Преглед на файлове

mwan3: update to version 2.0-0

IPv6 support! :D
Big code overhaul; expect bugs..

Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>
Jeroen Louwes преди 9 години
родител
ревизия
8ff00a6273
променени са 6 файла, в които са добавени 1003 реда и са изтрити 587 реда
  1. 2
    2
      net/mwan3/Makefile
  2. 109
    40
      net/mwan3/files/etc/config/mwan3
  3. 33
    428
      net/mwan3/files/etc/hotplug.d/iface/15-mwan3
  4. 803
    0
      net/mwan3/files/lib/mwan3/mwan3.sh
  5. 55
    116
      net/mwan3/files/usr/sbin/mwan3
  6. 1
    1
      net/mwan3/files/usr/sbin/mwan3track

+ 2
- 2
net/mwan3/Makefile Целия файл

@@ -8,8 +8,8 @@
8 8
 include $(TOPDIR)/rules.mk
9 9
 
10 10
 PKG_NAME:=mwan3
11
-PKG_VERSION:=1.6
12
-PKG_RELEASE:=3
11
+PKG_VERSION:=2.0
12
+PKG_RELEASE:=0
13 13
 PKG_MAINTAINER:=Jeroen Louwes <jeroen.louwes@gmail.com>
14 14
 PKG_LICENSE:=GPLv2
15 15
 

+ 109
- 40
net/mwan3/files/etc/config/mwan3 Целия файл

@@ -1,11 +1,8 @@
1 1
 
2
-config interface 'wan'
2
+config interface 'wan1'
3 3
 	option enabled '1'
4 4
 	list track_ip '8.8.4.4'
5
-	list track_ip '8.8.8.8'
6
-	list track_ip '208.67.222.222'
7
-	list track_ip '208.67.220.220'
8
-	option reliability '2'
5
+	option reliability '1'
9 6
 	option count '1'
10 7
 	option timeout '2'
11 8
 	option interval '5'
@@ -13,9 +10,8 @@ config interface 'wan'
13 10
 	option up '8'
14 11
 
15 12
 config interface 'wan2'
16
-	option enabled '0'
13
+	option enabled '1'
17 14
 	list track_ip '8.8.8.8'
18
-	list track_ip '208.67.220.220'
19 15
 	option reliability '1'
20 16
 	option count '1'
21 17
 	option timeout '2'
@@ -23,58 +19,131 @@ config interface 'wan2'
23 19
 	option down '3'
24 20
 	option up '8'
25 21
 
26
-config member 'wan_m1_w3'
27
-	option interface 'wan'
28
-	option metric '1'
29
-	option weight '3'
22
+config interface 'wan3'
23
+	option enabled '1'
24
+	list track_ip '208.67.222.222'
25
+	option reliability '1'
26
+	option count '1'
27
+	option timeout '2'
28
+	option interval '5'
29
+	option down '3'
30
+	option up '8'
30 31
 
31
-config member 'wan_m2_w3'
32
-	option interface 'wan'
33
-	option metric '2'
34
-	option weight '3'
32
+config interface 'wan1_v6'
33
+	option family 'ipv6'
34
+	option enabled '1'
35
+	list track_ip '2001:7b8:1::2'
36
+	option reliability '1'
37
+	option count '1'
38
+	option timeout '2'
39
+	option interval '5'
40
+	option down '3'
41
+	option up '8'
35 42
 
36
-config member 'wan2_m1_w2'
37
-	option interface 'wan2'
43
+config interface 'wan2_v6'
44
+	option family 'ipv6'
45
+	option enabled '1'
46
+	list track_ip '2001:7b8:2::2'
47
+	option reliability '1'
48
+	option count '1'
49
+	option timeout '2'
50
+	option interval '5'
51
+	option down '3'
52
+	option up '8'
53
+
54
+config interface 'wan3_v6'
55
+	option family 'ipv6'
56
+	option enabled '1'
57
+	list track_ip '2001:7b8:3::2'
58
+	option reliability '1'
59
+	option count '1'
60
+	option timeout '2'
61
+	option interval '5'
62
+	option down '3'
63
+	option up '8'
64
+
65
+config member 'wan1_m1_w1'
66
+	option interface 'wan1'
38 67
 	option metric '1'
39
-	option weight '2'
68
+	option weight '1'
40 69
 
41
-config member 'wan2_m2_w2'
70
+config member 'wan2_m1_w1'
42 71
 	option interface 'wan2'
43
-	option metric '2'
44
-	option weight '2'
72
+	option metric '1'
73
+	option weight '1'
74
+
75
+config member 'wan3_m1_w1'
76
+	option interface 'wan3'
77
+	option metric '1'
78
+	option weight '1'
79
+
80
+config member 'wan1_v6_m1_w1'
81
+	option interface 'wan1_v6'
82
+	option metric '1'
83
+	option weight '1'
84
+
85
+config member 'wan2_v6_m1_w1'
86
+	option interface 'wan2_v6'
87
+	option metric '1'
88
+	option weight '1'
89
+
90
+config member 'wan3_v6_m1_w1'
91
+	option interface 'wan3_v6'
92
+	option metric '1'
93
+	option weight '1'
45 94
 
46
-config policy 'wan_only'
47
-	list use_member 'wan_m1_w3'
95
+config policy 'wan1_only'
96
+	list use_member 'wan1_m1_w1'
48 97
 
49 98
 config policy 'wan2_only'
50
-	list use_member 'wan2_m1_w2'
99
+	list use_member 'wan2_m1_w1'
100
+
101
+config policy 'wan3_only'
102
+	list use_member 'wan3_m1_w1'
103
+
104
+config policy 'wan1_v6_only'
105
+	list use_member 'wan1_v6_m1_w1'
106
+
107
+config policy 'wan2_v6_only'
108
+	list use_member 'wan2_v6_m1_w1'
109
+
110
+config policy 'wan3_v6_only'
111
+	list use_member 'wan3_v6_m1_w1'
51 112
 
52 113
 config policy 'balanced'
53
-	list use_member 'wan_m1_w3'
54
-	list use_member 'wan2_m1_w2'
114
+	list use_member 'wan1_m1_w1'
115
+	list use_member 'wan2_m1_w1'
116
+	list use_member 'wan3_m1_w1'
117
+	list use_member 'wan1_v6_m1_w1'
118
+	list use_member 'wan2_v6_m1_w1'
119
+	list use_member 'wan3_v6_m1_w1'
55 120
 
56
-config policy 'wan_wan2'
57
-	list use_member 'wan_m1_w3'
58
-	list use_member 'wan2_m2_w2'
121
+config rule 'https'
122
+	option src_ip '2001:3::/64'
123
+	option dest_port '443'
124
+	option proto 'tcp'
125
+	option use_policy 'balanced'
59 126
 
60
-config policy 'wan2_wan'
61
-	list use_member 'wan_m2_w3'
62
-	list use_member 'wan2_m1_w2'
127
+config rule 'https2'
128
+	option dest_port '19443'
129
+	option proto 'tcp'
130
+	option use_policy 'balanced'
131
+	option sticky '1'
63 132
 
64
-config rule 'youtube'
133
+config rule 'igs'
134
+	option proto 'icmp'
135
+	option family 'ipv4'
65 136
 	option sticky '1'
66
-	option ipset 'youtube'
67
-	option dest_port '80,443'
68
-	option proto 'tcp'
137
+	option ipset 'google'
69 138
 	option use_policy 'balanced'
70 139
 
71
-config rule 'https'
140
+config rule 'i6gs'
141
+	option proto 'icmpv6'
142
+	option family 'ipv6'
72 143
 	option sticky '1'
73
-	option dest_port '443'
74
-	option proto 'tcp'
144
+	option ipset 'google'
75 145
 	option use_policy 'balanced'
76 146
 
77 147
 config rule 'default_rule'
78
-	option dest_ip '0.0.0.0/0'
79 148
 	option use_policy 'balanced'
80 149
 

+ 33
- 428
net/mwan3/files/etc/hotplug.d/iface/15-mwan3 Целия файл

@@ -1,444 +1,49 @@
1 1
 #!/bin/sh
2 2
 
3
-local IP IPS IPT LOG
3
+[ "$ACTION" == "ifup" -o "$ACTION" == "ifdown" ] || exit 1
4
+[ -n "$INTERFACE" ] || exit 2
4 5
 
5
-[ -n "$ACTION" ] || exit 0
6
-[ -n "$INTERFACE" ] || exit 0
7
-
8
-if [ $ACTION == "ifup" ]; then
9
-        [ -n "$DEVICE" ] || exit 0
10
-fi
11
-
12
-if [ -x /usr/sbin/ip ]; then
13
-        IP="/usr/sbin/ip -4"
14
-elif [ -x /usr/bin/ip ]; then
15
-        IP="/usr/bin/ip -4"
16
-else
17
-        exit 1
18
-fi
19
-
20
-if [ -x /usr/sbin/ipset ]; then
21
-        IPS="/usr/sbin/ipset"
22
-else
23
-        exit 1
24
-fi
25
-
26
-if [ -x /usr/sbin/iptables ]; then
27
-        IPT="/usr/sbin/iptables -t mangle -w"
28
-else
29
-        exit 1
6
+if [ "$ACTION" == "ifup" ]; then
7
+        [ -n "$DEVICE" ] || exit 3
30 8
 fi
31 9
 
