#!/bin/sh . /lib/functions.sh AL_BRIDGE=${AL_BRIDGE-"br-lan"} PRIMARY_VID=${PRIMARY_VID-1} ### Traffic Separation ### dbg() { logger -t traffic_separation $@ } ts_sub() { ts_usage() { cat < 255 uci -q set network.${name}.ipaddr="${ip_addr}" uci -q set network.${name}.netmask="255.255.255.0" uci -q set network.${name}.ip6assign '60' else uci -q set network.${name}.proto="dhcp" fi uci -q add network bridge-vlan uci -q set network.@bridge-vlan[-1].device="$AL_BRIDGE" uci -q set network.@bridge-vlan[-1].vlan="$vid" for port in $(uci -q get network.${br_dev}.ports) ; do echo $port | grep -q eth || continue uci -q add_list network.@bridge-vlan[-1].ports="${port}${tag}" done uci -q add_list network.${br_dev}.ports="$port_dev" uci -q add_list network.@bridge-vlan[-1].ports="$port_dev" uci -q commit network } _dhcp_setup() { local name=$1 [ -n "$(uci -q get dhcp.${name})" ] && return uci -q set dhcp.${name}=dhcp uci -q set dhcp.${name}.interface="${name}" uci -q set dhcp.${name}.start="100" uci -q set dhcp.${name}.limit="150" uci -q set dhcp.${name}.leasetime="1h" uci -q set dhcp.${name}.dhcpv4="server" uci -q set dhcp.${name}.dhcpv6="server" uci -q set dhcp.${name}.ra="server" uci -q set dhcp.${name}.ra_slaac="1" uci -q add_list dhcp.${name}.ra_flags="managed-config" uci -q add_list dhcp.${name}.ra_flags="other-config" uci -q commit dhcp } _firewall_setup() { local name=$1 local network=$2 local zone_exist=0 config_load firewall _process_zone() { local section=$1 local new_name=$2 local name config_get name $section name [ "$name" == "$new_name" ] && zone_exist=1 } config_foreach _process_zone zone $name [ "$zone_exist" != "0" ] && return uci -q add firewall zone uci -q set firewall.@zone[-1].name="$name" uci -q add_list firewall.@zone[-1].network="$network" uci -q set firewall.@zone[-1].input='ACCEPT' uci -q set firewall.@zone[-1].output='ACCEPT' uci -q set firewall.@zone[-1].forward='ACCEPT' uci -q add firewall forwarding uci -q set firewall.@forwarding[-1].src="$name" uci -q set firewall.@forwarding[-1].dest="wan" uci -q commit firewall } vid=$1 # primary vid [ -n "$vid" ] || { cat < /dev/null || { ip link add sink${vid} type veth peer name sink_peer${vid} } ip link set sink${vid} up ip link set sink_peer${vid} up proto="dhcp" [ -x "/usr/sbin/mapcontroller" ] && proto="static" ; _net_setup "vlan${vid}" ${vid} ${proto} "sink${vid}" "sink_peer${vid}" [ -x "/usr/sbin/mapcontroller" ] && _dhcp_setup vlan${vid} #_firewall_setup vlan${vid} sink${vid} } ts_reload() { local dhcp_reload=$1 # workaround for missing backhaul wifi.ap.* ubus obj's: # iterate in config and setup bh # config_load wireless # _setup_bh_iface() { # local sec=$1 # local iface=$2 # local bridge=$3 # config_get ifname $sec ifname # config_get mode $sec mode # config_get multi_ap $sec multi_ap "0" # [ "$mode" = "ap" -a "$multi_ap" = "1" ] && { # ts_create bh $ifname 1 2 br-map # } #} # config_foreach _setup_bh_iface wifi-iface [ -n "dhcp_reload" ] && /etc/init.d/dnsmasq reload /etc/init.d/network reload #for sink in $(ubus list network.interface.sink*) ; do # local sink_vlan=${sink/network.interface./}_vlan #done } local func=$1 shift case "$func" in create) dbg "create $@"; ts_create $@;; reload) dbg "reload $@"; ts_reload $@;; --help|help) ts_usage;; *) ts_usage; exit 1;; esac }