mwan3: Update to version 1.5-1
Add iptables -w option, which increases stability, requires iptables v1.4.20. Code cleanup Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>
This commit is contained in:
Adze1502
Steven Barth
parent
ac55d3ef7a
commit
5623b229b7
|
|
@ -8,8 +8,8 @@
|
||||||
include $(TOPDIR)/rules.mk
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
PKG_NAME:=mwan3
|
PKG_NAME:=mwan3
|
||||||
PKG_VERSION:=1.4
|
PKG_VERSION:=1.5
|
||||||
PKG_RELEASE:=22
|
PKG_RELEASE:=1
|
||||||
PKG_MAINTAINER:=Jeroen Louwes <jeroen.louwes@gmail.com>
|
PKG_MAINTAINER:=Jeroen Louwes <jeroen.louwes@gmail.com>
|
||||||
PKG_LICENSE:=GPLv2
|
PKG_LICENSE:=GPLv2
|
||||||
|
|
||||||
|
|
@ -26,7 +26,9 @@ define Package/mwan3
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define Package/mwan3/description
|
define Package/mwan3/description
|
||||||
Hotplug script which makes configuration of multiple WAN interfaces simple and manageable. With loadbalancing/failover support for up to 250 wan interfaces, connection tracking and an easy to manage traffic ruleset.
|
Hotplug script which makes configuration of multiple WAN interfaces simple
|
||||||
|
and manageable. With loadbalancing/failover support for up to 250 wan
|
||||||
|
interfaces, connection tracking and an easy to manage traffic ruleset.
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define Package/mwan3/conffiles
|
define Package/mwan3/conffiles
|
||||||
|
|
|
||||||
|
|
@ -6,68 +6,61 @@ mwan3_get_iface_id()
|
||||||
[ "$1" == "$INTERFACE" ] && iface_id=$iface_count
|
[ "$1" == "$INTERFACE" ] && iface_id=$iface_count
|
||||||
}
|
}
|
||||||
|
|
||||||
mwan3_get_route_args()
|
|
||||||
{
|
|
||||||
route_args=$(ip -4 route list dev $DEVICE default | head -1 | sed '/.*via \([^ ]*\) .*$/!d;s//\1/;q' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}')
|
|
||||||
[ -n "$route_args" ] && route_args="via $route_args"
|
|
||||||
route_args="nexthop $route_args dev $DEVICE"
|
|
||||||
}
|
|
||||||
|
|
||||||
mwan3_set_general_iptables()
|
mwan3_set_general_iptables()
|
||||||
{
|
{
|
||||||
if ! iptables -S mwan3_ifaces -t mangle &> /dev/null; then
|
if ! $IPT -S mwan3_ifaces &> /dev/null; then
|
||||||
iptables -N mwan3_ifaces -t mangle
|
$IPT -N mwan3_ifaces
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! iptables -S mwan3_rules -t mangle &> /dev/null; then
|
if ! $IPT -S mwan3_rules &> /dev/null; then
|
||||||
iptables -N mwan3_rules -t mangle
|
$IPT -N mwan3_rules
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! iptables -S mwan3_connected -t mangle &> /dev/null; then
|
if ! $IPT -S mwan3_connected &> /dev/null; then
|
||||||
iptables -N mwan3_connected -t mangle
|
$IPT -N mwan3_connected
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! iptables -S mwan3_hook -t mangle &> /dev/null; then
|
if ! $IPT -S mwan3_hook &> /dev/null; then
|
||||||
iptables -N mwan3_hook -t mangle
|
$IPT -N mwan3_hook
|
||||||
iptables -A mwan3_hook -t mangle -j CONNMARK --restore-mark --nfmask 0xff00 --ctmask 0xff00
|
$IPT -A mwan3_hook -j CONNMARK --restore-mark --nfmask 0xff00 --ctmask 0xff00
|
||||||
iptables -A mwan3_hook -t mangle -m mark --mark 0x0/0xff00 -j mwan3_ifaces
|
$IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_ifaces
|
||||||
iptables -A mwan3_hook -t mangle -m mark --mark 0x0/0xff00 -j mwan3_connected
|
$IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_connected
|
||||||
iptables -A mwan3_hook -t mangle -m mark --mark 0x0/0xff00 -j mwan3_rules
|
$IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_rules
|
||||||
iptables -A mwan3_hook -t mangle -j CONNMARK --save-mark --nfmask 0xff00 --ctmask 0xff00
|
$IPT -A mwan3_hook -j CONNMARK --save-mark --nfmask 0xff00 --ctmask 0xff00
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! iptables -S mwan3_track_hook -t mangle &> /dev/null; then
|
if ! $IPT -S mwan3_track_hook &> /dev/null; then
|
||||||
iptables -N mwan3_track_hook -t mangle
|
$IPT -N mwan3_track_hook
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! iptables -S PREROUTING -t mangle | grep mwan3_hook &> /dev/null; then
|
if ! $IPT -S PREROUTING | grep mwan3_hook &> /dev/null; then
|
||||||
iptables -A PREROUTING -t mangle -j mwan3_hook
|
$IPT -A PREROUTING -j mwan3_hook
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! iptables -S OUTPUT -t mangle | grep mwan3_hook &> /dev/null; then
|
if ! $IPT -S OUTPUT | grep mwan3_hook &> /dev/null; then
|
||||||
iptables -A OUTPUT -t mangle -j mwan3_hook
|
$IPT -A OUTPUT -j mwan3_hook
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! iptables -S OUTPUT -t mangle | grep mwan3_track_hook &> /dev/null; then
|
if ! $IPT -S OUTPUT | grep mwan3_track_hook &> /dev/null; then
|
||||||
iptables -A OUTPUT -t mangle -j mwan3_track_hook
|
$IPT -A OUTPUT -j mwan3_track_hook
|
||||||
fi
|
fi
|
||||||
|
|
||||||
iptables -F mwan3_rules -t mangle
|
$IPT -F mwan3_rules
|
||||||
}
|
}
|
||||||
|
|
||||||
mwan3_set_connected_iptables()
|
mwan3_set_connected_iptables()
|
||||||
{
|
{
|
||||||
local connected_networks
|
local connected_networks
|
||||||
|
|
||||||
if iptables -S mwan3_connected -t mangle &> /dev/null; then
|
if $IPT -S mwan3_connected &> /dev/null; then
|
||||||
iptables -F mwan3_connected -t mangle
|
$IPT -F mwan3_connected
|
||||||
|
|
||||||
for connected_networks in $(ip -4 route | awk '{print $1}' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do
|
for connected_networks in $($IP route | awk '{print $1}' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do
|
||||||
iptables -A mwan3_connected -t mangle -d $connected_networks -m mark --mark 0x0/0xff00 -j MARK --set-xmark 0xff00/0xff00
|
$IPT -A mwan3_connected -d $connected_networks -m mark --mark 0x0/0xff00 -j MARK --set-xmark 0xff00/0xff00
|
||||||
done
|
done
|
||||||
|
|
||||||
iptables -I mwan3_connected -t mangle -d 224.0.0.0/3 -m mark --mark 0x0/0xff00 -j MARK --set-xmark 0xff00/0xff00
|
$IPT -I mwan3_connected -d 224.0.0.0/3 -m mark --mark 0x0/0xff00 -j MARK --set-xmark 0xff00/0xff00
|
||||||
iptables -I mwan3_connected -t mangle -d 127.0.0.0/8 -m mark --mark 0x0/0xff00 -j MARK --set-xmark 0xff00/0xff00
|
$IPT -I mwan3_connected -d 127.0.0.0/8 -m mark --mark 0x0/0xff00 -j MARK --set-xmark 0xff00/0xff00
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -75,56 +68,56 @@ mwan3_set_iface_iptables()
|
||||||
{
|
{
|
||||||
local local_net local_nets
|
local local_net local_nets
|
||||||
|
|
||||||
local_net=$(ip -4 route list dev $DEVICE scope link | awk '{print $1}' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}')
|
local_net=$($IP route list dev $DEVICE scope link | awk '{print $1}' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}')
|
||||||
|
|
||||||
if ! iptables -S mwan3_iface_$INTERFACE -t mangle &> /dev/null; then
|
if ! $IPT -S mwan3_iface_$INTERFACE &> /dev/null; then
|
||||||
iptables -N mwan3_iface_$INTERFACE -t mangle
|
$IPT -N mwan3_iface_$INTERFACE
|
||||||
fi
|
fi
|
||||||
|
|
||||||
iptables -F mwan3_iface_$INTERFACE -t mangle
|
$IPT -F mwan3_iface_$INTERFACE
|
||||||
iptables -D mwan3_ifaces -t mangle -i $DEVICE -m mark --mark 0x0/0xff00 -j mwan3_iface_$INTERFACE &> /dev/null
|
$IPT -D mwan3_ifaces -i $DEVICE -m mark --mark 0x0/0xff00 -j mwan3_iface_$INTERFACE &> /dev/null
|
||||||
|
|
||||||
if [ $ACTION == "ifup" ]; then
|
if [ $ACTION == "ifup" ]; then
|
||||||
if [ -n "$local_net" ]; then
|
if [ -n "$local_net" ]; then
|
||||||
for local_nets in $local_net ; do
|
for local_nets in $local_net ; do
|
||||||
if [ $ACTION == "ifup" ]; then
|
