Доработана функция отображения отсканированных VPN интерфейсов - добавлен IP сети.

qzeleza · qzeleza · commit e7120b696e2b · 2023-11-18T15:29:08.000+03:00
diff --git a/build/version b/build/version
@@ -1,3 +1,3 @@
 VERSION=1.1.5
-STAGE=alpha
-RELEASE=2
+STAGE=
+RELEASE=
diff --git a/ipk/kvas_all.ipk b/ipk/kvas_all.ipk
diff --git a/opt/bin/libs/main b/opt/bin/libs/main
@@ -207,8 +207,19 @@ get_router_ip() {
 # ------------------------------------------------------------------------------------------
 get_inface_by_ip() {
 	local_ip="${1}"
-	/opt/sbin/ip a | grep global | grep "inet ${local_ip}/24"  | sed 's/^ *//g'| grep -oE '.{1,6}$' | cut -d ' ' -f2-
+	/opt/sbin/ip a | grep global | grep "inet ${local_ip}/" | sed 's/^.* \(.*\)$/\1/'
 }
+# ------------------------------------------------------------------------------------------
+#
+#	Получаем IP интерфейса по заданному entware интерфейсу
+#	$1 - заданный entware интерфейс
+#
+# ------------------------------------------------------------------------------------------
+get_ip_by_inface() {
+	entware_inf="${1}"
+	/opt/sbin/ip a | grep global | grep "${entware_inf}" | sed 's/.*inet.\(.*\)\/.*/\1/'
+}
+
 # ------------------------------------------------------------------------------------------
 #
 #	Получаем ID локального интерфейса
diff --git a/opt/bin/libs/vpn b/opt/bin/libs/vpn
diff --git a/opt/bin/main/ipset b/opt/bin/main/ipset
@@ -90,5 +90,5 @@ while read -r line || [ -n "${line}" ]; do
 
 done < "${HOST_LIST}"
 
-count=$(ipset list "${TABLE_NAME}" | grep -cE "^${IP_FILTER}")
-logger -t "Общее число IP адресов в ipset составляет ${count} шт."
+#count=$(ipset list "${TABLE_NAME}" | grep -cE "^${IP_FILTER}")
+#logger -t "Общее число IP адресов в ipset составляет ${count} шт."
diff --git a/opt/bin/main/setup b/opt/bin/main/setup
@@ -324,7 +324,7 @@ cmd_install(){
 	fi
 
 	[ -f /opt/etc/cron.5mins/check_vpn ] || {
-		ready "Устанавливаем проверку зависания VPN соединения в cron - раз в 5 минут."
+		ready "Устанавливаем проверку зависания VPN соединения в cron."
 		ln -s /opt/apps/kvas/bin/main/check_vpn /opt/etc/cron.5mins/check_vpn && when_ok "УСПЕШНО" || when_bad "ОШИБКА"
 	}
 
diff --git a/opt/etc/ndm/ndm b/opt/etc/ndm/ndm
@@ -44,7 +44,7 @@ IPv6='IPv6::'
 ip4() (/opt/sbin/ip -4 "$@")
 ip4tables() (/opt/sbin/iptables -C "$@" &>/dev/null || /opt/sbin/iptables -A "$@")
 iptab() (/opt/sbin/iptables "$@")
-ip4save() (/opt/sbin/iptables-save)
+ip4save() (/opt/sbin/iptables-save | grep -vE '\-A _')
 get_gw4()([ "${1}" ] && ip4 addr show "${1}" | grep -Po "(?<=inet ).*(?=/)")
 has_ssr_enable() ([ ! -f "/opt/etc/ndm/netfilter.d/100-vpn-mark" ])
 
@@ -191,24 +191,24 @@ ip4_firewall_mark_rules_tcp_udp_on(){
 # 	Правила маркировки гостевого трафика
 #
 # ------------------------------------------------------------------------------------------
+get_guest_net(){
+	ip addr show "${1}" | grep global | sed 's/^.*inet \(.*\).*/\1/' | cut -d' ' -f1
+}
 ip4_add_selected_guest_to_vpn_network(){
 	guest_inface="${1}"
-	rules_masq=$(ip4save | grep "\-j MASQUERADE" | grep " ${guest_inface} ")
-	rules_dns=$(ip4save | grep " ${guest_inface} " | grep DNAT | grep 53)
-	if [ -z "${rules_dns}" ] || [ -z "${rules_masq}" ] ; then
+	rules_masq=$(ip4save  | grep "\-j MASQUERADE" | grep " ${guest_inface} ")
+#	rules_dns=$(ip4save | grep " ${guest_inface} " | grep DNAT | grep 53)
+	if [ -z "${rules_masq}" ] ; then
 			# Маркируем трафик гостевой сети
 			{
 					log_warning "Подключаем правила маркировки гостевого трафика для VPN."
-#					ip4tables PREROUTING -w -t nat -i "${guest_inface}" -p tcp -j DNAT --to "$(inface_gw4):53"
-#					ip4tables PREROUTING -w -t nat -i "${guest_inface}" -p udp -j DNAT --to "$(inface_gw4):53"
-					ip4tables POSTROUTING -t nat -s "$(guest_net "${guest_inface}")" -o "${guest_inface}" -m ndmmark --ndmmark ${MARK_NUM} -j MASQUERADE
+					ip4tables POSTROUTING -t nat -s "$(get_guest_net "${guest_inface}")" -o "${guest_inface}" -m ndmmark --ndmmark ${MARK_NUM} -j MASQUERADE
 #					Под вопросом ?
-					ip4tables POSTROUTING -t nat -s "$(guest_net "${guest_inface}")" -o "${guest_inface}" -m ndmmark --ndmmark ${MARK_NUM} -j SNAT --to-source $(inface_guest_gw4 "${guest_inface}")
+#					ip4tables POSTROUTING -t nat -s "$(get_guest_net "${guest_inface}")" -o "${guest_inface}" -m ndmmark --ndmmark ${MARK_NUM} -j SNAT --to-source $(inface_guest_gw4 "${guest_inface}")
 
 			} &>/dev/null
 			rules_masq=$(ip4save | grep "\-j MASQUERADE" | grep " ${guest_inface} ")
-			rules_dns=$(ip4save | grep " ${guest_inface} " | grep DNAT | grep 53)
-			if [ -z "${rules_dns}" ] || [ -z "${rules_masq}" ] ; then
+			if [ -z "${rules_masq}" ] ; then
 				error "${IPv4} Возникла ошибка при маркировке гостевого трафика ${guest_inface} [$(guest_net "${guest_inface}")] для VPN."
 			fi
 	fi

Original file line number	Diff line number	Diff line change
`@@ -324,7 +324,7 @@ cmd_install(){`
`324`	`324`	`fi`
`325`	`325`
`326`	`326`	`[ -f /opt/etc/cron.5mins/check_vpn ] \|\| {`
`327`		`- ready "Устанавливаем проверку зависания VPN соединения в cron - раз в 5 минут."`
	`327`	`+ ready "Устанавливаем проверку зависания VPN соединения в cron."`
`328`	`328`	`ln -s /opt/apps/kvas/bin/main/check_vpn /opt/etc/cron.5mins/check_vpn && when_ok "УСПЕШНО" \|\| when_bad "ОШИБКА"`
`329`	`329`	`}`
`330`	`330`