mptcp/openmptcprouter-feeds
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-feeds.git synced 2025-03-09 15:40:03 +00:00
Code Issues Releases Wiki Activity

Merge branch 'test' into develop

Browse source
This commit is contained in:
suyuan 2021-08-31 11:29:11 +08:00
commit 4bb85e9dad
17 changed files with 507 additions and 83 deletions
Download patch file Download diff file Expand all files Collapse all files

28
openmptcprouter/files/bin/blocklanfw
View file

@ -1,6 +1,6 @@
#!/bin/sh
ss_rules_fw_drop() {
fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
@ -8,18 +8,18 @@ ss_rules_fw_drop() {
fw=$((fw+1))
fi
done
fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
eval "iptables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
eval "iptables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
fw=$((fw+1))
fi
done
}
ss_rules6_fw_drop() {
fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
@ -27,18 +27,18 @@ ss_rules6_fw_drop() {
fw=$((fw+1))
fi
done
fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
eval "ip6tables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
eval "ip6tables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
fw=$((fw+1))
fi
done
}
v2r_rules_fw_drop() {
fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
@ -46,33 +46,35 @@ v2r_rules_fw_drop() {
fw=$((fw+1))
fi
done
fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
eval "iptables -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
eval "iptables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
fw=$((fw+1))
fi
done
}
v2ray_rules6_fw_drop() {
fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
eval "ip6tables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
fi
done
fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
eval "ip6tables -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
eval "ip6tables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
fi
done
}
[ -n "$(pgrep blocklanfw)" ] && exit 0
[ -z "$(iptables-save | grep zone_lan)" ] && exit 0
fw=0
if [ "$(uci -q get openmptcprouter.settings.proxy)" = "shadowsocks" ]; then
ss_rules6_fw_drop
@ -81,7 +83,7 @@ elif [ "$(uci -q get openmptcprouter.settings.proxy)" = "v2ray" ]; then
v2r_rules_fw_drop
v2ray_rules6_fw_drop
fi
rule=$(fw3 -4 print | grep 'A PREROUTING' | grep zone_lan_prerouting | sed 's/-A PREROUTING/-D PREROUTING/')
rule=$(timeout 1 fw3 -4 print | grep 'A PREROUTING' | grep zone_lan_prerouting | sed 's/-A PREROUTING/-D PREROUTING/')
eval "$rule 2>&1 >/dev/null"
newrule=$(echo "$rule" | sed 's/-D PREROUTING/-I PREROUTING 1/')
eval "$newrule 2>&1 >/dev/null"

14
openmptcprouter/files/etc/firewall.ttl Normal file
View file

@ -0,0 +1,14 @@
#!/bin/sh
. /lib/functions.sh
_set_ttl() {
device=$(uci -q get network.$1.name)
ttl=$(uci -q get network.$1.ttl)
if [ -n "$ttl" ] && [ -z "$(iptables-save | grep TTL | grep $device)" ]; then
iptables -w -t mangle -I POSTROUTING -o $device -j TTL --ttl-set $ttl 2>&1 >/dev/null
fi
}
config_load network
config_foreach _set_ttl device