32
-if [ -x /usr/bin/logger ]; then
33
-        LOG="/usr/bin/logger -t mwan3 -p"
34
-else
35
-        exit 1
36
-fi
37
-
38
-
39
-mwan3_get_iface_id()
40
-{
41
-	let iface_count++
42
-	[ "$1" == "$INTERFACE" ] && iface_id=$iface_count
43
-}
44
-
45
-mwan3_set_general_iptables()
46
-{
47
-	if ! $IPT -S mwan3_ifaces &> /dev/null; then
48
-		$IPT -N mwan3_ifaces
49
-	fi
50
-
51
-	if ! $IPT -S mwan3_connected &> /dev/null; then
52
-		$IPT -N mwan3_connected
53
-		$IPS create mwan3_connected hash:net
54
-		$IPT -A mwan3_connected -m set --match-set mwan3_connected dst -j MARK --set-xmark 0xff00/0xff00
55
-	fi
56
-
57
-	if ! $IPT -S mwan3_track &> /dev/null; then
58
-		$IPT -N mwan3_track
59
-	fi
60
-
61
-	if ! $IPT -S mwan3_rules &> /dev/null; then
62
-		$IPT -N mwan3_rules
63
-	fi
64
-
65
-	if ! $IPT -S mwan3_hook &> /dev/null; then
66
-		$IPT -N mwan3_hook
67
-		$IPT -A mwan3_hook -j CONNMARK --restore-mark --nfmask 0xff00 --ctmask 0xff00
68
-		$IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_ifaces
69
-		$IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_connected
70
-		$IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_track
71
-		$IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_rules
72
-		$IPT -A mwan3_hook -j CONNMARK --save-mark --nfmask 0xff00 --ctmask 0xff00
73
-		$IPT -A mwan3_hook -m mark ! --mark 0xff00/0xff00 -j mwan3_connected
74
-	fi
75
-
76
-	if ! $IPT -S PREROUTING | grep mwan3_hook &> /dev/null; then
77
-		$IPT -A PREROUTING -j mwan3_hook
78
-	fi
79
-
80
-	if ! $IPT -S OUTPUT | grep mwan3_hook &> /dev/null; then
81
-		$IPT -A OUTPUT -j mwan3_hook
82
-	fi
83
-
84
-	$IPT -F mwan3_rules
85
-}
86
-
87
-mwan3_set_general_rules()
88
-{
89
-	if [ -z "$($IP rule list | awk '$1 == "2253:"')" ]; then
90
-		$IP rule add pref 2253 fwmark 0xfd00/0xff00 blackhole
91
-	fi
92
-
93
-	if [ -z "$($IP rule list | awk '$1 == "2254:"')" ]; then
94
-		$IP rule add pref 2254 fwmark 0xfe00/0xff00 unreachable
95
-	fi
96
-}
97
-
98
-mwan3_set_connected_iptables()
99
-{
100
-	local connected_network
101
-
102
-	if $IPT -S mwan3_connected &> /dev/null; then
103
-
104
-		$IPS create mwan3_connected_temp hash:net
105
-
106
-		for connected_network in $($IP route | awk '{print $1}' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do
107
-			$IPS -! add mwan3_connected_temp $connected_network
108
-		done
109
-
110
-		for connected_network in $($IP route list table 0 | awk '{print $2}' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do
111
-			$IPS -! add mwan3_connected_temp $connected_network
112
-		done
113
-
114
-		$IPS add mwan3_connected_temp 224.0.0.0/3
115
-		$IPS swap mwan3_connected_temp mwan3_connected
116
-		$IPS destroy mwan3_connected_temp
117
-
118
-	fi
119
-}
120
-
121
-mwan3_set_iface_iptables()
122
-{
123
-	if ! $IPT -S mwan3_iface_$INTERFACE &> /dev/null; then
124
-		$IPT -N mwan3_iface_$INTERFACE
125
-	fi
126
-
127
-	$IPT -F mwan3_iface_$INTERFACE
128
-	$IPT -D mwan3_ifaces -m mark --mark 0x0/0xff00 -j mwan3_iface_$INTERFACE &> /dev/null
129
-
130
-	if [ $ACTION == "ifup" ]; then
131
-		$IPT -I mwan3_iface_$INTERFACE -i $DEVICE -m set --match-set mwan3_connected src -m mark --mark 0x0/0xff00 -m comment --comment "default" -j MARK --set-xmark 0xff00/0xff00
132
-		$IPT -A mwan3_iface_$INTERFACE -i $DEVICE -m mark --mark 0x0/0xff00 -m comment --comment "$INTERFACE" -j MARK --set-xmark $(($iface_id*256))/0xff00
133
-		$IPT -A mwan3_ifaces -m mark --mark 0x0/0xff00 -j mwan3_iface_$INTERFACE
134
-	fi
135
-
136
-	if [ $ACTION == "ifdown" ]; then
137
-		$IPT -X mwan3_iface_$INTERFACE
138
-	fi
139
-}
140
-
141
-mwan3_set_iface_route()
142
-{
143
-	$IP route flush table $iface_id
144
-	[ $ACTION == "ifup" ] && $IP route add table $iface_id default $route_args
145
-}
146
-
147
-mwan3_set_iface_rules()
148
-{
149
-	while [ -n "$($IP rule list | awk '$1 == "'$(($iface_id+1000)):'"')" ]; do
150
-		$IP rule del pref $(($iface_id+1000))
151
-	done
152
-
153
-	while [ -n "$($IP rule list | awk '$1 == "'$(($iface_id+2000)):'"')" ]; do
154
-		$IP rule del pref $(($iface_id+2000))
155
-	done
156
-
157
-	[ $ACTION == "ifup" ] && $IP rule add pref $(($iface_id+1000)) iif $DEVICE lookup main
158
-	[ $ACTION == "ifup" ] && $IP rule add pref $(($iface_id+2000)) fwmark $(($iface_id*256))/0xff00 lookup $iface_id
159
-}
160
-
161
-mwan3_set_iface_ipset()
162
-{
163
-	local setname entry
164
-
165
-	for setname in $(ipset -n list | grep ^mwan3_sticky_); do
166
-		for entry in $(ipset list $setname | grep "$(echo $(($iface_id*256)) | awk '{ printf "0x%08x", $1; }')" | cut -d ' ' -f 1); do
167
-			$IPS del $setname $entry
168
-		done
169
-	done
170
-}
171
-
172
-mwan3_track()
173
-{
174
-	local track_ip track_ips reliability count timeout interval down up
175
-
176
-	mwan3_list_track_ips()
177
-	{
178
-		track_ips="$1 $track_ips"
179
-	}
180
-	config_list_foreach $INTERFACE track_ip mwan3_list_track_ips
181
-
182
-	if [ -e /var/run/mwan3track-$INTERFACE.pid ] ; then
183
-		kill $(cat /var/run/mwan3track-$INTERFACE.pid) &> /dev/null
184
-		rm /var/run/mwan3track-$INTERFACE.pid &> /dev/null
185
-	fi
186
-
187
-	if [ -n "$track_ips" ]; then
188
-		config_get reliability $INTERFACE reliability 1
189
-		config_get count $INTERFACE count 1
190
-		config_get timeout $INTERFACE timeout 4
191
-		config_get interval $INTERFACE interval 10
192
-		config_get down $INTERFACE down 5
193
-		config_get up $INTERFACE up 5
194
-
195
-		$IPS -! create mwan3_track_$INTERFACE hash:ip
196
-		$IPS create mwan3_track_temp_$INTERFACE hash:ip
197
-
198
-		for track_ip in $track_ips; do
199
-			$IPS -! add mwan3_track_temp_$INTERFACE $track_ip
200
-		done
201
-
202
-		$IPS swap mwan3_track_temp_$INTERFACE mwan3_track_$INTERFACE
203
-		$IPS destroy mwan3_track_temp_$INTERFACE
204
-
205
-		$IPT -D mwan3_track -p icmp -m set --match-set mwan3_track_$INTERFACE dst -m icmp --icmp-type 8 -m length --length 32 -j MARK --set-xmark 0xff00/0xff00 &> /dev/null
206
-		$IPT -A mwan3_track -p icmp -m set --match-set mwan3_track_$INTERFACE dst -m icmp --icmp-type 8 -m length --length 32 -j MARK --set-xmark 0xff00/0xff00
207
-
208
-		[ -x /usr/sbin/mwan3track ] && /usr/sbin/mwan3track $INTERFACE $DEVICE $reliability $count $timeout $interval $down $up $track_ips &
209
-	else
210
-		$IPT -D mwan3_track -p icmp -m set --match-set mwan3_track_$INTERFACE dst -m icmp --icmp-type 8 -m length --length 32 -j MARK --set-xmark 0xff00/0xff00 &> /dev/null
211
-		$IPS destroy mwan3_track_$INTERFACE
212
-	fi
213
-}
214
-
215
-mwan3_set_policy()
216
-{
217
-	local iface_count iface_id INTERFACE metric probability weight
218
-
219
-	config_get INTERFACE $1 interface
220
-	config_get metric $1 metric 1
221
-	config_get weight $1 weight 1
222
-
223
-	[ -n "$INTERFACE" ] || return 0
10
+[ -x /usr/bin/ip ] || exit 4
11
+[ -x /usr/sbin/ipset ] || exit 5
12
+[ -x /usr/sbin/iptables ] || exit 6
13
+[ -x /usr/sbin/ip6tables ] || exit 7
14
+[ -x /usr/bin/logger ] || exit 8
224 15
 
225
-	config_foreach mwan3_get_iface_id interface
16
+. /lib/functions.sh
17
+. /lib/functions/network.sh
18
+. /lib/mwan3/mwan3.sh
226 19
 
227
-	[ -n "$iface_id" ] || return 0
20
+config_load mwan3
228 21
 
229
-	if $IPT -S mwan3_iface_$INTERFACE &> /dev/null; then
230
-		if [ "$metric" -lt "$lowest_metric" ]; then
22
+config_get enabled $INTERFACE enabled 0
23
+[ "$enabled" == "1" ] || exit 0
231 24
 
232
-			total_weight=$weight
233
-			$IPT -F mwan3_policy_$policy
234
-			$IPT -A mwan3_policy_$policy -m mark --mark 0x0/0xff00 -m comment --comment "$INTERFACE $weight $weight" -j MARK --set-xmark $(($iface_id*256))/0xff00
25
+$LOG notice "$ACTION interface $INTERFACE (${DEVICE:-unknown})"
235 26
 
236
-			lowest_metric=$metric
237
-
238
-		elif [ "$metric" -eq "$lowest_metric" ]; then
239
-
240
-			total_weight=$(($total_weight+$weight))
241
-			probability=$(($weight*1000/$total_weight))
242
-
243
-			if [ "$probability" -lt 10 ]; then
244
-				probability="0.00$probability"
245
-			elif [ $probability -lt 100 ]; then
246
-				probability="0.0$probability"
247
-			elif [ $probability -lt 1000 ]; then
248
-				probability="0.$probability"
249
-			else
250
-				probability="1"
251
-			fi
252
-
253
-			probability="-m statistic --mode random --probability $probability"
254
-
255
-			$IPT -I mwan3_policy_$policy -m mark --mark 0x0/0xff00 $probability -m comment --comment "$INTERFACE $weight $total_weight" -j MARK --set-xmark $(($iface_id*256))/0xff00
256
-		fi
257
-	fi
258
-}
259
-
260
-mwan3_set_policies_iptables()
261
-{
262
-	local last_resort lowest_metric policy total_weight
263
-
264
-	policy=$1
265
-
266
-	config_get last_resort $1 last_resort unreachable
267
-
268
-	if [ "$policy" != $(echo "$policy" | cut -c1-15) ]; then
269
-		$LOG warn "Policy $policy exceeds max of 15 chars. Not setting policy" && return 0
270
-	fi
271
-
272
-	if ! $IPT -S mwan3_policy_$policy &> /dev/null; then
273
-		$IPT -N mwan3_policy_$policy
274
-	fi
275
-
276
-	$IPT -F mwan3_policy_$policy
277
-
278
-	case "$last_resort" in
279
-		blackhole)
280
-			$IPT -A mwan3_policy_$policy -m mark --mark 0x0/0xff00 -m comment --comment "blackhole" -j MARK --set-xmark 0xfd00/0xff00
281
-		;;
282
-		default)
283
-			$IPT -A mwan3_policy_$policy -m mark --mark 0x0/0xff00 -m comment --comment "default" -j MARK --set-xmark 0xff00/0xff00
284
-		;;
285
-		*)
286
-			$IPT -A mwan3_policy_$policy -m mark --mark 0x0/0xff00 -m comment --comment "unreachable" -j MARK --set-xmark 0xfe00/0xff00
287
-		;;
288
-	esac
289
-
290
-	lowest_metric=256
291
-	total_weight=0
292
-
293
-	config_list_foreach $policy use_member mwan3_set_policy
294
-}
295
-
296
-mwan3_set_sticky_iptables()
297
-{
298
-	local INTERFACE iface_count iface_id
299
-
300
-	INTERFACE="$1"
301
-
302
-	config_foreach mwan3_get_iface_id interface
303
-	unset iface_count
304
-
305
-	$IPS -! create mwan3_sticky_$rule hash:ip,mark markmask 0xff00 timeout $timeout
306
-
307
-	if [ -n "$iface_id" ]; then
308
-		if [ -n "$($IPT -S mwan3_iface_$1 2> /dev/null)" ]; then
309
-			$IPT -I mwan3_rule_$rule -m set ! --match-set mwan3_sticky_$rule src,src -j MARK --set-xmark 0x0/0xff00
310
-			$IPT -I mwan3_rule_$rule -m mark --mark 0/0xff00 -j MARK --set-xmark $(($iface_id*256))/0xff00
311
-		fi
312
-	fi
313
-
314
-	unset iface_id
315
-}
316
-
317
-mwan3_set_user_rules_iptables()
318
-{
319
-	local ipset proto src_ip src_port sticky dest_ip dest_port use_policy rule timeout
320
-
321
-	config_get sticky $1 sticky 0
322
-	config_get timeout $1 timeout 600
323
-	config_get ipset $1 ipset
324
-	config_get proto $1 proto all
325
-	config_get src_ip $1 src_ip 0.0.0.0/0
326
-	config_get src_port $1 src_port 0:65535
327
-	config_get dest_ip $1 dest_ip 0.0.0.0/0
328
-	config_get dest_port $1 dest_port 0:65535
329
-	config_get use_policy $1 use_policy
330
-
331
-	rule="$1"
332
-
333
-	if [ "$rule" != $(echo "$rule" | cut -c1-15) ]; then
334
-		$LOG warn "Rule $rule exceeds max of 15 chars. Not setting rule" && return 0
335
-	fi
336
-
337
-	if [ -n "$ipset" ]; then
338
-		if [ -z "$($IPS -n list $ipset)" ]; then
339
-			$IPS create $ipset hash:ip timeout 3600
340
-		fi
341
-
342
-		ipset="-m set --match-set $ipset dst"
343
-	fi
344
-
345
-	if [ -n "$use_policy" ]; then
346
-		if [ "$use_policy" == "default" ]; then
347
-			use_policy="MARK --set-xmark 0xff00/0xff00"
348
-		elif [ "$use_policy" == "unreachable" ]; then
349
-			use_policy="MARK --set-xmark 0xfe00/0xff00"
350
-		elif [ "$use_policy" == "blackhole" ]; then
351
-			use_policy="MARK --set-xmark 0xfd00/0xff00"
352
-		else
353
-			if [ "$sticky" -eq 1 ]; then
354
-
355
-				if ! $IPT -S mwan3_rule_$rule &> /dev/null; then
356
-					$IPT -N mwan3_rule_$rule
357
-				fi
358
-
359
-				$IPT -F mwan3_rule_$rule
360
-
361
-				config_foreach mwan3_set_sticky_iptables interface
362
-
363
-				$IPT -A mwan3_rule_$rule -m mark --mark 0/0xff00 -j mwan3_policy_$use_policy
364
-				$IPT -A mwan3_rule_$rule -m mark ! --mark 0xfc00/0xfc00 -j SET --del-set mwan3_sticky_$rule src,src
365
-				$IPT -A mwan3_rule_$rule -m mark ! --mark 0xfc00/0xfc00 -j SET --add-set mwan3_sticky_$rule src,src
366
-
367
-				use_policy="mwan3_rule_$rule"
368
-			else
369
-				use_policy="mwan3_policy_$use_policy"
370
-			fi
371
-		fi
372
-
373
-		case $proto in
374
-			tcp|udp)
375
-			$IPT -A mwan3_rules -p $proto -s $src_ip -d $dest_ip $ipset -m multiport --sports $src_port -m multiport --dports $dest_port -m mark --mark 0/0xff00 -m comment --comment "$1" -j $use_policy &> /dev/null
376
-			;;
377
-			*)
378
-			$IPT -A mwan3_rules -p $proto -s $src_ip -d $dest_ip $ipset -m mark --mark 0/0xff00 -m comment --comment "$1" -j $use_policy &> /dev/null
379
-			;;
380
-		esac
381
-	fi
382
-}
383
-
384
-mwan3_ifupdown()
385
-{
386
-	local counter enabled iface_count iface_id route_args wan_metric
387
-
388
-	config_load mwan3
389
-	config_foreach mwan3_get_iface_id interface
390
-
391
-	[ -n "$iface_id" ] || return 0
392
-	[ "$iface_count" -le 250 ] || return 0
393
-	unset iface_count
394
-
395
-	config_get enabled $INTERFACE enabled 0
396
-
397
-	counter=0
398
-
399
-	if [ $ACTION == "ifup" ]; then
400
-		[ "$enabled" -eq 1 ] || return 0
401
-
402
-		while [ -z "$($IP route list dev $DEVICE default | head -1)" -a "$counter" -lt 10 ]; do
403
-			sleep 1
404
-			let counter++
405
-			if [ "$counter" -ge 10 ]; then
406
-				$LOG warn "Could not find gateway for interface $INTERFACE ($DEVICE)" && return 0
407
-			fi
408
-		done
409
-
410
-		route_args=$($IP route list dev $DEVICE default | head -1 | sed '/.*via \([^ ]*\) .*$/!d;s//via \1/;q' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}')
411
-		route_args="$route_args dev $DEVICE"
412
-	fi
413
-
414
-	while [ "$(pgrep -f -o hotplug-call)" -ne $$ -a "$counter" -lt 60 ]; do
415
-		sleep 1
416
-		let counter++
417
-		if [ "$counter" -ge 60 ]; then
418
-			$LOG warn "Timeout waiting for older hotplug processes to finish. $ACTION interface $INTERFACE (${DEVICE:-unknown}) aborted" && return 0
419
-		fi
420
-	done
421
-
422
-	$LOG notice "$ACTION interface $INTERFACE (${DEVICE:-unknown})"
423
-
424
-	mwan3_set_general_iptables
425
-	mwan3_set_general_rules
426
-	mwan3_set_iface_iptables
427
-	mwan3_set_iface_route
428
-	mwan3_set_iface_rules
429
-
430
-	[ $ACTION == "ifdown" ] && mwan3_set_iface_ipset
431
-	[ $ACTION == "ifup" ] && mwan3_track
432
-
433
-	config_foreach mwan3_set_policies_iptables policy
434
-	config_foreach mwan3_set_user_rules_iptables rule
435
-}
27
+mwan3_set_connected_iptables
436 28
 
