diff --git a/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter b/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter
index 74543d056..8ebf2905b 100755
--- a/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter
+++ b/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter
@@ -824,7 +824,7 @@ function interfaces_status()
if mArray.openmptcprouter["external_check"] ~= false then
mArray.openmptcprouter["proxy_addr"] = ut.trim(sys.exec("curl -s -4 --socks5 " .. tracker_ip .. ":" .. tracker_port .. " -m " .. timeout .. " " .. check_ipv4_website))
if mArray.openmptcprouter["proxy_addr"] == "" then
- mArray.openmptcprouter["proxy_addr"] = ut.trim(sys.exec("curl -s -4 --socks5 " .. tracker_ip .. ":" .. tracker_port .. " -m " .. timeout .. " ifconfig.co"))
+ mArray.openmptcprouter["proxy_addr"] = ut.trim(sys.exec("curl -s -4 --socks5 " .. tracker_ip .. ":" .. tracker_port .. " -m " .. timeout .. " ifconfig.me"))
end
--mArray.openmptcprouter["ss_addr6"] = sys.exec("curl -s -6 --socks5 " .. tracker_ip .. ":" .. tracker_port .. " -m 3 http://ipv6.openmptcprouter.com")
end
diff --git a/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/include/10_router.js b/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/include/10_router.js
index ad9278c53..cf69d4d0e 100755
--- a/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/include/10_router.js
+++ b/luci-mod-dashboard/htdocs/luci-static/resources/view/dashboard/include/10_router.js
@@ -371,7 +371,7 @@ return baseclass.extend({
release: {
title: _('Firmware Version'),
- value: (typeof boardinfo.release.description !== "undefined") ? boardinfo.release.description : null
+ value: (typeof boardinfo.release !== "undefined") ? ((typeof boardinfo.release.description !== "undefined") ? boardinfo.release.description : null) : null
}
};
diff --git a/luci-mod-network/htdocs/luci-static/resources/tools/network.js b/luci-mod-network/htdocs/luci-static/resources/tools/network.js
index 8efbd89d4..b08f84058 100644
--- a/luci-mod-network/htdocs/luci-static/resources/tools/network.js
+++ b/luci-mod-network/htdocs/luci-static/resources/tools/network.js
@@ -662,6 +662,10 @@ return baseclass.extend({
o.placeholder = '0';
o.datatype = 'uinteger';
+ o = this.replaceOption(s, 'devadvanced', form.Value, 'ttl', _('Force TTL'), _('Some LTE providers detect tethering by inspecting packet TTL values'));
+ o.placeholder = '65';
+ o.datatype = 'uinteger';
+
o = this.replaceOption(s, 'devgeneral', form.Flag, 'ipv6', _('Enable IPv6'));
o.migrate = false;
o.default = o.enabled;
diff --git a/mptcp/files/etc/init.d/mptcp b/mptcp/files/etc/init.d/mptcp
index 64bb51d51..7dd629733 100755
--- a/mptcp/files/etc/init.d/mptcp
+++ b/mptcp/files/etc/init.d/mptcp
@@ -16,6 +16,9 @@ global_multipath_settings() {
config_get multipath globals multipath
config_get mptcp_path_manager globals mptcp_path_manager
config_get mptcp_scheduler globals mptcp_scheduler
+ config_get mptcp_subflows globals mptcp_subflows "3"
+ config_get mptcp_add_addr_accepted globals mptcp_add_addr_accepted "1"
+ config_get mptcp_add_addr_timeout globals mptcp_add_addr_timeout "120"
config_get mptcp_debug globals mptcp_debug
config_get congestion globals congestion
config_get mptcp_checksum globals mptcp_checksum
@@ -29,18 +32,25 @@ global_multipath_settings() {
[ "$multipath" = "enable" ] && multipath_status=1
# Global MPTCP configuration
- sysctl -qw net.mptcp.mptcp_enabled="$multipath_status"
- [ -z "$mptcp_path_manager" ] || sysctl -qw net.mptcp.mptcp_path_manager="$mptcp_path_manager"
- [ -z "$mptcp_scheduler" ] || sysctl -qw net.mptcp.mptcp_scheduler="$mptcp_scheduler"
+ if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
