From eefc65b014c35441df73b17a8a3ff9c898d9628a Mon Sep 17 00:00:00 2001 From: Florian Eckert Date: Fri, 17 Mar 2017 11:06:24 +0100 Subject: [PATCH 1/8] net/mwan3: fix hotplug on ACTION ifdown On dynamic interface proto (dhcp/pppoe) the hotplug will not execude (exit 9) because the gateway is already released. The check will now only be made on a ifup ACTION event. Signed-off-by: Florian Eckert (cherry picked from commit 28c8b664e471df9adbba5f2b8598b4e95ae36f4b) --- net/mwan3/files/etc/hotplug.d/iface/15-mwan3 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 b/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 index 86e60e133..045a481c8 100644 --- a/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 +++ b/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 @@ -30,7 +30,9 @@ elif [ "$family" == "ipv6" ]; then network_get_gateway6 gateway $INTERFACE fi -[ -n "$gateway" ] || exit 9 +if [ "$ACTION" == "ifup" ]; then + [ -n "$gateway" ] || exit 9 +fi $LOG notice "$ACTION interface $INTERFACE (${DEVICE:-unknown})" From 8a111b5b27a654513dba2e16015c629f6188dc2c Mon Sep 17 00:00:00 2001 From: Florian Eckert Date: Thu, 6 Apr 2017 16:36:46 +0200 Subject: [PATCH 2/8] net/mwan3: mwan3track interrupt sleep on signal (trap) event Sleep will be aborted if a signal is send to this process. Signed-off-by: Florian Eckert (cherry picked from commit 7e80e83dfdbfd1408244399ef6af580fff218d4f) --- net/mwan3/files/usr/sbin/mwan3track | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/mwan3/files/usr/sbin/mwan3track b/net/mwan3/files/usr/sbin/mwan3track index 35f97fe0d..326d8ab52 100755 --- a/net/mwan3/files/usr/sbin/mwan3track +++ b/net/mwan3/files/usr/sbin/mwan3track @@ -59,7 +59,8 @@ while true; do fi host_up_count=0 - sleep $6 + sleep $6 & + wait done exit 1 From 70d96f5dcc203088a16b884c3ccf00b0bf5b492e Mon Sep 17 00:00:00 2001 From: Florian Eckert Date: Thu, 27 Apr 2017 09:22:27 +0200 Subject: [PATCH 3/8] net/mwan3: add connected network regardless of mwan3 interface enable state If netifd set an interface up/down which is not tracked by mwan3 the connected network of that interface should regardless be added/removed to the mwan3_connected ipset. Signed-off-by: Florian Eckert (cherry picked from commit f94975b71fc80912dd84feb845c2d86aeb82e7b1) --- net/mwan3/files/etc/hotplug.d/iface/15-mwan3 | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 b/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 index 045a481c8..51bba594f 100644 --- a/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 +++ b/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 @@ -4,11 +4,6 @@ . /lib/functions/network.sh . /lib/mwan3/mwan3.sh -config_load mwan3 - -config_get enabled $INTERFACE enabled 0 -[ "$enabled" == "1" ] || exit 0 - [ "$ACTION" == "ifup" -o "$ACTION" == "ifdown" ] || exit 1 [ -n "$INTERFACE" ] || exit 2 @@ -22,6 +17,12 @@ fi [ -x /usr/sbin/ip6tables ] || exit 7 [ -x /usr/bin/logger ] || exit 8 +mwan3_set_connected_iptables + +config_load mwan3 +config_get enabled $INTERFACE enabled 0 +[ "$enabled" == "1" ] || exit 0 + config_get family $INTERFACE family ipv4 if [ "$family" == "ipv4" ]; then @@ -36,8 +37,6 @@ fi $LOG notice "$ACTION interface $INTERFACE (${DEVICE:-unknown})" -mwan3_set_connected_iptables - case "$ACTION" in ifup) mwan3_set_general_rules From 822bc96b7cb972e07e92647f11dfe01579d67ed7 Mon Sep 17 00:00:00 2001 From: Florian Eckert Date: Thu, 22 Jun 2017 11:48:01 +0200 Subject: [PATCH 4/8] net/mwan3: add lock for mwan3 hotplug script If more then one interface get up/down at once mwan3 could be in a undefined state, because more then one mwan3 hotplug script are running and editing the iptables. Lock the critical section should solve this issue. Signed-off-by: Florian Eckert (cherry picked from commit b6e9debc1b97f9e4be70fb51404831ed870d844a) --- net/mwan3/files/etc/hotplug.d/iface/15-mwan3 | 3 +++ net/mwan3/files/lib/mwan3/mwan3.sh | 8 ++++++++ 2 files changed, 11 insertions(+) diff --git a/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 b/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 index 51bba594f..ae18f529f 100644 --- a/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 +++ b/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 @@ -35,6 +35,7 @@ if [ "$ACTION" == "ifup" ]; then [ -n "$gateway" ] || exit 9 fi +mwan3_lock $LOG notice "$ACTION interface $INTERFACE (${DEVICE:-unknown})" case "$ACTION" in @@ -58,4 +59,6 @@ case "$ACTION" in ;; esac +mwan3_unlock + exit 0 diff --git a/net/mwan3/files/lib/mwan3/mwan3.sh b/net/mwan3/files/lib/mwan3/mwan3.sh index 1e1de969f..eae69b729 100644 --- a/net/mwan3/files/lib/mwan3/mwan3.sh +++ b/net/mwan3/files/lib/mwan3/mwan3.sh @@ -7,6 +7,14 @@ IPT4="/usr/sbin/iptables -t mangle -w" IPT6="/usr/sbin/ip6tables -t mangle -w" LOG="/usr/bin/logger -t mwan3 -p" +mwan3_lock() { + lock /var/run/mwan3.lock +} + +mwan3_unlock() { + lock -u /var/run/mwan3.lock +} + mwan3_get_iface_id() { local _tmp _iface _iface_count From 94a52336193943b4385322fc74216d52a844c620 Mon Sep 17 00:00:00 2001 From: Florian Eckert Date: Wed, 2 Aug 2017 14:53:18 +0200 Subject: [PATCH 5/8] net/mwan3: fix ipset generation in hotplug script with an lock Fix critical section during hotplug events. Signed-off-by: Florian Eckert (cherry picked from commit a4fbc7eba670c2622c47ee9fe3d60d89909ea559) --- net/mwan3/files/etc/hotplug.d/iface/15-mwan3 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 b/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 index ae18f529f..6be154ca9 100644 --- a/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 +++ b/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 @@ -17,7 +17,9 @@ fi [ -x /usr/sbin/ip6tables ] || exit 7 [ -x /usr/bin/logger ] || exit 8 +mwan3_lock mwan3_set_connected_iptables +mwan3_unlock config_load mwan3 config_get enabled $INTERFACE enabled 0 From 282e90014e936ed1db527608e6ac4904a895b1ab Mon Sep 17 00:00:00 2001 From: Florian Eckert Date: Mon, 31 Jul 2017 12:04:18 +0200 Subject: [PATCH 6/8] net/mwan3: fix ping issue if last interface recovers from failure Even though error was fixed the interface checks still fails, if last_resort was set to blackhole or unreachable. To fix this issue do not remove failure interface from iptables change on down event. Reported-by: Colby Whitney Signed-off-by: Florian Eckert (cherry picked from commit 6d99b602fd3425df7b9a3f8d583a2092bb5e1b94) --- net/mwan3/files/etc/hotplug.d/iface/15-mwan3 | 1 - net/mwan3/files/usr/sbin/mwan3 | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 b/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 index 6be154ca9..0e4c8ee38 100644 --- a/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 +++ b/net/mwan3/files/etc/hotplug.d/iface/15-mwan3 @@ -53,7 +53,6 @@ case "$ACTION" in ;; ifdown) mwan3_delete_iface_rules $INTERFACE - mwan3_delete_iface_iptables $INTERFACE mwan3_delete_iface_route $INTERFACE mwan3_delete_iface_ipset_entries $INTERFACE mwan3_set_policies_iptables diff --git a/net/mwan3/files/usr/sbin/mwan3 b/net/mwan3/files/usr/sbin/mwan3 index 405cd43f3..b13067a04 100755 --- a/net/mwan3/files/usr/sbin/mwan3 +++ b/net/mwan3/files/usr/sbin/mwan3 @@ -46,6 +46,7 @@ ifdown() kill $(cat /var/run/mwan3track-$1.pid) rm /var/run/mwan3track-$1.pid fi + mwan3_delete_iface_iptables $1 } ifup() From a3c78648cbe6bccef70338cec95f36404d2787ef Mon Sep 17 00:00:00 2001 From: Florian Eckert Date: Thu, 17 Aug 2017 11:57:17 +0200 Subject: [PATCH 7/8] net/mwan3: remove lock file on mwan3 stop Signed-off-by: Florian Eckert (cherry picked from commit 5e123852bc2fc6970e9502ca01a697b2fb394e23) --- net/mwan3/files/lib/mwan3/mwan3.sh | 4 ++++ net/mwan3/files/usr/sbin/mwan3 | 2 ++ 2 files changed, 6 insertions(+) diff --git a/net/mwan3/files/lib/mwan3/mwan3.sh b/net/mwan3/files/lib/mwan3/mwan3.sh index eae69b729..2bba6f9a3 100644 --- a/net/mwan3/files/lib/mwan3/mwan3.sh +++ b/net/mwan3/files/lib/mwan3/mwan3.sh @@ -15,6 +15,10 @@ mwan3_unlock() { lock -u /var/run/mwan3.lock } +mwan3_lock_clean() { + rm -rf /var/run/mwan3.lock +} + mwan3_get_iface_id() { local _tmp _iface _iface_count diff --git a/net/mwan3/files/usr/sbin/mwan3 b/net/mwan3/files/usr/sbin/mwan3 index b13067a04..b3285b6f6 100755 --- a/net/mwan3/files/usr/sbin/mwan3 +++ b/net/mwan3/files/usr/sbin/mwan3 @@ -164,6 +164,8 @@ stop() for ipset in $($IPS -n list | grep mwan3 | grep -E '_v4|_v6'); do $IPS -q destroy $ipset done + + mwan3_lock_clean } restart() { From fe233e3596fc81b64aff3e061397c63385706c25 Mon Sep 17 00:00:00 2001 From: Florian Eckert Date: Fri, 18 Aug 2017 08:54:13 +0200 Subject: [PATCH 8/8] net/mwan3: update Makefile - Update version - Update maintainer to me Signed-off-by: Florian Eckert --- net/mwan3/Makefile | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/net/mwan3/Makefile b/net/mwan3/Makefile index 01f9e07f6..5387cd9df 100644 --- a/net/mwan3/Makefile +++ b/net/mwan3/Makefile @@ -8,9 +8,9 @@ include $(TOPDIR)/rules.mk PKG_NAME:=mwan3 -PKG_VERSION:=2.0 -PKG_RELEASE:=3 -PKG_MAINTAINER:=Jeroen Louwes +PKG_VERSION:=2.0.1 +PKG_RELEASE:=1 +PKG_MAINTAINER:=Florian Eckert PKG_LICENSE:=GPLv2 include $(INCLUDE_DIR)/package.mk @@ -21,7 +21,6 @@ define Package/mwan3 SUBMENU:=Routing and Redirection DEPENDS:=+ip +ipset +iptables +iptables-mod-conntrack-extra +iptables-mod-ipopt TITLE:=Multiwan hotplug script with connection tracking support - MAINTAINER:=Jeroen Louwes PKGARCH:=all endef