From da9a626f78791b953a58ccd30987983ff52c8afc Mon Sep 17 00:00:00 2001 From: Aaron Goodman Date: Fri, 29 May 2020 19:47:38 -0400 Subject: [PATCH 1/9] mwan3: don't add single ipv4 to connected list if already covered by a cidr Signed-off-by: Aaron Goodman --- net/mwan3/files/lib/mwan3/mwan3.sh | 36 ++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 7 deletions(-) diff --git a/net/mwan3/files/lib/mwan3/mwan3.sh b/net/mwan3/files/lib/mwan3/mwan3.sh index 5ffef9405..eecd4a380 100644 --- a/net/mwan3/files/lib/mwan3/mwan3.sh +++ b/net/mwan3/files/lib/mwan3/mwan3.sh @@ -238,26 +238,48 @@ mwan3_set_custom_ipset() $IPS -! add mwan3_connected mwan3_custom_v6 } -mwan3_set_connected_iptables() -{ - local connected_network_v4 connected_network_v6 source_network_v6 - - $IPS -! create mwan3_connected_v4 hash:net - $IPS create mwan3_connected_v4_temp hash:net +mwan3_set_connected_ipv4() +{ + local connected_network_v4 candidate_list cidr_list + candidate_list="" + cidr_list="" for connected_network_v4 in $($IP4 route | awk '{print $1}' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do - $IPS -! add mwan3_connected_v4_temp "$connected_network_v4" + [ -z "${connected_network_v4##*/*}" ] && + cidr_list="$cidr_list $connected_network_v4" || + candidate_list="$candidate_list $connected_network_v4" done for connected_network_v4 in $($IP4 route list table 0 | awk '{print $2}' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do + [ -z "${connected_network_v4##*/*}" ] && + cidr_list="$cidr_list $connected_network_v4" || + candidate_list="$candidate_list $connected_network_v4" + done + + for connected_network_v4 in $cidr_list; do $IPS -! add mwan3_connected_v4_temp "$connected_network_v4" done + for connected_network_v4 in $candidate_list; do + ipset -q test mwan3_connected_v4_temp "$connected_network_v4" || + $IPS -! add mwan3_connected_v4_temp "$connected_network_v4" + done $IPS add mwan3_connected_v4_temp 224.0.0.0/3 $IPS swap mwan3_connected_v4_temp mwan3_connected_v4 $IPS destroy mwan3_connected_v4_temp +} + +mwan3_set_connected_iptables() +{ + local connected_network_v6 source_network_v6 + + $IPS -! create mwan3_connected_v4 hash:net + $IPS create mwan3_connected_v4_temp hash:net + + mwan3_set_connected_ipv4 + $IPS -! create mwan3_connected_v6 hash:net family inet6 $IPS create mwan3_connected_v6_temp hash:net family inet6 From 84a53b7c792217ccb0a3d95e8fcf63d2843cdc43 Mon Sep 17 00:00:00 2001 From: Aaron Goodman Date: Thu, 4 Jun 2020 16:43:23 -0400 Subject: [PATCH 2/9] mwan3: be more efficient with sleep after killing trackers Signed-off-by: Aaron Goodman --- net/mwan3/files/lib/mwan3/mwan3.sh | 4 +++- net/mwan3/files/usr/sbin/mwan3 | 14 ++++++++++---- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/net/mwan3/files/lib/mwan3/mwan3.sh b/net/mwan3/files/lib/mwan3/mwan3.sh index eecd4a380..ddc8f2012 100644 --- a/net/mwan3/files/lib/mwan3/mwan3.sh +++ b/net/mwan3/files/lib/mwan3/mwan3.sh @@ -672,7 +672,9 @@ mwan3_track() for pid in $(pgrep -f "mwan3track $1 $2"); do kill -TERM "$pid" > /dev/null 2>&1 - sleep 1 + done + sleep 1 + for pid in $(pgrep -f "mwan3track $1 $2"); do kill -KILL "$pid" > /dev/null 2>&1 done if [ -n "$track_ips" ]; then diff --git a/net/mwan3/files/usr/sbin/mwan3 b/net/mwan3/files/usr/sbin/mwan3 index a854dfda2..11e8e3dca 100755 --- a/net/mwan3/files/usr/sbin/mwan3 +++ b/net/mwan3/files/usr/sbin/mwan3 @@ -64,7 +64,7 @@ ifup() status=$(ubus -S call network.interface.