mwan3: update to version 2.0-1

Fix issue with sticky sessions not working correctly Fix issue where user created ipsets were not applied Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>
9 years ago · 725cfe6b8e
--- a/net/mwan3/Makefile
+++ b/net/mwan3/Makefile
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=mwan3
 PKG_VERSION:=2.0
 PKG_RELEASE:=0
 PKG_RELEASE:=1
 PKG_MAINTAINER:=Jeroen Louwes <jeroen.louwes@gmail.com>
 PKG_LICENSE:=GPLv2
--- a/net/mwan3/files/etc/config/mwan3
+++ b/net/mwan3/files/etc/config/mwan3
@ -1,60 +1,21 @@
 config interface 'wan1'
 config interface 'wan'
 	option enabled '1'
 	list track_ip '8.8.4.4'
 	option reliability '1'
 	option count '1'
 	option timeout '2'
 	option interval '5'
 	option down '3'
 	option up '8'
 config interface 'wan2'
 	option enabled '1'
 	list track_ip '8.8.8.8'
 	option reliability '1'
 	option count '1'
 	option timeout '2'
 	option interval '5'
 	option down '3'
 	option up '8'
 config interface 'wan3'
 	option enabled '1'
 	list track_ip '208.67.222.222'
 	option reliability '1'
 	list track_ip '208.67.220.220'
 	option reliability '2'
 	option count '1'
 	option timeout '2'
 	option interval '5'
 	option down '3'
 	option up '8'
 config interface 'wan1_v6'
 	option family 'ipv6'
 	option enabled '1'
 	list track_ip '2001:7b8:1::2'
 	option reliability '1'
 	option count '1'
 	option timeout '2'
 	option interval '5'
 	option down '3'
 	option up '8'
 config interface 'wan2_v6'
 	option family 'ipv6'
 	option enabled '1'
 	list track_ip '2001:7b8:2::2'
 	option reliability '1'
 	option count '1'
 	option timeout '2'
 	option interval '5'
 	option down '3'
 	option up '8'
 config interface 'wan3_v6'
 	option family 'ipv6'
 	option enabled '1'
 	list track_ip '2001:7b8:3::2'
 config interface 'wan2'
 	option enabled '0'
 	list track_ip '8.8.8.8'
 	list track_ip '208.67.220.220'
 	option reliability '1'
 	option count '1'
 	option timeout '2'
@ -62,88 +23,51 @@ config interface 'wan3_v6'
 	option down '3'
 	option up '8'
 config member 'wan1_m1_w1'
 	option interface 'wan1'
 config member 'wan_m1_w3'
 	option interface 'wan'
 	option metric '1'
 	option weight '1'
 	option weight '3'
 config member 'wan2_m1_w1'
 	option interface 'wan2'
 	option metric '1'
 	option weight '1'
 config member 'wan_m2_w3'
 	option interface 'wan'
 	option metric '2'
 	option weight '3'
 config member 'wan3_m1_w1'
 	option interface 'wan3'
 	option metric '1'
 	option weight '1'
 config member 'wan1_v6_m1_w1'
 	option interface 'wan1_v6'
 	option metric '1'
 	option weight '1'
 config member 'wan2_v6_m1_w1'
 	option interface 'wan2_v6'
 config member 'wan2_m1_w2'
 	option interface 'wan2'
 	option metric '1'
 	option weight '1'
 	option weight '2'
 config member 'wan3_v6_m1_w1'
 	option interface 'wan3_v6'
 	option metric '1'
 	option weight '1'
 config member 'wan2_m2_w2'
 	option interface 'wan2'
 	option metric '2'
 	option weight '2'
 config policy 'wan1_only'
 	list use_member 'wan1_m1_w1'
 config policy 'wan_only'
 	list use_member 'wan_m1_w3'
 config policy 'wan2_only'
 	list use_member 'wan2_m1_w1'
 	list use_member 'wan2_m1_w2'
 config policy 'wan3_only'
 	list use_member 'wan3_m1_w1'
