From 5d158f6b3c15436c538ae41b7c850531bc9efaeb Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@nbd.name>
Date: Tue, 8 Mar 2022 22:53:34 +0100
Subject: [PATCH] interface: run ingress bpf filter on main device ingress
 instead of ifb egress

Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
 interface.c | 37 +++++++++++++++++++++++++++----------
 1 file changed, 27 insertions(+), 10 deletions(-)

diff --git a/interface.c b/interface.c
index d4d8ec4..5e54f88 100644
--- a/interface.c
+++ b/interface.c
@@ -217,6 +217,19 @@ cmd_del_qdisc(const char *ifname, const char *type)
 	return __cmd_add_del_qdisc(ifname, type, false);
 }
 
+static int
+cmd_add_bpf_filter(const char *ifname, bool egress, bool eth)
+{
+	char buf[512];
+	int ofs;
+
+	ofs = prepare_tc_cmd(buf, sizeof(buf), "filter", "add", ifname, egress ? "egress" : "ingress");
+	APPEND(buf, ofs, " prio 10 bpf object-pinned /sys/fs/bpf/qosify_%sgress_%s verbose direct-action",
+	       egress ? "e" : "in",
+		   eth ? "eth" : "ip");
+
+	return qosify_run_cmd(buf, false);
+}
 
 static int
 cmd_add_qdisc(struct qosify_iface *iface, const char *ifname, bool egress, bool eth)
@@ -248,13 +261,6 @@ cmd_add_qdisc(struct qosify_iface *iface, const char *ifname, bool egress, bool
 	       cfg->common_opts ? cfg->common_opts : "",
 	       dir_opts ? dir_opts : "");
 
-	qosify_run_cmd(buf, false);
-
-	ofs = prepare_tc_cmd(buf, sizeof(buf), "filter", "add", ifname, "egress bpf");
-	APPEND(buf, ofs, " object-pinned /sys/fs/bpf/qosify_%sgress_%s verbose direct-action",
-	       egress ? "e" : "in",
-		   eth ? "eth" : "ip");
-
 	return qosify_run_cmd(buf, false);
 }
 
@@ -300,6 +306,8 @@ cmd_add_ingress(struct qosify_iface *iface, bool eth)
 			 "flowid 1:1 action mirred egress redirect dev ifb-dns");
 	qosify_run_cmd(buf, false);
 
+	cmd_add_bpf_filter(iface->ifname, false, eth);
+
 	if (!iface->config.ingress)
 		return 0;
 
@@ -312,11 +320,21 @@ cmd_add_ingress(struct qosify_iface *iface, bool eth)
 	qosify_run_cmd(buf, false);
 
 	ofs = prepare_tc_cmd(buf, sizeof(buf), "filter", "add", iface->ifname, " ingress");
-	APPEND(buf, ofs, " protocol all prio 10 u32 match u32 0 0 "
+	APPEND(buf, ofs, " protocol all prio 20 u32 match u32 0 0 "
 			 "flowid 1:1 action mirred egress redirect dev '%s'", ifbdev);
 	return qosify_run_cmd(buf, false);
 }
 
+static int cmd_add_egress(struct qosify_iface *iface, bool eth)
+{
+	if (!iface->config.egress)
+		return 0;
+
+	cmd_add_qdisc(iface, iface->ifname, true, eth);
+
+	return cmd_add_bpf_filter(iface->ifname, true, eth);
+}
+
 static void
 interface_clear_qdisc(struct qosify_iface *iface)
 {
@@ -345,8 +363,7 @@ interface_start(struct qosify_iface *iface)
 	eth = ifr.ifr_hwaddr.sa_family == ARPHRD_ETHER;
 
 	interface_clear_qdisc(iface);
-	if (iface->config.egress)
-		cmd_add_qdisc(iface, iface->ifname, true, eth);
+	cmd_add_egress(iface, eth);
 	cmd_add_ingress(iface, eth);
 
 	iface->active = true;
-- 
2.30.2