mwan3: Update to version 1.5-1
Add iptables -w option, which increases stability, requires iptables v1.4.20. Code cleanup Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>
This commit is contained in:
Adze1502
Steven Barth
parent
ac55d3ef7a
commit
5623b229b7
|
|
@ -8,8 +8,8 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=mwan3
|
||||
PKG_VERSION:=1.4
|
||||
PKG_RELEASE:=22
|
||||
PKG_VERSION:=1.5
|
||||
PKG_RELEASE:=1
|
||||
PKG_MAINTAINER:=Jeroen Louwes <jeroen.louwes@gmail.com>
|
||||
PKG_LICENSE:=GPLv2
|
||||
|
||||
|
|
@ -26,7 +26,9 @@ define Package/mwan3
|
|||
endef
|
||||
|
||||
define Package/mwan3/description
|
||||
Hotplug script which makes configuration of multiple WAN interfaces simple and manageable. With loadbalancing/failover support for up to 250 wan interfaces, connection tracking and an easy to manage traffic ruleset.
|
||||
Hotplug script which makes configuration of multiple WAN interfaces simple
|
||||
and manageable. With loadbalancing/failover support for up to 250 wan
|
||||
interfaces, connection tracking and an easy to manage traffic ruleset.
|
||||
endef
|
||||
|
||||
define Package/mwan3/conffiles
|
||||
|
|
|
|||
|
|
@ -6,68 +6,61 @@ mwan3_get_iface_id()
|
|||
[ "$1" == "$INTERFACE" ] && iface_id=$iface_count
|
||||
}
|
||||
|
||||
mwan3_get_route_args()
|
||||
{
|
||||
route_args=$(ip -4 route list dev $DEVICE default | head -1 | sed '/.*via \([^ ]*\) .*$/!d;s//\1/;q' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}')
|
||||
[ -n "$route_args" ] && route_args="via $route_args"
|
||||
route_args="nexthop $route_args dev $DEVICE"
|
||||
}
|
||||
|
||||
mwan3_set_general_iptables()
|
||||
{
|
||||
if ! iptables -S mwan3_ifaces -t mangle &> /dev/null; then
|
||||
iptables -N mwan3_ifaces -t mangle
|
||||
if ! $IPT -S mwan3_ifaces &> /dev/null; then
|
||||
$IPT -N mwan3_ifaces
|
||||
fi
|
||||
|
||||
if ! iptables -S mwan3_rules -t mangle &> /dev/null; then
|
||||
iptables -N mwan3_rules -t mangle
|
||||
if ! $IPT -S mwan3_rules &> /dev/null; then
|
||||
$IPT -N mwan3_rules
|
||||
fi
|
||||
|
||||
if ! iptables -S mwan3_connected -t mangle &> /dev/null; then
|
||||
iptables -N mwan3_connected -t mangle
|
||||
if ! $IPT -S mwan3_connected &> /dev/null; then
|
||||
$IPT -N mwan3_connected
|
||||
fi
|
||||
|
||||
if ! iptables -S mwan3_hook -t mangle &> /dev/null; then
|
||||
iptables -N mwan3_hook -t mangle
|
||||
iptables -A mwan3_hook -t mangle -j CONNMARK --restore-mark --nfmask 0xff00 --ctmask 0xff00
|
||||
iptables -A mwan3_hook -t mangle -m mark --mark 0x0/0xff00 -j mwan3_ifaces
|
||||
iptables -A mwan3_hook -t mangle -m mark --mark 0x0/0xff00 -j mwan3_connected
|
||||
iptables -A mwan3_hook -t mangle -m mark --mark 0x0/0xff00 -j mwan3_rules
|
||||
iptables -A mwan3_hook -t mangle -j CONNMARK --save-mark --nfmask 0xff00 --ctmask 0xff00
|
||||
if ! $IPT -S mwan3_hook &> /dev/null; then
|
||||
$IPT -N mwan3_hook
|
||||
$IPT -A mwan3_hook -j CONNMARK --restore-mark --nfmask 0xff00 --ctmask 0xff00
|
||||
$IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_ifaces
|
||||
$IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_connected
|
||||
$IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_rules
|
||||
$IPT -A mwan3_hook -j CONNMARK --save-mark --nfmask 0xff00 --ctmask 0xff00
|
||||
fi
|
||||
|
||||
if ! iptables -S mwan3_track_hook -t mangle &> /dev/null; then
|
||||
iptables -N mwan3_track_hook -t mangle
|
||||
if ! $IPT -S mwan3_track_hook &> /dev/null; then
|
||||
$IPT -N mwan3_track_hook
|
||||
fi
|
||||
|
||||
if ! iptables -S PREROUTING -t mangle | grep mwan3_hook &> /dev/null; then
|
||||
iptables -A PREROUTING -t mangle -j mwan3_hook
|
||||
if ! $IPT -S PREROUTING | grep mwan3_hook &> /dev/null; then
|
||||
$IPT -A PREROUTING -j mwan3_hook
|
||||
fi
|
||||
|
||||
if ! iptables -S OUTPUT -t mangle | grep mwan3_hook &> /dev/null; then
|
||||
iptables -A OUTPUT -t mangle -j mwan3_hook
|
||||
if ! $IPT -S OUTPUT | grep mwan3_hook &> /dev/null; then
|
||||
$IPT -A OUTPUT -j mwan3_hook
|
||||
fi
|
||||
|
||||
if ! iptables -S OUTPUT -t mangle | grep mwan3_track_hook &> /dev/null; then
|
||||
iptables -A OUTPUT -t mangle -j mwan3_track_hook
|
||||
if ! $IPT -S OUTPUT | grep mwan3_track_hook &> /dev/null; then
|
||||
$IPT -A OUTPUT -j mwan3_track_hook
|
||||
fi
|
||||
|
||||
iptables -F mwan3_rules -t mangle
|
||||
$IPT -F mwan3_rules
|
||||
}
|
||||
|
||||
mwan3_set_connected_iptables()
|
||||
{
|
||||
local connected_networks
|
||||
|
||||
if iptables -S mwan3_connected -t mangle &> /dev/null; then
|
||||
iptables -F mwan3_connected -t mangle
|
||||
if $IPT -S mwan3_connected &> /dev/null; then
|
||||
$IPT -F mwan3_connected
|
||||
|
||||
for connected_networks in $(ip -4 route | awk '{print $1}' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do
|
||||
iptables -A mwan3_connected -t mangle -d $connected_networks -m mark --mark 0x0/0xff00 -j MARK --set-xmark 0xff00/0xff00
|
||||
for connected_networks in $($IP route | awk '{print $1}' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do
|
||||
$IPT -A mwan3_connected -d $connected_networks -m mark --mark 0x0/0xff00 -j MARK --set-xmark 0xff00/0xff00
|
||||
done
|
||||
|
||||
iptables -I mwan3_connected -t mangle -d 224.0.0.0/3 -m mark --mark 0x0/0xff00 -j MARK --set-xmark 0xff00/0xff00
|
||||
iptables -I mwan3_connected -t mangle -d 127.0.0.0/8 -m mark --mark 0x0/0xff00 -j MARK --set-xmark 0xff00/0xff00
|
||||
$IPT -I mwan3_connected -d 224.0.0.0/3 -m mark --mark 0x0/0xff00 -j MARK --set-xmark 0xff00/0xff00
|
||||
$IPT -I mwan3_connected -d 127.0.0.0/8 -m mark --mark 0x0/0xff00 -j MARK --set-xmark 0xff00/0xff00
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
@ -75,56 +68,56 @@ mwan3_set_iface_iptables()
|
|||
{
|
||||
local local_net local_nets
|
||||
|
||||
local_net=$(ip -4 route list dev $DEVICE scope link | awk '{print $1}' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}')
|
||||
local_net=$($IP route list dev $DEVICE scope link | awk '{print $1}' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}')
|
||||
|
||||
if ! iptables -S mwan3_iface_$INTERFACE -t mangle &> /dev/null; then
|
||||
iptables -N mwan3_iface_$INTERFACE -t mangle
|
||||
if ! $IPT -S mwan3_iface_$INTERFACE &> /dev/null; then
|
||||
$IPT -N mwan3_iface_$INTERFACE
|
||||
fi
|
||||
|
||||
iptables -F mwan3_iface_$INTERFACE -t mangle
|
||||
iptables -D mwan3_ifaces -t mangle -i $DEVICE -m mark --mark 0x0/0xff00 -j mwan3_iface_$INTERFACE &> /dev/null
|
||||
$IPT -F mwan3_iface_$INTERFACE
|
||||
$IPT -D mwan3_ifaces -i $DEVICE -m mark --mark 0x0/0xff00 -j mwan3_iface_$INTERFACE &> /dev/null
|
||||
|
||||
if [ $ACTION == "ifup" ]; then
|
||||
if [ -n "$local_net" ]; then
|
||||
for local_nets in $local_net ; do
|
||||
if [ $ACTION == "ifup" ]; then
|
||||
iptables -I mwan3_iface_$INTERFACE -t mangle -s $local_net -m mark --mark 0x0/0xff00 -m comment --comment "$INTERFACE" -j MARK --set-xmark 0xff00/0xff00
|
||||
$IPT -I mwan3_iface_$INTERFACE -s $local_net -m mark --mark 0x0/0xff00 -m comment --comment "$INTERFACE" -j MARK --set-xmark 0xff00/0xff00
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
iptables -A mwan3_iface_$INTERFACE -t mangle -m mark --mark 0x0/0xff00 -m comment --comment "$INTERFACE" -j MARK --set-xmark $(($iface_id*256))/0xff00
|
||||
iptables -A mwan3_ifaces -t mangle -i $DEVICE -m mark --mark 0x0/0xff00 -j mwan3_iface_$INTERFACE
|
||||
$IPT -A mwan3_iface_$INTERFACE -m mark --mark 0x0/0xff00 -m comment --comment "$INTERFACE" -j MARK --set-xmark $(($iface_id*256))/0xff00
|
||||
$IPT -A mwan3_ifaces -i $DEVICE -m mark --mark 0x0/0xff00 -j mwan3_iface_$INTERFACE
|
||||
fi
|
||||
|
||||
if [ $ACTION == "ifdown" ]; then
|
||||
iptables -X mwan3_iface_$INTERFACE -t mangle
|
||||
$IPT -X mwan3_iface_$INTERFACE
|
||||
fi
|
||||
}
|
||||
|
||||
mwan3_set_iface_route()
|
||||
{
|
||||
ip -4 route flush table $iface_id
|
||||
[ $ACTION == "ifup" ] && ip -4 route add table $iface_id default $route_args
|
||||
$IP route flush table $iface_id
|
||||
[ $ACTION == "ifup" ] && $IP route add table $iface_id default $route_args
|
||||
}
|
||||
|
||||
mwan3_set_iface_rules()
|
||||
{
|
||||
while [ -n "$(ip -4 rule list | awk '$1 == "'$(($iface_id+1000)):'"')" ]; do
|
||||
ip -4 rule del pref $(($iface_id+1000))
|
||||
while [ -n "$($IP rule list | awk '$1 == "'$(($iface_id+1000)):'"')" ]; do
|
||||
$IP rule del pref $(($iface_id+1000))
|
||||
done
|
||||
|
||||
while [ -n "$(ip -4 rule list | awk '$1 == "'$(($iface_id+2000)):'"')" ]; do
|
||||
ip -4 rule del pref $(($iface_id+2000))
|
||||
while [ -n "$($IP rule list | awk '$1 == "'$(($iface_id+2000)):'"')" ]; do
|
||||
$IP rule del pref $(($iface_id+2000))
|
||||
done
|
||||
|
||||
while [ -n "$(ip -4 rule list | awk '$1 == "2254:"')" ]; do
|
||||
ip -4 rule del pref 2254
|
||||
while [ -n "$($IP rule list | awk '$1 == "2254:"')" ]; do
|
||||
$IP rule del pref 2254
|
||||
done
|
||||
|
||||
[ $ACTION == "ifup" ] && ip -4 rule add pref $(($iface_id+1000)) iif $DEVICE lookup main
|
||||
[ $ACTION == "ifup" ] && ip -4 rule add pref $(($iface_id+2000)) fwmark $(($iface_id*256))/0xff00 lookup $iface_id
|
||||
ip rule add pref 2254 fwmark 0xfe00/0xff00 unreachable
|
||||
[ $ACTION == "ifup" ] && $IP rule add pref $(($iface_id+1000)) iif $DEVICE lookup main
|
||||
[ $ACTION == "ifup" ] && $IP rule add pref $(($iface_id+2000)) fwmark $(($iface_id*256))/0xff00 lookup $iface_id
|
||||
$IP rule add pref 2254 fwmark 0xfe00/0xff00 unreachable
|
||||
}
|
||||
|
||||
mwan3_track()
|
||||
|
|
@ -145,28 +138,28 @@ mwan3_track()
|
|||
config_get down $INTERFACE down 5
|
||||
