Merge 320262a7f0
into f788525078
This commit is contained in:
commit
b1f831aa9f
|
@ -3,6 +3,7 @@
|
||||||
|
|
||||||
config globals 'globals'
|
config globals 'globals'
|
||||||
option mmx_mask '0x3F00'
|
option mmx_mask '0x3F00'
|
||||||
|
option unknown_wan_action 'none'
|
||||||
|
|
||||||
config interface 'wan'
|
config interface 'wan'
|
||||||
option enabled '1'
|
option enabled '1'
|
||||||
|
|
|
@ -17,6 +17,9 @@ MM_BLACKHOLE=""
|
||||||
|
|
||||||
MMX_UNREACHABLE=""
|
MMX_UNREACHABLE=""
|
||||||
MM_UNREACHABLE=""
|
MM_UNREACHABLE=""
|
||||||
|
|
||||||
|
MMX_UNKNOWN_WAN=""
|
||||||
|
MM_UNKNOWN_WAN=""
|
||||||
MAX_SLEEP=$(((1<<31)-1))
|
MAX_SLEEP=$(((1<<31)-1))
|
||||||
|
|
||||||
command -v ip6tables > /dev/null
|
command -v ip6tables > /dev/null
|
||||||
|
@ -149,11 +152,13 @@ mwan3_init()
|
||||||
mmdefault=$(((1<<bitcnt)-1))
|
mmdefault=$(((1<<bitcnt)-1))
|
||||||
MM_BLACKHOLE=$((mmdefault-2))
|
MM_BLACKHOLE=$((mmdefault-2))
|
||||||
MM_UNREACHABLE=$((mmdefault-1))
|
MM_UNREACHABLE=$((mmdefault-1))
|
||||||
|
MM_UNKNOWN_WAN=$((mmdefault-3))
|
||||||
|
|
||||||
# MMX_DEFAULT should equal MMX_MASK
|
# MMX_DEFAULT should equal MMX_MASK
|
||||||
MMX_DEFAULT=$(mwan3_id2mask mmdefault MMX_MASK)
|
MMX_DEFAULT=$(mwan3_id2mask mmdefault MMX_MASK)
|
||||||
MMX_BLACKHOLE=$(mwan3_id2mask MM_BLACKHOLE MMX_MASK)
|
MMX_BLACKHOLE=$(mwan3_id2mask MM_BLACKHOLE MMX_MASK)
|
||||||
MMX_UNREACHABLE=$(mwan3_id2mask MM_UNREACHABLE MMX_MASK)
|
MMX_UNREACHABLE=$(mwan3_id2mask MM_UNREACHABLE MMX_MASK)
|
||||||
|
MMX_UNKNOWN_WAN=$(mwan3_id2mask MM_UNKNOWN_WAN MMX_MASK)
|
||||||
}
|
}
|
||||||
|
|
||||||
# maps the 1st parameter so it only uses the bits allowed by the bitmask (2nd parameter)
|
# maps the 1st parameter so it only uses the bits allowed by the bitmask (2nd parameter)
|
||||||
|
|
|
@ -237,7 +237,9 @@ mwan3_set_dynamic_ipset()
|
||||||
|
|
||||||
mwan3_set_general_rules()
|
mwan3_set_general_rules()
|
||||||
{
|
{
|
||||||
local IP
|
local IP unknown_wan_action
|
||||||
|
|
||||||
|
config_get unknown_wan_action globals unknown_wan_action "none"
|
||||||
|
|
||||||
for IP in "$IP4" "$IP6"; do
|
for IP in "$IP4" "$IP6"; do
|
||||||
[ "$IP" = "$IP6" ] && [ $NO_IPV6 -ne 0 ] && continue
|
[ "$IP" = "$IP6" ] && [ $NO_IPV6 -ne 0 ] && continue
|
||||||
|
@ -250,12 +252,21 @@ mwan3_set_general_rules()
|
||||||
if [ -z "$($IP rule list | awk -v var="$RULE_NO:" '$1 == var')" ]; then
|
if [ -z "$($IP rule list | awk -v var="$RULE_NO:" '$1 == var')" ]; then
|
||||||
$IP rule add pref $RULE_NO fwmark $MMX_UNREACHABLE/$MMX_MASK unreachable
|
$IP rule add pref $RULE_NO fwmark $MMX_UNREACHABLE/$MMX_MASK unreachable
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ $unknown_wan_action != "none" ]; then
|
||||||
|
RULE_NO=$((MM_UNKNOWN_WAN+2000))
|
||||||
|
if [ -z "$($IP rule list | awk -v var="$RULE_NO:" '$1 == var')" ]; then
|
||||||
|
$IP rule add pref $RULE_NO fwmark $MMX_UNKNOWN_WAN/$MMX_MASK "$unknown_wan_action"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
mwan3_set_general_iptables()
|
mwan3_set_general_iptables()
|
||||||
{
|
{
|
||||||
local IPT current update error family
|
local IPT current update error family unknown_wan_action
|
||||||
|
|
||||||
|
config_get unknown_wan_action globals unknown_wan_action "none"
|
||||||
|
|
||||||
for IPT in "$IPT4" "$IPT6"; do
|
for IPT in "$IPT4" "$IPT6"; do
|
||||||
[ "$IPT" = "$IPT6" ] && [ $NO_IPV6 -ne 0 ] && continue
|
[ "$IPT" = "$IPT6" ] && [ $NO_IPV6 -ne 0 ] && continue
|
||||||
|
@ -278,10 +289,24 @@ mwan3_set_general_iptables()
|
||||||
mwan3_push_update -N mwan3_${chain}_${family}
|
mwan3_push_update -N mwan3_${chain}_${family}
|
||||||
mwan3_push_update -A mwan3_${chain}_${family} \
|
mwan3_push_update -A mwan3_${chain}_${family} \
|
||||||
-m set --match-set mwan3_${chain}_${family} dst \
|
-m set --match-set mwan3_${chain}_${family} dst \
|
||||||
|
-m set --match-set mwan3_${chain}_${family} src \
|
||||||
-j MARK --set-xmark $MMX_DEFAULT/$MMX_MASK
|
-j MARK --set-xmark $MMX_DEFAULT/$MMX_MASK
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
if [ $unknown_wan_action != "none" ]; then
|
||||||
|
if [ -n "${current##*-N mwan3_unknown_wan_${family}*}" ]; then
|
||||||
|
mwan3_push_update -N mwan3_unknown_wan_${family}
|
||||||
|
for chain in custom connected dynamic; do
|
||||||
|
mwan3_push_update -A mwan3_unknown_wan_${family} \
|
||||||
|
-m set --match-set mwan3_${chain}_${family} src \
|
||||||
|
-j RETURN
|
||||||
|
done
|
||||||
|
mwan3_push_update -A mwan3_unknown_wan_${family} \
|
||||||
|
-j MARK --set-xmark $MMX_UNKNOWN_WAN/$MMX_MASK
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
if [ -n "${current##*-N mwan3_rules*}" ]; then
|
if [ -n "${current##*-N mwan3_rules*}" ]; then
|
||||||
mwan3_push_update -N mwan3_rules
|
mwan3_push_update -N mwan3_rules
|
||||||
fi
|
fi
|
||||||
|
@ -315,9 +340,22 @@ mwan3_set_general_iptables()
|
||||||
mwan3_push_update -A mwan3_hook \
|
mwan3_push_update -A mwan3_hook \
|
||||||
-m mark --mark 0x0/$MMX_MASK \
|
-m mark --mark 0x0/$MMX_MASK \
|
||||||
-j CONNMARK --restore-mark --nfmask "$MMX_MASK" --ctmask "$MMX_MASK"
|
-j CONNMARK --restore-mark --nfmask "$MMX_MASK" --ctmask "$MMX_MASK"
|
||||||
|
if [ $unknown_wan_action != "none" ]; then
|
||||||
|
mwan3_push_update -A mwan3_hook \
|
||||||
|
-m conntrack --ctdir REPLY \
|
||||||
|
-j RETURN
|
||||||
|
mwan3_push_update -A mwan3_hook \
|
||||||
|
-m mark --mark $MMX_UNKNOWN_WAN/$MMX_MASK \
|
||||||
|
-j MARK --set-xmark 0/$MMX_MASK
|
||||||
|
fi
|
||||||
mwan3_push_update -A mwan3_hook \
|
mwan3_push_update -A mwan3_hook \
|
||||||
-m mark --mark 0x0/$MMX_MASK \
|
-m mark --mark 0x0/$MMX_MASK \
|
||||||
-j mwan3_ifaces_in
|
-j mwan3_ifaces_in
|
||||||
|
if [ $unknown_wan_action != "none" ]; then
|
||||||
|
mwan3_push_update -A mwan3_hook \
|
||||||
|
-m mark --mark 0x0/$MMX_MASK \
|
||||||
|
-j mwan3_unknown_wan_${family}
|
||||||
|
fi
|
||||||
|
|
||||||
for chain in custom connected dynamic; do
|
for chain in custom connected dynamic; do
|
||||||
mwan3_push_update -A mwan3_hook \
|
mwan3_push_update -A mwan3_hook \
|
||||||
|
@ -419,16 +457,18 @@ mwan3_create_iface_iptables()
|
||||||
|
|
||||||
mwan3_delete_iface_iptables()
|
mwan3_delete_iface_iptables()
|
||||||
{
|
{
|
||||||
local IPT update
|
local IPT IPTR update
|
||||||
config_get family "$1" family ipv4
|
config_get family "$1" family ipv4
|
||||||
|
|
||||||
if [ "$family" = "ipv4" ]; then
|
if [ "$family" = "ipv4" ]; then
|
||||||
IPT="$IPT4"
|
IPT="$IPT4"
|
||||||
|
IPTR="$IPT4R"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$family" = "ipv6" ]; then
|
if [ "$family" = "ipv6" ]; then
|
||||||
[ $NO_IPV6 -ne 0 ] && return
|
[ $NO_IPV6 -ne 0 ] && return
|
||||||
IPT="$IPT6"
|
IPT="$IPT6"
|
||||||
|
IPTR="$IPT6R"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
update="*mangle"
|
update="*mangle"
|
||||||
|
|
Loading…
Reference in New Issue