In order to not deal with any marks from NAT and the IPS, this patch adds masks to all places where packets are being marked for individual QoS classes. Instead of being able to use the "fw" match in tc, we have to use the u32 to apply the mask. Signed-off-by: Michael Tremer --- config/qos/makeqosscripts.pl | 57 ++++++++++++++++++++++-------------- 1 file changed, 35 insertions(+), 22 deletions(-) diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl index cbbbf70f8..3af046ac3 100644 --- a/config/qos/makeqosscripts.pl +++ b/config/qos/makeqosscripts.pl @@ -56,6 +56,12 @@ my $portfile = "/var/ipfire/qos/portconfig"; my $tosfile = "/var/ipfire/qos/tosconfig"; my $fqcodel_options = "limit 10240 quantum 1514"; +# Define iptables MARKs +my $QOS_INC_MASK = 0x0000ff00; +my $QOS_INC_SHIFT = 8; +my $QOS_OUT_MASK = 0x000000ff; +my $QOS_OUT_SHIFT = 0; + &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); $qossettings{'ENABLED'} = 'off'; @@ -74,6 +80,10 @@ $qossettings{'VALID'} = 'yes'; &General::readhash("${General::swroot}/qos/settings", \%qossettings); +my $ACK_MARK = ($qossettings{'ACK'} << $QOS_OUT_SHIFT) . "/$QOS_OUT_MASK"; +my $DEF_OUT_MARK = ($qossettings{'DEFCLASS_OUT'} << $QOS_OUT_SHIFT) . "/$QOS_OUT_MASK"; +my $DEF_INC_MARK = ($qossettings{'DEFCLASS_INC'} << $QOS_INC_SHIFT) . "/$QOS_INC_MASK"; + open( FILE, "< $classfile" ) or die "Unable to read $classfile"; @classes = ; close FILE; @@ -200,9 +210,11 @@ foreach $classentry (sort @classes) if ($qossettings{'RED_DEV'} eq $classline[0]) { $qossettings{'DEVICE'} = $classline[0]; $qossettings{'CLASS'} = $classline[1]; - print "\ttc filter add dev $qossettings{'DEVICE'} parent 1:0 prio 0 protocol ip handle $qossettings{'CLASS'} fw flowid 1:$qossettings{'CLASS'}\n"; + print "\ttc filter add dev $qossettings{'DEVICE'} parent 1:0 prio 0 protocol ip"; + printf(" u32 match mark 0x%x 0x%x flowid 1:%d\n", ($qossettings{'CLASS'} << $QOS_OUT_SHIFT), $QOS_OUT_MASK, $qossettings{'CLASS'}); } } + print </dev/null 2>&1 -- 2.31.0