Set the save-mark mask for the qos_${cg} chain to 0xff instead of
0xf0. With the old value, the nibble that was saved would be
masked during the restore, preventing ingress traffic from being
classified. Thanks to nbd for recommending the fix.
Signed-off-by: Michael Marley <mich...@michaelmarley.com>
---
package/network/config/qos-scripts/files/usr/lib/qos/generate.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/package/network/config/qos-scripts/files/usr/lib/qos/generate.sh
b/package/network/config/qos-scripts/files/usr/lib/qos/generate.sh
index 8d22b67..caa1125 100755
--- a/package/network/config/qos-scripts/files/usr/lib/qos/generate.sh
+++ b/package/network/config/qos-scripts/files/usr/lib/qos/generate.sh
@@ -427,7 +427,7 @@ ${iptrules:+${iptrules}${N}iptables -t mangle -A
qos_${cg}_ct -j CONNMARK --save
iptables -t mangle -A qos_${cg} -j CONNMARK --restore-mark --mask 0x0f
iptables -t mangle -A qos_${cg} -m mark --mark 0/0x0f -j qos_${cg}_ct
$pktrules
-${iptrules:+${iptrules}${N}iptables -t mangle -A qos_${cg} -j CONNMARK
--save-mark --mask 0xf0}
+${iptrules:+${iptrules}${N}iptables -t mangle -A qos_${cg} -j CONNMARK
--save-mark --mask 0xff}
$up$N${down:+${down}$N}
EOF
unset INSMOD
--
2.7.0
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
