mwan3: fix mark for outgoing connections inside tunnel

The mark of outgoing connections propagates to the tunnel connection itself, which may break routing. Fix this by resetting the mark of outgoing packets after routing decision is made. Suggested-by: Maxim Mikityanskiy <maxtram95@gmail.com> Signed-off-by: Anna Tikhomirova <vamp@vampik.ru>
2023-05-05 13:46:33 +03:00 · 2023-05-05 13:46:33 +03:00 · 3524284b30
parent 1361dc9ffb
commit 3524284b30
2 changed files with 10 additions and 0 deletions
--- a/net/mwan3/files/etc/init.d/mwan3
+++ b/net/mwan3/files/etc/init.d/mwan3
@ -86,6 +86,7 @@ stop_service() {
 			[ -z "${table##*PREROUTING -j mwan3_pre*}" ] && echo "-D PREROUTING -j mwan3_pre"
 			[ -z "${table##*PREROUTING -j mwan3_hook*}" ] && echo "-D PREROUTING -j mwan3_hook"
 			[ -z "${table##*OUTPUT -j mwan3_hook*}" ] && echo "-D OUTPUT -j mwan3_hook"
+			[ -z "${table##*POSTROUTING -j mwan3_post*}" ] && echo "-D POSTROUTING -j mwan3_post"
 			echo "$table" | awk '{print "-F "$2}' | grep mwan3 | sort -u
 			echo "$table" | awk '{print "-X "$2}' | grep mwan3 | sort -u
 			echo "COMMIT"
--- a/net/mwan3/files/lib/mwan3/mwan3.sh
+++ b/net/mwan3/files/lib/mwan3/mwan3.sh
@ -344,6 +344,12 @@ mwan3_set_general_iptables()
 					  -j MARK --set-xmark "0x0/$MMX_MASK"
 		fi

+		if [ -n "${current##*-N mwan3_post*}" ]; then
+			mwan3_push_update -N mwan3_post
+			mwan3_push_update -A mwan3_post \
+					  -j MARK --set-xmark "0x0/$MMX_MASK"
+		fi
+
 		if [ -n "${current##*-A PREROUTING -j mwan3_pre*}" ]; then
 			mwan3_push_update -A PREROUTING -j mwan3_pre
 		fi
@ -353,6 +359,9 @@ mwan3_set_general_iptables()
 		if [ -n "${current##*-A OUTPUT -j mwan3_hook*}" ]; then
 			mwan3_push_update -A OUTPUT -j mwan3_hook
 		fi
+		if [ -n "${current##*-A POSTROUTING -j mwan3_post*}" ]; then
+			mwan3_push_update -A POSTROUTING -j mwan3_post
+		fi
 		mwan3_push_update COMMIT
 		mwan3_push_update ""