 config policy 'wan1_v6_only'
 	list use_member 'wan1_v6_m1_w1'
 config policy 'wan2_v6_only'
 	list use_member 'wan2_v6_m1_w1'
 config policy 'balanced'
 	list use_member 'wan_m1_w3'
 	list use_member 'wan2_m1_w2'
 config policy 'wan3_v6_only'
 	list use_member 'wan3_v6_m1_w1'
 config policy 'wan_wan2'
 	list use_member 'wan_m1_w3'
 	list use_member 'wan2_m2_w2'
 config policy 'balanced'
 	list use_member 'wan1_m1_w1'
 	list use_member 'wan2_m1_w1'
 	list use_member 'wan3_m1_w1'
 	list use_member 'wan1_v6_m1_w1'
 	list use_member 'wan2_v6_m1_w1'
 	list use_member 'wan3_v6_m1_w1'
 config policy 'wan2_wan'
 	list use_member 'wan_m2_w3'
 	list use_member 'wan2_m1_w2'
 config rule 'https'
 	option src_ip '2001:3::/64'
 	option sticky '1'
 	option dest_port '443'
 	option proto 'tcp'
 	option use_policy 'balanced'
 config rule 'https2'
 	option dest_port '19443'
 	option proto 'tcp'
 	option use_policy 'balanced'
 	option sticky '1'
 config rule 'igs'
 	option proto 'icmp'
 	option family 'ipv4'
 	option sticky '1'
 	option ipset 'google'
 	option use_policy 'balanced'
 config rule 'i6gs'
 	option proto 'icmpv6'
 	option family 'ipv6'
 	option sticky '1'
 	option ipset 'google'
 	option use_policy 'balanced'
 config rule 'default_rule'
 	option dest_ip '0.0.0.0/0'
 	option use_policy 'balanced'
--- a/net/mwan3/files/etc/hotplug.d/iface/15-mwan3
+++ b/net/mwan3/files/etc/hotplug.d/iface/15-mwan3
@ -1,5 +1,14 @@
 #!/bin/sh
 . /lib/functions.sh
 . /lib/functions/network.sh
 . /lib/mwan3/mwan3.sh
 config_load mwan3
 config_get enabled $INTERFACE enabled 0
 [ "$enabled" == "1" ] || exit 0
 [ "$ACTION" == "ifup" -o "$ACTION" == "ifdown" ] || exit 1
 [ -n "$INTERFACE" ] || exit 2
@ -13,14 +22,17 @@ fi
 [ -x /usr/sbin/ip6tables ] || exit 7
 [ -x /usr/bin/logger ] || exit 8
 . /lib/functions.sh
 . /lib/functions/network.sh
 . /lib/mwan3/mwan3.sh
 local family gateway
 config_load mwan3
 config_get family $INTERFACE family ipv4
 config_get enabled $INTERFACE enabled 0
 [ "$enabled" == "1" ] || exit 0
 if [ "$family" == "ipv4" ]; then
 	network_get_gateway gateway $INTERFACE
 elif [ "$family" == "ipv6" ]; then
 	network_get_gateway6 gateway $INTERFACE
 fi
 [ -n "$gateway" ] || exit 9
 $LOG notice "$ACTION interface $INTERFACE (${DEVICE:-unknown})"
@ -34,6 +46,7 @@ case "$ACTION" in
 		mwan3_create_iface_iptables $INTERFACE $DEVICE
 		mwan3_create_iface_route $INTERFACE $DEVICE
 		mwan3_track $INTERFACE $DEVICE
 		mwan3_set_policies_iptables
 		mwan3_set_user_rules
 	;;
 	ifdown)
@ -41,9 +54,9 @@ case "$ACTION" in
 		mwan3_delete_iface_iptables $INTERFACE
 		mwan3_delete_iface_route $INTERFACE
 		mwan3_delete_iface_ipset_entries $INTERFACE
 		mwan3_set_policies_iptables
 		mwan3_set_user_rules
 	;;
 esac
 config_foreach mwan3_create_policies_iptables policy
 exit 0
--- a/net/mwan3/files/lib/mwan3/mwan3.sh
+++ b/net/mwan3/files/lib/mwan3/mwan3.sh
@ -512,24 +512,35 @@ mwan3_create_policies_iptables()
 	config_list_foreach $1 use_member mwan3_set_policy
 }
 mwan3_set_policies_iptables()
 {
 	config_foreach mwan3_create_policies_iptables policy
 }
 mwan3_set_sticky_iptables()
 {
 	local id
 	local id iface
 	mwan3_get_iface_id id $1
 	for iface in $($IPT4 -S $policy | cut -s -d'"' -f2 | awk '{print $1}'); do
