mptcp/openmptcprouter-feeds
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-feeds.git synced 2025-03-09 15:40:03 +00:00
Code Issues Releases Wiki Activity

Merge pull request #169 from Ysurac/develop

Browse source 
sync
This commit is contained in:
suyuan 2021-08-31 11:28:14 +08:00 committed by GitHub
commit 249a1af1bc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
17 changed files with 204 additions and 85 deletions
Download patch file Download diff file Expand all files Collapse all files

14
dsvpn/files/init
View file

@ -29,6 +29,16 @@ validate_section() {
'externalip:string:auto'
}
version_over_5_4() {
MAJOR_VERSION=$(uname -r | awk -F '.' '{print $1}')
MINOR_VERSION=$(uname -r | awk -F '.' '{print $2}')
if [ $MAJOR_VERSION -ge 5 ] && [ $MINOR_VERSION -gt 13 ] || [ $MAJOR_VERSION -gt 5 ] ; then
return 0
else
return 1
fi
}
start_instance() {
local enable key host port dev
@ -58,6 +68,10 @@ start_instance() {
_log "starting ${PROG_NAME} ${1} instance $*"
if version_over_5_4; then
PROG="mptcpize run ${PROG}"
fi
procd_open_instance
procd_set_param command ${PROG} ${mode} \

9
glorytun/Makefile
View file

@ -9,11 +9,14 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=glorytun
PKG_VERSION:=0.0.35
PKG_RELEASE:=6
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=6d58536f4232fea8eaa10fb60aace8ba11f29ed6
PKG_SOURCE:=glorytun-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/angt/glorytun/releases/download/v$(PKG_VERSION)
PKG_HASH:=49e4d8ea4ff2990300b37947b0bd0da3c8e0985bc6eddf29f4146306188fff64
PKG_SOURCE_URL:=https://github.com/Ysurac/glorytun.git
PKG_VERSION:=0.0.35-$(PKG_SOURCE_VERSION)
PKG_FIXUP:=autoreconf
include $(INCLUDE_DIR)/package.mk

12
luci-app-mptcp/luasrc/controller/mptcp.lua
View file

@ -210,6 +210,15 @@ function mptcp_monitor_data()
luci.http.prepare_content("text/plain")
local fullmesh
fullmesh = io.popen("cat /proc/net/mptcp_net/snmp")
if fullmesh:read() ~= nil then
while true do
local ln = fullmesh:read("*l")
if not ln then break end
luci.http.write(ln)
luci.http.write("\n")
end
else
fullmesh = io.popen("nstat -z")
if fullmesh then
while true do
local ln = fullmesh:read("*l")
@ -218,6 +227,7 @@ function mptcp_monitor_data()
luci.http.write("\n")
end
end
end
return
end
@ -225,7 +235,7 @@ function mptcp_connections_data()
luci.http.prepare_content("text/plain")
local connections
connections = io.popen("multipath -c")
if connections then
if connections:read() ~= nil then
while true do
local ln = connections:read("*l")
if not ln then break end

84
luci-app-mptcp/luasrc/model/cbi/mptcp.lua
View file

@ -21,56 +21,74 @@ o:value(0, translate("disable"))
o = s:option(ListValue, "mptcp_path_manager", translate("Multipath TCP path-manager"), translate("Default is fullmesh"))
o:value("default", translate("default"))
o:value("fullmesh", "fullmesh")
o:value("ndiffports", "ndiffports")
o:value("binder", "binder")
if uname.release:sub(1,4) ~= "4.14" then
if uname.release:sub(1,4) ~= "5.14" then
o:value("ndiffports", "ndiffports")
o:value("binder", "binder")
if uname.release:sub(1,4) ~= "4.14" then
o:value("netlink", translate("Netlink"))
end
end
o = s:option(ListValue, "mptcp_scheduler", translate("Multipath TCP scheduler"))
o:value("default", translate("default"))
o:value("roundrobin", "round-robin")
o:value("redundant", "redundant")
if uname.release:sub(1,4) ~= "4.14" then
if uname.release:sub(1,4) ~= "5.14" then
o:value("roundrobin", "round-robin")
o:value("redundant", "redundant")
if uname.release:sub(1,4) ~= "4.14" then
o:value("blest", "BLEST")
o:value("ecf", "ECF")
end
end
if uname.release:sub(1,4) ~= "5.14" then
o = s:option(Value, "mptcp_syn_retries", translate("Multipath TCP SYN retries"))
o.datatype = "uinteger"
o.rmempty = false
end
o = s:option(Value, "mptcp_syn_retries", translate("Multipath TCP SYN retries"))
o.datatype = "uinteger"
o.rmempty = false
o = s:option(ListValue, "congestion", translate("Congestion Control"),translate("Default is cubic"))
local availablecong = sys.exec("sysctl -n net.ipv4.tcp_available_congestion_control | xargs -n1 | sort | xargs")
for cong in string.gmatch(availablecong, "[^%s]+") do
o:value(cong, translate(cong))
end
o = s:option(Value, "mptcp_fullmesh_num_subflows", translate("Fullmesh subflows for each pair of IP addresses"))
o.datatype = "uinteger"
o.rmempty = false
o.default = 1
--o:depends("mptcp_path_manager","fullmesh")
if uname.release:sub(1,4) == "5.14" then
o = s:option(Value, "mptcp_subflows", translate("specifies the maximum number of additional subflows allowed for each MPTCP connection"))
o.datatype = "uinteger"
o.rmempty = false
o.default = 3
o = s:option(ListValue, "mptcp_fullmesh_create_on_err", translate("Re-create fullmesh subflows after a timeout"))
o:value(1, translate("enable"))
o:value(0, translate("disable"))
--o:depends("mptcp_path_manager","fullmesh")
o = s:option(Value, "mptcp_add_addr_accepted", translate("specifies the maximum number of ADD_ADDR suboptions accepted for each MPTCP connection"))
o.datatype = "uinteger"
o.rmempty = false
o.default = 1
else
o = s:option(Value, "mptcp_fullmesh_num_subflows", translate("Fullmesh subflows for each pair of IP addresses"))
o.datatype = "uinteger"
o.rmempty = false
o.default = 1
--o:depends("mptcp_path_manager","fullmesh")
o = s:option(Value, "mptcp_ndiffports_num_subflows", translate("ndiffports subflows number"))
o.datatype = "uinteger"
o.rmempty = false
o.default = 1
--o:depends("mptcp_path_manager","ndiffports")
o = s:option(ListValue, "mptcp_fullmesh_create_on_err", translate("Re-create fullmesh subflows after a timeout"))
o:value(1, translate("enable"))
o:value(0, translate("disable"))
--o:depends("mptcp_path_manager","fullmesh")
o = s:option(ListValue, "mptcp_rr_cwnd_limited", translate("Fill the congestion window on all subflows for round robin"))
o:value("Y", translate("enable"))
o:value("N", translate("disable"))
o.default = "Y"
--o:depends("mptcp_scheduler","roundrobin")
o = s:option(Value, "mptcp_ndiffports_num_subflows", translate("ndiffports subflows number"))
o.datatype = "uinteger"
o.rmempty = false
o.default = 1
--o:depends("mptcp_path_manager","ndiffports")
o = s:option(Value, "mptcp_rr_num_segments", translate("Consecutive segments that should be sent for round robin"))
o.datatype = "uinteger"
o.rmempty = false
o.default = 1
--o:depends("mptcp_scheduler","roundrobin")
o = s:option(ListValue, "mptcp_rr_cwnd_limited", translate("Fill the congestion window on all subflows for round robin"))
o:value("Y", translate("enable"))
o:value("N", translate("disable"))
o.default = "Y"
--o:depends("mptcp_scheduler","roundrobin")
o = s:option(Value, "mptcp_rr_num_segments", translate("Consecutive segments that should be sent for round robin"))
o.datatype = "uinteger"
o.rmempty = false
o.default = 1
--o:depends("mptcp_scheduler","roundrobin")
end
s = m:section(TypedSection, "interface", translate("Interfaces Settings"))
o = s:option(ListValue, "multipath", translate("Multipath TCP"), translate("One interface must be set as master"))