if [ $ACTION == "ifup" ]; then
|
||||||
iptables -I mwan3_iface_$INTERFACE -t mangle -s $local_net -m mark --mark 0x0/0xff00 -m comment --comment "$INTERFACE" -j MARK --set-xmark 0xff00/0xff00
|
$IPT -I mwan3_iface_$INTERFACE -s $local_net -m mark --mark 0x0/0xff00 -m comment --comment "$INTERFACE" -j MARK --set-xmark 0xff00/0xff00
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
iptables -A mwan3_iface_$INTERFACE -t mangle -m mark --mark 0x0/0xff00 -m comment --comment "$INTERFACE" -j MARK --set-xmark $(($iface_id*256))/0xff00
|
$IPT -A mwan3_iface_$INTERFACE -m mark --mark 0x0/0xff00 -m comment --comment "$INTERFACE" -j MARK --set-xmark $(($iface_id*256))/0xff00
|
||||||
iptables -A mwan3_ifaces -t mangle -i $DEVICE -m mark --mark 0x0/0xff00 -j mwan3_iface_$INTERFACE
|
$IPT -A mwan3_ifaces -i $DEVICE -m mark --mark 0x0/0xff00 -j mwan3_iface_$INTERFACE
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ $ACTION == "ifdown" ]; then
|
if [ $ACTION == "ifdown" ]; then
|
||||||
iptables -X mwan3_iface_$INTERFACE -t mangle
|
$IPT -X mwan3_iface_$INTERFACE
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
mwan3_set_iface_route()
|
mwan3_set_iface_route()
|
||||||
{
|
{
|
||||||
ip -4 route flush table $iface_id
|
$IP route flush table $iface_id
|
||||||
[ $ACTION == "ifup" ] && ip -4 route add table $iface_id default $route_args
|
[ $ACTION == "ifup" ] && $IP route add table $iface_id default $route_args
|
||||||
}
|
}
|
||||||
|
|
||||||
mwan3_set_iface_rules()
|
mwan3_set_iface_rules()
|
||||||
{
|
{
|
||||||
while [ -n "$(ip -4 rule list | awk '$1 == "'$(($iface_id+1000)):'"')" ]; do
|
while [ -n "$($IP rule list | awk '$1 == "'$(($iface_id+1000)):'"')" ]; do
|
||||||
ip -4 rule del pref $(($iface_id+1000))
|
$IP rule del pref $(($iface_id+1000))
|
||||||
done
|
done
|
||||||
|
|
||||||
while [ -n "$(ip -4 rule list | awk '$1 == "'$(($iface_id+2000)):'"')" ]; do
|
while [ -n "$($IP rule list | awk '$1 == "'$(($iface_id+2000)):'"')" ]; do
|
||||||
ip -4 rule del pref $(($iface_id+2000))
|
$IP rule del pref $(($iface_id+2000))
|
||||||
done
|
done
|
||||||
|
|
||||||
while [ -n "$(ip -4 rule list | awk '$1 == "2254:"')" ]; do
|
while [ -n "$($IP rule list | awk '$1 == "2254:"')" ]; do
|
||||||
ip -4 rule del pref 2254
|
$IP rule del pref 2254
|
||||||
done
|
done
|
||||||
|
|
||||||
[ $ACTION == "ifup" ] && ip -4 rule add pref $(($iface_id+1000)) iif $DEVICE lookup main
|
[ $ACTION == "ifup" ] && $IP rule add pref $(($iface_id+1000)) iif $DEVICE lookup main
|
||||||
[ $ACTION == "ifup" ] && ip -4 rule add pref $(($iface_id+2000)) fwmark $(($iface_id*256))/0xff00 lookup $iface_id
|
[ $ACTION == "ifup" ] && $IP rule add pref $(($iface_id+2000)) fwmark $(($iface_id*256))/0xff00 lookup $iface_id
|
||||||
ip rule add pref 2254 fwmark 0xfe00/0xff00 unreachable
|
$IP rule add pref 2254 fwmark 0xfe00/0xff00 unreachable
|
||||||
}
|
}
|
||||||
|
|
||||||
mwan3_track()
|
mwan3_track()
|
||||||
|
|
@ -145,28 +138,28 @@ mwan3_track()
|
||||||
config_get down $INTERFACE down 5
|
config_get down $INTERFACE down 5
|
||||||
config_get up $INTERFACE up 5
|
config_get up $INTERFACE up 5
|
||||||
|
|
||||||
if ! iptables -S mwan3_track_$INTERFACE -t mangle &> /dev/null; then
|
if ! $IPT -S mwan3_track_$INTERFACE &> /dev/null; then
|
||||||
iptables -N mwan3_track_$INTERFACE -t mangle
|
$IPT -N mwan3_track_$INTERFACE
|
||||||
iptables -A mwan3_track_hook -t mangle -p icmp -m icmp --icmp-type 8 -m length --length 32 -j mwan3_track_$INTERFACE
|
$IPT -A mwan3_track_hook -p icmp -m icmp --icmp-type 8 -m length --length 32 -j mwan3_track_$INTERFACE
|
||||||
fi
|
fi
|
||||||
|
|
||||||
iptables -F mwan3_track_$INTERFACE -t mangle
|
$IPT -F mwan3_track_$INTERFACE
|
||||||
|
|
||||||
for track_ip in $track_ips; do
|