 	[ -n "$id" ] || return 0
 		if [ "$iface" == "$1" ]; then
 	$IPS -! create mwan3_sticky_v4_$rule hash:ip,mark markmask 0xff00 timeout $timeout
 	$IPS -! create mwan3_sticky_v6_$rule hash:ip,mark markmask 0xff00 timeout $timeout family inet6
 	$IPS -! create mwan3_sticky_$rule list:set
 	$IPS -! add mwan3_sticky_$rule mwan3_sticky_v4_$rule
 	$IPS -! add mwan3_sticky_$rule mwan3_sticky_v6_$rule
 			mwan3_get_iface_id id $1
 	for IPT in "$IPT4" "$IPT6"; do
 		if [ -n "$($IPT -S mwan3_iface_$1 2> /dev/null)" ]; then
 			$IPT -I mwan3_rule_$rule -m set ! --match-set mwan3_sticky_$rule src,src -j MARK --set-xmark 0x0/0xff00
 			$IPT -I mwan3_rule_$rule -m mark --mark 0/0xff00 -j MARK --set-xmark $(($id*256))/0xff00
 			[ -n "$id" ] || return 0
 			$IPS -! create mwan3_sticky_v4_$rule hash:ip,mark markmask 0xff00 timeout $timeout
 			$IPS -! create mwan3_sticky_v6_$rule hash:ip,mark markmask 0xff00 timeout $timeout family inet6
 			$IPS -! create mwan3_sticky_$rule list:set
 			$IPS -! add mwan3_sticky_$rule mwan3_sticky_v4_$rule
 			$IPS -! add mwan3_sticky_$rule mwan3_sticky_v6_$rule
 			for IPT in "$IPT4" "$IPT6"; do
 				if [ -n "$($IPT -S mwan3_iface_in_$1 2> /dev/null)" -a -n "$($IPT -S mwan3_iface_out_$1 2> /dev/null)" ]; then
 					$IPT -I mwan3_rule_$rule -m mark --mark $(($id*256))/0xff00 -m set ! --match-set mwan3_sticky_$rule src,src -j MARK --set-xmark 0x0/0xff00
 					$IPT -I mwan3_rule_$rule -m mark --mark 0/0xff00 -j MARK --set-xmark $(($id*256))/0xff00
 				fi
 			done
 		fi
 	done
 }
@ -556,14 +567,6 @@ mwan3_set_user_iptables_rule()
 	fi
 	if [ -n "$ipset" ]; then
 		if [ -z "$($IPS -n list $ipset 2> /dev/null)" ]; then
 			$IPS create $ipset list:set
 			$IPS create v4_$ipset hash:ip timeout 3600
 			$IPS create v6_$ipset hash:ip timeout 3600 family inet6
 			$IPS add $ipset v4_$ipset
 			$IPS add $ipset v6_$ipset
 		fi
 		ipset="-m set --match-set $ipset dst"
 	fi
@ -579,8 +582,6 @@ mwan3_set_user_iptables_rule()
 				policy="mwan3_policy_$use_policy"
 				config_foreach mwan3_set_sticky_iptables interface
 				for IPT in "$IPT4" "$IPT6"; do
 					if ! $IPT -S $policy &> /dev/null; then
 						$IPT -N $policy
@ -591,7 +592,11 @@ mwan3_set_user_iptables_rule()
 					fi
 					$IPT -F mwan3_rule_$1
 				done
 				config_foreach mwan3_set_sticky_iptables interface
 				for IPT in "$IPT4" "$IPT6"; do
 					$IPT -A mwan3_rule_$1 -m mark --mark 0/0xff00 -j $policy
 					$IPT -A mwan3_rule_$1 -m mark ! --mark 0xfc00/0xfc00 -j SET --del-set mwan3_sticky_$rule src,src
 					$IPT -A mwan3_rule_$1 -m mark ! --mark 0xfc00/0xfc00 -j SET --add-set mwan3_sticky_$rule src,src
--- a/net/mwan3/files/usr/sbin/mwan3
+++ b/net/mwan3/files/usr/sbin/mwan3
@ -84,8 +84,10 @@ policies()
 {
 	echo "Current ipv4 policies:"
 	mwan3_report_policies_v4
 	echo -e
 	echo "Current ipv6 policies:"
 	mwan3_report_policies_v6
 	echo -e
 }
 connected()
@ -154,8 +156,12 @@ stop()
 		done
 	done
 	for ipset in $($IPS -n list | sort | grep mwan3); do
 		$IPS destroy $ipset
 	for ipset in $($IPS -n list | grep mwan3_); do
 		$IPS -q destroy $ipset
 	done
 	for ipset in $($IPS -n list | grep mwan3 | grep -E '_v4|_v6'); do
 		$IPS -q destroy $ipset
 	done
 }