8
luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua
View file

@ -284,6 +284,7 @@ function wizard_add()
local sqmenabled = luci.http.formvalue("cbid.sqm.%s.enabled" % intf) or "0"
local multipath = luci.http.formvalue("cbid.network.%s.multipath" % intf) or "on"
local lan = luci.http.formvalue("cbid.network.%s.lan" % intf) or "0"
local ttl = luci.http.formvalue("cbid.network.%s.ttl" % intf) or ""
if typeintf ~= "" then
if typeintf == "normal" then
typeintf = ""
@ -338,6 +339,13 @@ function wizard_add()
if proto ~= "other" then
ucic:set("network",intf,"proto",proto)
end
uci_device = uci_device_from_interface(intf)
if uci_device == "" then
uci_device = intf .. "_dev"
end
ucic:set("network",uci_device,"ttl",ttl)
ucic:set("network",intf,"apn",apn)
ucic:set("network",intf,"pincode",pincode)
ucic:set("network",intf,"delay",delay)

18
luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm
View file

@ -893,6 +893,16 @@
<%
end
%>
<div class="cbi-value" data-index="14">
<label class="cbi-value-title"><%:Force TTL%></label>
<div class="cbi-value-field">
<input type="text" name="cbid.network.<%=ifname%>.ttl" class="cbi-input-text" value="<%=ttl%>" data-type="uinteger">
<br />
<div class="cbi-value-description">
<%:You can force a TTL. Some LTE provider detect tethering by inpecting packet TTL value, setting it to 65 often solve the issue.%>
</div>
</div>
</div>
<%
local download = "0"
@ -909,7 +919,7 @@
-- end
--end
%>
<div class="cbi-value" data-index="14">
<div class="cbi-value" data-index="15">
<label class="cbi-value-title"><%:MPTCP over VPN%></label>
<div class="cbi-value-field">
<input class="cbi-input-checkbox" type="checkbox" name="multipathvpn.<%=ifname%>.enabled" value="1" <% if uci:get("openmptcprouter",ifname,"multipathvpn") == "1" then %>checked<% end %> />
@ -919,7 +929,7 @@
</div>
</div>
</div>
<div class="cbi-value" data-index="15">
<div class="cbi-value" data-index="16">
<label class="cbi-value-title"><%:Enable SQM%></label>
<div class="cbi-value-field">
<input class="cbi-input-checkbox" type="checkbox" name="cbid.sqm.<%=ifname%>.enabled" value="1" <% if uci:get("sqm",ifname,"enabled") == "1" then %>checked<% end %> />
@ -929,7 +939,7 @@
</div>
</div>
</div>
<div class="cbi-value" data-index="16">
<div class="cbi-value" data-index="17">
<label class="cbi-value-title"><%:Download speed (Kb/s)%></label>
<div class="cbi-value-field">
<input type="text" name="cbid.sqm.<%=ifname%>.download" class="cbi-input-text" value="<%=download%>" data-type="uinteger">
@ -945,7 +955,7 @@
-->
</div>
</div>
<div class="cbi-value" data-index="17">
<div class="cbi-value" data-index="18">
<label class="cbi-value-title"><%:Upload speed (Kb/s)%></label>
<div class="cbi-value-field">
<input type="text" name="cbid.sqm.<%=ifname%>.upload" class="cbi-input-text" value="<%=upload%>" data-type="uinteger">

2
luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter
View file

@ -824,7 +824,7 @@ function interfaces_status()
if mArray.openmptcprouter["external_check"] ~= false then
mArray.openmptcprouter["proxy_addr"] = ut.trim(sys.exec("curl -s -4 --socks5 " .. tracker_ip .. ":" .. tracker_port .. " -m " .. timeout .. " " .. check_ipv4_website))
if mArray.openmptcprouter["proxy_addr"] == "" then
mArray.openmptcprouter["proxy_addr"] = ut.trim(sys.exec("curl -s -4 --socks5 " .. tracker_ip .. ":" .. tracker_port .. " -m " .. timeout .. " ifconfig.co"))
mArray.openmptcprouter["proxy_addr"] = ut.trim(sys.exec("curl -s -4 --socks5 " .. tracker_ip .. ":" .. tracker_port .. " -m " .. timeout .. " ifconfig.me"))
end
--mArray.openmptcprouter["ss_addr6"] = sys.exec("curl -s -6 --socks5 " .. tracker_ip .. ":" .. tracker_port .. " -m 3 http://ipv6.openmptcprouter.com")
end

