qos-scripts: only use the lower 8 bits for firewall marks, allows coexistence with other programs like nodogsplash - patch by Tobias Wolf (#10096)
SVN-Revision: 28731
This commit is contained in:
Jo-Philipp Wich
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=qos-scripts
|
||||
PKG_VERSION:=1.2.1
|
||||
PKG_RELEASE:=5
|
||||
PKG_RELEASE:=6
|
||||
|
||||
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
|
||||
|
||||
|
||||
@@ -53,8 +53,8 @@ parse_matching_rule() {
|
||||
done
|
||||
config_get type "$section" TYPE
|
||||
case "$type" in
|
||||
classify) unset pkt; append "$var" "-m mark --mark 0";;
|
||||
default) pkt=1; append "$var" "-m mark --mark 0";;
|
||||
classify) unset pkt; append "$var" "-m mark --mark 0/0xff";;
|
||||
default) pkt=1; append "$var" "-m mark --mark 0/0xff";;
|
||||
reclassify) pkt=1;;
|
||||
esac
|
||||
append "$var" "${proto:+-p $proto}"
|
||||
@@ -161,8 +161,8 @@ parse_matching_rule() {
|
||||
config_get class "${value##!}" classnr
|
||||
[ -z "$class" ] && continue;
|
||||
case "$value" in
|
||||
!*) append "$var" "-m mark ! --mark $class";;
|
||||
*) append "$var" "-m mark --mark $class";;
|
||||
!*) append "$var" "-m mark ! --mark $class/0xff";;
|
||||
*) append "$var" "-m mark --mark $class/0xff";;
|
||||
esac
|
||||
;;
|
||||
1:TOS)
|
||||
@@ -386,7 +386,7 @@ add_rules() {
|
||||
unset iptrule
|
||||
}
|
||||
|
||||
parse_matching_rule iptrule "$rule" "$options" "$prefix" "-j MARK --set-mark $target"
|
||||
parse_matching_rule iptrule "$rule" "$options" "$prefix" "-j MARK --set-mark $target/0xff"
|
||||
append "$var" "$iptrule" "$N"
|
||||
done
|
||||
}
|
||||
@@ -404,7 +404,7 @@ start_cg() {
|
||||
config_get maxsize "$class" maxsize
|
||||
[ -z "$maxsize" -o -z "$mark" ] || {
|
||||
add_insmod ipt_length
|
||||
append pktrules "iptables -t mangle -A qos_${cg} -m mark --mark $mark -m length --length $maxsize: -j MARK --set-mark 0" "$N"
|
||||
append pktrules "iptables -t mangle -A qos_${cg} -m mark --mark $mark/0xff -m length --length $maxsize: -j MARK --set-mark 0/0xff" "$N"
|
||||
}
|
||||
done
|
||||
add_rules pktrules "$rules" "iptables -t mangle -A qos_${cg}"
|
||||
@@ -423,9 +423,9 @@ start_cg() {
|
||||
$INSMOD
|
||||
iptables -t mangle -N qos_${cg} >&- 2>&-
|
||||
iptables -t mangle -N qos_${cg}_ct >&- 2>&-
|
||||
${iptrules:+${iptrules}${N}iptables -t mangle -A qos_${cg}_ct -j CONNMARK --save-mark}
|
||||
iptables -t mangle -A qos_${cg} -j CONNMARK --restore-mark
|
||||
iptables -t mangle -A qos_${cg} -m mark --mark 0 -j qos_${cg}_ct
|
||||
${iptrules:+${iptrules}${N}iptables -t mangle -A qos_${cg}_ct -j CONNMARK --save-mark --mask 0xff}
|
||||
iptables -t mangle -A qos_${cg} -j CONNMARK --restore-mark --mask 0xff
|
||||
iptables -t mangle -A qos_${cg} -m mark --mark 0/0xff -j qos_${cg}_ct
|
||||
$pktrules
|
||||
$up$N${down:+${down}$N}
|
||||
EOF
|
||||
|
||||
@@ -122,7 +122,7 @@ END {
|
||||
|
||||
# filter rule
|
||||
for (i = 1; i <= n; i++) {
|
||||
print "tc filter add dev "device" parent 1: prio "class[i]" protocol ip handle "class[i]" fw flowid 1:"class[i] "0"
|
||||
print "tc filter add dev "device" parent 1: prio "class[i]" protocol ip handle "class[i]"/0xff fw flowid 1:"class[i] "0"
|
||||
filterc=1
|
||||
if (filter[i] != "") {
|
||||
print " tc filter add dev "device" parent "class[i]"00: handle "filterc"0 "filter[i]
|
||||
|
||||
Reference in New Issue
Block a user