From 89d547a3d082d7a71c7c8c546692ae9d527b4499 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 21 Aug 2020 10:03:05 +0200 Subject: [PATCH 01/12] Fix omr bypass --- luci-app-omr-bypass/root/etc/init.d/omr-bypass | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/luci-app-omr-bypass/root/etc/init.d/omr-bypass b/luci-app-omr-bypass/root/etc/init.d/omr-bypass index 064d4fd1f..c07e3cfc8 100755 --- a/luci-app-omr-bypass/root/etc/init.d/omr-bypass +++ b/luci-app-omr-bypass/root/etc/init.d/omr-bypass @@ -289,7 +289,7 @@ _bypass_proto() { _intf_rule_ss_rules() { rule_name=$1 - [ "$rule_name" = "ss_rules" ] && rule_name="default" + [ "$rule_name" = "ss_rules" ] && rule_name="def" if [ "$(iptables --wait=40 -t nat -L -n | grep ss_rules_${rule_name}_pre_src)" != "" ] && [ "$(iptables --wait=40 -t nat -L -n | grep omr_dst_bypass_$intf)" = "" ]; then iptables-restore -w --wait=60 --noflush <<-EOF *nat @@ -411,7 +411,7 @@ _bypass_omr_server() { _ss_rules_config() { rule_name=$1 - [ "$rule_name" = "ss_rules" ] && rule_name="default" + [ "$rule_name" = "ss_rules" ] && rule_name="def" if [ "$(iptables --wait=40 -t nat -L -n | grep ss_rules_${rule_name}_pre_src)" != "" ] && [ "$(iptables --wait=40 -t nat -L -n | grep omr_dst_bypass_all)" = "" ]; then iptables-restore -w --wait=60 --noflush <<-EOF *nat @@ -431,7 +431,7 @@ _ss_rules_config() { COMMIT EOF fi - if [ "$(ip6tables --wait=40 -t nat -L | grep ss_rules6_default_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L | grep omr6_dst_bypass_all)" = "" ]; then + if [ "$(ip6tables --wait=40 -t nat -L | grep ss_rules6_${rule_name}_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L | grep omr6_dst_bypass_all)" = "" ]; then ip6tables-restore -w --wait=60 --noflush <<-EOF *nat -I ss_rules6_${rule_name}_dst 1 -m set --match-set omr6_dst_bypass_all dst -j RETURN @@ -473,6 +473,7 @@ start_service() { *mangle :omr-bypass - -I PREROUTING -m addrtype ! --dst-type LOCAL -j omr-bypass + -I OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass COMMIT EOF if [ "$disableipv6" != "1" ]; then @@ -481,6 +482,7 @@ start_service() { *mangle :omr-bypass6 - -I PREROUTING -m addrtype ! --dst-type LOCAL -j omr-bypass6 + -I OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass6 COMMIT EOF fi @@ -537,6 +539,7 @@ start_service() { *mangle :omr-bypass-dpi - -A PREROUTING -m addrtype ! --dst-type LOCAL -j omr-bypass-dpi + -A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass-dpi -A POSTROUTING -m addrtype --dst-type LOCAL -j omr-bypass-dpi COMMIT EOF @@ -546,6 +549,7 @@ start_service() { *mangle :omr-bypass6-dpi - -A PREROUTING -m addrtype ! --dst-type LOCAL -j omr-bypass6-dpi + -A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass6-dpi -A POSTROUTING -m addrtype --dst-type LOCAL -j omr-bypass6-dpi COMMIT EOF From 42c38a1314788f6b0162ec2f9720c140b69dc661 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 21 Aug 2020 10:05:15 +0200 Subject: [PATCH 02/12] Force IPv4 for Wget --- openmptcprouter/files/etc/wgetrc | 1 + 1 file changed, 1 insertion(+) diff --git a/openmptcprouter/files/etc/wgetrc b/openmptcprouter/files/etc/wgetrc index 9543debcf..ff5e4e91d 100644 --- a/openmptcprouter/files/etc/wgetrc +++ b/openmptcprouter/files/etc/wgetrc @@ -1 +1,2 @@ inet4_only = on +prefer_family = IPv4 From 9f1c6d2b7b5cd57c8f22cdd750f09ede7f838e32 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 21 Aug 2020 10:06:25 +0200 Subject: [PATCH 03/12] Update RPI eeprom --- bcm27xx-eeprom/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bcm27xx-eeprom/Makefile b/bcm27xx-eeprom/Makefile index 580ea78c3..363e8effb 100644 --- a/bcm27xx-eeprom/Makefile +++ b/bcm27xx-eeprom/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=bcm27xx-eeprom -PKG_VERSION:=ad18a5b468f787ed37ab62e0a699dabeaa580e27 +PKG_VERSION:=1a44b1330805663c292de8ce818065bbe9f2e130 PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/raspberrypi/rpi-eeprom/tar.gz/$(PKG_VERSION)? -PKG_HASH:=2f77ef84d34f77208e4caf90aa65bbbaa6234ee58ffe9c23a819d44c25a631b4 +PKG_HASH:=d18573a4026578ed20cd7e3ac7df029dbef7fd271729a60cd80abae2235eca25 PKG_LICENSE:=BSD-3-Clause Custom PKG_LICENSE_FILES:=LICENSE From 0ee13b08663b9ec3d0aa51f05afb9900337175ee Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 21 Aug 2020 10:09:28 +0200 Subject: [PATCH 04/12] Fixes when interfaces set as backup --- .../usr/share/omr/post-tracking.d/post-tracking | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/mptcp/files/usr/share/omr/post-tracking.d/post-tracking b/mptcp/files/usr/share/omr/post-tracking.d/post-tracking index 819d17188..2631c65fa 100755 --- a/mptcp/files/usr/share/omr/post-tracking.d/post-tracking +++ b/mptcp/files/usr/share/omr/post-tracking.d/post-tracking @@ -5,6 +5,8 @@ set_route() { local multipath_config_route interface_gw interface_if INTERFACE=$1 PREVINTERFACE=$2 + SETDEFAULT=$3 + [ -z "$SETDEFAULT" ] && SETDEFAULT="yes" multipath_config_route=$(uci -q get openmptcprouter.$INTERFACE.multipath) [ -z "$multipath_config_route" ] && multipath_config_route=$(uci -q get network.$INTERFACE.multipath || echo "off") interface_if=$(ifstatus "$INTERFACE" 2>/dev/null | jsonfilter -q -e '@["l3_device"]') @@ -24,8 +26,8 @@ set_route() { fi if [ "$interface_gw" != "" ] && [ "$interface_if" != "" ]; then _log "$PREVINTERFACE down. Replace default route by $interface_gw dev $interface_if" - ip route replace default scope global nexthop via $interface_gw dev $interface_if && SETROUTE=true - ip route replace default via $interface_gw dev $interface_if table 991337 + [ "$SETDEFAULT" = "yes" ] && ip route replace default scope global nexthop via $interface_gw dev $interface_if + ip route replace default via $interface_gw dev $interface_if table 991337 && SETROUTE=true fi fi } @@ -82,7 +84,6 @@ set_routes_intf() { fi #if [ "$interface_gw" != "" ] && [ "$interface_if" != "" ] && [ "$(ip route show $serverip | grep $interface_if)" = "" ]; then if [ "$interface_gw" != "" ] && [ "$interface_if" != "" ]; then - nbintf=$((nbintf+1)) if [ "$multipath_config_route" = "master" ]; then weight=10 else @@ -95,6 +96,7 @@ set_routes_intf() { routesintfbackup="$routesintfbackup nexthop via $interface_gw dev $interface_if weight $weight" fi else + nbintf=$((nbintf+1)) if [ -z "$routesintf" ]; then routesintf="nexthop via $interface_gw dev $interface_if weight $weight" else @@ -314,6 +316,9 @@ if [ "$OMR_TRACKER_STATUS" = "ERROR" ]; then if ([ "$default_gw" = "$OMR_TRACKER_DEVICE_GATEWAY" ] || [ "$default_gw" = "" ]) && [ "$(uci -q get openmptcprouter.settings.defaultgw)" != "0" ]; then config_load network config_foreach set_route interface $OMR_TRACKER_INTERFACE + elif [ "$(uci -q get network.$OMR_TRACKER_INTERFACE.multipath)" = "master" ]; then + config_load network + config_foreach set_route interface $OMR_TRACKER_INTERFACE "no" fi mail_alert="$(uci -q get omr-tracker.$OMR_TRACKER_INTERFACE.mail_alert)" [ -z "$mail_alert" ] && mail_alert="$(uci -q get omr-tracker.defaults.mail_alert)" @@ -588,7 +593,7 @@ if [ "$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.lc)" = "" ] || [ $(($( } fi local serverip=$(uci -q get shadowsocks-libev.sss0.server) - [ -n "$serverip" ] && [ "$serverip" != "127.0.0.1" ] && [ "$(pgrep tracebox)" = "" ] && { + [ -n "$serverip" ] && [ "$serverip" != "127.0.0.1" ] && [ "$(pgrep tracebox)" = "" ] && [ "$(uci -q get openmptcprouter.settings.tracebox)" != "0" ] && { omrtracebox="$(omr-tracebox-mptcp $serverip $OMR_TRACKER_DEVICE)" [ -n "$omrtracebox" ] && uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.mptcp_status="$omrtracebox" } From 7394a11f78d1e71a066ea2c8e669d8e03d9b00dc Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 21 Aug 2020 12:54:38 +0200 Subject: [PATCH 05/12] Remove wireguard by default --- openmptcprouter-full/Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/openmptcprouter-full/Makefile b/openmptcprouter-full/Makefile index 28ee1e6e0..4ba67580b 100644 --- a/openmptcprouter-full/Makefile +++ b/openmptcprouter-full/Makefile @@ -55,7 +55,6 @@ MY_DEPENDS := \ iputils-ping \ tracebox \ !TARGET_mvebu:luci-proto-3g \ - luci-proto-wireguard \ !TARGET_mvebu:comgt-ncm !TARGET_mvebu:luci-proto-ncm \ !TARGET_mvebu:luci-proto-modemmanager \ !TARGET_mvebu:luci-proto-ppp \ @@ -79,7 +78,7 @@ MY_DEPENDS := \ !TARGET_mvebu:kmod-usb-net-huawei-cdc-ncm !TARGET_mvebu:kmod-usb-net-rndis !TARGET_mvebu:kmod-usb-net-cdc-ether !TARGET_mvebu:kmod-usb-net-ipheth !TARGET_mvebu:usbmuxd \ kmod-rt2800-usb kmod-rtl8xxxu kmod-rtl8192cu kmod-net-rtl8192su \ !TARGET_mvebu:luci-proto-qmi wpad-basic kmod-mt7601u kmod-rtl8187 \ - wireguard luci-app-mlvpn mlvpn 464xlat !TARGET_mvebu:kmod-usb-net-smsc75xx kmod-zram kmod-swconfig swconfig kmod-ipt-nat kmod-ipt-nat6 luci-app-https-dns-proxy kmod-tcp-nanqinlang iptables-mod-ipopt igmpproxy ss mptcpd iptraf-ng \ + luci-app-mlvpn mlvpn 464xlat !TARGET_mvebu:kmod-usb-net-smsc75xx kmod-zram kmod-swconfig swconfig kmod-ipt-nat kmod-ipt-nat6 luci-app-https-dns-proxy kmod-tcp-nanqinlang iptables-mod-ipopt igmpproxy ss mptcpd iptraf-ng \ luci-app-acl block-mount blockd fstools luci-app-shutdown libwebp luci-proto-gre tcptraceroute # luci-theme-bootstrap luci-theme-openwrt-2020 luci-theme-openwrt luci-app-status # luci-proto-bonding luci-app-statistics luci-proto-gre From d68778eadc4d7f0d5de596466cd855f24e9ded34 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 21 Aug 2020 14:56:48 +0200 Subject: [PATCH 06/12] Fix bcm eeprom patches --- ...1-rpi-eeprom-update-OpenWrt-defaults.patch | 3 ++- ...rpi-eeprom-config-switch-to-Python-3.patch | 21 ------------------- 2 files changed, 2 insertions(+), 22 deletions(-) delete mode 100644 bcm27xx-eeprom/patches/0002-rpi-eeprom-config-switch-to-Python-3.patch diff --git a/bcm27xx-eeprom/patches/0001-rpi-eeprom-update-OpenWrt-defaults.patch b/bcm27xx-eeprom/patches/0001-rpi-eeprom-update-OpenWrt-defaults.patch index 2f923bc43..a9c8faac7 100644 --- a/bcm27xx-eeprom/patches/0001-rpi-eeprom-update-OpenWrt-defaults.patch +++ b/bcm27xx-eeprom/patches/0001-rpi-eeprom-update-OpenWrt-defaults.patch @@ -14,7 +14,7 @@ Signed-off-by: Álvaro Fernández Rojas --- a/rpi-eeprom-update +++ b/rpi-eeprom-update -@@ -24,14 +24,14 @@ else +@@ -24,15 +24,15 @@ else fi # May be used to select beta or stable releases instead of the default critical updates. @@ -29,6 +29,7 @@ Signed-off-by: Álvaro Fernández Rojas BOOTFS=${BOOTFS:-/boot} -VCMAILBOX=${VCMAILBOX:-/opt/vc/bin/vcmailbox} +VCMAILBOX=${VCMAILBOX:-/usr/bin/vcmailbox} + CM4_ENABLE_RPI_EEPROM_UPDATE=${CM4_ENABLE_RPI_EEPROM_UPDATE:-0} EXIT_SUCCESS=0 EXIT_UPDATE_REQUIRED=1 diff --git a/bcm27xx-eeprom/patches/0002-rpi-eeprom-config-switch-to-Python-3.patch b/bcm27xx-eeprom/patches/0002-rpi-eeprom-config-switch-to-Python-3.patch deleted file mode 100644 index fc2c894d8..000000000 --- a/bcm27xx-eeprom/patches/0002-rpi-eeprom-config-switch-to-Python-3.patch +++ /dev/null @@ -1,21 +0,0 @@ -From 869a29ec65a0985670a259f4820df4fafc22c971 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?=C3=81lvaro=20Fern=C3=A1ndez=20Rojas?= -Date: Wed, 25 Mar 2020 10:14:34 +0100 -Subject: [PATCH] rpi-eeprom-config: switch to Python 3 -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Álvaro Fernández Rojas ---- - rpi-eeprom-config | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/rpi-eeprom-config -+++ b/rpi-eeprom-config -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/python3 - - # rpi-eeprom-config - # Utility for reading and writing the configuration file in the From c1bcff99c659d26fc7515881f343d96acf9133c0 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 25 Aug 2020 09:20:16 +0200 Subject: [PATCH 07/12] Fix vcm eeprom --- .../0004-rpi-eeprom-update-remove-chmod.patch | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 bcm27xx-eeprom/patches/0004-rpi-eeprom-update-remove-chmod.patch diff --git a/bcm27xx-eeprom/patches/0004-rpi-eeprom-update-remove-chmod.patch b/bcm27xx-eeprom/patches/0004-rpi-eeprom-update-remove-chmod.patch new file mode 100644 index 000000000..00c204805 --- /dev/null +++ b/bcm27xx-eeprom/patches/0004-rpi-eeprom-update-remove-chmod.patch @@ -0,0 +1,20 @@ +--- a/rpi-eeprom-update 2020-08-23 10:36:21.892002253 +0200 ++++ b/rpi-eeprom-update 2020-08-23 10:36:41.819672745 +0200 +@@ -166,7 +166,7 @@ + || die "Failed to copy ${TMP_EEPROM_IMAGE} to ${BOOTFS}" + + # For NFS mounts ensure that the files are readable to the TFTP user +- chmod -f go+r "${BOOTFS}/pieeprom.upd" "${BOOTFS}/pieeprom.sig" ++ #chmod -f go+r "${BOOTFS}/pieeprom.upd" "${BOOTFS}/pieeprom.sig" + fi + + if [ -n "${VL805_UPDATE_IMAGE}" ]; then +@@ -175,7 +175,7 @@ + cp -f "${VL805_UPDATE_IMAGE}" "${BOOTFS}/vl805.bin" + + # For NFS mounts ensure that the files are readable to the TFTP user +- chmod -f go+r "${BOOTFS}/vl805.bin" "${BOOTFS}/vl805.sig" ++ #chmod -f go+r "${BOOTFS}/vl805.bin" "${BOOTFS}/vl805.sig" + fi + + cp -f "${RECOVERY_BIN}" "${BOOTFS}/recovery.bin" \ From 3627014d7763cb06fa73c495db5e2df302a3bc40 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 25 Aug 2020 09:21:46 +0200 Subject: [PATCH 08/12] Fix omr-bypass --- .../root/etc/init.d/omr-bypass | 95 ++++++++++++++----- .../files/shadowsocks-libev.init | 2 +- shadowsocks-libev/files/ss-rules | 74 +++++++-------- shadowsocks-libev/files/ss-rules6 | 74 +++++++-------- 4 files changed, 144 insertions(+), 101 deletions(-) diff --git a/luci-app-omr-bypass/root/etc/init.d/omr-bypass b/luci-app-omr-bypass/root/etc/init.d/omr-bypass index c07e3cfc8..804356886 100755 --- a/luci-app-omr-bypass/root/etc/init.d/omr-bypass +++ b/luci-app-omr-bypass/root/etc/init.d/omr-bypass @@ -135,6 +135,11 @@ _bypass_lan_ip() { -A omr-bypass -s $ip -j MARK --set-mark 0x539 COMMIT EOF + iptables-restore -w --wait=60 --noflush <<-EOF + *mangle + -A omr-bypass-local -s $ip -j MARK --set-mark 0x539 + COMMIT + EOF elif [ "$valid_ip6" = "ok" ]; then ip6tables-restore -w --wait=60 --noflush <<-EOF *mangle @@ -149,6 +154,11 @@ _bypass_lan_ip() { -A omr-bypass -s $ip -j MARK --set-mark 0x539$intfid COMMIT EOF + iptables-restore -w --wait=60 --noflush <<-EOF + *mangle + -A omr-bypass-local -s $ip -j MARK --set-mark 0x539$intfid + COMMIT + EOF elif [ "$valid_ip6" = "ok" ]; then ip6tables-restore -w --wait=60 --noflush <<-EOF *mangle @@ -176,6 +186,11 @@ _bypass_dest_port() { -A omr-bypass --protocol $proto --destination-port $dport -j MARK --set-mark 0x539 COMMIT EOF + iptables-restore -w --wait=60 --noflush <<-EOF + *mangle + -A omr-bypass-local --protocol $proto --destination-port $dport -j MARK --set-mark 0x539 + COMMIT + EOF if [ "$disableipv6" != "1" ]; then ip6tables-restore -w --wait=60 --noflush <<-EOF *mangle @@ -189,6 +204,11 @@ _bypass_dest_port() { -A omr-bypass --protocol $proto --destination-port $dport -j MARK --set-mark 0x539$intfid COMMIT EOF + iptables-restore -w --wait=60 --noflush <<-EOF + *mangle + -A