Bash
Bash 腳本不工作
我希望這是一個簡單的答案
問題:
- 我將以下名為 learn-address.sh 的 bash 腳本放在以下文件夾中:
vi /etc/openvpn/netem/learn-address.sh
- 在 .conf 文件中添加了以下 (2) 行:
script-security 3 learn-address /etc/openvpn/netem/learn-address.sh
- 並對 learn-address 腳本應用以下權限:
chmod 755 /etc/openvpn/netem/learn-address.sh
- 但是,該腳本確實會更新文件( $ ip.classid and $ ip.dev) 在 tmp 文件中並正確傳遞變數
- 但是 bash 腳本不執行 tc 類和過濾命令(qdisc 沒有變化)
- 當使用者連接到 OpenVPN 時呼叫 learn-address 腳本時,我將在腳本上使用什麼權限來執行 tc 類和過濾命令,或者我錯過了什麼?
非常感謝
腳本名稱:learn-address.sh
#!/bin/bash statedir=/tmp/ function bwlimit-enable() { ip=$1 user=$2 dev=eth0 # Disable if already enabled. bwlimit-disable $ip # Find unique classid. if [ -f $statedir/$ip.classid ]; then # Reuse this IP's classid classid=`cat $statedir/$ip.classid` else if [ -f $statedir/last_classid ]; then classid=`cat $statedir/last_classid` classid=$((classid+1)) else classid=1 fi echo $classid > $statedir/last_classid fi # Find this user's bandwidth limit # downrate: from VPN server to the client # uprate: from client to the VPN server if [ "$user" == "myuser" ]; then downrate=10mbit uprate=10mbit elif [ "$user" == "anotheruser"]; then downrate=2mbit uprate=2mbit else downrate=5mbit uprate=5mbit fi # Limit traffic from VPN server to client tc class add dev $dev parent 1: classid 1:$classid htb rate $downrate tc filter add dev $dev protocol all parent 1:0 prio 1 u32 match ip dst $ip/32 flowid 1:$classid # Limit traffic from client to VPN server tc filter add dev $dev parent ffff: protocol all prio 1 u32 match ip src $ip/32 police rate $uprate burst 80k drop flowid :$classid # Store classid and dev for further use. echo $classid > $statedir/$ip.classid echo $dev > $statedir/$ip.dev } function bwlimit-disable() { ip=$1 if [ ! -f $statedir/$ip.classid ]; then return fi if [ ! -f $statedir/$ip.dev ]; then return fi classid=`cat $statedir/$ip.classid` dev=`cat $statedir/$ip.dev` tc filter del dev $dev protocol all parent 1:0 prio 1 u32 match ip dst $ip/32 tc class del dev $dev classid 1:$classid tc filter del dev $dev parent ffff: protocol all prio 1 u32 match ip src $ip/32 # Remove .dev but keep .classid so it can be reused. rm $statedir/$ip.dev } # Make sure queueing discipline is enabled. tc qdisc add dev $dev root handle 1: htb 2>/dev/null || /bin/true tc qdisc add dev $dev handle ffff: ingress 2>/dev/null || /bin/true case "$1" in add|update) bwlimit-enable $2 $3 ;; delete) bwlimit-disable $2 ;; *) echo "$0: unknown operation [$1]" >&2 exit 1 ;; esac exit 0
$dev
在兩次呼叫 tc 時未設置,# Make sure queueing discipline is enabled. tc qdisc add dev $dev root handle 1: htb 2>/dev/null || /bin/true tc qdisc add dev $dev handle ffff: ingress 2>/dev/null || /bin/true
這決心
tc qdisc add dev root handle 1: htb
很可能有錯誤通過管道傳送到
/dev/null
將此行替換為
# Make sure queueing discipline is enabled. dev=eth0 tc qdisc add dev $dev root handle 1: htb 2>/tmp/tqa-root.err || /bin/true tc qdisc add dev $dev handle ffff: ingress 2>/tmp/tqa-handle.err || /bin/true