Bash

Bash 腳本不工作

  • May 22, 2016

我希望這是一個簡單的答案

問題:

  1. 我將以下名為 learn-address.sh 的 bash 腳本放在以下文件夾中:

vi /etc/openvpn/netem/learn-address.sh

  1. 在 .conf 文件中添加了以下 (2) 行:
script-security 3

learn-address /etc/openvpn/netem/learn-address.sh
  1. 並對 learn-address 腳本應用以下權限:
chmod 755 /etc/openvpn/netem/learn-address.sh
  1. 但是,該腳本確實會更新文件( $ ip.classid and $ ip.dev) 在 tmp 文件中並正確傳遞變數
  2. 但是 bash 腳本不執行 tc 類和過濾命令(qdisc 沒有變化)
  3. 當使用者連接到 OpenVPN 時呼叫 learn-address 腳本時,我將在腳本上使用什麼權限來執行 tc 類和過濾命令,或者我錯過了什麼?

非常感謝

腳本名稱:learn-address.sh

#!/bin/bash

statedir=/tmp/

function bwlimit-enable() {
ip=$1
user=$2
dev=eth0


# Disable if already enabled.
bwlimit-disable $ip

# Find unique classid.
if [ -f $statedir/$ip.classid ]; then
   # Reuse this IP's classid
   classid=`cat $statedir/$ip.classid`
else
   if [ -f $statedir/last_classid ]; then
       classid=`cat $statedir/last_classid`
       classid=$((classid+1))
   else
       classid=1
   fi
   echo $classid > $statedir/last_classid
fi

# Find this user's bandwidth limit
# downrate: from VPN server to the client
# uprate: from client to the VPN server
if [ "$user" == "myuser" ]; then
   downrate=10mbit
   uprate=10mbit
elif [ "$user" == "anotheruser"]; then
   downrate=2mbit
   uprate=2mbit
else
   downrate=5mbit
   uprate=5mbit
fi

# Limit traffic from VPN server to client
tc class add dev $dev parent 1: classid 1:$classid htb rate $downrate
tc filter add dev $dev protocol all parent 1:0 prio 1 u32 match ip dst $ip/32 flowid 1:$classid

# Limit traffic from client to VPN server
tc filter add dev $dev parent ffff: protocol all prio 1 u32 match ip src $ip/32 police rate $uprate burst 80k drop flowid :$classid

# Store classid and dev for further use.
echo $classid > $statedir/$ip.classid
echo $dev > $statedir/$ip.dev
}

function bwlimit-disable() {
ip=$1

if [ ! -f $statedir/$ip.classid ]; then
   return
fi
if [ ! -f $statedir/$ip.dev ]; then
   return
fi

classid=`cat $statedir/$ip.classid`
dev=`cat $statedir/$ip.dev`

tc filter del dev $dev protocol all parent 1:0 prio 1 u32 match ip dst $ip/32
tc class del dev $dev classid 1:$classid

tc filter del dev $dev parent ffff: protocol all prio 1 u32 match ip src $ip/32

# Remove .dev but keep .classid so it can be reused.
rm $statedir/$ip.dev
}

# Make sure queueing discipline is enabled.
tc qdisc add dev $dev root handle 1: htb 2>/dev/null || /bin/true
tc qdisc add dev $dev handle ffff: ingress 2>/dev/null || /bin/true

case "$1" in
   add|update)
       bwlimit-enable $2 $3
       ;;
   delete)
       bwlimit-disable $2
       ;;
   *)
       echo "$0: unknown operation [$1]" >&2
       exit 1
       ;;
esac

exit 0

$dev 在兩次呼叫 tc 時未設置,

# Make sure queueing discipline is enabled.
tc qdisc add dev $dev root handle 1: htb 2>/dev/null || /bin/true
tc qdisc add dev $dev handle ffff: ingress 2>/dev/null || /bin/true

這決心

tc qdisc add dev  root handle 1: htb

很可能有錯誤通過管道傳送到/dev/null

將此行替換為

# Make sure queueing discipline is enabled.
dev=eth0
tc qdisc add dev $dev root handle 1: htb 2>/tmp/tqa-root.err || /bin/true
tc qdisc add dev $dev handle ffff: ingress 2>/tmp/tqa-handle.err || /bin/true

引用自:https://serverfault.com/questions/778219