for track_ip in $track_ips; do
|
||||||
iptables -A mwan3_track_$INTERFACE -t mangle -d $track_ip -j MARK --set-xmark 0xff00/0xff00
|
$IPT -A mwan3_track_$INTERFACE -d $track_ip -j MARK --set-xmark 0xff00/0xff00
|
||||||
done
|
done
|
||||||
|
|
||||||
[ -x /usr/sbin/mwan3track ] && /usr/sbin/mwan3track $INTERFACE $DEVICE $reliability $count $timeout $interval $down $up $track_ips &
|
[ -x /usr/sbin/mwan3track ] && /usr/sbin/mwan3track $INTERFACE $DEVICE $reliability $count $timeout $interval $down $up $track_ips &
|
||||||
else
|
else
|
||||||
iptables -D mwan3_track_hook -t mangle -p icmp -m icmp --icmp-type 8 -m length --length 32 -j mwan3_track_$INTERFACE &> /dev/null
|
$IPT -D mwan3_track_hook -p icmp -m icmp --icmp-type 8 -m length --length 32 -j mwan3_track_$INTERFACE &> /dev/null
|
||||||
iptables -F mwan3_track_$INTERFACE -t mangle &> /dev/null
|
$IPT -F mwan3_track_$INTERFACE &> /dev/null
|
||||||
iptables -X mwan3_track_$INTERFACE -t mangle &> /dev/null
|
$IPT -X mwan3_track_$INTERFACE &> /dev/null
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
mwan3_set_policy()
|
mwan3_set_policy()
|
||||||
{
|
{
|
||||||
local iface_count iface_id metric probability weight
|
local iface_count iface_id INTERFACE metric probability weight
|
||||||
|
|
||||||
config_get INTERFACE $1 interface
|
config_get INTERFACE $1 interface
|
||||||
config_get metric $1 metric 1
|
config_get metric $1 metric 1
|
||||||
|
|
@ -178,12 +171,12 @@ mwan3_set_policy()
|
||||||
|
|
||||||
[ -n "$iface_id" ] || return 0
|
[ -n "$iface_id" ] || return 0
|
||||||
|
|
||||||
if iptables -S mwan3_iface_$INTERFACE -t mangle &> /dev/null; then
|
if $IPT -S mwan3_iface_$INTERFACE &> /dev/null; then
|
||||||
if [ "$metric" -lt "$lowest_metric" ]; then
|
if [ "$metric" -lt "$lowest_metric" ]; then
|
||||||
|
|
||||||
total_weight=$weight
|
total_weight=$weight
|
||||||
iptables -F mwan3_policy_$policy -t mangle
|
$IPT -F mwan3_policy_$policy
|
||||||
iptables -A mwan3_policy_$policy -t mangle -m mark --mark 0x0/0xff00 -m comment --comment "$INTERFACE $weight $weight" -j MARK --set-xmark $(($iface_id*256))/0xff00
|
$IPT -A mwan3_policy_$policy -m mark --mark 0x0/0xff00 -m comment --comment "$INTERFACE $weight $weight" -j MARK --set-xmark $(($iface_id*256))/0xff00
|
||||||
|
|
||||||
lowest_metric=$metric
|
lowest_metric=$metric
|
||||||
|
|
||||||
|
|
@ -204,7 +197,7 @@ mwan3_set_policy()
|
||||||
|
|
||||||
probability="-m statistic --mode random --probability $probability"
|
probability="-m statistic --mode random --probability $probability"
|
||||||
|
|
||||||
iptables -I mwan3_policy_$policy -t mangle -m mark --mark 0x0/0xff00 $probability -m comment --comment "$INTERFACE $weight $total_weight" -j MARK --set-xmark $(($iface_id*256))/0xff00
|
$IPT -I mwan3_policy_$policy -m mark --mark 0x0/0xff00 $probability -m comment --comment "$INTERFACE $weight $total_weight" -j MARK --set-xmark $(($iface_id*256))/0xff00
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
@ -216,22 +209,22 @@ mwan3_set_policies_iptables()
|
||||||
policy=$1
|
policy=$1
|
||||||
|
|
||||||
if [ "$policy" != $(echo "$policy" | cut -c1-15) ]; then
|
if [ "$policy" != $(echo "$policy" | cut -c1-15) ]; then
|
||||||
logger -t mwan3 -p warn "Policy $policy exceeds max of 15 chars. Not setting policy" && return 0
|
$LOG warn "Policy $policy exceeds max of 15 chars. Not setting policy" && return 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! iptables -S mwan3_policy_$policy -t mangle &> /dev/null; then
|
if ! $IPT -S mwan3_policy_$policy &> /dev/null; then
|
||||||
iptables -N mwan3_policy_$policy -t mangle
|
$IPT -N mwan3_policy_$policy
|
||||||
fi
|
fi
|
||||||
|
|
||||||
iptables -F mwan3_policy_$policy -t mangle
|
$IPT -F mwan3_policy_$policy
|
||||||
iptables -A mwan3_policy_$policy -t mangle -m mark --mark 0x0/0xff00 -m comment --comment "unreachable" -j MARK --set-xmark 0xfe00/0xff00
|
$IPT -A mwan3_policy_$policy -m mark --mark 0x0/0xff00 -m comment --comment "unreachable" -j MARK --set-xmark 0xfe00/0xff00
|
||||||
|
|
||||||
lowest_metric=256
|
lowest_metric=256
|
||||||
total_weight=0
|
total_weight=0
|
||||||
|
|
||||||
config_list_foreach $policy use_member mwan3_set_policy
|
config_list_foreach $policy use_member mwan3_set_policy
|
||||||
|
|
||||||
iptables -X $policy -t mangle &> /dev/null
|
$IPT -X $policy &> /dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
mwan3_set_user_rules_iptables()
|
mwan3_set_user_rules_iptables()
|
||||||
|
|
@ -256,10 +249,10 @@ mwan3_set_user_rules_iptables()
|
||||||
|
|
||||||
case $proto in
|
case $proto in
|
||||||
tcp|udp)
|
tcp|udp)
|
||||||
iptables -A mwan3_rules -t mangle -p $proto -s $src_ip -d $dest_ip -m multiport --sports $src_port -m multiport --dports $dest_port -m mark --mark 0/0xff00 -m comment --comment "$1" -j $use_policy &> /dev/null
|
$IPT -A mwan3_rules -p $proto -s $src_ip -d $dest_ip -m multiport --sports $src_port -m multiport --dports $dest_port -m mark --mark 0/0xff00 -m comment --comment "$1" -j $use_policy &> /dev/null
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
iptables -A mwan3_rules -t mangle -p $proto -s $src_ip -d $dest_ip -m mark --mark 0/0xff00 -m comment --comment "$1" -j $use_policy &> /dev/null
|
$IPT -A mwan3_rules -p $proto -s $src_ip -d $dest_ip -m mark --mark 0/0xff00 -m comment --comment "$1" -j $use_policy &> /dev/null
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
|
|
@ -269,45 +262,41 @@ mwan3_ifupdown()
|
||||||
{
|
{
|
||||||
local counter enabled iface_count iface_id route_args wan_metric
|
local counter enabled iface_count iface_id route_args wan_metric
|
||||||
|
|
||||||
[ -n "$DEVICE" ] || exit 0
|
|
||||||
[ -n "$INTERFACE" ] || exit 0
|
|
||||||
[ "$(uci get -P /var/state mwan3.$INTERFACE 2> /dev/null)" == "interface" ] || return 0
|
|
||||||
|
|
||||||
config_load mwan3
|
config_load mwan3
|
||||||
|
config_foreach mwan3_get_iface_id interface
|
||||||
|
|
||||||
|
[ -n "$iface_id" ] || return 0
|
||||||
|
[ "$iface_count" -le 250 ] || return 0
|
||||||
|
unset iface_count
|
||||||
|
|
||||||
config_get enabled $INTERFACE enabled 0
|
config_get enabled $INTERFACE enabled 0
|
||||||
|
|
||||||
counter=0
|
counter=0
|
||||||
|
|
||||||
if [ $ACTION == "ifup" ]; then
|
if [ $ACTION == "ifup" ]; then
|
||||||
[ "$enabled" -eq 1 ] || exit 0
|
[ "$enabled" -eq 1 ] || return 0
|
||||||
|
|
||||||
while [ -z "$(ip -4 route list dev $DEVICE default | head -1)" -a "$counter" -lt 10 ]; do
|
while [ -z "$($IP route list dev $DEVICE default | head -1)" -a "$counter" -lt 10 ]; do
|
||||||
sleep 1
|
sleep 1
|
||||||
let counter++
|
let counter++
|
||||||
if [ "$counter" -ge 10 ]; then
|
if [ "$counter" -ge 10 ]; then
|
||||||
logger -t mwan3 -p warn "Could not find gateway for interface $INTERFACE ($DEVICE)" && exit 0
|
$LOG warn "Could not find gateway for interface $INTERFACE ($DEVICE)" && return 0
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
mwan3_get_route_args
|
route_args=$($IP route list dev $DEVICE default | head -1 | sed '/.*via \([^ ]*\) .*$/!d;s//via \1/;q' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}')
|
||||||
|
route_args="nexthop $route_args dev $DEVICE"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
while [ "$(pgrep -f -o hotplug-call)" -ne $$ -a "$counter" -lt 60 ]; do
|
while [ "$(pgrep -f -o hotplug-call)" -ne $$ -a "$counter" -lt 60 ]; do
|
||||||
sleep 1
|
sleep 1
|
||||||
let counter++
|
let counter++
|
||||||
if [ "$counter" -ge 60 ]; then
|
if [ "$counter" -ge 60 ]; then
|
||||||
logger -t mwan3 -p warn "Timeout waiting for older hotplug processes to finish. $ACTION interface $INTERFACE ($DEVICE) aborted" && exit 0
|
$LOG warn "Timeout waiting for older hotplug processes to finish. $ACTION interface $INTERFACE ($DEVICE) aborted" && return 0
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
config_foreach mwan3_get_iface_id interface
|
$LOG notice "$ACTION interface $INTERFACE ($DEVICE)"
|
||||||
|
|
||||||
[ -n "$iface_id" ] || exit 0
|
|
||||||
[ "$iface_count" -le 250 ] || exit 0
|
|
||||||
unset iface_count
|
|
||||||
unset counter
|
|
||||||
|
|
||||||
logger -t mwan3 -p notice "$ACTION interface $INTERFACE ($DEVICE)"
|
|
||||||
|
|
||||||
mwan3_set_general_iptables
|
mwan3_set_general_iptables
|
||||||
mwan3_set_iface_iptables
|
mwan3_set_iface_iptables
|
||||||
|
|
@ -320,9 +309,20 @@ mwan3_ifupdown()
|
||||||
config_foreach mwan3_set_user_rules_iptables rule
|
config_foreach mwan3_set_user_rules_iptables rule
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[ -n "$DEVICE" ] || exit 0
|
||||||
|
[ -n "$INTERFACE" ] || exit 0
|
||||||
|
|
||||||
|
local IP IPT LOG
|
||||||
|
|
||||||
|
IP="/usr/sbin/ip -4"
|
||||||
|
IPT="/usr/sbin/iptables -t mangle -w"
|
||||||
|
LOG="/usr/bin/logger -t mwan3 -p"
|
||||||
|
|
||||||
case "$ACTION" in
|
case "$ACTION" in
|
||||||
ifup|ifdown)
|
ifup|ifdown)
|
||||||
mwan3_ifupdown
|
mwan3_ifupdown
|
||||||
mwan3_set_connected_iptables
|
mwan3_set_connected_iptables
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
exit 0
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,5 @@ restart() {
|
||||||
}
|
}
|
||||||
|
|
||||||
boot() {
|
boot() {
|
||||||
# Don't start on boot, mwan3 is started by hotplug event.
|
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -16,10 +16,13 @@ EOF
|
||||||
|
|
||||||
EXTRA_COMMANDS="ifdown ifup interfaces policies rules status"
|
EXTRA_COMMANDS="ifdown ifup interfaces policies rules status"
|
||||||
EXTRA_HELP="$(extra_help)"
|
EXTRA_HELP="$(extra_help)"
|
||||||
|
IP="/usr/sbin/ip -4"
|
||||||
|
IPT="/usr/sbin/iptables -t mangle -w"
|
||||||
|
|
||||||
ifdown()
|
ifdown()
|
||||||
{
|
{
|
||||||
|
local device
|
||||||
|
|
||||||
if [ -z "$1" ]; then
|
if [ -z "$1" ]; then
|
||||||
echo "Error: Expecting interface. Usage: mwan3 ifdown <interface>" && exit 0
|
echo "Error: Expecting interface. Usage: mwan3 ifdown <interface>" && exit 0
|
||||||
fi
|
fi
|
||||||
|
|
@ -28,8 +31,6 @@ ifdown()
|
||||||
echo "Error: Too many arguments. Usage: mwan3 ifdown <interface>" && exit 0
|
echo "Error: Too many arguments. Usage: mwan3 ifdown <interface>" && exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
local device
|
|
||||||
|
|
||||||
device=$(uci get -p /var/state network.$1.ifname) &> /dev/null
|
device=$(uci get -p /var/state network.$1.ifname) &> /dev/null
|
||||||
|
|
||||||
if [ -e /var/run/mwan3track-$1.pid ] ; then
|
if [ -e /var/run/mwan3track-$1.pid ] ; then
|
||||||
|
|
@ -44,6 +45,8 @@ ifdown()
|
||||||
|
|
||||||
ifup()
|
ifup()
|
||||||
{
|
{
|
||||||
|
local device enabled
|
||||||
|
|
||||||
config_load mwan3
|
config_load mwan3
|
||||||
|
|
||||||
if [ -z "$1" ]; then
|
if [ -z "$1" ]; then
|
||||||
|
|
@ -54,8 +57,6 @@ ifup()
|
||||||
echo "Too many arguments. Usage: mwan3 ifup <interface>" && exit 0
|
echo "Too many arguments. Usage: mwan3 ifup <interface>" && exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
local device enabled
|
|
||||||
|
|
||||||
config_get enabled "$1" enabled 0
|
config_get enabled "$1" enabled 0
|
||||||
|
|
||||||
device=$(uci get -p /var/state network.$1.ifname) &> /dev/null
|
device=$(uci get -p /var/state network.$1.ifname) &> /dev/null
|
||||||
|
|
@ -67,10 +68,10 @@ ifup()
|
||||||
|
|
||||||
interfaces()
|
interfaces()
|
||||||
{
|
{
|
||||||
config_load mwan3
|
|
||||||
|
|
||||||
local device enabled iface_id tracking
|
local device enabled iface_id tracking
|
||||||
|
|
||||||
|
config_load mwan3
|
||||||
|
|
||||||
echo "Interface status:"
|
echo "Interface status:"
|
||||||
|
|
||||||
check_iface_status()
|
check_iface_status()
|
||||||
|
|
@ -91,13 +92,13 @@ interfaces()
|
||||||
tracking="down"
|
tracking="down"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "$(ip rule | awk '$5 == ("'$device'")')" -a -n "$(iptables -S mwan3_iface_$1 -t mangle 2> /dev/null)" -a -n "$(ip -4 route list table $iface_id default dev $device 2> /dev/null)" ]; then
|
if [ -n "$($IP rule | awk '$5 == ("'$device'")')" -a -n "$($IPT -S mwan3_iface_$1 2> /dev/null)" -a -n "$($IP route list table $iface_id default dev $device 2> /dev/null)" ]; then
|
||||||
if [ -n "$(uci get -p /var/state mwan3.$1.track_ip 2> /dev/null)" ]; then
|
if [ -n "$(uci get -p /var/state mwan3.$1.track_ip 2> /dev/null)" ]; then
|
||||||
echo "Interface $1 is online (tracking $tracking)"
|
echo "Interface $1 is online (tracking $tracking)"
|
||||||
else
|
else
|
||||||
echo "Interface $1 is online"
|
echo "Interface $1 is online"
|
||||||
fi
|
fi
|
||||||
elif [ -n "$(ip rule | awk '$5 == ("'$device'")')" -o -n "$(iptables -S mwan3_iface_$1 -t mangle 2> /dev/null)" -o -n "$(ip -4 route list table $iface_id default dev $device 2> /dev/null)" ]; then
|
elif [ -n "$($IP rule | awk '$5 == ("'$device'")')" -o -n "$($IPT -S mwan3_iface_$1 2> /dev/null)" -o -n "$($IP route list table $iface_id default dev $device 2> /dev/null)" ]; then
|
||||||
echo "Interface $1 error"
|
echo "Interface $1 error"
|
||||||
else
|
else
|
||||||
if [ "$enabled" -eq 1 ]; then
|
if [ "$enabled" -eq 1 ]; then
|
||||||
|
|
@ -119,21 +120,21 @@ policies()
|
||||||
{
|
{
|
||||||
local percent policy share total_weight weight iface
|
local percent policy share total_weight weight iface
|
||||||
|
|
||||||
for policy in $(iptables -S -t mangle | awk '{print $2}' | grep mwan3_policy_ | sort -u); do
|
for policy in $($IPT -S | awk '{print $2}' | grep mwan3_policy_ | sort -u); do
|
||||||
echo "Policy $policy:" | sed 's/mwan3_policy_//g'
|
echo "Policy $policy:" | sed 's/mwan3_policy_//g'
|
||||||
|
|
||||||
for iface in $(iptables -S $policy -t mangle | cut -s -d'"' -f2 | awk '{print $1}'); do
|
for iface in $($IPT -S $policy | cut -s -d'"' -f2 | awk '{print $1}'); do
|
||||||
[ -n "$total_weight" ] || total_weight=$(iptables -S $policy -t mangle | grep "$iface " | cut -s -d'"' -f2 | awk '{print $3}')
|
[ -n "$total_weight" ] || total_weight=$($IPT -S $policy | grep "$iface " | cut -s -d'"' -f2 | awk '{print $3}')
|
||||||
done
|
done
|
||||||
|
|
||||||
if [ ! -z "${total_weight##*[!0-9]*}" ]; then
|
if [ ! -z "${total_weight##*[!0-9]*}" ]; then
|
||||||
for iface in $(iptables -S $policy -t mangle | cut -s -d'"' -f2 | awk '{print $1}'); do
|
for iface in $($IPT -S $policy | cut -s -d'"' -f2 | awk '{print $1}'); do
|
||||||
weight=$(iptables -S $policy -t mangle | grep "$iface " | cut -s -d'"' -f2 | awk '{print $2}')
|
weight=$($IPT -S $policy | grep "$iface " | cut -s -d'"' -f2 | awk '{print $2}')
|
||||||
percent=$(($weight*100/$total_weight))
|
percent=$(($weight*100/$total_weight))
|
||||||
echo " $iface ($percent%)"
|
echo " $iface ($percent%)"
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
echo " $(iptables -S $policy -t mangle | sed '/.*--comment \([^ ]*\) .*$/!d;s//\1/;q')"
|
echo " $($IPT -S $policy | sed '/.*--comment \([^ ]*\) .*$/!d;s//\1/;q')"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo -e
|
echo -e
|
||||||
|
|
@ -144,19 +145,17 @@ policies()
|
||||||
}
|
}
|
||||||
rules()
|
rules()
|
||||||
{
|
{
|
||||||
if [ -n "$(iptables -S mwan3_connected -t mangle 2> /dev/null)" ]; then
