LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Browse Source

mwan3: update to version 1.6-1 

Add ipset support (ipset version >6.22 with ipmark required)
Add stickiness feature

Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>
lilik-openwrt-22.03
Adze1502 10 years ago
parent
e6a900d031
commit
74c9585abc
4 changed files with 155 additions and 83 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +3
    -3
      net/mwan3/Makefile
  2. +8
    -7
      net/mwan3/files/etc/config/mwan3
  3. +117
    -52
      net/mwan3/files/etc/hotplug.d/iface/15-mwan3
  4. +27
    -21
      net/mwan3/files/usr/sbin/mwan3

+ 3
- 3
net/mwan3/Makefile View File

@ -8,8 +8,8 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=mwan3 PKG_NAME:=mwan3
PKG_VERSION:=1.5
PKG_RELEASE:=10
PKG_VERSION:=1.6
PKG_RELEASE:=1
PKG_MAINTAINER:=Jeroen Louwes <jeroen.louwes@gmail.com> PKG_MAINTAINER:=Jeroen Louwes <jeroen.louwes@gmail.com>
PKG_LICENSE:=GPLv2 PKG_LICENSE:=GPLv2
@ -19,7 +19,7 @@ define Package/mwan3
SECTION:=net SECTION:=net
CATEGORY:=Network CATEGORY:=Network
SUBMENU:=Routing and Redirection SUBMENU:=Routing and Redirection
DEPENDS:=+ip +iptables +iptables-mod-conntrack-extra +iptables-mod-ipopt
DEPENDS:=+ip +ipset +iptables +iptables-mod-conntrack-extra +iptables-mod-ipopt
TITLE:=Multiwan hotplug script with connection tracking support TITLE:=Multiwan hotplug script with connection tracking support
MAINTAINER:=Jeroen Louwes <jeroen.louwes@gmail.com> MAINTAINER:=Jeroen Louwes <jeroen.louwes@gmail.com>
PKGARCH:=all PKGARCH:=all


+ 8
- 7
net/mwan3/files/etc/config/mwan3 View File

@ -61,17 +61,18 @@ config policy 'wan2_wan'
list use_member 'wan_m2_w3' list use_member 'wan_m2_w3'
list use_member 'wan2_m1_w2' list use_member 'wan2_m1_w2'
config rule 'sticky_even'
option src_ip '0.0.0.0/0.0.0.1'
option dest_port '443'
config rule 'youtube'
option sticky '1'
option ipset 'youtube'
option dest_port '80,443'
option proto 'tcp' option proto 'tcp'
option use_policy 'wan_wan2'
option use_policy 'balanced'
config rule 'sticky_odd'
option src_ip '0.0.0.1/0.0.0.1'
config rule 'https'
option sticky '1'
option dest_port '443' option dest_port '443'
option proto 'tcp' option proto 'tcp'
option use_policy 'wan2_wan'
option use_policy 'balanced'
config rule 'default_rule' config rule 'default_rule'
option dest_ip '0.0.0.0/0' option dest_ip '0.0.0.0/0'


+ 117
- 52
net/mwan3/files/etc/hotplug.d/iface/15-mwan3 View File

@ -12,12 +12,18 @@ mwan3_set_general_iptables()
$IPT -N mwan3_ifaces $IPT -N mwan3_ifaces
fi fi
if ! $IPT -S mwan3_rules &> /dev/null; then
$IPT -N mwan3_rules
fi
if ! $IPT -S mwan3_connected &> /dev/null; then if ! $IPT -S mwan3_connected &> /dev/null; then
$IPT -N mwan3_connected $IPT -N mwan3_connected
$IPS create mwan3_connected hash:net
$IPT -A mwan3_connected -m set --match-set mwan3_connected dst -j MARK --set-xmark 0xff00/0xff00
fi
if ! $IPT -S mwan3_track &> /dev/null; then
$IPT -N mwan3_track
fi
if ! $IPT -S mwan3_rules &> /dev/null; then
$IPT -N mwan3_rules
fi fi
if ! $IPT -S mwan3_hook &> /dev/null; then if ! $IPT -S mwan3_hook &> /dev/null; then
@ -25,15 +31,12 @@ mwan3_set_general_iptables()
$IPT -A mwan3_hook -j CONNMARK --restore-mark --nfmask 0xff00 --ctmask 0xff00 $IPT -A mwan3_hook -j CONNMARK --restore-mark --nfmask 0xff00 --ctmask 0xff00
$IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_ifaces $IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_ifaces
$IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_connected $IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_connected
$IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_track
$IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_rules $IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_rules
$IPT -A mwan3_hook -j CONNMARK --save-mark --nfmask 0xff00 --ctmask 0xff00 $IPT -A mwan3_hook -j CONNMARK --save-mark --nfmask 0xff00 --ctmask 0xff00
$IPT -A mwan3_hook -m mark ! --mark 0xff00/0xff00 -j mwan3_connected $IPT -A mwan3_hook -m mark ! --mark 0xff00/0xff00 -j mwan3_connected
fi fi
if ! $IPT -S mwan3_output_hook &> /dev/null; then
$IPT -N mwan3_output_hook
fi
if ! $IPT -S PREROUTING | grep mwan3_hook &> /dev/null; then if ! $IPT -S PREROUTING | grep mwan3_hook &> /dev/null; then
$IPT -A PREROUTING -j mwan3_hook $IPT -A PREROUTING -j mwan3_hook
fi fi
@ -42,10 +45,6 @@ mwan3_set_general_iptables()
$IPT -A OUTPUT -j mwan3_hook $IPT -A OUTPUT -j mwan3_hook
fi fi
if ! $IPT -S OUTPUT | grep mwan3_output_hook &> /dev/null; then
$IPT -A OUTPUT -j mwan3_output_hook
fi
$IPT -F mwan3_rules $IPT -F mwan3_rules
} }
@ -62,28 +61,29 @@ mwan3_set_general_rules()
mwan3_set_connected_iptables() mwan3_set_connected_iptables()
{ {
local connected_networks
local connected_network
if $IPT -S mwan3_connected &> /dev/null; then if $IPT -S mwan3_connected &> /dev/null; then
$IPT -F mwan3_connected
for connected_networks in $($IP route | awk '{print $1}' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do
$IPT -A mwan3_connected -d $connected_networks -j MARK --set-xmark 0xff00/0xff00
$IPS create mwan3_connected_temp hash:net
for connected_network in $($IP route | awk '{print $1}' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do
$IPS -! add mwan3_connected_temp $connected_network
done done
for connected_networks in $($IP route list table 0 | awk '{print $2}' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do
$IPT -A mwan3_connected -d $connected_networks -j MARK --set-xmark 0xff00/0xff00
for connected_network in $($IP route list table 0 | awk '{print $2}' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do
$IPS -! add mwan3_connected_temp $connected_network
done done
$IPT -I mwan3_connected -d 224.0.0.0/3 -j MARK --set-xmark 0xff00/0xff00
$IPT -I mwan3_connected -d 127.0.0.0/8 -j MARK --set-xmark 0xff00/0xff00
$IPS add mwan3_connected_temp 224.0.0.0/3
$IPS swap mwan3_connected_temp mwan3_connected
$IPS destroy mwan3_connected_temp
fi fi
} }
mwan3_set_iface_iptables() mwan3_set_iface_iptables()
{ {
local local_net local_nets
if ! $IPT -S mwan3_iface_$INTERFACE &> /dev/null; then if ! $IPT -S mwan3_iface_$INTERFACE &> /dev/null; then