config_get up $INTERFACE up 5
|
||||
|
||||
if ! iptables -S mwan3_track_$INTERFACE -t mangle &> /dev/null; then
|
||||
iptables -N mwan3_track_$INTERFACE -t mangle
|
||||
iptables -A mwan3_track_hook -t mangle -p icmp -m icmp --icmp-type 8 -m length --length 32 -j mwan3_track_$INTERFACE
|
||||
if ! $IPT -S mwan3_track_$INTERFACE &> /dev/null; then
|
||||
$IPT -N mwan3_track_$INTERFACE
|
||||
$IPT -A mwan3_track_hook -p icmp -m icmp --icmp-type 8 -m length --length 32 -j mwan3_track_$INTERFACE
|
||||
fi
|
||||
|
||||
iptables -F mwan3_track_$INTERFACE -t mangle
|
||||
$IPT -F mwan3_track_$INTERFACE
|
||||
|
||||
for track_ip in $track_ips; do
|
||||
iptables -A mwan3_track_$INTERFACE -t mangle -d $track_ip -j MARK --set-xmark 0xff00/0xff00
|
||||
$IPT -A mwan3_track_$INTERFACE -d $track_ip -j MARK --set-xmark 0xff00/0xff00
|
||||
done
|
||||
|
||||
[ -x /usr/sbin/mwan3track ] && /usr/sbin/mwan3track $INTERFACE $DEVICE $reliability $count $timeout $interval $down $up $track_ips &
|
||||
else
|
||||
iptables -D mwan3_track_hook -t mangle -p icmp -m icmp --icmp-type 8 -m length --length 32 -j mwan3_track_$INTERFACE &> /dev/null
|
||||
iptables -F mwan3_track_$INTERFACE -t mangle &> /dev/null
|
||||
iptables -X mwan3_track_$INTERFACE -t mangle &> /dev/null
|
||||
$IPT -D mwan3_track_hook -p icmp -m icmp --icmp-type 8 -m length --length 32 -j mwan3_track_$INTERFACE &> /dev/null
|
||||
$IPT -F mwan3_track_$INTERFACE &> /dev/null
|
||||
$IPT -X mwan3_track_$INTERFACE &> /dev/null
|
||||
fi
|
||||
}
|
||||
|
||||
mwan3_set_policy()
|
||||
{
|
||||
local iface_count iface_id metric probability weight
|
||||
local iface_count iface_id INTERFACE metric probability weight
|
||||
|
||||
config_get INTERFACE $1 interface
|
||||
config_get metric $1 metric 1
|
||||
|
|
@ -178,12 +171,12 @@ mwan3_set_policy()
|
|||
|
||||
[ -n "$iface_id" ] || return 0
|
||||
|
||||
if iptables -S mwan3_iface_$INTERFACE -t mangle &> /dev/null; then
|
||||
if $IPT -S mwan3_iface_$INTERFACE &> /dev/null; then
|
||||
if [ "$metric" -lt "$lowest_metric" ]; then
|
||||
|
||||
total_weight=$weight
|
||||
iptables -F mwan3_policy_$policy -t mangle
|
||||
iptables -A mwan3_policy_$policy -t mangle -m mark --mark 0x0/0xff00 -m comment --comment "$INTERFACE $weight $weight" -j MARK --set-xmark $(($iface_id*256))/0xff00
|
||||
$IPT -F mwan3_policy_$policy
|
||||
$IPT -A mwan3_policy_$policy -m mark --mark 0x0/0xff00 -m comment --comment "$INTERFACE $weight $weight" -j MARK --set-xmark $(($iface_id*256))/0xff00
|
||||
|
||||
lowest_metric=$metric
|
||||
|
||||
|
|
@ -204,7 +197,7 @@ mwan3_set_policy()
|
|||
|
||||
probability="-m statistic --mode random --probability $probability"
|
||||
|
||||
iptables -I mwan3_policy_$policy -t mangle -m mark --mark 0x0/0xff00 $probability -m comment --comment "$INTERFACE $weight $total_weight" -j MARK --set-xmark $(($iface_id*256))/0xff00
|
||||
$IPT -I mwan3_policy_$policy -m mark --mark 0x0/0xff00 $probability -m comment --comment "$INTERFACE $weight $total_weight" -j MARK --set-xmark $(($iface_id*256))/0xff00
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
|
@ -216,22 +209,22 @@ mwan3_set_policies_iptables()
|
|||
policy=$1
|
||||
|
||||
