mirror/iopsys-feed
1
0
Fork 0
mirror of https://dev.iopsys.eu/feed/iopsys.git synced 2025-12-10 07:44:50 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Revert "l2filter: Create centralized ebtables setup."

Browse source 
This reverts commit d67a40b6a0.
This commit is contained in:
Markus Gothe 2025-01-21 11:15:47 +01:00
parent d67a40b6a0
commit 5cac9516c0
6 changed files with 44 additions and 126 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
firewallmngr/Makefile
View file

@ -5,7 +5,7 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=firewallmngr PKG_NAME:=firewallmngr
PKG_VERSION:=1.0.10 PKG_VERSION:=1.0.9
LOCAL_DEV:=0 LOCAL_DEV:=0
ifneq ($(LOCAL_DEV),1) ifneq ($(LOCAL_DEV),1)
@ -55,8 +55,8 @@ endif
define Package/firewallmngr/install define Package/firewallmngr/install
$(INSTALL_DIR) $(1)/etc/config $(INSTALL_DIR) $(1)/etc/config
$(INSTALL_DIR) $(1)/etc/uci-defaults $(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_DIR) $(1)/etc/init.d
ifeq ($(CONFIG_FIREWALLMNGR_PORT_TRIGGER),y) ifeq ($(CONFIG_FIREWALLMNGR_PORT_TRIGGER),y)
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_DIR) $(1)/lib/port-trigger $(INSTALL_DIR) $(1)/lib/port-trigger
$(INSTALL_BIN) ./files/port-trigger/etc/init.d/port-trigger $(1)/etc/init.d/ $(INSTALL_BIN) ./files/port-trigger/etc/init.d/port-trigger $(1)/etc/init.d/
@ -69,9 +69,6 @@ endif
$(INSTALL_BIN) ./files/firewall.service $(1)/etc/ $(INSTALL_BIN) ./files/firewall.service $(1)/etc/
$(INSTALL_DATA) ./files/etc/uci-defaults/97-firewall-service $(1)/etc/uci-defaults/ $(INSTALL_DATA) ./files/etc/uci-defaults/97-firewall-service $(1)/etc/uci-defaults/
$(INSTALL_BIN) ./files/etc/init.d/l2filter $(1)/etc/init.d
$(INSTALL_DATA) ./files/etc/config/l2filter $(1)/etc/config/
$(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) $(PKG_NAME) $(BBFDM_REGISTER_SERVICES) ./bbfdm_service.json $(1) $(PKG_NAME)
$(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/src/libfirewallmngr.so $(1) $(PKG_NAME) $(BBFDM_INSTALL_MS_DM) $(PKG_BUILD_DIR)/src/libfirewallmngr.so $(1) $(PKG_NAME)
endef endef

26
firewallmngr/files/etc/config/l2filter
View file

@ -1,26 +0,0 @@
#L2 filter UCI file
config chain 'qos_output'
option target 'qos_output'
option table 'nat'
option chain 'OUTPUT'
option policy 'RETURN'
config chain 'dscp2pbits'
option target 'dscp2pbits'
option table 'broute'
option chain 'BROUTING'
option policy 'RETURN'
config chain 'qos'
option target 'qos'
option table 'broute'
option chain 'BROUTING'
option policy 'RETURN'
config chain 'prevlanxlate'
option target 'prevlanxlate'
option table 'broute'
option chain 'BROUTING'
option policy 'RETURN'
option append 'false'

93
firewallmngr/files/etc/init.d/l2filter
View file

@ -1,93 +0,0 @@
#!/bin/sh /etc/rc.common
# Start after bdmf shell, wanconf, and switch-script but before the network-script
START=20
STOP=10
USE_PROCD=1
. /lib/functions.sh
handle_ebtables_chain() {
local sid="$1"
local table
local chain
local target
local policy
local append
local enabled
local ret
config_get table "$sid" table filter
config_get chain "$sid" chain
config_get policy "$sid" policy RETURN
config_get target "$sid" target
config_get_bool append "$sid" append 1
config_get_bool enabled "$sid" enabled 1
[ "$enabled" = "0" ] && return
[ -z "${chain}" -o -z "${target}" ] && return
if [ "$append" != "0" ]; then
append="-A"
else
append="-I"
fi
ebtables --concurrent -t "$table" -N "$target" -P "$policy" 2> /dev/null
ret=$?
if [ $ret -eq 0 ]; then
ebtables --concurrent -t "$table" ${append} "$chain" -j "$target"
else
ebtables --concurrent -t "$table" -D "$chain" -j "$target"
ebtables --concurrent -t "$table" ${append} "$chain" -j "$target"
fi
}
handle_ebtables_rule() {
local sid="$1"
local table
local chain
local target
local match
local value
local enabled
local ret
config_get table "$sid" table filter
config_get chain "$sid" chain
config_get match "$sid" match
config_get value "$sid" value
config_get target "$sid" target RETURN
config_get_bool append "$sid" append 1
config_get_bool enabled "$sid" enabled 1
[ "$enabled" = "0" ] && return
[ -z "${chain}" -o -z "${target}" ] && return
if [ "$append" != "0" ]; then
append="-A"
else
append="-I"
fi
ebtables --concurrent -t "$table" -D "$chain" ${match} -j "$target" ${value} 2> /dev/null
ebtables --concurrent -t "$table" ${append} "$chain" ${match} -j "$target" ${value}
}
start_service() {
config_load l2filter
config_foreach handle_ebtables_chain chain
config_foreach handle_ebtables_rule rule
}
reload_service() {
stop
start
}
service_triggers() {
procd_add_reload_trigger l2filter
}

2
qosmngr/Makefile
View file

@ -30,7 +30,7 @@ define Package/qosmngr
TITLE:=QoS Manager TITLE:=QoS Manager
DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libqos +!(TARGET_brcmbca||TARGET_airoha):tc-full DEPENDS:=+libuci +libubox +libubus +libblobmsg-json +libjson-c +libqos +!(TARGET_brcmbca||TARGET_airoha):tc-full
DEPENDS+=+kmod-vlantranslation +kmod-dscp2pbit +!(TARGET_brcmbca):ebtables-legacy DEPENDS+=+kmod-vlantranslation +kmod-dscp2pbit +!(TARGET_brcmbca):ebtables-legacy
DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service +firewallmngr DEPENDS+=+libbbfdm-api +libbbfdm-ubus +dm-service
endef endef
define Package/qosmngr/description define Package/qosmngr/description

2
qosmngr/files/common/lib/qos/classify.sh
View file

@ -122,7 +122,7 @@ setup_qos() {
cp /etc/config/qos /tmp/qos/qos cp /etc/config/qos /tmp/qos/qos
fi fi
/etc/init.d/l2filter restart # Imitate the existing behaviour. create_ebtables_chains
create_iptables_chains create_iptables_chains
} }

40
qosmngr/files/common/lib/qos/ebtables.sh
View file

@ -508,6 +508,46 @@ handle_ebtables_dscp2pbit() {
BR_RULE_DSCP2PBIT=" -i $in_if -j dscp2pbit --dscp2pbit-mapping $dscp2pbit_mapping_list --dscp2pbit-target CONTINUE" BR_RULE_DSCP2PBIT=" -i $in_if -j dscp2pbit --dscp2pbit-mapping $dscp2pbit_mapping_list --dscp2pbit-target CONTINUE"
} }
create_ebtables_chains() {
ebtables --concurrent -t nat -N qos_output -P RETURN 2> /dev/null
ret=$?
if [ $ret -eq 0 ]; then
ebtables --concurrent -t nat -A OUTPUT -j qos_output
else
ebtables --concurrent -t nat -D OUTPUT -j qos_output
ebtables --concurrent -t nat -A OUTPUT -j qos_output
fi
ebtables --concurrent -t broute -N dscp2pbits -P RETURN 2> /dev/null
ret=$?
if [ $ret -eq 0 ]; then
ebtables --concurrent -t broute -A BROUTING -j dscp2pbits
else
ebtables --concurrent -t broute -D BROUTING -j dscp2pbits
ebtables --concurrent -t broute -A BROUTING -j dscp2pbits
fi
ebtables --concurrent -t broute -N qos -P RETURN 2> /dev/null
ret=$?
if [ $ret -eq 0 ]; then
ebtables --concurrent -t broute -A BROUTING -j qos
else
ebtables --concurrent -t broute -D BROUTING -j qos
ebtables --concurrent -t broute -A BROUTING -j qos
fi
ebtables --concurrent -t broute -N prevlanxlate -P RETURN 2> /dev/null
ret=$?
if [ $ret -eq 0 ]; then
ebtables --concurrent -t broute -I BROUTING -j prevlanxlate
else
ebtables --concurrent -t broute -D BROUTING -j prevlanxlate
ebtables --concurrent -t broute -I BROUTING -j prevlanxlate
fi
}
flush_ebtables_chains() { flush_ebtables_chains() {
echo "ebtables --concurrent -t nat -F qos_output" > /tmp/qos/classify.ebtables echo "ebtables --concurrent -t nat -F qos_output" > /tmp/qos/classify.ebtables
echo "ebtables --concurrent -t broute -F qos" > /tmp/qos/classify.ebtables echo "ebtables --concurrent -t broute -F qos" > /tmp/qos/classify.ebtables