+ sysctl -qw net.mptcp.mptcp_enabled="$multipath_status"
+ [ -z "$mptcp_path_manager" ] || sysctl -qw net.mptcp.mptcp_path_manager="$mptcp_path_manager"
+ [ -z "$mptcp_scheduler" ] || sysctl -qw net.mptcp.mptcp_scheduler="$mptcp_scheduler"
+ [ -z "$mptcp_checksum" ] || sysctl -qw net.mptcp.mptcp_checksum="$mptcp_checksum"
+ [ -z "$mptcp_debug" ] || sysctl -qw net.mptcp.mptcp_debug="$mptcp_debug"
+ [ -z "$mptcp_syn_retries" ] || sysctl -qw net.mptcp.mptcp_syn_retries="$mptcp_syn_retries"
+ [ -z "$mptcp_fullmesh_num_subflows" ] || sysctl -qw /sys/module/mptcp_fullmesh/parameters/num_subflows="$mptcp_fullmesh_num_subflows"
+ [ -z "$mptcp_fullmesh_create_on_err" ] || sysctl -qw /sys/module/mptcp_fullmesh/parameters/create_on_err="$mptcp_fullmesh_create_on_err"
+ [ -z "$mptcp_ndiffports_num_subflows" ] || sysctl -qw /sys/module/mptcp_ndiffports/parameters/num_subflows="$mptcp_ndiffports_num_subflows"
+ [ -z "$mptcp_rr_cwnd_limited" ] || sysctl -qw /sys/module/mptcp_rr/parameters/cwnd_limited="$mptcp_rr_cwnd_limited"
+ [ -z "$mptcp_rr_num_segments" ] || sysctl -qw /sys/module/mptcp_rr/parameters/num_segments="$mptcp_rr_num_segments"
+ else
+ sysctl -qw net.mptcp.enabled="$multipath_status"
+ ip mptcp limits set add_addr_accepted $mptcp_add_addr_accepted subflows $mptcp_subflows 2>&1 >/dev/null
+ [ -z "$mptcp_add_addr_timeout" ] || sysctl -qw net.mptcp.add_addr_timeout="$mptcp_add_addr_timeout"
+ [ -z "$mptcp_checksum" ] || sysctl -qw net.mptcp.checksum_enabled="$mptcp_checksum"
+ fi
[ -z "$congestion" ] || sysctl -qw net.ipv4.tcp_congestion_control="$congestion"
- [ -z "$mptcp_checksum" ] || sysctl -qw net.mptcp.mptcp_checksum="$mptcp_checksum"
- [ -z "$mptcp_debug" ] || sysctl -qw net.mptcp.mptcp_debug="$mptcp_debug"
- [ -z "$mptcp_syn_retries" ] || sysctl -qw net.mptcp.mptcp_syn_retries="$mptcp_syn_retries"
- [ -z "$mptcp_fullmesh_num_subflows" ] || sysctl -qw /sys/module/mptcp_fullmesh/parameters/num_subflows="$mptcp_fullmesh_num_subflows"
- [ -z "$mptcp_fullmesh_create_on_err" ] || sysctl -qw /sys/module/mptcp_fullmesh/parameters/create_on_err="$mptcp_fullmesh_create_on_err"
- [ -z "$mptcp_ndiffports_num_subflows" ] || sysctl -qw /sys/module/mptcp_ndiffports/parameters/num_subflows="$mptcp_ndiffports_num_subflows"
- [ -z "$mptcp_rr_cwnd_limited" ] || sysctl -qw /sys/module/mptcp_rr/parameters/cwnd_limited="$mptcp_rr_cwnd_limited"
- [ -z "$mptcp_rr_num_segments" ] || sysctl -qw /sys/module/mptcp_rr/parameters/num_segments="$mptcp_rr_num_segments"
}
interface_macaddr_count() {
diff --git a/mptcp/files/usr/bin/multipath b/mptcp/files/usr/bin/multipath
index 896b169d2..62e029da5 100755
--- a/mptcp/files/usr/bin/multipath
+++ b/mptcp/files/usr/bin/multipath
@@ -12,8 +12,6 @@ if [ -d "/proc/sys/net/mptcp" ]; then
fi
else
echo "Your device don't support multipath-TCP."
- echo "You have to install the pached kernel to use MPTCP."
- echo "See http://multipath-tcp.org/ for details"
exit 1
fi
@@ -22,7 +20,11 @@ case $1 in
echo " Multipath-TCP configuration tool"
echo "show/update flags:"
echo " multipath [device]"
- echo " multipath device {on | off | backup | handover}"
+ if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
+ echo " multipath device {on | off | backup }"
+ else
+ echo " multipath device {on | off | signal | backup }"
+ fi
echo
echo "show established conections: -c"
echo "show fullmesh info: -f"
@@ -32,14 +34,21 @@ case $1 in
echo "will allow a subflow to be established across this interface, but only be used"
echo "as backup. Handover-flag indicates that his interface is not used at all (even "
echo "no subflow being established), as long as there are other interfaces available."
