So is it fair to state that ingress and egress is always relative to OpenWrt / the kernel. That is, at WAN, an upload packet egresses relative to OpenWrt. A download packet ingresses relative to OpenWrt. At LAN, an upload packet ingresses relative to OpenWrt (e.g. from a client PC) and an download packet egresses relative to OpenWrt (e.g. to a client PC).
root@OpenWrt:~# tc -s filter show dev wan parent ffff:
filter protocol ip pref 1 u32 chain 0
filter protocol ip pref 1 u32 chain 0 fh 800: ht divisor 1
filter protocol ip pref 1 u32 chain 0 fh 800::800 order 2048 key ht 800 bkt 0 terminal flowid ??? not_in_hw
match b2efa2b3/ffffffff at 12
action order 1: gact action pass
random type none pass val 0
index 1 ref 1 bind 1 installed 130796 sec used 0 sec firstused 130795 sec
Action statistics:
Sent 5976050952 bytes 5092952 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
filter protocol all pref 2 matchall chain 0
filter protocol all pref 2 matchall chain 0 handle 0x1
not_in_hw (rule hit 5201230)
action order 1: mirred (Egress Redirect to device ifb) stolen
index 1 ref 1 bind 1 installed 130796 sec used 0 sec firstused 130796 sec
Action statistics:
Sent 14931519849 bytes 12163406 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
I can keep running that by pressing up and enter on terminal and download either through VPN or WAN and compare the pass bytes with the matched bytes. In the case of VPN, the pass bytes increases rapidly. In the case of non-VPN, the matched bytes increases rapidly.
Any idea if this will survive a VPN/WAN restart or connection drop, etc.? Just wondering if I need to add some kind of hotplug capability to my script here:
