Merge 320262a7f0 into f788525078
This commit is contained in:
Tim Nordell
GitHub
commit
b1f831aa9f
|
|
@ -3,6 +3,7 @@
|
|||
|
||||
config globals 'globals'
|
||||
option mmx_mask '0x3F00'
|
||||
option unknown_wan_action 'none'
|
||||
|
||||
config interface 'wan'
|
||||
option enabled '1'
|
||||
|
|
|
|||
|
|
@ -17,6 +17,9 @@ MM_BLACKHOLE=""
|
|||
|
||||
MMX_UNREACHABLE=""
|
||||
MM_UNREACHABLE=""
|
||||
|
||||
MMX_UNKNOWN_WAN=""
|
||||
MM_UNKNOWN_WAN=""
|
||||
MAX_SLEEP=$(((1<<31)-1))
|
||||
|
||||
command -v ip6tables > /dev/null
|
||||
|
|
@ -149,11 +152,13 @@ mwan3_init()
|
|||
mmdefault=$(((1<<bitcnt)-1))
|
||||
MM_BLACKHOLE=$((mmdefault-2))
|
||||
MM_UNREACHABLE=$((mmdefault-1))
|
||||
MM_UNKNOWN_WAN=$((mmdefault-3))
|
||||
|
||||
# MMX_DEFAULT should equal MMX_MASK
|
||||
MMX_DEFAULT=$(mwan3_id2mask mmdefault MMX_MASK)
|
||||
MMX_BLACKHOLE=$(mwan3_id2mask MM_BLACKHOLE MMX_MASK)
|
||||
MMX_UNREACHABLE=$(mwan3_id2mask MM_UNREACHABLE MMX_MASK)
|
||||
MMX_UNKNOWN_WAN=$(mwan3_id2mask MM_UNKNOWN_WAN MMX_MASK)
|
||||
}
|
||||
|
||||
# maps the 1st parameter so it only uses the bits allowed by the bitmask (2nd parameter)
|
||||
|
|
|
|||
|
|
@ -237,7 +237,9 @@ mwan3_set_dynamic_ipset()
|
|||
|
||||
mwan3_set_general_rules()
|
||||
{
|
||||
local IP
|
||||
local IP unknown_wan_action
|
||||
|
||||
config_get unknown_wan_action globals unknown_wan_action "none"
|
||||
|
||||
for IP in "$IP4" "$IP6"; do
|
||||
[ "$IP" = "$IP6" ] && [ $NO_IPV6 -ne 0 ] && continue
|
||||
|
|
@ -250,12 +252,21 @@ mwan3_set_general_rules()
|
|||
if [ -z "$($IP rule list | awk -v var="$RULE_NO:" '$1 == var')" ]; then
|
||||
$IP rule add pref $RULE_NO fwmark $MMX_UNREACHABLE/$MMX_MASK unreachable
|
||||
fi
|
||||
|
||||
if [ $unknown_wan_action != "none" ]; then
|
||||
RULE_NO=$((MM_UNKNOWN_WAN+2000))
|
||||
if [ -z "$($IP rule list | awk -v var="$RULE_NO:" '$1 == var')" ]; then
|
||||
$IP rule add pref $RULE_NO fwmark $MMX_UNKNOWN_WAN/$MMX_MASK "$unknown_wan_action"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
mwan3_set_general_iptables()
|
||||
{
|
||||
local IPT current update error family
|
||||
local IPT current update error family unknown_wan_action
|
||||
|
||||
config_get unknown_wan_action globals unknown_wan_action "none"
|
||||
|
||||
for IPT in "$IPT4" "$IPT6"; do
|
||||
[ "$IPT" = "$IPT6" ] && [ $NO_IPV6 -ne 0 ] && continue
|
||||
|
|
@ -278,10 +289,24 @@ mwan3_set_general_iptables()
|
|||
mwan3_push_update -N mwan3_${chain}_${family}
|
||||
mwan3_push_update -A mwan3_${chain}_${family} \
|
||||
-m set --match-set mwan3_${chain}_${family} dst \
|
||||
-m set --match-set mwan3_${chain}_${family} src \
|
||||
-j MARK --set-xmark $MMX_DEFAULT/$MMX_MASK
|
||||
fi
|
||||
done
|
||||
|
||||
if [ $unknown_wan_action != "none" ]; then
|
||||
if [ -n "${current##*-N mwan3_unknown_wan_${family}*}" ]; then
|
||||
mwan3_push_update -N mwan3_unknown_wan_${family}
|
||||
for chain in custom connected dynamic; do
|
||||
mwan3_push_update -A mwan3_unknown_wan_${family} \
|
||||
-m set --match-set mwan3_${chain}_${family} src \
|
||||
-j RETURN
|
||||
done
|
||||
mwan3_push_update -A mwan3_unknown_wan_${family} \
|
||||
-j MARK --set-xmark $MMX_UNKNOWN_WAN/$MMX_MASK
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -n "${current##*-N mwan3_rules*}" ]; then
|
||||
mwan3_push_update -N mwan3_rules
|
||||
fi
|
||||
|
|
@ -315,9 +340,22 @@ mwan3_set_general_iptables()
|
|||
mwan3_push_update -A mwan3_hook \
|
||||
-m mark --mark 0x0/$MMX_MASK \
|
||||
-j CONNMARK --restore-mark --nfmask "$MMX_MASK" --ctmask "$MMX_MASK"
|
||||
if [ $unknown_wan_action != "none" ]; then
|
||||
mwan3_push_update -A mwan3_hook \
|
||||
-m conntrack --ctdir REPLY \
|
||||
-j RETURN
|
||||
mwan3_push_update -A mwan3_hook \
|
||||
-m mark --mark $MMX_UNKNOWN_WAN/$MMX_MASK \
|
||||
-j MARK --set-xmark 0/$MMX_MASK
|
||||
fi
|
||||
mwan3_push_update -A mwan3_hook \
|
||||
-m mark --mark 0x0/$MMX_MASK \
|
||||
-j mwan3_ifaces_in
|
||||
if [ $unknown_wan_action != "none" ]; then
|
||||
mwan3_push_update -A mwan3_hook \
|
||||
-m mark --mark 0x0/$MMX_MASK \
|
||||
-j mwan3_unknown_wan_${family}
|
||||
fi
|
||||
|
||||
for chain in custom connected dynamic; do
|
||||
mwan3_push_update -A mwan3_hook \
|
||||
|
|
@ -419,16 +457,18 @@ mwan3_create_iface_iptables()
|
|||
|
||||
mwan3_delete_iface_iptables()
|
||||
{
|
||||
local IPT update
|
||||
local IPT IPTR update
|
||||
config_get family "$1" family ipv4
|
||||
|
||||
if [ "$family" = "ipv4" ]; then
|
||||
IPT="$IPT4"
|
||||
IPTR="$IPT4R"
|
||||
fi
|
||||
|
||||
if [ "$family" = "ipv6" ]; then
|
||||
[ $NO_IPV6 -ne 0 ] && return
|
||||
IPT="$IPT6"
|
||||
IPTR="$IPT6R"
|
||||
fi
|
||||
|
||||
update="*mangle"
|
||||
|
|
|
|||
Loading…
Reference in New Issue