f3a4ad12e2de769f987cf7344fcc7c34e
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2017-12-18 21:37:04 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2017-12-18 21:37:23 +0000

    net-firewall/shorewall: Enforce <sys-apps/iproute2-4.13.0 due to new unsupported tc syntax
    
    Bug: https://bugs.gentoo.org/640766
    Package-Manager: Portage-2.3.19, Repoman-2.3.6

 net-firewall/shorewall/shorewall-5.1.9.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)}