437 29
 case "$ACTION" in
438
-	ifup|ifdown)
439
-		mwan3_ifupdown
440
-		mwan3_set_connected_iptables
30
+	ifup)
31
+		mwan3_set_general_rules
32
+		mwan3_set_general_iptables
33
+		mwan3_create_iface_rules $INTERFACE $DEVICE
34
+		mwan3_create_iface_iptables $INTERFACE $DEVICE
35
+		mwan3_create_iface_route $INTERFACE $DEVICE
36
+		mwan3_track $INTERFACE $DEVICE
37
+		mwan3_set_user_rules
38
+	;;
39
+	ifdown)
40
+		mwan3_delete_iface_rules $INTERFACE
41
+		mwan3_delete_iface_iptables $INTERFACE
42
+		mwan3_delete_iface_route $INTERFACE
43
+		mwan3_delete_iface_ipset_entries $INTERFACE
441 44
 	;;
442 45
 esac
443 46
 
47
+config_foreach mwan3_create_policies_iptables policy
48
+
444 49
 exit 0

+ 803
- 0
net/mwan3/files/lib/mwan3/mwan3.sh Целия файл

@@ -0,0 +1,803 @@
1
+#!/bin/sh
2
+
3
+local IP4 IP6 IPS IPT4 IPT6 LOG
4
+
5
+IP4="/usr/bin/ip -4"
6
+IP6="/usr/bin/ip -6"
7
+IPS="/usr/sbin/ipset"
8
+IPT4="/usr/sbin/iptables -t mangle -w"
9
+IPT6="/usr/sbin/ip6tables -t mangle -w"
10
+LOG="/usr/bin/logger -t mwan3 -p"
11
+
12
+mwan3_get_iface_id()
13
+{
14
+	local _tmp _iface _iface_count
15
+
16
+	_iface="$2"
17
+
18
+	mwan3_get_id()
19
+	{
20
+		let _iface_count++
21
+		[ "$1" == "$_iface" ] && _tmp=$_iface_count
22
+	}
23
+	config_foreach mwan3_get_id interface
24
+	export "$1=$_tmp"
25
+}
26
+
27
+mwan3_set_connected_iptables()
28
+{
29
+	local connected_network_v4 connected_network_v6
30
+
31
+	$IPS -! create mwan3_connected_v4 hash:net
32
+	$IPS create mwan3_connected_v4_temp hash:net
33
+
34
+	for connected_network_v4 in $($IP4 route | awk '{print $1}' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do
35
+		$IPS -! add mwan3_connected_v4_temp $connected_network_v4
36
+	done
37
+
38
+	for connected_network_v4 in $($IP4 route list table 0 | awk '{print $2}' | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do
39
+		$IPS -! add mwan3_connected_v4_temp $connected_network_v4
40
+	done
41
+
42
+	$IPS add mwan3_connected_v4_temp 224.0.0.0/3
43
+
44
+	$IPS swap mwan3_connected_v4_temp mwan3_connected_v4
45
+	$IPS destroy mwan3_connected_v4_temp
46
+
47
+	$IPS -! create mwan3_connected_v6 hash:net family inet6
48
+	$IPS create mwan3_connected_v6_temp hash:net family inet6
49
+
50
+	for connected_network_v6 in $($IP6 route | awk '{print $1}' | egrep '([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])'); do
51
+		$IPS -! add mwan3_connected_v6_temp $connected_network_v6
52
+	done
53
+
54
+	$IPS swap mwan3_connected_v6_temp mwan3_connected_v6
55
+	$IPS destroy mwan3_connected_v6_temp
56
+
57
+	$IPS -! create mwan3_connected list:set
58
+	$IPS -! add mwan3_connected mwan3_connected_v4
59
+	$IPS -! add mwan3_connected mwan3_connected_v6
60
+}
61
+
62
+mwan3_set_general_rules()
63
+{
64
+	local IP
65
+
66
+	for IP in "$IP4" "$IP6"; do
67
+
68
+		if [ -z "$($IP rule list | awk '$1 == "2253:"')" ]; then
69
+			$IP rule add pref 2253 fwmark 0xfd00/0xff00 blackhole
70
+		fi
71
+
72
+		if [ -z "$($IP rule list | awk '$1 == "2254:"')" ]; then
73
+			$IP rule add pref 2254 fwmark 0xfe00/0xff00 unreachable
74
+		fi
75
+	done
76
+}
77
+
78
+mwan3_set_general_iptables()
79
+{
80
+	local IPT
81
+
82
+	for IPT in "$IPT4" "$IPT6"; do
83
+
84
+		if ! $IPT -S mwan3_ifaces_in &> /dev/null; then
85
+			$IPT -N mwan3_ifaces_in
86
+		fi
87
+
88
+		if ! $IPT -S mwan3_ifaces_out &> /dev/null; then
89
+			$IPT -N mwan3_ifaces_out
90
+		fi
91
+
92
+		if ! $IPT -S mwan3_connected &> /dev/null; then
93
+			$IPT -N mwan3_connected
94
+			$IPS -! create mwan3_connected list:set
95
+			$IPT -A mwan3_connected -m set --match-set mwan3_connected dst -j MARK --set-xmark 0xff00/0xff00
96
+		fi
97
+
98
+		if ! $IPT -S mwan3_rules &> /dev/null; then
99
+			$IPT -N mwan3_rules
100
+		fi
101
+
102
+		if ! $IPT -S mwan3_hook &> /dev/null; then
103
+			$IPT -N mwan3_hook
104
+			$IPT -A mwan3_hook -j CONNMARK --restore-mark --nfmask 0xff00 --ctmask 0xff00
105
+			$IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_ifaces_in
106
+			$IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_ifaces_out
107
+			$IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_connected
108
+			$IPT -A mwan3_hook -m mark --mark 0x0/0xff00 -j mwan3_rules
109
+			$IPT -A mwan3_hook -j CONNMARK --save-mark --nfmask 0xff00 --ctmask 0xff00
110
+			$IPT -A mwan3_hook -m mark ! --mark 0xff00/0xff00 -j mwan3_connected
111
+		fi
112
+
113
+		if ! $IPT -S PREROUTING | grep mwan3_hook &> /dev/null; then
114
+			$IPT -A PREROUTING -j mwan3_hook
115
+		fi
116
+
117
+		if ! $IPT -S OUTPUT | grep mwan3_hook &> /dev/null; then
118
+			$IPT -A OUTPUT -j mwan3_hook
119
+		fi
120
+	done
121
+}
122
+
123
+mwan3_create_iface_iptables()
124
+{
125
+	local id family src_ip src_ipv6
126
+
127
+	config_get family $1 family ipv4
128
+	mwan3_get_iface_id id $1
129
+
130
+	[ -n "$id" ] || return 0
131
+
132
+	if [ "$family" == "ipv4" ]; then
133
+
134
+		network_get_ipaddr src_ip $1
135
+
136
+		$IPS -! create mwan3_connected list:set
137
+
138
+		if ! $IPT4 -S mwan3_ifaces_in &> /dev/null; then
139
+			$IPT4 -N mwan3_ifaces_in
140
+		fi
141
+
142
+		if ! $IPT4 -S mwan3_ifaces_out &> /dev/null; then
143
+			$IPT4 -N mwan3_ifaces_out
144
+		fi
145
+
146
+		if ! $IPT4 -S mwan3_iface_in_$1 &> /dev/null; then
147
+			$IPT4 -N mwan3_iface_in_$1
148
+		fi
149
+
150
+		if ! $IPT4 -S mwan3_iface_out_$1 &> /dev/null; then
151
+			$IPT4 -N mwan3_iface_out_$1
152
+		fi
153
+
154
+		$IPT4 -F mwan3_iface_in_$1
155
+		$IPT4 -A mwan3_iface_in_$1 -i $2 -m set --match-set mwan3_connected src -m mark --mark 0x0/0xff00 -m comment --comment "default" -j MARK --set-xmark 0xff00/0xff00
156
+		$IPT4 -A mwan3_iface_in_$1 -i $2 -m mark --mark 0x0/0xff00 -m comment --comment "$1" -j MARK --set-xmark $(($id*256))/0xff00
157
+
158
+		$IPT4 -D mwan3_ifaces_in -m mark --mark 0x0/0xff00 -j mwan3_iface_in_$1 &> /dev/null
159
+		$IPT4 -A mwan3_ifaces_in -m mark --mark 0x0/0xff00 -j mwan3_iface_in_$1
160
+
161
+		$IPT4 -F mwan3_iface_out_$1
162
+		$IPT4 -A mwan3_iface_out_$1 -s $src_ip -m mark --mark 0x0/0xff00 -m comment --comment "$1" -j MARK --set-xmark $(($id*256))/0xff00
163
+
164
+		$IPT4 -D mwan3_ifaces_out -m mark --mark 0x0/0xff00 -j mwan3_iface_out_$1 &> /dev/null
165
+		$IPT4 -A mwan3_ifaces_out -m mark --mark 0x0/0xff00 -j mwan3_iface_out_$1
166
+	fi
167
+
168
+	if [ "$family" == "ipv6" ]; then
169
+
170
+		network_get_ipaddr6 src_ipv6 $1
171
+
172
+		$IPS -! create mwan3_connected_v6 hash:net family inet6
173
+
174
+		if ! $IPT6 -S mwan3_ifaces_in &> /dev/null; then
175
+			$IPT6 -N mwan3_ifaces_in
176
+		fi
177
+
178
+		if ! $IPT6 -S mwan3_ifaces_out &> /dev/null; then
179
+			$IPT6 -N mwan3_ifaces_out
180
+		fi
181
+
182
+		if ! $IPT6 -S mwan3_iface_in_$1 &> /dev/null; then
183
+			$IPT6 -N mwan3_iface_in_$1
184
+		fi
185
+
186
+		if ! $IPT6 -S mwan3_iface_out_$1 &> /dev/null; then
187
+			$IPT6 -N mwan3_iface_out_$1
188
+		fi
189
+
190
+		$IPT6 -F mwan3_iface_in_$1
191
+		$IPT6 -A mwan3_iface_in_$1 -i $2 -m set --match-set mwan3_connected_v6 src -m mark --mark 0x0/0xff00 -m comment --comment "default" -j MARK --set-xmark 0xff00/0xff00
192
+		$IPT6 -A mwan3_iface_in_$1 -i $2 -m mark --mark 0x0/0xff00 -m comment --comment "$1" -j MARK --set-xmark $(($id*256))/0xff00
193
+
194
+		$IPT6 -D mwan3_ifaces_in -m mark --mark 0x0/0xff00 -j mwan3_iface_in_$1 &> /dev/null
195
+		$IPT6 -A mwan3_ifaces_in -m mark --mark 0x0/0xff00 -j mwan3_iface_in_$1
196
+
197
+		$IPT6 -F mwan3_iface_out_$1
198
+		$IPT6 -A mwan3_iface_out_$1 -s $src_ipv6 -m mark --mark 0x0/0xff00 -m comment --comment "$1" -j MARK --set-xmark $(($id*256))/0xff00
199
+
200
+		$IPT6 -D mwan3_ifaces_out -m mark --mark 0x0/0xff00 -j mwan3_iface_out_$1 &> /dev/null
201
+		$IPT6 -A mwan3_ifaces_out -m mark --mark 0x0/0xff00 -j mwan3_iface_out_$1
202
+	fi
203
+}
204
+
205
+mwan3_delete_iface_iptables()
206
+{
207
+	config_get family $1 family ipv4
208
+
209
+	if [ "$family" == "ipv4" ]; then
210
+
211
+		$IPT4 -D mwan3_ifaces_in -m mark --mark 0x0/0xff00 -j mwan3_iface_in_$1 &> /dev/null
212
+		$IPT4 -F mwan3_iface_in_$1 &> /dev/null
213
+		$IPT4 -X mwan3_iface_in_$1 &> /dev/null
214
+
215
+		$IPT4 -D mwan3_ifaces_out -m mark --mark 0x0/0xff00 -j mwan3_iface_out_$1 &> /dev/null
216
+		$IPT4 -F mwan3_iface_out_$1 &> /dev/null
217
+		$IPT4 -X mwan3_iface_out_$1 &> /dev/null
218
+	fi
219
+
220
+	if [ "$family" == "ipv6" ]; then
221
+
222
+		$IPT6 -D mwan3_ifaces_in -m mark --mark 0x0/0xff00 -j mwan3_iface_in_$1 &> /dev/null
223
+		$IPT6 -F mwan3_iface_in_$1 &> /dev/null
224
+		$IPT6 -X mwan3_iface_in_$1 &> /dev/null
225
+
226
+		$IPT6 -D mwan3_ifaces_out -m mark --mark 0x0/0xff00 -j mwan3_iface_out_$1 &> /dev/null
227
+		$IPT6 -F mwan3_iface_out_$1 &> /dev/null
228
+		$IPT6 -X mwan3_iface_out_$1 &> /dev/null
229
+	fi
230
+}
231
+
232
+mwan3_create_iface_route()
233
+{
234
+	local id route_args
235
+
236
+	config_get family $1 family ipv4
237
+	mwan3_get_iface_id id $1
238
+
239
+	[ -n "$id" ] || return 0
240
+
241
+	if [ "$family" == "ipv4" ]; then
242
+
243
