summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--interface-definitions/system-login.xml.in4
-rw-r--r--python/vyos/qos/base.py80
2 files changed, 47 insertions, 37 deletions
diff --git a/interface-definitions/system-login.xml.in b/interface-definitions/system-login.xml.in
index e71a647ef..b00741ffe 100644
--- a/interface-definitions/system-login.xml.in
+++ b/interface-definitions/system-login.xml.in
@@ -29,8 +29,8 @@
<regex>(\*|\!)</regex>
<regex>[a-zA-Z0-9\.\/]{13}</regex>
<regex>\$1\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{22}</regex>
- <regex>\$5\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{43}</regex>
- <regex>\$6\$[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{86}</regex>
+ <regex>\$5\$(rounds=[0-9]+\$)?[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{43}</regex>
+ <regex>\$6\$(rounds=[0-9]+\$)?[a-zA-Z0-9\./]*\$[a-zA-Z0-9\./]{86}</regex>
</constraint>
<constraintErrorMessage>Invalid encrypted password for $VAR(../../@).</constraintErrorMessage>
</properties>
diff --git a/python/vyos/qos/base.py b/python/vyos/qos/base.py
index 5d32a9776..378e11acf 100644
--- a/python/vyos/qos/base.py
+++ b/python/vyos/qos/base.py
@@ -152,25 +152,31 @@ class QoSBase:
for cls, cls_config in config['class'].items():
self._build_base_qdisc(cls_config, int(cls))
- if 'match' in cls_config:
- for match, match_config in cls_config['match'].items():
- for af in ['ip', 'ipv6']:
- # every match criteria has it's tc instance
- filter_cmd = f'tc filter replace dev {self._interface} parent {self._parent:x}:'
+ # every match criteria has it's tc instance
+ filter_cmd = f'tc filter replace dev {self._interface} parent {self._parent:x}:'
- if priority:
- filter_cmd += f' prio {cls}'
- elif 'priority' in cls_config:
- prio = cls_config['priority']
- filter_cmd += f' prio {prio}'
+ if priority:
+ filter_cmd += f' prio {cls}'
+ elif 'priority' in cls_config:
+ prio = cls_config['priority']
+ filter_cmd += f' prio {prio}'
- filter_cmd += ' protocol all u32'
+ filter_cmd += ' protocol all'
+ if 'match' in cls_config:
+ for match, match_config in cls_config['match'].items():
+ if 'mark' in match_config:
+ mark = match_config['mark']
+ filter_cmd += f' handle {mark} fw'
+
+ for af in ['ip', 'ipv6']:
tc_af = af
if af == 'ipv6':
tc_af = 'ip6'
if af in match_config:
+ filter_cmd += ' u32'
+
tmp = dict_search(f'{af}.source.address', match_config)
if tmp: filter_cmd += f' match {tc_af} src {tmp}'
@@ -223,30 +229,34 @@ class QoSBase:
elif af == 'ipv6':
filter_cmd += f' match u8 {mask} {mask} at 53'
- # The police block allows limiting of the byte or packet rate of
- # traffic matched by the filter it is attached to.
- # https://man7.org/linux/man-pages/man8/tc-police.8.html
- if any(tmp in ['exceed', 'bandwidth', 'burst'] for tmp in cls_config):
- filter_cmd += f' action police'
-
- if 'exceed' in cls_config:
- action = cls_config['exceed']
- filter_cmd += f' conform-exceed {action}'
- if 'not_exceed' in cls_config:
- action = cls_config['not_exceed']
- filter_cmd += f'/{action}'
-
- if 'bandwidth' in cls_config:
- rate = self._rate_convert(cls_config['bandwidth'])
- filter_cmd += f' rate {rate}'
-
- if 'burst' in cls_config:
- burst = cls_config['burst']
- filter_cmd += f' burst {burst}'
-
- cls = int(cls)
- filter_cmd += f' flowid {self._parent:x}:{cls:x}'
- self._cmd(filter_cmd)
+ else:
+
+ filter_cmd += ' basic'
+
+ # The police block allows limiting of the byte or packet rate of
+ # traffic matched by the filter it is attached to.
+ # https://man7.org/linux/man-pages/man8/tc-police.8.html
+ if any(tmp in ['exceed', 'bandwidth', 'burst'] for tmp in cls_config):
+ filter_cmd += f' action police'
+
+ if 'exceed' in cls_config:
+ action = cls_config['exceed']
+ filter_cmd += f' conform-exceed {action}'
+ if 'not_exceed' in cls_config:
+ action = cls_config['not_exceed']
+ filter_cmd += f'/{action}'
+
+ if 'bandwidth' in cls_config:
+ rate = self._rate_convert(cls_config['bandwidth'])
+ filter_cmd += f' rate {rate}'
+
+ if 'burst' in cls_config:
+ burst = cls_config['burst']
+ filter_cmd += f' burst {burst}'
+
+ cls = int(cls)
+ filter_cmd += f' flowid {self._parent:x}:{cls:x}'
+ self._cmd(filter_cmd)
if 'default' in config:
if 'class' in config: