From 4c56f5402fbe8ab99196f2e15de6d780dd37c6b8 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 19 May 2021 19:37:17 +0200 Subject: [PATCH] Add check on VPS and IP timeout config in web interface and add loop detection --- .../luasrc/controller/openmptcprouter.lua | 12 +++++++ .../luasrc/view/openmptcprouter/settings.htm | 31 +++++++++++++++++++ .../luasrc/view/openmptcprouter/wanstatus.htm | 5 +++ luci-app-openmptcprouter/root/bin/omr-ip-intf | 7 +++-- .../root/bin/omr-ip6-intf | 7 +++-- .../root/bin/omr-mptcp-intf | 10 +++--- .../root/bin/omr-routing-loop | 9 ++++++ .../root/etc/uci-defaults/openmptcprouter | 4 +-- .../root/usr/libexec/rpcd/openmptcprouter | 9 ++++-- .../share/omr/post-tracking.d/post-tracking | 29 +++++++++++++++++ 10 files changed, 111 insertions(+), 12 deletions(-) create mode 100755 luci-app-openmptcprouter/root/bin/omr-routing-loop diff --git a/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua b/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua index decb088aa..9aef3a1f7 100644 --- a/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua +++ b/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua @@ -1001,6 +1001,18 @@ function settings_add() local disablegwping = luci.http.formvalue("disablegwping") or "0" ucic:set("openmptcprouter","settings","disablegwping",disablegwping) + -- VPS timeout + local status_vps_timeout = luci.http.formvalue("status_vps_timeout") or "1" + ucic:set("openmptcprouter","settings","status_vps_timeout",status_vps_timeout) + + -- IP timeout + local status_getip_timeout = luci.http.formvalue("status_getip_timeout") or "1" + ucic:set("openmptcprouter","settings","status_getip_timeout",status_getip_timeout) + + -- Enable/disable loop detection + local disableloopdetection = luci.http.formvalue("disableloopdetection") or "0" + ucic:set("openmptcprouter","settings","disableloopdetection",disableloopdetection) + -- Enable/disable renaming intf local disableintfrename = luci.http.formvalue("disableintfrename") or "0" ucic:set("openmptcprouter","settings","disableintfrename",disableintfrename) diff --git a/luci-app-openmptcprouter/luasrc/view/openmptcprouter/settings.htm b/luci-app-openmptcprouter/luasrc/view/openmptcprouter/settings.htm index cdcd3c958..67bfa50c1 100644 --- a/luci-app-openmptcprouter/luasrc/view/openmptcprouter/settings.htm +++ b/luci-app-openmptcprouter/luasrc/view/openmptcprouter/settings.htm @@ -254,6 +254,27 @@ +
+ +
+ "> +
+
+ <%:Timeout for VPS checks on status pages%> +
+
+
+
+ +
+ "> +
+
+ <%:Timeout for retrieving WANs IP on status pages%> +
+
+
+
@@ -290,6 +311,16 @@
+
+ +
+ checked<% end %>> +
+
+ <%:Disable route loop detection%> +
+
+
diff --git a/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wanstatus.htm b/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wanstatus.htm index 73beda8bf..5f248ab31 100644 --- a/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wanstatus.htm +++ b/luci-app-openmptcprouter/luasrc/view/openmptcprouter/wanstatus.htm @@ -463,6 +463,7 @@ local statuslogo = ucic:get("openmptcprouter","settings","statuslogo") or "openm var multipath_state = mArray.wans[i].multipath_state; var duplicateif = mArray.wans[i].duplicateif; var duplicatemac = mArray.wans[i].duplicatemac; + var loop = mArray.wans[i].loop; // Generate template if(mArray.openmptcprouter.remote_from_lease == true && mArray.wans.length == 1) { @@ -622,6 +623,10 @@ local statuslogo = ucic:get("openmptcprouter","settings","statuslogo") or "openm statusMessage += '<%:Network interface MAC address duplicated%>' + '
'; statusMessageClass = "error"; } + if(loop) + { + statusMessage += '<%:Looping route detected%>' + '
'; + } if(ipv6_discover == 'DETECTED') { statusMessage += '<%:IPv6 route received%>' + '
