mirror of
https://github.com/qosmio/nss-packages.git
synced 2025-12-16 08:12:53 +00:00
1891a290e0
The way ECM uci config is handled is pretty ugly due to it not specifying a
named section for 'general'.
Current:
```
➤ uci show ecm
ecm.global=ecm
ecm.global.acceleration_engine='nss'
ecm.@general[0]=general
ecm.@general[0].enable_bridge_filtering='0'
ecm.@general[0].disable_offloads='0'
ecm.@general[0].disable_flow_control='0'
ecm.@general[0].disable_interrupt_moderation='0'
ecm.@general[0].disable_gro='0'
```
None of the options require the use of unnamed sections
(like /etc/config/dhcp does when defining configs for multiple hosts)
With this change the config would produce:
```
ecm.global=ecm
ecm.global.acceleration_engine='nss'
ecm.general=ecm
ecm.general.enable_bridge_filtering='0'
ecm.general.disable_offloads='0'
ecm.general.disable_flow_control='0'
ecm.general.disable_interrupt_moderation='0'
ecm.general.disable_gro='0'
```
Which is a lot easier to read, and access programmatically.
We can also merge `global` and `general` into a single section as it
doesn't really make sense why we need global/general when it's
technically "ALL" globally applied.
For now, to ease users on the change, let's just stick to 2 sections.
**PLEASE NOTE: For users building their own images, and storing their**
**configs in 'files/etc/config/ecm' you will need to manually update the**
**config before compiling.**
For users using **sysupgrade** or installing without custom config at build
time 'files/etc/config/ecm' should be OK.
The following can be run manually on the config file 'ecm'
```sh
conf=/etc/config/ecm
uci -q show ecm.general || {
echo "Converting 'ECM' config to new format."
sed -i "s/config.*general.*/config ecm 'general'/g" "$conf"
}
```
Signed-off-by: Sean Khan <datapronix@protonmail.com>
166 lines
4.4 KiB
Bash
166 lines
4.4 KiB
Bash
#!/bin/sh /etc/rc.common
|
|
# shellcheck disable=3043,3060,2086,2034
|
|
#
|
|
# Copyright (c) 2014, 2019-2020 The Linux Foundation. All rights reserved.
|
|
#
|
|
# Permission to use, copy, modify, and/or distribute this software for any
|
|
# purpose with or without fee is hereby granted, provided that the above
|
|
# copyright notice and this permission notice appear in all copies.
|
|
#
|
|
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
|
|
# The shebang above has an extra space intentially to avoid having
|
|
# openwrt build scripts automatically enable this package starting
|
|
# at boot.
|
|
|
|
START=26
|
|
|
|
sysctl_update() {
|
|
local name value file
|
|
|
|
name=${1//\//\\/}
|
|
value=${2//\//\\/}
|
|
file=${3:-/etc/sysctl.d/qca-nss-ecm.conf}
|
|
|
|
sed -i -e '/^#\?\(\s*'"${name}"'\s*=\s*\).*/{s//\1'"${value}"'/;:a;n;ba;q}' \
|
|
-e '$a'"${name}"'='"${value}" "${file}"
|
|
sysctl -w ${name}=${value}
|
|
}
|
|
|
|
get_front_end_mode() {
|
|
config_load "ecm"
|
|
|
|
config_get front_end global acceleration_engine "auto"
|
|
|
|
# shellcheck disable=2154
|
|
case $front_end in
|
|
auto)
|
|
echo '0'
|
|
;;
|
|
nss)
|
|
echo '1'
|
|
;;
|
|
sfe)
|
|
echo '2'
|
|
;;
|
|
both)
|
|
echo '4'
|
|
;;
|
|
*)
|
|
echo '0'
|
|
