Some DSCP fixes

2025-03-09 15:40:03 +00:00 · 2024-07-17 11:14:46 +02:00 · 2024-07-17 11:14:46 +02:00 · e91a9e5c3d
commit e91a9e5c3d
parent 462fbaae5a
1 changed files with 34 additions and 24 deletions
--- a/omr-dscp/files/etc/init.d/omr-dscp-nft
+++ b/omr-dscp/files/etc/init.d/omr-dscp-nft
@ -60,7 +60,7 @@ _add_dscp_domains_rules() {
 			set firewall.omr_dscp_rule_${class}_4.ipset="omr_dscp_${class}_4"
 			set firewall.omr_dscp_rule_${class}_4.set_dscp="$(echo ${class} | tr '[a-z'] '[A-Z]')"
 			set firewall.omr_dscp_rule_${class}_4.target='DSCP'
-			set firewall.omr_dscp_rule_${class}_4.src='lan'
+			set firewall.omr_dscp_rule_${class}_4.src='*'
 			set firewall.omr_dscp_rule_${class}_4.dest='*'
 			commit firewall
 		EOF
@ -71,7 +71,7 @@ _add_dscp_domains_rules() {
 				set firewall.omr_dscp_rule_${class}_6.ipset="omr_dscp_${class}_6"
 				set firewall.omr_dscp_rule_${class}_6.target='DSCP'
 				set firewall.omr_dscp_rule_${class}_6.set_dscp="$(echo ${class} | tr '[a-z'] '[A-Z]')"
-				set firewall.omr_dscp_rule_${class}_6.src='lan'
+				set firewall.omr_dscp_rule_${class}_6.src='*'
 				set firewall.omr_dscp_rule_${class}_6.dest='*'
 				commit firewall
 			EOF
@ -93,32 +93,42 @@ _add_dscp_rules() {
 	dest_port="$(echo $dest_port | sed 's/:/-/g')"
 	count=$((count + 1))
 	[ "$proto" = "all" ] && proto="tcp udp"
+	src=""
+	dst=""
 	case "$direction" in
-		upload|both)
-			# Apply the rule locally
-			uci -q batch <<-EOF
-				set firewall.omr_dscp_rule$count=rule
-				set firewall.omr_dscp_rule$count.name="omr_dscp_rule$count"
-				set firewall.omr_dscp_rule$count.target="DSCP"
-				set firewall.omr_dscp_rule$count.set_dscp="$(echo ${class} | tr '[a-z'] '[A-Z]')"
-				set firewall.omr_dscp_rule$count.src="lan"
-				set firewall.omr_dscp_rule$count.src_ip="$src_ip"
-				set firewall.omr_dscp_rule$count.dest_ip="$dest_ip"
-				set firewall.omr_dscp_rule$count.proto="$proto"
-			EOF
-			src_port="$(echo $src_port | sed 's/,/ /g')"
-			dest_port="$(echo $dest_port | sed 's/,/ /g')"
-			for port in $src_port; do
-				uci -q set firewall.omr_dscp_rule$count.src_port="$src_port"
-			done
-			for port in $src_port; do
-				uci -q set firewall.omr_dscp_rule$count.dest_port="$dest_port"
-			done
-			#_add_dscp_rule -m multiport --sports "$src_port" -m multiport --dports "$dest_port"
+		upload)
+				src="lan"
 			;;
-		download|both)
+		download)
+				dst="lan"
+			;;
+		both)
+				# to also use local generated traffic, maybe a local origin should be set...
+				src="*"
+				dst="*"
 			;;
 	esac
+	# Apply the rule locally
+	uci -q batch <<-EOF
+		set firewall.omr_dscp_rule$count=rule
+		set firewall.omr_dscp_rule$count.name="omr_dscp_rule$count"
+		set firewall.omr_dscp_rule$count.target="DSCP"
+		set firewall.omr_dscp_rule$count.set_dscp="$(echo ${class} | tr '[a-z'] '[A-Z]')"
+		set firewall.omr_dscp_rule$count.src="$src"
+		set firewall.omr_dscp_rule$count.dest="$dst"
+		set firewall.omr_dscp_rule$count.src_ip="$src_ip"
+		set firewall.omr_dscp_rule$count.dest_ip="$dest_ip"
+		set firewall.omr_dscp_rule$count.proto="$proto"
+	EOF
+	src_port="$(echo $src_port | sed 's/,/ /g')"
+	dest_port="$(echo $dest_port | sed 's/,/ /g')"
+	for port in $src_port; do
+		uci -q add_list firewall.omr_dscp_rule$count.src_port="$src_port"
+	done
+	for port in $src_port; do
+		uci -q add_list firewall.omr_dscp_rule$count.dest_port="$dest_port"
+	done
+	#_add_dscp_rule -m multiport --sports "$src_port" -m multiport --dports "$dest_port"
 	uci -q commit firewall

 }