$IPT -N mwan3_iface_$INTERFACE $IPT -N mwan3_iface_$INTERFACE
fi fi
@ -92,16 +92,7 @@ mwan3_set_iface_iptables()
$IPT -D mwan3_ifaces -m mark --mark 0x0/0xff00 -j mwan3_iface_$INTERFACE &> /dev/null $IPT -D mwan3_ifaces -m mark --mark 0x0/0xff00 -j mwan3_iface_$INTERFACE &> /dev/null
if [ $ACTION == "ifup" ]; then if [ $ACTION == "ifup" ]; then
local_nets=$($IP route list dev $DEVICE scope link | awk '{print $1}' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}')
if [ -n "$local_nets" ]; then
for local_net in $local_nets ; do
if [ $ACTION == "ifup" ]; then
$IPT -I mwan3_iface_$INTERFACE -i $DEVICE -s $local_net -m mark --mark 0x0/0xff00 -m comment --comment "default" -j MARK --set-xmark 0xff00/0xff00
fi
done
fi
$IPT -I mwan3_iface_$INTERFACE -i $DEVICE -m set --match-set mwan3_connected src -m mark --mark 0x0/0xff00 -m comment --comment "default" -j MARK --set-xmark 0xff00/0xff00
$IPT -A mwan3_iface_$INTERFACE -i $DEVICE -m mark --mark 0x0/0xff00 -m comment --comment "$INTERFACE" -j MARK --set-xmark $(($iface_id*256))/0xff00 $IPT -A mwan3_iface_$INTERFACE -i $DEVICE -m mark --mark 0x0/0xff00 -m comment --comment "$INTERFACE" -j MARK --set-xmark $(($iface_id*256))/0xff00
$IPT -A mwan3_ifaces -m mark --mark 0x0/0xff00 -j mwan3_iface_$INTERFACE $IPT -A mwan3_ifaces -m mark --mark 0x0/0xff00 -j mwan3_iface_$INTERFACE
fi fi
@ -131,6 +122,17 @@ mwan3_set_iface_rules()
[ $ACTION == "ifup" ] && $IP rule add pref $(($iface_id+2000)) fwmark $(($iface_id*256))/0xff00 lookup $iface_id [ $ACTION == "ifup" ] && $IP rule add pref $(($iface_id+2000)) fwmark $(($iface_id*256))/0xff00 lookup $iface_id
} }
mwan3_set_iface_ipset()
{
local setname entry
for setname in $(ipset -n list | grep ^mwan3_sticky_); do
for entry in $(ipset list $setname | grep "$(echo $(($iface_id*256)) | awk '{ printf "0x%08x", $1; }')" | cut -d ' ' -f 1); do
$IPS del $setname $entry
done
done
}
mwan3_track() mwan3_track()
{ {
local track_ip track_ips reliability count timeout interval down up local track_ip track_ips reliability count timeout interval down up
@ -154,22 +156,23 @@ mwan3_track()
config_get down $INTERFACE down 5 config_get down $INTERFACE down 5
config_get up $INTERFACE up 5 config_get up $INTERFACE up 5
if ! $IPT -S mwan3_track_$INTERFACE &> /dev/null; then
$IPT -N mwan3_track_$INTERFACE
$IPT -A mwan3_output_hook -p icmp -m icmp --icmp-type 8 -m length --length 32 -j mwan3_track_$INTERFACE
fi
$IPT -F mwan3_track_$INTERFACE
$IPS -! create mwan3_track_$INTERFACE hash:ip
$IPS create mwan3_track_temp_$INTERFACE hash:ip
for track_ip in $track_ips; do for track_ip in $track_ips; do
$IPT -A mwan3_track_$INTERFACE -d $track_ip -j MARK --set-xmark 0xff00/0xff00
$IPS -! add mwan3_track_temp_$INTERFACE $track_ip
done done
$IPS swap mwan3_track_temp_$INTERFACE mwan3_track_$INTERFACE
$IPS destroy mwan3_track_temp_$INTERFACE
$IPT -D mwan3_track -p icmp -m set --match-set mwan3_track_$INTERFACE dst -m icmp --icmp-type 8 -m length --length 32 -j MARK --set-xmark 0xff00/0xff00 &> /dev/null
$IPT -A mwan3_track -p icmp -m set --match-set mwan3_track_$INTERFACE dst -m icmp --icmp-type 8 -m length --length 32 -j MARK --set-xmark 0xff00/0xff00