21
openmptcprouter/files/etc/init.d/openmptcprouter-vps
View file

@ -221,6 +221,8 @@ _get_ss_redir() {
[ "$cf_fast_open" = "1" ] && fast_open="true"
config_get cf_no_delay $1 no_delay
[ "$cf_no_delay" = "1" ] && no_delay="true"
config_get cf_mptcp $1 mptcp
[ "$cf_mptcp" = "1" ] && mptcp="true"
}
_get_ss_server() {
@ -253,10 +255,12 @@ _set_ss_server_vps() {
current_obfs_type="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.obfs_type')"
current_fast_open="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.fast_open')"
current_no_delay="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.no_delay')"
current_mptcp="$(echo "$vps_config" | jsonfilter -q -e '@.shadowsocks.mptcp')"
ebpf="false"
fast_open="false"
no_delay="false"
mptcp="false"
obfs="false"
obfs_plugin="v2ray"
obfs_type="http"
@ -264,9 +268,9 @@ _set_ss_server_vps() {
config_foreach _get_ss_redir ss_redir
config_foreach _get_ss_server server
if [ "$current_obfs_plugin" != "$obfs_plugin" ] || [ "$current_obfs_type" != "$obfs_type" ] || [ "$current_port" != "$port" ] || [ "$current_method" != "$method" ] || [ "$current_key" != "$key" ] || [ "$current_ebpf" != "$ebpf" ] || [ "$current_obfs" != "$obfs" ] || [ "$current_fast_open" != "$fast_open" ] || [ "$current_no_delay" != "$no_delay" ]; then
if [ "$current_mptcp" != "$mptcp" ] || [ "$current_obfs_plugin" != "$obfs_plugin" ] || [ "$current_obfs_type" != "$obfs_type" ] || [ "$current_port" != "$port" ] || [ "$current_method" != "$method" ] || [ "$current_key" != "$key" ] || [ "$current_ebpf" != "$ebpf" ] || [ "$current_obfs" != "$obfs" ] || [ "$current_fast_open" != "$fast_open" ] || [ "$current_no_delay" != "$no_delay" ]; then
local settings
settings='{"port": '$port',"method":"'$method'","fast_open":'$fast_open',"reuse_port":true,"no_delay":'$no_delay',"mptcp":true,"key":"'$key'","ebpf":'$ebpf',"obfs":'$obfs',"obfs_plugin":"'$obfs_plugin'","obfs_type":"'$obfs_type'"}'
settings='{"port": '$port',"method":"'$method'","fast_open":'$fast_open',"reuse_port":true,"no_delay":'$no_delay',"mptcp":'$mptcp',"key":"'$key'","ebpf":'$ebpf',"obfs":'$obfs',"obfs_plugin":"'$obfs_plugin'","obfs_type":"'$obfs_type'"}'
_set_json "shadowsocks" "$settings"
fi
}
@ -736,7 +740,7 @@ _set_mptcp_vps() {
syn_retries="$(uci -q get network.globals.mptcp_syn_retries)"
congestion="$(uci -q get network.globals.congestion)"
[ -z "$congestion" ] && congestion="bbr"
if [ "$mptcp_enabled_current" != "$mptcp_enabled" ] || [ "$checksum_current" != "$checksum" ] || [ "$path_manager_current" != "$path_manager" ] || [ "$scheduler_current" != "$scheduler" ] || [ "$syn_retries_current" != "$syn_retries" ] || [ "$congestion_control_current" != "$congestion" ]; then
if [ "$mptcp_enabled_current" != "$mptcp_enabled" ] || [ "$checksum_current" != "$checksum" ] || ([ "$path_manager_current" != "" ] && [ "$path_manager_current" != "$path_manager" ]) || ([ "$scheduler_current" != "" ] && [ "$scheduler_current" != "$scheduler" ]) || ([ "$syn_retries_current" != "" ] && [ "$syn_retries_current" != "$syn_retries" ]) || [ "$congestion_control_current" != "$congestion" ]; then
settings='{"enabled" : "'$mptcp_enabled'", "checksum": "'$checksum'","path_manager": "'$path_manager'","scheduler": "'$scheduler'","syn_retries": "'$syn_retries'","congestion_control": "'$congestion'"}'
echo $(_set_json "mptcp" "$settings")
else
@ -1542,13 +1546,18 @@ _set_config_from_vps() {
congestion="$(echo "$vps_config" | jsonfilter -q -e '@.network.congestion_control')"
uci -q batch <<-EOF >/dev/null
set network.globals.multipath=$mptcp_enabled
set network.globals.mptcp_path_manager=$mptcp_path_manager
set network.globals.mptcp_scheduler=$mptcp_scheduler
set network.globals.mptcp_checksum=$mptcp_checksum
set network.globals.mptcp_syn_retries=$mptcp_syn_retries
set network.globals.congestion=$congestion
commit network
EOF
if [ "$mptcp_path_manager" != "" ] && [ "$mptcp_scheduler" != "" ] && [ "$mptcp_syn_retries" != "" ]; then
uci -q batch <<-EOF >/dev/null
set network.globals.mptcp_path_manager=$mptcp_path_manager
set network.globals.mptcp_scheduler=$mptcp_scheduler
set network.globals.mptcp_syn_retries=$mptcp_syn_retries
commit network
EOF
fi
# Check if server get an IPv6, if not disable IPv6 on OMR
vps_ipv6_addr="$(echo "$vps_config" | jsonfilter -q -e '@.network.ipv6')"

305
openmptcprouter/files/etc/uci-defaults/1920-omr-network Executable file
View file

@ -0,0 +1,305 @@
#!/bin/sh
. /lib/functions.sh
_setup_macaddr() {
uci -q get "network.$1.macaddr" >/dev/null && return
uci -q set "network.$1.macaddr=$2"
}
_setup_macvlan() {
uci -q get "network.$1_dev.ifname" >/dev/null && return
# do not create macvlan for vlan
local _ifname
_ifname=$(uci -q get "network.$1.device")
case "$_ifname" in
eth*.*) return ;;
esac
uci -q batch <<-EOF
set network.$1_dev=device
set network.$1_dev.name=$1
set network.$1_dev.type=macvlan
set network.$1_dev.ifname=$_ifname
set network.$1_dev.mode='vepa'
set network.$1.device=$1
set network.$1.type=macvlan
set network.$1.masterintf=$_ifname
EOF
_macaddr=$(uci -q get "network.$1.macaddr")
_setup_macaddr "$1_dev" "${_macaddr:-auto$(date +%s)}"
}
#_setup_macvlan_update() {
# uci -q get "network.$1_dev.device" >/dev/null || return
#
# uci -q batch <<-EOF
# set macvlan.$1=macvlan
# set macvlan.$1.device=$_ifname
# commit macvlan
# EOF
#}
_setup_mptcp_handover_to_on() {
if [ "$(uci -q get network.$1.multipath)" = "handover" ]; then
uci -q set network.$1.multipath=on
fi
if [ "$(uci -q get openmptcprouter.$1.multipath)" = "handover" ]; then
uci -q set openmptcprouter.$1.multipath=on
fi
}
_setup_multipath_off() {
uci -q get "network.$1.multipath" >/dev/null && return
uci -q set "network.$1.multipath=off"
}
_setup_wan_interface() {
uci -q batch <<-EOF
set network.$1=interface
set network.$1.device=$2
set network.$1.proto=static
set network.$1.ip4table=wan
set network.$1.multipath=$3
set network.$1.defaultroute=0
set network.${1}_dev=device
set network.${1}_dev.name=$2
commit network
add_list firewall.@zone[1].network=$1
commit firewall
EOF
[ -n "$4" ] && uci -q set network.$1.type=$4
}
config_load network
#config_foreach _setup_macvlan_update interface
config_foreach _setup_mptcp_handover_to_on interface
if [ "$(uci -q show network.lan | grep multipath)" != "" ]; then
exit 0
fi
lanif="eth0"
if [ "$(grep rockchip /etc/os-release)" != "" ]; then
lanif="eth1"
elif [ -d /sys/class/net/lan0 -o -n "$(ip link | grep ' lan0')" ] && [ -d /sys/class/net/wan -o -n "$(ip link | grep ' wan@')" -o -n "$(ip link | grep ' wan:')" ]; then
lanif="wan"
elif [ -d /sys/class/net/lan1 -o -n "$(ip link | grep ' lan1')" ] && [ -d /sys/class/net/wan -o -n "$(ip link | grep ' wan@')" -o -n "$(ip link | grep ' wan:')" ]; then
lanif="wan"
elif [ -d /sys/class/net/lan ] || [ -n "$(ip link | grep ' lan')" ]; then
lanif="lan"
elif [ "$(swconfig list 2>&1 | grep switch0)" != "" ] && [ -d '/sys/class/net/eth1.5' ]; then
lanif="eth1.5"
uci -q batch <<-EOF
set network.@switch_vlan[0]=switch_vlan
set network.@switch_vlan[0].device='switch0'
set network.@switch_vlan[0].vlan=1
set network.@switch_vlan[0].vid=1
set network.@switch_vlan[0].ports='3 5t'
add network switch_vlan
set network.@switch_vlan[1].device='switch0'
set network.@switch_vlan[1].vlan=2
set network.@switch_vlan[1].vid=2
set network.@switch_vlan[1].ports='2 5t'
add network switch_vlan
set network.@switch_vlan[2].device='switch0'
set network.@switch_vlan[2].vlan=3
set network.@switch_vlan[2].vid=3
set network.@switch_vlan[2].ports='1 5t'
add network switch_vlan
set network.@switch_vlan[3].device='switch0'
set network.@switch_vlan[3].vlan=4
set network.@switch_vlan[3].vid=4
set network.@switch_vlan[3].ports='0 5t'
add network switch_vlan
set network.@switch_vlan[4].device='switch0'
set network.@switch_vlan[4].vlan=5
set network.@switch_vlan[4].vid=5
set network.@switch_vlan[4].ports='4 6t'
EOF
elif [ "$(swconfig list 2>&1 | grep switch0)" != "" ] && [ -d /sys/class/net/eth1 ]; then
lanif="eth1"
