The IPsec ip route table has the default number 220.
If mwan3 has more then 7 bits set (124 interfaces) then if mwan3 down is
executed the table is also cleared. To solve this set default max 7
bits in the mmx_mask for mwan3.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
We need always three of the firewall mask value for
* default routing table
* blackhole
* unreachable
the other will be used for the interfaces.
* If we have set the mmx_mask to max 0xFF00 (8 bit set) we could use max 252
interfaces.
* If we have set the mmx_mask to min 0x0E00 (3 bit set) we could use max 4
interfaces.
Only the ones are counting from the firewall mask value.
Minimal three firewall mask bit vaules must be set.
Maximal eight firewall mask bit vaules could be set.
Table overview mmx_mask value bits vs. max interfaces
mmx_mask value bits set 1 -> not usefull
mmx_mask value bits set 2 -> not usefull
mmx_mask value bits set 3 -> 4 Interfaces (mask example 0x0E)
mmx_mask value bits set 4 -> 12 Interfaces
mmx_mask value bits set 5 -> 28 Interfaces
mmx_mask value bits set 6 -> 60 Interfaces
mmx_mask value bits set 7 -> 124 Interfaces
mmx_mask value bits set 8 -> 252 Interfaces (mask example 0xFF)
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Move all shell commands which are executed during /lib/mwan3/mwan3.sh
sourceing into a seperate init function which must be called at first.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
In some situation it is not enough to send a SIGTERM to mwan3track to
ask service to stop accurate. If this does not work send him a SIGKILL
to prevent mwan3track running more then once per interface.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If metric of member interface is bigger then 256, it is not
appended to policy, now at least warn message is printed into
syslog
Signed-off-by: Jakub Janco <kubco2@gmail.com>
If the date is changed by ntp the age value of mwan3 on ubus could jitter.
Use instead the uptime value from /proc/uptime which will not change during
system run.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Interfaces of some PtP protocols do not have a real gateway. In that
case ubus may fill them with '0.0.0.0' or even leave it blank. This
will cause error when adding new routing rule.
Signed-off-by: David Yang <mmyangfl@gmail.com>
This commit fixed what 6d99b602 was supposed to fix without affecting
interface-bound traffic.
Before 6d99b602 interface-bound traffic was working normally as long
as at least one interface was online. However when the last interface
went offline, it was impossible to ping and such state was
unrecoverable.
Commit 6d99b602 fixed unrecoverable offline state problem (it was
possible to ping -I iface) but messed inteface-bound traffic. Traffic
with interface source address was not working if the interface was in
"offline" state, even if another interface was online.
The problem was caused by an inconsistent "offline" interface state:
iptables-related rules were kept while routing table and policy were
deleted.
The idea behind this commit is to:
1. Keep all the rules for each interface (iptables, routing table,
policy) regardless of its state. This ensures consistency,
2. Make interface state hotplug events affect only iptables'
mwan3_policy_* rules. Interface-related iptables, routing table
and policy is removed only when mwan3 is manually stopped.
To make such changes possible, it's necessary to change the way
mwan3_policy_* rule generator keeps track of interface state hotplug
events.
Until now, it checked for the existence of custom interface-related
routing table (table id 1, 2, 3, ...). Clearly we can no longer rely
on that so each interface state is stored explicitly in file.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
Add new interface config option "inital_state".
If interface comeing up the first time(mwan3 start, boot),
there are now two option for interface behaviour:
- online (default as is now)
Set up interface regardless wether tracking ip are reachable or not.
- offline
Set up interface first to ping tracking ip and if they are reachable set up
the interface completely.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If two interface have the same prefix "wan" for example "wan" and "wan1"
pgrep returns the PID for wan1 also "pgrep -f mwan3track wan".
Before this fix "wan1" was also killed! This is not what we want.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Adds support for interface tracking using either ping, arping or
httping. This allows to track interface status on networks with filtered
ICMP traffic or simply to monitor data link layer etc.
To facilitate binding to a specified interface its IP address is passed
as a new mwan3track parameter. It's currently required by httping
and possibly by other tools that may be added in the future.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
If more then one interface get up/down at once mwan3 could be in a
undefined state, because more then one mwan3 hotplug script are running
and editing the iptables.
Lock the critical section should solve this issue.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If mwan3track will not stop immediately after sending the kill signal,
the clean_up handler will delete the pid file later while the new mwan3track is
already running.
This could result in a situation that mwan3track is running
more then once because the old mwan3track service could not be killed,
because the pid file is missing.
Using pgrep to kill all mwan3track for the tracked interface and not using
pid file should fix this issue.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If interface is getting down by netifd (unplug ethernet cable)
mwan3track will not recognize this change. It will also generate an
additional down event when he notice does his tracking interface is offline.
Mwan3track will now be informed by a signal (trap) USR1 during down event
that the interface is already down. An additional down event will not be
generated.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If mwan3track detects a failure the interval check will change to
"failure_interval" value until this interface is declared "offline".
After interface gets "offline" normal "interval" value is used again.
If interface ping is successful again "recovery_interval" value is used until
interface is declared "online" again.
Using the different intervals will accelerate the wan line detections on
failure and recovery.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
On interfaces with interface proto "qmi|ncm" and option dhcp
enabled the interface will be changed to $iface_4 | $iface_6. The
interface mapping in mwan3 will not recognize this interface. To fix
this issue an ubus call will check if an upper interface exists.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Local variable declarations outside of functions are illegal since the Busybox
update to v1.25.0, therfore remove them from the appropriate places.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Fix iptables issue where a needed ipset was not created if first wan that came online was not a member of policy.
Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>
Fix issue with sticky sessions not working correctly
Fix issue where user created ipsets were not applied
Signed-off-by: Jeroen Louwes <jeroen.louwes@gmail.com>