- echo "See http://multipath-tcp.org/ for details"
echo
exit 0 ;;
"-c")
- cat /proc/net/mptcp_net/mptcp
+ if [ -f /proc/net/mptcp_net/mptcp ]; then
+ cat /proc/net/mptcp_net/mptcp
+ else
+ ss -M
+ fi
exit 0;;
"-f")
- cat /proc/net/mptcp_fullmesh
+ if [ -f /proc/net/mptcp_fullmesh ]; then
+ cat /proc/net/mptcp_fullmesh
+ else
+ ip mptcp endpoint | grep fullmesh
+ fi
exit 0;;
"-k")
if [ -f /proc/sys/net/mptcp/mptcp_enabled ]; then
@@ -65,7 +74,6 @@ case $1 in
echo Debugmode: `cat /proc/sys/net/mptcp/mptcp_debug`
fi
echo
- echo See http://multipath-tcp.org/ for details
exit 0 ;;
"")
for ifpath in /sys/class/net/*; do
@@ -128,7 +136,8 @@ else
exit 0;;
"signal")
[ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
- ip mptcp endpoint add $IP dev $DEVICE signal subflow fullmesh
+ #ip mptcp endpoint add $IP dev $DEVICE signal subflow fullmesh
+ ip mptcp endpoint add $IP dev $DEVICE signal
exit 0;;
"backup")
[ -n "$ID" ] && ip mptcp endpoint delete id $ID 2>&1 >/dev/null
diff --git a/openmptcprouter-full/Makefile b/openmptcprouter-full/Makefile
index 4432da893..022951ded 100755
--- a/openmptcprouter-full/Makefile
+++ b/openmptcprouter-full/Makefile
@@ -28,7 +28,7 @@ MY_DEPENDS := \
iperf3-ssl luci-app-iperf \
arptables \
bind-dig \
- libnetfilter-conntrack ebtables ebtables-utils ip-full \
+ libnetfilter-conntrack ebtables ebtables-utils ip-full nstat \
iptables-mod-iface iptables-mod-ipmark iptables-mod-hashlimit iptables-mod-condition iptables-mod-trace iptables-mod-conntrack-extra iptables-mod-account \
kmod-nf-nat kmod-nf-nathelper kmod-nf-nathelper-extra iptables-mod-extra conntrack \
iptables-mod-ipsec kmod-crypto-authenc kmod-ipsec kmod-ipsec4 kmod-ipsec6 kmod-ipt-ipsec \
diff --git a/openmptcprouter/files/bin/blocklanfw b/openmptcprouter/files/bin/blocklanfw
index cf507eba4..a35694dac 100755
--- a/openmptcprouter/files/bin/blocklanfw
+++ b/openmptcprouter/files/bin/blocklanfw
@@ -1,6 +1,6 @@
#!/bin/sh
ss_rules_fw_drop() {
- fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+ timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
@@ -8,18 +8,18 @@ ss_rules_fw_drop() {
fw=$((fw+1))
fi
done
- fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+ timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
- eval "iptables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
+ eval "iptables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
fw=$((fw+1))
fi
done
}
ss_rules6_fw_drop() {
- fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+ timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
@@ -27,18 +27,18 @@ ss_rules6_fw_drop() {
fw=$((fw+1))
fi
done
- fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+ timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
- eval "ip6tables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
+ eval "ip6tables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
fw=$((fw+1))
fi
done
}
v2r_rules_fw_drop() {
- fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+ timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
@@ -46,33 +46,35 @@ v2r_rules_fw_drop() {
fw=$((fw+1))
fi
done
- fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+ timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
- eval "iptables -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
+ eval "iptables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
fw=$((fw+1))
fi
done
}
v2ray_rules6_fw_drop() {
- fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+ timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
eval "ip6tables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
fi
done
- fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
+ timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
- eval "ip6tables -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
+ eval "ip6tables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
fi
done
}
+[ -n "$(pgrep blocklanfw)" ] && exit 0
+[ -z "$(iptables-save | grep zone_lan)" ] && exit 0
fw=0
if [ "$(uci -q get openmptcprouter.settings.proxy)" = "shadowsocks" ]; then
ss_rules6_fw_drop
@@ -81,7 +83,7 @@ elif [ "$(uci -q get openmptcprouter.settings.proxy)" = "v2ray" ]; then
v2r_rules_fw_drop
v2ray_rules6_fw_drop
fi
-rule=$(fw3 -4 print | grep 'A PREROUTING' | grep zone_lan_prerouting | sed 's/-A PREROUTING/-D PREROUTING/')
+rule=$(timeout 1 fw3 -4 print | grep 'A PREROUTING' | grep zone_lan_prerouting | sed 's/-A PREROUTING/-D PREROUTING/')
eval "$rule 2>&1 >/dev/null"
newrule=$(echo "$rule" | sed 's/-D PREROUTING/-I PREROUTING 1/')
eval "$newrule 2>&1 >/dev/null"
diff --git a/openmptcprouter/files/etc/firewall.ttl b/openmptcprouter/files/etc/firewall.ttl
new file mode 100644
index 000000000..e241dbfca
--- /dev/null
+++ b/openmptcprouter/files/etc/firewall.ttl
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+. /lib/functions.sh
+
+_set_ttl() {
+ device=$(uci -q get network.$1.name)
+ ttl=$(uci -q get network.$1.ttl)
+ if [ -n "$ttl" ] && [ -z "$(iptables-save | grep TTL | grep $device)" ]; then
+ iptables -w -t mangle -I POSTROUTING -o $device -j TTL --ttl-set $ttl 2>&1 >/dev/null
+ fi
+}
+
+config_load network
+config_foreach _set_ttl device
\ No newline at end of file
diff --git a/openmptcprouter/files/etc/init.d/openmptcprouter-vps b/openmptcprouter/files/etc/init.d/openmptcprouter-vps
index 3104f2f74..2206fe064 100755
--- a/openmptcprouter/files/etc/init.d/openmptcprouter-vps
+++ b/openmptcprouter/files/etc/init.d/openmptcprouter-vps
@@ -221,6 +221,8 @@ _get_ss_redir() {
[ "$cf_fast_open" = "1" ] && fast_open="true"
config_get cf_no_delay $1 no_delay
[ "$cf_no_delay" = "1" ] && no_delay="true"
+ config_get cf_mptcp $1 mptcp
+ [ "$cf_mptcp" = "1" ] && mptcp="true"
}
_get_ss_server() {
@@ -253,10 +255,12 @@ _set_ss_server_vps() {
current_obfs_type="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.obfs_type')"
current_fast_open="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.fast_open')"
current_no_delay="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.no_delay')"
+ current_mptcp="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.mptcp')"
ebpf="false"
fast_open="false"
no_delay="false"
+ mptcp="false"
obfs="false"
obfs_plugin="v2ray"
obfs_type="http"
@@ -264,9 +268,9 @@ _set_ss_server_vps() {
config_foreach _get_ss_redir ss_redir
config_foreach _get_ss_server server
- if [ "$current_obfs_plugin" != "$obfs_plugin" ] || [ "$current_obfs_type" != "$obfs_type" ] || [ "$current_port" != "$port" ] || [ "$current_method" != "$method" ] || [ "$current_key" != "$key" ] || [ "$current_ebpf" != "$ebpf" ] || [ "$current_obfs" != "$obfs" ] || [ "$current_fast_open" != "$fast_open" ] || [ "$current_no_delay" != "$no_delay" ]; then
+ if [ "$current_mptcp" != "$mptcp" ] || [ "$current_obfs_plugin" != "$obfs_plugin" ] || [ "$current_obfs_type" != "$obfs_type" ] || [ "$current_port" != "$port" ] || [ "$current_method" != "$method" ] || [ "$current_key" != "$key" ] || [ "$current_ebpf" != "$ebpf" ] || [ "$current_obfs" != "$obfs" ] || [ "$current_fast_open" != "$fast_open" ] || [ "$current_no_delay" != "$no_delay" ]; then
local settings
