From 3524284b3016f821ba5b2d093a366cbd65b600f4 Mon Sep 17 00:00:00 2001
From: Anna Tikhomirova <vamp@vampik.ru>
Date: Fri, 5 May 2023 13:46:33 +0300
Subject: [PATCH] mwan3: fix mark for outgoing connections inside tunnel The
 mark of outgoing connections propagates to the tunnel connection itself,
 which may break routing. Fix this by resetting the mark of outgoing packets
 after routing decision is made.

Suggested-by: Maxim Mikityanskiy <maxtram95@gmail.com>
Signed-off-by: Anna Tikhomirova <vamp@vampik.ru>
---
 net/mwan3/files/etc/init.d/mwan3   | 1 +
 net/mwan3/files/lib/mwan3/mwan3.sh | 9 +++++++++
 2 files changed, 10 insertions(+)

diff --git a/net/mwan3/files/etc/init.d/mwan3 b/net/mwan3/files/etc/init.d/mwan3
index d31e11aa73..bf86ecd61e 100755
--- a/net/mwan3/files/etc/init.d/mwan3
+++ b/net/mwan3/files/etc/init.d/mwan3
@@ -86,6 +86,7 @@ stop_service() {
 			[ -z "${table##*PREROUTING -j mwan3_pre*}" ] && echo "-D PREROUTING -j mwan3_pre"
 			[ -z "${table##*PREROUTING -j mwan3_hook*}" ] && echo "-D PREROUTING -j mwan3_hook"
 			[ -z "${table##*OUTPUT -j mwan3_hook*}" ] && echo "-D OUTPUT -j mwan3_hook"
+			[ -z "${table##*POSTROUTING -j mwan3_post*}" ] && echo "-D POSTROUTING -j mwan3_post"
 			echo "$table" | awk '{print "-F "$2}' | grep mwan3 | sort -u
 			echo "$table" | awk '{print "-X "$2}' | grep mwan3 | sort -u
 			echo "COMMIT"
diff --git a/net/mwan3/files/lib/mwan3/mwan3.sh b/net/mwan3/files/lib/mwan3/mwan3.sh
index 80de4549cb..62e664603f 100644
--- a/net/mwan3/files/lib/mwan3/mwan3.sh
+++ b/net/mwan3/files/lib/mwan3/mwan3.sh
@@ -344,6 +344,12 @@ mwan3_set_general_iptables()
 					  -j MARK --set-xmark "0x0/$MMX_MASK"
 		fi
 
+		if [ -n "${current##*-N mwan3_post*}" ]; then
+			mwan3_push_update -N mwan3_post
+			mwan3_push_update -A mwan3_post \
+					  -j MARK --set-xmark "0x0/$MMX_MASK"
+		fi
+
 		if [ -n "${current##*-A PREROUTING -j mwan3_pre*}" ]; then
 			mwan3_push_update -A PREROUTING -j mwan3_pre
 		fi
@@ -353,6 +359,9 @@ mwan3_set_general_iptables()
 		if [ -n "${current##*-A OUTPUT -j mwan3_hook*}" ]; then
 			mwan3_push_update -A OUTPUT -j mwan3_hook
 		fi
+		if [ -n "${current##*-A POSTROUTING -j mwan3_post*}" ]; then
+			mwan3_push_update -A POSTROUTING -j mwan3_post
+		fi
 		mwan3_push_update COMMIT
 		mwan3_push_update ""