2
luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/include/10_router.js
View file

@ -371,7 +371,7 @@ return baseclass.extend({
release: {
title: _('Firmware Version'),
value: (typeof boardinfo.release.description !== "undefined") ? boardinfo.release.description : null
value: (typeof boardinfo.release !== "undefined") ? ((typeof boardinfo.release.description !== "undefined") ? boardinfo.release.description : null) : null
}
};

4
luci-mod-network/htdocs/luci-static/resources/tools/network.js
View file

@ -662,6 +662,10 @@ return baseclass.extend({
o.placeholder = '0';
o.datatype = 'uinteger';
o = this.replaceOption(s, 'devadvanced', form.Value, 'ttl', _('Force TTL'), _('Some LTE providers detect tethering by inspecting packet TTL values'));
o.placeholder = '65';
o.datatype = 'uinteger';
o = this.replaceOption(s, 'devgeneral', form.Flag, 'ipv6', _('Enable IPv6'));
o.migrate = false;
o.default = o.enabled;

12
mptcp/files/etc/init.d/mptcp
View file

@ -16,6 +16,9 @@ global_multipath_settings() {
config_get multipath globals multipath
config_get mptcp_path_manager globals mptcp_path_manager
config_get mptcp_scheduler globals mptcp_scheduler
config_get mptcp_subflows globals mptcp_subflows "3"
config_get mptcp_add_addr_accepted globals mptcp_add_addr_accepted "1"
config_get mptcp_add_addr_timeout globals mptcp_add_addr_timeout "120"
config_get mptcp_debug globals mptcp_debug
config_get congestion globals congestion
config_get mptcp_checksum globals mptcp_checksum
@ -29,10 +32,10 @@ global_multipath_settings() {
[ "$multipath" = "enable" ] && multipath_status=1
# Global MPTCP configuration
if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
sysctl -qw net.mptcp.mptcp_enabled="$multipath_status"
[ -z "$mptcp_path_manager" ] || sysctl -qw net.mptcp.mptcp_path_manager="$mptcp_path_manager"
[ -z "$mptcp_scheduler" ] || sysctl -qw net.mptcp.mptcp_scheduler="$mptcp_scheduler"
[ -z "$congestion" ] || sysctl -qw net.ipv4.tcp_congestion_control="$congestion"
[ -z "$mptcp_checksum" ] || sysctl -qw net.mptcp.mptcp_checksum="$mptcp_checksum"
[ -z "$mptcp_debug" ] || sysctl -qw net.mptcp.mptcp_debug="$mptcp_debug"
[ -z "$mptcp_syn_retries" ] || sysctl -qw net.mptcp.mptcp_syn_retries="$mptcp_syn_retries"
@ -41,6 +44,13 @@ global_multipath_settings() {
[ -z "$mptcp_ndiffports_num_subflows" ] || sysctl -qw /sys/module/mptcp_ndiffports/parameters/num_subflows="$mptcp_ndiffports_num_subflows"
[ -z "$mptcp_rr_cwnd_limited" ] || sysctl -qw /sys/module/mptcp_rr/parameters/cwnd_limited="$mptcp_rr_cwnd_limited"
[ -z "$mptcp_rr_num_segments" ] || sysctl -qw /sys/module/mptcp_rr/parameters/num_segments="$mptcp_rr_num_segments"
else
sysctl -qw net.mptcp.enabled="$multipath_status"
ip mptcp limits set add_addr_accepted $mptcp_add_addr_accepted subflows $mptcp_subflows 2>&1 >/dev/null
[ -z "$mptcp_add_addr_timeout" ] || sysctl -qw net.mptcp.add_addr_timeout="$mptcp_add_addr_timeout"
[ -z "$mptcp_checksum" ] || sysctl -qw net.mptcp.checksum_enabled="$mptcp_checksum"
fi
[ -z "$congestion" ] || sysctl -qw net.ipv4.tcp_congestion_control="$congestion"
}
interface_macaddr_count() {