$1 status) [ -n "$status" ] && { json_load "$status" - json_get_vars up l3_device + json_get_vars up l3_device } config_get enabled "$1" enabled 0 @@ -141,13 +141,19 @@ stop() for pid in $(pgrep -f "mwan3rtmon"); do kill -TERM "$pid" > /dev/null 2>&1 - sleep 1 - kill -KILL "$pid" > /dev/null 2>&1 done for pid in $(pgrep -f "mwan3track"); do kill -TERM "$pid" > /dev/null 2>&1 - sleep 1 + done + + sleep 1 + + for pid in $(pgrep -f "mwan3rtmon"); do + kill -KILL "$pid" > /dev/null 2>&1 + done + + for pid in $(pgrep -f "mwan3track"); do kill -KILL "$pid" > /dev/null 2>&1 done From a0d66d4eebefe6e89c582df2b4dc972ea7c5c7f5 Mon Sep 17 00:00:00 2001 From: Aaron Goodman Date: Wed, 15 Jul 2020 21:40:16 -0400 Subject: [PATCH 3/9] mwan3: don't try to use ipv6 if not installed fix issue #11826 Signed-off-by: Aaron Goodman --- net/mwan3/files/lib/mwan3/mwan3.sh | 69 +++++++++++++++++------------- net/mwan3/files/usr/sbin/mwan3 | 7 ++- 2 files changed, 44 insertions(+), 32 deletions(-) diff --git a/net/mwan3/files/lib/mwan3/mwan3.sh b/net/mwan3/files/lib/mwan3/mwan3.sh index ddc8f2012..96fdca966 100644 --- a/net/mwan3/files/lib/mwan3/mwan3.sh +++ b/net/mwan3/files/lib/mwan3/mwan3.sh @@ -32,6 +32,9 @@ MM_BLACKHOLE="" MMX_UNREACHABLE="" MM_UNREACHABLE="" +command -v ip6tables > /dev/null +NO_IPV6=$? + # return true(=0) if has any mwan3 interface enabled # otherwise return false mwan3_rtmon_ipv4() @@ -280,33 +283,34 @@ mwan3_set_connected_iptables() mwan3_set_connected_ipv4 - $IPS -! create mwan3_connected_v6 hash:net family inet6 - $IPS create mwan3_connected_v6_temp hash:net family inet6 + [ $NO_IPV6 -eq 0 ] && { + $IPS -! create mwan3_connected_v6 hash:net family inet6 + $IPS create mwan3_connected_v6_temp hash:net family inet6 - for connected_network_v6 in $($IP6 route | awk '{print $1}' | egrep "$IPv6_REGEX"); do - $IPS -! add mwan3_connected_v6_temp "$connected_network_v6" - done + for connected_network_v6 in $($IP6 route | awk '{print $1}' | egrep "$IPv6_REGEX"); do + $IPS -! add mwan3_connected_v6_temp "$connected_network_v6" + done + $IPS swap mwan3_connected_v6_temp mwan3_connected_v6 + $IPS destroy mwan3_connected_v6_temp - $IPS swap mwan3_connected_v6_temp mwan3_connected_v6 - $IPS destroy mwan3_connected_v6_temp + $IPS -! create mwan3_source_v6 hash:net family inet6 + $IPS create mwan3_source_v6_temp hash:net family inet6 + for source_network_v6 in $($IP6 addr ls | sed -ne 's/ *inet6 \([^ \/]*\).* scope global.*/\1/p'); do + $IPS -! add mwan3_source_v6_temp "$source_network_v6" + done + $IPS swap mwan3_source_v6_temp mwan3_source_v6 + $IPS destroy mwan3_source_v6_temp + } $IPS -! create mwan3_connected list:set $IPS -! add mwan3_connected mwan3_connected_v4 - $IPS -! add mwan3_connected mwan3_connected_v6 - - $IPS -! create mwan3_source_v6 hash:net family inet6 - $IPS create mwan3_source_v6_temp hash:net family inet6 - for source_network_v6 in $($IP6 addr ls | sed -ne 's/ *inet6 \([^ \/]*\).* scope global.*/\1/p'); do - $IPS -! add mwan3_source_v6_temp "$source_network_v6" - done - $IPS swap mwan3_source_v6_temp mwan3_source_v6 - $IPS destroy mwan3_source_v6_temp + [ $NO_IPV6 -eq 0 ] && $IPS -! add mwan3_connected mwan3_connected_v6 $IPS -! create mwan3_dynamic_v4 hash:net $IPS -! add mwan3_connected mwan3_dynamic_v4 - $IPS -! create mwan3_dynamic_v6 hash:net family inet6 - $IPS -! add mwan3_connected mwan3_dynamic_v6 + [ $NO_IPV6 -eq 0 ] && $IPS -! create mwan3_dynamic_v6 hash:net family inet6 + [ $NO_IPV6 -eq 0 ] && $IPS -! add mwan3_connected mwan3_dynamic_v6 } mwan3_set_general_rules() @@ -314,7 +318,7 @@ mwan3_set_general_rules() local IP for IP in "$IP4" "$IP6"; do - + [ "$IP" = "$IP6" ] && [ $NO_IPV6 -ne 0 ] && continue RULE_NO=$(($MM_BLACKHOLE+2000)) if [ -z "$($IP rule list | awk -v var="$RULE_NO:" '$1 == var')" ]; then $IP rule add pref $RULE_NO fwmark $MMX_BLACKHOLE/$MMX_MASK blackhole @@ -332,7 +336,7 @@ mwan3_set_general_iptables() local IPT for IPT in "$IPT4" "$IPT6"; do - + [ "$IPT" = "$IPT6" ] && [ $NO_IPV6 -ne 0 ] && continue if ! $IPT -S mwan3_ifaces_in &> /dev/null; then $IPT -N mwan3_ifaces_in fi @@ -450,7 +454,7 @@ mwan3_create_iface_iptables() -j "mwan3_iface_in_$1" fi - if [ "$family" = "ipv6" ]; then + if [ "$family" = "ipv6" ] && [ $NO_IPV6 = 0 ]; then $IPS -! create mwan3_connected_v6 hash:net family inet6 if ! $IPT6 -S mwan3_ifaces_in &> /dev/null; then @@ -493,7 +497,7 @@ mwan3_delete_iface_iptables() $IPT4 -X "mwan3_iface_in_$1" &> /dev/null fi - if [ "$family" = "ipv6" ]; then + if [ "$family" = "ipv6" ] && [ $NO_IPV6 = 0 ]; then $IPT6 -D mwan3_ifaces_in \ -m mark --mark 0x0/$MMX_MASK \ @@ -529,7 +533,7 @@ mwan3_create_iface_route() mwan3_rtmon_ipv4 fi - if [ "$family" = "ipv6" ]; then + if [ "$family" = "ipv6" ] && [ $NO_IPV6 = 0 ]; then if ubus call "network.interface.${1}_6" status &>/dev/null; then network_get_gateway6 via "${1}_6" else @@ -560,7 +564,7 @@ mwan3_delete_iface_route() $IP4 route flush table "$id" fi - if [ "$family" = "ipv6" ]; then + if [ "$family" = "ipv6" ] && [ $NO_IPV6 -eq 0 ]; then $IP6 route flush table "$id" fi } @@ -588,7 +592,7 @@ mwan3_create_iface_rules() $IP4 rule add pref $(($id+2000)) fwmark $(mwan3_id2mask id MMX_MASK)/$MMX_MASK lookup "$id" fi - if [ "$family" = "ipv6" ]; then + if [ "$family" = "ipv6" ] && [ $NO_IPV6 -eq 0 ]; then while [ -n "$($IP6 rule list | awk '$1 == "'$(($id+1000)):'"')" ]; do $IP6 rule del pref $(($id+1000)) @@ -623,7 +627,7 @@ mwan3_delete_iface_rules() done fi - if [ "$family" = "ipv6" ]; then + if [ "$family" = "ipv6" ] && [ $NO_IPV6 -eq 0 ]; then while [ -n "$($IP6 rule list | awk '$1 == "'$(($id+1000)):'"')" ]; do $IP6 rule del pref $(($id+1000)) @@ -758,7 +762,7 @@ mwan3_set_policy() fi fi - if [ "$family" = "ipv6" ]; then + if [ "$family" = "ipv6" ] && [ $NO_IPV6 -eq 0 ]; then if [ "$(mwan3_get_iface_hotplug_state "$iface")" = "online" ]; then if [ "$metric" -lt "$lowest_metric_v6" ]; then @@ -821,8 +825,8 @@ mwan3_create_policies_iptables() fi for IPT in "$IPT4" "$IPT6"; do - - if ! $IPT -S "mwan3_policy_$1" &> /dev/null; then + [ "$IPT" = "$IPT6" ] && [ $NO_IPV6 -ne 0 ] && continue + if ! $IPT -S mwan3_policy_$1 &> /dev/null; then $IPT -N "mwan3_policy_$1" fi @@ -877,6 +881,7 @@ mwan3_set_sticky_iptables() [ -n "$id" ] || return 0 for IPT in "$IPT4" "$IPT6"; do + [ "$IPT" = "$IPT6" ] && [ $NO_IPV6 -ne 0 ] && continuea if [ -n "$($IPT -S "mwan3_iface_in_$1" 2> /dev/null)" ]; then $IPT -I "mwan3_rule_$rule" \ -m mark --mark $(mwan3_id2mask id MMX_MASK)/$MMX_MASK \ @@ -953,6 +958,7 @@ mwan3_set_user_iptables_rule() policy="mwan3_policy_$use_policy" for IPT in "$IPT4" "$IPT6"; do + [ "$IPT" = "$IPT6" ] && [ $NO_IPV6 -ne 0 ] && continue if ! $IPT -S "$policy" &> /dev/null; then $IPT -N "$policy" fi @@ -977,6 +983,7 @@ mwan3_set_user_iptables_rule() config_foreach mwan3_set_sticky_iptables interface for IPT in "$IPT4" "$IPT6"; do + [ "$IPT" = "$IPT6" ] && [ $NO_IPV6 -ne 0 ] && continue $IPT -A "mwan3_rule_$1" \ -m mark --mark 0/$MMX_MASK \ -j "$policy" @@ -993,6 +1000,7 @@ mwan3_set_user_iptables_rule() policy="mwan3_policy_$use_policy" for IPT in "$IPT4" "$IPT6"; do + [ "$IPT" = "$IPT6" ] && [ $NO_IPV6 -ne 0 ] && continue if ! $IPT -S "$policy" &> /dev/null; then $IPT -N "$policy" fi @@ -1001,6 +1009,7 @@ mwan3_set_user_iptables_rule() fi fi for IPT in "$IPT4" "$IPT6"; do + [ "$IPT" = "$IPT6" ] && [ $NO_IPV6 -ne 0 ] && continue [ "$family" = "ipv4" ] && [ "$IPT" = "$IPT6" ] && continue [ "$family" = "ipv6" ] && [ "$IPT" = "$IPT4" ] && continue [ "$global_logging" = "1" ] && [ "$rule_logging" = "1" ] && { @@ -1036,7 +1045,7 @@ mwan3_set_user_rules() local IPT for IPT in "$IPT4" "$IPT6"; do - + [ "$IPT" = "$IPT6" ] && [ $NO_IPV6 -ne 0 ] && continue if ! $IPT -S mwan3_rules &> /dev/null; then $IPT -N mwan3_rules fi diff --git a/net/mwan3/files/usr/sbin/mwan3 b/net/mwan3/files/usr/sbin/mwan3 index 11e8e3dca..b9a5afb9e 100755 --- a/net/mwan3/files/usr/sbin/mwan3 +++ b/net/mwan3/files/usr/sbin/mwan3 @@ -90,6 +90,7 @@ policies() echo "Current ipv4 policies:" mwan3_report_policies_v4 echo -e + [ $NO_IPV6 -ne 0 ] && return echo "Current ipv6 policies:" mwan3_report_policies_v6 echo -e @@ -100,6 +101,7 @@ connected() echo "Directly connected ipv4 networks:" mwan3_report_connected_v4 echo -e + [ $NO_IPV6 -ne 0 ] && return echo "Directly connected ipv6 networks:" mwan3_report_connected_v6 echo -e @@ -110,6 +112,7 @@ rules() echo "Active ipv4 user rules:" mwan3_report_rules_v4 echo -e + [ $NO_IPV6 -ne 0 ] && return echo "Active ipv6 user rules:" mwan3_report_rules_v6 echo -e @@ -161,7 +164,7 @@ stop() config_foreach mwan3_track_clean interface for IP in "$IP4" "$IP6"; do - + [ "$IP" = "$IP6" ] && [ $NO_IPV6 -ne 0 ] && continue for route in $(seq 1 $MWAN3_INTERFACE_MAX); do $IP route flush table $route &> /dev/null done @@ -172,7 +175,7 @@ stop() done for IPT in "$IPT4" "$IPT6"; do - + [ "$IPT" = "$IPT6" ] && [ $NO_IPV6 -ne 0 ] && continue $IPT -D PREROUTING -j mwan3_hook &> /dev/null $IPT -D OUTPUT -j mwan3_hook &> /dev/null From 2a5e9be83eaac46ed18a1784c03e38ce5712fed3 Mon Sep 17 00:00:00 2001 From: Aaron Goodman Date: Wed, 15 Jul 2020 21:41:46 -0400 Subject: [PATCH 4/9] mwan3: add default rule for ipv6 in example config default rule only applied to ipv4 with dest_ip 0.0.0.0/0 and error was hidden when trying to apply it in ip6table Signed-off-by: Aaron Goodman --- net/mwan3/files/etc/config/mwan3 | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/net/mwan3/files/etc/config/mwan3 b/net/mwan3/files/etc/config/mwan3 index 3f09d9569..750d6c4ae 100644 --- a/net/mwan3/files/etc/config/mwan3 +++ b/net/mwan3/files/etc/config/mwan3 @@ -139,7 +139,12 @@ config rule 'https' option proto 'tcp' option use_policy 'balanced' -config rule 'default_rule' +config rule 'default_rule_v4' option dest_ip '0.0.0.0/0' option use_policy 'balanced' + option family 'ipv4' +config rule 'default_rule_v6' + option dest_ip '::/0' + option use_policy 'balanced' + option family 'ipv6' From 702a104f9c516fdddd5e71207d1ad91eb70f9a41 Mon Sep 17 00:00:00 2001 From: Aaron Goodman Date: Thu, 16 Jul 2020 02:09:11 -0400 Subject: [PATCH 5/9] mwan3: don't send iptable setup failures to /dev/null silencing failing rules makes debugging more difficult Signed-off-by: Aaron Goodman --- net/mwan3/files/lib/mwan3/mwan3.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/mwan3/files/lib/mwan3/mwan3.sh b/net/mwan3/files/lib/mwan3/mwan3.sh index 96fdca966..f4bfc37e9 100644 --- a/net/mwan3/files/lib/mwan3/mwan3.sh +++ b/net/mwan3/files/lib/mwan3/mwan3.sh @@ -1023,7 +1023,7 @@ mwan3_set_user_iptables_rule() ${dest_port:+-m} ${dest_port:+multiport} ${dest_port:+--dports} $dest_port \ -m mark --mark 0/$MMX_MASK \ -m comment --comment "$1" \ - -j LOG --log-level "$loglevel" --log-prefix "MWAN3($1)" &> /dev/null + -j LOG --log-level "$loglevel" --log-prefix "MWAN3($1)" } $IPT -A mwan3_rules \ @@ -1035,7 +1035,7 @@ mwan3_set_user_iptables_rule() ${src_port:+-m} ${src_port:+multiport} ${src_port:+--sports} $src_port \ ${dest_port:+-m} ${dest_port:+multiport} ${dest_port:+--dports} $dest_port \ -m mark --mark 0/$MMX_MASK \ - -j $policy &> /dev/null + -j $policy done fi } From 30a46bdc9e409134c95c7e7760b438ef6f1dbdd0 Mon Sep 17 00:00:00 2001 From: Aaron Goodman Date: Sun, 19 Jul 2020 23:19:50 -0400 Subject: [PATCH 6/9] mwan3: cleanup duplicate ipv4 and ipv6 logic Signed-off-by: Aaron Goodman --- net/mwan3/files/lib/mwan3/mwan3.sh | 312 ++++++++++++----------------- 1 file changed, 128 insertions(+), 184 deletions(-) diff --git a/net/mwan3/files/lib/mwan3/mwan3.sh b/net/mwan3/files/lib/mwan3/mwan3.sh index