+		network_get_gateway route_args $1
244
+		route_args="via $route_args dev $2"
245
+
246
+		$IP4 route flush table $id
247
+		$IP4 route add table $id default $route_args
248
+	fi
249
+
250
+	if [ "$family" == "ipv6" ]; then
251
+
252
+		network_get_gateway6 route_args $1
253
+		route_args="via $route_args dev $2"
254
+
255
+		$IP6 route flush table $id
256
+		$IP6 route add table $id default $route_args
257
+	fi
258
+}
259
+
260
+mwan3_delete_iface_route()
261
+{
262
+	local id
263
+
264
+	config_get family $1 family ipv4
265
+	mwan3_get_iface_id id $1
266
+
267
+	[ -n "$id" ] || return 0
268
+
269
+	if [ "$family" == "ipv4" ]; then
270
+		$IP4 route flush table $id
271
+	fi
272
+
273
+	if [ "$family" == "ipv6" ]; then
274
+		$IP6 route flush table $id
275
+	fi
276
+}
277
+
278
+mwan3_create_iface_rules()
279
+{
280
+	local id family
281
+
282
+	config_get family $1 family ipv4
283
+	mwan3_get_iface_id id $1
284
+
285
+	[ -n "$id" ] || return 0
286
+
287
+	if [ "$family" == "ipv4" ]; then
288
+
289
+		while [ -n "$($IP4 rule list | awk '$1 == "'$(($id+1000)):'"')" ]; do
290
+			$IP4 rule del pref $(($id+1000))
291
+		done
292
+
293
+		while [ -n "$($IP4 rule list | awk '$1 == "'$(($id+2000)):'"')" ]; do
294
+			$IP4 rule del pref $(($id+2000))
295
+		done
296
+
297
+		$IP4 rule add pref $(($id+1000)) iif $2 lookup main
298
+		$IP4 rule add pref $(($id+2000)) fwmark $(($id*256))/0xff00 lookup $id
299
+	fi
300
+
301
+	if [ "$family" == "ipv6" ]; then
302
+
303
+		while [ -n "$($IP6 rule list | awk '$1 == "'$(($id+1000)):'"')" ]; do
304
+			$IP6 rule del pref $(($id+1000))
305
+		done
306
+
307
+		while [ -n "$($IP6 rule list | awk '$1 == "'$(($id+2000)):'"')" ]; do
308
+			$IP6 rule del pref $(($id+2000))
309
+		done
310
+
311
+		$IP6 rule add pref $(($id+1000)) iif $2 lookup main
312
+		$IP6 rule add pref $(($id+2000)) fwmark $(($id*256))/0xff00 lookup $id
313
+	fi
314
+}
315
+
316
+mwan3_delete_iface_rules()
317
+{
318
+	local id family
319
+
320
+	config_get family $1 family ipv4
321
+	mwan3_get_iface_id id $1
322
+
323
+	[ -n "$id" ] || return 0
324
+
325
+	if [ "$family" == "ipv4" ]; then
326
+
327
+		while [ -n "$($IP4 rule list | awk '$1 == "'$(($id+1000)):'"')" ]; do
328
+			$IP4 rule del pref $(($id+1000))
329
+		done
330
+
331
+		while [ -n "$($IP4 rule list | awk '$1 == "'$(($id+2000)):'"')" ]; do
332
+			$IP4 rule del pref $(($id+2000))
333
+		done
334
+	fi
335
+
336
+	if [ "$family" == "ipv6" ]; then
337
+
338
+		while [ -n "$($IP6 rule list | awk '$1 == "'$(($id+1000)):'"')" ]; do
339
+			$IP6 rule del pref $(($id+1000))
340
+		done
341
+
342
+		while [ -n "$($IP6 rule list | awk '$1 == "'$(($id+2000)):'"')" ]; do
343
+			$IP6 rule del pref $(($id+2000))
344
+		done
345
+	fi
346
+}
347
+
348
+mwan3_delete_iface_ipset_entries()
349
+{
350
+	local id setname entry
351
+
352
+	mwan3_get_iface_id id $1
353
+
354
+	[ -n "$id" ] || return 0
355
+
356
+	for setname in $(ipset -n list | grep ^mwan3_sticky_); do
357
+		for entry in $(ipset list $setname | grep "$(echo $(($id*256)) | awk '{ printf "0x%08x", $1; }')" | cut -d ' ' -f 1); do
358
+			$IPS del $setname $entry
359
+		done
360
+	done
361
+}
362
+
363
+mwan3_track()
364
+{
365
+	local track_ip track_ips reliability count timeout interval down up
366
+
367
+	mwan3_list_track_ips()
368
+	{
369
+		track_ips="$1 $track_ips"
370
+	}
371
+	config_list_foreach $1 track_ip mwan3_list_track_ips
372
+
373
+	if [ -e /var/run/mwan3track-$1.pid ] ; then
374
+		kill $(cat /var/run/mwan3track-$1.pid) &> /dev/null
375
+		rm /var/run/mwan3track-$1.pid &> /dev/null
376
+	fi
377
+
378
+	if [ -n "$track_ips" ]; then
379
+		config_get reliability $1 reliability 1
380
+		config_get count $1 count 1
381
+		config_get timeout $1 timeout 4
382
+		config_get interval $1 interval 10
383
+		config_get down $1 down 5
384
+		config_get up $1 up 5
385
+
386
+		[ -x /usr/sbin/mwan3track ] && /usr/sbin/mwan3track $1 $2 $reliability $count $timeout $interval $down $up $track_ips &
387
+	fi
388
+}
389
+
390
+mwan3_set_policy()
391
+{
392
+	local iface_count id iface family metric probability weight
393
+
394
+	config_get iface $1 interface
395
+	config_get metric $1 metric 1
396
+	config_get weight $1 weight 1
397
+
398
+	[ -n "$iface" ] || return 0
399
+
400
+	mwan3_get_iface_id id $iface
401
+
402
+	[ -n "$id" ] || return 0
403
+
404
+	config_get family $iface family ipv4
405
+
406
+	if [ "$family" == "ipv4" ]; then
407
+
408
+		if [ -n "$($IP4 route list table $id)" ]; then
409
+			if [ "$metric" -lt "$lowest_metric_v4" ]; then
410
+
411
+				total_weight_v4=$weight
412
+				$IPT4 -F mwan3_policy_$policy
413
+				$IPT4 -A mwan3_policy_$policy -m mark --mark 0x0/0xff00 -m comment --comment "$iface $weight $weight" -j MARK --set-xmark $(($id*256))/0xff00
414
+
415
+				lowest_metric_v4=$metric
416
+
417
+			elif [ "$metric" -eq "$lowest_metric_v4" ]; then
418
+
419
+				total_weight_v4=$(($total_weight_v4+$weight))
420
+				probability=$(($weight*1000/$total_weight_v4))
421
+
422
+				if [ "$probability" -lt 10 ]; then
423
+					probability="0.00$probability"
424
+				elif [ $probability -lt 100 ]; then
425
+					probability="0.0$probability"
426
+				elif [ $probability -lt 1000 ]; then
427
+					probability="0.$probability"
428
+				else
429
+					probability="1"
430
+				fi
431
+
432
+				probability="-m statistic --mode random --probability $probability"
433
+
434
+				$IPT4 -I mwan3_policy_$policy -m mark --mark 0x0/0xff00 $probability -m comment --comment "$iface $weight $total_weight_v4" -j MARK --set-xmark $(($id*256))/0xff00
435
+			fi
436
+		fi
437
+	fi
438
+
439
+	if [ "$family" == "ipv6" ]; then
440
+
441
+		if [ -n "$($IP6 route list table $id)" ]; then
442
+			if [ "$metric" -lt "$lowest_metric_v6" ]; then
443
+
444
+				total_weight_v6=$weight
445
+				$IPT6 -F mwan3_policy_$policy
446
+				$IPT6 -A mwan3_policy_$policy -m mark --mark 0x0/0xff00 -m comment --comment "$iface $weight $weight" -j MARK --set-xmark $(($id*256))/0xff00
447
+
448
+				lowest_metric_v6=$metric
449
+
450
+			elif [ "$metric" -eq "$lowest_metric_v6" ]; then
451
+
452
+				total_weight_v6=$(($total_weight_v6+$weight))
453
+				probability=$(($weight*1000/$total_weight_v6))
454
+
455
+				if [ "$probability" -lt 10 ]; then
456
+					probability="0.00$probability"
457
+				elif [ $probability -lt 100 ]; then
458
+					probability="0.0$probability"
459
+				elif [ $probability -lt 1000 ]; then
460
+					probability="0.$probability"
461
+				else
462
+					probability="1"
463
+				fi
464
+
465
+				probability="-m statistic --mode random --probability $probability"
466
+
467
+				$IPT6 -I mwan3_policy_$policy -m mark --mark 0x0/0xff00 $probability -m comment --comment "$iface $weight $total_weight_v6" -j MARK --set-xmark $(($id*256))/0xff00
468
+			fi
469
+		fi
470
+	fi
471
+}
472
+
473
+mwan3_create_policies_iptables()
474
+{
475
+	local last_resort lowest_metric_v4 lowest_metric_v6 total_weight_v4 total_weight_v6 policy IPT
476
+
477
+	policy="$1"
478
+
479
+	config_get last_resort $1 last_resort unreachable
480
+
481
+	if [ "$1" != $(echo "$1" | cut -c1-15) ]; then
482
+		$LOG warn "Policy $1 exceeds max of 15 chars. Not setting policy" && return 0
483
+	fi
484
+
485
+	for IPT in "$IPT4" "$IPT6"; do
486
+
487
+		if ! $IPT -S mwan3_policy_$1 &> /dev/null; then
488
+			$IPT -N mwan3_policy_$1
489
+		fi
490
+
491
+		$IPT -F mwan3_policy_$1
492
+
493
+		case "$last_resort" in
494
+			blackhole)
495
+				$IPT -A mwan3_policy_$1 -m mark --mark 0x0/0xff00 -m comment --comment "blackhole" -j MARK --set-xmark 0xfd00/0xff00
496
+			;;
497
+			default)
498
+				$IPT -A mwan3_policy_$1 -m mark --mark 0x0/0xff00 -m comment --comment "default" -j MARK --set-xmark 0xff00/0xff00
499
+			;;
500
+			*)
501
+				$IPT -A mwan3_policy_$1 -m mark --mark 0x0/0xff00 -m comment --comment "unreachable" -j MARK --set-xmark 0xfe00/0xff00
502
+			;;
503
+		esac
504
+	done
505
+
506
+	lowest_metric_v4=256
507
+	total_weight_v4=0
508
+
509
+	lowest_metric_v6=256
510
+	total_weight_v6=0
511
+
512
+	config_list_foreach $1 use_member mwan3_set_policy
513
+}
514
+
515
+mwan3_set_sticky_iptables()
516
+{
517
+	local id
518
+
519
+	mwan3_get_iface_id id $1
520
+
521
+	[ -n "$id" ] || return 0
522
+
523
+	$IPS -! create mwan3_sticky_v4_$rule hash:ip,mark markmask 0xff00 timeout $timeout
524
+	$IPS -! create mwan3_sticky_v6_$rule hash:ip,mark markmask 0xff00 timeout $timeout family inet6
525
+	$IPS -! create mwan3_sticky_$rule list:set
526
+	$IPS -! add mwan3_sticky_$rule mwan3_sticky_v4_$rule
527
+	$IPS -! add mwan3_sticky_$rule mwan3_sticky_v6_$rule
528
+
529
+	for IPT in "$IPT4" "$IPT6"; do
530
+		if [ -n "$($IPT -S mwan3_iface_$1 2> /dev/null)" ]; then
531
+			$IPT -I mwan3_rule_$rule -m set ! --match-set mwan3_sticky_$rule src,src -j MARK --set-xmark 0x0/0xff00
532
+			$IPT -I mwan3_rule_$rule -m mark --mark 0/0xff00 -j MARK --set-xmark $(($id*256))/0xff00
533
+		fi
534
+	done
535
+}
536
+
537
+mwan3_set_user_iptables_rule()
538
+{
539
