update pcc rule

dd19d7eb · nanahira · 6754a9e8 · dd19d7eb · dd19d7eb
Commit dd19d7eb authored May 22, 2022 by nanahira
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 11 deletions

ansible/scripts/switch-rules-up.sh.j2 ansible/scripts/switch-rules-up.sh.j2 +17 -1

ansible/scripts/utility.sh.j2 ansible/scripts/utility.sh.j2 +6 -10

No files found.
--- a/ansible/scripts/switch-rules-up.sh.j2
+++ b/ansible/scripts/switch-rules-up.sh.j2
@@ -10,6 +10,12 @@ interface_switch_oversea -A u_{{plan.name}}_oversea {{plan.destMark}}
 restore_mark_switch -A {{plan.destMark}}
 {% endfor %}

+{% for gw in gateways %}
+{% if not gw.hidden %}
+ensure_isp_ipset {{gw.isp}}
+{% endif %}
+{% endfor %}
+
 ## local gateways
 {% for gw in gateways %}
 {% if not gw.hidden %}
@@ -17,7 +23,17 @@ restore_mark_switch -A {{plan.destMark}}
 interface_switch_china -A u_{{gw.isp}}_china {{gw.selectionMark}}
 interface_switch_oversea -A u_{{gw.isp}}_oversea {{gw.selectionMark}}
 {% for rule in gw.pccRules %}
-interface_switch_pcc -A {{gw.isp}} {{gw.selectionMark}} {{rule.src}} {{rule.dst}}
+$IPTABLES_EXEC -t mangle -A NEXTGEN_SWITCH \
+  -m mark --mark 0 \
+  -m set --match-set mycard src \
+{% for tgw in gateways %}
+{% if not tgw.hidden %}
+  -m set ! --match-set "u_{{tgw.isp}}_oversea" src \
+  -m set ! --match-set "u_{{tgw.isp}}_china" src \
+{% endif %}
+{% endfor %}
+  -m set ! --match-set mycard dst -s "{{rule.src}}" -d "{{rule.dst}}" \
+  -j CONNMARK --set-xmark "{{gw.selectionMark}}"
 {% endfor %}
 restore_mark_switch -A {{gw.selectionMark}}
 {% endif %}

--- a/ansible/scripts/utility.sh.j2
+++ b/ansible/scripts/utility.sh.j2
@@ -10,6 +10,12 @@ wait_lock() {
  done
 }

+ensure_isp_ipset() {
+  ISP=$1
+  ipset create "u_${ISP}_china" hash:net maxelem 1000000 || true
+  ipset create "u_${ISP}_oversea" hash:net maxelem 1000000 || true
+}
+
 ensure_ipset_and_chain() {
 {% for list in routeListNames %}
  ipset restore -f {{ansible_user_dir}}/nextgen-network/ipsets/{{list}}.ipset || true
@@ -68,16 +74,6 @@ interface_switch_oversea() {
  $IPTABLES_EXEC -t mangle "$OPTION" NEXTGEN_SWITCH -m mark --mark 0 -m set --match-set "$IPSET" src -m set ! --match-set mycard dst -m set --match-set chnrouter dst -j CONNMARK --set-xmark "$MARK"
 }

-interface_switch_pcc() {
-  OPTION=$1
-  ISP=$2
-  MARK=$3
-  SRC=$4
-  DST=$5
-  ipset create "$IPSET" hash:net maxelem 1000000 || true
-  $IPTABLES_EXEC -t mangle "$OPTION" NEXTGEN_SWITCH -m mark --mark 0 -m set --match-set mycard src -m set ! --match-set "u_${ISP}_oversea" src -m set ! --match-set "u_${ISP}_china" src -m set ! --match-set mycard dst -s "$SRC" -d "$DST" -j CONNMARK --set-xmark "$MARK"
-}
-
 interface_switch_redirect() {
  OPTION=$1
  MARK=$2