f4bfc37e9..b377a64df 100644 --- a/net/mwan3/files/lib/mwan3/mwan3.sh +++ b/net/mwan3/files/lib/mwan3/mwan3.sh @@ -415,7 +415,7 @@ mwan3_set_general_iptables() mwan3_create_iface_iptables() { - local id family + local id family connected_name IPT config_get family "$1" family ipv4 mwan3_get_iface_id id "$1" @@ -423,93 +423,73 @@ mwan3_create_iface_iptables() [ -n "$id" ] || return 0 if [ "$family" = "ipv4" ]; then - $IPS -! create mwan3_connected list:set - - if ! $IPT4 -S mwan3_ifaces_in &> /dev/null; then - $IPT4 -N mwan3_ifaces_in - fi - - if ! $IPT4 -S "mwan3_iface_in_$1" &> /dev/null; then - $IPT4 -N "mwan3_iface_in_$1" - fi - - $IPT4 -F "mwan3_iface_in_$1" - $IPT4 -A "mwan3_iface_in_$1" \ - -i "$2" \ - -m set --match-set mwan3_connected src \ - -m mark --mark 0x0/$MMX_MASK \ - -m comment --comment "default" \ - -j MARK --set-xmark $MMX_DEFAULT/$MMX_MASK - $IPT4 -A "mwan3_iface_in_$1" \ - -i "$2" \ - -m mark --mark 0x0/$MMX_MASK \ - -m comment --comment "$1" \ - -j MARK --set-xmark $(mwan3_id2mask id MMX_MASK)/$MMX_MASK + connected_name=mwan3_connected + IPT="$IPT4" + $IPS -! create $connected_name list:set - $IPT4 -D mwan3_ifaces_in \ - -m mark --mark 0x0/$MMX_MASK \ - -j "mwan3_iface_in_$1" &> /dev/null - $IPT4 -A mwan3_ifaces_in \ - -m mark --mark 0x0/$MMX_MASK \ - -j "mwan3_iface_in_$1" + elif [ "$family" = "ipv6" ] && [ $NO_IPV6 -eq 0 ]; then + connected_name=mwan3_connected_v6 + IPT="$IPT6" + $IPS -! create $connected_name hash:net family inet6 + else + return fi - if [ "$family" = "ipv6" ] && [ $NO_IPV6 = 0 ]; then - $IPS -! create mwan3_connected_v6 hash:net family inet6 - - if ! $IPT6 -S mwan3_ifaces_in &> /dev/null; then - $IPT6 -N mwan3_ifaces_in - fi + if ! $IPT -S mwan3_ifaces_in &> /dev/null; then + $IPT -N mwan3_ifaces_in + fi - if ! $IPT6 -S "mwan3_iface_in_$1" &> /dev/null; then - $IPT6 -N "mwan3_iface_in_$1" - fi + if ! $IPT -S "mwan3_iface_in_$1" &> /dev/null; then + $IPT -N "mwan3_iface_in_$1" + fi - $IPT6 -F "mwan3_iface_in_$1" - $IPT6 -A "mwan3_iface_in_$1" -i "$2" \ - -m set --match-set mwan3_connected_v6 src \ - -m mark --mark 0x0/$MMX_MASK \ - -m comment --comment "default" \ - -j MARK --set-xmark $MMX_DEFAULT/$MMX_MASK - $IPT6 -A "mwan3_iface_in_$1" -i "$2" -m mark --mark 0x0/$MMX_MASK \ - -m comment --comment "$1" \ - -j MARK --set-xmark $(mwan3_id2mask id MMX_MASK)/$MMX_MASK + $IPT -F "mwan3_iface_in_$1" + $IPT -A "mwan3_iface_in_$1" \ + -i "$2" \ + -m set --match-set $connected_name src \ + -m mark --mark 0x0/$MMX_MASK \ + -m comment --comment "default" \ + -j MARK --set-xmark $MMX_DEFAULT/$MMX_MASK + $IPT -A "mwan3_iface_in_$1" \ + -i "$2" \ + -m mark --mark 0x0/$MMX_MASK \ + -m comment --comment "$1" \ + -j MARK --set-xmark $(mwan3_id2mask id MMX_MASK)/$MMX_MASK + + $IPT -D mwan3_ifaces_in \ + -m mark --mark 0x0/$MMX_MASK \ + -j "mwan3_iface_in_$1" &> /dev/null + $IPT -A mwan3_ifaces_in \ + -m mark --mark 0x0/$MMX_MASK \ + -j "mwan3_iface_in_$1" - $IPT6 -D mwan3_ifaces_in \ - -m mark --mark 0x0/$MMX_MASK \ - -j "mwan3_iface_in_$1" &> /dev/null - $IPT6 -A mwan3_ifaces_in \ - -m mark --mark 0x0/$MMX_MASK \ - -j "mwan3_iface_in_$1" - fi } mwan3_delete_iface_iptables() { + local IPT config_get family "$1" family ipv4 if [ "$family" = "ipv4" ]; then + IPT="$IPT4" + fi - $IPT4 -D mwan3_ifaces_in \ - -m mark --mark 0x0/$MMX_MASK \ - -j "mwan3_iface_in_$1" &> /dev/null - $IPT4 -F "mwan3_iface_in_$1" &> /dev/null - $IPT4 -X "mwan3_iface_in_$1" &> /dev/null + if [ "$family" = "ipv6" ]; then + [ $NO_IPV6 -ne 0 ] && return + IPT="$IPT6" fi - if [ "$family" = "ipv6" ] && [ $NO_IPV6 = 0 ]; then + $IPT -D mwan3_ifaces_in \ + -m mark --mark 0x0/$MMX_MASK \ + -j "mwan3_iface_in_$1" &> /dev/null + $IPT -F "mwan3_iface_in_$1" &> /dev/null + $IPT -X "mwan3_iface_in_$1" &> /dev/null - $IPT6 -D mwan3_ifaces_in \ - -m mark --mark 0x0/$MMX_MASK \ - -j "mwan3_iface_in_$1" &> /dev/null - $IPT6 -F "mwan3_iface_in_$1" &> /dev/null - $IPT6 -X "mwan3_iface_in_$1" &> /dev/null - fi } mwan3_create_iface_route() { - local id via metric + local id via metric V V_ IP config_get family "$1" family ipv4 mwan3_get_iface_id id "$1" @@ -517,38 +497,32 @@ mwan3_create_iface_route() [ -n "$id" ] || return 0 if [ "$family" = "ipv4" ]; then - if ubus call "network.interface.