From 5777108e2f61fd456c5f357e786c00d549a47e34 Mon Sep 17 00:00:00 2001
From: Anna Tikhomirova <vamp@vampik.ru>
Date: Wed, 3 May 2023 02:42:30 +0300
Subject: [PATCH 1/3] mwan3: fix some tunnels assigned the wrong mark The mark
 of underlying tunnel connection is assigned to all incoming packets inside
 tunnel. This breaks mwan3 routing. Attempt to fix this by clearing the mark
 in incoming packets. Do not touch outgoing packets to make sure that tracking
 and "mwan3 use" command works as expected.

Signed-off-by: Anna Tikhomirova <vamp@vampik.ru>
---
 net/mwan3/files/etc/init.d/mwan3   |  1 +
 net/mwan3/files/lib/mwan3/mwan3.sh | 10 ++++++++++
 2 files changed, 11 insertions(+)

diff --git a/net/mwan3/files/etc/init.d/mwan3 b/net/mwan3/files/etc/init.d/mwan3
index 33a1f46e53..d31e11aa73 100755
--- a/net/mwan3/files/etc/init.d/mwan3
+++ b/net/mwan3/files/etc/init.d/mwan3
@@ -83,6 +83,7 @@ stop_service() {
 		table="$($IPT -S)"
 		{
 			echo "*mangle";
+			[ -z "${table##*PREROUTING -j mwan3_pre*}" ] && echo "-D PREROUTING -j mwan3_pre"
 			[ -z "${table##*PREROUTING -j mwan3_hook*}" ] && echo "-D PREROUTING -j mwan3_hook"
 			[ -z "${table##*OUTPUT -j mwan3_hook*}" ] && echo "-D OUTPUT -j mwan3_hook"
 			echo "$table" | awk '{print "-F "$2}' | grep mwan3 | sort -u
diff --git a/net/mwan3/files/lib/mwan3/mwan3.sh b/net/mwan3/files/lib/mwan3/mwan3.sh
index 1bfb767e86..e254408687 100644
--- a/net/mwan3/files/lib/mwan3/mwan3.sh
+++ b/net/mwan3/files/lib/mwan3/mwan3.sh
@@ -338,6 +338,16 @@ mwan3_set_general_iptables()
 			done
 		fi
 
+		if [ -n "${current##*-N mwan3_pre*}" ]; then
+			mwan3_push_update -N mwan3_pre
+			mwan3_push_update -A mwan3_pre \
+					  -m mark ! --mark "0x0/$MMX_MASK" \
+					  -j MARK --set-xmark "0x0/$MMX_MASK"
+		fi
+
+		if [ -n "${current##*-A PREROUTING -j mwan3_pre*}" ]; then
+			mwan3_push_update -A PREROUTING -j mwan3_pre
+		fi
 		if [ -n "${current##*-A PREROUTING -j mwan3_hook*}" ]; then
 			mwan3_push_update -A PREROUTING -j mwan3_hook
 		fi

From 1361dc9ffb7e08aa49b9cfb5b80b0d8e5085c78a Mon Sep 17 00:00:00 2001
From: Anna Tikhomirova <vamp@vampik.ru>
Date: Fri, 5 May 2023 13:37:42 +0300
Subject: [PATCH 2/3] mwan3: remove redundant check

Signed-off-by: Anna Tikhomirova <vamp@vampik.ru>
---
 net/mwan3/files/lib/mwan3/mwan3.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/net/mwan3/files/lib/mwan3/mwan3.sh b/net/mwan3/files/lib/mwan3/mwan3.sh
index e254408687..80de4549cb 100644
--- a/net/mwan3/files/lib/mwan3/mwan3.sh
+++ b/net/mwan3/files/lib/mwan3/mwan3.sh
@@ -341,7 +341,6 @@ mwan3_set_general_iptables()
 		if [ -n "${current##*-N mwan3_pre*}" ]; then
 			mwan3_push_update -N mwan3_pre
 			mwan3_push_update -A mwan3_pre \
-					  -m mark ! --mark "0x0/$MMX_MASK" \
 					  -j MARK --set-xmark "0x0/$MMX_MASK"
 		fi
 

From 3524284b3016f821ba5b2d093a366cbd65b600f4 Mon Sep 17 00:00:00 2001
From: Anna Tikhomirova <vamp@vampik.ru>
Date: Fri, 5 May 2023 13:46:33 +0300
Subject: [PATCH 3/3] mwan3: fix mark for outgoing connections inside tunnel
 The mark of outgoing connections propagates to the tunnel connection itself,
 which may break routing. Fix this by resetting the mark of outgoing packets
 after routing decision is made.

Suggested-by: Maxim Mikityanskiy <maxtram95@gmail.com>
Signed-off-by: Anna Tikhomirova <vamp@vampik.ru>
---
 net/mwan3/files/etc/init.d/mwan3   | 1 +
 net/mwan3/files/lib/mwan3/mwan3.sh | 9 +++++++++
 2 files changed, 10 insertions(+)

diff --git a/net/mwan3/files/etc/init.d/mwan3 b/net/mwan3/files/etc/init.d/mwan3
index d31e11aa73..bf86ecd61e 100755
--- a/net/mwan3/files/etc/init.d/mwan3
+++ b/net/mwan3/files/etc/init.d/mwan3
@@ -86,6 +86,7 @@ stop_service() {
 			[ -z "${table##*PREROUTING -j mwan3_pre*}" ] && echo "-D PREROUTING -j mwan3_pre"
 			[ -z "${table##*PREROUTING -j mwan3_hook*}" ] && echo "-D PREROUTING -j mwan3_hook"
 			[ -z "${table##*OUTPUT -j mwan3_hook*}" ] && echo "-D OUTPUT -j mwan3_hook"
+			[ -z "${table##*POSTROUTING -j mwan3_post*}" ] && echo "-D POSTROUTING -j mwan3_post"
 			echo "$table" | awk '{print "-F "$2}' | grep mwan3 | sort -u
 			echo "$table" | awk '{print "-X "$2}' | grep mwan3 | sort -u
 			echo "COMMIT"
diff --git a/net/mwan3/files/lib/mwan3/mwan3.sh b/net/mwan3/files/lib/mwan3/mwan3.sh
index 80de4549cb..62e664603f 100644
--- a/net/mwan3/files/lib/mwan3/mwan3.sh
+++ b/net/mwan3/files/lib/mwan3/mwan3.sh
@@ -344,6 +344,12 @@ mwan3_set_general_iptables()
 					  -j MARK --set-xmark "0x0/$MMX_MASK"
 		fi
 
+		if [ -n "${current##*-N mwan3_post*}" ]; then
+			mwan3_push_update -N mwan3_post
+			mwan3_push_update -A mwan3_post \
+					  -j MARK --set-xmark "0x0/$MMX_MASK"
+		fi
+
 		if [ -n "${current##*-A PREROUTING -j mwan3_pre*}" ]; then
 			mwan3_push_update -A PREROUTING -j mwan3_pre
 		fi
@@ -353,6 +359,9 @@ mwan3_set_general_iptables()
 		if [ -n "${current##*-A OUTPUT -j mwan3_hook*}" ]; then
 			mwan3_push_update -A OUTPUT -j mwan3_hook
 		fi
+		if [ -n "${current##*-A POSTROUTING -j mwan3_post*}" ]; then
+			mwan3_push_update -A POSTROUTING -j mwan3_post
+		fi
 		mwan3_push_update COMMIT
 		mwan3_push_update ""