[ -x /usr/sbin/mwan3track ] && /usr/sbin/mwan3track $INTERFACE $DEVICE $reliability $count $timeout $interval $down $up $track_ips & [ -x /usr/sbin/mwan3track ] && /usr/sbin/mwan3track $INTERFACE $DEVICE $reliability $count $timeout $interval $down $up $track_ips &
else else
$IPT -D mwan3_output_hook -p icmp -m icmp --icmp-type 8 -m length --length 32 -j mwan3_track_$INTERFACE &> /dev/null
$IPT -F mwan3_track_$INTERFACE &> /dev/null
$IPT -X mwan3_track_$INTERFACE &> /dev/null
$IPT -D mwan3_track -p icmp -m set --match-set mwan3_track_$INTERFACE dst -m icmp --icmp-type 8 -m length --length 32 -j MARK --set-xmark 0xff00/0xff00 &> /dev/null
$IPS destroy mwan3_track_$INTERFACE
fi fi
} }
@ -182,7 +185,7 @@ mwan3_set_policy()
config_get weight $1 weight 1 config_get weight $1 weight 1
[ -n "$INTERFACE" ] || return 0 [ -n "$INTERFACE" ] || return 0
config_foreach mwan3_get_iface_id interface config_foreach mwan3_get_iface_id interface
[ -n "$iface_id" ] || return 0 [ -n "$iface_id" ] || return 0
@ -200,19 +203,19 @@ mwan3_set_policy()
total_weight=$(($total_weight+$weight)) total_weight=$(($total_weight+$weight))
probability=$(($weight*1000/$total_weight)) probability=$(($weight*1000/$total_weight))
if [ "$probability" -lt 10 ]; then if [ "$probability" -lt 10 ]; then
probability="0.00$probability" probability="0.00$probability"
elif [ $probability -lt 100 ]; then
elif [ $probability -lt 100 ]; then
probability="0.0$probability" probability="0.0$probability"
elif [ $probability -lt 1000 ]; then
elif [ $probability -lt 1000 ]; then
probability="0.$probability" probability="0.$probability"
else else
probability="1" probability="1"
fi fi
probability="-m statistic --mode random --probability $probability" probability="-m statistic --mode random --probability $probability"
$IPT -I mwan3_policy_$policy -m mark --mark 0x0/0xff00 $probability -m comment --comment "$INTERFACE $weight $total_weight" -j MARK --set-xmark $(($iface_id*256))/0xff00 $IPT -I mwan3_policy_$policy -m mark --mark 0x0/0xff00 $probability -m comment --comment "$INTERFACE $weight $total_weight" -j MARK --set-xmark $(($iface_id*256))/0xff00
fi fi
fi fi
@ -254,10 +257,34 @@ mwan3_set_policies_iptables()
config_list_foreach $policy use_member mwan3_set_policy config_list_foreach $policy use_member mwan3_set_policy
} }
mwan3_set_sticky_iptables()
{
local INTERFACE iface_count iface_id
INTERFACE="$1"
config_foreach mwan3_get_iface_id interface
unset iface_count
$IPS -! create mwan3_sticky_$rule hash:ip,mark markmask 0xff00 timeout $timeout
if [ -n "$iface_id" ]; then
if [ -n "$($IPT -S mwan3_iface_$1 2> /dev/null)" ]; then
$IPT -I mwan3_rule_$rule -m set ! --match-set mwan3_sticky_$rule src,src -j MARK --set-xmark 0x0/0xff00
$IPT -I mwan3_rule_$rule -m mark --mark 0/0xff00 -j MARK --set-xmark $(($iface_id*256))/0xff00
fi
fi
unset iface_id
}
mwan3_set_user_rules_iptables() mwan3_set_user_rules_iptables()
{ {
local proto src_ip src_port dest_ip dest_port use_policy
local ipset proto src_ip src_port sticky dest_ip dest_port use_policy rule timeout