if [ "$policy" != $(echo "$policy" | cut -c1-15) ]; then
|
||||
logger -t mwan3 -p warn "Policy $policy exceeds max of 15 chars. Not setting policy" && return 0
|
||||
$LOG warn "Policy $policy exceeds max of 15 chars. Not setting policy" && return 0
|
||||
fi
|
||||
|
||||
if ! iptables -S mwan3_policy_$policy -t mangle &> /dev/null; then
|
||||
iptables -N mwan3_policy_$policy -t mangle
|
||||
if ! $IPT -S mwan3_policy_$policy &> /dev/null; then
|
||||
$IPT -N mwan3_policy_$policy
|
||||
fi
|
||||
|
||||
iptables -F mwan3_policy_$policy -t mangle
|
||||
iptables -A mwan3_policy_$policy -t mangle -m mark --mark 0x0/0xff00 -m comment --comment "unreachable" -j MARK --set-xmark 0xfe00/0xff00
|
||||
$IPT -F mwan3_policy_$policy
|
||||
$IPT -A mwan3_policy_$policy -m mark --mark 0x0/0xff00 -m comment --comment "unreachable" -j MARK --set-xmark 0xfe00/0xff00
|
||||
|
||||
lowest_metric=256
|
||||
total_weight=0
|
||||
|
||||
config_list_foreach $policy use_member mwan3_set_policy
|
||||
|
||||
iptables -X $policy -t mangle &> /dev/null
|
||||
$IPT -X $policy &> /dev/null
|
||||
}
|
||||
|
||||
mwan3_set_user_rules_iptables()
|
||||
|
|
@ -256,10 +249,10 @@ mwan3_set_user_rules_iptables()
|
|||
|
||||
case $proto in
|
||||
tcp|udp)
|
||||
iptables -A mwan3_rules -t mangle -p $proto -s $src_ip -d $dest_ip -m multiport --sports $src_port -m multiport --dports $dest_port -m mark --mark 0/0xff00 -m comment --comment "$1" -j $use_policy &> /dev/null
|
||||
$IPT -A mwan3_rules -p $proto -s $src_ip -d $dest_ip -m multiport --sports $src_port -m multiport --dports $dest_port -m mark --mark 0/0xff00 -m comment --comment "$1" -j $use_policy &> /dev/null
|
||||
;;
|
||||
*)
|
||||
iptables -A mwan3_rules -t mangle -p $proto -s $src_ip -d $dest_ip -m mark --mark 0/0xff00 -m comment --comment "$1" -j $use_policy &> /dev/null
|
||||
$IPT -A mwan3_rules -p $proto -s $src_ip -d $dest_ip -m mark --mark 0/0xff00 -m comment --comment "$1" -j $use_policy &> /dev/null
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
|
@ -269,45 +262,41 @@ mwan3_ifupdown()
|
|||
{
|
||||
local counter enabled iface_count iface_id route_args wan_metric
|
||||
|
||||
[ -n "$DEVICE" ] || exit 0
|
||||
[ -n "$INTERFACE" ] || exit 0
|
||||
[ "$(uci get -P /var/state mwan3.$INTERFACE 2> /dev/null)" == "interface" ] || return 0
|
||||
|
||||
config_load mwan3
|
||||
config_foreach mwan3_get_iface_id interface
|
||||
|
||||
[ -n "$iface_id" ] || return 0
|
||||
[ "$iface_count" -le 250 ] || return 0
|
||||
unset iface_count
|
||||
|
||||
config_get enabled $INTERFACE enabled 0
|
||||
|
||||
counter=0
|
||||
|
||||
if [ $ACTION == "ifup" ]; then
|
||||
[ "$enabled" -eq 1 ] || exit 0
|
||||
[ "$enabled" -eq 1 ] || return 0
|
||||
|
||||
while [ -z "$(ip -4 route list dev $DEVICE default | head -1)" -a "$counter" -lt 10 ]; do
|
||||
while [ -z "$($IP route list dev $DEVICE default | head -1)" -a "$counter" -lt 10 ]; do
|
||||
sleep 1
|
||||
let counter++
|
||||
if [ "$counter" -ge 10 ]; then
|
||||
logger -t mwan3 -p warn "Could not find gateway for interface $INTERFACE ($DEVICE)" && exit 0
|
||||
$LOG warn "Could not find gateway for interface $INTERFACE ($DEVICE)" && return 0
|
||||
fi
|
||||
done
|
||||
|
||||
mwan3_get_route_args
|
||||
route_args=$($IP route list dev $DEVICE default | head -1 | sed '/.*via \([^ ]*\) .*$/!d;s//via \1/;q' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}')
|
||||
route_args="nexthop $route_args dev $DEVICE"
|
||||
fi
|
||||
|
||||
while [ "$(pgrep -f -o hotplug-call)" -ne $$ -a "$counter" -lt 60 ]; do
|
||||
sleep 1
|
||||
let counter++
|
||||
if [ "$counter" -ge 60 ]; then
|
||||
logger -t mwan3 -p warn "Timeout waiting for older hotplug processes to finish. $ACTION interface $INTERFACE ($DEVICE) aborted" && exit 0
|
||||
$LOG warn "Timeout waiting for older hotplug processes to finish. $ACTION interface $INTERFACE ($DEVICE) aborted" && return 0
|
||||
fi
|
||||
done
|
||||
|
||||
config_foreach mwan3_get_iface_id interface
|
||||
|
||||
[ -n "$iface_id" ] || exit 0
|
||||
[ "$iface_count" -le 250 ] || exit 0
|
||||
unset iface_count
|
||||
unset counter
|
||||
|
||||
logger -t mwan3 -p notice "$ACTION interface $INTERFACE ($DEVICE)"
|
||||
$LOG notice "$ACTION interface $INTERFACE ($DEVICE)"
|
||||
|
||||
mwan3_set_general_iptables
|
||||
mwan3_set_iface_iptables
|
||||
|
|
@ -320,9 +309,20 @@ mwan3_ifupdown()
|
|||
config_foreach mwan3_set_user_rules_iptables rule
|
||||
}
|
||||
|
||||
[ -n "$DEVICE" ] || exit 0
|
||||
[ -n "$INTERFACE" ] || exit 0
|
||||
|
||||
local IP IPT LOG
|
||||
|
||||
IP="/usr/sbin/ip -4"
|
||||
IPT="/usr/sbin/iptables -t mangle -w"
|
||||
LOG="/usr/bin/logger -t mwan3 -p"
|
||||
|
||||
case "$ACTION" in
|
||||
ifup|ifdown)
|
||||
mwan3_ifupdown
|
||||
mwan3_set_connected_iptables
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
||||
|
|
|
|||
|
|
@ -15,6 +15,5 @@ restart() {
|
|||
}
|
||||
|
||||
boot() {
|
||||
# Don't start on boot, mwan3 is started by hotplug event.
|
||||
return 0
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,10 +16,13 @@ EOF
|
|||
|
||||
EXTRA_COMMANDS="ifdown ifup interfaces policies rules status"
|
||||
EXTRA_HELP="$(extra_help)"
|
||||
|
||||
IP="/usr/sbin/ip -4"
|
||||
IPT="/usr/sbin/iptables -t mangle -w"
|
||||
|
||||
ifdown()
|
||||
{
|
||||
local device
|
||||
|
||||
if [ -z "$1" ]; then
|
||||
echo "Error: Expecting interface. Usage: mwan3 ifdown <interface>" && exit 0
|
||||
fi
|
||||
|
|
@ -28,8 +31,6 @@ ifdown()
|
|||
echo "Error: Too many arguments. Usage: mwan3 ifdown <interface>" && exit 0
|
||||
fi
|
||||
|
||||
local device
|
||||
|
||||
device=$(uci get -p /var/state network.$1.ifname) &> /dev/null
|
||||
|
||||
if [ -e /var/run/mwan3track-$1.pid ] ; then
|
||||
|
|
@ -44,6 +45,8 @@ ifdown()
|
|||
|
||||
ifup()
|
||||
{
|
||||
local device enabled
|
||||
|
||||
config_load mwan3
|
||||
|
||||
if [ -z "$1" ]; then
|
||||
|
|
@ -53,8 +56,6 @@ ifup()
|
|||
if [ -n "$2" ]; then
|
||||
echo "Too many arguments. Usage: mwan3 ifup <interface>" && exit 0
|
||||
fi
|
||||
|
||||
local device enabled
|
||||
|
||||
config_get enabled "$1" enabled 0
|
||||
|
||||
|
|
@ -67,10 +68,10 @@ ifup()
|
|||
|
||||
interfaces()
|
||||
{
|
||||
config_load mwan3
|
||||
|
||||
local device enabled iface_id tracking
|
||||
|
||||
config_load mwan3
|
||||
|
||||
echo "Interface status:"
|
||||
|
||||
check_iface_status()
|
||||
|
|