21
mptcp/files/usr/bin/multipath
View file

@ -12,8 +12,6 @@ if [ -d "/proc/sys/net/mptcp" ]; then
fi
else
echo "Your device don't support multipath-TCP."
echo "You have to install the pached kernel to use MPTCP."
echo "See http://multipath-tcp.org/ for details"
exit 1
fi
@ -22,7 +20,11 @@ case $1 in
echo " Multipath-TCP configuration tool"
echo "show/update flags:"
echo " multipath [device]"
echo " multipath device {on | off | backup | handover}"
if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
echo " multipath device {on | off | backup }"
else
echo " multipath device {on | off | signal | backup }"
fi
echo
echo "show established conections: -c"
echo "show fullmesh info: -f"
@ -32,14 +34,21 @@ case $1 in
echo "will allow a subflow to be established across this interface, but only be used"
echo "as backup. Handover-flag indicates that his interface is not used at all (even "
echo "no subflow being established), as long as there are other interfaces available."
echo "See http://multipath-tcp.org/ for details"
echo
exit 0 ;;
"-c")
if [ -f /proc/net/mptcp_net/mptcp ]; then
cat /proc/net/mptcp_net/mptcp
else
ss -M
fi
exit 0;;
"-f")
if [ -f /proc/net/mptcp_fullmesh ]; then
cat /proc/net/mptcp_fullmesh
else
ip mptcp endpoint | grep fullmesh
fi
exit 0;;
"-k")
if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
@ -65,7 +74,6 @@ case $1 in
echo Debugmode: `cat /proc/sys/net/mptcp/mptcp_debug`
fi
echo
echo See http://multipath-tcp.org/ for details
exit 0 ;;
"")
for ifpath in /sys/class/net/*; do
@ -128,7 +136,8 @@ else
exit 0;;
"signal")
[ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
ip mptcp endpoint add $IP dev $DEVICE signal subflow fullmesh
#ip mptcp endpoint add $IP dev $DEVICE signal subflow fullmesh
ip mptcp endpoint add $IP dev $DEVICE signal
exit 0;;
"backup")
[ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null

2
openmptcprouter-full/Makefile
View file

@ -28,7 +28,7 @@ MY_DEPENDS := \
iperf3-ssl luci-app-iperf \
arptables \
bind-dig \
libnetfilter-conntrack ebtables ebtables-utils ip-full \
libnetfilter-conntrack ebtables ebtables-utils ip-full nstat \
iptables-mod-iface iptables-mod-ipmark iptables-mod-hashlimit iptables-mod-condition iptables-mod-trace iptables-mod-conntrack-extra iptables-mod-account \
kmod-nf-nat kmod-nf-nathelper kmod-nf-nathelper-extra iptables-mod-extra conntrack \
iptables-mod-ipsec kmod-crypto-authenc kmod-ipsec kmod-ipsec4 kmod-ipsec6 kmod-ipt-ipsec \