- settings='{"port": '$port',"method":"'$method'","fast_open":'$fast_open',"reuse_port":true,"no_delay":'$no_delay',"mptcp":true,"key":"'$key'","ebpf":'$ebpf',"obfs":'$obfs',"obfs_plugin":"'$obfs_plugin'","obfs_type":"'$obfs_type'"}'
+ settings='{"port": '$port',"method":"'$method'","fast_open":'$fast_open',"reuse_port":true,"no_delay":'$no_delay',"mptcp":'$mptcp',"key":"'$key'","ebpf":'$ebpf',"obfs":'$obfs',"obfs_plugin":"'$obfs_plugin'","obfs_type":"'$obfs_type'"}'
_set_json "shadowsocks" "$settings"
fi
}
@@ -736,7 +740,7 @@ _set_mptcp_vps() {
syn_retries="$(uci -q get network.globals.mptcp_syn_retries)"
congestion="$(uci -q get network.globals.congestion)"
[ -z "$congestion" ] && congestion="bbr"
- if [ "$mptcp_enabled_current" != "$mptcp_enabled" ] || [ "$checksum_current" != "$checksum" ] || [ "$path_manager_current" != "$path_manager" ] || [ "$scheduler_current" != "$scheduler" ] || [ "$syn_retries_current" != "$syn_retries" ] || [ "$congestion_control_current" != "$congestion" ]; then
+ if [ "$mptcp_enabled_current" != "$mptcp_enabled" ] || [ "$checksum_current" != "$checksum" ] || ([ "$path_manager_current" != "" ] && [ "$path_manager_current" != "$path_manager" ]) || ([ "$scheduler_current" != "" ] && [ "$scheduler_current" != "$scheduler" ]) || ([ "$syn_retries_current" != "" ] && [ "$syn_retries_current" != "$syn_retries" ]) || [ "$congestion_control_current" != "$congestion" ]; then
settings='{"enabled" : "'$mptcp_enabled'", "checksum": "'$checksum'","path_manager": "'$path_manager'","scheduler": "'$scheduler'","syn_retries": "'$syn_retries'","congestion_control": "'$congestion'"}'
echo $(_set_json "mptcp" "$settings")
else
@@ -1542,13 +1546,18 @@ _set_config_from_vps() {
congestion="$(echo "$vps_config" | jsonfilter -q -e '@.network.congestion_control')"
uci -q batch <<-EOF >/dev/null
set network.globals.multipath=$mptcp_enabled
- set network.globals.mptcp_path_manager=$mptcp_path_manager
- set network.globals.mptcp_scheduler=$mptcp_scheduler
set network.globals.mptcp_checksum=$mptcp_checksum
- set network.globals.mptcp_syn_retries=$mptcp_syn_retries
set network.globals.congestion=$congestion
commit network
EOF
+ if [ "$mptcp_path_manager" != "" ] && [ "$mptcp_scheduler" != "" ] && [ "$mptcp_syn_retries" != "" ]; then
+ uci -q batch <<-EOF >/dev/null
+ set network.globals.mptcp_path_manager=$mptcp_path_manager
+ set network.globals.mptcp_scheduler=$mptcp_scheduler
+ set network.globals.mptcp_syn_retries=$mptcp_syn_retries
+ commit network
+ EOF
+ fi
# Check if server get an IPv6, if not disable IPv6 on OMR
vps_ipv6_addr="$(echo "$vps_config" | jsonfilter -q -e '@.network.ipv6')"
diff --git a/openmptcprouter/files/etc/uci-defaults/1920-omr-network b/openmptcprouter/files/etc/uci-defaults/1920-omr-network
new file mode 100755
index 000000000..8e27a8332
--- /dev/null
+++ b/openmptcprouter/files/etc/uci-defaults/1920-omr-network
@@ -0,0 +1,305 @@
+#!/bin/sh
+. /lib/functions.sh
+
+_setup_macaddr() {
+ uci -q get "network.$1.macaddr" >/dev/null && return
+ uci -q set "network.$1.macaddr=$2"
+}
+
+_setup_macvlan() {
+ uci -q get "network.$1_dev.ifname" >/dev/null && return
+
+ # do not create macvlan for vlan
+ local _ifname
+ _ifname=$(uci -q get "network.$1.device")
+ case "$_ifname" in
+ eth*.*) return ;;
+ esac
+
+ uci -q batch <<-EOF
+ set network.$1_dev=device
+ set network.$1_dev.name=$1
+ set network.$1_dev.type=macvlan
+ set network.$1_dev.ifname=$_ifname
+ set network.$1_dev.mode='vepa'
+ set network.$1.device=$1
+ set network.$1.type=macvlan
+ set network.$1.masterintf=$_ifname