elif [ ! -d /sys/class/net/eth1 ] && [ -d /sys/class/net/eth0 ]; then
lanif="eth0"
fi
uci -q batch <<-EOF
delete network.lan.type
set network.lan=interface
set network.lan.proto=static
set network.lan.ipaddr=192.168.100.1
set network.lan.netmask=255.255.255.0
set network.lan.device=${lanif}
set network.lan.metric=2048
set network.lan.ipv6=0
set network.lan.delegate=0
EOF
uci -q batch <<-EOF
delete network.none
delete network.wan
delete network.if6rd
reorder network.loopback=0
reorder network.globals=1
reorder network.lan=2
set network.globals.multipath=enable
EOF
# Set the ip rule for the lan with a pref of 100
uci -q show network.lan_rule >/dev/null || \
uci -q batch <<-EOF
set network.lan_rule=rule
set network.lan_rule.lookup=lan
set network.lan_rule.priority=100
EOF
if [ "$(uci -q get network.vpn0.proto)" = "none" ]; then
uci -q delete network.vpn0
fi
config_load network
config_foreach _setup_multipath_off interface
# Add the lan as a named routing table
if ! grep -s -q "lan" /etc/iproute2/rt_tables; then
echo "50 lan" >> /etc/iproute2/rt_tables
fi
uci -q set network.lan.ip4table='lan'
#uci -q set "network.lan.ip6assign=64"
# Create WAN interfaces
if [ "$(uci -q show network.wan1 | grep multipath)" = "" ] && [ -z "$(uci -q get network.wan1.multipath)" ]; then
if [ "$(grep rockchip /etc/os-release)" != "" ]; then
_setup_wan_interface wan1 eth0 master macvlan
_setup_wan_interface wan2 eth0 on macvlan
_setup_macvlan wan1
_setup_macvlan wan2
elif [ "$(swconfig list 2>&1 | grep switch0)" != "" ]; then
_setup_wan_interface wan1 eth0.1 master
_setup_wan_interface wan2 eth0.2 on
_setup_wan_interface wan3 eth0.3 on
_setup_wan_interface wan4 eth0.4 on
elif [ -d /sys/class/net/wan ] || [ -n "$(ip link | grep ' wan:')" ] || [ -n "$(ip link | grep ' wan@')" ]; then
if [ -d /sys/class/net/lan0 -o -n "$(ip link | grep ' lan0')" ] && [ -d /sys/class/net/lan1 -o -n "$(ip link | grep ' lan1')" ]; then
_setup_wan_interface wan1 lan0 master
_setup_wan_interface wan2 lan1 on
_macaddr=$(uci -q get "network.lan0.macaddr")
_setup_macaddr "wan1" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
_macaddr=$(uci -q get "network.lan1.macaddr")
_setup_macaddr "wan2" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
if [ -d /sys/class/net/lan2 ] || [ -n "$(ip link | grep ' lan2')" ]; then
_setup_wan_interface wan3 lan2 on
_macaddr=$(uci -q get "network.lan2.macaddr")
_setup_macaddr "wan3" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
if [ -d /sys/class/net/lan3 ] || [ -n "$(ip link | grep ' lan3')" ]; then
_setup_wan_interface wan4 lan3 on
_macaddr=$(uci -q get "network.lan3.macaddr")
_setup_macaddr "wan4" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
fi
fi
elif [ -d /sys/class/net/lan1 -o -n "$(ip link | grep ' lan1')" ] && [ -d /sys/class/net/lan2 -o -n "$(ip link | grep ' lan2')" ]; then
_setup_wan_interface wan1 lan1 master
_setup_wan_interface wan2 lan2 on
_macaddr=$(uci -q get "network.lan1.macaddr")
_setup_macaddr "wan1" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
_macaddr=$(uci -q get "network.lan2.macaddr")
_setup_macaddr "wan2" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
if [ -d /sys/class/net/lan3 ] || [ -n "$(ip link | grep ' lan3')" ]; then
_setup_wan_interface wan3 lan3 on
_macaddr=$(uci -q get "network.lan3.macaddr")
_setup_macaddr "wan3" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
if [ -d /sys/class/net/lan4 ] || [ -n "$(ip link | grep ' lan4')" ]; then
_setup_wan_interface wan4 lan4 on
_macaddr=$(uci -q get "network.lan4.macaddr")
_setup_macaddr "wan4" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
