mwan3: update to version 2.0-1

Fix issue with sticky sessions not working correctly
Fix issue where user created ipsets were not applied

Signed-off-by: Jeroen Louwes <redacted>

diff --git a/net/mwan3/Makefile b/net/mwan3/Makefile
index 67e3d16bd8e046707f14c49982fb483ef8fca9d4..028ffa59bc9ea9032107eb2201efb1093a9b1823 100644 (file)
--- a/net/mwan3/Makefile
+++ b/net/mwan3/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mwan3
 PKG_VERSION:=2.0
-PKG_RELEASE:=0
+PKG_RELEASE:=1
 PKG_MAINTAINER:=Jeroen Louwes <jeroen.louwes@gmail.com>
 PKG_LICENSE:=GPLv2
 

diff --git a/net/mwan3/files/etc/config/mwan3 b/net/mwan3/files/etc/config/mwan3
index 06118f70c8c123b66337b0245e4e5387f0166ce8..0ebe38d2d4b5be962fb5b3dd3604bb3518906fbb 100644 (file)
--- a/net/mwan3/files/etc/config/mwan3
+++ b/net/mwan3/files/etc/config/mwan3
@@ -1,60 +1,21 @@
 
-config interface 'wan1'
+config interface 'wan'
        option enabled '1'
        list track_ip '8.8.4.4'
-       option reliability '1'
-       option count '1'
-       option timeout '2'
-       option interval '5'
-       option down '3'
-       option up '8'
-
-config interface 'wan2'
-       option enabled '1'
        list track_ip '8.8.8.8'
-       option reliability '1'
-       option count '1'
-       option timeout '2'
-       option interval '5'
-       option down '3'
-       option up '8'
-
-config interface 'wan3'
-       option enabled '1'
        list track_ip '208.67.222.222'
-       option reliability '1'
+       list track_ip '208.67.220.220'
+       option reliability '2'
        option count '1'
        option timeout '2'
        option interval '5'
        option down '3'
        option up '8'
 
-config interface 'wan1_v6'
-       option family 'ipv6'
-       option enabled '1'
-       list track_ip '2001:7b8:1::2'
-       option reliability '1'
-       option count '1'
-       option timeout '2'
-       option interval '5'
-       option down '3'
-       option up '8'
-
-config interface 'wan2_v6'
-       option family 'ipv6'
-       option enabled '1'
-       list track_ip '2001:7b8:2::2'
-       option reliability '1'
-       option count '1'
-       option timeout '2'
-       option interval '5'
-       option down '3'
-       option up '8'
-
-config interface 'wan3_v6'
-       option family 'ipv6'
-       option enabled '1'
-       list track_ip '2001:7b8:3::2'
+config interface 'wan2'
+       option enabled '0'
+       list track_ip '8.8.8.8'
+       list track_ip '208.67.220.220'
        option reliability '1'
        option count '1'
        option timeout '2'
@@ -62,88 +23,51 @@ config interface 'wan3_v6'
        option down '3'
        option up '8'
 
-config member 'wan1_m1_w1'
-       option interface 'wan1'
+config member 'wan_m1_w3'
+       option interface 'wan'
        option metric '1'
-       option weight '1'
+       option weight '3'
 
-config member 'wan2_m1_w1'
-       option interface 'wan2'
-       option metric '1'
-       option weight '1'
+config member 'wan_m2_w3'
+       option interface 'wan'
+       option metric '2'
+       option weight '3'
 
-config member 'wan3_m1_w1'
-       option interface 'wan3'
-       option metric '1'
-       option weight '1'
-
-config member 'wan1_v6_m1_w1'
-       option interface 'wan1_v6'
-       option metric '1'
-       option weight '1'
-
-config member 'wan2_v6_m1_w1'
-       option interface 'wan2_v6'
+config member 'wan2_m1_w2'
+       option interface 'wan2'
        option metric '1'
-       option weight '1'
+       option weight '2'
 
-config member 'wan3_v6_m1_w1'
-       option interface 'wan3_v6'
-       option metric '1'
-       option weight '1'
+config member 'wan2_m2_w2'
+       option interface 'wan2'
+       option metric '2'
+       option weight '2'
 
-config policy 'wan1_only'
-       list use_member 'wan1_m1_w1'
+config policy 'wan_only'
+       list use_member 'wan_m1_w3'
 
 config policy 'wan2_only'
-       list use_member 'wan2_m1_w1'
+       list use_member 'wan2_m1_w2'
 
-config policy 'wan3_only'
-       list use_member 'wan3_m1_w1'
-
-config policy 'wan1_v6_only'
-       list use_member 'wan1_v6_m1_w1'
-
-config policy 'wan2_v6_only'
-       list use_member 'wan2_v6_m1_w1'
+config policy 'balanced'
+       list use_member 'wan_m1_w3'
+       list use_member 'wan2_m1_w2'
 
-config policy 'wan3_v6_only'
-       list use_member 'wan3_v6_m1_w1'
+config policy 'wan_wan2'
+       list use_member 'wan_m1_w3'
+       list use_member 'wan2_m2_w2'
 
-config policy 'balanced'
-       list use_member 'wan1_m1_w1'
-       list use_member 'wan2_m1_w1'
-       list use_member 'wan3_m1_w1'
-       list use_member 'wan1_v6_m1_w1'
-       list use_member 'wan2_v6_m1_w1'
-       list use_member 'wan3_v6_m1_w1'
+config policy 'wan2_wan'
+       list use_member 'wan_m2_w3'
+       list use_member 'wan2_m1_w2'
 
 config rule 'https'
-       option src_ip '2001:3::/64'
+       option sticky '1'
        option dest_port '443'
        option proto 'tcp'
        option use_policy 'balanced'
 
-config rule 'https2'
-       option dest_port '19443'
-       option proto 'tcp'
-       option use_policy 'balanced'
-       option sticky '1'
-
-config rule 'igs'
-       option proto 'icmp'
-       option family 'ipv4'
-       option sticky '1'
-       option ipset 'google'
-       option use_policy 'balanced'
-
-config rule 'i6gs'
-       option proto 'icmpv6'
-       option family 'ipv6'
-       option sticky '1'
-       option ipset 'google'
-       option use_policy 'balanced'
-
 config rule 'default_rule'
+       option dest_ip '0.0.0.0/0'
        option use_policy 'balanced'
 

diff --git a/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 b/net/mwan3/files/etc/hotplug.d/iface/15-mwan3
index af2fa115c149f3b4ee4df7cfa43d5f8aad59357a..64aaae7e7b7764222b1c3267f4759fecc5b6445e 100644 (file)
--- a/net/mwan3/files/etc/hotplug.d/iface/15-mwan3
+++ b/net/mwan3/files/etc/hotplug.d/iface/15-mwan3
@@ -1,5 +1,14 @@
 #!/bin/sh
 
+. /lib/functions.sh
+. /lib/functions/network.sh
+. /lib/mwan3/mwan3.sh
+
+config_load mwan3
+
+config_get enabled $INTERFACE enabled 0
+[ "$enabled" == "1" ] || exit 0
+
 [ "$ACTION" == "ifup" -o "$ACTION" == "ifdown" ] || exit 1
 [ -n "$INTERFACE" ] || exit 2
 
@@ -13,14 +22,17 @@ fi
 [ -x /usr/sbin/ip6tables ] || exit 7
 [ -x /usr/bin/logger ] || exit 8
 
-. /lib/functions.sh
-. /lib/functions/network.sh
-. /lib/mwan3/mwan3.sh
+local family gateway
 
-config_load mwan3
+config_get family $INTERFACE family ipv4
 
-config_get enabled $INTERFACE enabled 0
-[ "$enabled" == "1" ] || exit 0
+if [ "$family" == "ipv4" ]; then
+       network_get_gateway gateway $INTERFACE
+elif [ "$family" == "ipv6" ]; then
+       network_get_gateway6 gateway $INTERFACE
+fi
+
+[ -n "$gateway" ] || exit 9
 
 $LOG notice "$ACTION interface $INTERFACE (${DEVICE:-unknown})"
 
@@ -34,6 +46,7 @@ case "$ACTION" in
                mwan3_create_iface_iptables $INTERFACE $DEVICE
                mwan3_create_iface_route $INTERFACE $DEVICE
                mwan3_track $INTERFACE $DEVICE
+               mwan3_set_policies_iptables
                mwan3_set_user_rules
        ;;
        ifdown)
@@ -41,9 +54,9 @@ case "$ACTION" in
                mwan3_delete_iface_iptables $INTERFACE
                mwan3_delete_iface_route $INTERFACE
                mwan3_delete_iface_ipset_entries $INTERFACE
+               mwan3_set_policies_iptables
+               mwan3_set_user_rules
        ;;
 esac
 
-config_foreach mwan3_create_policies_iptables policy
-
 exit 0

diff --git a/net/mwan3/files/lib/mwan3/mwan3.sh b/net/mwan3/files/lib/mwan3/mwan3.sh
index 6fe2479db783b5f1789763896befaacdb58184e6..dab1fbd4d01f0b8daea57d4769fa900058f3c9d2 100644 (file)
--- a/net/mwan3/files/lib/mwan3/mwan3.sh
+++ b/net/mwan3/files/lib/mwan3/mwan3.sh
@@ -512,24 +512,35 @@ mwan3_create_policies_iptables()
        config_list_foreach $1 use_member mwan3_set_policy
 }
 
+mwan3_set_policies_iptables()
+{
+       config_foreach mwan3_create_policies_iptables policy
+}
+
 mwan3_set_sticky_iptables()
 {
-       local id
+       local id iface
 
-       mwan3_get_iface_id id $1
+       for iface in $($IPT4 -S $policy | cut -s -d'"' -f2 | awk '{print $1}'); do
 
-       [ -n "$id" ] || return 0
+               if [ "$iface" == "$1" ]; then
 
-       $IPS -! create mwan3_sticky_v4_$rule hash:ip,mark markmask 0xff00 timeout $timeout
-       $IPS -! create mwan3_sticky_v6_$rule hash:ip,mark markmask 0xff00 timeout $timeout family inet6
-       $IPS -! create mwan3_sticky_$rule list:set
-       $IPS -! add mwan3_sticky_$rule mwan3_sticky_v4_$rule
-       $IPS -! add mwan3_sticky_$rule mwan3_sticky_v6_$rule
+                       mwan3_get_iface_id id $1
 
-       for IPT in "$IPT4" "$IPT6"; do
-               if [ -n "$($IPT -S mwan3_iface_$1 2> /dev/null)" ]; then
-                       $IPT -I mwan3_rule_$rule -m set ! --match-set mwan3_sticky_$rule src,src -j MARK --set-xmark 0x0/0xff00
-                       $IPT -I mwan3_rule_$rule -m mark --mark 0/0xff00 -j MARK --set-xmark $(($id*256))/0xff00
+                       [ -n "$id" ] || return 0
+
+                       $IPS -! create mwan3_sticky_v4_$rule hash:ip,mark markmask 0xff00 timeout $timeout
+                       $IPS -! create mwan3_sticky_v6_$rule hash:ip,mark markmask 0xff00 timeout $timeout family inet6
+                       $IPS -! create mwan3_sticky_$rule list:set
+                       $IPS -! add mwan3_sticky_$rule mwan3_sticky_v4_$rule
+                       $IPS -! add mwan3_sticky_$rule mwan3_sticky_v6_$rule
+
+                       for IPT in "$IPT4" "$IPT6"; do
+                               if [ -n "$($IPT -S mwan3_iface_in_$1 2> /dev/null)" -a -n "$($IPT -S mwan3_iface_out_$1 2> /dev/null)" ]; then
+                                       $IPT -I mwan3_rule_$rule -m mark --mark $(($id*256))/0xff00 -m set ! --match-set mwan3_sticky_$rule src,src -j MARK --set-xmark 0x0/0xff00
+                                       $IPT -I mwan3_rule_$rule -m mark --mark 0/0xff00 -j MARK --set-xmark $(($id*256))/0xff00
+                               fi
+                       done
                fi
        done
 }
@@ -556,14 +567,6 @@ mwan3_set_user_iptables_rule()
        fi
 
        if [ -n "$ipset" ]; then
-               if [ -z "$($IPS -n list $ipset 2> /dev/null)" ]; then
-                       $IPS create $ipset list:set
-                       $IPS create v4_$ipset hash:ip timeout 3600
-                       $IPS create v6_$ipset hash:ip timeout 3600 family inet6
-                       $IPS add $ipset v4_$ipset
-                       $IPS add $ipset v6_$ipset
-               fi
-
                ipset="-m set --match-set $ipset dst"
        fi
 
@@ -579,8 +582,6 @@ mwan3_set_user_iptables_rule()
 
                                policy="mwan3_policy_$use_policy"
 
-                               config_foreach mwan3_set_sticky_iptables interface
-
                                for IPT in "$IPT4" "$IPT6"; do
                                        if ! $IPT -S $policy &> /dev/null; then
                                                $IPT -N $policy
@@ -591,7 +592,11 @@ mwan3_set_user_iptables_rule()
                                        fi
 
                                        $IPT -F mwan3_rule_$1
+                               done
 
+                               config_foreach mwan3_set_sticky_iptables interface
+
+                               for IPT in "$IPT4" "$IPT6"; do
                                        $IPT -A mwan3_rule_$1 -m mark --mark 0/0xff00 -j $policy
                                        $IPT -A mwan3_rule_$1 -m mark ! --mark 0xfc00/0xfc00 -j SET --del-set mwan3_sticky_$rule src,src
                                        $IPT -A mwan3_rule_$1 -m mark ! --mark 0xfc00/0xfc00 -j SET --add-set mwan3_sticky_$rule src,src

diff --git a/net/mwan3/files/usr/sbin/mwan3 b/net/mwan3/files/usr/sbin/mwan3
index 26803aac10a8de2f7b2643fa87faddbef7dd1b33..824e17af81f0f8bcc0e0a6bce06c7b29c8c82f7c 100755 (executable)
--- a/net/mwan3/files/usr/sbin/mwan3
+++ b/net/mwan3/files/usr/sbin/mwan3
@@ -84,8 +84,10 @@ policies()
 {
        echo "Current ipv4 policies:"
        mwan3_report_policies_v4
+       echo -e
        echo "Current ipv6 policies:"
        mwan3_report_policies_v6
+       echo -e
 }
 
 connected()
@@ -154,8 +156,12 @@ stop()
                done
        done
 
-       for ipset in $($IPS -n list | sort | grep mwan3); do
-               $IPS destroy $ipset
+       for ipset in $($IPS -n list | grep mwan3_); do
+               $IPS -q destroy $ipset
+       done
+
+       for ipset in $($IPS -n list | grep mwan3 | grep -E '_v4|_v6'); do
+               $IPS -q destroy $ipset
        done
 }