config_get sticky $1 sticky 0
config_get timeout $1 timeout 600
config_get ipset $1 ipset
config_get proto $1 proto all config_get proto $1 proto all
config_get src_ip $1 src_ip 0.0.0.0/0 config_get src_ip $1 src_ip 0.0.0.0/0
config_get src_port $1 src_port 0:65535 config_get src_port $1 src_port 0:65535
@ -265,6 +292,20 @@ mwan3_set_user_rules_iptables()
config_get dest_port $1 dest_port 0:65535 config_get dest_port $1 dest_port 0:65535
config_get use_policy $1 use_policy config_get use_policy $1 use_policy
rule="$1"
if [ "$rule" != $(echo "$rule" | cut -c1-15) ]; then
$LOG warn "Rule $rule exceeds max of 15 chars. Not setting rule" && return 0
fi
if [ -n "$ipset" ]; then
if [ -z "$($IPS -n list $ipset)" ]; then
$IPS create $ipset hash:ip timeout 3600
fi
ipset="-m set --match-set $ipset dst"
fi
if [ -n "$use_policy" ]; then if [ -n "$use_policy" ]; then
if [ "$use_policy" == "default" ]; then if [ "$use_policy" == "default" ]; then
use_policy="MARK --set-xmark 0xff00/0xff00" use_policy="MARK --set-xmark 0xff00/0xff00"
@ -273,15 +314,32 @@ mwan3_set_user_rules_iptables()
elif [ "$use_policy" == "blackhole" ]; then elif [ "$use_policy" == "blackhole" ]; then
use_policy="MARK --set-xmark 0xfd00/0xff00" use_policy="MARK --set-xmark 0xfd00/0xff00"
else else
use_policy="mwan3_policy_$use_policy"
if [ "$sticky" -eq 1 ]; then
if ! $IPT -S mwan3_rule_$rule &> /dev/null; then
$IPT -N mwan3_rule_$rule
fi
$IPT -F mwan3_rule_$rule
config_foreach mwan3_set_sticky_iptables interface
$IPT -A mwan3_rule_$rule -m mark --mark 0/0xff00 -j mwan3_policy_$use_policy
$IPT -A mwan3_rule_$rule -m mark ! --mark 0xfc00/0xfc00 -j SET --del-set mwan3_sticky_$rule src,src
$IPT -A mwan3_rule_$rule -m mark ! --mark 0xfc00/0xfc00 -j SET --add-set mwan3_sticky_$rule src,src
use_policy="mwan3_rule_$rule"
else
use_policy="mwan3_policy_$use_policy"
fi
fi fi
case $proto in case $proto in
tcp|udp) tcp|udp)
$IPT -A mwan3_rules -p $proto -s $src_ip -d $dest_ip -m multiport --sports $src_port -m multiport --dports $dest_port -m mark --mark 0/0xff00 -m comment --comment "$1" -j $use_policy &> /dev/null
$IPT -A mwan3_rules -p $proto -s $src_ip -d $dest_ip $ipset -m multiport --sports $src_port -m multiport --dports $dest_port -m mark --mark 0/0xff00 -m comment --comment "$1" -j $use_policy &> /dev/null
;; ;;
*) *)
$IPT -A mwan3_rules -p $proto -s $src_ip -d $dest_ip -m mark --mark 0/0xff00 -m comment --comment "$1" -j $use_policy &> /dev/null
$IPT -A mwan3_rules -p $proto -s $src_ip -d $dest_ip $ipset -m mark --mark 0/0xff00 -m comment --comment "$1" -j $use_policy &> /dev/null
;; ;;
esac esac
fi fi
@ -333,6 +391,7 @@ mwan3_ifupdown()
mwan3_set_iface_route mwan3_set_iface_route
mwan3_set_iface_rules mwan3_set_iface_rules
[ $ACTION == "ifdown" ] && mwan3_set_iface_ipset
[ $ACTION == "ifup" ] && mwan3_track [ $ACTION == "ifup" ] && mwan3_track
config_foreach mwan3_set_policies_iptables policy config_foreach mwan3_set_policies_iptables policy
@ -346,9 +405,15 @@ if [ $ACTION == "ifup" ]; then
[ -n "$DEVICE" ] || exit 0 [ -n "$DEVICE" ] || exit 0
