webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-24 01:42:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
13,885 Commits 2 Branches 1 Tag
1e35eeac5963a1dc42ef378edffda138b5e333ed
Commit Graph

6954 Commits

Author SHA1 Message Date
Michael Tremer
1e35eeac59 QoS: Remove some IPsec rules which never worked 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:58:25 +00:00
Michael Tremer
fc09b98296 QoS: Classify incoming traffic in PREROUTING 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:58:23 +00:00
Daniel Weismüller
4b5aa97393 QoS: Use CONNMARK to mark connections in connection tracking 
This patch modifies the connection tracking in that ways that
it sets a connection mark which will be retrieved when a packet
is being redirected to the IFB interface.

This way, we can use classification without having the packet
being sent through iptables first.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:58:20 +00:00
Michael Tremer
7d770777e0 Revert "Make IMQ Switchable between PREROUTING and POSTROUTING" 
This reverts commit 88b8ffac6b.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:58:14 +00:00
Michael Tremer
afe23fbb52 QoS: Drop support for subclasses 
This feature was never properly implemented and the UI was dead

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:58:12 +00:00
Michael Tremer
8d6b654369 QoS: Suppress an error message when cleaning up from previous runs 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:58:10 +00:00
Michael Tremer
951a9f9ba0 linux+iptables: Drop support for IMQ 
This is no longer needed since we are using IFB now

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:58:08 +00:00
Michael Tremer
50ed363e89 QoS: Do not delete egress qdisc after classes have been created 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:58:06 +00:00
Michael Tremer
677c1f47d7 QoS: Start qosd immediately 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:57:59 +00:00
Michael Tremer
96f16b8501 QoS: Tidy up qdiscs after QoS is being stopped 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:57:53 +00:00
Michael Tremer
0dfb3984d0 QoS: Use Intermediate Functional Block 
This is an alternative implementation to the Intermediate Queuing
Device (IMQ) which is an out-of-tree kernel patch and has been
criticised for being slow, especially with mutliple processors.

IFB is part of the mainline kernel and a lot less code.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:57:41 +00:00
Michael Tremer
c37af2f004 QoS: Do not manually load iptables modules 
This should not be necessary and causes the script to
wait for two seconds.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-21 18:57:14 +00:00
Arne Fitzenreiter
3670ac5622 core137: remove QoS stop at update 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-20 20:29:50 +00:00
Arne Fitzenreiter
39c4ed4427 Revert "core137: Remove imq0 and unload imq module after QoS has been stopped" 
This reverts commit f48920d84f.
 2019-10-20 20:28:10 +00:00
Arne Fitzenreiter
fb41342122 Revert "QoS: Do not manually load iptables modules" 
This reverts commit cae6916d59.
 2019-10-20 20:25:24 +00:00
Arne Fitzenreiter
bd122644e4 Revert "QoS: Use Intermediate Functional Block" 
This reverts commit 3c33d9d854.
 2019-10-20 20:24:43 +00:00
Arne Fitzenreiter
707e0471ce Revert "Revert "Make IMQ Switchable between PREROUTING and POSTROUTING"" 
This reverts commit ec01ebe246.
 2019-10-20 20:24:16 +00:00
Arne Fitzenreiter
5e661eb533 Revert "QoS: Tidy up qdiscs after QoS is being stopped" 
This reverts commit eedf7b06c0.
 2019-10-20 20:23:54 +00:00
Arne Fitzenreiter
005fc8ed5d Revert "QoS: Process incoming packets in PREROUTING only" 
This reverts commit e6341c5856.
 2019-10-20 20:23:13 +00:00
Arne Fitzenreiter
d7297c477a Revert "QoS: Do not delete egress qdisc after classes have been created" 
This reverts commit 39ff91ecf8.
 2019-10-20 20:21:53 +00:00
Arne Fitzenreiter
fb8d7759b8 Revert "QoS: Start qosd immediately" 
This reverts commit 6a9bcd6c1d.
 2019-10-20 20:21:23 +00:00
Arne Fitzenreiter
c27fdd8697 Revert "linux+iptables: Drop support for IMQ" 
This reverts commit 59b9a6bd22.
 2019-10-20 20:20:26 +00:00
Arne Fitzenreiter
fc08e632e3 Revert "QoS: Suppress an error message when cleaning up from previous runs" 
This reverts commit cebad6e2b9.
 2019-10-20 20:19:58 +00:00
Arne Fitzenreiter
896f24cc58 Revert "QoS: Move packet classification to FORWARD chain for ingress" 
This reverts commit 424a332fd3.
 2019-10-20 20:19:21 +00:00
Arne Fitzenreiter
323900264f Revert "QoS: Use CLASSIFY iptables target instead of MARK" 
This reverts commit 3e151d19f9.
 2019-10-20 20:18:56 +00:00
Arne Fitzenreiter
bebc33813a Revert "QoS: Drop tc filter rules to move marked packets into the correct class" 
This reverts commit 63f7d7475e.
 2019-10-20 20:18:34 +00:00
Arne Fitzenreiter
50e97cd55f Revert "QoS: Drop support for subclasses" 
This reverts commit bc4d4da870.
 2019-10-20 20:18:00 +00:00
Arne Fitzenreiter
6aeaa3a75e Revert "QoS: Drop support for setting TOS bits per class" 
This reverts commit 3174d9c6b6.
 2019-10-20 20:17:18 +00:00
Arne Fitzenreiter
ac45e4f3e9 Revert "QoS: No longer set TOS bits for ACK packets" 
This reverts commit b1c695e872.
 2019-10-20 20:16:05 +00:00
Arne Fitzenreiter
6e414ea1e0 core137: don't start QoS 
QoS need to load kernel modules but the currect kernel
was removed so it cannot correct start without a reboot.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-20 09:51:04 +00:00
Daniel Weismüller
f48920d84f core137: Remove imq0 and unload imq module after QoS has been stopped 
Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-18 21:09:04 +00:00
Arne Fitzenreiter
596c71d07f kernel: update to 4.14.150 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-18 23:07:44 +02:00
Arne Fitzenreiter
cafef39aa2 Revert "suricata: Enable rust support" 
This reverts commit 5b87687cb1.
 2019-10-18 20:39:47 +02:00
Arne Fitzenreiter
42c2acc218 core137: add path of qosctrl 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-18 16:19:59 +02:00
Arne Fitzenreiter
0df4cf7105 core137: erase lm_sensors config after collectd start 
this is needed to research the sensors with updated kernel
after next reboot.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-18 16:18:24 +02:00
Arne Fitzenreiter
be967dc920 Revert "firewall: always allow outgoing DNS traffic to root servers" 
This reverts commit 70cd5c42f0.