@ -91,13 +92,13 @@ interfaces()
|
|||
tracking="down"
|
||||
fi
|
||||
|
||||
if [ -n "$(ip rule | awk '$5 == ("'$device'")')" -a -n "$(iptables -S mwan3_iface_$1 -t mangle 2> /dev/null)" -a -n "$(ip -4 route list table $iface_id default dev $device 2> /dev/null)" ]; then
|
||||
if [ -n "$($IP rule | awk '$5 == ("'$device'")')" -a -n "$($IPT -S mwan3_iface_$1 2> /dev/null)" -a -n "$($IP route list table $iface_id default dev $device 2> /dev/null)" ]; then
|
||||
if [ -n "$(uci get -p /var/state mwan3.$1.track_ip 2> /dev/null)" ]; then
|
||||
echo "Interface $1 is online (tracking $tracking)"
|
||||
else
|
||||
echo "Interface $1 is online"
|
||||
fi
|
||||
elif [ -n "$(ip rule | awk '$5 == ("'$device'")')" -o -n "$(iptables -S mwan3_iface_$1 -t mangle 2> /dev/null)" -o -n "$(ip -4 route list table $iface_id default dev $device 2> /dev/null)" ]; then
|
||||
elif [ -n "$($IP rule | awk '$5 == ("'$device'")')" -o -n "$($IPT -S mwan3_iface_$1 2> /dev/null)" -o -n "$($IP route list table $iface_id default dev $device 2> /dev/null)" ]; then
|
||||
echo "Interface $1 error"
|
||||
else
|
||||
if [ "$enabled" -eq 1 ]; then
|
||||
|
|
@ -119,21 +120,21 @@ policies()
|
|||
{
|
||||
local percent policy share total_weight weight iface
|
||||
|
||||
for policy in $(iptables -S -t mangle | awk '{print $2}' | grep mwan3_policy_ | sort -u); do
|
||||
for policy in $($IPT -S | awk '{print $2}' | grep mwan3_policy_ | sort -u); do
|
||||
echo "Policy $policy:" | sed 's/mwan3_policy_//g'
|
||||
|
||||
for iface in $(iptables -S $policy -t mangle | cut -s -d'"' -f2 | awk '{print $1}'); do
|
||||
[ -n "$total_weight" ] || total_weight=$(iptables -S $policy -t mangle | grep "$iface " | cut -s -d'"' -f2 | awk '{print $3}')
|
||||
for iface in $($IPT -S $policy | cut -s -d'"' -f2 | awk '{print $1}'); do
|
||||
[ -n "$total_weight" ] || total_weight=$($IPT -S $policy | grep "$iface " | cut -s -d'"' -f2 | awk '{print $3}')
|
||||
done
|
||||
|
||||
if [ ! -z "${total_weight##*[!0-9]*}" ]; then
|
||||
for iface in $(iptables -S $policy -t mangle | cut -s -d'"' -f2 | awk '{print $1}'); do
|
||||
weight=$(iptables -S $policy -t mangle | grep "$iface " | cut -s -d'"' -f2 | awk '{print $2}')
|
||||
for iface in $($IPT -S $policy | cut -s -d'"' -f2 | awk '{print $1}'); do
|
||||
weight=$($IPT -S $policy | grep "$iface " | cut -s -d'"' -f2 | awk '{print $2}')
|
||||
percent=$(($weight*100/$total_weight))
|
||||
echo " $iface ($percent%)"
|
||||
done
|
||||
else
|
||||
echo " $(iptables -S $policy -t mangle | sed '/.*--comment \([^ ]*\) .*$/!d;s//\1/;q')"
|
||||
echo " $($IPT -S $policy | sed '/.*--comment \([^ ]*\) .*$/!d;s//\1/;q')"
|
||||
fi
|
||||
|
||||
echo -e
|
||||
|
|
@ -144,19 +145,17 @@ policies()
|
|||
}
|
||||
rules()
|
||||
{
|
||||
if [ -n "$(iptables -S mwan3_connected -t mangle 2> /dev/null)" ]; then
|
||||
if [ -n "$($IPT -S mwan3_connected 2> /dev/null)" ]; then
|
||||
echo "Known networks:"
|
||||
echo "destination policy hits" | awk '{ printf "%-19s%-19s%-9s%s\n",$1,$2,$3}'
|
||||
echo "------------------------------------------------"
|
||||
iptables -L mwan3_connected -t mangle -n -v 2> /dev/null | tail -n+3 | sed 's/mark.*//' | sed 's/mwan3_policy_//g' | awk '{printf "%-19s%-19s%-9s%s\n",$9,"default",$1}'
