[ -e /etc/config/network ] && {
# only try to parse network config on openwrt
- find_ifname() {(
- reset_cb
- include /lib/network
- scan_interfaces
- config_get "$1" ifname
- )}
+ . /lib/functions/network.sh
+
+ find_ifname() {
+ local ifname
+ if network_get_device ifname "$1"; then
+ echo "$ifname"
+ else
+ echo "Device for interface $1 not found." >&2
+ exit 1
+ fi
+ }
} || {
find_ifname() {
- echo "Interface not found."
+ echo "Interface not found." >&2
exit 1
}
}
done
config_get type "$section" TYPE
case "$type" in
- classify) unset pkt; append "$var" "-m mark --mark 0/0xff";;
- default) pkt=1; append "$var" "-m mark --mark 0/0xff";;
+ classify) unset pkt; append "$var" "-m mark --mark 0/0x0f";;
+ default) pkt=1; append "$var" "-m mark --mark 0/0xf0";;
reclassify) pkt=1;;
esac
append "$var" "${proto:+-p $proto}"
*:dsthost)
append "$var" "-d $value"
;;
- *:layer7)
- add_insmod ipt_layer7
- add_insmod xt_layer7
- append "$var" "-m layer7 --l7proto $value${pkt:+ --l7pkt}"
- ;;
*:ports|*:srcports|*:dstports)
value="$(echo "$value" | sed -e 's,-,:,g')"
lproto=${lproto:-tcp}
;;
*:connbytes)
value="$(echo "$value" | sed -e 's,-,:,g')"
- add_insmod ipt_connbytes
+ add_insmod xt_connbytes
append "$var" "-m connbytes --connbytes $value --connbytes-dir both --connbytes-mode bytes"
;;
*:comment)
append "$var" "-m comment --comment '$value'"
;;
*:tos)
- add_insmod ipt_tos
- case "$value" in
- !*) append "$var" "-m tos ! --tos $value";;
- *) append "$var" "-m tos --tos $value"
- esac
- ;;
+ add_insmod xt_dscp
+ case "$value" in
+ !*) append "$var" "-m tos ! --tos $value";;
+ *) append "$var" "-m tos --tos $value"
+ esac
+ ;;
*:dscp)
- add_insmod ipt_dscp
+ add_insmod xt_dscp
dscp_option="--dscp"
- [ -z "${value%%[EBCA]*}" ] && dscp_option="--dscp-class"
+ [ -z "${value%%[EBCA]*}" ] && dscp_option="--dscp-class"
case "$value" in
- !*) append "$var" "-m dscp ! $dscp_option $value";;
- *) append "$var" "-m dscp $dscp_option $value"
- esac
- ;;
+ !*) append "$var" "-m dscp ! $dscp_option $value";;
+ *) append "$var" "-m dscp $dscp_option $value"
+ esac
+ ;;
*:direction)
value="$(echo "$value" | sed -e 's,-,:,g')"
if [ "$value" = "out" ]; then
append "$var" "-i $device"
fi
;;
+ *:srciface)
+ append "$var" "-i $value"
+ ;;
1:pktsize)
value="$(echo "$value" | sed -e 's,-,:,g')"
- add_insmod ipt_length
+ add_insmod xt_length
append "$var" "-m length --length $value"
;;
1:limit)
- add_insmod ipt_limit
+ add_insmod xt_limit
append "$var" "-m limit --limit $value"
;;
1:tcpflags)
config_get class "${value##!}" classnr
[ -z "$class" ] && continue;
case "$value" in
- !*) append "$var" "-m mark ! --mark $class/0xff";;
- *) append "$var" "-m mark --mark $class/0xff";;
+ !*) append "$var" "-m mark ! --mark $class/0x0f";;
+ *) append "$var" "-m mark --mark $class/0x0f";;
esac
;;
1:TOS)
- add_insmod ipt_TOS
+ add_insmod xt_DSCP
config_get TOS "$rule" 'TOS'
suffix="-j TOS --set-tos "${TOS:-"Normal-Service"}
;;
1:DSCP)
- add_insmod ipt_DSCP
+ add_insmod xt_DSCP
config_get DSCP "$rule" 'DSCP'
[ -z "${DSCP%%[EBCA]*}" ] && set_value="--set-dscp-class $DSCP" \
|| set_value="--set-dscp $DSCP"
option_cb() {
return 0
}
-
- # Section start
case "$1" in
interface)
config_set "$2" "classgroup" "Default"
;;
classify|default|reclassify)
option_cb() {
- append options "$1"
+ append "CONFIG_${CONFIG_SECTION}_options" "$1"
}
;;
esac
+}
- # Section end
- config_get TYPE "$CONFIG_SECTION" TYPE
+qos_parse_config() {
+ config_get TYPE "$1" TYPE
case "$TYPE" in
interface)
- config_get_bool enabled "$CONFIG_SECTION" enabled 1
- [ 1 -eq "$enabled" ] || return 0
- config_get classgroup "$CONFIG_SECTION" classgroup
- config_set "$CONFIG_SECTION" ifbdev "$C"
- C=$(($C+1))
- append INTERFACES "$CONFIG_SECTION"
- config_set "$classgroup" enabled 1
- config_get device "$CONFIG_SECTION" device
- [ -z "$device" ] && {
- device="$(find_ifname ${CONFIG_SECTION})"
- config_set "$CONFIG_SECTION" device "${device:-eth0}"
+ config_get_bool enabled "$1" enabled 1
+ [ 1 -eq "$enabled" ] && {
+ config_get classgroup "$1" classgroup
+ config_set "$1" ifbdev "$C"
+ C=$(($C+1))
+ append INTERFACES "$1"
+ config_set "$classgroup" enabled 1
+ config_get device "$1" device
+ [ -z "$device" ] && {
+ device="$(find_ifname $1)"
+ [ -z "$device" ] && exit 1
+ config_set "$1" device "$device"
+ }
}
;;
- classgroup) append CG "$CONFIG_SECTION";;
+ classgroup) append CG "$1";;
classify|default|reclassify)
case "$TYPE" in
classify) var="ctrules";;
*) var="rules";;
esac
- config_get target "$CONFIG_SECTION" target
- config_set "$CONFIG_SECTION" options "$options"
- append "$var" "$CONFIG_SECTION"
- unset options
+ append "$var" "$1"
;;
esac
}
-
enum_classes() {
local c="0"
config_get classes "$1" classes
}
tcrules() {
- dir=/usr/lib/qos
- [ -e $dir/tcrules.awk ] || dir=.
+ _dir=/usr/lib/qos
+ [ -e $_dir/tcrules.awk ] || _dir=.
echo "$cstr" | awk \
-v device="$dev" \
-v linespeed="$rate" \
- -f $dir/tcrules.awk
+ -v direction="$dir" \
+ -f $_dir/tcrules.awk
}
start_interface() {
append cstr "$classnr:$prio:$avgrate:$pktsize:$pktdelay:$maxrate:$qdisc:$filter" "$N"
done
append ${prefix}q "$(tcrules)" "$N"
- export dev_${dir}="ifconfig $dev up txqueuelen 5 >&- 2>&-
+ export dev_${dir}="ip link set $dev up >&- 2>&-
tc qdisc del dev $dev root >&- 2>&-
tc qdisc add dev $dev root handle 1: hfsc default ${class_default}0
tc class add dev $dev parent 1: classid 1:1 hfsc sc rate ${rate}kbit ul rate ${rate}kbit"
if [ -n "$halfduplex" ]; then
export dev_up="tc qdisc del dev $device root >&- 2>&-
tc qdisc add dev $device root handle 1: hfsc
-tc filter add dev $device parent 1: protocol ip prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb$ifbdev"
+tc filter add dev $device parent 1: prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb$ifbdev"
elif [ -n "$download" ]; then
append dev_${dir} "tc qdisc del dev $device ingress >&- 2>&-
tc qdisc add dev $device ingress
-tc filter add dev $device parent ffff: protocol ip prio 1 u32 match u32 0 0 flowid 1:1 action connmark action mirred egress redirect dev ifb$ifbdev" "$N"
+tc filter add dev $device parent ffff: prio 1 u32 match u32 0 0 flowid 1:1 action connmark action mirred egress redirect dev ifb$ifbdev" "$N"
fi
add_insmod cls_fw
add_insmod sch_hfsc
- add_insmod sch_fq_codel
cat <<EOF
${INSMOD:+$INSMOD$N}${dev_up:+$dev_up
## If we want to override the TOS field, let's clear the DSCP field first.
[ ! -z "$(echo $options | grep 'TOS')" ] && {
s_options=${options%%TOS}
- add_insmod ipt_DSCP
+ add_insmod xt_DSCP
parse_matching_rule iptrule "$rule" "$s_options" "$prefix" "-j DSCP --set-dscp 0"
append "$var" "$iptrule" "$N"
unset iptrule
}
+ target=$(($target | ($target << 4)))
parse_matching_rule iptrule "$rule" "$options" "$prefix" "-j MARK --set-mark $target/0xff"
append "$var" "$iptrule" "$N"
done
local pktrules
local sizerules
enum_classes "$cg"
- add_rules iptrules "$ctrules" "iptables -t mangle -A qos_${cg}_ct"
+ for command in $iptables; do
+ add_rules iptrules "$ctrules" "$command -w -t mangle -A qos_${cg}_ct"
+ done
config_get classes "$cg" classes
for class in $classes; do
config_get mark "$class" classnr
config_get maxsize "$class" maxsize
[ -z "$maxsize" -o -z "$mark" ] || {
- add_insmod ipt_length
- append pktrules "iptables -t mangle -A qos_${cg} -m mark --mark $mark/0xff -m length --length $maxsize: -j MARK --set-mark 0/0xff" "$N"
+ add_insmod xt_length
+ for command in $iptables; do
+ append pktrules "$command -w -t mangle -A qos_${cg} -m mark --mark $mark/0x0f -m length --length $maxsize: -j MARK --set-mark 0/0xff" "$N"
+ done
}
done
- add_rules pktrules "$rules" "iptables -t mangle -A qos_${cg}"
+ for command in $iptables; do
+ add_rules pktrules "$rules" "$command -w -t mangle -A qos_${cg}"
+ done
for iface in $INTERFACES; do
config_get classgroup "$iface" classgroup
config_get device "$iface" device
config_get download "$iface" download
config_get halfduplex "$iface" halfduplex
download="${download:-${halfduplex:+$upload}}"
- append up "iptables -t mangle -A OUTPUT -o $device -j qos_${cg}" "$N"
- append up "iptables -t mangle -A FORWARD -o $device -j qos_${cg}" "$N"
+ for command in $iptables; do
+ append up "$command -w -t mangle -A OUTPUT -o $device -j qos_${cg}" "$N"
+ append up "$command -w -t mangle -A FORWARD -o $device -j qos_${cg}" "$N"
+ done
done
cat <<EOF
$INSMOD
-iptables -t mangle -N qos_${cg} >&- 2>&-
-iptables -t mangle -N qos_${cg}_ct >&- 2>&-
-${iptrules:+${iptrules}${N}iptables -t mangle -A qos_${cg}_ct -j CONNMARK --save-mark --mask 0xff}
-iptables -t mangle -A qos_${cg} -j CONNMARK --restore-mark --mask 0xff
-iptables -t mangle -A qos_${cg} -m mark --mark 0/0xff -j qos_${cg}_ct
+EOF
+
+for command in $iptables; do
+ cat <<EOF
+ $command -w -t mangle -N qos_${cg}
+ $command -w -t mangle -N qos_${cg}_ct
+EOF
+done
+cat <<EOF
+ ${iptrules:+${iptrules}${N}}
+EOF
+for command in $iptables; do
+ cat <<EOF
+ $command -w -t mangle -A qos_${cg}_ct -j CONNMARK --save-mark --mask 0xff
+ $command -w -t mangle -A qos_${cg} -j CONNMARK --restore-mark --mask 0x0f
+ $command -w -t mangle -A qos_${cg} -m mark --mark 0/0x0f -j qos_${cg}_ct
+EOF
+done
+cat <<EOF
$pktrules
+EOF
+for command in $iptables; do
+ cat <<EOF
+ $command -w -t mangle -A qos_${cg} -j CONNMARK --save-mark --mask 0xff
+EOF
+done
+cat <<EOF
$up$N${down:+${down}$N}
EOF
unset INSMOD
}
start_firewall() {
- add_insmod ipt_multiport
- add_insmod ipt_CONNMARK
+ add_insmod xt_multiport
+ add_insmod xt_connmark
stop_firewall
for group in $CG; do
start_cg $group
# remove rules referring to them, then delete them
# Print rules in the mangle table, like iptables-save
- iptables -t mangle -S |
- # Find rules for the qos_* chains
- grep '^-N qos_\|-j qos_' |
- # Exclude rules in qos_* chains (inter-qos_* refs)
- grep -v '^-A qos_' |
- # Replace -N with -X and hold, with -F and print
- # Replace -A with -D
- # Print held lines at the end (note leading newline)
- sed -e '/^-N/{s/^-N/-X/;H;s/^-X/-F/}' \
- -e 's/^-A/-D/' \
- -e '${p;g}' |
- # Make into proper iptables calls
- # Note: awkward in previous call due to hold space usage
- sed -n -e 's/^./iptables -t mangle &/p'
+ for command in $iptables; do
+ $command -w -t mangle -S |
+ # Find rules for the qos_* chains
+ grep -E '(^-N qos_|-j qos_)' |
+ # Exclude rules in qos_* chains (inter-qos_* refs)
+ grep -v '^-A qos_' |
+ # Replace -N with -X and hold, with -F and print
+ # Replace -A with -D
+ # Print held lines at the end (note leading newline)
+ sed -e '/^-N/{s/^-N/-X/;H;s/^-X/-F/}' \
+ -e 's/^-A/-D/' \
+ -e '${p;g}' |
+ # Make into proper iptables calls
+ # Note: awkward in previous call due to hold space usage
+ sed -n -e "s/^./${command} -w -t mangle &/p"
+ done
}
C="0"
[ -e ./qos.conf ] && {
. ./qos.conf
config_cb
-} || config_load qos
+} || {
+ config_load qos
+ config_foreach qos_parse_config
+}
C="0"
for iface in $INTERFACES; do
export C="$(($C + 1))"
done
+[ -x /usr/sbin/ip6tables ] && {
+ iptables="ip6tables iptables"
+} || {
+ iptables="iptables"
+}
+
case "$1" in
all)
start_interfaces "$C"
projects / openwrt / staging / chunkeey.git / blobdiff