sync (#407)

mptcp/files/etc/hotplug.d/iface/30-mptcp

@@ -1,16 +1,16 @@
 #!/bin/sh
 [ "$ACTION" = ifup -o "$ACTION" = ifupdate -o "$ACTION" = ifdown -o "$ACTION" = iflink ] || exit 0
-[ "$ACTION" = ifupdate -a -z "$IFUPDATE_ADDRESSES" -a -z "$IFUPDATE_DATA" ] && exit 0
+#[ "$ACTION" = ifupdate -a -z "$IFUPDATE_ADDRESSES" -a -z "$IFUPDATE_DATA" ] && exit 0
 
 
 /etc/init.d/mptcp enabled || exit 0
 
 
-if [ "$ACTION" = ifup -o "$ACTION" = ifupdate -o "$ACTION" = iflink ] && [ -z "$(echo $DEVICE | grep oip | grep gre)" ]; then
-	logger -t "mptcp" "Reloading mptcp config due to $ACTION of $INTERFACE ($DEVICE)"
-	/etc/init.d/mptcp reload "$DEVICE" >/dev/null || exit 0
-else
-	logger -t "mptcp" "Set multipath off on $DEVICE ($INTERFACE) due to $ACTION"
+#if [ "$ACTION" = ifup -o "$ACTION" = ifupdate -o "$ACTION" = iflink ] && [ -z "$(echo $DEVICE | grep oip | grep gre)" ]; then
+#	logger -t "mptcp" "Reloading mptcp config due to $ACTION of $INTERFACE ($DEVICE)"
+#	/etc/init.d/mptcp reload "$DEVICE" >/dev/null || exit 0
+#else
+if [ "$ACTION" = ifdown ]; then
 	multipath $DEVICE off 2>&1 >/dev/null
 fi
 

mptcp/files/etc/init.d/mptcp

@@ -205,14 +205,6 @@ interface_multipath_settings() {
 	
 	#echo "îface: $iface"
 	
-	if [ "$(uci -q get openmptcprouter.settings.force_multipath)" != "0" ]; then
-		logger -t "MPTCP" "Set $iface to $mode"
-		if [ "$mode" = "master" ]; then
-			multipath "$iface" "on"
-		else
-			multipath "$iface" "$mode"
-		fi
-	fi
 	#[ "$mode" = "off" ] && {
 	#	ip rule del table $id > /dev/null 2>&1
 	#	ip route flush $id > /dev/null 2>&1
@@ -409,6 +401,16 @@ interface_multipath_settings() {
 			#}
 		fi
 	fi
+
+	if [ "$(uci -q get openmptcprouter.settings.force_multipath)" != "0" ]; then
+		logger -t "MPTCP" "Set $iface to $mode"
+		if [ "$mode" = "master" ]; then
+			multipath "$iface" "on"
+		else
+			multipath "$iface" "$mode"
+		fi
+	fi
+
 }
 
 load_interfaces() {
@@ -502,6 +504,7 @@ start_service() {
 	local id count intfmaster
 	. /lib/functions.sh
 	. /lib/functions/network.sh
+	[ -n "$intf" ] && multipath "${intf}" off 2>&1 >/dev/null
 	global_multipath_settings
 
 	[ -n "$(ubus call system board | jsonfilter -e '@.board_name' | grep '3-model-b')" ] && [ "$(ip link show eth0 | grep UP)" = "" ] && {

shadowsocks-libev/files/nft-rules/chain.uc

@@ -93,8 +93,10 @@ chain ss_rules_src_{{ proto }} {
 
 chain ss_rules_dst_{{ proto }} {
 	ip daddr @ss_rules_dst_bypass accept;
+	ip daddr @ss_rules_remote_servers accept;
 	ip daddr @ss_rules_dst_forward goto ss_rules_forward_{{ proto }};
 	ip6 daddr @ss_rules6_dst_bypass accept;
+	ip6 daddr @ss_rules6_remote_servers accept;
 	ip6 daddr @ss_rules6_dst_forward goto ss_rules_forward_{{ proto }};
 	{{ get_dst_default_verdict() }};
 }
@@ -107,8 +109,10 @@ chain ss_rules_forward_{{ proto }} {
 chain ss_rules_local_out {
 	type {{ type }} hook output priority -1;
 	meta l4proto != tcp accept;
+	ip daddr @ss_rules_remote_servers accept;
 	ip daddr @ss_rules_dst_bypass_ accept;
 	ip daddr @ss_rules_dst_bypass accept;
+	ip6 daddr @ss_rules6_remote_servers accept;
 	ip6 daddr @ss_rules6_dst_bypass_ accept;
 	ip6 daddr @ss_rules6_dst_bypass accept;
 	{{ local_verdict }};

shadowsocks-libev/files/nft-rules/set.uc

@@ -10,10 +10,10 @@ let o_dst_bypass4_ = "
 	172.16.0.0/12
 	192.0.0.0/24
 	192.0.2.0/24
+	192.168.0.0/16
 	192.31.196.0/24
 	192.52.193.0/24
 	192.88.99.0/24
-	192.168.0.0/16
 	192.175.48.0/24
 	198.18.0.0/15
 	198.51.100.0/24
@@ -43,6 +43,9 @@ let set_suffix = {
 	"src_checkdst": {
 		str: o_src_checkdst,
 	},
+	"remote_servers": {
+		str: o_remote_servers
+	},
 	"dst_bypass": {
 		str: o_dst_bypass,
 		file: o_dst_bypass_file,

shadowsocks-libev/files/shadowsocks-libev.init-nft

@@ -15,7 +15,7 @@ ss_confdir=/var/etc/shadowsocks-libev
 ss_bindir=/usr/bin
 
 ssrules_uc="/usr/share/ss-rules/ss-rules.uc"
-ssrules_nft="/etc/nftables.d/90-proxy-rules.nft"
+ssrules_nft="/etc/nftables.d/90-ss-rules.nft"
 
 ss_mkjson_server_conf() {
 	local cfgserver
@@ -33,10 +33,38 @@ ss_mkjson_server_conf_() {
 	[ -z "$server" ] || json_add_string server "$server"
 	json_add_int server_port "$server_port"
 	[ -z "$method" ] || json_add_string method "$method"
-	[ -z "$key" ] || json_add_string key "$key"
-	[ -z "$password" ] || json_add_string password "$password"
+	[ -z "$key" ] || {
+		key="$(echo $key | sed 's/+/-/g; s/\//_/g;')"
+		json_add_string key "$key"
+	}
+	[ -z "$password" ] || {
+		password="$(echo $password | sed 's/+/-/g; s/\//_/g;')"
+		json_add_string password "$password"
+	}
+	[ -z "$password" ] && [ -z "$key" ] && return 1
 	[ -z "$plugin" ] || json_add_string plugin "$plugin"
 	[ -z "$plugin_opts" ] || json_add_string plugin_opts "$plugin_opts"
+	if [ "$obfs" = 1 ]; then
+	if [ "$obfs_plugin" = "obfs" ]; then
+		obfs_options="obfs=$obfs_type"
+		[ -z "$obfs_host" ] || obfs_options="$obfs_options;obfs-host=$obfs_host"
+		[ -z "$obfs_uri" ] || obfs_options="$obfs_options;obfs-uri=$obfs_uri"
+		[ "$fast_open" = 1 ] && obfs_options="$obfs_options;fast-open"
+		[ "$mptcp" = 1 ] && obfs_options="$obfs_options;mptcp"
+		[ -z "$timeout" ] || obfs_options="$obfs_options;t=$timeout"
+		json_add_string plugin "/usr/bin/obfs-local"
+		json_add_string plugin_opts "$obfs_options"
+	fi
+	if [ "$obfs_plugin" = "v2ray" ]; then
+			obfs_options="loglevel=default"
+			[ "$obfs_type" = "tls" ] && obfs_options="tls"
+			[ -z "$obfs_host" ] || obfs_options="$obfs_options;host=$obfs_host"
+			[ -z "$obfs_uri" ] || obfs_options="$obfs_options;path=$obfs_uri"
+			[ "$fast_open" = 1 ] && obfs_options="$obfs_options;fast-open"
+			json_add_string plugin "/usr/bin/v2ray-plugin"
+			json_add_string plugin_opts "$obfs_options"
+		fi
+	fi
 }
 
 ss_mkjson_ss_local_conf() {
@@ -95,6 +123,7 @@ ss_xxx() {
 		procd_append_param command -b "$bind_address"
 	fi
 	procd_set_param file "$confjson"
+	procd_set_param limits nofile="512000 512000"
 	procd_set_param respawn
 	procd_close_instance
 	ss_rules_cb