Bash 脚本不起作用

Bash 脚本不起作用

我希望这是一个简单的答案

问题:

  1. 我将名为 learn-address.sh 的 bash 脚本放在以下文件夹中:

vi /etc/openvpn/netem/learn-address.sh

  1. 在 .conf 文件中增加了以下 (2) 行:
script-security 3

learn-address /etc/openvpn/netem/learn-address.sh
  1. 并将以下权限应用于learn-address脚本:
chmod 755 /etc/openvpn/netem/learn-address.sh
  1. 但是,脚本确实更新了 tmp 文件中的文件 ($ip.classid 和 $ip.dev),并正确传递了变量

  2. 但是 bash 脚本不执行 tc class 和 filter 命令(qdisc 没有变化)

  3. 当用户连接到 OpenVPN 时调用 learn-address 脚本时,我将在脚本上使用什么权限来执行 tc class 和 filter 命令,或者我是否遗漏了其他内容?

非常感谢

脚本名称:learn-address.sh

#!/bin/bash

statedir=/tmp/

function bwlimit-enable() {
ip=$1
user=$2
dev=eth0


# Disable if already enabled.
bwlimit-disable $ip

# Find unique classid.
if [ -f $statedir/$ip.classid ]; then
    # Reuse this IP's classid
    classid=`cat $statedir/$ip.classid`
else
    if [ -f $statedir/last_classid ]; then
        classid=`cat $statedir/last_classid`
        classid=$((classid+1))
    else
        classid=1
    fi
    echo $classid > $statedir/last_classid
fi

# Find this user's bandwidth limit
# downrate: from VPN server to the client
# uprate: from client to the VPN server
if [ "$user" == "myuser" ]; then
    downrate=10mbit
    uprate=10mbit
elif [ "$user" == "anotheruser"]; then
    downrate=2mbit
    uprate=2mbit
else
    downrate=5mbit
    uprate=5mbit
fi

# Limit traffic from VPN server to client
tc class add dev $dev parent 1: classid 1:$classid htb rate $downrate
tc filter add dev $dev protocol all parent 1:0 prio 1 u32 match ip dst $ip/32 flowid 1:$classid

# Limit traffic from client to VPN server
tc filter add dev $dev parent ffff: protocol all prio 1 u32 match ip src $ip/32 police rate $uprate burst 80k drop flowid :$classid

# Store classid and dev for further use.
echo $classid > $statedir/$ip.classid
echo $dev > $statedir/$ip.dev
}

function bwlimit-disable() {
ip=$1

if [ ! -f $statedir/$ip.classid ]; then
    return
fi
if [ ! -f $statedir/$ip.dev ]; then
    return
fi

classid=`cat $statedir/$ip.classid`
dev=`cat $statedir/$ip.dev`

tc filter del dev $dev protocol all parent 1:0 prio 1 u32 match ip dst $ip/32
tc class del dev $dev classid 1:$classid

tc filter del dev $dev parent ffff: protocol all prio 1 u32 match ip src $ip/32

# Remove .dev but keep .classid so it can be reused.
rm $statedir/$ip.dev
}

# Make sure queueing discipline is enabled.
tc qdisc add dev $dev root handle 1: htb 2>/dev/null || /bin/true
tc qdisc add dev $dev handle ffff: ingress 2>/dev/null || /bin/true

case "$1" in
    add|update)
        bwlimit-enable $2 $3
        ;;
    delete)
        bwlimit-disable $2
        ;;
    *)
        echo "$0: unknown operation [$1]" >&2
        exit 1
        ;;
esac

exit 0

答案1

$dev 在两次调用 tc 时均未设置,

# Make sure queueing discipline is enabled.
tc qdisc add dev $dev root handle 1: htb 2>/dev/null || /bin/true
tc qdisc add dev $dev handle ffff: ingress 2>/dev/null || /bin/true

这决定

tc qdisc add dev  root handle 1: htb

最有可能的错误被传送到/dev/null

将此行替换为

# Make sure queueing discipline is enabled.
dev=eth0
tc qdisc add dev $dev root handle 1: htb 2>/tmp/tqa-root.err || /bin/true
tc qdisc add dev $dev handle ffff: ingress 2>/tmp/tqa-handle.err || /bin/true

相关内容