done
config_get type "$section" TYPE
case "$type" in
- classify) unset pkt; append "$var" "-m mark --mark 0/0xff";;
- default) pkt=1; append "$var" "-m mark --mark 0/0xff";;
+ classify) unset pkt; append "$var" "-m mark --mark 0/0x0f";;
+ default) pkt=1; append "$var" "-m mark --mark 0/0xf0";;
reclassify) pkt=1;;
esac
append "$var" "${proto:+-p $proto}"
*:dsthost)
append "$var" "-d $value"
;;
- *:layer7)
- add_insmod ipt_layer7
- add_insmod xt_layer7
- append "$var" "-m layer7 --l7proto $value${pkt:+ --l7pkt}"
- ;;
*:ports|*:srcports|*:dstports)
value="$(echo "$value" | sed -e 's,-,:,g')"
lproto=${lproto:-tcp}
;;
*:connbytes)
value="$(echo "$value" | sed -e 's,-,:,g')"
- add_insmod ipt_connbytes
+ add_insmod xt_connbytes
append "$var" "-m connbytes --connbytes $value --connbytes-dir both --connbytes-mode bytes"
;;
+ *:comment)
+ add_insmod xt_comment
+ append "$var" "-m comment --comment '$value'"
+ ;;
*:tos)
- add_insmod ipt_tos
+ add_insmod xt_dscp
case "$value" in
!*) append "$var" "-m tos ! --tos $value";;
*) append "$var" "-m tos --tos $value"
esac
;;
*:dscp)
- add_insmod ipt_dscp
+ add_insmod xt_dscp
dscp_option="--dscp"
[ -z "${value%%[EBCA]*}" ] && dscp_option="--dscp-class"
case "$value" in
;;
1:pktsize)
value="$(echo "$value" | sed -e 's,-,:,g')"
- add_insmod ipt_length
+ add_insmod xt_length
append "$var" "-m length --length $value"
;;
1:limit)
- add_insmod ipt_limit
+ add_insmod xt_limit
append "$var" "-m limit --limit $value"
;;
1:tcpflags)
config_get class "${value##!}" classnr
[ -z "$class" ] && continue;
case "$value" in
- !*) append "$var" "-m mark ! --mark $class/0xff";;
- *) append "$var" "-m mark --mark $class/0xff";;
+ !*) append "$var" "-m mark ! --mark $class/0x0f";;
+ *) append "$var" "-m mark --mark $class/0x0f";;
esac
;;
1:TOS)
- add_insmod ipt_TOS
+ add_insmod xt_DSCP
config_get TOS "$rule" 'TOS'
suffix="-j TOS --set-tos "${TOS:-"Normal-Service"}
;;
1:DSCP)
- add_insmod ipt_DSCP
+ add_insmod xt_DSCP
config_get DSCP "$rule" 'DSCP'
[ -z "${DSCP%%[EBCA]*}" ] && set_value="--set-dscp-class $DSCP" \
|| set_value="--set-dscp $DSCP"
config_get device "$CONFIG_SECTION" device
[ -z "$device" ] && {
device="$(find_ifname ${CONFIG_SECTION})"
- config_set "$CONFIG_SECTION" device "${device:-eth0}"
+ config_set "$CONFIG_SECTION" device "$device"
}
;;
classgroup) append CG "$CONFIG_SECTION";;
}
tcrules() {
- dir=/usr/lib/qos
- [ -e $dir/tcrules.awk ] || dir=.
+ _dir=/usr/lib/qos
+ [ -e $_dir/tcrules.awk ] || _dir=.
echo "$cstr" | awk \
-v device="$dev" \
-v linespeed="$rate" \
- -f $dir/tcrules.awk
+ -v direction="$dir" \
+ -f $_dir/tcrules.awk
}
start_interface() {
## If we want to override the TOS field, let's clear the DSCP field first.
[ ! -z "$(echo $options | grep 'TOS')" ] && {
s_options=${options%%TOS}
- add_insmod ipt_DSCP
+ add_insmod xt_DSCP
parse_matching_rule iptrule "$rule" "$s_options" "$prefix" "-j DSCP --set-dscp 0"
append "$var" "$iptrule" "$N"
unset iptrule
}
+ target=$(($target | ($target << 4)))
parse_matching_rule iptrule "$rule" "$options" "$prefix" "-j MARK --set-mark $target/0xff"
append "$var" "$iptrule" "$N"
done
config_get mark "$class" classnr
config_get maxsize "$class" maxsize
[ -z "$maxsize" -o -z "$mark" ] || {
- add_insmod ipt_length
- append pktrules "iptables -t mangle -A qos_${cg} -m mark --mark $mark/0xff -m length --length $maxsize: -j MARK --set-mark 0/0xff" "$N"
+ add_insmod xt_length
+ append pktrules "iptables -t mangle -A qos_${cg} -m mark --mark $mark/0x0f -m length --length $maxsize: -j MARK --set-mark 0/0xff" "$N"
}
done
add_rules pktrules "$rules" "iptables -t mangle -A qos_${cg}"
iptables -t mangle -N qos_${cg} >&- 2>&-
iptables -t mangle -N qos_${cg}_ct >&- 2>&-
${iptrules:+${iptrules}${N}iptables -t mangle -A qos_${cg}_ct -j CONNMARK --save-mark --mask 0xff}
-iptables -t mangle -A qos_${cg} -j CONNMARK --restore-mark --mask 0xff
-iptables -t mangle -A qos_${cg} -m mark --mark 0/0xff -j qos_${cg}_ct
+iptables -t mangle -A qos_${cg} -j CONNMARK --restore-mark --mask 0x0f
+iptables -t mangle -A qos_${cg} -m mark --mark 0/0x0f -j qos_${cg}_ct
$pktrules
+${iptrules:+${iptrules}${N}iptables -t mangle -A qos_${cg} -j CONNMARK --save-mark --mask 0xf0}
$up$N${down:+${down}$N}
EOF
unset INSMOD
}
start_firewall() {
- add_insmod ipt_multiport
- add_insmod ipt_CONNMARK
+ add_insmod xt_multiport
+ add_insmod xt_CONNMARK
stop_firewall
for group in $CG; do
start_cg $group