for custom_network_v4 in $($IP4 route list table "$1" | awk '{print $1}' | grep -E "$IPv4_REGEX"); do
LOG notice "Adding network $custom_network_v4 from table $1 to mwan3_custom_v4 ipset"
- mwan3_push_update -! add mwan3_custom_v4 "$custom_network_v4"
+ mwan3_push_update -! add mwan3_custom_ipv4 "$custom_network_v4"
done
}
for custom_network_v6 in $($IP6 route list table "$1" | awk '{print $1}' | grep -E "$IPv6_REGEX"); do
LOG notice "Adding network $custom_network_v6 from table $1 to mwan3_custom_v6 ipset"
- mwan3_push_update -! add mwan3_custom_v6 "$custom_network_v6"
+ mwan3_push_update -! add mwan3_custom_ipv6 "$custom_network_v6"
done
}
{
local update=""
- mwan3_push_update -! create mwan3_custom_v4 hash:net
+ mwan3_push_update -! create mwan3_custom_ipv4 hash:net
+ mwan3_push_update flush mwan3_custom_ipv4
config_list_foreach "globals" "rt_table_lookup" mwan3_set_custom_ipset_v4
if [ $NO_IPV6 -eq 0 ]; then
- mwan3_push_update -! create mwan3_custom_v6 hash:net family inet6
+ mwan3_push_update -! create mwan3_custom_ipv6 hash:net family inet6
+ mwan3_push_update flush mwan3_custom_ipv6
config_list_foreach "globals" "rt_table_lookup" mwan3_set_custom_ipset_v6
fi
- mwan3_push_update -! create mwan3_connected list:set
- mwan3_push_update -! add mwan3_connected mwan3_custom_v4
- [ $NO_IPV6 -eq 0 ] && mwan3_push_update -! add mwan3_connected mwan3_custom_v6
error=$(echo "$update" | $IPS restore 2>&1) || LOG error "set_custom_ipset: $error"
}
local candidate_list cidr_list
local update=""
- mwan3_push_update -! create mwan3_connected_v4 hash:net
- mwan3_push_update flush mwan3_connected_v4
+ mwan3_push_update -! create mwan3_connected_ipv4 hash:net
+ mwan3_push_update flush mwan3_connected_ipv4
candidate_list=""
cidr_list=""
done
for connected_network_v4 in $cidr_list; do
- mwan3_push_update -! add mwan3_connected_v4 "$connected_network_v4"
+ mwan3_push_update -! add mwan3_connected_ipv4 "$connected_network_v4"
done
for connected_network_v4 in $candidate_list; do
- mwan3_push_update -! add mwan3_connected_v4 "$connected_network_v4"
+ mwan3_push_update -! add mwan3_connected_ipv4 "$connected_network_v4"
done
- mwan3_push_update add mwan3_connected_v4 224.0.0.0/3
- mwan3_push_update -! add mwan3_connected mwan3_connected_v4
+ mwan3_push_update add mwan3_connected_ipv4 224.0.0.0/3
+
error=$(echo "$update" | $IPS restore 2>&1) || LOG error "set_connected_ipv4: $error"
}
local update=""
[ $NO_IPV6 -eq 0 ] || return
- mwan3_push_update -! create mwan3_connected_v6 hash:net family inet6
- mwan3_push_update flush mwan3_connected_v6
+ mwan3_push_update -! create mwan3_connected_ipv6 hash:net family inet6
+ mwan3_push_update flush mwan3_connected_ipv6
for connected_network_v6 in $($IP6 route | awk '{print $1}' | grep -E "$IPv6_REGEX"); do
- mwan3_push_update -! add mwan3_connected_v6 "$connected_network_v6"
+ mwan3_push_update -! add mwan3_connected_ipv6 "$connected_network_v6"
done
- mwan3_push_update -! add mwan3_connected mwan3_connected_v6
error=$(echo "$update" | $IPS restore 2>&1) || LOG error "set_connected_ipv6: $error"
}
local error
local update=""
- mwan3_push_update -! create mwan3_connected list:set
- mwan3_push_update flush mwan3_connected
-
- mwan3_push_update -! create mwan3_dynamic_v4 hash:net
- mwan3_push_update -! add mwan3_connected mwan3_dynamic_v4
+ mwan3_push_update -! create mwan3_connected_ipv4 hash:net
+ mwan3_push_update flush mwan3_connected_ipv4
if [ $NO_IPV6 -eq 0 ]; then
- mwan3_push_update -! create mwan3_dynamic_v6 hash:net family inet6
- mwan3_push_update -! add mwan3_connected mwan3_dynamic_v6
+ mwan3_push_update -! create mwan3_connected_ipv6 hash:net family inet6
+ mwan3_push_update flush mwan3_connected_ipv6
fi
error=$(echo "$update" | $IPS restore 2>&1) || LOG error "set_connected_ipset: $error"
}
+mwan3_set_dynamic_ipset()
+{
+ local error
+ local update=""
+
+ mwan3_push_update -! create mwan3_dynamic_ipv4 list:set
+ mwan3_push_update flush mwan3_dynamic_ipv4
+
+ if [ $NO_IPV6 -eq 0 ]; then
+ mwan3_push_update -! create mwan3_dynamic_ipv6 hash:net family inet6
+ mwan3_push_update flush mwan3_dynamic_ipv6
+ fi
+
+ error=$(echo "$update" | $IPS restore 2>&1) || LOG error "set_dynamic_ipset: $error"
+}
+
mwan3_set_general_rules()
{
local IP
mwan3_set_general_iptables()
{
- local IPT current update error
+ local IPT current update error family
+
for IPT in "$IPT4" "$IPT6"; do
[ "$IPT" = "$IPT6" ] && [ $NO_IPV6 -ne 0 ] && continue
current="$($IPT -S)"$'\n'
mwan3_push_update -N mwan3_ifaces_in
fi
- if [ -n "${current##*-N mwan3_connected*}" ]; then
- mwan3_push_update -N mwan3_connected
- mwan3_push_update -A mwan3_connected \
- -m set --match-set mwan3_connected dst \
- -j MARK --set-xmark $MMX_DEFAULT/$MMX_MASK
+ if [ "$IPT" = "$IPT6" ]; then
+ family="ipv6"
+ else
+ family="ipv4"
fi
+ for chain in custom connected dynamic; do
+ echo "${current}" | grep -q "\-N mwan3_${chain}_${family}$"
+ local ret="$?"
+ if [ "$ret" = 1 ]; then
+ mwan3_push_update -N mwan3_${chain}_${family}
+ mwan3_push_update -A mwan3_${chain}_${family} \
+ -m set --match-set mwan3_${chain}_${family} dst \
+ -j MARK --set-xmark $MMX_DEFAULT/$MMX_MASK
+ fi
+ done
+
if [ -n "${current##*-N mwan3_rules*}" ]; then
mwan3_push_update -N mwan3_rules
fi
mwan3_push_update -A mwan3_hook \
-m mark --mark 0x0/$MMX_MASK \
-j mwan3_ifaces_in
- mwan3_push_update -A mwan3_hook \
- -m mark --mark 0x0/$MMX_MASK \
- -j mwan3_connected
+
+ for chain in custom connected dynamic; do
+ mwan3_push_update -A mwan3_hook \
+ -m mark --mark 0x0/$MMX_MASK \
+ -j mwan3_${chain}_${family}
+ done
+
mwan3_push_update -A mwan3_hook \
-m mark --mark 0x0/$MMX_MASK \
-j mwan3_rules
mwan3_push_update -A mwan3_hook \
-j CONNMARK --save-mark --nfmask "$MMX_MASK" --ctmask "$MMX_MASK"
- mwan3_push_update -A mwan3_hook \
- -m mark ! --mark $MMX_DEFAULT/$MMX_MASK \
- -j mwan3_connected
+
+ for chain in custom connected dynamic; do
+ mwan3_push_update -A mwan3_hook \
+ -m mark ! --mark $MMX_DEFAULT/$MMX_MASK \
+ -j mwan3_${chain}_${family}
+ done
fi
if [ -n "${current##*-A PREROUTING -j mwan3_hook*}" ]; then
mwan3_push_update -F "mwan3_iface_in_$1"
fi
- mwan3_push_update -A "mwan3_iface_in_$1" \
- -i "$2" \
- -m set --match-set mwan3_connected src \
- -m mark --mark "0x0/$MMX_MASK" \
- -m comment --comment "default" \
- -j MARK --set-xmark "$MMX_DEFAULT/$MMX_MASK"
+ for chain in custom connected dynamic; do
+ mwan3_push_update -A "mwan3_iface_in_$1" \
+ -i "$2" \
+ -m set --match-set mwan3_${chain}_${family} src \
+ -m mark --mark "0x0/$MMX_MASK" \
+ -m comment --comment "default" \
+ -j MARK --set-xmark "$MMX_DEFAULT/$MMX_MASK"
+ done
mwan3_push_update -A "mwan3_iface_in_$1" \
-i "$2" \
-m mark --mark "0x0/$MMX_MASK" \
mwan3_set_sticky_iptables()
{
+ local rule="${1}"
+ local interface="${2}"
+ local ipv="${3}"
+ local policy="${4}"
+
local id iface
for iface in $(echo "$current" | grep "^-A $policy" | cut -s -d'"' -f2 | awk '{print $1}'); do
- if [ "$iface" = "$1" ]; then
+ if [ "$iface" = "$interface" ]; then
- mwan3_get_iface_id id "$1"
+ mwan3_get_iface_id id "$iface"
[ -n "$id" ] || return 0
- if [ -z "${current##*-N mwan3_iface_in_$1$'\n'*}" ]; then
+ if [ -z "${current##*-N mwan3_iface_in_${iface}$'\n'*}" ]; then
mwan3_push_update -I "mwan3_rule_$rule" \
-m mark --mark "$(mwan3_id2mask id MMX_MASK)/$MMX_MASK" \
- -m set ! --match-set "mwan3_sticky_$rule" src,src \
+ -m set ! --match-set "mwan3_sticky_${ipv}_${rule}" src,src \
-j MARK --set-xmark "0x0/$MMX_MASK"
mwan3_push_update -I "mwan3_rule_$rule" \
-m mark --mark "0/$MMX_MASK" \
local error
local update=""
- mwan3_push_update -! create "mwan3_sticky_v4_$rule" \
+ mwan3_push_update -! create "mwan3_sticky_ipv4_$rule" \
hash:ip,mark markmask "$mmx" \
timeout "$timeout"
[ $NO_IPV6 -eq 0 ] &&
- mwan3_push_update -! create "mwan3_sticky_v6_$rule" \
+ mwan3_push_update -! create "mwan3_sticky_ipv6_$rule" \
hash:ip,mark markmask "$mmx" \
timeout "$timeout" family inet6
- mwan3_push_update -! create "mwan3_sticky_$rule" list:set
-
- mwan3_push_update -! add "mwan3_sticky_$rule" "mwan3_sticky_v4_$rule"
- [ $NO_IPV6 -eq 0 ] &&
- mwan3_push_update -! add "mwan3_sticky_$rule" "mwan3_sticky_v6_$rule"
-
error=$(echo "$update" | $IPS restore 2>&1) || LOG error "set_sticky_ipset_${rule}: $error"
}
fi
mwan3_push_update -F "mwan3_rule_$1"
- config_foreach mwan3_set_sticky_iptables interface $ipv
+ config_foreach mwan3_set_sticky_iptables interface $ipv "$policy"
mwan3_push_update -A "mwan3_rule_$1" \
-j "$policy"
mwan3_push_update -A "mwan3_rule_$1" \
-m mark ! --mark 0xfc00/0xfc00 \
- -j SET --del-set "mwan3_sticky_$rule" src,src
+ -j SET --del-set "mwan3_sticky_${ipv}_${rule}" src,src
mwan3_push_update -A "mwan3_rule_$1" \
-m mark ! --mark 0xfc00/0xfc00 \
- -j SET --add-set "mwan3_sticky_$rule" src,src
+ -j SET --add-set "mwan3_sticky_${ipv}_${rule}" src,src
policy="mwan3_rule_$1"
fi
if [ "$global_logging" = "1" ] && [ "$rule_logging" = "1" ]; then
mwan3_report_connected_v4()
{
- if [ -n "$($IPT4 -S mwan3_connected 2> /dev/null)" ]; then
- $IPS -o save list mwan3_connected_v4 | grep add | cut -d " " -f 3
+ if [ -n "$($IPT4 -S mwan3_connected_ipv4 2> /dev/null)" ]; then
+ $IPS -o save list mwan3_connected_ipv4 | grep add | cut -d " " -f 3
fi
}
mwan3_report_connected_v6()
{
- if [ -n "$($IPT6 -S mwan3_connected 2> /dev/null)" ]; then
- $IPS -o save list mwan3_connected_v6 | grep add | cut -d " " -f 3
+ if [ -n "$($IPT6 -S mwan3_connected_ipv6 2> /dev/null)" ]; then
+ $IPS -o save list mwan3_connected_ipv6 | grep add | cut -d " " -f 3
fi
}
projects / feed / packages.git / commitdiff