webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

QoS: Drop support for hardcoded ACK rules

Browse Source 
This feature has to go in order to take advantage of CONNMARK which will
drastically decrease CPU load when passing packets.

We no longer will see every packet in the QOS-INC chain in order to
change classification of that packet. It is also party counter-intuitive
to have parts of one connection in one class and the corresponding ACK
packets in another.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This commit is contained in:
Michael Tremer
2021-10-04 18:52:20 +01:00
committed by Arne Fitzenreiter
parent c825fcef40
commit 0bb882c4bb
2 changed files with 2 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
config/qos/makeqosscripts.pl
View File

@@ -72,7 +72,6 @@ $qossettings{'DEF_OUT_SPD'} = '';
$qossettings{'DEF_INC_SPD'} = '';
$qossettings{'DEFCLASS_INC'} = '';
$qossettings{'DEFCLASS_OUT'} = '';
$qossettings{'ACK'} = '';
$qossettings{'RED_DEV'} = `cat /var/ipfire/red/iface`;
$qossettings{'IMQ_DEV'} = 'imq0';
$qossettings{'TOS'} = '';
@@ -80,7 +79,6 @@ $qossettings{'VALID'} = 'yes';
&General::readhash("${General::swroot}/qos/settings", \%qossettings);
my $ACK_MARK = ($qossettings{'ACK'} << $QOS_OUT_SHIFT) . "/$QOS_OUT_MASK";
my $DEF_OUT_MARK = ($qossettings{'DEFCLASS_OUT'} << $QOS_OUT_SHIFT) . "/$QOS_OUT_MASK";
my $DEF_INC_MARK = ($qossettings{'DEFCLASS_INC'} << $QOS_INC_SHIFT) . "/$QOS_INC_MASK";
@@ -224,31 +222,6 @@ print <<END
### Don't change mark on traffic for the ipsec tunnel
iptables -t mangle -A QOS-OUT -m mark --mark 50 -j RETURN
### MARK ACKs
iptables -t mangle -A QOS-OUT -p tcp --tcp-flags SYN,RST SYN -j MARK --set-xmark $ACK_MARK
iptables -t mangle -A QOS-OUT -p tcp --tcp-flags SYN,RST SYN -j RETURN
iptables -t mangle -A QOS-OUT -p icmp -m length --length 40:100 -j MARK --set-xmark $ACK_MARK
iptables -t mangle -A QOS-OUT -p icmp -m length --length 40:100 -j RETURN
iptables -t mangle -A QOS-OUT -p tcp --syn -m length --length 40:68 -j MARK --set-xmark $ACK_MARK
iptables -t mangle -A QOS-OUT -p tcp --syn -m length --length 40:68 -j RETURN
iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j MARK --set-xmark $ACK_MARK
iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j RETURN
iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j MARK --set-xmark $ACK_MARK
iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j RETURN
iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL RST -j MARK --set-xmark $ACK_MARK
iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL RST -j RETURN
iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,RST -j MARK --set-xmark $ACK_MARK
iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,RST -j RETURN
iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,FIN -j MARK --set-xmark $ACK_MARK
iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,FIN -j RETURN
### SET TOS
END
;

22
html/cgi-bin/qos.cgi
View File

@@ -68,7 +68,6 @@ $qossettings{'DEF_OUT_SPD'} = '';
$qossettings{'DEF_INC_SPD'} = '';
$qossettings{'DEFCLASS_INC'} = '';
$qossettings{'DEFCLASS_OUT'} = '';
$qossettings{'ACK'} = '';
$qossettings{'RED_DEV'} = 'ppp0';
$qossettings{'IMQ_DEV'} = 'imq0';
$qossettings{'VALID'} = 'yes';
@@ -518,7 +517,6 @@ END
}
$qossettings{'DEFCLASS_INC'} = "210";
$qossettings{'DEFCLASS_OUT'} = "110";
$qossettings{'ACK'} ="101";
$qossettings{'ENABLED'} = 'on';
&General::writehash("${General::swroot}/qos/settings", \%qossettings);
&General::system("/usr/local/bin/qosctrl", "generate");
@@ -660,7 +658,7 @@ END
END
;
}
if (($qossettings{'DEFCLASS_OUT'} ne '') && ($qossettings{'DEFCLASS_INC'} ne '')&& ($qossettings{'ACK'} ne '')) {
if (($qossettings{'DEFCLASS_OUT'} ne '') && ($qossettings{'DEFCLASS_INC'} ne '')) {
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='66%'>
@@ -668,7 +666,6 @@ END
<tr><td width='50%' align='right'>$Lang::tr{'downlink std class'}: <td width='30%' align='left'>$qossettings{'DEFCLASS_INC'}
<td width='20%' rowspan='3' align='center' valign='middle'><input type='submit' name='ACTIONDEF' value='$Lang::tr{'modify'}' />
<tr><td width='50%' align='right'>$Lang::tr{'uplink std class'}: <td width='30%' align='left'>$qossettings{'DEFCLASS_OUT'}
<tr><td width='50%' align='right'>ACKs: <td width='30%' align='left'>$qossettings{'ACK'}
<tr><td colspan='3' width='100%'><hr />
<tr><td colspan='3' width='100%' align='center'>
</table>
@@ -692,7 +689,7 @@ if ( ($qossettings{'OUT_SPD'} eq '') || ($qossettings{'INC_SPD'} eq '') ) {
exit
}
if ( ($qossettings{'DEFCLASS_INC'} eq '') || ($qossettings{'DEFCLASS_OUT'} eq '') || ($qossettings{'ACK'} eq '') ) {
if ( ($qossettings{'DEFCLASS_INC'} eq '') || ($qossettings{'DEFCLASS_OUT'} eq '') ) {
&changedefclasses();
&Header::closebigbox();
&Header::closepage();
@@ -742,21 +739,6 @@ END
else { print "<option selected value='$c'>$c</option>\n"; }
}
print <<END
</select><td width='33%' align='center'>&nbsp;
</table>
<hr />
<table width='66%'>
<tr><td width='100%' colspan='3'>$Lang::tr{'enter ack class'}
<tr><td width='33%' align='right'>ACKs:<td width='33%' align='left'><select name='ACK'>
END
;
for ( $c = 100 ; $c <= 120 ; $c++ )
{
if ( $qossettings{'ACK'} ne $c )
{ print "<option value='$c'>$c</option>\n"; }
else { print "<option selected value='$c'>$c</option>\n"; }
}
print <<END
</select><td width='33%' align='center'><input type='submit' name='ACTION' value="$Lang::tr{'save'}" />
</table>
</form>