summaryrefslogtreecommitdiff
path: root/python/vyos
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-03-01 20:08:11 +0100
committerChristian Breunig <christian@breunig.cc>2023-03-01 20:08:20 +0100
commit62047982debe7bbfa1328d4229578486e70e34b2 (patch)
tree2ecf6c5455c5e44eb2a262e5ccf87a48a7d36f67 /python/vyos
parent157ac088a57fcccd9f7e8298ba87b3f29658af31 (diff)
downloadvyos-1x-62047982debe7bbfa1328d4229578486e70e34b2.tar.gz
vyos-1x-62047982debe7bbfa1328d4229578486e70e34b2.zip
qos: T4989: bugfix missing firewall mark support
Diffstat (limited to 'python/vyos')
-rw-r--r--python/vyos/qos/base.py80
1 files changed, 45 insertions, 35 deletions
diff --git a/python/vyos/qos/base.py b/python/vyos/qos/base.py
index 5d32a9776..378e11acf 100644
--- a/python/vyos/qos/base.py
+++ b/python/vyos/qos/base.py
@@ -152,25 +152,31 @@ class QoSBase:
for cls, cls_config in config['class'].items():
self._build_base_qdisc(cls_config, int(cls))
- if 'match' in cls_config:
- for match, match_config in cls_config['match'].items():
- for af in ['ip', 'ipv6']:
- # every match criteria has it's tc instance
- filter_cmd = f'tc filter replace dev {self._interface} parent {self._parent:x}:'
+ # every match criteria has it's tc instance
+ filter_cmd = f'tc filter replace dev {self._interface} parent {self._parent:x}:'
- if priority:
- filter_cmd += f' prio {cls}'
- elif 'priority' in cls_config:
- prio = cls_config['priority']
- filter_cmd += f' prio {prio}'
+ if priority:
+ filter_cmd += f' prio {cls}'
+ elif 'priority' in cls_config:
+ prio = cls_config['priority']
+ filter_cmd += f' prio {prio}'
- filter_cmd += ' protocol all u32'
+ filter_cmd += ' protocol all'
+ if 'match' in cls_config:
+ for match, match_config in cls_config['match'].items():
+ if 'mark' in match_config:
+ mark = match_config['mark']
+ filter_cmd += f' handle {mark} fw'
+
+ for af in ['ip', 'ipv6']:
tc_af = af
if af == 'ipv6':
tc_af = 'ip6'
if af in match_config:
+ filter_cmd += ' u32'
+
tmp = dict_search(f'{af}.source.address', match_config)
if tmp: filter_cmd += f' match {tc_af} src {tmp}'
@@ -223,30 +229,34 @@ class QoSBase:
elif af == 'ipv6':
filter_cmd += f' match u8 {mask} {mask} at 53'
- # The police block allows limiting of the byte or packet rate of
- # traffic matched by the filter it is attached to.
- # https://man7.org/linux/man-pages/man8/tc-police.8.html
- if any(tmp in ['exceed', 'bandwidth', 'burst'] for tmp in cls_config):
- filter_cmd += f' action police'
-
- if 'exceed' in cls_config:
- action = cls_config['exceed']
- filter_cmd += f' conform-exceed {action}'
- if 'not_exceed' in cls_config:
- action = cls_config['not_exceed']
- filter_cmd += f'/{action}'
-
- if 'bandwidth' in cls_config:
- rate = self._rate_convert(cls_config['bandwidth'])
- filter_cmd += f' rate {rate}'
-
- if 'burst' in cls_config:
- burst = cls_config['burst']
- filter_cmd += f' burst {burst}'
-
- cls = int(cls)
- filter_cmd += f' flowid {self._parent:x}:{cls:x}'
- self._cmd(filter_cmd)
+ else:
+
+ filter_cmd += ' basic'
+
+ # The police block allows limiting of the byte or packet rate of
+ # traffic matched by the filter it is attached to.
+ # https://man7.org/linux/man-pages/man8/tc-police.8.html
+ if any(tmp in ['exceed', 'bandwidth', 'burst'] for tmp in cls_config):
+ filter_cmd += f' action police'
+
+ if 'exceed' in cls_config:
+ action = cls_config['exceed']
+ filter_cmd += f' conform-exceed {action}'
+ if 'not_exceed' in cls_config:
+ action = cls_config['not_exceed']
+ filter_cmd += f'/{action}'
+
+ if 'bandwidth' in cls_config:
+ rate = self._rate_convert(cls_config['bandwidth'])
+ filter_cmd += f' rate {rate}'
+
+ if 'burst' in cls_config:
+ burst = cls_config['burst']
+ filter_cmd += f' burst {burst}'
+
+ cls = int(cls)
+ filter_cmd += f' flowid {self._parent:x}:{cls:x}'
+ self._cmd(filter_cmd)
if 'default' in config:
if 'class' in config: