|
|
- #!/bin/sh
- #
- # Copyright (C) 2018 rosysong@rosinson.com
- #
-
- # for uci_validate_section()
- . /lib/functions/procd.sh
-
- NFT_QOS_HAS_BRIDGE=
- NFT_QOS_INET_FAMILY=ip
- NFT_QOS_SCRIPT_TEXT=
- NFT_QOS_SCRIPT_FILE=/tmp/qos.nft
-
- qosdef_appendx() { # <string to be appended>
- NFT_QOS_SCRIPT_TEXT="$NFT_QOS_SCRIPT_TEXT""$1"
- }
-
- qosdef_append_chain_def() { # <type> <hook> <priority> <policy>
- qosdef_appendx "\t\ttype $1 hook $2 priority $3; policy $4;\n"
- }
-
- qosdef_append_chain_ingress() { # <type> <device> <priority> <policy>
- qosdef_appendx "\t\ttype $1 hook ingress device $2 priority $3; policy $4;\n"
- }
-
- # qosdef_append_rule_{MATCH}_{STATEMENT}
- qosdef_append_rule_ip_limit() { # <ipaddr> <operator> <unit> <rate>
- local ipaddr=$1
- local operator=$2
- local unit=$3
- local rate=$4
-
- qosdef_appendx \
- "\t\tip $operator $ipaddr limit rate over $rate $unit/second drop\n"
- }
-
- # qosdef_append_rule_{MATCH}_{POLICY}
- qosdef_append_rule_ip_policy() { # <operator> <ipaddr> <policy>
- qosdef_appendx "\t\tip $1 $2 $3\n"
- }
-
- _handle_limit_whitelist() { # <value> <chain>
- local ipaddr=$1
- local operator
-
- [ -z "$ipaddr" ] && return
-
- case "$2" in
- download) operator="daddr";;
- upload) operator="saddr";;
- esac
-
- qosdef_append_rule_ip_policy $operator $ipaddr accept
- }
-
- qosdef_append_rule_limit_whitelist() { # <chain>
- config_list_foreach default limit_whitelist _handle_limit_whitelist $1
- }
-
- qosdef_flush_table() { # <family> <table>
- nft flush table $1 $2 2>/dev/null
- }
-
- qosdef_remove_table() { # <family> <table>
- nft delete table $1 $2 2>/dev/null
- }
-
- qosdef_init_header() { # add header for nft script
- qosdef_appendx "#!/usr/sbin/nft -f\n"
- qosdef_appendx "# Copyright (C) 2018 rosysong@rosinson.com\n"
- qosdef_appendx "#\n\n"
- }
-
- qosdef_init_env() {
- # check interface type of lan
- local lt="$(uci_get "network.lan.type")"
- [ "$lt" = "bridge" ] && export NFT_QOS_HAS_BRIDGE="y"
-
- # check if ipv6 support
- [ -e /proc/sys/net/ipv6 ] && export NFT_QOS_INET_FAMILY="inet"
- }
-
- qosdef_clean_cache() {
- rm -f $NFT_QOS_SCRIPT_FILE
- }
-
- qosdef_init_done() {
- echo -e $NFT_QOS_SCRIPT_TEXT > $NFT_QOS_SCRIPT_FILE 2>/dev/null
- }
-
- qosdef_start() {
- nft -f $NFT_QOS_SCRIPT_FILE 2>/dev/null
- }
|