qos-scripts: fix ingress packet marking with ifb

Split connection mark into two parts:

The lower nibble contains the confirmed conntrack mark which is not
generated by default/reclassify rules.
The upper nibble contains the current value specified by
default/reclassify rules.

For egress, the default/reclassify value is preferred
For ingress, the connection mark is preferred

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 41682
This commit is contained in:
Felix Fietkau 2014-07-17 12:02:06 +00:00
parent f44d3f9980
commit 4ef8d2e014
2 changed files with 27 additions and 13 deletions

View file

@ -53,8 +53,8 @@ parse_matching_rule() {
done done
config_get type "$section" TYPE config_get type "$section" TYPE
case "$type" in case "$type" in
classify) unset pkt; append "$var" "-m mark --mark 0/0xff";; classify) unset pkt; append "$var" "-m mark --mark 0/0x0f";;
default) pkt=1; append "$var" "-m mark --mark 0/0xff";; default) pkt=1; append "$var" "-m mark --mark 0/0xf0";;
reclassify) pkt=1;; reclassify) pkt=1;;
esac esac
append "$var" "${proto:+-p $proto}" append "$var" "${proto:+-p $proto}"
@ -165,8 +165,8 @@ parse_matching_rule() {
config_get class "${value##!}" classnr config_get class "${value##!}" classnr
[ -z "$class" ] && continue; [ -z "$class" ] && continue;
case "$value" in case "$value" in
!*) append "$var" "-m mark ! --mark $class/0xff";; !*) append "$var" "-m mark ! --mark $class/0x0f";;
*) append "$var" "-m mark --mark $class/0xff";; *) append "$var" "-m mark --mark $class/0x0f";;
esac esac
;; ;;
1:TOS) 1:TOS)
@ -268,12 +268,13 @@ cls_var() {
} }
tcrules() { tcrules() {
dir=/usr/lib/qos _dir=/usr/lib/qos
[ -e $dir/tcrules.awk ] || dir=. [ -e $_dir/tcrules.awk ] || _dir=.
echo "$cstr" | awk \ echo "$cstr" | awk \
-v device="$dev" \ -v device="$dev" \
-v linespeed="$rate" \ -v linespeed="$rate" \
-f $dir/tcrules.awk -v direction="$dir" \
-f $_dir/tcrules.awk
} }
start_interface() { start_interface() {
@ -389,6 +390,7 @@ add_rules() {
unset iptrule unset iptrule
} }
target=$(($target | ($target << 4)))
parse_matching_rule iptrule "$rule" "$options" "$prefix" "-j MARK --set-mark $target/0xff" parse_matching_rule iptrule "$rule" "$options" "$prefix" "-j MARK --set-mark $target/0xff"
append "$var" "$iptrule" "$N" append "$var" "$iptrule" "$N"
done done
@ -407,7 +409,7 @@ start_cg() {
config_get maxsize "$class" maxsize config_get maxsize "$class" maxsize
[ -z "$maxsize" -o -z "$mark" ] || { [ -z "$maxsize" -o -z "$mark" ] || {
add_insmod ipt_length add_insmod ipt_length
append pktrules "iptables -t mangle -A qos_${cg} -m mark --mark $mark/0xff -m length --length $maxsize: -j MARK --set-mark 0/0xff" "$N" append pktrules "iptables -t mangle -A qos_${cg} -m mark --mark $mark/0x0f -m length --length $maxsize: -j MARK --set-mark 0/0xff" "$N"
} }
done done
add_rules pktrules "$rules" "iptables -t mangle -A qos_${cg}" add_rules pktrules "$rules" "iptables -t mangle -A qos_${cg}"
@ -427,9 +429,10 @@ $INSMOD
iptables -t mangle -N qos_${cg} >&- 2>&- iptables -t mangle -N qos_${cg} >&- 2>&-
iptables -t mangle -N qos_${cg}_ct >&- 2>&- iptables -t mangle -N qos_${cg}_ct >&- 2>&-
${iptrules:+${iptrules}${N}iptables -t mangle -A qos_${cg}_ct -j CONNMARK --save-mark --mask 0xff} ${iptrules:+${iptrules}${N}iptables -t mangle -A qos_${cg}_ct -j CONNMARK --save-mark --mask 0xff}
iptables -t mangle -A qos_${cg} -j CONNMARK --restore-mark --mask 0xff iptables -t mangle -A qos_${cg} -j CONNMARK --restore-mark --mask 0x0f
iptables -t mangle -A qos_${cg} -m mark --mark 0/0xff -j qos_${cg}_ct iptables -t mangle -A qos_${cg} -m mark --mark 0/0x0f -j qos_${cg}_ct
$pktrules $pktrules
${iptrules:+${iptrules}${N}iptables -t mangle -A qos_${cg} -j CONNMARK --save-mark --mask 0xf0}
$up$N${down:+${down}$N} $up$N${down:+${down}$N}
EOF EOF
unset INSMOD unset INSMOD

View file

@ -84,7 +84,18 @@ END {
# filter rule # filter rule
for (i = 1; i <= n; i++) { for (i = 1; i <= n; i++) {
print "tc filter add dev "device" parent 1: prio "class[i]" protocol ip handle "class[i]"/0xff fw flowid 1:"class[i] "0" filter_cmd = "tc filter add dev "device" parent 1: prio %d protocol ip handle %s fw flowid 1:%d0\n";
if (direction == "up") {
filter_1 = sprintf("0x%x0/0xf0", class[i])
filter_2 = sprintf("0x0%x/0x0f", class[i])
} else {
filter_1 = sprintf("0x0%x/0x0f", class[i])
filter_2 = sprintf("0x%x0/0xf0", class[i])
}
printf filter_cmd, class[i] * 2, filter_1, class[i]
printf filter_cmd, class[i] * 2 + 1, filter_2, class[i]
filterc=1 filterc=1
if (filter[i] != "") { if (filter[i] != "") {
print " tc filter add dev "device" parent "class[i]"00: handle "filterc"0 "filter[i] print " tc filter add dev "device" parent "class[i]"00: handle "filterc"0 "filter[i]