28
openmptcprouter/files/bin/blocklanfw
View file

@ -1,6 +1,6 @@
#!/bin/sh
ss_rules_fw_drop() {
fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
@ -8,18 +8,18 @@ ss_rules_fw_drop() {
fw=$((fw+1))
fi
done
fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
eval "iptables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
eval "iptables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
fw=$((fw+1))
fi
done
}
ss_rules6_fw_drop() {
fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
@ -27,18 +27,18 @@ ss_rules6_fw_drop() {
fw=$((fw+1))
fi
done
fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
eval "ip6tables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
eval "ip6tables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
fw=$((fw+1))
fi
done
}
v2r_rules_fw_drop() {
fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
@ -46,33 +46,35 @@ v2r_rules_fw_drop() {
fw=$((fw+1))
fi
done
fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
eval "iptables -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
eval "iptables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
fw=$((fw+1))
fi
done
}
v2ray_rules6_fw_drop() {
fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
eval "ip6tables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
fi
done
fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
eval "ip6tables -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
eval "ip6tables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
fi
done
}
[ -n "$(pgrep blocklanfw)" ] && exit 0
[ -z "$(iptables-save | grep zone_lan)" ] && exit 0
fw=0
if [ "$(uci -q get openmptcprouter.settings.proxy)" = "shadowsocks" ]; then
ss_rules6_fw_drop
@ -81,7 +83,7 @@ elif [ "$(uci -q get openmptcprouter.settings.proxy)" = "v2ray" ]; then
v2r_rules_fw_drop
v2ray_rules6_fw_drop
fi
rule=$(fw3 -4 print | grep 'A PREROUTING' | grep zone_lan_prerouting | sed 's/-A PREROUTING/-D PREROUTING/')
rule=$(timeout 1 fw3 -4 print | grep 'A PREROUTING' | grep zone_lan_prerouting | sed 's/-A PREROUTING/-D PREROUTING/')
eval "$rule 2>&1 >/dev/null"
newrule=$(echo "$rule" | sed 's/-D PREROUTING/-I PREROUTING 1/')
eval "$newrule 2>&1 >/dev/null"

14
openmptcprouter/files/etc/firewall.ttl Normal file
View file

@ -0,0 +1,14 @@
#!/bin/sh
. /lib/functions.sh
_set_ttl() {
device=$(uci -q get network.$1.name)
ttl=$(uci -q get network.$1.ttl)
if [ -n "$ttl" ] && [ -z "$(iptables-save | grep TTL | grep $device)" ]; then
iptables -w -t mangle -I POSTROUTING -o $device -j TTL --ttl-set $ttl 2>&1 >/dev/null
fi
}
config_load network
config_foreach _set_ttl device

21
openmptcprouter/files/etc/init.d/openmptcprouter-vps
View file

@ -221,6 +221,8 @@ _get_ss_redir() {
[ "$cf_fast_open" = "1" ] && fast_open="true"
config_get cf_no_delay $1 no_delay
[ "$cf_no_delay" = "1" ] && no_delay="true"
config_get cf_mptcp $1 mptcp
[ "$cf_mptcp" = "1" ] && mptcp="true"
}
_get_ss_server() {
@ -253,10 +255,12 @@ _set_ss_server_vps() {
current_obfs_type="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.obfs_type')"
current_fast_open="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.fast_open')"
current_no_delay="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.no_delay')"
current_mptcp="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.mptcp')"
ebpf="false"
fast_open="false"
no_delay="false"
mptcp="false"
obfs="false"
obfs_plugin="v2ray"
obfs_type="http"
@ -264,9 +268,9 @@ _set_ss_server_vps() {
config_foreach _get_ss_redir ss_redir
config_foreach _get_ss_server server
if [ "$current_obfs_plugin" != "$obfs_plugin" ] || [ "$current_obfs_type" != "$obfs_type" ] || [ "$current_port" != "$port" ] || [ "$current_method" != "$method" ] || [ "$current_key" != "$key" ] || [ "$current_ebpf" != "$ebpf" ] || [ "$current_obfs" != "$obfs" ] || [ "$current_fast_open" != "$fast_open" ] || [ "$current_no_delay" != "$no_delay" ]; then
if [ "$current_mptcp" != "$mptcp" ] || [ "$current_obfs_plugin" != "$obfs_plugin" ] || [ "$current_obfs_type" != "$obfs_type" ] || [ "$current_port" != "$port" ] || [ "$current_method" != "$method" ] || [ "$current_key" != "$key" ] || [ "$current_ebpf" != "$ebpf" ] || [ "$current_obfs" != "$obfs" ] || [ "$current_fast_open" != "$fast_open" ] || [ "$current_no_delay" != "$no_delay" ]; then
local settings
settings='{"port": '$port',"method":"'$method'","fast_open":'$fast_open',"reuse_port":true,"no_delay":'$no_delay',"mptcp":true,"key":"'$key'","ebpf":'$ebpf',"obfs":'$obfs',"obfs_plugin":"'$obfs_plugin'","obfs_type":"'$obfs_type'"}'
settings='{"port": '$port',"method":"'$method'","fast_open":'$fast_open',"reuse_port":true,"no_delay":'$no_delay',"mptcp":'$mptcp',"key":"'$key'","ebpf":'$ebpf',"obfs":'$obfs',"obfs_plugin":"'$obfs_plugin'","obfs_type":"'$obfs_type'"}'
_set_json "shadowsocks" "$settings"
fi
}
@ -736,7 +740,7 @@ _set_mptcp_vps() {
syn_retries="$(uci -q get network.globals.mptcp_syn_retries)"
congestion="$(uci -q get network.globals.congestion)"
[ -z "$congestion" ] && congestion="bbr"
if [ "$mptcp_enabled_current" != "$mptcp_enabled" ] || [ "$checksum_current" != "$checksum" ] || [ "$path_manager_current" != "$path_manager" ] || [ "$scheduler_current" != "$scheduler" ] || [ "$syn_retries_current" != "$syn_retries" ] || [ "$congestion_control_current" != "$congestion" ]; then
if [ "$mptcp_enabled_current" != "$mptcp_enabled" ] || [ "$checksum_current" != "$checksum" ] || ([ "$path_manager_current" != "" ] && [ "$path_manager_current" != "$path_manager" ]) || ([ "$scheduler_current" != "" ] && [ "$scheduler_current" != "$scheduler" ]) || ([ "$syn_retries_current" != "" ] && [ "$syn_retries_current" != "$syn_retries" ]) || [ "$congestion_control_current" != "$congestion" ]; then
settings='{"enabled" : "'$mptcp_enabled'", "checksum": "'$checksum'","path_manager": "'$path_manager'","scheduler": "'$scheduler'","syn_retries": "'$syn_retries'","congestion_control": "'$congestion'"}'
echo $(_set_json "mptcp" "$settings")
else
@ -1542,13 +1546,18 @@ _set_config_from_vps() {
congestion="$(echo "$vps_config" | jsonfilter -q -e '@.network.congestion_control')"
uci -q batch <<-EOF >/dev/null
set network.globals.multipath=$mptcp_enabled
set network.globals.mptcp_path_manager=$mptcp_path_manager
set network.globals.mptcp_scheduler=$mptcp_scheduler
set network.globals.mptcp_checksum=$mptcp_checksum
set network.globals.mptcp_syn_retries=$mptcp_syn_retries
set network.globals.congestion=$congestion
commit network
EOF
if [ "$mptcp_path_manager" != "" ] && [ "$mptcp_scheduler" != "" ] && [ "$mptcp_syn_retries" != "" ]; then
uci -q batch <<-EOF >/dev/null
set network.globals.mptcp_path_manager=$mptcp_path_manager
set network.globals.mptcp_scheduler=$mptcp_scheduler
set network.globals.mptcp_syn_retries=$mptcp_syn_retries
commit network
EOF
fi
# Check if server get an IPv6, if not disable IPv6 on OMR
vps_ipv6_addr="$(echo "$vps_config" | jsonfilter -q -e '@.network.ipv6')"

4
openmptcprouter/files/etc/uci-defaults/1920-omr-network
View file

@ -62,8 +62,8 @@ _setup_wan_interface() {
set network.$1.ip4table=wan
set network.$1.multipath=$3
set network.$1.defaultroute=0
set network.$1_dev=device
set network.$1_dev.name=$2
set network.${1}_dev=device
set network.${1}_dev.name=$2
commit network
add_list firewall.@zone[1].network=$1
commit firewall

8
openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
View file

@ -150,6 +150,14 @@ if [ "$(uci -q get firewall.gre_tunnel)" = "" ]; then
commit firewall
EOF
fi
if [ "$(uci -q get firewall.ttl)" = "" ]; then
uci -q batch <<-EOF >/dev/null
set firewall.ttl=include
set firewall.ttl.path=/etc/firewall.ttl
set firewall.ttl.reload=1
commit firewall
EOF
fi
if [ "$(uci -q get firewall.fwlantovpn)" = "" ]; then
uci -q batch <<-EOF >/dev/null
set firewall.zone_lan.auto_helper='0'