fi fi
local IP IPT LOG
[ -x /usr/sbin/ip ] || exit 1
[ -x /usr/sbin/ipset ] || exit 1
[ -x /usr/sbin/iptables ] || exit 1
[ -x /usr/bin/logger ] || exit 1
local IP IPS IPT LOG
IP="/usr/sbin/ip -4" IP="/usr/sbin/ip -4"
IPS="/usr/sbin/ipset"
IPT="/usr/sbin/iptables -t mangle -w" IPT="/usr/sbin/iptables -t mangle -w"
LOG="/usr/bin/logger -t mwan3 -p" LOG="/usr/bin/logger -t mwan3 -p"


+ 27
- 21
net/mwan3/files/usr/sbin/mwan3 View File

@ -2,14 +2,15 @@
. /lib/functions.sh . /lib/functions.sh
IP="/usr/sbin/ip -4" IP="/usr/sbin/ip -4"
IPS="/usr/sbin/ipset"
IPT="/usr/sbin/iptables -t mangle -w" IPT="/usr/sbin/iptables -t mangle -w"
help() help()
{
cat <<EOF
Syntax: mwan3 [command]
Available commands:
{
cat <<EOF
Syntax: mwan3 [command]
Available commands:
start Load iptables rules, ip rules and ip routes start Load iptables rules, ip rules and ip routes
stop Unload iptables rules, ip rules and ip routes stop Unload iptables rules, ip rules and ip routes
restart Reload iptables rules, ip rules and ip routes restart Reload iptables rules, ip rules and ip routes
@ -54,11 +55,11 @@ ifup()
if [ -n "$2" ]; then if [ -n "$2" ]; then
echo "Too many arguments. Usage: mwan3 ifup <interface>" && exit 0 echo "Too many arguments. Usage: mwan3 ifup <interface>" && exit 0
fi fi
config_get enabled "$1" enabled 0 config_get enabled "$1" enabled 0
device=$(uci get -p /var/state network.$1.ifname) &> /dev/null device=$(uci get -p /var/state network.$1.ifname) &> /dev/null
if [ -n "$device" ] ; then if [ -n "$device" ] ; then
[ "$enabled" -eq 1 ] && ACTION=ifup INTERFACE=$1 DEVICE=$device /sbin/hotplug-call iface [ "$enabled" -eq 1 ] && ACTION=ifup INTERFACE=$1 DEVICE=$device /sbin/hotplug-call iface
fi fi
@ -71,14 +72,14 @@ interfaces()
config_load mwan3 config_load mwan3
echo "Interface status:" echo "Interface status:"
check_iface_status() check_iface_status()
{ {
let iface_id++ let iface_id++
device=$(uci get -p /var/state network.$1.ifname) &> /dev/null device=$(uci get -p /var/state network.$1.ifname) &> /dev/null
if [ -z "$device" ]; then if [ -z "$device" ]; then
echo "Interface $1 is unknown"
echo " interface $1 is unknown"
return 0 return 0
fi fi
@ -92,21 +93,21 @@ interfaces()
if [ -n "$($IP rule | awk '$5 == "'$device'"')" -a -n "$($IPT -S mwan3_iface_$1 2> /dev/null)" -a -n "$($IP route list table $iface_id default dev $device 2> /dev/null)" ]; then if [ -n "$($IP rule | awk '$5 == "'$device'"')" -a -n "$($IPT -S mwan3_iface_$1 2> /dev/null)" -a -n "$($IP route list table $iface_id default dev $device 2> /dev/null)" ]; then
if [ -n "$(uci get -p /var/state mwan3.$1.track_ip 2> /dev/null)" ]; then if [ -n "$(uci get -p /var/state mwan3.$1.track_ip 2> /dev/null)" ]; then
echo "Interface $1 is online (tracking $tracking)"
echo " interface $1 is online (tracking $tracking)"
else else
echo "Interface $1 is online"
echo " interface $1 is online"
fi fi
