From 3ffe66cbe07eedf0f8136c0fb063c6d7a81c8fbd Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jow@openwrt.org>
Date: Thu, 27 Oct 2011 12:39:16 +0000
Subject: [PATCH] Add qos_* iptables chain namespace for QoS

Prefix the names of the iptables chains used for QoS with "qos_" to
allow for identification of QoS chains for removal across configuration
changes.  When clearing QoS iptables chains, only remove chains with the
namespace prefix in order to preserve user and/or other package chains
in the mangle table.

Signed-off-by: Kevin Locke <klocke@digitalenginesoftware.com>

SVN-Revision: 28622
---
 .../qos-scripts/files/usr/lib/qos/generate.sh | 46 +++++++++++++------
 1 file changed, 32 insertions(+), 14 deletions(-)

diff --git a/package/qos-scripts/files/usr/lib/qos/generate.sh b/package/qos-scripts/files/usr/lib/qos/generate.sh
index a697e9f4a2..093967f7a1 100755
--- a/package/qos-scripts/files/usr/lib/qos/generate.sh
+++ b/package/qos-scripts/files/usr/lib/qos/generate.sh
@@ -397,17 +397,17 @@ start_cg() {
 	local pktrules
 	local sizerules
 	enum_classes "$cg"
-	add_rules iptrules "$ctrules" "iptables -t mangle -A ${cg}_ct"
+	add_rules iptrules "$ctrules" "iptables -t mangle -A qos_${cg}_ct"
 	config_get classes "$cg" classes
 	for class in $classes; do
 		config_get mark "$class" classnr
 		config_get maxsize "$class" maxsize
 		[ -z "$maxsize" -o -z "$mark" ] || {
 			add_insmod ipt_length
-			append pktrules "iptables -t mangle -A ${cg} -m mark --mark $mark -m length --length $maxsize: -j MARK --set-mark 0" "$N"
+			append pktrules "iptables -t mangle -A qos_${cg} -m mark --mark $mark -m length --length $maxsize: -j MARK --set-mark 0" "$N"
 		}
 	done
-	add_rules pktrules "$rules" "iptables -t mangle -A ${cg}"
+	add_rules pktrules "$rules" "iptables -t mangle -A qos_${cg}"
 	for iface in $INTERFACES; do
 		config_get classgroup "$iface" classgroup
 		config_get device "$iface" device
@@ -416,16 +416,16 @@ start_cg() {
 		config_get download "$iface" download
 		config_get halfduplex "$iface" halfduplex
 		download="${download:-${halfduplex:+$upload}}"
-		append up "iptables -t mangle -A OUTPUT -o $device -j ${cg}" "$N"
-		append up "iptables -t mangle -A FORWARD -o $device -j ${cg}" "$N"
+		append up "iptables -t mangle -A OUTPUT -o $device -j qos_${cg}" "$N"
+		append up "iptables -t mangle -A FORWARD -o $device -j qos_${cg}" "$N"
 	done
 	cat <<EOF
 $INSMOD
-iptables -t mangle -N ${cg} >&- 2>&-
-iptables -t mangle -N ${cg}_ct >&- 2>&-
-${iptrules:+${iptrules}${N}iptables -t mangle -A ${cg}_ct -j CONNMARK --save-mark}
-iptables -t mangle -A ${cg} -j CONNMARK --restore-mark
-iptables -t mangle -A ${cg} -m mark --mark 0 -j ${cg}_ct
+iptables -t mangle -N qos_${cg} >&- 2>&-
+iptables -t mangle -N qos_${cg}_ct >&- 2>&-
+${iptrules:+${iptrules}${N}iptables -t mangle -A qos_${cg}_ct -j CONNMARK --save-mark}
+iptables -t mangle -A qos_${cg} -j CONNMARK --restore-mark
+iptables -t mangle -A qos_${cg} -m mark --mark 0 -j qos_${cg}_ct
 $pktrules
 $up$N${down:+${down}$N}
 EOF
@@ -435,15 +435,33 @@ EOF
 start_firewall() {
 	add_insmod ipt_multiport
 	add_insmod ipt_CONNMARK
-	cat <<EOF
-iptables -t mangle -F
-iptables -t mangle -X
-EOF
+	stop_firewall
 	for group in $CG; do
 		start_cg $group
 	done
 }
 
+stop_firewall() {
+	# Builds up a list of iptables commands to flush the qos_* chains,
+	# remove rules referring to them, then delete them
+
+	# Print rules in the mangle table, like iptables-save
+	iptables -t mangle -S |
+		# Find rules for the qos_* chains
+		grep '^-N qos_\|-j qos_' |
+		# Exclude rules in qos_* chains (inter-qos_* refs)
+		grep -v '^-A qos_' |
+		# Replace -N with -X and hold, with -F and print
+		# Replace -A with -D
+		# Print held lines at the end (note leading newline)
+		sed -e '/^-N/{s/^-N/-X/;H;s/^-X/-F/}' \
+			-e 's/^-A/-D/' \
+			-e '${p;g}' |
+		# Make into proper iptables calls
+		# Note:  awkward in previous call due to hold space usage
+		sed -n -e 's/^./iptables -t mangle &/p'
+}
+
 C="0"
 INTERFACES=""
 [ -e ./qos.conf ] && {
-- 
2.30.2