fi
fi
else
_setup_wan_interface wan1 wan master macvlan
_setup_wan_interface wan2 wan on macvlan
_setup_macvlan wan1
_setup_macvlan wan2
fi
elif [ -d /sys/class/net/wan1 ] || [ -n "$(ip link | grep ' wan1')" ]; then
if [ -d /sys/class/net/wan2 ] || [ -n "$(ip link | grep ' wan2')" ]; then
_setup_wan_interface wan1 wan1 master
_setup_wan_interface wan2 wan2 on
_macaddr=$(uci -q get "network.wan1.macaddr")
_setup_macaddr "wan1" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
_macaddr=$(uci -q get "network.wan2.macaddr")
_setup_macaddr "wan2" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
if [ -d /sys/class/net/wan3 ] || [ -n "$(ip link | grep ' wan3')" ]; then
_setup_wan_interface wan3 wan3 on
_macaddr=$(uci -q get "network.wan3.macaddr")
_setup_macaddr "wan3" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
if [ -d /sys/class/net/wan4 ] || [ -n "$(ip link | grep ' wan4')" ]; then
_setup_wan_interface wan4 wan4 on
_macaddr=$(uci -q get "network.wan4.macaddr")
_setup_macaddr "wan4" "${_macaddr:-$(dd if=/dev/urandom bs=1024 count=1 2>/dev/null | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/\1:\2:\3:\4:\5:\6/' -e 's/^\(.\)[13579bdf]/\10/')}"
fi
fi
else
_setup_wan_interface wan1 wan1 master macvlan
_setup_wan_interface wan2 wan1 on macvlan
_setup_macvlan wan1
_setup_macvlan wan2
fi
elif [ -d /sys/class/net/eth1 ] || [ -n "$(ip link | grep ' eth1:')" ]; then
if [ -d /sys/class/net/eth2 ] || [ -n "$(ip link | grep ' eth2:')" ]; then
_setup_wan_interface wan1 eth1 master
_setup_wan_interface wan2 eth2 on
if [ -d /sys/class/net/eth3 ] || [ -n "$(ip link | grep ' eth3:')" ]; then
_setup_wan_interface wan3 eth3 on
fi
if [ -d /sys/class/net/eth4 ] || [ -n "$(ip link | grep ' eth4:')" ]; then
_setup_wan_interface wan4 eth4 on
fi
if [ -d /sys/class/net/eth5 ] || [ -n "$(ip link | grep ' eth5:')" ]; then
_setup_wan_interface wan5 eth5 on
fi
if [ -d /sys/class/net/eth6 ] || [ -n "$(ip link | grep ' eth6:')" ]; then
_setup_wan_interface wan6 eth6 on
fi
if [ -d /sys/class/net/eth7 ] || [ -n "$(ip link | grep ' eth7:')" ]; then
_setup_wan_interface wan7 eth7 on
fi
if [ -d /sys/class/net/eth8 ] || [ -n "$(ip link | grep ' eth8:')" ]; then
_setup_wan_interface wan8 eth8 on
fi
else
_setup_wan_interface wan1 eth1 master macvlan
_setup_wan_interface wan2 eth1 on macvlan
_setup_macvlan wan1
_setup_macvlan wan2
fi
elif [ -d /sys/class/net/eth0.1 ] && [ -d /sys/class/net/eth0.2 ]; then
_setup_wan_interface wan1 eth0.1 master
_setup_wan_interface wan2 eth0.2 on
else
_setup_wan_interface wan1 eth0 master macvlan
_setup_wan_interface wan2 eth0 on macvlan
_setup_macvlan wan1
_setup_macvlan wan2
fi
#uci -q batch <<-EOF
#add network route6
#set network.@route6[-1].interface='lan'
#set network.@route6[-1].target='::/0'
#EOF
fi
# Replace omrip to oip in config for old config
sed -i 's/omrip/oip/g' /etc/config/*
# Fix config from ifname to device for loopback
uci -q delete network.loopback.ifname
uci -q set network.loopback.device='lo'
uci -q commit macvlan
uci -q commit network
rm -f /tmp/luci-indexcache
exit 0

8
openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
View file

@ -150,6 +150,14 @@ if [ "$(uci -q get firewall.gre_tunnel)" = "" ]; then
commit firewall
EOF
fi
if [ "$(uci -q get firewall.ttl)" = "" ]; then
uci -q batch <<-EOF >/dev/null
set firewall.ttl=include
set firewall.ttl.path=/etc/firewall.ttl
set firewall.ttl.reload=1
commit firewall
EOF
fi
if [ "$(uci -q get firewall.fwlantovpn)" = "" ]; then
uci -q batch <<-EOF >/dev/null
set firewall.zone_lan.auto_helper='0'