elif [ -n "$($IP rule | awk '$5 == "'$device'"')" -o -n "$($IPT -S mwan3_iface_$1 2> /dev/null)" -o -n "$($IP route list table $iface_id default dev $device 2> /dev/null)" ]; then elif [ -n "$($IP rule | awk '$5 == "'$device'"')" -o -n "$($IPT -S mwan3_iface_$1 2> /dev/null)" -o -n "$($IP route list table $iface_id default dev $device 2> /dev/null)" ]; then
echo "Interface $1 error"
echo " interface $1 error"
else else
if [ "$enabled" -eq 1 ]; then if [ "$enabled" -eq 1 ]; then
if [ -n "$(uci get -p /var/state mwan3.$1.track_ip 2> /dev/null)" ]; then if [ -n "$(uci get -p /var/state mwan3.$1.track_ip 2> /dev/null)" ]; then
echo "Interface $1 is offline (tracking $tracking)"
echo " interface $1 is offline (tracking $tracking)"
else else
echo "Interface $1 is offline"
echo " interface $1 is offline"
fi fi
else else
echo "Interface $1 is disabled"
echo " interface $1 is disabled"
fi fi
fi fi
} }
@ -141,17 +142,19 @@ policies()
} }
rules() rules()
{ {
local address
if [ -n "$($IPT -S mwan3_connected 2> /dev/null)" ]; then if [ -n "$($IPT -S mwan3_connected 2> /dev/null)" ]; then
echo "Known networks:" echo "Known networks:"
echo "destination policy hits" | awk '{ printf "%-19s%-19s%-9s%s\n",$1,$2,$3}' | awk '1; {gsub(".","-")}1'
$IPT -L mwan3_connected -n -v 2> /dev/null | tail -n+3 | sed 's/mark.*//' | sed 's/mwan3_policy_//' | awk '{printf "%-19s%-19s%-9s%s\n",$9,"default",$1}'
for address in $($IPS list mwan3_connected | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do
echo " $address"
done
echo -e echo -e
fi fi
if [ -n "$($IPT -S mwan3_rules 2> /dev/null)" ]; then if [ -n "$($IPT -S mwan3_rules 2> /dev/null)" ]; then
echo "Active rules:" echo "Active rules:"
echo "source destination proto src-port dest-port policy hits" | awk '{ printf "%-19s%-19s%-7s%-14s%-14s%-16s%-9s%s\n",$1,$2,$3,$4,$5,$6,$7}' | awk '1; {gsub(".","-")}1'
$IPT -L mwan3_rules -n -v 2> /dev/null | tail -n+3 | sed 's/mark.*//' | sed 's/mwan3_policy_//' | awk '{ printf "%-19s%-19s%-7s%-14s%-14s%-16s%-9s%s\n",$8,$9,$4,$12,$15,$3,$1}'
$IPT -L mwan3_rules -n -v 2> /dev/null | tail -n+3 | sed 's/mark.*//' | sed 's/mwan3_policy_/- /' | sed 's/mwan3_rule_/S /'
echo -e echo -e
fi fi
} }
@ -171,7 +174,7 @@ start()
stop() stop()
{ {
local route rule table
local ipset route rule table
killall mwan3track &> /dev/null killall mwan3track &> /dev/null
rm /var/run/mwan3track-* &> /dev/null rm /var/run/mwan3track-* &> /dev/null
@ -186,7 +189,6 @@ stop()
$IPT -D PREROUTING -j mwan3_hook &> /dev/null $IPT -D PREROUTING -j mwan3_hook &> /dev/null
$IPT -D OUTPUT -j mwan3_hook &> /dev/null $IPT -D OUTPUT -j mwan3_hook &> /dev/null
$IPT -D OUTPUT -j mwan3_output_hook &> /dev/null
for table in $($IPT -S | awk '{print $2}' | grep mwan3 | sort -u); do for table in $($IPT -S | awk '{print $2}' | grep mwan3 | sort -u); do
$IPT -F $table &> /dev/null $IPT -F $table &> /dev/null
@ -195,6 +197,10 @@ stop()
for table in $($IPT -S | awk '{print $2}' | grep mwan3 | sort -u); do for table in $($IPT -S | awk '{print $2}' | grep mwan3 | sort -u); do
$IPT -X $table &> /dev/null $IPT -X $table &> /dev/null
done done
for ipset in $(ipset -n list | grep mwan3); do
$IPS destroy $ipset
done
} }
restart() { restart() {


Write Preview
Loading…
Cancel
Save