270245e6d4
We need always three of the firewall mask value for * default routing table * blackhole * unreachable the other will be used for the interfaces. * If we have set the mmx_mask to max 0xFF00 (8 bit set) we could use max 252 interfaces. * If we have set the mmx_mask to min 0x0E00 (3 bit set) we could use max 4 interfaces. Only the ones are counting from the firewall mask value. Minimal three firewall mask bit vaules must be set. Maximal eight firewall mask bit vaules could be set. Table overview mmx_mask value bits vs. max interfaces mmx_mask value bits set 1 -> not usefull mmx_mask value bits set 2 -> not usefull mmx_mask value bits set 3 -> 4 Interfaces (mask example 0x0E) mmx_mask value bits set 4 -> 12 Interfaces mmx_mask value bits set 5 -> 28 Interfaces mmx_mask value bits set 6 -> 60 Interfaces mmx_mask value bits set 7 -> 124 Interfaces mmx_mask value bits set 8 -> 252 Interfaces (mask example 0xFF) Signed-off-by: Florian Eckert <fe@dev.tdt.de>
198 lines
3.7 KiB
Bash
Executable file
198 lines
3.7 KiB
Bash
Executable file
#!/bin/sh
|
|
|
|
. /lib/functions.sh
|
|
. /lib/functions/network.sh
|
|
. /lib/mwan3/mwan3.sh
|
|
|
|
help()
|
|
{
|
|
cat <<EOF
|
|
Syntax: mwan3 [command]
|
|
|
|
Available commands:
|
|
start Load iptables rules, ip rules and ip routes
|
|
stop Unload iptables rules, ip rules and ip routes
|
|
restart Reload iptables rules, ip rules and ip routes
|
|
ifup <iface> Load rules and routes for specific interface
|
|
ifdown <iface> Unload rules and routes for specific interface
|
|
interfaces Show interfaces status
|
|
policies Show currently active policy
|
|
connected Show directly connected networks
|
|
rules Show active rules
|
|
status Show all status
|
|
|
|
EOF
|
|
}
|
|
|
|
ifdown()
|
|
{
|
|
if [ -z "$1" ]; then
|
|
echo "Error: Expecting interface. Usage: mwan3 ifdown <interface>" && exit 0
|
|
fi
|
|
|
|
if [ -n "$2" ]; then
|
|
echo "Error: Too many arguments. Usage: mwan3 ifdown <interface>" && exit 0
|
|
fi
|
|
|
|
ACTION=ifdown INTERFACE=$1 /sbin/hotplug-call iface
|
|
|
|
kill $(pgrep -f "mwan3track $1 $2") &> /dev/null
|
|
mwan3_track_clean $1
|
|
}
|
|
|
|
ifup()
|
|
{
|
|
local device enabled
|
|
|
|
config_load mwan3
|
|
|
|
if [ -z "$1" ]; then
|
|
echo "Expecting interface. Usage: mwan3 ifup <interface>" && exit 0
|
|
fi
|
|
|
|
if [ -n "$2" ]; then
|
|
echo "Too many arguments. Usage: mwan3 ifup <interface>" && exit 0
|
|
fi
|
|
|
|
config_get_bool enabled globals 'enabled' 0
|
|
[ ${enabled} -gt 0 ] || {
|
|
echo "Warning: mwan3 is global disabled. Usage: /etc/init.d/mwan3 start"
|
|
exit 0
|
|
}
|
|
|
|
config_get enabled "$1" enabled 0
|
|
|
|
device=$(uci -p /var/state get network.$1.ifname) &> /dev/null
|
|
|
|
if [ -n "$device" ] ; then
|
|
[ "$enabled" -eq 1 ] && ACTION=ifup INTERFACE=$1 DEVICE=$device /sbin/hotplug-call iface
|
|
fi
|
|
}
|
|
|
|
interfaces()
|
|
{
|
|
config_load mwan3
|
|
|
|
echo "Interface status:"
|
|
config_foreach mwan3_report_iface_status interface
|
|
echo -e
|
|
}
|
|
|
|
policies()
|
|
{
|
|
echo "Current ipv4 policies:"
|
|
mwan3_report_policies_v4
|
|
echo -e
|
|
echo "Current ipv6 policies:"
|
|
mwan3_report_policies_v6
|
|
echo -e
|
|
}
|
|
|
|
connected()
|
|
{
|
|
echo "Directly connected ipv4 networks:"
|
|
mwan3_report_connected_v4
|
|
echo -e
|
|
echo "Directly connected ipv6 networks:"
|
|
mwan3_report_connected_v6
|
|
echo -e
|
|
}
|
|
|
|
rules()
|
|
{
|
|
echo "Active ipv4 user rules:"
|
|
mwan3_report_rules_v4
|
|
echo -e
|
|
echo "Active ipv6 user rules:"
|
|
mwan3_report_rules_v6
|
|
echo -e
|
|
}
|
|
|
|
status()
|
|
{
|
|
interfaces
|
|
policies
|
|
connected
|
|
rules
|
|
}
|
|
|
|
start()
|
|
{
|
|
local enabled
|
|
|
|
config_load mwan3
|
|
config_get_bool enabled globals 'enabled' 0
|
|
[ ${enabled} -gt 0 ] || {
|
|
echo "Warning: mwan3 is global disabled. Usage: /etc/init.d/mwan3 start"
|
|
exit 0
|
|
}
|
|
|
|
config_foreach ifup interface
|
|
}
|
|
|
|
stop()
|
|
{
|
|
local ipset route rule table IP IPT pid
|
|
|
|
for pid in $(pgrep -f "mwan3track"); do
|
|
kill -TERM "$pid" > /dev/null 2>&1
|
|
sleep 1
|
|
kill -KILL "$pid" > /dev/null 2>&1
|
|
done
|
|
|
|
config_load mwan3
|
|
config_foreach mwan3_track_clean interface
|
|
|
|
for IP in "$IP4" "$IP6"; do
|
|
|
|
for route in $(seq 1 $MWAN3_INTERFACE_MAX); do
|
|
$IP route flush table $route &> /dev/null
|
|
done
|
|
|
|
for rule in $($IP rule list | egrep '^[1-2][0-9]{3}\:' | cut -d ':' -f 1); do
|
|
$IP rule del pref $rule &> /dev/null
|
|
done
|
|
done
|
|
|
|
for IPT in "$IPT4" "$IPT6"; do
|
|
|
|
$IPT -D PREROUTING -j mwan3_hook &> /dev/null
|
|
$IPT -D OUTPUT -j mwan3_hook &> /dev/null
|
|
|
|
for table in $($IPT -S | awk '{print $2}' | grep mwan3 | sort -u); do
|
|
$IPT -F $table &> /dev/null
|
|
done
|
|
|
|
for table in $($IPT -S | awk '{print $2}' | grep mwan3 | sort -u); do
|
|
$IPT -X $table &> /dev/null
|
|
done
|
|
done
|
|
|
|
for ipset in $($IPS -n list | grep mwan3_); do
|
|
$IPS -q destroy $ipset
|
|
done
|
|
|
|
for ipset in $($IPS -n list | grep mwan3 | grep -E '_v4|_v6'); do
|
|
$IPS -q destroy $ipset
|
|
done
|
|
|
|
mwan3_lock_clean
|
|
rm -rf $MWAN3_STATUS_DIR $MWAN3TRACK_STATUS_DIR
|
|
}
|
|
|
|
restart() {
|
|
stop
|
|
start
|
|
}
|
|
|
|
case "$1" in
|
|
ifup|ifdown|interfaces|policies|connected|rules|status|start|stop|restart)
|
|
mwan3_init
|
|
$*
|
|
;;
|
|
*)
|
|
help
|
|
;;
|
|
esac
|
|
|
|
exit 0
|