omr-bypass-local --protocol $proto --destination-port $dport -j MARK --set-mark 0x539$intfid + COMMIT + EOF if [ "$disableipv6" != "1" ]; then ip6tables-restore -w --wait=60 --noflush <<-EOF *mangle @@ -216,6 +236,11 @@ _bypass_src_port() { -A omr-bypass --protocol $proto --source-port $sport -j MARK --set-mark 0x539 COMMIT EOF + iptables-restore -w --wait=60 --noflush <<-EOF + *mangle + -A omr-bypass-local --protocol $proto --source-port $sport -j MARK --set-mark 0x539 + COMMIT + EOF if [ "$disableipv6" != "1" ]; then ip6tables-restore -w --wait=60 --noflush <<-EOF *mangle @@ -229,6 +254,11 @@ _bypass_src_port() { -A omr-bypass --protocol $proto --source-port $sport -j MARK --set-mark 0x539$intfid COMMIT EOF + iptables-restore -w --wait=60 --noflush <<-EOF + *mangle + -A omr-bypass-local --protocol $proto --source-port $sport -j MARK --set-mark 0x539$intfid + COMMIT + EOF if [ "$disableipv6" != "1" ]; then ip6tables-restore -w --wait=60 --noflush <<-EOF *mangle @@ -290,14 +320,15 @@ _bypass_proto() { _intf_rule_ss_rules() { rule_name=$1 [ "$rule_name" = "ss_rules" ] && rule_name="def" - if [ "$(iptables --wait=40 -t nat -L -n | grep ss_rules_${rule_name}_pre_src)" != "" ] && [ "$(iptables --wait=40 -t nat -L -n | grep omr_dst_bypass_$intf)" = "" ]; then + if [ "$(iptables --wait=40 -t nat -L -n | grep ssr_${rule_name}_pre_src)" != "" ] && [ "$(iptables --wait=40 -t nat -L -n | grep omr_dst_bypass_$intf)" = "" ]; then iptables-restore -w --wait=60 --noflush <<-EOF *nat - -I ss_rules_${rule_name}_dst 1 -m set --match-set omr_dst_bypass_$intf dst -j RETURN - -I ss_rules_${rule_name}_local_out 1 -m set --match-set omr_dst_bypass_$intf dst -j RETURN - -I ss_rules_${rule_name}_local_out 2 -m mark --mark 0x539$count -j RETURN - -I ss_rules_${rule_name}_pre_src 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count - -I ss_rules_${rule_name}_pre_src 2 -m mark --mark 0x539$count -j RETURN + -I ssr_${rule_name}_dst 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count + -I ssr_${rule_name}_dst 1 -m mark --mark 0x539$count -j RETURN + -I ssr_${rule_name}_local_out 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count + -I ssr_${rule_name}_local_out 2 -m mark --mark 0x539$count -j RETURN + -I ssr_${rule_name}_pre_src 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count + -I ssr_${rule_name}_pre_src 2 -m mark --mark 0x539$count -j RETURN COMMIT EOF fi @@ -309,14 +340,15 @@ _intf_rule_ss_rules() { COMMIT EOF fi - if [ "$(ip6tables --wait=40 -t nat -L | grep ss_rules6_${rule_name}_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L | grep omr6_dst_bypass_$intf)" = "" ]; then + if [ "$(ip6tables --wait=40 -t nat -L | grep ssr6_${rule_name}_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L | grep omr6_dst_bypass_$intf)" = "" ]; then ip6tables-restore -w --wait=60 --noflush <<-EOF *nat - -I ss_rules6_${rule_name}_dst 1 -m set --match-set omr6_dst_bypass_$intf dst -j RETURN - -I ss_rules6_${rule_name}_local_out 1 -m set --match-set omr6_dst_bypass_$intf dst -j RETURN - -I ss_rules6_${rule_name}_local_out 2 -m mark --mark 0x6539$count -j RETURN - -I ss_rules6_${rule_name}_pre_src 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count - -I ss_rules6_${rule_name}_pre_src 2 -m mark --mark 0x6539$count -j RETURN + -I ssr6_${rule_name}_dst 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count + -I ssr6_${rule_name}_dst 1 -m mark --mark 0x6539$count -j RETURN + -I ssr6_${rule_name}_local_out 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count + -I ssr6_${rule_name}_local_out 2 -m mark --mark 0x6539$count -j RETURN + -I ssr6_${rule_name}_pre_src 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count + -I ssr6_${rule_name}_pre_src 2 -m mark --mark 0x6539$count -j RETURN COMMIT EOF fi @@ -412,14 +444,15 @@ _bypass_omr_server() { _ss_rules_config() { rule_name=$1 [ "$rule_name" = "ss_rules" ] && rule_name="def" - if [ "$(iptables --wait=40 -t nat -L -n | grep ss_rules_${rule_name}_pre_src)" != "" ] && [ "$(iptables --wait=40 -t nat -L -n | grep omr_dst_bypass_all)" = "" ]; then + if [ "$(iptables --wait=40 -t nat -L -n | grep ssr_${rule_name}_pre_src)" != "" ] && [ "$(iptables --wait=40 -t nat -L -n | grep omr_dst_bypass_all)" = "" ]; then iptables-restore -w --wait=60 --noflush <<-EOF *nat - -I ss_rules_${rule_name}_dst 1 -m set --match-set omr_dst_bypass_all dst -j RETURN - -I ss_rules_${rule_name}_local_out 1 -m set --match-set omr_dst_bypass_all dst -j RETURN - -I ss_rules_${rule_name}_local_out 2 -m mark --mark 0x539 -j RETURN - -I ss_rules_${rule_name}_pre_src 1 -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539 - -I ss_rules_${rule_name}_pre_src 2 -m mark --mark 0x539 -j RETURN + -I ssr_${rule_name}_dst 1 -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539 + -I ssr_${rule_name}_dst 1 -m mark --mark 0x539 -j RETURN + -I ssr_${rule_name}_local_out 1 -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539 + -I ssr_${rule_name}_local_out 2 -m mark --mark 0x539 -j RETURN + -I ssr_${rule_name}_pre_src 1 -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539 + -I ssr_${rule_name}_pre_src 2 -m mark --mark 0x539 -j RETURN COMMIT EOF fi @@ -431,14 +464,15 @@ _ss_rules_config() { COMMIT EOF fi - if [ "$(ip6tables --wait=40 -t nat -L | grep ss_rules6_${rule_name}_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L | grep omr6_dst_bypass_all)" = "" ]; then + if [ "$(ip6tables --wait=40 -t nat -L | grep ssr6_${rule_name}_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L | grep omr6_dst_bypass_all)" = "" ]; then ip6tables-restore -w --wait=60 --noflush <<-EOF *nat - -I ss_rules6_${rule_name}_dst 1 -m set --match-set omr6_dst_bypass_all dst -j RETURN - -I ss_rules6_${rule_name}_local_out 1 -m set --match-set omr6_dst_bypass_all dst -j RETURN - -I ss_rules6_${rule_name}_local_out 2 -m mark --mark 0x6539 -j RETURN - -I ss_rules6_${rule_name}_pre_src 1 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539 - -I ss_rules6_${rule_name}_pre_src 2 -m mark --mark 0x6539 -j RETURN + -I ssr6_${rule_name}_dst 1 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539 + -I ssr6_${rule_name}_dst 1 -m mark --mark 0x6539 -j RETURN + -I ssr6_${rule_name}_local_out 1 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539 + -I ssr6_${rule_name}_local_out 2 -m mark --mark 0x6539 -j RETURN + -I ssr6_${rule_name}_pre_src 1 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539 + -I ssr6_${rule_name}_pre_src 2 -m mark --mark 0x6539 -j RETURN COMMIT EOF fi @@ -473,7 +507,12 @@ start_service() { *mangle :omr-bypass - -I PREROUTING -m addrtype ! --dst-type LOCAL -j omr-bypass - -I OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass + COMMIT + EOF + iptables-restore -w --wait=60 --noflush <<-EOF + *mangle + :omr-bypass-local - + -I OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass-local COMMIT EOF if [ "$disableipv6" != "1" ]; then @@ -482,7 +521,6 @@ start_service() { *mangle :omr-bypass6 - -I PREROUTING -m addrtype ! --dst-type LOCAL -j omr-bypass6 - -I OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass6 COMMIT EOF fi @@ -529,6 +567,11 @@ start_service() { -A omr-bypass -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539 COMMIT EOF + iptables-restore -w --wait=60 --noflush <<-EOF + *mangle + -A omr-bypass-local -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539 + COMMIT + EOF fi config_load shadowsocks-libev diff --git a/shadowsocks-libev/files/shadowsocks-libev.init b/shadowsocks-libev/files/shadowsocks-libev.init index c9d10b176..d9fc50d2c 100644 --- a/shadowsocks-libev/files/shadowsocks-libev.init +++ b/shadowsocks-libev/files/shadowsocks-libev.init @@ -290,7 +290,7 @@ stop_service() { } rules_exist() { - [ -n "$(iptables -t nat -L -n | grep ss_rules)" ] && return 0 + [ -n "$(iptables -t nat -L -n | grep ssr)" ] && return 0 return 1 } diff --git a/shadowsocks-libev/files/ss-rules b/shadowsocks-libev/files/ss-rules index 0599958a2..d0cd133a1 100755 --- a/shadowsocks-libev/files/ss-rules +++ b/shadowsocks-libev/files/ss-rules @@ -122,7 +122,7 @@ ss_rules_parse_args() { ss_rules_flush() { local setname - iptables-save --counters | grep -v ss_rules_ | iptables-restore -w --counters + iptables-save --counters | grep -v ssr_ | iptables-restore -w --counters while ip rule del fwmark 1 lookup 100 2>/dev/null; do true; done ip route flush table 100 || true for setname in $(ipset -n list | grep "ss_rules_"); do @@ -181,20 +181,20 @@ ss_rules_iptchains_init_tcp() { ss_rules_iptchains_init_ nat tcp case "$o_local_default" in - checkdst) local_target=ss_rules_${rule}_dst ;; - forward) local_target=ss_rules_${rule}_forward ;; + checkdst) local_target=ssr_${rule}_dst ;; + forward) local_target=ssr_${rule}_forward ;; bypass|*) return 0;; esac iptables-restore -w --noflush <<-EOF *nat - :ss_rules_${rule}_local_out - - -I OUTPUT 1 -p tcp -j ss_rules_${rule}_local_out - -A ss_rules_${rule}_local_out -m set --match-set ss_rules_dst_bypass dst -j RETURN - -A ss_rules_${rule}_local_out -m set --match-set ss_rules_dst_bypass_all dst -j RETURN - -A ss_rules_${rule}_local_out -m set --match-set ss_rules_dst_bypass_ dst -j RETURN - -A ss_rules_${rule}_local_out -m mark --mark 0x539 -j RETURN - -A ss_rules_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default" + :ssr_${rule}_local_out - + -I OUTPUT 1 -p tcp -j ssr_${rule}_local_out + -A ssr_${rule}_local_out -m set --match-set ss_rules_dst_bypass dst -j RETURN + -A ssr_${rule}_local_out -m set --match-set ss_rules_dst_bypass_all dst -j RETURN + -A ssr_${rule}_local_out -m set --match-set ss_rules_dst_bypass_ dst -j RETURN + -A ssr_${rule}_local_out -m mark --mark 0x539 -j RETURN + -A ssr_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default" COMMIT EOF } @@ -213,7 +213,7 @@ ss_rules_iptchains_init_() { case "$proto" in tcp) - forward_rules="-A ss_rules_${rule}_forward -p tcp -j REDIRECT --to-ports $o_redir_tcp_port" + forward_rules="-A ssr_${rule}_forward -p tcp -j REDIRECT --to-ports $o_redir_tcp_port" if [ -n "$o_dst_forward_recentrst" ]; then recentrst_mangle_rules=" *mangle @@ -221,48 +221,48 @@ ss_rules_iptchains_init_() { COMMIT " recentrst_addset_rules=" - -A ss_rules_${rule}_dst -m recent --name ss_rules_recentrst --rcheck --rdest --seconds 3 --hitcount 3 -j SET --add-set ss_rules_dst_forward_recentrst_ dst --exist - -A ss_rules_${rule}_dst -m set --match-set ss_rules_dst_forward_recentrst_ dst -j ss_rules_${rule}_forward + -A ssr_${rule}_dst -m recent --name ss_rules_recentrst --rcheck --rdest --seconds 3 --hitcount 3 -j SET --add-set ss_rules_dst_forward_recentrst_ dst --exist + -A ssr_${rule}_dst -m set --match-set ss_rules_dst_forward_recentrst_ dst -j ssr_${rule}_forward " fi ;; udp) ip rule add fwmark 1 lookup 100 ip route add local default dev lo table 100 - forward_rules="-A ss_rules_${rule}_forward -p udp -j TPROXY --on-port "$o_redir_udp_port" --tproxy-mark 0x01/0x01" + forward_rules="-A ssr_${rule}_forward -p udp -j TPROXY --on-port "$o_redir_udp_port" --tproxy-mark 0x01/0x01" ;; esac case "$o_src_default" in - forward) src_default_target=ss_rules_${rule}_forward ;; - checkdst) src_default_target=ss_rules_${rule}_dst ;; + forward) src_default_target=ssr_${rule}_forward ;; + checkdst) src_default_target=ssr_${rule}_dst ;; bypass|*) src_default_target=RETURN ;; esac case "$o_dst_default" in - forward) dst_default_target=ss_rules_${rule}_forward ;; + forward) dst_default_target=ssr_${rule}_forward ;; bypass|*) dst_default_target=RETURN ;; esac sed -e '/^\s*$/d' -e 's/^\s\+//' <<-EOF | iptables-restore -w --noflush *$table - :ss_rules_${rule}_pre_src - - :ss_rules_${rule}_src - - :ss_rules_${rule}_dst - - :ss_rules_${rule}_forward - + :ssr_${rule}_pre_src - + :ssr_${rule}_src - + :ssr_${rule}_dst - + :ssr_${rule}_forward - $(ss_rules_iptchains_mkprerules "$proto") - -A ss_rules_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_ dst -j RETURN - -A ss_rules_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-mark 0x539 - -A ss_rules_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j RETURN - -A ss_rules_${rule}_pre_src -m set --match-set ss_rules_dst_bypass dst -j RETURN - -A ss_rules_${rule}_pre_src -m mark --mark 0x539 -j RETURN - -A ss_rules_${rule}_dst -m set --match-set ss_rules_dst_bypass_all dst -j RETURN - -A ss_rules_${rule}_dst -m set --match-set ss_rules_dst_bypass dst -j RETURN - -A ss_rules_${rule}_pre_src -p $proto $o_ipt_extra -j ss_rules_${rule}_src - -A ss_rules_${rule}_src -m set --match-set ss_rules_src_bypass src -j RETURN - -A ss_rules_${rule}_src -m set --match-set ss_rules_src_forward src -j ss_rules_${rule}_forward - -A ss_rules_${rule}_src -m set --match-set ss_rules_src_checkdst src -j ss_rules_${rule}_dst - -A ss_rules_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default" - -A ss_rules_${rule}_dst -m set --match-set ss_rules_dst_forward dst -j ss_rules_${rule}_forward + -A ssr_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_ dst -j RETURN + -A ssr_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-mark 0x539 + -A ssr_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j RETURN + -A ssr_${rule}_pre_src -m set --match-set ss_rules_dst_bypass dst -j RETURN + -A ssr_${rule}_pre_src -m mark --mark 0x539 -j RETURN + -A ssr_${rule}_dst -m set --match-set ss_rules_dst_bypass_all dst -j RETURN + -A ssr_${rule}_dst -m set --match-set ss_rules_dst_bypass dst -j RETURN + -A ssr_${rule}_pre_src -p $proto $o_ipt_extra -j ssr_${rule}_src + -A ssr_${rule}_src -m set --match-set ss_rules_src_bypass src -j RETURN + -A ssr_${rule}_src -m set --match-set ss_rules_src_forward src -j ssr_${rule}_forward + -A ssr_${rule}_src -m set --match-set ss_rules_src_checkdst src -j ssr_${rule}_dst + -A ssr_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default" + -A ssr_${rule}_dst -m set --match-set ss_rules_dst_forward dst -j ssr_${rule}_forward $recentrst_addset_rules - -A ss_rules_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default" + -A ssr_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default" $forward_rules COMMIT $recentrst_mangle_rules @@ -273,11 +273,11 @@ ss_rules_iptchains_mkprerules() { local proto="$1" if [ -z "$o_ifnames" ]; then - echo "-I PREROUTING 1 -p $proto -j ss_rules_${rule}_pre_src" + echo "-I PREROUTING 1 -p $proto -j ssr_${rule}_pre_src" else echo $o_ifnames \ | tr ' ' '\n' \ - | sed "s/.*/-I PREROUTING 1 -i \\0 -p $proto -j ss_rules_${rule}_pre_src/" + | sed "s/.*/-I PREROUTING 1 -i \\0 -p $proto -j ssr_${rule}_pre_src/" fi } diff --git a/shadowsocks-libev/files/ss-rules6 b/shadowsocks-libev/files/ss-rules6 index 6ac5ce3c9..729f496c3 100755 --- a/shadowsocks-libev/files/ss-rules6 +++ b/shadowsocks-libev/files/ss-rules6 @@ -105,7 +105,7 @@ ss_rules6_parse_args() { ss_rules6_flush() { local setname - ip6tables-save --counters | grep -v ss_rules6_ | ip6tables-restore -w --counters + ip6tables-save --counters | grep -v ssr6_ | ip6tables-restore -w --counters while ip -f inet6 rule del fwmark 1 lookup 100 2>/dev/null; do true; done ip -f inet6 route flush table 100 || true for setname in $(ipset -n list | grep "ss_rules6_"); do @@ -165,20 +165,20 @@ ss_rules6_iptchains_init_tcp() { ss_rules6_iptchains_init_ nat tcp case "$o_local_default" in - checkdst) local_target=ss_rules6_${rule}_dst ;; - forward) local_target=ss_rules6_${rule}_forward ;; + checkdst) local_target=ssr6_${rule}_dst ;; + forward) local_target=ssr6_${rule}_forward ;; bypass|*) return 0;; esac ip6tables-restore -w --noflush <<-EOF *nat - :ss_rules6_${rule}_local_out - - -I OUTPUT 1 -p tcp -j ss_rules6_${rule}_local_out - -A ss_rules6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass dst -j RETURN - -A ss_rules6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN - -A ss_rules6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN - -A ss_rules6_${rule}_local_out -m mark --mark 0x6539 -j RETURN - -A ss_rules6_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default" + :ssr6_${rule}_local_out - + -I OUTPUT 1 -p tcp -j ssr6_${rule}_local_out + -A ssr6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass dst -j RETURN + -A ssr6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN + -A ssr6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN + -A ssr6_${rule}_local_out -m mark --mark 0x6539 -j RETURN + -A ssr6_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default" COMMIT EOF } @@ -197,7 +197,7 @@ ss_rules6_iptchains_init_() { case "$proto" in tcp) - forward_rules="-A ss_rules6_${rule}_forward -p tcp -j REDIRECT --to-ports $o_redir_tcp_port" + forward_rules="-A ssr6_${rule}_forward -p tcp -j REDIRECT --to-ports $o_redir_tcp_port" if [ -n "$o_dst_forward_recentrst" ]; then recentrst_mangle_rules=" *mangle @@ -205,48 +205,48 @@ ss_rules6_iptchains_init_() { COMMIT " recentrst_addset_rules=" - -A ss_rules6_${rule}_dst -m recent --name ss_rules6_recentrst --rcheck --rdest --seconds 3 --hitcount 3 -j SET --add-set ss_rules6_dst_forward_recrst_ dst --exist - -A ss_rules6_${rule}_dst -m set --match-set ss_rules6_dst_forward_recrst_ dst -j ss_rules6_${rule}_forward + -A ssr6_${rule}_dst -m recent --name ss_rules6_recentrst --rcheck --rdest --seconds 3 --hitcount 3 -j SET --add-set ss_rules6_dst_forward_recrst_ dst --exist + -A ssr6_${rule}_dst -m set --match-set ss_rules6_dst_forward_recrst_ dst -j ssr6_${rule}_forward " fi ;; udp) ip -f inet6 rule add fwmark 1 lookup 100 ip -f inet6 route add local default dev lo table 100 - forward_rules="-A ss_rules6_${rule}_forward -p udp -j TPROXY --on-port "$o_redir_udp_port" --tproxy-mark 0x01/0x01" + forward_rules="-A ssr6_${rule}_forward -p udp -j TPROXY --on-port "$o_redir_udp_port" --tproxy-mark 0x01/0x01" ;; esac case "$o_src_default" in - forward) src_default_target=ss_rules6_${rule}_forward ;; - checkdst) src_default_target=ss_rules6_${rule}_dst ;; + forward) src_default_target=ssr6_${rule}_forward ;; + checkdst) src_default_target=ssr6_${rule}_dst ;; bypass|*) src_default_target=RETURN ;; esac case "$o_dst_default" in - forward) dst_default_target=ss_rules6_${rule}_forward ;; + forward) dst_default_target=ssr6_${rule}_forward ;; bypass|*) dst_default_target=RETURN ;; esac sed -e '/^\s*$/d' -e 's/^\s\+//' <<-EOF | ip6tables-restore -w --noflush *$table - :ss_rules6_${rule}_pre_src - - :ss_rules6_${rule}_src - - :ss_rules6_${rule}_dst - - :ss_rules6_${rule}_forward - + :ssr6_${rule}_pre_src - + :ssr6_${rule}_src - + :ssr6_${rule}_dst - + :ssr6_${rule}_forward - $(ss_rules6_iptchains_mkprerules "$proto") - -A ss_rules6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN - -A ss_rules6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j MARK --set-mark 0x6539 - -A ss_rules6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN - -A ss_rules6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass dst -j RETURN - -A ss_rules6_${rule}_pre_src -m mark --mark 0x6539 -j RETURN - -A ss_rules6_${rule}_dst -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN - -A ss_rules6_${rule}_dst -m set --match-set ss_rules6_dst_bypass dst -j RETURN - -A ss_rules6_${rule}_pre_src -p $proto $o_ipt_extra -j ss_rules6_${rule}_src - -A ss_rules6_${rule}_src -m set --match-set ss_rules6_src_bypass src -j RETURN - -A ss_rules6_${rule}_src -m set --match-set ss_rules6_src_forward src -j ss_rules6_${rule}_forward - -A ss_rules6_${rule}_src -m set --match-set ss_rules6_src_checkdst src -j ss_rules6_${rule}_dst - -A ss_rules6_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default" - -A ss_rules6_${rule}_dst -m set --match-set ss_rules6_dst_forward dst -j ss_rules6_${rule}_forward + -A ssr6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN + -A ssr6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j MARK --set-mark 0x6539 + -A ssr6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN + -A ssr6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass dst -j RETURN + -A ssr6_${rule}_pre_src -m mark --mark 0x6539 -j RETURN + -A ssr6_${rule}_dst -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN + -A ssr6_${rule}_dst -m set --match-set ss_rules6_dst_bypass dst -j RETURN + -A ssr6_${rule}_pre_src -p $proto $o_ipt_extra -j ssr6_${rule}_src + -A ssr6_${rule}_src -m set --match-set ss_rules6_src_bypass src -j RETURN + -A ssr6_${rule}_src -m set --match-set ss_rules6_src_forward src -j ssr6_${rule}_forward + -A ssr6_${rule}_src -m set --match-set ss_rules6_src_checkdst src -j ssr6_${rule}_dst + -A ssr6_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default" + -A ssr6_${rule}_dst -m set --match-set ss_rules6_dst_forward dst -j ssr6_${rule}_forward $recentrst_addset_rules - -A ss_rules6_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default" + -A ssr6_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default" $forward_rules COMMIT $recentrst_mangle_rules @@ -257,11 +257,11 @@ ss_rules6_iptchains_mkprerules() { local proto="$1" if [ -z "$o_ifnames" ]; then - echo "-I PREROUTING 1 -p $proto -j ss_rules6_${rule}_pre_src" + echo "-I PREROUTING 1 -p $proto -j ssr6_${rule}_pre_src" else echo $o_ifnames \ | tr ' ' '\n' \ - | sed "s/.*/-I PREROUTING 1 -i \\0 -p $proto -j ss_rules6_${rule}_pre_src/" + | sed "s/.*/-I PREROUTING 1 -i \\0 -p $proto -j ssr6_${rule}_pre_src/" fi } From 0bcf2090ecbb1dbf79c6225d48d79653c9fe5e3a Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 25 Aug 2020 09:23:16 +0200 Subject: [PATCH 09/12] Increase modem delay --- openmptcprouter/files/etc/uci-defaults/2090-omr-wwan | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/openmptcprouter/files/etc/uci-defaults/2090-omr-wwan b/openmptcprouter/files/etc/uci-defaults/2090-omr-wwan index f5e17afa7..42d8f2555 100755 --- a/openmptcprouter/files/etc/uci-defaults/2090-omr-wwan +++ b/openmptcprouter/files/etc/uci-defaults/2090-omr-wwan @@ -3,8 +3,9 @@ if [ "$(grep usbmode /etc/rc.local)" = "" ]; then sed -i 's:exit 0::g' /etc/rc.local cat <<-EOF >> /etc/rc.local + /bin/sleep 5 /sbin/usbmode -l - /bin/sleep 2 + /bin/sleep 3 /sbin/usbmode -s exit 0 EOF From ae8782fdfafa3b63017e35fd2794de6a21b90994 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Tue, 25 Aug 2020 09:24:56 +0200 Subject: [PATCH 10/12] Fix when empty wan IP in the wizard --- .../luasrc/controller/openmptcprouter.lua | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua b/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua index de58350a4..1078051d6 100644 --- a/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua +++ b/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua @@ -221,9 +221,15 @@ function wizard_add() ucic:set("network",intf,"proto",proto) end ucic:set("network",intf,"label",label) - ucic:set("network",intf,"ipaddr",ipaddr) - ucic:set("network",intf,"netmask",netmask) - ucic:set("network",intf,"gateway",gateway) + if ipaddr ~= "" then + ucic:set("network",intf,"ipaddr",ipaddr) + ucic:set("network",intf,"netmask",netmask) + ucic:set("network",intf,"gateway",gateway) + else + ucic:set("network",intf,"ipaddr","") + ucic:set("network",intf,"netmask","") + ucic:set("network",intf,"gateway","") + end ucic:delete("openmptcprouter",intf,"lc") ucic:save("openmptcprouter") From 296af67c77c07b14258fe24603fa639d9c37f3bc Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 26 Oct 2020 13:48:13 +0100 Subject: [PATCH 11/12] Fix github actions --- .github/workflows/main.yml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e85491615..5730f182a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -44,13 +44,7 @@ jobs: GITHUB_WORKSPACE: ${{ steps.branch_name.outputs.WORKSPACE }} run: | git clone --depth 1 $REPO_URL omr - cd omr - if [ "$SOURCE_NAME" != "Test-Github-Actions" ] && [ "$SOURCE_NAME" != "develop" ]; then - git fetch - git checkout master - else - git checkout develop - fi + [ "$SOURCE_NAME" != "develop" ] && { cd omr && pwd && git fetch && git checkout master } || { cd omr && git checkout develop } git pull pwd - name: Build toolchain From 5b09977ac4198086357cc312d2f8487c9e32881a Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 26 Oct 2020 13:55:09 +0100 Subject: [PATCH 12/12] Fix github actions --- .github/workflows/main.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 5730f182a..8ebdbeb63 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -43,8 +43,16 @@ jobs: SOURCE_NAME: ${{ steps.branch_name.outputs.SOURCE_NAME }} GITHUB_WORKSPACE: ${{ steps.branch_name.outputs.WORKSPACE }} run: | - git clone --depth 1 $REPO_URL omr - [ "$SOURCE_NAME" != "develop" ] && { cd omr && pwd && git fetch && git checkout master } || { cd omr && git checkout develop } + git clone $REPO_URL omr + if [ "$SOURCE_NAME" != "develop" ]; then + cd omr + pwd + git fetch + git checkout master + else + cd omr + git checkout develop + fi git pull pwd - name: Build toolchain