+ EOF
+ _macaddr=$(uci -q get "network.$1.macaddr")
+ _setup_macaddr "$1_dev" "${_macaddr:-auto$(date +%s)}"
+}
+
+#_setup_macvlan_update() {
+# uci -q get "network.$1_dev.device" >/dev/null || return
+#
+# uci -q batch <<-EOF
+# set macvlan.$1=macvlan
+# set macvlan.$1.device=$_ifname
+# commit macvlan
+# EOF
+#}
+
+_setup_mptcp_handover_to_on() {
+ if [ "$(uci -q get network.$1.multipath)" = "handover" ]; then
+ uci -q set network.$1.multipath=on
+ fi
+ if [ "$(uci -q get openmptcprouter.$1.multipath)" = "handover" ]; then
+ uci -q set openmptcprouter.$1.multipath=on
+ fi
+}
+
+_setup_multipath_off() {
+ uci -q get "network.$1.multipath" >/dev/null && return
+ uci -q set "network.$1.multipath=off"
+}
+
+_setup_wan_interface() {
+ uci -q batch <<-EOF
+ set network.$1=interface
+ set network.$1.device=$2
+ set network.$1.proto=static
+ set network.$1.ip4table=wan
+ set network.$1.multipath=$3
+ set network.$1.defaultroute=0
+ set network.${1}_dev=device
+ set network.${1}_dev.name=$2
+ commit network
+ add_list firewall.@zone[1].network=$1
+ commit firewall
+ EOF
+ [ -n "$4" ] && uci -q set network.$1.type=$4
+}
+
+config_load network
+#config_foreach _setup_macvlan_update interface
+config_foreach _setup_mptcp_handover_to_on interface
+
+if [ "$(uci -q show network.lan | grep multipath)" != "" ]; then
+ exit 0
+fi
+
+lanif="eth0"
+if [ "$(grep rockchip /etc/os-release)" != "" ]; then
+ lanif="eth1"
+elif [ -d /sys/class/net/lan0 -o -n "$(ip link | grep ' lan0')" ] && [ -d /sys/class/net/wan -o -n "$(ip link | grep ' wan@')" -o -n "$(ip link | grep ' wan:')" ]; then
+ lanif="wan"
+elif [ -d /sys/class/net/lan1 -o -n "$(ip link | grep ' lan1')" ] && [ -d /sys/class/net/wan -o -n "$(ip link | grep ' wan@')" -o -n "$(ip link | grep ' wan:')" ]; then
+ lanif="wan"
+elif [ -d /sys/class/net/lan ] || [ -n "$(ip link | grep ' lan')" ]; then
+ lanif="lan"
+elif [ "$(swconfig list 2>&1 | grep switch0)" != "" ] && [ -d '/sys/class/net/eth1.5' ]; then
+ lanif="eth1.5"
+ uci -q batch <<-EOF
+ set network.@switch_vlan[0]=switch_vlan
+ set network.@switch_vlan[0].device='switch0'
+ set network.@switch_vlan[0].vlan=1
+ set network.@switch_vlan[0].vid=1
+ set network.@switch_vlan[0].ports='3 5t'
+ add network switch_vlan
+ set network.@switch_vlan[1].device='switch0'
+ set network.@switch_vlan[1].vlan=2
+ set network.@switch_vlan[1].vid=2
+ set network.@switch_vlan[1].ports='2 5t'
+ add network switch_vlan
+ set network.@switch_vlan[2].device='switch0'
+ set network.@switch_vlan[2].vlan=3
+ set network.@switch_vlan[2].vid=3
+ set network.@switch_vlan[2].ports='1 5t'
+ add network switch_vlan
+ set network.@switch_vlan[3].device='switch0'
+ set network.@switch_vlan[3].vlan=4
+ set network.@switch_vlan[3].vid=4
+ set network.@switch_vlan[3].ports='0 5t'
+ add network switch_vlan
+ set network.@switch_vlan[4].device='switch0'
+ set network.@switch_vlan[4].vlan=5
+ set network.@switch_vlan[4].vid=5
+ set network.@switch_vlan[4].ports='4 6t'
+ EOF
+elif [ "$(swconfig list 2>&1 | grep switch0)" != "" ] && [ -d /sys/class/net/eth1 ]; then
+ lanif="eth1"
+elif [ ! -d /sys/class/net/eth1 ] && [ -d /sys/class/net/eth0 ]; then
+ lanif="eth0"
+fi
+uci -q batch <<-EOF
+delete network.lan.type
+set network.lan=interface
+set network.lan.proto=static
+set network.lan.ipaddr=192.168.100.1
+set network.lan.netmask=255.255.255.0
+set network.lan.device=${lanif}
+set network.lan.metric=2048
+set network.lan.ipv6=0
+set network.lan.delegate=0
+EOF
+
+uci -q batch <<-EOF
+delete network.none
