mirror of
https://github.com/Telecominfraproject/wlan-ap.git
synced 2025-12-19 10:23:03 +00:00
fb4c7dc852
Add new package which has scripts for ssid client ratelimiting. Adds rules for ssid ratelimiting and client ratimiting based on 'wireless' config file options 'drate'(ssid dl), 'urate'(ssid ul), 'cdrate'(client dl), and 'curate' (client ul). Signed-off-by: Chaitanya Kiran Godavarthi <chaitanya.kiran@connectus.ai>
108 lines
2.5 KiB
Bash
108 lines
2.5 KiB
Bash
#!/bin/sh
|
|
#
|
|
# Copyright (C) 2018 rosysong@rosinson.com
|
|
#
|
|
|
|
# for uci_validate_section()
|
|
. /lib/functions/procd.sh
|
|
|
|
NFT_QOS_HAS_BRIDGE=
|
|
NFT_QOS_INET_FAMILY=ip
|
|
NFT_QOS_BRIDGE_FAMILY=bridge
|
|
NFT_QOS_SCRIPT_TEXT=
|
|
NFT_QOS_SCRIPT_FILE=/tmp/qos.nft
|
|
|
|
qosdef_appendx() { # <string to be appended>
|
|
NFT_QOS_SCRIPT_TEXT="$NFT_QOS_SCRIPT_TEXT""$1"
|
|
}
|
|
|
|
qosdef_append_chain_def() { # <type> <hook> <priority> <policy>
|
|
qosdef_appendx "\t\ttype $1 hook $2 priority $3; policy $4;\n"
|
|
}
|
|
|
|
qosdef_append_chain_ingress() { # <type> <device> <priority> <policy>
|
|
qosdef_appendx "\t\ttype $1 hook ingress device $2 priority $3; policy $4;\n"
|
|
}
|
|
|
|
# qosdef_append_rule_{MATCH}_{STATEMENT}
|
|
qosdef_append_rule_ip_limit() { # <ipaddr> <operator> <unit> <rate>
|
|
local ipaddr=$1
|
|
local operator=$2
|
|
local unit=$3
|
|
local rate=$4
|
|
|
|
qosdef_appendx \
|
|
"\t\tip $operator $ipaddr limit rate over $rate $unit/second drop\n"
|
|
}
|
|
|
|
# qosdef_append_rule_{MATCH}_{STATEMENT}
|
|
qosdef_append_rule_iface_limit() { # <iface> <operator> <unit> <rate>
|
|
local iface=$1
|
|
local operator=$2
|
|
local unit=$3
|
|
local rate=$4
|
|
|
|
qosdef_appendx \
|
|
"\t\t$operator $iface limit rate over $rate $unit/second drop\n"
|
|
}
|
|
|
|
# qosdef_append_rule_{MATCH}_{POLICY}
|
|
qosdef_append_rule_ip_policy() { # <operator> <ipaddr> <policy>
|
|
qosdef_appendx "\t\tip $1 $2 $3\n"
|
|
}
|
|
|
|
_handle_limit_whitelist() { # <value> <chain>
|
|
local ipaddr=$1
|
|
local operator
|
|
|
|
[ -z "$ipaddr" ] && return
|
|
|
|
case "$2" in
|
|
download) operator="daddr";;
|
|
upload) operator="saddr";;
|
|
esac
|
|
|
|
qosdef_append_rule_ip_policy $operator $ipaddr accept
|
|
}
|
|
|
|
qosdef_append_rule_limit_whitelist() { # <chain>
|
|
config_list_foreach default limit_whitelist _handle_limit_whitelist $1
|
|
}
|
|
|
|
qosdef_flush_table() { # <family> <table>
|
|
nft flush table $1 $2 2>/dev/null
|
|
}
|
|
|
|
qosdef_remove_table() { # <family> <table>
|
|
nft delete table $1 $2 2>/dev/null
|
|
}
|
|
|
|
qosdef_init_header() { # add header for nft script
|
|
qosdef_appendx "#!/usr/sbin/nft -f\n"
|
|
qosdef_appendx "# Copyright (C) 2018 rosysong@rosinson.com\n"
|
|
qosdef_appendx "#\n\n"
|
|
}
|
|
|
|
qosdef_init_env() {
|
|
# check interface type of lan
|
|
local lt="$(uci_get "network.lan.type")"
|
|
[ "$lt" = "bridge" ] && export NFT_QOS_HAS_BRIDGE="y"
|
|
|
|
# check if ipv6 support
|
|
[ -e /proc/sys/net/ipv6 ] && export NFT_QOS_INET_FAMILY="inet"
|
|
}
|
|
|
|
qosdef_clean_cache() {
|
|
rm -f $NFT_QOS_SCRIPT_FILE
|
|
}
|
|
|
|
qosdef_init_done() {
|
|
echo -e $NFT_QOS_SCRIPT_TEXT > $NFT_QOS_SCRIPT_FILE 2>/dev/null
|
|
}
|
|
|
|
qosdef_start() {
|
|
echo qosdef_start >> /tmp/ssidratelimit.log
|
|
nft -f $NFT_QOS_SCRIPT_FILE 2>> /tmp/ssidratelimit.log
|
|
echo $? >> /tmp/ssidratelimit.log
|
|
}
|