applications/luci-splash: improve traffic limiting per client for ipv6

applications/luci-splash/root/usr/sbin/luci-splash

@@ -13,7 +13,7 @@ local net = sys.net
 local fs = require "luci.fs"
 local ip = require "luci.ip"
 
-local debug = false
+local debug = true
 
 local has_ipv6 = fs.access("/proc/net/ipv6_route") and fs.access("/usr/sbin/ip6tables")
 
@@ -86,7 +86,7 @@ function get_filter_handle(parent, direction, device, mac)
 	local tbl = {}
 	local handle
 	for k, v in pairs(input) do
-		handle = v:match('filter protocol ip pref %d+ u32 fh (%d*:%d*:%d*) order')
+		handle = v:match('filter protocol ip pref %d+ u32 fh (%d*:%d*:%d*) order') or v:match('filter protocol all pref %d+ u32 fh (%d*:%d*:%d*) order')
 		if handle then
 			local mac, mac1, mac2, mac3, mac4, mac5, mac6
 			if direction == 'src' then
@@ -467,19 +467,23 @@ function add_lease_rule(mac, ipaddr, device)
 
 	exec("iptables -t mangle -I luci_splash_mark_out -m mac --mac-source %q -j RETURN" % mac)
 
+	-- Mark incoming packets to a splashed host
+	-- for ipv4 - by iptables and destination
 	if id and device then
 		exec("iptables -t mangle -I luci_splash_mark_in -d %q -j MARK --set-mark 0x1%s -m comment --comment %s" % {ipaddr, id, mac:upper()})
 	end
 
+	--for ipv6: need to use the mac here
 	if has_ipv6 then
 		exec("ip6tables -t mangle -I luci_splash_mark_out -m mac --mac-source %q -j MARK --set-mark 79" % mac)
-		-- not working yet, needs the ip6addr
+		if id and device and tonumber(limit_down) then
-		--exec("ip6tables -t mangle -I luci_splash_mark_in -d %q -j MARK --set-mark 80 -m comment --comment %s" % {ipaddr, mac:upper()})
+			exec("tc filter add dev %s parent 1:0 protocol ipv6 prio 1 u32 match ether dst %s classid 1:%s" % {device, mac:lower(), id})
+		end
 	end
 
 
 	if device and tonumber(limit_up) > 0 then
-		exec('tc filter add dev "%s" parent ffff: protocol ip prio 2 u32 match ether src %s police rate %skbit mtu 6k burst 6k drop' % {device, mac, limit_up})
+		exec('tc filter add dev "%s" parent ffff: protocol all prio 2 u32 match ether src %s police rate %skbit mtu 6k burst 6k drop' % {device, mac, limit_up})
 	end
 
 	if id and device and tonumber(limit_down) > 0 then
@@ -511,10 +515,11 @@ function remove_lease_rule(mac, ipaddr, device, limit_up, limit_down)
 		ipt6_delete_all({table="mangle", chain="luci_splash_mark_out", options={"MAC", mac:upper()}})
 		ipt6_delete_all({table="filter", chain="luci_splash_filter",   options={"MAC", mac:upper()}})
 	end
+
 	if device and tonumber(limit_up) > 0 then
 		local handle = get_filter_handle('ffff:', 'src', device, mac)
 		if handle then
-			exec('tc filter del dev "%s" parent ffff: protocol ip prio 2 handle %s u32 police rate %skbit mtu 6k burst 6k drop' % {device, handle, limit_up})
+			exec('tc filter del dev "%s" parent ffff: protocol all prio 2 handle %s u32 police rate %skbit mtu 6k burst 6k drop' % {device, handle, limit_up})
 		else
 			print('Warning! Could not get a handle for %s parent :ffff on interface %s' % { mac, device })
 		end
@@ -523,6 +528,7 @@ function remove_lease_rule(mac, ipaddr, device, limit_up, limit_down)
 	-- remove clients class
 	if device and id then
 		exec('tc class del dev "%s" classid 1:%s' % {device, id})
+		exec('tc filter del dev "%s" parent 1:0 prio 1' % device) -- ipv6 rule
 		exec('tc qdisc del dev "%s" parent 1:%s sfq perturb 10' % { device, id })
 	end