| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
|
|
| |
Replace all `==` with `=`.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
| |
This suppress the following output on `mwan3 restart`:
> Dump terminated
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
| |
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add an option for adding rules based on source interface.
The default 0.0.0.0/0 src and destination ip addresses has been removed. It is unclear
how the 'any' family of rules would have worked, as it appears each rule always required an
ipv4 or ipv6 address src and destination address. With this change, the any family will work
again.
I also cleaned up a bunch of repeated code around adding the iptables rules for
ipv4/ipv6/any in making the change.
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
|
| |
|
|
| |
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
|
| |
|
|
| |
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
|
| |
|
|
| |
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
|
| |
|
|
|
|
|
| |
The variable IPT is not valid at this point. Set the variable usage to IPT4
fixes this issue.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
|
|
| |
With this change it is now possible to combine interface action events.
If an interface action is generated by netifd or mwan3 for example ifup,
ifdown, connectd or disconnected and this action is configured in the inteface
uci section, then the conntrack table is flushed by mwan3.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
|
| |
This bug was introduced since dd206b7d0bc4a7de739b6dbccbac5b5ffcae9024
mwan3_remon_ipv4 and mwan3_remon_ipv6 is command to run not a variable
I add some comments on them hopefully people will notice it
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
|
| |
|
|
| |
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
| |
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
| |
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
| |
This is not necessary.
This reverts commit be91e71805116ac1fd852a1ac0480737538d0b04.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we set the option "local_source" in the globals mwan3 section to "none",
traffic generated by the router it self will always use the default route from
the wan interface with the lowest metric. If this interface is down
the router traffic still uses the connection with the lowest metric but
this is disconnected. Load balancing and failover from the lan site is
still possible. Only router generated traffic is not load balanced and
could not use failover.
To solve this issue with router initiated traffic add the additional
option "online_metric" to the mwan3 interface section.
If the interface is connected then this lower "online metric" is set in the
default routing table.
With this change we have at least a failover with router initiated
traffic.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
|
|
| |
During runntime of mwan3 we could add dynamicly networks to this ipset
which would then treated as connected networks by mwan3.
This is also usefull for ipsec.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
With the list param "rt_table_lookup" in the mwan3 section globals,
it is now possible to add a additional routing table numbers which would get
also parsed and will be added to the connected network.
So mwan3 will treat them as they are directly connected to this device.
This could be usefull if we use ipsec.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
| |
The IPv6 egrep regex is confusing and hard to maintain.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
| |
This change should optimize and speed up the status output generation.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
| |
The generation for reporting the policies uses the same code add a
common function to reduce duplication.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
| |
Prettify and cleanup source
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
| |
This is now the same route as in the main table.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
| |
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
- The original copy process is to delete all routing tables first,
then add new routing table. This process is too slow and very dirty.
- We use grep to identify the changes and apply them.
- ignore ipv6 unreachable routes
- update version number
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
|
| |
|
|
| |
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
- globals src_ip to none
- ip route back to source
- add mwan3rtmon
- update version to 2.7
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
|
| |
|
|
| |
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
| |
Remove unnecessary logging if mwan3track pid is not found
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
|
|
| |
The IPsec ip route table has the default number 220.
If mwan3 has more then 7 bits set (124 interfaces) then if mwan3 down is
executed the table is also cleared. To solve this set default max 7
bits in the mmx_mask for mwan3.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We need always three of the firewall mask value for
* default routing table
* blackhole
* unreachable
the other will be used for the interfaces.
* If we have set the mmx_mask to max 0xFF00 (8 bit set) we could use max 252
interfaces.
* If we have set the mmx_mask to min 0x0E00 (3 bit set) we could use max 4
interfaces.
Only the ones are counting from the firewall mask value.
Minimal three firewall mask bit vaules must be set.
Maximal eight firewall mask bit vaules could be set.
Table overview mmx_mask value bits vs. max interfaces
mmx_mask value bits set 1 -> not usefull
mmx_mask value bits set 2 -> not usefull
mmx_mask value bits set 3 -> 4 Interfaces (mask example 0x0E)
mmx_mask value bits set 4 -> 12 Interfaces
mmx_mask value bits set 5 -> 28 Interfaces
mmx_mask value bits set 6 -> 60 Interfaces
mmx_mask value bits set 7 -> 124 Interfaces
mmx_mask value bits set 8 -> 252 Interfaces (mask example 0xFF)
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
| |
Remove unused local variables
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
| |
Move all shell commands which are executed during /lib/mwan3/mwan3.sh
sourceing into a seperate init function which must be called at first.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
|
| |
In some situation it is not enough to send a SIGTERM to mwan3track to
ask service to stop accurate. If this does not work send him a SIGKILL
to prevent mwan3track running more then once per interface.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
|
| |
If metric of member interface is bigger then 256, it is not
appended to policy, now at least warn message is printed into
syslog
Signed-off-by: Jakub Janco <kubco2@gmail.com>
|
| |
|
|
|
|
|
|
| |
If the date is changed by ntp the age value of mwan3 on ubus could jitter.
Use instead the uptime value from /proc/uptime which will not change during
system run.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
| |
Interfaces may be managed by 3rd-party scripts, thus src_ip may not be
always available in uci.
Signed-off-by: David Yang <mmyangfl@gmail.com>
|
| |
|
|
|
|
|
|
| |
Interfaces of some PtP protocols do not have a real gateway. In that
case ubus may fill them with '0.0.0.0' or even leave it blank. This
will cause error when adding new routing rule.
Signed-off-by: David Yang <mmyangfl@gmail.com>
|
| |
|
|
| |
Signed-off-by: David Yang <mmyangfl@gmail.com>
|
| |
|
|
| |
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit fixed what 6d99b602 was supposed to fix without affecting
interface-bound traffic.
Before 6d99b602 interface-bound traffic was working normally as long
as at least one interface was online. However when the last interface
went offline, it was impossible to ping and such state was
unrecoverable.
Commit 6d99b602 fixed unrecoverable offline state problem (it was
possible to ping -I iface) but messed inteface-bound traffic. Traffic
with interface source address was not working if the interface was in
"offline" state, even if another interface was online.
The problem was caused by an inconsistent "offline" interface state:
iptables-related rules were kept while routing table and policy were
deleted.
The idea behind this commit is to:
1. Keep all the rules for each interface (iptables, routing table,
policy) regardless of its state. This ensures consistency,
2. Make interface state hotplug events affect only iptables'
mwan3_policy_* rules. Interface-related iptables, routing table
and policy is removed only when mwan3 is manually stopped.
To make such changes possible, it's necessary to change the way
mwan3_policy_* rule generator keeps track of interface state hotplug
events.
Until now, it checked for the existence of custom interface-related
routing table (table id 1, 2, 3, ...). Clearly we can no longer rely
on that so each interface state is stored explicitly in file.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
|
| |
|
|
|
|
| |
Add new global config option mmx_mask.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add new interface config option "inital_state".
If interface comeing up the first time(mwan3 start, boot),
there are now two option for interface behaviour:
- online (default as is now)
Set up interface regardless wether tracking ip are reachable or not.
- offline
Set up interface first to ping tracking ip and if they are reachable set up
the interface completely.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
| |
This is usefull to see the last state of the interface with ubus.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
|
|
| |
If two interface have the same prefix "wan" for example "wan" and "wan1"
pgrep returns the PID for wan1 also "pgrep -f mwan3track wan".
Before this fix "wan1" was also killed! This is not what we want.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
| |
Update log output macro to show PID during logging
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
| |
Signed-off-by: Lars Schumann <larsi.org@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Adds support for interface tracking using either ping, arping or
httping. This allows to track interface status on networks with filtered
ICMP traffic or simply to monitor data link layer etc.
To facilitate binding to a specified interface its IP address is passed
as a new mwan3track parameter. It's currently required by httping
and possibly by other tools that may be added in the future.
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
|
| |
|
|
| |
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
|
|
|
| |
If more then one interface get up/down at once mwan3 could be in a
undefined state, because more then one mwan3 hotplug script are running
and editing the iptables.
Lock the critical section should solve this issue.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
| |
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|