mptcp/openmptcprouter-feeds
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-feeds.git synced 2025-03-09 15:40:03 +00:00
Code Issues Releases Wiki Activity

fix iptebles6

Browse source
This commit is contained in:
suyuan168 2022-04-15 14:41:11 +08:00
parent a6bfb8bc49
commit 1aba5f5842
7 changed files with 0 additions and 473 deletions
Download patch file Download diff file Expand all files Collapse all files

45
6in4/Makefile
View file

@ -1,45 +0,0 @@
#
# Copyright (C) 2010-2015 OpenWrt.org
# Copyright (C) 2018-2019 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
# - Added gateway setting
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=6in4
PKG_VERSION:=270
PKG_RELEASE:=2
PKG_LICENSE:=GPL-2.0
include $(INCLUDE_DIR)/package.mk
define Package/6in4
SECTION:=net
CATEGORY:=Network
DEPENDS:=@IPV6 +kmod-sit +uclient-fetch
TITLE:=IPv6-in-IPv4 configuration support
MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
PKGARCH:=all
endef
define Package/6in4/description
Provides support for 6in4 tunnels in /etc/config/network.
Refer to http://wiki.openwrt.org/doc/uci/network for
configuration details.
endef
define Build/Compile
endef
define Build/Configure
endef
define Package/6in4/install
$(INSTALL_DIR) $(1)/lib/netifd/proto
$(INSTALL_BIN) ./files/6in4.sh $(1)/lib/netifd/proto/6in4.sh
endef
$(eval $(call BuildPackage,6in4))

149
6in4/files/6in4.sh
View file

@ -1,149 +0,0 @@
#!/bin/sh
# 6in4.sh - IPv6-in-IPv4 tunnel backend
# Copyright (c) 2010-2015 OpenWrt.org
[ -n "$INCLUDE_ONLY" ] || {
. /lib/functions.sh
. /lib/functions/network.sh
. ../netifd-proto.sh
init_proto "$@"
}
proto_6in4_update() {
sh -c '
timeout=5
(while [ $((timeout--)) -gt 0 ]; do
sleep 1
kill -0 $$ || exit 0
done; kill -9 $$) 2>/dev/null &
exec "$@"
' "$1" "$@"
}
proto_6in4_add_prefix() {
append "$3" "$1"
}
proto_6in4_setup() {
local cfg="$1"
local iface="$2"
local link="6in4-$cfg"
local mtu ttl tos ipaddr peeraddr ip6addr ip6prefix ip6prefixes tunlink tunnelid username password updatekey gateway
json_get_vars mtu ttl tos ipaddr peeraddr ip6addr tunlink tunnelid username password updatekey gateway
json_for_each_item proto_6in4_add_prefix ip6prefix ip6prefixes
[ -z "$peeraddr" ] && {
proto_notify_error "$cfg" "MISSING_ADDRESS"
proto_block_restart "$cfg"
return
}
[ -n "$tunlink" ] && ( proto_add_host_dependency "$cfg" "$peeraddr" "$tunlink" )
[ -z "$ipaddr" ] && {
local wanif="$tunlink"
if [ -z "$wanif" ] && ! network_find_wan wanif; then
proto_notify_error "$cfg" "NO_WAN_LINK"
return
fi
if ! network_get_ipaddr ipaddr "$wanif"; then
proto_notify_error "$cfg" "NO_WAN_LINK"
return
fi
}
proto_init_update "$link" 1
[ -n "$ip6addr" ] && {
local local6="${ip6addr%%/*}"
local mask6="${ip6addr##*/}"
[[ "$local6" = "$mask6" ]] && mask6=
proto_add_ipv6_address "$local6" "$mask6"
proto_add_ipv6_route "::" 0 "" "" "" "$local6/$mask6"
}
[ -n "$gateway" ] && {
proto_add_ipv6_route "::" 0 "$gateway"
}
for ip6prefix in $ip6prefixes; do
proto_add_ipv6_prefix "$ip6prefix"
proto_add_ipv6_route "::" 0 "" "" "" "$ip6prefix"
done
proto_add_tunnel
json_add_string mode sit
json_add_int mtu "${mtu:-1280}"
json_add_int ttl "${ttl:-64}"
[ -n "$tos" ] && json_add_string tos "$tos"
json_add_string local "$ipaddr"
json_add_string remote "$peeraddr"
[ -n "$tunlink" ] && json_add_string link "$tunlink"
proto_close_tunnel
proto_send_update "$cfg"
[ -n "$tunnelid" -a -n "$username" -a \( -n "$password" -o -n "$updatekey" \) ] && {
[ -n "$updatekey" ] && password="$updatekey"
local http="http"
local urlget="uclient-fetch"
local urlget_opts="-qO-"
local ca_path="${SSL_CERT_DIR:-/etc/ssl/certs}"
[ -f /lib/libustream-ssl.so ] && http=https
[ "$http" = "https" -a -z "$(find $ca_path -name "*.0" 2>/dev/null)" ] && {
urlget_opts="$urlget_opts --no-check-certificate"
}
local url="$http://ipv4.tunnelbroker.net/nic/update?hostname=$tunnelid"
local try=0
local max=3
(
set -o pipefail
while [ $((++try)) -le $max ]; do
if proto_6in4_update $urlget $urlget_opts --user="$username" --password="$password" "$url" 2>&1 | \
sed -e 's,^Killed$,timeout,' -e "s,^,update $try/$max: ," | \
logger -t "$link";
then
logger -t "$link" "updated"
return 0
fi
sleep 5
done
logger -t "$link" "update failed"
)
}
}
proto_6in4_teardown() {
local cfg="$1"
}
proto_6in4_init_config() {
no_device=1
available=1
proto_config_add_string "ipaddr"
proto_config_add_string "ip6addr"
proto_config_add_array "ip6prefix"
proto_config_add_string "peeraddr"
proto_config_add_string "tunlink"
proto_config_add_string "tunnelid"
proto_config_add_string "username"
proto_config_add_string "password"
proto_config_add_string "updatekey"
proto_config_add_string "gateway"
proto_config_add_int "mtu"
proto_config_add_int "ttl"
proto_config_add_string "tos"
}
[ -n "$INCLUDE_ONLY" ] || {
add_protocol 6in4
}

33
omr-6in4/Makefile
View file

@ -1,33 +0,0 @@
#
# Copyright (C) 2018-2019 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=omr-6in4
PKG_VERSION:=0.4
PKG_RELEASE:=1
include $(INCLUDE_DIR)/package.mk
define Package/$(PKG_NAME)
SECTION:=OMR
CATEGORY:=OpenMPTCProuter
TITLE:=OpenMPTCProuter 6in4
endef
define Package/$(PKG_NAME)/description
OpenMPTCProuter 6in4 package
endef
define Build/Compile
endef
define Package/$(PKG_NAME)/install
$(CP) ./files/* $(1)/
endef
$(eval $(call BuildPackage,$(PKG_NAME)))

67
omr-6in4/files/bin/omr-6in4
View file

@ -1,67 +0,0 @@
#!/bin/sh
# Copyright (C) 2018-2019 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
while true; do
if [ "$(uci -q get glorytun.vpn.enable)" = "1" ]; then
iface=$(uci -q get glorytun.vpn.dev)
addr=$(uci -q get glorytun.vpn.localip)
peer=$(uci -q get glorytun.vpn.remoteip)
elif [ "$(uci -q get glorytun-udp.vpn.enable)" = "1" ]; then
iface=$(uci -q get glorytun-udp.vpn.dev)
addr=$(uci -q get glorytun-udp.vpn.localip)
peer=$(uci -q get glorytun-udp.vpn.remoteip)
elif [ "$(uci -q get dsvpn.vpn.enable)" = "1" ]; then
iface=$(uci -q get dsvpn.vpn.dev)
addr=$(uci -q get dsvpn.vpn.localip)
peer=$(uci -q get dsvpn.vpn.remoteip)
elif [ "$(uci -q get mlvpn.general.enable)" = "1" ]; then
iface=$(uci -q get mlvpn.general.interface_name)
elif [ "$(uci -q get openvpn.omr.enabled)" = "1" ]; then
iface=$(uci -q get openvpn.omr.dev)
fi
[ -z "$addr" ] && addr=$(ubus call network.interface.omrvpn status | jsonfilter -q -e '@["ipv4-address"][0].address' | tr -d "\n")
if [ -n "$iface" ] && [ -d "/sys/class/net/$iface" ]; then
[ -z "$addr" ] && [ -n "$iface" ] && addr=$(ip -4 addr show dev $iface | grep inet | awk '{print $2}' | cut -d/ -f1 | tr -d "\n")
[ -z "$peer" ] && peer=$(ubus call network.interface.omrvpn status | jsonfilter -q -l 1 -e '@.route[@.target="0.0.0.0"].nexthop' | tr -d "\n")
[ -z "$peer" ] && peer=$(ip -4 r list dev $iface | grep via | grep -v default | grep -v metric | grep -v / | awk '{print $1; exit}' | tr -d "\n")
[ -z "$peer" ] && peer=$(ip -4 r list dev $iface | grep kernel | awk '/proto kernel/ {print $1}' | grep -v / | tr -d "\n")
[ -n "$addr" ] && [ -n "$peer" ] && {
if [ "$addr" != "$(uci -q get network.omr6in4.ipaddr)" ] || [ "$peer" != "$(uci -q get network.omr6in4.peeraddr)" ] || [ "$(ip -6 route show default | grep via)" = "" ]; then
logger -t "omr6in4" "Set network for OMR 6in4 to local $addr peer $peer"
uci -q batch <<-EOF
set network.omr6in4.ipaddr=$addr
set network.omr6in4.peeraddr=$peer
set network.omr6in4.metric=1
commit network
EOF
if [ -n "$(ip tunnel | grep omr6in4)" ]; then
ip tunnel change "6in4-omr6in4" mode sit local ${addr} remote ${peer} ttl 64 > /dev/null 2>&1
else
ifup omr6in4 > /dev/null 2>&1
fi
sleep 5
#ipv6_addr=$(ip -6 addr show dev 6in4-omr6in4 | grep inet | awk '{print $2'} | cut -d/ -f1 | tr -d "\n")
#ipv6_gw=$(echo $ipv6_addr | sed 's/1$/2')
ipv6_addr=$(ubus call network.interface.omr6in4 status | jsonfilter -q -l 1 -e '@["ipv6-address"][0].address' | tr -d "\n")
ip -6 addr add $ipv6_addr dev 6in4-omr6in4 > /dev/null 2>&1
ipv6_gw=$(ubus call network.interface.omr6in4 status | jsonfilter -q -l 1 -e '@.route[@.target="::"].nexthop' | tr -d "\n")
[ "$ipv6_gw" = "::" ] && ipv6_gw='fe80::a00:1'
[ -z "$ipv6_gw" ] && ipv6_gw='fe80::a00:1'
#[ -z "$ipv6_gw" ] && ipv6_gw='fe80::aff:ff01'
ip -6 route add ${ipv6_gw} dev 6in4-omr6in4 > /dev/null 2>&1
ip -6 route 2002::/16 dev 6in4-omr6in4 > /dev/null 2>&1
ip -6 route replace default via ${ipv6_gw} dev 6in4-omr6in4 metric 1 > /dev/null 2>&1
if [ "$(uci -q get openmptcprouter.settings.uci_route)" = "1" ]; then
uci -q batch <<-EOF
set network.omr6in4_route6_default=route6
set network.omr6in4_route6_default.interface=omr6in4
set network.omr6in4_route6_default.target='::'
set network.omr6in4_route6_default.gateway=$ipv6_gw
commit network
EOF
fi
fi
}
fi
sleep 10
done

136
omr-6in4/files/etc/init.d/omr-6in4
View file

@ -1,136 +0,0 @@
#!/bin/sh /etc/rc.common
# Copyright (C) 2018 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
# shellcheck disable=SC2039
# vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
# shellcheck disable=SC2034
{
START=99
STOP=10
USE_PROCD=1
}
set_shadowsocks_address() {
uci -q set shadowsocks-libev.$1.local_address="$2"
}
set_ipv6_state() {
local disable_ipv6="$(uci -q get openmptcprouter.settings.disable_ipv6)"
[ -z "$disable_ipv6" ] && disable_ipv6="1"
#previous=$(sysctl -qn net.ipv6.conf.all.disable_ipv6 | tr -d "\n")
previous="$(uci -q get network.lan.ipv6)"
#sysctl -qw net.ipv6.conf.all.disable_ipv6=$disable_ipv6
#sed -i "s:^net.ipv6.conf.all.disable_ipv6=[0-9]*:net.ipv6.conf.all.disable_ipv6=$disable_ipv6:" /etc/sysctl.d/zzz_openmptcprouter.conf
sed -i "s:^net.ipv6.conf.all.disable_ipv6=[0-9]*::" /etc/sysctl.d/zzz_openmptcprouter.conf
sysctl -qw net.ipv6.conf.all.disable_ipv6=0
uci -q batch <<-EOF >/dev/null
set firewall.@defaults[0].disable_ipv6=$disable_ipv6
commit firewall
EOF
if [ "$disable_ipv6" == "1" ]; then
logger -t "omr-6in4" "Disable IPv6"
uci -q batch <<-EOF >/dev/null
set dhcp.lan.ra_default="0"
set network.lan.ipv6="0"
delete network.lan.ipv6
delete dhcp.lan.dhcpv6
delete dhcp.lan.ra
delete dhcp.lan.ra_default
delete dhcp.lan.ra_management
delete dhcp.lan.ra_preference
unbound.ub_main.protocol='ip4_only'
commit unbound
del_list v2ray.main.inbounds="omr6"
commit v2ray
EOF
config_load shadowsocks-libev
config_foreach set_shadowsocks_address ss_redir "0.0.0.0"
uci -q batch <<-EOF >/dev/null
commit network
commit dhcp
commit shadowsocks-libev
EOF
[ ! -f /etc/wgetrc ] && cp /etc/wgetrc4 /etc/wgetrc
else
logger -t "omr-6in4" "Enable IPv6"
uci -q batch <<-EOF >/dev/null
set dhcp.lan.dhcpv6="server"
set dhcp.lan.ra="server"
set dhcp.lan.ra_default="1"
set dhcp.lan.ra_preference="high"
set dhcp.lan.ra_management="1"
delete dhcp.lan.ra_flags
add_list dhcp.lan.ra_flags='managed-config'
set dhcp.lan.ra_slaac='1'
add_list dhcp.lan.ra_flags='other-config'
set network.lan.ipv6="1"
set network.lan.delegate="0"
set network.omr6in4.force_link=1
set network.omr6in4.metric=1
delete network.omr6in4.auto
unbound.ub_main.protocol='mixed'
commit unbound
EOF
if [ "$(uci -q get network.lan.ip6assign)" = "" ]; then
uci -q set network.lan.ip6assign='60'
fi
if [ "$(uci -q get network.globals.ula_prefix)" = "" ]; then
r1=$(dd if=/dev/urandom bs=1 count=1 |hexdump -e '1/1 "%02x"')
r2=$(dd if=/dev/urandom bs=2 count=1 |hexdump -e '2/1 "%02x"')
r3=$(dd if=/dev/urandom bs=2 count=1 |hexdump -e '2/1 "%02x"')
uci -q set network.globals.ula_prefix=fd$r1:$r2:$r3::/48
fi
config_load shadowsocks-libev
config_foreach set_shadowsocks_address ss_redir "::"
uci -q batch <<-EOF >/dev/null
commit network
commit dhcp
commit shadowsocks-libev
EOF
/etc/init.d/shadowsocks-libev restart
if [ "$(uci -q get v2ray.main.inbounds | grep omr6)" = "" ]; then
uci -q batch <<-EOF >/dev/null
add_list v2ray.main.inbounds="omr6"
commit v2ray
EOF
/etc/init.d/v2ray restart
fi
rm -f /etc/wgetrc
fi
/etc/init.d/odhcpd restart
if [ "$previous" != "1" ]; then
env -i /bin/ubus call network reload
fi
}
start_service() {
[ "$(uci -q get openmptcprouter.settings.disable_ipv6)" != "1" ] && [ "$(uci -q get network.lan.ipv6)" != "1" ] && set_ipv6_state
[ "$(uci -q get openmptcprouter.settings.disable_ipv6)" != "0" ] && {
ifdown omr6in4
/etc/init.d/odhcpd stop
return
}
[ "$(ifstatus omr6in4 | jsonfilter -e '@.up' | tr -d '\n')" != "true" ] && ifup omr6in4
multipath 6in4-omr6in4 off 2>&1 >/dev/null
procd_open_instance
# shellcheck disable=SC2086
procd_set_param command /bin/omr-6in4
procd_set_param limits nofile="51200 51200"
procd_set_param respawn 0 10 0
procd_set_param stderr 1
procd_close_instance
}
service_triggers() {
procd_add_reload_trigger "openmptcprouter"
}
reload_service() {
stop
start
}

42
omr-6in4/files/etc/uci-defaults/9010-omr-6in4
View file

@ -1,42 +0,0 @@
#!/bin/sh
. /lib/functions.sh
if [ "$(uci -q show network | grep omr6in4)" = "" ]; then
uci -q batch <<-EOF >/dev/null
set network.omr6in4=interface
set network.omr6in4.proto=6in4
set network.omr6in4.ip4table=vpn
set network.omr6in4.multipath=off
set network.omr6in4.ipaddr=10.255.255.2
set network.omr6in4.peeraddr=10.255.255.1
set network.omr6in4.gateway=fe80::a00:1
set network.omr6in4.ip6addr='fe80::a00:2/128'
set network.omr6in4.auto='0'
commit network
EOF
fi
if [ "$(uci -q get ucitrack.@network[-1].affects | grep omr6in4)" = "" ]; then
uci -q batch <<-EOF >/dev/null
add_list ucitrack.@network[-1].affects=omr6in4
commit ucitrack
EOF
fi
if [ "$(uci -q get network.omr6in4.ip6addr)" = "" ]; then
uci -q batch <<-EOF >/dev/null
set network.omr6in4.ip6addr=fe80::a00:2
commit network
EOF
fi
if [ "$(uci -q get firewall.zone_vpn.network | grep omr6in4)" = "" ]; then
uci -q batch <<-EOF >/dev/null
add_list firewall.zone_vpn.network=omr6in4
commit firewall
EOF
fi
rm -f /tmp/luci-indexcache
exit 0

1
openmptcprouter-full/Makefile
View file

@ -44,7 +44,6 @@ MY_DEPENDS := \
luci-mod-rpc rpcd-mod-rpcsys rpcd-mod-file rpcd-mod-iwinfo \ luci-mod-rpc rpcd-mod-rpcsys rpcd-mod-file rpcd-mod-iwinfo \
luci-app-openvpn \ luci-app-openvpn \
shadowsocks-libev-ss-server shadowsocks-libev-ss-tunnel \ shadowsocks-libev-ss-server shadowsocks-libev-ss-tunnel \
omr-6in4 ip6tables-mod-nat luci-proto-ipv6 6to4 6in4 6rd ip6tables \
iftop \ iftop \
htop \ htop \
nano \ nano \