esac
|
|
}
|
|
|
|
enable_bridge_filtering() {
|
|
sysctl_update net.bridge.bridge-nf-call-arptables 1
|
|
sysctl_update net.bridge.bridge-nf-call-iptables 1
|
|
sysctl_update net.bridge.bridge-nf-call-ip6tables 1
|
|
}
|
|
|
|
disable_bridge_filtering() {
|
|
sysctl_update net.bridge.bridge-nf-call-arptables 0
|
|
sysctl_update net.bridge.bridge-nf-call-iptables 0
|
|
sysctl_update net.bridge.bridge-nf-call-ip6tables 0
|
|
}
|
|
|
|
load_ecm() {
|
|
[ -d /sys/module/ecm ] || {
|
|
local get_front_end_mode
|
|
get_front_end_mode="$(get_front_end_mode)"
|
|
modinfo ecm | awk '/depends/{gsub(",","\n",$NF);print $NF}' | xargs -r -n 1 modprobe
|
|
touch /etc/modules.conf
|
|
grep -q "options ecm" /etc/modules.conf || echo "options ecm front_end_selection=$get_front_end_mode" >> /etc/modules.conf
|
|
modprobe ecm
|
|
echo 1 > /sys/kernel/debug/ecm/ecm_classifier_default/accel_delay_pkts
|
|
}
|
|
|
|
# shellcheck disable=1091
|
|
. /lib/netifd/offload/disable_offloads.sh
|
|
|
|
disable_offload
|
|
|
|
#Flushout stale accelerated connections if any
|
|
echo 1 > /sys/kernel/debug/ecm/ecm_db/defunct_all
|
|
echo f > /proc/net/nf_conntrack
|
|
|
|
# Set conntrack event mode to 1 for 6.1 kernel to get the conntrack events from ECM
|
|
local kernel_major
|
|
kernel_major=$(uname -r |cut -d. -f1)
|
|
if [ "$kernel_major" -eq 6 ]; then
|
|
echo 1 > /proc/sys/net/netfilter/nf_conntrack_events
|
|
fi
|
|
}
|
|
|
|
unload_ecm() {
|
|
disable_bridge_filtering
|
|
|
|
# Change it back to 6.1 linux's default setting
|
|
local kernel_major
|
|
kernel_major="$(uname -r |cut -d. -f1)"
|
|
if [ "$kernel_major" -eq 6 ]; then
|
|
echo 2 > /proc/sys/net/netfilter/nf_conntrack_events
|
|
fi
|
|
|
|
if [ -d /sys/module/ecm ]; then
|
|
#
|
|
# Stop ECM frontends
|
|
#
|
|
echo 1 > /sys/kernel/debug/ecm/front_end_ipv4_stop
|
|
echo 1 > /sys/kernel/debug/ecm/front_end_ipv6_stop
|
|
|
|
#
|
|
# Defunct the connections
|
|
#
|
|
echo 1 > /sys/kernel/debug/ecm/ecm_db/defunct_all
|
|
echo f > /proc/net/nf_conntrack
|
|
|
|
sleep 1
|
|
rmmod ecm
|
|
fi
|
|
}
|
|
|
|
start() {
|
|
load_ecm
|
|
|
|
# If the acceleration engine is NSS, enable wifi redirect
|
|
[ -d /sys/kernel/debug/ecm/ecm_nss_ipv4 ] && sysctl -w dev.nss.general.redirect=1
|
|
|
|
# If bridge filtering is enabled, apply and persist the sysctl flags
|
|
config_load ecm
|
|
config_get enable_bridge_filtering general enable_bridge_filtering "0"
|
|
|
|
# shellcheck disable=2154
|
|
if [ "$enable_bridge_filtering" -eq 1 ]; then
|
|
echo "Bridge filtering is enabled in the ECM config, this will cause issues with NAT loopback!"
|
|
enable_bridge_filtering
|
|
else
|
|
disable_bridge_filtering
|
|
fi
|
|
|
|
if [ -d /sys/module/qca_ovsmgr ]; then
|
|
insmod ecm_ovs
|
|
fi
|
|
}
|
|
|
|
stop() {
|
|
# If ECM is already not loaded, just return
|
|
if [ ! -d /sys/module/ecm ]; then
|
|
return
|
|
fi
|
|
|
|
# If the acceleration engine is NSS, disable wifi redirect
|
|
[ -d /sys/kernel/debug/ecm/ecm_nss_ipv4 ] && sysctl -w dev.nss.general.redirect=0
|
|
|
|
if [ -d /sys/module/ecm_ovs ]; then
|
|
rmmod ecm_ovs
|
|
fi
|
|
|
|
unload_ecm
|
|
}
|