When using `nft insert rule` the rule is inserted on top of the
`forward_wan` chain, which bypasses any filtering in place. Instead,
append the rule to the end of the chain.
Other changes include renaming chain `RATE-LIMIT` to `ECM-RATE-LIMIT`
for better rule classification, and `shellformat` formatting.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
`lo` and `bonding_masters` interfaces are not managed by ethtool, so
should be skipped when disabling any interface features.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
iptables based bridge filtering is incompatible with nftables (fw4), and
causes just causes NAT loopback issues.
This is only required for systems using legacy iptables (fw3) as the
primary firewalling. nftables doesn't need explicit enablement of bridge filtering.
Signed-off-by: Sean Khan <datapronix@protonmail.com>
The way ECM uci config is handled is pretty ugly due to it not specifying a
named section for 'general'.
Current:
```
➤ uci show ecm
ecm.global=ecm
ecm.global.acceleration_engine='nss'
ecm.@general[0]=general
ecm.@general[0].enable_bridge_filtering='0'
ecm.@general[0].disable_offloads='0'
ecm.@general[0].disable_flow_control='0'
ecm.@general[0].disable_interrupt_moderation='0'
ecm.@general[0].disable_gro='0'
```
None of the options require the use of unnamed sections
(like /etc/config/dhcp does when defining configs for multiple hosts)
With this change the config would produce:
```
ecm.global=ecm
ecm.global.acceleration_engine='nss'
ecm.general=ecm
ecm.general.enable_bridge_filtering='0'
ecm.general.disable_offloads='0'
ecm.general.disable_flow_control='0'
ecm.general.disable_interrupt_moderation='0'
ecm.general.disable_gro='0'
```
Which is a lot easier to read, and access programmatically.
We can also merge `global` and `general` into a single section as it
doesn't really make sense why we need global/general when it's
technically "ALL" globally applied.
For now, to ease users on the change, let's just stick to 2 sections.
**PLEASE NOTE: For users building their own images, and storing their**
**configs in 'files/etc/config/ecm' you will need to manually update the**
**config before compiling.**
For users using **sysupgrade** or installing without custom config at build
time 'files/etc/config/ecm' should be OK.
The following can be run manually on the config file 'ecm'
```sh
conf=/etc/config/ecm
uci -q show ecm.general || {
echo "Converting 'ECM' config to new format."
sed -i "s/config.*general.*/config ecm 'general'/g" "$conf"
}
```
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Since many of ECM's module depends are dynamic and chosen at build time
`kmodloader` seems to have trouble properly loading its dependencies.
Attempt to parse ecm's module depends and load them prior to installing
the module.
This commit also replaces error prone `uci get` command with `config_get`,
in case certain options are missing from `/etc/config/ecm`
To keep fork as closely synced with upstream, move NSS packages back
into repository. Not sure why they were moved out from my original fork.
* nss-firmware
* qca-nss-crypto
* qca-nss-cfi
Removed the following:
* mhz (already available in packages repo)
* qrtr (unecessary, and has been broken for years)
Also moved packages out of `qca` and back into root directory.
