:set r9 $r8; :set r8 $r7; :set r7 $r6; :set r6 $r5; :set r5 $r4; :set r4 $r3; :set r3 $r2; :set r2 $r1; :set r1 $r0:set t9 $t8; :set t8 $t7; :set t7 $t6; :set t6 $t5; :set t5 $t4; :set t4 $t3; :set t3 $t2; :set t2 $t1; :set t1 $t0:foreach i in do={do:{/interface monitor-traffic $i once do={:set rtemp ($received-bits-per-second>$r0*4/3):set ttemp ($sent-bits-per-second>$t0*4/3):set r0 $received-bits-per-second :set t0 $sent-bits-per-second:if ($rtemp||$ttemp) do={:delay 1000ms }}} while ($rtemp||$ttemp):set rx (($r0+$r1+$r2)/6+($r3+$r4+$r5)/9+($r6+$r7+$r8+$r9)/24):set tx (($t0+$t1+$t2)/6+($t3+$t4+$t5)/9+($t6+$t7+$t8+$t9)/24):if (($r0+$r1+$r2)>($rxm*2+(-15))) do={:foreach d in do={:set dm }:foreach u in do={:set um }} else={:set dm ($dm/4);/queue tree set p2p-download burst-threshold=$dm max-limit=$dm :set um ($um/4);/queue tree set p2p-upload burst-threshold=$um max-limit=$um}:if ($rxm>73400320) do={:set rxm 73400320}:if ($txm>70254592) do={:set txm 70254592}:if ($rx5000000) do={:set dm ($dm+(-500000)):set rxm ($rxm+200000)}}:if ($tx5000000) do={:set um ($um+(-500000)):set txm ($txm+200000)}}:set dbt ($dm*12/13):set dbm ($dm+3000000);/queue tree set p2p-download burst-threshold=$dbt max-limit=$dm burst-limit=$dbm:set ubt ($um*12/13):set ubm ($um+3000000);/queue tree set p2p-upload burst-threshold=$ubt max-limit=$um burst-limit=$ubm:if($r0>$rxm) do={:set rxm $r0}:if($rx$txm) do={:set txm $t0}:if($tx
晕。。看不懂啊,有没有详细的说明/
Scripting ExamplesDocument revision: 1 (Wed Dec 22 13:15:36 GMT 2004) Applies to: MikroTik RouterOS V2.8General InformationSummaryThis section contains various scripting examples.Related DocumentsVRRP DHCP Client and Server HotSpot Gateway Universal Client Interface AAA IP Pools Scripting Host and Complementary Tools General examplesCreating many firewall rulesTo make 100 entries in firewall input rule making it to accept all packets from addresses starting with 1.1.1.1 till 1.1.1.100::for e from 1 to 100 do={/ip firewall rule input add \ src-address=(1.1.1. . $e)\ src-netmask=255.255.255.255}Getting bandwidth test valuesThis example shows how to get bandwidth-test command's results. As the example uses global variables, other scripts run at the same time may get the current TX values reported by the command./system script add name=bandtest source={:global i/tool bandwidth-test 1.1.1.1 \ direction=transmit \ duration=14s \ do={ :if ($status="running") do={ :set i $tx-current } }}Using commentsIt is sometimes more convinient to refer to an entry by its name. But what to do, if name is not available for an entry (for example, in firewall or in routing)? The example shows how to use comments, which are available for any router's entry table.Suppose, we need to switch routing tables depending on the reachability of the 10.0.0.217 host. First, we need to print the policy routing rule table, and choose the entry number you need to change. We will use number 0 in this example: ip policy-routing rule> set 0 comment=comNow, the actual configuration: system script> add name=gw_1 source={/ip policy-routing rule set \ \ table=gw1} system script> add name=gw_2 source={/ip policy-routing rule set \ \ table=gw2} system script> /tool netwatch tool netwatch> add host=10.0.0.217 interval=10s timeout=998ms \\... up-script=gw_1 down-script=gw_2In this case we're pinging host 10.0.0.217 every 10s and if no response is received, the routing table is changed.Sending files from routerTo send a backup file from a router every 7 days to the example@example.com e-mail address:/system script add name=e-backup source={/system backup save name=email/tool e-mail send \ to="example@example.com" \ subject=( . " Backup") \ file=email.backup}/system scheduler add interval=7d name="email-backup" on-event=e-backupExecute script until rebootSometimes it is needed to execute script until the router is rebooted. To do this you may use an endless loop. For example:/system script add name=loop source={:while true do={ :log message="example" :delay 10s }}Here we use 10 second long delays after executing the needed command (in this example, we just write a example example message to the system log).Run the script as usual - with a /system script run loop command. You may stop in from the /system script job submenu (with the remove command).A ping-based netwatchThis is how you can make something like NetWatch by yourself. For example, we will send e-mail if five pings will fail:/system script add name=pinging source={:if ( = 0) do={ /tool e-mail send \ to=example@example.com \ subject="Can't ping 1.1.1.1" }}Notifying examplesMonitoring DHCP client's addressIn this example, we will monitor IP address on the ether1 interface, and if it is changed, send an e-mail:/system script add name="changed-address" source={:if ( add name=eth_stat_to_log source={/interface ethernet monitor ether1 once do={:log \\... message=("\ :: Eth1 status: " . $status)}}Attach this script to a system scheduler event. system scheduler> add interval=1h name="int_to_log" \\... on-event=eth_stat_to_logConfigure System-Info facility to log all information to disk./system logging facility set System-Info=diskNotes Attention! Enabled local disk logging leads to regular writes to the local file storage. This may result in a faster wearout of solid state medium (CF and IDE-Flash cards).Watching network performanceRun this script to make a system LED be lit proportionally to the data rate received by the ether1 interface (i.e., the LED is lit for 10 * data_rate_in_megabits_per_second miliseconds):/ system script add name="led" source={:local rx/interface monitor-traffic ether1 interval=1s do={ :set rx ($received-bits-per-second/1048576) :if ($rx!=0) do={ :led led2=yes length=((10*$rx) . "ms") } \ else={ :log message="There is no traffic received on this interface" } }}Notify on data rate recordsRunning this script in scheduler every seconds, you will get reports on data rate highest records. This may be useful for monitoring peak speeds through interfaces./system script add name="record" source={:global tmp:global tx:global rx:foreach i in do={ /interface monitor-traffic $i once do={ :set tx ($sent-bits-per-second/1048576) :set rx ($received-bits-per-second/1048576) :if (=1) do={ :global ttx :set ttx $tx :global trx :set trx $rx } :if ($tx>$ttx) do={ /tool e-mail send \ to=example@example.com \ subject="Script message" \ body=("The transmission traffic on " . \ . " got up to " . $tx . "Mbps") :set ttx $tx } :if ($rx>$trx) do={ /tool e-mail send \ to=example@example.com \ subject="Script message" \ body=("The receiving traffic on " . \ . " got up to " . $rx . "Mbps") :set trx $rx } } }}Notify on AP changeThis script if run from scheduler will notify you in case AP's MAC address change for any of your wlan cards switched in station mode./ system script add name="mail_on_AP_change" source={:global mac:foreach i in do={ /interface wireless monitor $i once do={ :set mac $bssid :if (=1) do={ :global tmp :set tmp $mac :if ($mac!=$tmp) do={ /tool e-mail send \ to=example@example.com \ subject=("AP has changed for the " . \ . " interface") \ body=("Client AP's MAC address has changed to " . $mac } } } }}Load-balancing and fail-overDescriptionFirst of all, note that IP protocol does not allow much tricks unless you control both sides of a link. Every such a trick is limited by routing - you must make packets be able to run out of your network, as well as to return back correctly, so that both peers can talk to each other. In most cases, the particular path is determined by the IP address you use, so you should take care that the packets sent out to the Internet will be able to return from the same channel. The only exception is the use of dynamic routing protocols, such as BGP or OSPF (which are not covered by this document) - these protocols may provide load-balancing and fail-over by themselves.The fail-over terms may mean two things:in case the default gateway of your router does not respond (i.e., the channel has been broken, or the gateway is down), you will switch all the traffic to another gateway in case your router has crashed, a backup router will take care of your network's traffic (this is also known as high availability, which is provided by VRRP protocol) More complicated term is load balancing. We can differentiate between at least four kinds of traffic-treating that may be called "load-balancing":NAT with per session balancing (means no servers on the router side will get any benefit of balancing unless they use DNS-based load-balancing) - each session is tracked and routed through the same channel until the connection is closed. Each new connection is sent through the next route (you can have more than two). This is supported by MikroTik RouterOS. balancing with routers configured on each side (no NAT used and servers get the benefit of balancing). This is supported by MikroTik RouterOS. packet based balancing (also known as bonding or trunking) - can mess up tcp with out-of-order packets (also needs NAT if only one router doing it). The only real benifit of this if you are controlling both sides. This is not currently supported by MikroTik RouterOS, but is planned in future versions. real bonding of things like synchronous links - needs hardware that supports this on both sides of the link. This is not currently supported by MikroTik RouterOS. Also, be warned that one download session will never see double the speed. Of course if you had some kind of accelerator on your computer that opened multiple sessions, then you would see the benefit.Gateway fail-overThe most simple way to do this is to use netwatch. Here we will ping once in 5 seconds the "primary" gateway (2.2.2.2) of the router, and if does not respond, we will switch to the "backup" gateway (3.3.3.1):/system script add name=down source={/ip route \{... set gateway 3.3.3.1}/system script add name=up source={/ip route \{... set gateway 2.2.2.1}/tool netwatch add host=2.2.2.2 interval=5s up-script=up down-script=downLoad-balancing 1Given that we have two Internet providers, each of them have given us an IP address range. We have an internal network and we want to provide load-balancing for this network. To do this, we should set up a default route with both Internet gateways:/ip route add gateway=1.1.1.1,2.2.2.1It is required to make a source NAT (or masquerading) for the outgoing traffic depending on what gateway will it use, or else we will not benefit from having two gateways.Servers will not get any benefit of load-balancing as there is a predetermined routing path to their addresses unless You can make clients use several addresses of the same server, which are reachable by different paths. This could be done with so called DNS-based load-balancing, when You specify more than one IP address for the same DNS name. This topic will not be covered by RouterOS documentation.As it is very desirable to provide fail-over together with load-balancing, you can use the following script to maintain the correct gateway list:/system script add name=fo source={:local R1:local R2:if (=up) do={:set R1 1.1.1.1}:if (=up) do={:set R2 2.2.2.1} /ip route set \gateway=($R1 . , . $R2)}/tool netwatch add comment=R1 host=1.1.1.1 interval=5s up-script=fo \down-script=fo/tool netwatch add comment=R2 host=2.2.2.1 interval=5s up-script=fo \down-script=foWe can also expand this script to three or even more gateways. For example, if we had a third gateway of 3.3.3.1, the script would look like this:/system script add name=fo source={:local R1:local R2:local R3:if (=up) do={:set R1 1.1.1.1}:if (=up) do={:set R2 2.2.2.1}:if (=up) do={:set R3 3.3.3.1} /ip route set \gateway=($R1 . , . $R2 . , . $R3)}/tool netwatch add comment=R1 host=1.1.1.1 interval=5s up-script=fo \down-script=fo/tool netwatch add comment=R2 host=2.2.2.1 interval=5s up-script=fo \down-script=fo/tool netwatch add comment=R3 host=3.3.3.1 interval=5s up-script=fo \down-script=foLoad-balancing 2To do this, you need two RouterOS boxes connected with at least two lines. Let's call R1 the box that is providing Internet to your local users, and R2 that is connected at the other side of the multiple link, and that is connected to your Internet provider(s).In R1, this is done in the same manner as in the previeous example, just without SRC-NAT (you can make a SRC-NAT on the other one if you want, but this is not required for the method to work). Gateways would be the addresses of R2 put each on a different interface (link).In R2 you will need to make the same multipath routing as in R1, changing the gateways to the respective addresses of the R1 ends of the lines. Also you will need to change the dst-address from the 0.0.0.0 to the respective network you have behind the R1.VRRP ScriptThe following script is working with VRRP protocol. The script is checking '/ip vrrp' submenu, if there could be found some entry with a Backup flag then the script takes the interface names of all entries with a master flag and disables these interfaces under '/interface' list; if the state of all entries is master, then the script takes a name of such an entry and enables it under '/interface' list.:global tmp;:global t;:global iface;:global bool:set bool 0:foreach i in do={/ip vrrp { :set bool 1 :foreach e in do={ :set iface /interface disable } }}:if ($bool = 0) do={/ip vrrp { :foreach e in do={ :set iface /interface enable } }}Miscellaneous scriptsRegistration Table CheckingThe following example script checks the wireless registration table for a certain MAC address and if that address is not available, checks for a second MAC address and in case this one is not available too disables the wireless interface, after that enables the wireless interface./system script add name=search source={:if ( = 0) do={ :if ( = 0) do={ /interface wireless disable /interface wireless enable }}}Cleaning up the firewallThis example will remove everythig from the firewall::foreachi in do={/ip firewall rule $i remove }:foreachi in do={ /ip firewall remove $i}Converting ARP entries from dynamic to staticTo convert all the dynamic ARP entries on ether1 interface to static ones::foreach i in do={/ip arp add copy-from=$i}Night policyWe can define different rules for different time of the day. For example, here are two scripts that will change the queue rule Cust0. Every day at 9AM the queue will be set to 64Kbit/s and at 5PM the queue will be set to 128Kbit/s. queue simple> add name=Cust0 interface=public \\... target-address=192.168.0.0/24 max-limit=64000/64000 queue simple> /system script system script> add name=start_limit source={/queue simple set Cust0 max-limit=64000/64000} system script> add name=stop_limit source={/queue simple set Cust0 max-limit=128000/128000} system script> .. scheduler system scheduler> add interval=24h name="set-64k" \\... start-time=9:00:00 on-event=start_limit system scheduler> add interval=24h name="set-128k" \\... start-time=17:00:00 on-event=stop_limitAnother similar example is just to disable all queues at night: system script> add name=start_limit source={/queue simple enable } system script> add name=stop_limit source={/queue simple disable } system script> .. scheduler system scheduler> add interval=24h name="start" \\... start-time=9:00:00 on-event=start_limit system scheduler> add interval=24h name="stop" \\... start-time=17:00:00 on-event=stop_limitAnd here we will reference entries using comment property:/ip firewall rule forward add p2p=all-p2p action drop comment=p2p/system script add name=p2p_disable source={/ip firewall rule forward { disable }}/system script add name=p2p_enable source={/ip firewall rule forward { enable }}/system scheduler add interval=24h name="enable_p2p" \start-time=20:00:00 on-event=p2p_enable/system scheduler add interval=24h name="disable_p2p" \start-time=7:00:00 on-event=p2p_disableManaging HotSpot usersTo erase a user when his/her total uptime has reached the respective uptime limit:/ system script add name="delete_user" source={:foreach i in do={ :if (
更晕!!!
能加点注释吗?
比你还晕!!!!!!!
顶``好东西``
QUOTE (ycfei @ Apr 10 2005, 04:55 PM)
比你还晕!!!!!!!
比你还晕!!!!!!!
晕~!晕~!!晕晕晕~!!!
hi,lovellh,these are realy very nice.where do you find it?
好东西,收藏!
脚本是我朋友写的,,,动态限BT:global rx:global tx:global dl:global dm:global ul:global um:foreach i in do={/interface monitor-traffic $i once do={:set rx $received-bits-per-second :set tx $sent-bits-per-second:foreach d in do={:set dl }:foreach u in do={:set ul }:if ($dl71303168) do={:set dm ($dl+(-1000000)):set dl ($dl+(-2000000));/queue tree set p2p-download limit-at=$dl max-limit=$dm}}:if ($ul71303168) do={:set um ($ul+(-1000000)):set ul ($ul+(-2000000));/queue tree set p2p-upload limit-at=$ul max-limit=$um}}}}
不知道里面写的ether3是外网卡呢?还是内网卡??正在看。不错。。。谢谢
晕中,建议先放到精华区,方便,以后查找
强烈要求说明。。