${1}_4" status &>/dev/null; then - network_get_gateway via "${1}_4" - else - network_get_gateway via "$1" - fi - - network_get_metric metric "$1" + V=4 + V_="" + IP="$IP4" + elif [ "$family" = "ipv6" ]; then + V=6 + V_=6 + IP="$IP6" + else + return + fi - $IP4 route flush table "$id" - $IP4 route add table "$id" default \ - ${via:+via} $via \ - ${metric:+metric} $metric \ - dev "$2" - mwan3_rtmon_ipv4 + if ubus call network.interface.${1}_${V} status &>/dev/null; then + network_get_gateway${V_} via "${1}_${V}" + else + network_get_gateway${V_} via "$1" fi - if [ "$family" = "ipv6" ] && [ $NO_IPV6 = 0 ]; then - if ubus call "network.interface.${1}_6" status &>/dev/null; then - network_get_gateway6 via "${1}_6" - else - network_get_gateway6 via "$1" - fi + network_get_metric metric "$1" - network_get_metric metric "$1" + $IP route flush table "$id" + $IP route add table "$id" default \ + ${via:+via} $via \ + ${metric:+metric} $metric \ + dev "$2" + mwan3_rtmon_ipv${V} - $IP6 route flush table "$id" - $IP6 route add table "$id" default \ - ${via:+via} $via \ - ${metric:+metric} $metric \ - dev "$2" - mwan3_rtmon_ipv6 - fi } mwan3_delete_iface_route() @@ -698,8 +672,9 @@ mwan3_track_signal() mwan3_set_policy() { - local iface_count id iface family metric probability weight device + local iface_count id iface family metric probability weight device is_lowest is_offline IPT total_weight + is_lowest=0 config_get iface "$1" interface config_get metric "$1" metric 1 config_get weight "$1" weight 1 @@ -710,105 +685,74 @@ mwan3_set_policy() mwan3_get_iface_id id "$iface" + [ "$(mwan3_get_iface_hotplug_state "$iface")" = "online" ] + is_offline=$? + [ -n "$id" ] || return 0 config_get family "$iface" family ipv4 if [ "$family" = "ipv4" ]; then + IPT="$IPT4" + elif [ "$family" = "ipv6" ]; then + IPT="$IPT6" + fi - if [ "$(mwan3_get_iface_hotplug_state "$iface")" = "online" ]; then - if [ "$metric" -lt "$lowest_metric_v4" ]; then - - total_weight_v4=$weight - $IPT4 -F "mwan3_policy_$policy" - $IPT4 -A "mwan3_policy_$policy" \ - -m mark --mark 0x0/$MMX_MASK \ - -m comment --comment "$iface $weight $weight" \ - -j MARK --set-xmark $(mwan3_id2mask id MMX_MASK)/$MMX_MASK - - lowest_metric_v4=$metric - - elif [ "$metric" -eq "$lowest_metric_v4" ]; then - - total_weight_v4=$(($total_weight_v4+$weight)) - probability=$(($weight*1000/$total_weight_v4)) - - if [ "$probability" -lt 10 ]; then - probability="0.00$probability" - elif [ $probability -lt 100 ]; then - probability="0.0$probability" - elif [ $probability -lt 1000 ]; then - probability="0.$probability" - else - probability="1" - fi - - probability="-m statistic --mode random --probability $probability" - - $IPT4 -I "mwan3_policy_$policy" \ - -m mark --mark 0x0/$MMX_MASK "$probability" \ - -m comment --comment "$iface $weight $total_weight_v4" \ - -j MARK --set-xmark $(mwan3_id2mask id MMX_MASK)/$MMX_MASK - fi + if [ "$family" = "ipv4" ] && [ $is_offline -eq 0 ]; then + if [ "$metric" -lt "$lowest_metric_v4" ]; then + is_lowest=1 + total_weight_v4=$weight + lowest_metric_v4=$metric + elif [ "$metric" -eq "$lowest_metric_v4" ]; then + total_weight_v4=$(($total_weight_v4+$weight)) + total_weight=$total_weight_v4 else - [ -n "$device" ] && { - $IPT4 -S "mwan3_policy_$policy" | grep -q '.