+	local ipset family proto policy src_ip src_port sticky dest_ip dest_port use_policy timeout rule policy IPT
540
+
541
+	rule="$1"
542
+
543
+	config_get sticky $1 sticky 0
544
+	config_get timeout $1 timeout 600
545
+	config_get ipset $1 ipset
546
+	config_get proto $1 proto all
547
+	config_get src_ip $1 src_ip 0.0.0.0/0
548
+	config_get src_port $1 src_port 0:65535
549
+	config_get dest_ip $1 dest_ip 0.0.0.0/0
550
+	config_get dest_port $1 dest_port 0:65535
551
+	config_get use_policy $1 use_policy
552
+	config_get family $1 family any
553
+
554
+	if [ "$1" != $(echo "$1" | cut -c1-15) ]; then
555
+		$LOG warn "Rule $1 exceeds max of 15 chars. Not setting rule" && return 0
556
+	fi
557
+
558
+	if [ -n "$ipset" ]; then
559
+		if [ -z "$($IPS -n list $ipset 2> /dev/null)" ]; then
560
+			$IPS create $ipset list:set
561
+			$IPS create v4_$ipset hash:ip timeout 3600
562
+			$IPS create v6_$ipset hash:ip timeout 3600 family inet6
563
+			$IPS add $ipset v4_$ipset
564
+			$IPS add $ipset v6_$ipset
565
+		fi
566
+
567
+		ipset="-m set --match-set $ipset dst"
568
+	fi
569
+
570
+	if [ -n "$use_policy" ]; then
571
+		if [ "$use_policy" == "default" ]; then
572
+			policy="MARK --set-xmark 0xff00/0xff00"
573
+		elif [ "$use_policy" == "unreachable" ]; then
574
+			policy="MARK --set-xmark 0xfe00/0xff00"
575
+		elif [ "$use_policy" == "blackhole" ]; then
576
+			policy="MARK --set-xmark 0xfd00/0xff00"
577
+		else
578
+			if [ "$sticky" -eq 1 ]; then
579
+
580
+				policy="mwan3_policy_$use_policy"
581
+
582
+				config_foreach mwan3_set_sticky_iptables interface
583
+
584
+				for IPT in "$IPT4" "$IPT6"; do
585
+					if ! $IPT -S $policy &> /dev/null; then
586
+						$IPT -N $policy
587
+					fi
588
+
589
+					if ! $IPT -S mwan3_rule_$1 &> /dev/null; then
590
+						$IPT -N mwan3_rule_$1
591
+					fi
592
+
593
+					$IPT -F mwan3_rule_$1
594
+
595
+					$IPT -A mwan3_rule_$1 -m mark --mark 0/0xff00 -j $policy
596
+					$IPT -A mwan3_rule_$1 -m mark ! --mark 0xfc00/0xfc00 -j SET --del-set mwan3_sticky_$rule src,src
597
+					$IPT -A mwan3_rule_$1 -m mark ! --mark 0xfc00/0xfc00 -j SET --add-set mwan3_sticky_$rule src,src
598
+				done
599
+
600
+				policy="mwan3_rule_$1"
601
+			else
602
+				policy="mwan3_policy_$use_policy"
603
+
604
+				for IPT in "$IPT4" "$IPT6"; do
605
+					if ! $IPT -S $policy &> /dev/null; then
606
+						$IPT -N $policy
607
+					fi
608
+				done
609
+
610
+			fi
611
+		fi
612
+
613
+		if [ "$family" == "any" ]; then
614
+
615
+			for IPT in "$IPT4" "$IPT6"; do
616
+				case $proto in
617
+					tcp|udp)
618
+					$IPT -A mwan3_rules -p $proto -s $src_ip -d $dest_ip $ipset -m multiport --sports $src_port -m multiport --dports $dest_port -m mark --mark 0/0xff00 -m comment --comment "$1" -j $policy &> /dev/null
619
+					;;
620
+					*)
621
+					$IPT -A mwan3_rules -p $proto -s $src_ip -d $dest_ip $ipset -m mark --mark 0/0xff00 -m comment --comment "$1" -j $policy &> /dev/null
622
+					;;
623
+				esac
624
+			done
625
+
626
+		elif [ "$family" == "ipv4" ]; then
627
+
628
+			case $proto in
629
+				tcp|udp)
630
+				$IPT4 -A mwan3_rules -p $proto -s $src_ip -d $dest_ip $ipset -m multiport --sports $src_port -m multiport --dports $dest_port -m mark --mark 0/0xff00 -m comment --comment "$1" -j $policy &> /dev/null
631
+				;;
632
+				*)
633
+				$IPT4 -A mwan3_rules -p $proto -s $src_ip -d $dest_ip $ipset -m mark --mark 0/0xff00 -m comment --comment "$1" -j $policy &> /dev/null
634
+				;;
635
+			esac
636
+
637
+		elif [ "$family" == "ipv6" ]; then
638
+
639
+			case $proto in
640
+				tcp|udp)
641
+				$IPT6 -A mwan3_rules -p $proto -s $src_ip -d $dest_ip $ipset -m multiport --sports $src_port -m multiport --dports $dest_port -m mark --mark 0/0xff00 -m comment --comment "$1" -j $policy &> /dev/null
642
+				;;
643
+				*)
644
+				$IPT6 -A mwan3_rules -p $proto -s $src_ip -d $dest_ip $ipset -m mark --mark 0/0xff00 -m comment --comment "$1" -j $policy &> /dev/null
645
+				;;
646
+			esac
647
+		fi
648
+	fi
649
+}
650
+
651
+mwan3_set_user_rules()
652
+{
653
+	local IPT
654
+
655
+	for IPT in "$IPT4" "$IPT6"; do
656
+
657
+		if ! $IPT -S mwan3_rules &> /dev/null; then
658
+			$IPT -N mwan3_rules
659
+		fi
660
+
661
+		$IPT -F mwan3_rules
662
+	done
663
+
664
+	config_foreach mwan3_set_user_iptables_rule rule
665
+}
666
+
667
+mwan3_report_iface_status()
668
+{
669
+	local device result track_ips tracking IP IPT
670
+
671
+	mwan3_get_iface_id id $1
672
+	network_get_device device $1
673
+	config_get enabled "$1" enabled 0
674
+	config_get family "$1" family ipv4
675
+
676
+	if [ "$family" == "ipv4" ]; then
677
+		IP="$IP4"
678
+		IPT="$IPT4"
679
+	fi
680
+
681
+	if [ "$family" == "ipv6" ]; then
682
+		IP="$IP6"
683
+		IPT="$IPT6"
684
+	fi
685
+
686
+	if [ -z "$id" -o -z "$device" ]; then
687
+		result="unknown"
688
+	elif [ -n "$($IP rule | awk '$1 == "'$(($id+1000)):'"')"i -a -n "$($IP rule | awk '$1 == "'$(($id+2000)):'"')" -a -n "$($IPT -S mwan3_iface_in_$1 2> /dev/null)" -a -n "$($IPT -S mwan3_iface_out_$1 2> /dev/null)" -a -n "$($IP route list table $id default dev $device 2> /dev/null)" ]; then
689
+		result="online"
690
+	elif [ -n "$($IP rule | awk '$1 == "'$(($id+1000)):'"')" -o -n "$($IP rule | awk '$1 == "'$(($id+2000)):'"')" -o -n "$($IPT -S mwan3_iface_in_$1 2> /dev/null)" -o -n "$($IPT -S mwan3_iface_out_$1 2> /dev/null)" -o -n "$($IP route list table $id default dev $device 2> /dev/null)" ]; then
691
+		result="error"
692
+	else
693
+		if [ "$enabled" == "1" ]; then
694
+			result="offline"
695
+		else
696
+			result="disabled"
697
+		fi
698
+	fi
699
+
700
+	mwan3_list_track_ips()
701
+	{
702
+		track_ips="$1 $track_ips"
703
+	}
704
+	config_list_foreach $1 track_ip mwan3_list_track_ips
705
+
706
+	if [ -n "$track_ips" ]; then
707
+		if [ -n "$(ps -w | grep mwan3track | grep -v grep | sed '/.*\/usr\/sbin\/mwan3track \([^ ]*\) .*$/!d;s//\1/' | awk '$1 == "'$1'"')" ]; then
708
+			tracking="active"
709
+		else
710
+			tracking="down"
711
+		fi
712
+	else
713
+		tracking="not enabled"
714
+	fi
715
+
716
+	echo " interface $1 is $result and tracking is $tracking"
717
+}
718
+
719
+mwan3_report_policies_v4()
720
+{
721
+	local percent policy share total_weight weight iface
722
+
723
+	for policy in $($IPT4 -S | awk '{print $2}' | grep mwan3_policy_ | sort -u); do
724
+		echo "$policy:" | sed 's/mwan3_policy_//'
725
+
726
+		[ -n "$total_weight" ] || total_weight=$($IPT4 -S $policy | cut -s -d'"' -f2 | head -1 | awk '{print $3}')
727
+
728
+		if [ ! -z "${total_weight##*[!0-9]*}" ]; then
729
+			for iface in $($IPT4 -S $policy | cut -s -d'"' -f2 | awk '{print $1}'); do
730
+				weight=$($IPT4 -S $policy | cut -s -d'"' -f2 | awk '$1 == "'$iface'"' | awk '{print $2}')
731
+				percent=$(($weight*100/$total_weight))
732
+				echo " $iface ($percent%)"
733
+			done
734
+		else
735
+			echo " $($IPT4 -S $policy | sed '/.*--comment \([^ ]*\) .*$/!d;s//\1/;q')"
736
+		fi
737
+
738
+		unset total_weight
739
+
740
+		echo -e
741
+	done
742
+}
743
+
744
+mwan3_report_policies_v6()
745
+{
746
+	local percent policy share total_weight weight iface
747
+
748
+	for policy in $($IPT6 -S | awk '{print $2}' | grep mwan3_policy_ | sort -u); do
749
+		echo "$policy:" | sed 's/mwan3_policy_//'
750
+
751
+		[ -n "$total_weight" ] || total_weight=$($IPT6 -S $policy | cut -s -d'"' -f2 | head -1 | awk '{print $3}')
752
+
753
+		if [ ! -z "${total_weight##*[!0-9]*}" ]; then
754
+			for iface in $($IPT6 -S $policy | cut -s -d'"' -f2 | awk '{print $1}'); do
755
+				weight=$($IPT6 -S $policy | cut -s -d'"' -f2 | awk '$1 == "'$iface'"' | awk '{print $2}')
756
+				percent=$(($weight*100/$total_weight))
757
+				echo " $iface ($percent%)"
758
+			done
759
+		else
760
+			echo " $($IPT6 -S $policy | sed '/.*--comment \([^ ]*\) .*$/!d;s//\1/;q')"
761
+		fi
762
+
763
+		unset total_weight
764
+
765
+		echo -e
766
+	done
767
+}
768
+
769
+mwan3_report_connected_v4()
770
+{
771
+	local address
772
+
773
+	if [ -n "$($IPT4 -S mwan3_connected 2> /dev/null)" ]; then
774
+		for address in $($IPS list mwan3_connected_v4 | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do
775
+			echo " $address"
776
+		done
777
+	fi
778
+}
779
+
780
+mwan3_report_connected_v6()
781
+{
782
+	local address
783
+
784
+	if [ -n "$($IPT6 -S mwan3_connected 2> /dev/null)" ]; then
785
+		for address in $($IPS list mwan3_connected_v6 | egrep '([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])'); do
786
+			echo " $address"
787
+		done
788
+	fi
789
+}
790
+
791
+mwan3_report_rules_v4()
792
+{
793
+	if [ -n "$($IPT4 -S mwan3_rules 2> /dev/null)" ]; then
794
+		$IPT4 -L mwan3_rules -n -v 2> /dev/null | tail -n+3 | sed 's/mark.*//' | sed 's/mwan3_policy_/- /' | sed 's/mwan3_rule_/S /'
795
+	fi
796
+}
797
+
798
+mwan3_report_rules_v6()
799
+{
800
+	if [ -n "$($IPT6 -S mwan3_rules 2> /dev/null)" ]; then
801
+		$IPT6 -L mwan3_rules -n -v 2> /dev/null | tail -n+3 | sed 's/mark.*//' | sed 's/mwan3_policy_/- /' | sed 's/mwan3_rule_/S /'
802
+	fi
803
+}

