From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 4/6] QoS: Drop support for hardcoded ACK rules
Date: Mon, 04 Oct 2021 18:52:20 +0100 [thread overview]
Message-ID: <20211004175222.9208-4-michael.tremer@ipfire.org> (raw)
In-Reply-To: <20211004175222.9208-1-michael.tremer@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 6034 bytes --]
This feature has to go in order to take advantage of CONNMARK which will
drastically decrease CPU load when passing packets.
We no longer will see every packet in the QOS-INC chain in order to
change classification of that packet. It is also party counter-intuitive
to have parts of one connection in one class and the corresponding ACK
packets in another.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
---
config/qos/makeqosscripts.pl | 27 ---------------------------
html/cgi-bin/qos.cgi | 22 ++--------------------
2 files changed, 2 insertions(+), 47 deletions(-)
diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl
index 5bdd5b811..230dc3265 100644
--- a/config/qos/makeqosscripts.pl
+++ b/config/qos/makeqosscripts.pl
@@ -72,7 +72,6 @@ $qossettings{'DEF_OUT_SPD'} = '';
$qossettings{'DEF_INC_SPD'} = '';
$qossettings{'DEFCLASS_INC'} = '';
$qossettings{'DEFCLASS_OUT'} = '';
-$qossettings{'ACK'} = '';
$qossettings{'RED_DEV'} = `cat /var/ipfire/red/iface`;
$qossettings{'IMQ_DEV'} = 'imq0';
$qossettings{'TOS'} = '';
@@ -80,7 +79,6 @@ $qossettings{'VALID'} = 'yes';
&General::readhash("${General::swroot}/qos/settings", \%qossettings);
-my $ACK_MARK = ($qossettings{'ACK'} << $QOS_OUT_SHIFT) . "/$QOS_OUT_MASK";
my $DEF_OUT_MARK = ($qossettings{'DEFCLASS_OUT'} << $QOS_OUT_SHIFT) . "/$QOS_OUT_MASK";
my $DEF_INC_MARK = ($qossettings{'DEFCLASS_INC'} << $QOS_INC_SHIFT) . "/$QOS_INC_MASK";
@@ -224,31 +222,6 @@ print <<END
### Don't change mark on traffic for the ipsec tunnel
iptables -t mangle -A QOS-OUT -m mark --mark 50 -j RETURN
- ### MARK ACKs
- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags SYN,RST SYN -j MARK --set-xmark $ACK_MARK
- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags SYN,RST SYN -j RETURN
-
- iptables -t mangle -A QOS-OUT -p icmp -m length --length 40:100 -j MARK --set-xmark $ACK_MARK
- iptables -t mangle -A QOS-OUT -p icmp -m length --length 40:100 -j RETURN
-
- iptables -t mangle -A QOS-OUT -p tcp --syn -m length --length 40:68 -j MARK --set-xmark $ACK_MARK
- iptables -t mangle -A QOS-OUT -p tcp --syn -m length --length 40:68 -j RETURN
-
- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j MARK --set-xmark $ACK_MARK
- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j RETURN
-
- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j MARK --set-xmark $ACK_MARK
- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j RETURN
-
- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL RST -j MARK --set-xmark $ACK_MARK
- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL RST -j RETURN
-
- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,RST -j MARK --set-xmark $ACK_MARK
- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,RST -j RETURN
-
- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,FIN -j MARK --set-xmark $ACK_MARK
- iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,FIN -j RETURN
-
### SET TOS
END
;
diff --git a/html/cgi-bin/qos.cgi b/html/cgi-bin/qos.cgi
index ab427879e..c2ff4a08d 100644
--- a/html/cgi-bin/qos.cgi
+++ b/html/cgi-bin/qos.cgi
@@ -68,7 +68,6 @@ $qossettings{'DEF_OUT_SPD'} = '';
$qossettings{'DEF_INC_SPD'} = '';
$qossettings{'DEFCLASS_INC'} = '';
$qossettings{'DEFCLASS_OUT'} = '';
-$qossettings{'ACK'} = '';
$qossettings{'RED_DEV'} = 'ppp0';
$qossettings{'IMQ_DEV'} = 'imq0';
$qossettings{'VALID'} = 'yes';
@@ -518,7 +517,6 @@ END
}
$qossettings{'DEFCLASS_INC'} = "210";
$qossettings{'DEFCLASS_OUT'} = "110";
- $qossettings{'ACK'} ="101";
$qossettings{'ENABLED'} = 'on';
&General::writehash("${General::swroot}/qos/settings", \%qossettings);
&General::system("/usr/local/bin/qosctrl", "generate");
@@ -660,7 +658,7 @@ END
END
;
}
- if (($qossettings{'DEFCLASS_OUT'} ne '') && ($qossettings{'DEFCLASS_INC'} ne '')&& ($qossettings{'ACK'} ne '')) {
+ if (($qossettings{'DEFCLASS_OUT'} ne '') && ($qossettings{'DEFCLASS_INC'} ne '')) {
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='66%'>
@@ -668,7 +666,6 @@ END
<tr><td width='50%' align='right'>$Lang::tr{'downlink std class'}: <td width='30%' align='left'>$qossettings{'DEFCLASS_INC'}
<td width='20%' rowspan='3' align='center' valign='middle'><input type='submit' name='ACTIONDEF' value='$Lang::tr{'modify'}' />
<tr><td width='50%' align='right'>$Lang::tr{'uplink std class'}: <td width='30%' align='left'>$qossettings{'DEFCLASS_OUT'}
- <tr><td width='50%' align='right'>ACKs: <td width='30%' align='left'>$qossettings{'ACK'}
<tr><td colspan='3' width='100%'><hr />
<tr><td colspan='3' width='100%' align='center'>
</table>
@@ -692,7 +689,7 @@ if ( ($qossettings{'OUT_SPD'} eq '') || ($qossettings{'INC_SPD'} eq '') ) {
exit
}
-if ( ($qossettings{'DEFCLASS_INC'} eq '') || ($qossettings{'DEFCLASS_OUT'} eq '') || ($qossettings{'ACK'} eq '') ) {
+if ( ($qossettings{'DEFCLASS_INC'} eq '') || ($qossettings{'DEFCLASS_OUT'} eq '') ) {
&changedefclasses();
&Header::closebigbox();
&Header::closepage();
@@ -742,21 +739,6 @@ END
else { print "<option selected value='$c'>$c</option>\n"; }
}
print <<END
- </select><td width='33%' align='center'>
- </table>
- <hr />
- <table width='66%'>
- <tr><td width='100%' colspan='3'>$Lang::tr{'enter ack class'}
- <tr><td width='33%' align='right'>ACKs:<td width='33%' align='left'><select name='ACK'>
-END
-;
- for ( $c = 100 ; $c <= 120 ; $c++ )
- {
- if ( $qossettings{'ACK'} ne $c )
- { print "<option value='$c'>$c</option>\n"; }
- else { print "<option selected value='$c'>$c</option>\n"; }
- }
- print <<END
</select><td width='33%' align='center'><input type='submit' name='ACTION' value="$Lang::tr{'save'}" />
</table>
</form>
--
2.31.0
next prev parent reply other threads:[~2021-10-04 17:52 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-04 17:52 [PATCH 1/6] firewall: Only check relevant bits for NAT fix rules Michael Tremer
2021-10-04 17:52 ` [PATCH 2/6] QoS: Use the two right hand bytes to mark packets Michael Tremer
2021-10-04 17:52 ` [PATCH 3/6] firewall: Always restore all connection marks Michael Tremer
2021-10-04 17:52 ` Michael Tremer [this message]
2021-10-04 17:52 ` [PATCH 5/6] QoS: Make outgoing packet processing use CONNMARK Michael Tremer
2021-10-04 17:52 ` [PATCH 6/6] IPsec: Replace MARK 50 by 0x00800000 Michael Tremer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211004175222.9208-4-michael.tremer@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox