Re: [FreeWRT-users] Problems using FreeWRT

Georg C. F. Greve Fri, 27 Oct 2006 05:26:26 -0700

Hi Waldemar,

 || On Fri, 27 Oct 2006 11:05:37 +0200
 || Waldemar Brodkorb <[EMAIL PROTECTED]> wrote:


 >> a) Even though I selected all iptables additional features, I am
 >> lacking the ipt_CLASSIFY, which should be a packaging problem
 >> only, I believe, because the modules are compiled by default.

 wb> I need to check this.

I just had another look.

The iptables package builds the libipt_CLASSIFY by default, but it is
not packaged. The kernel does not build the corresponding kernel
module by default, it needs a patch like the one I'm attaching that I
originally made for OpenWRT, which has meanwhile included it.

Overall, the effort is relatively small, but the CLASSIFY target is
quite important for more complex traffic shaping with egress/ingress
qdiscs.


 wb> FreeWRT configuration does not implement removing files. If you
 wb> do not like to add default FreeWRT configuration files in the
 wb> first place, use the "Mypackage" package and create a Makefile
 wb> which just removes the files before image creation.

Ah, alright. Once I understood this I was able to move things around.


 wb> After any change in /etc, you need to do "fwcf commit".
 wb> Documentation for Fwcf is not finished yet, but you can read the
 wb> fine specification.

After some fiddling, I managed to work things out now.

The ASUS WL-500gP box is now running

    * OpenVPN
    * Tor
    * Privoxy
    * Asterisk

and quite extensive traffic shaping. All looks good -- thank you so
much for your work on FreeWRT, it's fun to play with when I can sneak
away from my "normal" work. :)

Regards,
Georg

diff -uprN linux-2.4.32.reference/Documentation/Configure.help linux-2.4.32/Documentation/Configure.help
--- linux-2.4.32.reference/Documentation/Configure.help	2006-08-17 12:28:35.000000000 +0200
+++ linux-2.4.32/Documentation/Configure.help	2006-08-17 12:33:08.000000000 +0200
@@ -3251,6 +3251,17 @@ CONFIG_IP_NF_TARGET_LOG
   If you want to compile it as a module, say M here and read
   <file:Documentation/modules.txt>.  If unsure, say `N'.
 
+CLASSIFY target support
+CONFIG_IP_NF_TARGET_CLASSIFY
+  This option adds a `CLASSIFY' target, which enables the user to set
+  the priority of a packet. Some qdiscs can use this value for classification,
+  among these are:
+
+  atm, cbq, dsmark, pfifo_fast, htb, prio
+
+  If you want to compile it as a module, say M here and read
+  Documentation/modules.txt.  If unsure, say `N'.
+
 IP set support
 CONFIG_IP_NF_SET
   This option adds IP set support to the kernel.
diff -uprN linux-2.4.32.reference/include/linux/netfilter_ipv4/ipt_CLASSIFY.h linux-2.4.32/include/linux/netfilter_ipv4/ipt_CLASSIFY.h
--- linux-2.4.32.reference/include/linux/netfilter_ipv4/ipt_CLASSIFY.h	1970-01-01 01:00:00.000000000 +0100
+++ linux-2.4.32/include/linux/netfilter_ipv4/ipt_CLASSIFY.h	2006-08-17 12:33:08.000000000 +0200
@@ -0,0 +1,8 @@
+#ifndef _IPT_CLASSIFY_H
+#define _IPT_CLASSIFY_H
+
+struct ipt_classify_target_info {
+	u_int32_t priority;
+};
+
+#endif /*_IPT_CLASSIFY_H */
diff -uprN linux-2.4.32.reference/net/ipv4/netfilter/Config.in linux-2.4.32/net/ipv4/netfilter/Config.in
--- linux-2.4.32.reference/net/ipv4/netfilter/Config.in	2006-08-17 12:28:16.000000000 +0200
+++ linux-2.4.32/net/ipv4/netfilter/Config.in	2006-08-17 12:33:08.000000000 +0200
@@ -172,6 +172,7 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; 
     dep_tristate '    DSCP target support' CONFIG_IP_NF_TARGET_DSCP $CONFIG_IP_NF_MANGLE
  
     dep_tristate '    MARK target support' CONFIG_IP_NF_TARGET_MARK $CONFIG_IP_NF_MANGLE
+    dep_tristate '    CLASSIFY target support (EXPERIMENTAL)' CONFIG_IP_NF_TARGET_CLASSIFY $CONFIG_IP_NF_MANGLE
     dep_tristate '    IMQ target support' CONFIG_IP_NF_TARGET_IMQ $CONFIG_IP_NF_MANGLE
   fi
   if [ "$CONFIG_IP_NF_CONNTRACK_MARK" != "n" ]; then
diff -uprN linux-2.4.32.reference/net/ipv4/netfilter/ipt_CLASSIFY.c linux-2.4.32/net/ipv4/netfilter/ipt_CLASSIFY.c
--- linux-2.4.32.reference/net/ipv4/netfilter/ipt_CLASSIFY.c	1970-01-01 01:00:00.000000000 +0100
+++ linux-2.4.32/net/ipv4/netfilter/ipt_CLASSIFY.c	2006-08-17 12:33:08.000000000 +0200
@@ -0,0 +1,82 @@
+/*
+ * This is a module which is used for setting the skb->priority field
+ * of an skb for qdisc classification.
+ */
+
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/ip.h>
+#include <net/checksum.h>
+
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter_ipv4/ipt_CLASSIFY.h>
+
+MODULE_AUTHOR("Patrick McHardy <[EMAIL PROTECTED]>");
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION("iptables qdisc classification target module");
+
+static unsigned int
+target(struct sk_buff **pskb,
+       unsigned int hooknum,
+       const struct net_device *in,
+       const struct net_device *out,
+       const void *targinfo,
+       void *userinfo)
+{
+	const struct ipt_classify_target_info *clinfo = targinfo;
+
+	if((*pskb)->priority != clinfo->priority) {
+		(*pskb)->priority = clinfo->priority;
+		(*pskb)->nfcache |= NFC_ALTERED;
+	}
+
+	return IPT_CONTINUE;
+}
+
+static int
+checkentry(const char *tablename,
+           const struct ipt_entry *e,
+           void *targinfo,
+           unsigned int targinfosize,
+           unsigned int hook_mask)
+{
+	if (targinfosize != IPT_ALIGN(sizeof(struct ipt_classify_target_info))){
+		printk(KERN_ERR "CLASSIFY: invalid size (%u != %u).\n",
+		       targinfosize,
+		       IPT_ALIGN(sizeof(struct ipt_classify_target_info)));
+		return 0;
+	}
+	
+	if (hook_mask & ~(1 << NF_IP_POST_ROUTING)) {
+		printk(KERN_ERR "CLASSIFY: only valid in POST_ROUTING.\n");
+		return 0;
+	}
+
+	if (strcmp(tablename, "mangle") != 0) {
+		printk(KERN_WARNING "CLASSIFY: can only be called from "
+		                    "\"mangle\" table, not \"%s\".\n",
+		                    tablename);
+		return 0;
+	}
+
+	return 1;
+}
+
+static struct ipt_target ipt_classify_reg
+= { { NULL, NULL }, "CLASSIFY", target, checkentry, NULL, THIS_MODULE };
+
+static int __init init(void)
+{
+	if (ipt_register_target(&ipt_classify_reg))
+		return -EINVAL;
+
+	return 0;
+}
+
+static void __exit fini(void)
+{
+	ipt_unregister_target(&ipt_classify_reg);
+}
+
+module_init(init);
+module_exit(fini);
diff -uprN linux-2.4.32.reference/net/ipv4/netfilter/Makefile linux-2.4.32/net/ipv4/netfilter/Makefile
--- linux-2.4.32.reference/net/ipv4/netfilter/Makefile	2006-08-17 12:28:16.000000000 +0200
+++ linux-2.4.32/net/ipv4/netfilter/Makefile	2006-08-17 12:33:08.000000000 +0200
@@ -134,6 +134,7 @@ obj-$(CONFIG_IP_NF_MATCH_LAYER7) += ipt_
 
 # targets
 obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
+obj-$(CONFIG_IP_NF_TARGET_CLASSIFY) += ipt_CLASSIFY.o
 obj-$(CONFIG_IP_NF_TARGET_MIRROR) += ipt_MIRROR.o
 obj-$(CONFIG_IP_NF_TARGET_TOS) += ipt_TOS.o
 obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o

-- 
Georg C. F. Greve                                 <[EMAIL PROTECTED]>
Free Software Foundation Europe                  (http://fsfeurope.org)
Join the Fellowship and protect your freedom!     (http://www.fsfe.org)
What everyone should know about DRM                   (http://DRM.info)

pgpc7ogtY1KLr.pgp
Description: PGP signature

_______________________________________________
freewrt-users mailing list
[email protected]
https://www.freewrt.org/lists/listinfo/freewrt-users

Re: [FreeWRT-users] Problems using FreeWRT

Reply via email to