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-18 16:13:49 +02:00
Arne Fitzenreiter
eb000cd787 Revert "update rootfiles for bash and readline" 
This reverts commit f41d936026.
 2019-10-15 07:37:23 +00:00
Arne Fitzenreiter
aee52e38d0 Revert "ship updated bash and readline" 
there are missing files libs/bash/* in the rootfiles and there
are addons linked against readline-6.3 so we still need this
as readline-compat

This reverts commit 5c0345f5c1.
 2019-10-15 07:31:56 +00:00
Arne Fitzenreiter
0fb42e01c5 core137: add qos changes to updater 
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 18:09:39 +00:00
Michael Tremer
d33ad4bdfe QoS: Increase queue size and quantum for fq_codel 
This optimises the QoS to process more bandwidth.

The limit variable sets the maximum number of packets in the
queue which was regularly exceeded on fast connections with
the old setting. This now allows up to 10G of data transfer
and is set to the default of fq_codel.

Quantum sets how many bytes can be read from the queue per
iteration. This is now set to the default again, which is
the size of an Ethernet frame including its header.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 18:05:21 +00:00
Michael Tremer
b1c695e872 QoS: No longer set TOS bits for ACK packets 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 18:05:06 +00:00
Michael Tremer
3174d9c6b6 QoS: Drop support for setting TOS bits per class 
This is useless since no ISP will evaluate those settings
any more and it has a rather large impact on throughput.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 18:04:53 +00:00
Michael Tremer
bc4d4da870 QoS: Drop support for subclasses 
This feature was never properly implemented and the UI was dead

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 18:04:39 +00:00
Michael Tremer
63f7d7475e QoS: Drop tc filter rules to move marked packets into the correct class 
This is no longer necessary since we are now using CLASSIFY

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 18:03:59 +00:00
Michael Tremer
3e151d19f9 QoS: Use CLASSIFY iptables target instead of MARK 
We have been running into loads of conflicts by using MARK for
various components on the OS (suricata, IPsec, QoS, ...) which
was sometimes hard to resolve.

iptables comes with a target which directly sorts packets into
the correct class which results in less code and not using the
mark.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 18:03:44 +00:00
Michael Tremer
424a332fd3 QoS: Move packet classification to FORWARD chain for ingress 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 18:03:32 +00:00
Michael Tremer
cebad6e2b9 QoS: Suppress an error message when cleaning up from previous runs 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 18:03:20 +00:00
Michael Tremer
59b9a6bd22 linux+iptables: Drop support for IMQ 
This is no longer needed since we are using IFB now

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 18:02:55 +00:00
Michael Tremer
6a9bcd6c1d QoS: Start qosd immediately 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 18:02:28 +00:00
Michael Tremer
39ff91ecf8 QoS: Do not delete egress qdisc after classes have been created 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
 2019-10-14 18:02:07 +00:00