|
||||
echo "destination policy hits" | awk '{ printf "%-19s%-19s%-9s%s\n",$1,$2,$3}' | awk '1; {gsub(".","-")}1'
|
||||
$IPT -L mwan3_connected -n -v 2> /dev/null | tail -n+3 | sed 's/mark.*//' | sed 's/mwan3_policy_//g' | awk '{printf "%-19s%-19s%-9s%s\n",$9,"default",$1}'
|
||||
echo -e
|
||||
fi
|
||||
|
||||
if [ -n "$(iptables -S mwan3_rules -t mangle 2> /dev/null)" ]; then
|
||||
if [ -n "$($IPT -S mwan3_rules 2> /dev/null)" ]; then
|
||||
echo "Active rules:"
|
||||
echo "source destination proto src-port dest-port policy hits" | awk '{ printf "%-19s%-19s%-7s%-14s%-14s%-16s%-9s%s\n",$1,$2,$3,$4,$5,$6,$7}'
|
||||
echo "---------------------------------------------------------------------------------------------------"
|
||||
iptables -L mwan3_rules -t mangle -n -v 2> /dev/null | tail -n+3 | sed 's/mark.*//' | sed 's/mwan3_policy_//g' | awk '{ printf "%-19s%-19s%-7s%-14s%-14s%-16s%-9s%s\n",$8,$9,$4,$12,$15,$3,$1}'
|
||||
echo "source destination proto src-port dest-port policy hits" | awk '{ printf "%-19s%-19s%-7s%-14s%-14s%-16s%-9s%s\n",$1,$2,$3,$4,$5,$6,$7}' | awk '1; {gsub(".","-")}1'
|
||||
$IPT -L mwan3_rules -n -v 2> /dev/null | tail -n+3 | sed 's/mark.*//' | sed 's/mwan3_policy_//g' | awk '{ printf "%-19s%-19s%-7s%-14s%-14s%-16s%-9s%s\n",$8,$9,$4,$12,$15,$3,$1}'
|
||||
echo -e
|
||||
fi
|
||||
}
|
||||
|
|
@ -181,24 +180,24 @@ stop()
|
|||
killall mwan3track &> /dev/null
|
||||
rm /var/run/mwan3track-* &> /dev/null
|
||||
|
||||
for route in $(ip route list table all | sed 's/.*table \([^ ]*\) .*/\1/' | awk '{print $1}' | awk '{for(i=1;i<=NF;i++) if($i+0>0) if($i+0<255) {print;break}}'); do
|
||||
ip -4 route flush table $route &> /dev/null
|
||||
for route in $($IP route list table all | sed 's/.*table \([^ ]*\) .*/\1/' | awk '{print $1}' | awk '{for(i=1;i<=NF;i++) if($i+0>0) if($i+0<255) {print;break}}'); do
|
||||
$IP route flush table $route &> /dev/null
|
||||
done
|
||||
|
||||
for rule in $(ip -4 rule list | egrep '^[1-2][0-9]{3}\:' | cut -d ':' -f 1); do
|
||||
ip -4 rule del pref $rule &> /dev/null
|
||||
for rule in $($IP rule list | egrep '^[1-2][0-9]{3}\:' | cut -d ':' -f 1); do
|
||||
$IP rule del pref $rule &> /dev/null
|
||||
done
|
||||
|
||||
iptables -D PREROUTING -t mangle -j mwan3_hook &> /dev/null
|
||||
iptables -D OUTPUT -t mangle -j mwan3_hook &> /dev/null
|
||||
iptables -D OUTPUT -t mangle -j mwan3_track_hook &> /dev/null
|
||||
$IPT -D PREROUTING -j mwan3_hook &> /dev/null
|
||||
$IPT -D OUTPUT -j mwan3_hook &> /dev/null
|
||||
$IPT -D OUTPUT -j mwan3_track_hook &> /dev/null
|
||||
|
||||
for table in $(iptables -S -t mangle | awk '{print $2}' | grep mwan3 | sort -u); do
|
||||
iptables -F $table -t mangle &> /dev/null
|
||||
for table in $($IPT -S | awk '{print $2}' | grep mwan3 | sort -u); do
|
||||
$IPT -F $table &> /dev/null
|
||||
done
|
||||
|
||||
for table in $(iptables -S -t mangle | awk '{print $2}' | grep mwan3 | sort -u); do
|
||||
iptables -X $table -t mangle &> /dev/null
|
||||
for table in $($IPT -S | awk '{print $2}' | grep mwan3 | sort -u); do
|
||||
$IPT -X $table &> /dev/null
|
||||
done
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue