mirror/iopsys-feed
1
0
Fork 0
mirror of https://dev.iopsys.eu/feed/iopsys.git synced 2026-03-11 03:28:36 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

map-agent: traffic_seperation: add func isolate guest by ebtables

Browse source
This commit is contained in:
Jakob Olsson 2022-10-24 16:22:15 +02:00
parent 91509243e5
commit a9850c25cb
1 changed files with 31 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
map-agent/files/lib/wifi/traffic_separation
View file

@ -185,14 +185,36 @@ EOF
/etc/init.d/network restart
fi
# enable pktfwd again and flush FlowCache rules
echo 1 > /proc/pktfwd_dhd/enable
echo 1 > /proc/pktfwd_wl/enable
echo 0 > /proc/pktfwd_dhd/enable
echo 0 > /proc/pktfwd_wl/enable
echo 1 > /proc/pktfwd_dhd/enable
echo 1 > /proc/pktfwd_wl/enable
fcctl flush
# enable pktfwd again and flush FlowCache rules
echo 1 > /proc/pktfwd_dhd/enable
echo 1 > /proc/pktfwd_wl/enable
echo 0 > /proc/pktfwd_dhd/enable
echo 0 > /proc/pktfwd_wl/enable
echo 1 > /proc/pktfwd_dhd/enable
echo 1 > /proc/pktfwd_wl/enable
fcctl flush
}
ts_isolate() {
local action=$1
shift
local pvid=$1 # pvid
shift
local ifname=$1 # guest fbss name
shift
local ifprefix=$@ # 4addr mode ifname prefix
[ -z "$pvid" -o -z "$ifprefix" -o -z "$ifname" ] && return
for prefix in $@; do
ebtables -D FORWARD -i $ifname --o ${prefix}+ --vlan-id ! $pvid -j DROP -p 802_1Q > /dev/null 2>&1
ebtables -D FORWARD -i ${prefix}+ --o ${ifname} --vlan-id ! $pvid -j DROP -p 802_1Q > /dev/null 2>&1
[ "$action" != "add" ] && continue
ebtables -A FORWARD -i $ifname --o ${prefix}+ --vlan-id ! $pvid -j DROP -p 802_1Q > /dev/null 2>&1
ebtables -A FORWARD -i ${prefix}+ --o ${ifname} --vlan-id ! $pvid -j DROP -p 802_1Q > /dev/null 2>&1
done
}
@ -204,6 +226,7 @@ EOF
keep) dbg "keep $@"; ts_keep $@;;
reload) dbg "reload $@"; ts_reload $@;;
cleanup) dbg "cleanup $@"; ts_cleanup $@;;
isolate) dbg "isolate $@"; ts_isolate $@;;
--help|help) ts_usage;;
*) ts_usage; exit 1;;
esac