*--comment ".* [0-9]* [0-9]*"' || \ - $IPT4 -I "mwan3_policy_$policy" \ - -o "$device" \ - -m mark --mark 0x0/$MMX_MASK \ - -m comment --comment "out $iface $device" \ - -j MARK --set-xmark $MMX_DEFAULT/$MMX_MASK - } + return + fi + elif [ "$family" = "ipv6" ] && [ $NO_IPV6 -eq 0 ] && [ $is_offline -eq 0 ]; then + if [ "$metric" -lt "$lowest_metric_v6" ]; then + is_lowest=1 + total_weight_v6=$weight + lowest_metric_v6=$metric + elif [ "$metric" -eq "$lowest_metric_v6" ]; then + total_weight_v6=$(($total_weight_v6+$weight)) + total_weight=$total_weight_v6 + else + return fi fi - - if [ "$family" = "ipv6" ] && [ $NO_IPV6 -eq 0 ]; then - - if [ "$(mwan3_get_iface_hotplug_state "$iface")" = "online" ]; then - if [ "$metric" -lt "$lowest_metric_v6" ]; then - - total_weight_v6=$weight - $IPT6 -F "mwan3_policy_$policy" - $IPT6 -A "mwan3_policy_$policy" \ - -m mark --mark 0x0/$MMX_MASK \ - -m comment --comment "$iface $weight $weight" \ - -j MARK --set-xmark $(mwan3_id2mask id MMX_MASK)/$MMX_MASK - - lowest_metric_v6=$metric - - elif [ "$metric" -eq "$lowest_metric_v6" ]; then - - total_weight_v6=$(($total_weight_v6+$weight)) - probability=$(($weight*1000/$total_weight_v6)) - - if [ "$probability" -lt 10 ]; then - probability="0.00$probability" - elif [ $probability -lt 100 ]; then - probability="0.0$probability" - elif [ $probability -lt 1000 ]; then - probability="0.$probability" - else - probability="1" - fi - - probability="-m statistic --mode random --probability $probability" - - $IPT6 -I "mwan3_policy_$policy" \ - -m mark --mark 0x0/$MMX_MASK \ - "$probability" \ - -m comment --comment "$iface $weight $total_weight_v6" \ - -j MARK --set-xmark $(mwan3_id2mask id MMX_MASK)/$MMX_MASK - fi + if [ $is_lowest -eq 1 ]; then + $IPT -F "mwan3_policy_$policy" + $IPT -A "mwan3_policy_$policy" \ + -m mark --mark 0x0/$MMX_MASK \ + -m comment --comment "$iface $weight $weight" \ + -j MARK --set-xmark $(mwan3_id2mask id MMX_MASK)/$MMX_MASK + elif [ $is_offline -eq 0 ]; then + probability=$(($weight*1000/$total_weight)) + if [ "$probability" -lt 10 ]; then + probability="0.00$probability" + elif [ $probability -lt 100 ]; then + probability="0.0$probability" + elif [ $probability -lt 1000 ]; then + probability="0.$probability" else - [ -n "$device" ] && { - $IPT6 -S "mwan3_policy_$policy" | grep -q '.*--comment ".* [0-9]* [0-9]*"' || \ - $IPT6 -I "mwan3_policy_$policy" \ - -o "$device" \ - -m mark --mark 0x0/$MMX_MASK \ - -m comment --comment "out $iface $device" \ - -j MARK --set-xmark $MMX_DEFAULT/$MMX_MASK - } + probability="1" fi + + $IPT -I "mwan3_policy_$policy" \ + -m mark --mark 0x0/$MMX_MASK \ + -m statistic \ + --mode random \ + --probability "$probability" \ + -m comment --comment "$iface $weight $total_weight" \ + -j MARK --set-xmark $(mwan3_id2mask id MMX_MASK)/$MMX_MASK + elif [ -n "$device" ]; then + $IPT -S "mwan3_policy_$policy" | grep -q '.*--comment ".* [0-9]* [0-9]*"' || \ + $IPT -I "mwan3_policy_$policy" \ + -o "$device" \ + -m mark --mark 0x0/$MMX_MASK \ + -m comment --comment "out $iface $device" \ + -j MARK --set-xmark $MMX_DEFAULT/$MMX_MASK fi } @@ -826,7 +770,7 @@ mwan3_create_policies_iptables() for IPT in "$IPT4" "$IPT6"; do [ "$IPT" = "$IPT6" ] && [ $NO_IPV6 -ne 0 ] && continue - if ! $IPT -S mwan3_policy_$1 &> /dev/null; then + if ! $IPT -S "mwan3_policy_$1" &> /dev/null; then $IPT -N "mwan3_policy_$1" fi From ca8bc3d115e43d95f6d12fc9d5ce51b5001c8574 Mon Sep 17 00:00:00 2001 From: Aaron Goodman Date: Wed, 15 Jul 2020 23:19:13 -0400 Subject: [PATCH 7/9] mwan3: version bump Signed-off-by: Aaron Goodman --- net/mwan3/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/mwan3/Makefile b/net/mwan3/Makefile index cde88ae59..6849617f2 100644 --- a/net/mwan3/Makefile +++ b/net/mwan3/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=mwan3 -PKG_VERSION:=2.8.9 +PKG_VERSION:=2.8.10 PKG_RELEASE:=1 PKG_MAINTAINER:=Florian Eckert PKG_LICENSE:=GPL-2.0 From a796b7a84e8bce84b01c5fb23e6e5953e643b57d Mon Sep 17 00:00:00 2001 From: Florian Eckert Date: Wed, 15 Jul 2020 11:46:25 +0200 Subject: [PATCH 8/9] mwan3: fix idx calculation Signed-off-by: Florian Eckert [aaronjg@stanford.edu: fix syntax error] Signed-off-by: Aaron Goodman --- net/mwan3/files/lib/mwan3/mwan3.sh | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/net/mwan3/files/lib/mwan3/mwan3.sh b/net/mwan3/files/lib/mwan3/mwan3.sh index b377a64df..d7def8672 100644 --- a/net/mwan3/files/lib/mwan3/mwan3.sh +++ b/net/mwan3/files/lib/mwan3/mwan3.sh @@ -39,16 +39,17 @@ NO_IPV6=$? # otherwise return false mwan3_rtmon_ipv4() { - local tid=1 local idx=0 local ret=1 local tbl="" + + local tid + mkdir -p /tmp/mwan3rtmon ($IP4 route list table main | grep -v "^default\|linkdown" | sort -n; echo empty fixup) >/tmp/mwan3rtmon/ipv4.main while uci get mwan3.@interface[$idx] >/dev/null 2>&1 ; do - idx=$((idx+1)) - tid=$idx - [ "$(uci get mwan3.@interface[$((idx-1))].family)" = "ipv4" ] && { + tid=$((idx+1)) + [ "$(uci get mwan3.@interface[$idx].family)" = "ipv4" ] && { tbl=$($IP4 route list table $tid 2>/dev/null) if echo "$tbl" | grep -q ^default; then (echo "$tbl" | grep -v "^default\|linkdown" | sort -n; echo empty fixup) >/tmp/mwan3rtmon/ipv4.$tid @@ -60,9 +61,10 @@ mwan3_rtmon_ipv4() done fi } - if [ "$(uci get mwan3.@interface[$((idx-1))].enabled)" = "1" ]; then + if [ "$(uci get mwan3.@interface[$idx].enabled)" = "1" ]; then ret=0 fi + idx=$((idx+1)) done rm -f /tmp/mwan3rtmon/ipv4.* return $ret @@ -72,16 +74,17 @@ mwan3_rtmon_ipv4() # otherwise return false mwan3_rtmon_ipv6() { - local tid=1 local idx=0 local ret=1 local tbl="" + + local tid + mkdir -p /tmp/mwan3rtmon ($IP6 route list table main | grep -v "^default\|^::/0\|^fe80::/64\|^unreachable" | sort -n; echo empty fixup) >/tmp/mwan3rtmon/ipv6.main while uci get mwan3.@interface[$idx] >/dev/null 2>&1 ; do - idx=$((idx+1)) - tid=$idx - [ "$(uci get mwan3.@interface[$((idx-1))].family)" = "ipv6" ] && { + tid=$((idx+1)) + [ "$(uci get mwan3.@interface[$idx].family)" = "ipv6" ] && { tbl=$($IP6 route list table $tid 2>/dev/null) if echo "$tbl" | grep -q "^default\|^::/0"; then (echo "$tbl" | grep -v "^default\|^::/0\|^unreachable" | sort -n; echo empty fixup) >/tmp/mwan3rtmon/ipv6.$tid @@ -93,9 +96,10 @@ mwan3_rtmon_ipv6() done fi } - if [ "$(uci get mwan3.@interface[$((idx-1))].enabled)" = "1" ]; then + if [ "$(uci get mwan3.@interface[$idx].enabled)" = "1" ]; then ret=0 fi + idx=$((idx+1)) done rm -f /tmp/mwan3rtmon/ipv6.* return $ret From 8e3e6f8dde654bdf2f1e1cf7bac6c0a2894a3fe8 Mon Sep 17 00:00:00 2001 From: Florian Eckert Date: Thu, 16 Jul 2020 15:08:04 +0200 Subject: [PATCH 9/9] mwan3: fix IPv6 routing add handling This fixes routing handling. Introduced with the last version update. The following message disappears on the shell when mwan3 is called with 'mwna3 restart`. `Error: Invalid gateway address.` Signed-off-by: Florian Eckert [aaronjg@stanford.edu: fully unset variable and handle ipv4 as well] Signed-off-by: Aaron Goodman --- net/mwan3/files/lib/mwan3/mwan3.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/mwan3/files/lib/mwan3/mwan3.sh b/net/mwan3/files/lib/mwan3/mwan3.sh index d7def8672..3ce880fd2 100644 --- a/net/mwan3/files/lib/mwan3/mwan3.sh +++ b/net/mwan3/files/lib/mwan3/mwan3.sh @@ -518,6 +518,8 @@ mwan3_create_iface_route() network_get_gateway${V_} via "$1" fi + ( [ -z "$via" ] || [ "$via" = "0.0.0.0" ] || [ "$via" = "::" ] ) && unset via + network_get_metric metric "$1" $IP route flush table "$id"