diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2011-10-27 12:39:16 +0000 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2011-10-27 12:39:16 +0000 |
commit | 3ffe66cbe07eedf0f8136c0fb063c6d7a81c8fbd (patch) | |
tree | 7b6b882624c3415fcba78d7afc660d31cf91cd6d | |
parent | 18368debf11ed35252a3e9afd9f1b995c74d7fcd (diff) | |
download | upstream-3ffe66cbe07eedf0f8136c0fb063c6d7a81c8fbd.tar.gz upstream-3ffe66cbe07eedf0f8136c0fb063c6d7a81c8fbd.tar.bz2 upstream-3ffe66cbe07eedf0f8136c0fb063c6d7a81c8fbd.zip |
Add qos_* iptables chain namespace for QoS
Prefix the names of the iptables chains used for QoS with "qos_" to
allow for identification of QoS chains for removal across configuration
changes. When clearing QoS iptables chains, only remove chains with the
namespace prefix in order to preserve user and/or other package chains
in the mangle table.
Signed-off-by: Kevin Locke <klocke@digitalenginesoftware.com>
SVN-Revision: 28622
-rwxr-xr-x | package/qos-scripts/files/usr/lib/qos/generate.sh | 46 |
1 files changed, 32 insertions, 14 deletions
diff --git a/package/qos-scripts/files/usr/lib/qos/generate.sh b/package/qos-scripts/files/usr/lib/qos/generate.sh index a697e9f4a2..093967f7a1 100755 --- a/package/qos-scripts/files/usr/lib/qos/generate.sh +++ b/package/qos-scripts/files/usr/lib/qos/generate.sh @@ -397,17 +397,17 @@ start_cg() { local pktrules local sizerules enum_classes "$cg" - add_rules iptrules "$ctrules" "iptables -t mangle -A ${cg}_ct" + add_rules iptrules "$ctrules" "iptables -t mangle -A qos_${cg}_ct" config_get classes "$cg" classes for class in $classes; do config_get mark "$class" classnr config_get maxsize "$class" maxsize [ -z "$maxsize" -o -z "$mark" ] || { add_insmod ipt_length - append pktrules "iptables -t mangle -A ${cg} -m mark --mark $mark -m length --length $maxsize: -j MARK --set-mark 0" "$N" + append pktrules "iptables -t mangle -A qos_${cg} -m mark --mark $mark -m length --length $maxsize: -j MARK --set-mark 0" "$N" } done - add_rules pktrules "$rules" "iptables -t mangle -A ${cg}" + add_rules pktrules "$rules" "iptables -t mangle -A qos_${cg}" for iface in $INTERFACES; do config_get classgroup "$iface" classgroup config_get device "$iface" device @@ -416,16 +416,16 @@ start_cg() { config_get download "$iface" download config_get halfduplex "$iface" halfduplex download="${download:-${halfduplex:+$upload}}" - append up "iptables -t mangle -A OUTPUT -o $device -j ${cg}" "$N" - append up "iptables -t mangle -A FORWARD -o $device -j ${cg}" "$N" + append up "iptables -t mangle -A OUTPUT -o $device -j qos_${cg}" "$N" + append up "iptables -t mangle -A FORWARD -o $device -j qos_${cg}" "$N" done cat <<EOF $INSMOD -iptables -t mangle -N ${cg} >&- 2>&- -iptables -t mangle -N ${cg}_ct >&- 2>&- -${iptrules:+${iptrules}${N}iptables -t mangle -A ${cg}_ct -j CONNMARK --save-mark} -iptables -t mangle -A ${cg} -j CONNMARK --restore-mark -iptables -t mangle -A ${cg} -m mark --mark 0 -j ${cg}_ct +iptables -t mangle -N qos_${cg} >&- 2>&- +iptables -t mangle -N qos_${cg}_ct >&- 2>&- +${iptrules:+${iptrules}${N}iptables -t mangle -A qos_${cg}_ct -j CONNMARK --save-mark} +iptables -t mangle -A qos_${cg} -j CONNMARK --restore-mark +iptables -t mangle -A qos_${cg} -m mark --mark 0 -j qos_${cg}_ct $pktrules $up$N${down:+${down}$N} EOF @@ -435,15 +435,33 @@ EOF start_firewall() { add_insmod ipt_multiport add_insmod ipt_CONNMARK - cat <<EOF -iptables -t mangle -F -iptables -t mangle -X -EOF + stop_firewall for group in $CG; do start_cg $group done } +stop_firewall() { + # Builds up a list of iptables commands to flush the qos_* chains, + # remove rules referring to them, then delete them + + # Print rules in the mangle table, like iptables-save + iptables -t mangle -S | + # Find rules for the qos_* chains + grep '^-N qos_\|-j qos_' | + # Exclude rules in qos_* chains (inter-qos_* refs) + grep -v '^-A qos_' | + # Replace -N with -X and hold, with -F and print + # Replace -A with -D + # Print held lines at the end (note leading newline) + sed -e '/^-N/{s/^-N/-X/;H;s/^-X/-F/}' \ + -e 's/^-A/-D/' \ + -e '${p;g}' | + # Make into proper iptables calls + # Note: awkward in previous call due to hold space usage + sed -n -e 's/^./iptables -t mangle &/p' +} + C="0" INTERFACES="" [ -e ./qos.conf ] && { |