|
if [ -n "$($IPT -S mwan3_connected 2> /dev/null)" ]; then
|
||||||
echo "Known networks:"
|
echo "Known networks:"
|
||||||
echo "destination policy hits" | awk '{ printf "%-19s%-19s%-9s%s\n",$1,$2,$3}'
|
echo "destination policy hits" | awk '{ printf "%-19s%-19s%-9s%s\n",$1,$2,$3}' | awk '1; {gsub(".","-")}1'
|
||||||
echo "------------------------------------------------"
|
$IPT -L mwan3_connected -n -v 2> /dev/null | tail -n+3 | sed 's/mark.*//' | sed 's/mwan3_policy_//g' | awk '{printf "%-19s%-19s%-9s%s\n",$9,"default",$1}'
|
||||||
iptables -L mwan3_connected -t mangle -n -v 2> /dev/null | tail -n+3 | sed 's/mark.*//' | sed 's/mwan3_policy_//g' | awk '{printf "%-19s%-19s%-9s%s\n",$9,"default",$1}'
|
|
||||||
echo -e
|
echo -e
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "$(iptables -S mwan3_rules -t mangle 2> /dev/null)" ]; then
|
if [ -n "$($IPT -S mwan3_rules 2> /dev/null)" ]; then
|
||||||
echo "Active rules:"
|
echo "Active rules:"
|
||||||
echo "source destination proto src-port dest-port policy hits" | awk '{ printf "%-19s%-19s%-7s%-14s%-14s%-16s%-9s%s\n",$1,$2,$3,$4,$5,$6,$7}'
|
echo "source destination proto src-port dest-port policy hits" | awk '{ printf "%-19s%-19s%-7s%-14s%-14s%-16s%-9s%s\n",$1,$2,$3,$4,$5,$6,$7}' | awk '1; {gsub(".","-")}1'
|
||||||
echo "---------------------------------------------------------------------------------------------------"
|
$IPT -L mwan3_rules -n -v 2> /dev/null | tail -n+3 | sed 's/mark.*//' | sed 's/mwan3_policy_//g' | awk '{ printf "%-19s%-19s%-7s%-14s%-14s%-16s%-9s%s\n",$8,$9,$4,$12,$15,$3,$1}'
|
||||||
iptables -L mwan3_rules -t mangle -n -v 2> /dev/null | tail -n+3 | sed 's/mark.*//' | sed 's/mwan3_policy_//g' | awk '{ printf "%-19s%-19s%-7s%-14s%-14s%-16s%-9s%s\n",$8,$9,$4,$12,$15,$3,$1}'
|
|
||||||
echo -e
|
echo -e
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
@ -181,24 +180,24 @@ stop()
|
||||||
killall mwan3track &> /dev/null
|
killall mwan3track &> /dev/null
|
||||||
rm /var/run/mwan3track-* &> /dev/null
|
rm /var/run/mwan3track-* &> /dev/null
|
||||||
|
|
||||||
for route in $(ip route list table all | sed 's/.*table \([^ ]*\) .*/\1/' | awk '{print $1}' | awk '{for(i=1;i<=NF;i++) if($i+0>0) if($i+0<255) {print;break}}'); do
|
for route in $($IP route list table all | sed 's/.*table \([^ ]*\) .*/\1/' | awk '{print $1}' | awk '{for(i=1;i<=NF;i++) if($i+0>0) if($i+0<255) {print;break}}'); do
|
||||||
ip -4 route flush table $route &> /dev/null
|
$IP route flush table $route &> /dev/null
|
||||||
done
|
done
|
||||||
|
|
||||||
for rule in $(ip -4 rule list | egrep '^[1-2][0-9]{3}\:' | cut -d ':' -f 1); do
|
for rule in $($IP rule list | egrep '^[1-2][0-9]{3}\:' | cut -d ':' -f 1); do
|
||||||
ip -4 rule del pref $rule &> /dev/null
|
$IP rule del pref $rule &> /dev/null
|
||||||
done
|
done
|
||||||
|
|
||||||
iptables -D PREROUTING -t mangle -j mwan3_hook &> /dev/null
|
$IPT -D PREROUTING -j mwan3_hook &> /dev/null
|
||||||
iptables -D OUTPUT -t mangle -j mwan3_hook &> /dev/null
|
$IPT -D OUTPUT -j mwan3_hook &> /dev/null
|
||||||
iptables -D OUTPUT -t mangle -j mwan3_track_hook &> /dev/null
|
$IPT -D OUTPUT -j mwan3_track_hook &> /dev/null
|
||||||
|
|
||||||
for table in $(iptables -S -t mangle | awk '{print $2}' | grep mwan3 | sort -u); do
|
for table in $($IPT -S | awk '{print $2}' | grep mwan3 | sort -u); do
|
||||||
iptables -F $table -t mangle &> /dev/null
|
$IPT -F $table &> /dev/null
|
||||||
done
|
done
|
||||||
|
|
||||||
for table in $(iptables -S -t mangle | awk '{print $2}' | grep mwan3 | sort -u); do
|
for table in $($IPT -S | awk '{print $2}' | grep mwan3 | sort -u); do
|
||||||
iptables -X $table -t mangle &> /dev/null
|
$IPT -X $table &> /dev/null
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue