mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-21 00:12:58 +02:00
makeqosscript: replace marks b< ipt policy match for upsec
this is more reliable at not loose some connections. Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This commit is contained in:
@@ -61,9 +61,8 @@ my $QOS_INC_MASK = 0x0000ff00;
|
||||
my $QOS_INC_SHIFT = 8;
|
||||
my $QOS_OUT_MASK = 0x000000ff;
|
||||
my $QOS_OUT_SHIFT = 0;
|
||||
my $IPSEC_MASK = 0x00800000;
|
||||
my $QOS_INC_SKIP_MASK = $QOS_INC_MASK | $IPSEC_MASK;
|
||||
my $QOS_OUT_SKIP_MASK = $QOS_OUT_MASK | $IPSEC_MASK;
|
||||
my $QOS_INC_SKIP_MASK = $QOS_INC_MASK;
|
||||
my $QOS_OUT_SKIP_MASK = $QOS_OUT_MASK;
|
||||
|
||||
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
|
||||
|
||||
@@ -322,13 +321,15 @@ print <<END
|
||||
|
||||
ip link set $qossettings{'IMQ_DEV'} up
|
||||
|
||||
### Restore conmark and continue with next filter
|
||||
tc filter add dev $qossettings{'RED_DEV'} parent ffff: prio 1 protocol all u32 \\
|
||||
match u32 0 0 \\
|
||||
action connmark continue
|
||||
### Send all traffic except IPSec to $qossettings{'IMQ_DEV'}
|
||||
### Pass IPSec traffic without redirect
|
||||
tc filter add dev $qossettings{'RED_DEV'} parent ffff: prio 1 protocol all basic \\
|
||||
match "ipt(-m policy --pol ipsec --dir in)" \\
|
||||
action pass
|
||||
|
||||
### Restore connmark and send rest of the traffic to $qossettings{'IMQ_DEV'}
|
||||
tc filter add dev $qossettings{'RED_DEV'} parent ffff: prio 2 protocol all u32 \\
|
||||
match mark 0 $IPSEC_MASK \\
|
||||
match u32 0 0 \\
|
||||
action connmark \\
|
||||
action mirred egress redirect dev $qossettings{'IMQ_DEV'}
|
||||
|
||||
### ADD HTB QDISC FOR $qossettings{'IMQ_DEV'}
|
||||
|
||||
Reference in New Issue
Block a user