+ 55
- 116
net/mwan3/files/usr/sbin/mwan3 Целия файл

@@ -1,26 +1,14 @@
1 1
 #!/bin/sh
2 2
 
3
-if [ -x /usr/sbin/ip ]; then
4
-        IP="/usr/sbin/ip -4"
5
-elif [ -x /usr/bin/ip ]; then
6
-        IP="/usr/bin/ip -4"
7
-else
8
-        exit 1
9
-fi
10
-
11
-if [ -x /usr/sbin/ipset ]; then
12
-        IPS="/usr/sbin/ipset"
13
-else
14
-        exit 1
15
-fi
16
-
17
-if [ -x /usr/sbin/iptables ]; then
18
-        IPT="/usr/sbin/iptables -t mangle -w"
19
-else
20
-        exit 1
21
-fi
3
+[ -x /usr/bin/ip ] || exit 4
4
+[ -x /usr/sbin/ipset ] || exit 5
5
+[ -x /usr/sbin/iptables ] || exit 6
6
+[ -x /usr/sbin/ip6tables ] || exit 7
7
+[ -x /usr/bin/logger ] || exit 8
22 8
 
23 9
 . /lib/functions.sh
10
+. /lib/functions/network.sh
11
+. /lib/mwan3/mwan3.sh
24 12
 
25 13
 help()
26 14
 {
@@ -34,8 +22,9 @@ Available commands:
34 22
         ifup <iface>    Load rules and routes for specific interface
35 23
         ifdown <iface>  Unload rules and routes for specific interface
36 24
         interfaces      Show interfaces status
37
-        policies        Show policies status
38
-        rules           Show rules status
25
+        policies        Show currently active policy
26
+	connected	Show directly connected networks
27
+        rules           Show active rules
39 28
         status          Show all status
40 29
 