+delete network.wan
+delete network.if6rd
+reorder network.loopback=0
+reorder network.globals=1
+reorder network.lan=2
+set network.globals.multipath=enable
+EOF
+
+# Set the ip rule for the lan with a pref of 100
+uci -q show network.lan_rule >/dev/null || \
+ uci -q batch <<-EOF
+ set network.lan_rule=rule
+ set network.lan_rule.lookup=lan
+ set network.lan_rule.priority=100
+ EOF
+
+if [ "$(uci -q get network.vpn0.proto)" = "none" ]; then
+ uci -q delete network.vpn0
+fi
+
+config_load network
+config_foreach _setup_multipath_off interface
+
+# Add the lan as a named routing table
+if ! grep -s -q "lan" /etc/iproute2/rt_tables; then
+ echo "50 lan" >> /etc/iproute2/rt_tables
+fi
+uci -q set network.lan.ip4table='lan'
+
+#uci -q set "network.lan.ip6assign=64"
+
+# Create WAN interfaces
+if [ "$(uci -q show network.wan1 | grep multipath)" = "" ] && [ -z "$(uci -q get network.wan1.multipath)" ]; then
+ if [ "$(grep rockchip /etc/os-release)" != "" ]; then
+ _setup_wan_interface wan1 eth0 master macvlan
+ _setup_wan_interface wan2 eth0 on macvlan
+ _setup_macvlan wan1
+ _setup_macvlan wan2
+ elif [ "$(swconfig list 2>&1 | grep switch0)" != "" ]; then
+ _setup_wan_interface wan1 eth0.1 master
+ _setup_wan_interface wan2 eth0.2 on
+ _setup_wan_interface wan3 eth0.3 on
+ _setup_wan_interface wan4 eth0.4 on
+ elif [ -d /sys/class/net/wan ] || [ -n "$(ip link | grep ' wan:')" ] || [ -n "$(ip link | grep ' wan@')" ]; then
+ if [ -d /sys/class/net/lan0 -o -n "$(ip link | grep ' lan0')" ] && [ -d /sys/class/net/lan1 -o -n "$(ip link | grep ' lan1')" ]; then
+ _setup_wan_interface wan1 lan0 master
+ _setup_wan_interface wan2 lan1 on
+
+ _macaddr=$(uci -q get "network.lan0.macaddr")
+ _setup_macaddr "wan1" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
+ _macaddr=$(uci -q get "network.lan1.macaddr")
+ _setup_macaddr "wan2" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
+ if [ -d /sys/class/net/lan2 ] || [ -n "$(ip link | grep ' lan2')" ]; then
+ _setup_wan_interface wan3 lan2 on
+ _macaddr=$(uci -q get "network.lan2.macaddr")
+ _setup_macaddr "wan3" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
+ if [ -d /sys/class/net/lan3 ] || [ -n "$(ip link | grep ' lan3')" ]; then
+ _setup_wan_interface wan4 lan3 on
+ _macaddr=$(uci -q get "network.lan3.macaddr")
+ _setup_macaddr "wan4" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
+ fi
+ fi
+ elif [ -d /sys/class/net/lan1 -o -n "$(ip link | grep ' lan1')" ] && [ -d /sys/class/net/lan2 -o -n "$(ip link | grep ' lan2')" ]; then
+ _setup_wan_interface wan1 lan1 master
+ _setup_wan_interface wan2 lan2 on
+
+ _macaddr=$(uci -q get "network.lan1.macaddr")
+ _setup_macaddr "wan1" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
+ _macaddr=$(uci -q get "network.lan2.macaddr")
+ _setup_macaddr "wan2" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
+ if [ -d /sys/class/net/lan3 ] || [ -n "$(ip link | grep ' lan3')" ]; then
+ _setup_wan_interface wan3 lan3 on
+ _macaddr=$(uci -q get "network.lan3.macaddr")
+ _setup_macaddr "wan3" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
+ if [ -d /sys/class/net/lan4 ] || [ -n "$(ip link | grep ' lan4')" ]; then
+ _setup_wan_interface wan4 lan4 on
+ _macaddr=$(uci -q get "network.lan4.macaddr")
+ _setup_macaddr "wan4" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
+ fi
+ fi
+ else
+ _setup_wan_interface wan1 wan master macvlan
+ _setup_wan_interface wan2 wan on macvlan
+ _setup_macvlan wan1
+ _setup_macvlan wan2
+ fi
+ elif [ -d /sys/class/net/wan1 ] || [ -n "$(ip link | grep ' wan1')" ]; then
+ if [ -d /sys/class/net/wan2 ] || [ -n "$(ip link | grep ' wan2')" ]; then
+ _setup_wan_interface wan1 wan1 master
+ _setup_wan_interface wan2 wan2 on
+
+ _macaddr=$(uci -q get "network.wan1.macaddr")
+ _setup_macaddr "wan1" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
+ _macaddr=$(uci -q get "network.wan2.macaddr")
+ _setup_macaddr "wan2" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
+
+ if [ -d /sys/class/net/wan3 ] || [ -n "$(ip link | grep ' wan3')" ]; then
+ _setup_wan_interface wan3 wan3 on
+ _macaddr=$(uci -q get "network.wan3.macaddr")
+ _setup_macaddr "wan3" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
+ if [ -d /sys/class/net/wan4 ] || [ -n "$(ip link | grep ' wan4')" ]; then
+ _setup_wan_interface wan4 wan4 on
+ _macaddr=$(uci -q get "network.wan4.macaddr")
+ _setup_macaddr "wan4" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
+ fi
+ fi
+ else
+ _setup_wan_interface wan1 wan1 master macvlan
+ _setup_wan_interface wan2 wan1 on macvlan
+ _setup_macvlan wan1
+ _setup_macvlan wan2
+ fi
+ elif [ -d /sys/class/net/eth1 ] || [ -n "$(ip link | grep ' eth1:')" ]; then
+ if [ -d /sys/class/net/eth2 ] || [ -n "$(ip link | grep ' eth2:')" ]; then
+ _setup_wan_interface wan1 eth1 master
+ _setup_wan_interface wan2 eth2 on
+ if [ -d /sys/class/net/eth3 ] || [ -n "$(ip link | grep ' eth3:')" ]; then
+ _setup_wan_interface wan3 eth3 on
+ fi
+ if [ -d /sys/class/net/eth4 ] || [ -n "$(ip link | grep ' eth4:')" ]; then
+ _setup_wan_interface wan4 eth4 on
+ fi
+ if [ -d /sys/class/net/eth5 ] || [ -n "$(ip link | grep ' eth5:')" ]; then
+ _setup_wan_interface wan5 eth5 on
+ fi
+ if [ -d /sys/class/net/eth6 ] || [ -n "$(ip link | grep ' eth6:')" ]; then
+ _setup_wan_interface wan6 eth6 on
+ fi
+ if [ -d /sys/class/net/eth7 ] || [ -n "$(ip link | grep ' eth7:')" ]; then
+ _setup_wan_interface wan7 eth7 on
+ fi
+ if [ -d /sys/class/net/eth8 ] || [ -n "$(ip link | grep ' eth8:')" ]; then
+ _setup_wan_interface wan8 eth8 on
+ fi
+ else
+ _setup_wan_interface wan1 eth1 master macvlan
+ _setup_wan_interface wan2 eth1 on macvlan
+ _setup_macvlan wan1
+ _setup_macvlan wan2
+ fi
+ elif [ -d /sys/class/net/eth0.1 ] && [ -d /sys/class/net/eth0.2 ]; then
+ _setup_wan_interface wan1 eth0.1 master
+ _setup_wan_interface wan2 eth0.2 on
+ else
+ _setup_wan_interface wan1 eth0 master macvlan
+ _setup_wan_interface wan2 eth0 on macvlan
+ _setup_macvlan wan1
+ _setup_macvlan wan2
+ fi
+ #uci -q batch <<-EOF
+ #add network route6
+ #set network.@route6[-1].interface='lan'
+ #set network.@route6[-1].target='::/0'
+ #EOF
+fi
+
+# Replace omrip to oip in config for old config
+sed -i 's/omrip/oip/g' /etc/config/*
+
+# Fix config from ifname to device for loopback
+uci -q delete network.loopback.ifname
+uci -q set network.loopback.device='lo'
+
+uci -q commit macvlan
+uci -q commit network
+rm -f /tmp/luci-indexcache
+exit 0
diff --git a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
index 9fb334602..fe0cbdf61 100755
--- a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
+++ b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
@@ -150,6 +150,14 @@ if [ "$(uci -q get firewall.gre_tunnel)" = "" ]; then
commit firewall
EOF
fi
+if [ "$(uci -q get firewall.ttl)" = "" ]; then
+ uci -q batch <<-EOF >/dev/null
+ set firewall.ttl=include
+ set firewall.ttl.path=/etc/firewall.ttl
+ set firewall.ttl.reload=1
+ commit firewall
+ EOF
+fi
if [ "$(uci -q get firewall.fwlantovpn)" = "" ]; then
uci -q batch <<-EOF >/dev/null
set firewall.zone_lan.auto_helper='0'