diff --git a/mptcp/files/etc/hotplug.d/iface/30-mptcp b/mptcp/files/etc/hotplug.d/iface/30-mptcp index 607718dd1..33bc70ebe 100755 --- a/mptcp/files/etc/hotplug.d/iface/30-mptcp +++ b/mptcp/files/etc/hotplug.d/iface/30-mptcp @@ -1,16 +1,16 @@ #!/bin/sh [ "$ACTION" = ifup -o "$ACTION" = ifupdate -o "$ACTION" = ifdown -o "$ACTION" = iflink ] || exit 0 -[ "$ACTION" = ifupdate -a -z "$IFUPDATE_ADDRESSES" -a -z "$IFUPDATE_DATA" ] && exit 0 +#[ "$ACTION" = ifupdate -a -z "$IFUPDATE_ADDRESSES" -a -z "$IFUPDATE_DATA" ] && exit 0 /etc/init.d/mptcp enabled || exit 0 -if [ "$ACTION" = ifup -o "$ACTION" = ifupdate -o "$ACTION" = iflink ] && [ -z "$(echo $DEVICE | grep oip | grep gre)" ]; then - logger -t "mptcp" "Reloading mptcp config due to $ACTION of $INTERFACE ($DEVICE)" - /etc/init.d/mptcp reload "$DEVICE" >/dev/null || exit 0 -else - logger -t "mptcp" "Set multipath off on $DEVICE ($INTERFACE) due to $ACTION" +#if [ "$ACTION" = ifup -o "$ACTION" = ifupdate -o "$ACTION" = iflink ] && [ -z "$(echo $DEVICE | grep oip | grep gre)" ]; then +# logger -t "mptcp" "Reloading mptcp config due to $ACTION of $INTERFACE ($DEVICE)" +# /etc/init.d/mptcp reload "$DEVICE" >/dev/null || exit 0 +#else +if [ "$ACTION" = ifdown ]; then multipath $DEVICE off 2>&1 >/dev/null fi diff --git a/mptcp/files/etc/init.d/mptcp b/mptcp/files/etc/init.d/mptcp index f1d358bc3..e2cd16260 100755 --- a/mptcp/files/etc/init.d/mptcp +++ b/mptcp/files/etc/init.d/mptcp @@ -205,14 +205,6 @@ interface_multipath_settings() { #echo "îface: $iface" - if [ "$(uci -q get openmptcprouter.settings.force_multipath)" != "0" ]; then - logger -t "MPTCP" "Set $iface to $mode" - if [ "$mode" = "master" ]; then - multipath "$iface" "on" - else - multipath "$iface" "$mode" - fi - fi #[ "$mode" = "off" ] && { # ip rule del table $id > /dev/null 2>&1 # ip route flush $id > /dev/null 2>&1 @@ -409,6 +401,16 @@ interface_multipath_settings() { #} fi fi + + if [ "$(uci -q get openmptcprouter.settings.force_multipath)" != "0" ]; then + logger -t "MPTCP" "Set $iface to $mode" + if [ "$mode" = "master" ]; then + multipath "$iface" "on" + else + multipath "$iface" "$mode" + fi + fi + } load_interfaces() { @@ -502,6 +504,7 @@ start_service() { local id count intfmaster . /lib/functions.sh . /lib/functions/network.sh + [ -n "$intf" ] && multipath "${intf}" off 2>&1 >/dev/null global_multipath_settings [ -n "$(ubus call system board | jsonfilter -e '@.board_name' | grep '3-model-b')" ] && [ "$(ip link show eth0 | grep UP)" = "" ] && { diff --git a/shadowsocks-libev/files/nft-rules/chain.uc b/shadowsocks-libev/files/nft-rules/chain.uc index 3047f1663..3b2cc0813 100644 --- a/shadowsocks-libev/files/nft-rules/chain.uc +++ b/shadowsocks-libev/files/nft-rules/chain.uc @@ -93,8 +93,10 @@ chain ss_rules_src_{{ proto }} { chain ss_rules_dst_{{ proto }} { ip daddr @ss_rules_dst_bypass accept; + ip daddr @ss_rules_remote_servers accept; ip daddr @ss_rules_dst_forward goto ss_rules_forward_{{ proto }}; ip6 daddr @ss_rules6_dst_bypass accept; + ip6 daddr @ss_rules6_remote_servers accept; ip6 daddr @ss_rules6_dst_forward goto ss_rules_forward_{{ proto }}; {{ get_dst_default_verdict() }}; } @@ -107,8 +109,10 @@ chain ss_rules_forward_{{ proto }} { chain ss_rules_local_out { type {{ type }} hook output priority -1; meta l4proto != tcp accept; + ip daddr @ss_rules_remote_servers accept; ip daddr @ss_rules_dst_bypass_ accept; ip daddr @ss_rules_dst_bypass accept; + ip6 daddr @ss_rules6_remote_servers accept; ip6 daddr @ss_rules6_dst_bypass_ accept; ip6 daddr @ss_rules6_dst_bypass accept; {{ local_verdict }}; diff --git a/shadowsocks-libev/files/nft-rules/set.uc b/shadowsocks-libev/files/nft-rules/set.uc index 38140e7e1..2698d444a 100644 --- a/shadowsocks-libev/files/nft-rules/set.uc +++ b/shadowsocks-libev/files/nft-rules/set.uc @@ -10,10 +10,10 @@ let o_dst_bypass4_ = " 172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 + 192.168.0.0/16 192.31.196.0/24 192.52.193.0/24 192.88.99.0/24 - 192.168.0.0/16 192.175.48.0/24 198.18.0.0/15 198.51.100.0/24 @@ -43,6 +43,9 @@ let set_suffix = { "src_checkdst": { str: o_src_checkdst, }, + "remote_servers": { + str: o_remote_servers + }, "dst_bypass": { str: o_dst_bypass, file: o_dst_bypass_file, diff --git a/shadowsocks-libev/files/shadowsocks-libev.init-nft b/shadowsocks-libev/files/shadowsocks-libev.init-nft index a42fce5d8..340a479d0 100755 --- a/shadowsocks-libev/files/shadowsocks-libev.init-nft +++ b/shadowsocks-libev/files/shadowsocks-libev.init-nft @@ -15,7 +15,7 @@ ss_confdir=/var/etc/shadowsocks-libev ss_bindir=/usr/bin ssrules_uc="/usr/share/ss-rules/ss-rules.uc" -ssrules_nft="/etc/nftables.d/90-proxy-rules.nft" +ssrules_nft="/etc/nftables.d/90-ss-rules.nft" ss_mkjson_server_conf() { local cfgserver @@ -33,10 +33,38 @@ ss_mkjson_server_conf_() { [ -z "$server" ] || json_add_string server "$server" json_add_int server_port "$server_port" [ -z "$method" ] || json_add_string method "$method" - [ -z "$key" ] || json_add_string key "$key" - [ -z "$password" ] || json_add_string password "$password" + [ -z "$key" ] || { + key="$(echo $key | sed 's/+/-/g; s/\//_/g;')" + json_add_string key "$key" + } + [ -z "$password" ] || { + password="$(echo $password | sed 's/+/-/g; s/\//_/g;')" + json_add_string password "$password" + } + [ -z "$password" ] && [ -z "$key" ] && return 1 [ -z "$plugin" ] || json_add_string plugin "$plugin" [ -z "$plugin_opts" ] || json_add_string plugin_opts "$plugin_opts" + if [ "$obfs" = 1 ]; then + if [ "$obfs_plugin" = "obfs" ]; then + obfs_options="obfs=$obfs_type" + [ -z "$obfs_host" ] || obfs_options="$obfs_options;obfs-host=$obfs_host" + [ -z "$obfs_uri" ] || obfs_options="$obfs_options;obfs-uri=$obfs_uri" + [ "$fast_open" = 1 ] && obfs_options="$obfs_options;fast-open" + [ "$mptcp" = 1 ] && obfs_options="$obfs_options;mptcp" + [ -z "$timeout" ] || obfs_options="$obfs_options;t=$timeout" + json_add_string plugin "/usr/bin/obfs-local" + json_add_string plugin_opts "$obfs_options" + fi + if [ "$obfs_plugin" = "v2ray" ]; then + obfs_options="loglevel=default" + [ "$obfs_type" = "tls" ] && obfs_options="tls" + [ -z "$obfs_host" ] || obfs_options="$obfs_options;host=$obfs_host" + [ -z "$obfs_uri" ] || obfs_options="$obfs_options;path=$obfs_uri" + [ "$fast_open" = 1 ] && obfs_options="$obfs_options;fast-open" + json_add_string plugin "/usr/bin/v2ray-plugin" + json_add_string plugin_opts "$obfs_options" + fi + fi } ss_mkjson_ss_local_conf() { @@ -95,6 +123,7 @@ ss_xxx() { procd_append_param command -b "$bind_address" fi procd_set_param file "$confjson" + procd_set_param limits nofile="512000 512000" procd_set_param respawn procd_close_instance ss_rules_cb