41 30
 EOF
@@ -51,12 +40,12 @@ ifdown()
51 40
 		echo "Error: Too many arguments. Usage: mwan3 ifdown <interface>" && exit 0
52 41
 	fi
53 42
 
43
+	ACTION=ifdown INTERFACE=$1 /sbin/hotplug-call iface
44
+
54 45
 	if [ -e /var/run/mwan3track-$1.pid ] ; then
55 46
 		kill $(cat /var/run/mwan3track-$1.pid)
56 47
 		rm /var/run/mwan3track-$1.pid
57 48
 	fi
58
-
59
-	ACTION=ifdown INTERFACE=$1 /sbin/hotplug-call iface
60 49
 }
61 50
 
62 51
 ifup()
@@ -84,102 +73,46 @@ ifup()
84 73
 
85 74
 interfaces()
86 75
 {
87
-	local device enabled iface_id tracking
88
-
89 76
 	config_load mwan3
90 77
 
91 78
 	echo "Interface status:"
92
-
93
-	check_iface_status()
94
-	{
95
-		let iface_id++
96
-		device=$(uci -p /var/state get network.$1.ifname) &> /dev/null
97
-
98
-		if [ -z "$device" ]; then
99
-			echo " interface $1 is unknown"
100
-			return 0
101
-		fi
102
-
103
-		config_get enabled "$1" enabled 0
104
-
105
-		if [ -n "$(ps -w | grep mwan3track | grep -v grep | sed '/.*\/usr\/sbin\/mwan3track \([^ ]*\) .*$/!d;s//\1/' | awk '$1 == "'$1'"')" ]; then
106
-			tracking="active"
107
-		else
108
-			tracking="down"
109
-		fi
110
-
111
-		if [ -n "$($IP rule | awk '$5 == "'$device'"')" -a -n "$($IPT -S mwan3_iface_$1 2> /dev/null)" -a -n "$($IP route list table $iface_id default dev $device 2> /dev/null)" ]; then
112
-			if [ -n "$(uci -p /var/state get mwan3.$1.track_ip 2> /dev/null)" ]; then
113
-				echo " interface $1 is online (tracking $tracking)"
114
-			else
115
-				echo " interface $1 is online"
116
-			fi
117
-		elif [ -n "$($IP rule | awk '$5 == "'$device'"')" -o -n "$($IPT -S mwan3_iface_$1 2> /dev/null)" -o -n "$($IP route list table $iface_id default dev $device 2> /dev/null)" ]; then
118
-			echo " interface $1 error"
119
-		else
120
-			if [ "$enabled" -eq 1 ]; then
121
-				if [ -n "$(uci -p /var/state get mwan3.$1.track_ip 2> /dev/null)" ]; then
122
-					echo " interface $1 is offline (tracking $tracking)"
123
-				else
124
-					echo " interface $1 is offline"
125
-				fi
126
-			else
127
-				echo " interface $1 is disabled"
128
-			fi
129
-		fi
130
-	}
131
-	config_foreach check_iface_status interface
79
+	config_foreach mwan3_report_iface_status interface
132 80
 	echo -e
133 81
 }
134 82
 
135 83
 policies()
136 84
 {
137
-	local percent policy share total_weight weight iface
138
-
139
-	for policy in $($IPT -S | awk '{print $2}' | grep mwan3_policy_ | sort -u); do
140
-		echo "Policy $policy:" | sed 's/mwan3_policy_//'
141
-
142
-		[ -n "$total_weight" ] || total_weight=$($IPT -S $policy | cut -s -d'"' -f2 | head -1 | awk '{print $3}')
143
-
144
-		if [ ! -z "${total_weight##*[!0-9]*}" ]; then
145
-			for iface in $($IPT -S $policy | cut -s -d'"' -f2 | awk '{print $1}'); do
146
-				weight=$($IPT -S $policy | cut -s -d'"' -f2 | awk '$1 == "'$iface'"' | awk '{print $2}')
147
-				percent=$(($weight*100/$total_weight))
148
-				echo " $iface ($percent%)"
149
-			done
150
-		else
151
-			echo " $($IPT -S $policy | sed '/.*--comment \([^ ]*\) .*$/!d;s//\1/;q')"
152
-		fi
153
-
154
-		echo -e
85
+	echo "Current ipv4 policies:"
86
+	mwan3_report_policies_v4
87
+	echo "Current ipv6 policies:"
88
+	mwan3_report_policies_v6
89
+}
155 90
 
156
-		unset iface
157
-		unset total_weight
158
-	done
91
+connected()
92
+{
93
+	echo "Directly connected ipv4 networks:"
94
+	mwan3_report_connected_v4
95
+	echo -e
96
+	echo "Directly connected ipv6 networks:"
97
+	mwan3_report_connected_v6
98
+	echo -e
159 99
 }
100
+
160 101
 rules()
161 102
 {
162
-	local address
163
-
164
-	if [ -n "$($IPT -S mwan3_connected 2> /dev/null)" ]; then
165
-		echo "Known networks:"
166
-		for address in $($IPS list mwan3_connected | egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do
167
-			echo " $address"
168
-		done
169
-		echo -e
170
-	fi
171
-
172
-	if [ -n "$($IPT -S mwan3_rules 2> /dev/null)" ]; then
173
-		echo "Active rules:"
174
-		$IPT -L mwan3_rules -n -v 2> /dev/null | tail -n+3 | sed 's/mark.*//' | sed 's/mwan3_policy_/- /' | sed 's/mwan3_rule_/S /'
175
-		echo -e
176
-	fi
103
+	echo "Active ipv4 user rules:"
104
+	mwan3_report_rules_v4
105
+	echo -e
106
+	echo "Active ipv6 user rules:"
107
+	mwan3_report_rules_v6
108
+	echo -e
177 109
 }
178 110
 
179 111
 status()
180 112
 {
181 113
 	interfaces
182 114
 	policies
115
+	connected
183 116
 	rules
184 117
 }
185 118
 
@@ -191,31 +124,37 @@ start()
191 124
 
192 125
 stop()
193 126
 {
194
-	local ipset route rule table
127
+	local ipset route rule table IP IPT
195 128
 
196 129
 	killall mwan3track &> /dev/null
197 130
 	rm /var/run/mwan3track-* &> /dev/null
198 131
 
199
-	for route in $($IP route list table all | sed 's/.*table \([^ ]*\) .*/\1/' |  awk '{print $1}' | awk '{for(i=1;i<=NF;i++) if($i+0>0) if($i+0<255) {print;break}}'); do
200
-		$IP route flush table $route &> /dev/null
201
-	done
132
+	for IP in "$IP4" "$IP6"; do
202 133
 
203
-	for rule in $($IP rule list | egrep '^[1-2][0-9]{3}\:' | cut -d ':' -f 1); do
204
-		$IP rule del pref $rule &> /dev/null
134
+		for route in $($IP route list table all | sed 's/.*table \([^ ]*\) .*/\1/' |  awk '{print $1}' | awk '{for(i=1;i<=NF;i++) if($i+0>0) if($i+0<255) {print;break}}'); do
135
+			$IP route flush table $route &> /dev/null
136
+		done
137
+
138
+		for rule in $($IP rule list | egrep '^[1-2][0-9]{3}\:' | cut -d ':' -f 1); do
139
+			$IP rule del pref $rule &> /dev/null
140
+		done
205 141
 	done
206 142
 
207
-	$IPT -D PREROUTING -j mwan3_hook &> /dev/null
208
-	$IPT -D OUTPUT -j mwan3_hook &> /dev/null
143
+	for IPT in "$IPT4" "$IPT6"; do
209 144
 
210
-	for table in $($IPT -S | awk '{print $2}' | grep mwan3 | sort -u); do
211
-		$IPT -F $table &> /dev/null
212
-	done
145
+		$IPT -D PREROUTING -j mwan3_hook &> /dev/null
146
+		$IPT -D OUTPUT -j mwan3_hook &> /dev/null
213 147
 
214
-	for table in $($IPT -S | awk '{print $2}' | grep mwan3 | sort -u); do
215
-		$IPT -X $table &> /dev/null
148
+		for table in $($IPT -S | awk '{print $2}' | grep mwan3 | sort -u); do
149
+			$IPT -F $table &> /dev/null
150
+		done
151
+
152
+		for table in $($IPT -S | awk '{print $2}' | grep mwan3 | sort -u); do
153
+			$IPT -X $table &> /dev/null
154
+		done
216 155
 	done
217 156
 
218
-	for ipset in $(ipset -n list | grep mwan3); do
157
+	for ipset in $($IPS -n list | sort | grep mwan3); do
219 158
 		$IPS destroy $ipset
220 159
 	done
221 160
 }
@@ -226,7 +165,7 @@ restart() {
226 165
 }
227 166
 
228 167
 case "$1" in
229
-	ifup|ifdown|interfaces|policies|rules|status|start|stop|restart)
168
+	ifup|ifdown|interfaces|policies|connected|rules|status|start|stop|restart)
230 169
 		$*
231 170
 	;;
232 171
 	*)

+ 1
- 1
net/mwan3/files/usr/sbin/mwan3track Целия файл

@@ -17,7 +17,7 @@ lost=0
17 17
 while true; do
18 18
 
19 19
 	for track_ip in $track_ips; do
20
-		ping -I $2 -c $4 -W $5 -s 4 -q $track_ip &> /dev/null
20
+		ping -I $2 -c $4 -W $5 -q $track_ip &> /dev/null
21 21
 		if [ $? -eq 0 ]; then
22 22
 			let host_up_count++
23 23
 		else