6 [ "$1" == "$INTERFACE" ] && iface_id
=$iface_count
9 mwan3_set_general_iptables
()
11 if ! $IPT -S mwan3_ifaces
&> /dev
/null
; then
15 if ! $IPT -S mwan3_rules
&> /dev
/null
; then
19 if ! $IPT -S mwan3_connected
&> /dev
/null
; then
20 $IPT -N mwan3_connected
23 if ! $IPT -S mwan3_hook
&> /dev
/null
; then
25 $IPT -A mwan3_hook
-j CONNMARK
--restore-mark --nfmask 0xff00 --ctmask 0xff00
26 $IPT -A mwan3_hook
-m mark
--mark 0x0/0xff00 -j mwan3_ifaces
27 $IPT -A mwan3_hook
-m mark
--mark 0x0/0xff00 -j mwan3_connected
28 $IPT -A mwan3_hook
-m mark
--mark 0x0/0xff00 -j mwan3_rules
29 $IPT -A mwan3_hook
-j CONNMARK
--save-mark --nfmask 0xff00 --ctmask 0xff00
30 $IPT -A mwan3_hook
-m mark
! --mark 0xff00/0xff00 -j mwan3_connected
33 if ! $IPT -S mwan3_output_hook
&> /dev
/null
; then
34 $IPT -N mwan3_output_hook
37 if ! $IPT -S PREROUTING |
grep mwan3_hook
&> /dev
/null
; then
38 $IPT -A PREROUTING
-j mwan3_hook
41 if ! $IPT -S OUTPUT |
grep mwan3_hook
&> /dev
/null
; then
42 $IPT -A OUTPUT
-j mwan3_hook
45 if ! $IPT -S OUTPUT |
grep mwan3_output_hook
&> /dev
/null
; then
46 $IPT -A OUTPUT
-j mwan3_output_hook
52 mwan3_set_general_rules
()
54 if [ -z "$($IP rule list | awk '$1 == "2253:"')" ]; then
55 $IP rule add pref
2253 fwmark
0xfd00/0xff00 blackhole
58 if [ -z "$($IP rule list | awk '$1 == "2254:"')" ]; then
59 $IP rule add pref
2254 fwmark
0xfe00/0xff00 unreachable
63 mwan3_set_connected_iptables
()
65 local connected_networks
67 if $IPT -S mwan3_connected
&> /dev
/null
; then
68 $IPT -F mwan3_connected
70 for connected_networks
in $
($IP route |
awk '{print $1}' |
egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do
71 $IPT -A mwan3_connected
-d $connected_networks -j MARK
--set-xmark 0xff00/0xff00
74 for connected_networks
in $
($IP route list table
0 |
awk '{print $2}' |
egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}'); do
75 $IPT -A mwan3_connected
-d $connected_networks -j MARK
--set-xmark 0xff00/0xff00
78 $IPT -I mwan3_connected
-d 224.0.0.0/3 -j MARK
--set-xmark 0xff00/0xff00
79 $IPT -I mwan3_connected
-d 127.0.0.0/8 -j MARK
--set-xmark 0xff00/0xff00
83 mwan3_set_iface_iptables
()
85 local local_net local_nets
87 if ! $IPT -S mwan3_iface_
$INTERFACE &> /dev
/null
; then
88 $IPT -N mwan3_iface_
$INTERFACE
91 $IPT -F mwan3_iface_
$INTERFACE
92 $IPT -D mwan3_ifaces
-m mark
--mark 0x0/0xff00 -j mwan3_iface_
$INTERFACE &> /dev
/null
94 if [ $ACTION == "ifup" ]; then
95 local_nets
=$
($IP route list dev
$DEVICE scope link |
awk '{print $1}' |
egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}')
97 if [ -n "$local_nets" ]; then
98 for local_net
in $local_nets ; do
99 if [ $ACTION == "ifup" ]; then
100 $IPT -I mwan3_iface_
$INTERFACE -i $DEVICE -s $local_net -m mark
--mark 0x0/0xff00 -m comment
--comment "default" -j MARK
--set-xmark 0xff00/0xff00
105 $IPT -A mwan3_iface_
$INTERFACE -i $DEVICE -m mark
--mark 0x0/0xff00 -m comment
--comment "$INTERFACE" -j MARK
--set-xmark $
(($iface_id*256))/0xff00
106 $IPT -A mwan3_ifaces
-m mark
--mark 0x0/0xff00 -j mwan3_iface_
$INTERFACE
109 if [ $ACTION == "ifdown" ]; then
110 $IPT -X mwan3_iface_
$INTERFACE
114 mwan3_set_iface_route
()
116 $IP route flush table
$iface_id
117 [ $ACTION == "ifup" ] && $IP route add table
$iface_id default
$route_args
120 mwan3_set_iface_rules
()
122 while [ -n "$($IP rule list | awk '$1 == "'$(($iface_id+1000)):'"')" ]; do
123 $IP rule del pref $
(($iface_id+1000))
126 while [ -n "$($IP rule list | awk '$1 == "'$(($iface_id+2000)):'"')" ]; do
127 $IP rule del pref $
(($iface_id+2000))
130 [ $ACTION == "ifup" ] && $IP rule add pref $
(($iface_id+1000)) iif
$DEVICE lookup main
131 [ $ACTION == "ifup" ] && $IP rule add pref $
(($iface_id+2000)) fwmark $
(($iface_id*256))/0xff00 lookup
$iface_id
136 local track_ip track_ips reliability count timeout interval down up
138 mwan3_list_track_ips
()
140 track_ips
="$1 $track_ips"
142 config_list_foreach
$INTERFACE track_ip mwan3_list_track_ips
144 if [ -e /var
/run
/mwan3track-
$INTERFACE.pid
] ; then
145 kill $
(cat /var
/run
/mwan3track-
$INTERFACE.pid
) &> /dev
/null
146 rm /var
/run
/mwan3track-
$INTERFACE.pid
&> /dev
/null
149 if [ -n "$track_ips" ]; then
150 config_get reliability
$INTERFACE reliability
1
151 config_get count
$INTERFACE count
1
152 config_get timeout
$INTERFACE timeout
4
153 config_get interval
$INTERFACE interval
10
154 config_get down
$INTERFACE down
5
155 config_get up
$INTERFACE up
5
157 if ! $IPT -S mwan3_track_
$INTERFACE &> /dev
/null
; then
158 $IPT -N mwan3_track_
$INTERFACE
159 $IPT -A mwan3_output_hook
-p icmp
-m icmp
--icmp-type 8 -m length
--length 32 -j mwan3_track_
$INTERFACE
162 $IPT -F mwan3_track_
$INTERFACE
164 for track_ip
in $track_ips; do
165 $IPT -A mwan3_track_
$INTERFACE -d $track_ip -j MARK
--set-xmark 0xff00/0xff00
168 [ -x /usr
/sbin
/mwan3track
] && /usr
/sbin
/mwan3track
$INTERFACE $DEVICE $reliability $count $timeout $interval $down $up $track_ips &
170 $IPT -D mwan3_output_hook
-p icmp
-m icmp
--icmp-type 8 -m length
--length 32 -j mwan3_track_
$INTERFACE &> /dev
/null
171 $IPT -F mwan3_track_
$INTERFACE &> /dev
/null
172 $IPT -X mwan3_track_
$INTERFACE &> /dev
/null
178 local iface_count iface_id INTERFACE metric probability weight
180 config_get INTERFACE
$1 interface
181 config_get metric
$1 metric
1
182 config_get weight
$1 weight
1
184 [ -n "$INTERFACE" ] ||
return 0
186 config_foreach mwan3_get_iface_id interface
188 [ -n "$iface_id" ] ||
return 0
190 if $IPT -S mwan3_iface_
$INTERFACE &> /dev
/null
; then
191 if [ "$metric" -lt "$lowest_metric" ]; then
194 $IPT -F mwan3_policy_
$policy
195 $IPT -A mwan3_policy_
$policy -m mark
--mark 0x0/0xff00 -m comment
--comment "$INTERFACE $weight $weight" -j MARK
--set-xmark $
(($iface_id*256))/0xff00
197 lowest_metric
=$metric
199 elif [ "$metric" -eq "$lowest_metric" ]; then
201 total_weight
=$
(($total_weight+$weight))
202 probability
=$
(($weight*1000/$total_weight))
204 if [ "$probability" -lt 10 ]; then
205 probability
="0.00$probability"
206 elif [ $probability -lt 100 ]; then
207 probability
="0.0$probability"
208 elif [ $probability -lt 1000 ]; then
209 probability
="0.$probability"
214 probability
="-m statistic --mode random --probability $probability"
216 $IPT -I mwan3_policy_
$policy -m mark
--mark 0x0/0xff00 $probability -m comment
--comment "$INTERFACE $weight $total_weight" -j MARK
--set-xmark $
(($iface_id*256))/0xff00
221 mwan3_set_policies_iptables
()
223 local last_resort lowest_metric policy total_weight
227 config_get last_resort
$1 last_resort unreachable
229 if [ "$policy" != $
(echo "$policy" | cut
-c1-15) ]; then
230 $LOG warn
"Policy $policy exceeds max of 15 chars. Not setting policy" && return 0
233 if ! $IPT -S mwan3_policy_
$policy &> /dev
/null
; then
234 $IPT -N mwan3_policy_
$policy
237 $IPT -F mwan3_policy_
$policy
239 case "$last_resort" in
241 $IPT -A mwan3_policy_
$policy -m mark
--mark 0x0/0xff00 -m comment
--comment "blackhole" -j MARK
--set-xmark 0xfd00/0xff00
244 $IPT -A mwan3_policy_
$policy -m mark
--mark 0x0/0xff00 -m comment
--comment "default" -j MARK
--set-xmark 0xff00/0xff00
247 $IPT -A mwan3_policy_
$policy -m mark
--mark 0x0/0xff00 -m comment
--comment "unreachable" -j MARK
--set-xmark 0xfe00/0xff00
254 config_list_foreach
$policy use_member mwan3_set_policy
257 mwan3_set_user_rules_iptables
()
259 local proto src_ip src_port dest_ip dest_port use_policy
261 config_get proto
$1 proto all
262 config_get src_ip
$1 src_ip
0.0.0.0/0
263 config_get src_port
$1 src_port
0:65535
264 config_get dest_ip
$1 dest_ip
0.0.0.0/0
265 config_get dest_port
$1 dest_port
0:65535
266 config_get use_policy
$1 use_policy
268 if [ -n "$use_policy" ]; then
269 if [ "$use_policy" == "default" ]; then
270 use_policy
="MARK --set-xmark 0xff00/0xff00"
271 elif [ "$use_policy" == "unreachable" ]; then
272 use_policy
="MARK --set-xmark 0xfe00/0xff00"
273 elif [ "$use_policy" == "blackhole" ]; then
274 use_policy
="MARK --set-xmark 0xfd00/0xff00"
276 use_policy
="mwan3_policy_$use_policy"
281 $IPT -A mwan3_rules
-p $proto -s $src_ip -d $dest_ip -m multiport
--sports $src_port -m multiport
--dports $dest_port -m mark
--mark 0/0xff00 -m comment
--comment "$1" -j $use_policy &> /dev
/null
284 $IPT -A mwan3_rules
-p $proto -s $src_ip -d $dest_ip -m mark
--mark 0/0xff00 -m comment
--comment "$1" -j $use_policy &> /dev
/null
292 local counter enabled iface_count iface_id route_args wan_metric
295 config_foreach mwan3_get_iface_id interface
297 [ -n "$iface_id" ] ||
return 0
298 [ "$iface_count" -le 250 ] ||
return 0
301 config_get enabled
$INTERFACE enabled
0
305 if [ $ACTION == "ifup" ]; then
306 [ "$enabled" -eq 1 ] ||
return 0
308 while [ -z "$($IP route list dev $DEVICE default | head -1)" -a "$counter" -lt 10 ]; do
311 if [ "$counter" -ge 10 ]; then
312 $LOG warn
"Could not find gateway for interface $INTERFACE ($DEVICE)" && return 0
316 route_args
=$
($IP route list dev
$DEVICE default |
head -1 |
sed '/.*via \([^ ]*\) .*$/!d;s//via \1/;q' |
egrep '[0-9]{1,3}(\.[0-9]{1,3}){3}')
317 route_args
="nexthop $route_args dev $DEVICE"
320 while [ "$(pgrep -f -o hotplug-call)" -ne $$
-a "$counter" -lt 60 ]; do
323 if [ "$counter" -ge 60 ]; then
324 $LOG warn
"Timeout waiting for older hotplug processes to finish. $ACTION interface $INTERFACE (${DEVICE:-unknown}) aborted" && return 0
328 $LOG notice
"$ACTION interface $INTERFACE (${DEVICE:-unknown})"
330 mwan3_set_general_iptables
331 mwan3_set_general_rules
332 mwan3_set_iface_iptables
333 mwan3_set_iface_route
334 mwan3_set_iface_rules
336 [ $ACTION == "ifup" ] && mwan3_track
338 config_foreach mwan3_set_policies_iptables policy
339 config_foreach mwan3_set_user_rules_iptables rule
342 [ -n "$ACTION" ] ||
exit 0
343 [ -n "$INTERFACE" ] ||
exit 0
345 if [ $ACTION == "ifup" ]; then
346 [ -n "$DEVICE" ] ||
exit 0
352 IPT
="/usr/sbin/iptables -t mangle -w"
353 LOG
="/usr/bin/logger -t mwan3 -p"
358 mwan3_set_connected_iptables