sync (#578)

mptcp/files/etc/hotplug.d/iface/30-mptcp

@@ -1,15 +1,15 @@
 #!/bin/sh
-[ "$ACTION" = ifup -o "$ACTION" = ifupdate -o "$ACTION" = ifdown -o "$ACTION" = iflink ] || exit 0
+[ "$ACTION" = ifup -o "$ACTION" = ifupdate -o "$ACTION" = ifdown -o "$ACTION" = iflink -o "$ACTION" = link-up -o "$ACTION" = link-down ] || exit 0
 #[ "$ACTION" = ifupdate -a -z "$IFUPDATE_ADDRESSES" -a -z "$IFUPDATE_DATA" ] && exit 0
 
 
 /etc/init.d/mptcp enabled || exit 0
 
 
-if [ "$ACTION" = ifupdate -o "$ACTION" = iflink ] && [ -z "$(echo $DEVICE | grep oip | grep gre)" ] && [ -n "$(uci -q get network.$INTERFACE.multipath)" ] && [ "$(uci -q get network.$INTERFACE.multipath)" != "off" ]; then
+if [ "$ACTION" = ifup -o "$ACTION" = ifupdate -o "$ACTION" = iflink  -o "$ACTION" = link-up ] && [ -z "$(echo $DEVICE | grep oip | grep gre)" ] && [ -n "$(uci -q get network.$INTERFACE.multipath)" ] && [ "$(uci -q get network.$INTERFACE.multipath)" != "off" ]; then
 	logger -t "mptcp" "Reloading mptcp config due to $ACTION of $INTERFACE ($DEVICE)"
 	/etc/init.d/mptcp reload "$DEVICE" >/dev/null || exit 0
-elif [ "$ACTION" = ifdown ]; then
+elif [ "$ACTION" = ifdown -o "$ACTION" = link-down ]; then
 	multipath $DEVICE off 2>&1 >/dev/null || exit 0
 fi
 

omr-bypass/files/etc/init.d/omr-bypass-nft

@@ -435,39 +435,39 @@ _bypass_proto_without_ndpi() {
 		if [ -n "$ALLIPS" ]; then
 			if [ "$vpn" != "1" ]; then
 				uci -q batch <<-EOF >/dev/null
-					set firewall.bypass_$proto=ipset
-					set firewall.bypass_$proto.name="bypass_$proto"
-					set firewall.bypass_$proto.match='dest_net'
-					set firewall.bypass_$proto.family='ipv4'
-					set firewall.bypass_$proto.enabled='1'
-					set firewall.bypass_$proto_rule=rule
-					set firewall.bypass_$proto_rule.name="bypass_$proto_rule"
-					set firewall.bypass_$proto_rule.src='lan'
-					set firewall.bypass_$proto_rule.proto='all'
-					set firewall.bypass_$proto_rule.dest='*'
-					set firewall.bypass_$proto_rule.family='ipv4'
-					set firewall.bypass_$proto_rule.target='MARK'
-					set firewall.bypass_$proto_rule.ipset="bypass_$proto"
-					set firewall.bypass_$proto_rule.enabled='1'
-					set firewall.bypass_$proto_rule.set_xmark="0x4539${intfid}"
+					set firewall.bypass_${proto}=ipset
+					set firewall.bypass_${proto}.name="bypass_${proto}"
+					set firewall.bypass_${proto}.match='dest_net'
+					set firewall.bypass_${proto}.family='ipv4'
+					set firewall.bypass_${proto}.enabled='1'
+					set firewall.bypass_${proto}_rule=rule
+					set firewall.bypass_${proto}_rule.name="bypass_${proto}_rule"
+					set firewall.bypass_${proto}_rule.src='lan'
+					set firewall.bypass_${proto}_rule.proto='all'
+					set firewall.bypass_${proto}_rule.dest='*'
+					set firewall.bypass_${proto}_rule.family='ipv4'
+					set firewall.bypass_${proto}_rule.target='MARK'
+					set firewall.bypass_${proto}_rule.ipset="bypass_${proto}"
+					set firewall.bypass_${proto}_rule.enabled='1'
+					set firewall.bypass_${proto}_rule.set_xmark="0x4539${intfid}"
 					commit firewall
 				EOF
 				uci -q batch <<-EOF >/dev/null
-					set firewall.bypass6_$proto=ipset
-					set firewall.bypass6_$proto.name="bypass6_$proto"
-					set firewall.bypass6_$proto.match='dest_net'
-					set firewall.bypass6_$proto.family='ipv6'
-					set firewall.bypass6_$proto.enabled='1'
-					set firewall.bypass6_$proto_rule=rule
-					set firewall.bypass6_$proto_rule.name="bypass6_$proto_rule"
-					set firewall.bypass6_$proto_rule.src='lan'
-					set firewall.bypass6_$proto_rule.family='ipv6'
-					set firewall.bypass6_$proto_rule.dest='*'
-					set firewall.bypass6_$proto_rule.proto='all'
-					set firewall.bypass6_$proto_rule.target='MARK'
-					set firewall.bypass6_$proto_rule.set_xmark="0x6539${intfid}"
-					set firewall.bypass6_$proto_rule.ipset="bypass6_$proto"
-					set firewall.bypass6_$proto_rule.enabled='1'
+					set firewall.bypass6_${proto}=ipset
+					set firewall.bypass6_${proto}.name="bypass6_${proto}"
+					set firewall.bypass6_${proto}.match='dest_net'
+					set firewall.bypass6_${proto}.family='ipv6'
+					set firewall.bypass6_${proto}.enabled='1'
+					set firewall.bypass6_${proto}_rule=rule
+					set firewall.bypass6_${proto}_rule.name="bypass6_${proto}_rule"
+					set firewall.bypass6_${proto}_rule.src='lan'
+					set firewall.bypass6_${proto}_rule.family='ipv6'
+					set firewall.bypass6_${proto}_rule.dest='*'
+					set firewall.bypass6_${proto}_rule.proto='all'
+					set firewall.bypass6_${proto}_rule.target='MARK'
+					set firewall.bypass6_${proto}_rule.set_xmark="0x6539${intfid}"
+					set firewall.bypass6_${proto}_rule.ipset="bypass6_${proto}"
+					set firewall.bypass6_${proto}_rule.enabled='1'
 					commit firewall
 				EOF
 				#if [ "$intfid" != "" ]; then
@@ -499,7 +499,7 @@ _bypass_proto_without_ndpi() {
 				if [ "$valid_ip4" = "ok" ]; then
 					if [ "$vpn" != "1" ]; then
 						#ipset -q add bypass_$proto $ip
-						uci -q add_list firewall.bypass_$proto.entry="$ip"
+						uci -q add_list firewall.bypass_${proto}.entry="$ip"
 					else
 						#ipset -q add omr_dst_bypass_$intf $ip
 						uci -q add_list firewall.omr_dst_bypass_${intf}_4.entry="$ip"
@@ -507,7 +507,7 @@ _bypass_proto_without_ndpi() {
 				elif [ "$valid_ip6" = "ok" ]; then
 					if [ "$vpn" != "1" ]; then
 						#ipset -q add bypass6_$proto $ip
-						uci -q add_list firewall.bypass6_$proto.entry=$ip
+						uci -q add_list firewall.bypass6_${proto}.entry=$ip
 					else
 						#ipset -q add omr6_dst_bypass_$intf $ip
 						uci -q add_list firewall.omr_dst_bypass_${intf}_6.entry="$ip"
@@ -864,7 +864,7 @@ _delete_dhcp_ipset() {
 }
 
 _delete_firewall_rules() {
-	([ -n "$(echo $1 | grep omr_dst_bypass)" ] || [ -n "$(echo $1 | grep omr6_dst_bypass)" ]) && {
+	([ -n "$(echo $1 | grep omr_dst_bypass)" ] || [ -n "$(echo $1 | grep omr6_dst_bypass)" ] || [ -n "$(echo $1 | grep bypass_)" ] || [ -n "$(echo $1 | grep bypass6_)" ]) && {
 		uci -q delete firewall.$1
 	}
 }
@@ -886,6 +886,7 @@ start_service() {
 
 	config_load dhcp
 	config_foreach _delete_dhcp_ipset ipset
+	uci -q delete dhcp.@dnsmasq[0].noipv6
 	#uci -q commit dhcp
 	config_load firewall
 	config_foreach _delete_firewall_rules rule

omr-schedule/files/usr/share/omr/schedule.d/010-services

@@ -158,9 +158,18 @@ set_lan_ips() {
 	[ -n "$(echo $device | grep -)" ] && uci -q set openmptcprouter.settings.restrict_to_lan="0" && uci commit openmptcprouter
 	uci -q del_list shadowsocks-libev.ss_rules.ifnames="$device"
 	uci -q del_list shadowsocks-rust.ss_rules.ifnames="$device"
+	uci -q del_list unbound.ub_main.iface_lan="$1"
+	uci -q del_list unbound.ub_main.iface_wan="$1"
+	uci -q del_list dhcp.@dnsmasq[0].interface="$1"
+	uci -q del_list dhcp.@dnsmasq[0].notinterface="$1"
 	if [ "$multipath" != "on" ] && [ "$multipath" != "master" ] && [ -n "$device" ] && [ -z "$(echo $device | grep @)" ] && ([ "$proto" = "dhcp" ] || [ "$proto" = "static" ]); then
 		uci -q add_list shadowsocks-libev.ss_rules.ifnames="$device"
 		uci -q add_list shadowsocks-rust.ss_rules.ifnames="$device"
+		uci -q add_list unbound.ub_main.iface_lan="$1"
+		uci -q add_list dhcp.@dnsmasq[0].interface="$1"
+	elif [ "$multipath" = "on" ] || [ "$multipath" = "master" ]; then
+		uci -q add_list unbound.ub_main.iface_wan="$1"
+		uci -q add_list dhcp.@dnsmasq[0].notinterface="$1"
 	fi
 }
 config_load network
@@ -168,15 +177,23 @@ config_foreach restart_omrtracker interface
 [ "$(uci -q get openmptcprouter.settings.restrict_to_lan)" = "1" ] && config_foreach set_lan_ips interface
 [ "$(uci -q get openmptcprouter.settings.restrict_to_lan)" = "0" ] && ([ -n "$(uci -q get shadowsocks-libev.ss_rules.ifnames)" ] || [ -n "$(uci -q get shadowsocks-rust.ss_rules.ifnames)" ]) && {
 	uci -q batch <<-EOF
-		delete shadowsocks-libev.ss_rules.ifnames="$device"
-		delete shadowsocks-rust.ss_rules.ifnames="$device"
+		delete shadowsocks-libev.ss_rules.ifnames
+		delete shadowsocks-rust.ss_rules.ifnames
+		delete unbound.ub_main.lan
+		delete unbound.ub_main.wan
+		delete dhcp.@dnsmasq[0].interface
+		delete dhcp.@dnsmasq[0].notinterface
 	EOF
 }
-[ -n "$(uci -q changes shadowsocks-libev)" ] && uci -q commit shadowsocks-libev.ss_rules
-[ -n "$(uci -q changes shadowsocks-rust)" ] && uci -q commit shadowsocks-rust.ss_rules
+[ -n "$(uci -q changes shadowsocks-libev)" ] && uci -q commit shadowsocks-libev
+[ -n "$(uci -q changes shadowsocks-rust)" ] && uci -q commit shadowsocks-rust
+[ -n "$(uci -q changes unbound)" ] && uci -q commit unbound
+[ -n "$(uci -q changes dhcp)" ] && uci -q commit dhcp
 multipath_fix() {
 	config_get multipath "$1" multipath
 	[ "$multipath" != "off" ] && return
+	config_get device "$1" device
+	{ "$(echo $device | grep '@')" ] && return
 	interface="$(ifstatus $1 | jsonfilter -q -e '@.l3_device' | tr -d '\n')"
 	[ -n "$interface" ] && [ -z "$(multipath $interface | grep deactivated)" ] && {
 		_log "Fix Multipath status on $1 ($interface)"
@@ -294,3 +311,6 @@ if [ "$(uci -q get openmptcprouter.latest_versions.lc)" = "" ] || [ $(($(date +"
 		uci -q commit openmptcprouter
 	}
 fi
+
+# Remove old hidden config files
+find /etc/config/ -mtime +1 -type f -name '\.*' -exec rm {} +

openmptcprouter/files/bin/blocklanfw

@@ -1,5 +1,7 @@
 #!/bin/sh
 
+[ -e /usr/sbin/nft ] && exit 0
+
 if [ -e /usr/sbin/iptables-legacy ]; then
 	IPTABLES="/usr/sbin/iptables-legacy"
 	IP6TABLES="/usr/sbin/ip6tables-legacy"

openmptcprouter/files/etc/firewall.omr-server

@@ -11,6 +11,6 @@ _enable_firewall_check() {
 logger -t "firewall.omr-server" "Firewall reload, set server part firewall reloading"
 config_load openmptcprouter
 config_foreach _enable_firewall_check server
-uci -q commit firewall
+[ -n "$(uci -q changes firewall)" ] && uci -q commit firewall
 #/etc/init.d/openmptcprouter-vps set_vps_firewall &
 /bin/blocklanfw 2>&1 >/dev/null