' diff --git a/luci-app-openmptcprouter/root/bin/omr-ip-intf b/luci-app-openmptcprouter/root/bin/omr-ip-intf index d09dfa07d..1fffd1036 100755 --- a/luci-app-openmptcprouter/root/bin/omr-ip-intf +++ b/luci-app-openmptcprouter/root/bin/omr-ip-intf @@ -3,11 +3,14 @@ intf=$1 +timeout=$(uci -q get openmptcprouter.settings.status_getip_timeout) +[ -z "$timeout" ] && timeout="1" + get_ip_from_server() { serverport=$(uci -q get openmptcprouter.$1.port) get_ip() { serverip=$1 - getip="$(curl -s -k -4 -m 2 --interface $intf https://$serverip:$serverport/clienthost)" + getip="$(curl -s -k -4 -m ${timeout} --interface $intf https://$serverip:$serverport/clienthost)" [ -n "$getip" ] && getip=$(echo $getip | jsonfilter -e '@.client_host') if expr "$getip" : '[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$' >/dev/null; then ip=$getip @@ -23,7 +26,7 @@ get_ip_from_website() { [ -z "$check_ipv4_website" ] && check_ipv4_website="http://ip.openmptcprouter.com" checkip=$(echo $check_ipv4_website | sed -e 's/https:\/\///' -e 's/http:\/\///' | xargs dig +short A | tr -d "\n") ipset add ss_rules_dst_bypass_all $checkip > /dev/null 2>&1 - getip="$(curl -s -4 -m 2 --interface $intf $check_ipv4_website)" + getip="$(curl -s -4 -m ${timeout} --interface $intf $check_ipv4_website)" ipset del ss_rules_dst_bypass_all $checkip > /dev/null 2>&1 if expr "$getip" : '[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*$' >/dev/null; then ip=$getip diff --git a/luci-app-openmptcprouter/root/bin/omr-ip6-intf b/luci-app-openmptcprouter/root/bin/omr-ip6-intf index 12e3bdbc3..2166441d9 100755 --- a/luci-app-openmptcprouter/root/bin/omr-ip6-intf +++ b/luci-app-openmptcprouter/root/bin/omr-ip6-intf @@ -3,10 +3,13 @@ intf=$1 +timeout=$(uci -q get openmptcprouter.settings.status_getip_timeout) +[ -z "$timeout" ] && timeout="1" + get_ip_from_server() { serverport=$(uci -q get openmptcprouter.$1.port) get_ip() { - getip="$(curl -s -k -6 -m 2 --interface $intf https://$serverip:$serverport/clienthost)" + getip="$(curl -s -k -6 -m ${timeout} --interface $intf https://$serverip:$serverport/clienthost)" [ -n "$getip" ] && getip=$(echo $getip | jsonfilter -e '@.client_host') if [ -n "$(echo "$getip" | grep :)" ]; then ip=$getip @@ -22,7 +25,7 @@ get_ip_from_website() { [ -z "$check_ipv6_website" ] && check_ipv6_website="http://ipv6.openmptcprouter.com" checkip=$(echo $check_ipv6_website | sed -e 's/https:\/\///' -e 's/http:\/\///' | xargs dig +short AAAA | tr -d "\n") ipset add ss_rules6_dst_bypass_all $checkip > /dev/null 2>&1 - getip="$(curl -s -6 -m 2 --interface $intf $check_ipv6_website)" + getip="$(curl -s -6 -m ${timeout} --interface $intf $check_ipv6_website)" ipset del ss_rules6_dst_bypass_all $checkip > /dev/null 2>&1 if [ -n "$(echo "$getip" | grep :)" ]; then ip=$getip diff --git a/luci-app-openmptcprouter/root/bin/omr-mptcp-intf b/luci-app-openmptcprouter/root/bin/omr-mptcp-intf index 9df22c688..d2a74b245 100755 --- a/luci-app-openmptcprouter/root/bin/omr-mptcp-intf +++ b/luci-app-openmptcprouter/root/bin/omr-mptcp-intf @@ -2,6 +2,8 @@ . /lib/functions.sh intf=$1 +timeout="$(uci -q get openmptcprouter.settings.status_vps_timeout)" +[ -z "$timeout" ] && timeout="1" [ -z "$intf" ] && return @@ -10,9 +12,9 @@ get_mptcp_from_server() { get_mptcp() { serverip=$1 if [ "$(echo $serverip | grep :)" ]; then - support="$(curl -s -k -6 -m 2 --interface $intf https://[$serverip]:$serverport/mptcpsupport)" + support="$(curl -s -k -6 -m ${timeout} --interface $intf https://[$serverip]:$serverport/mptcpsupport)" else - support="$(curl -s -k -4 -m 2 --interface $intf https://$serverip:$serverport/mptcpsupport)" + support="$(curl -s -k -4 -m ${timeout} --interface $intf https://$serverip:$serverport/mptcpsupport)" fi [ -n "$support" ] && { support=$(echo $support | jsonfilter -e '@.mptcp') @@ -26,7 +28,7 @@ get_mptcp_from_server() { get_mptcp_from_website() { multipathip=$(dig +short A multipath-tcp.org | tr -d "\n") ipset add ss_rules_dst_bypass_all $multipathip > /dev/null 2>&1 - support="$(curl -s -4 -m 2 --interface $intf http://www.multipath-tcp.org)" + support="$(curl -s -4 -m ${timeout} --interface $intf http://www.multipath-tcp.org)" ipset del ss_rules_dst_bypass_all $multipathip > /dev/null 2>&1 [ -n "$support" ] && { if [ "$support" = "Yay, you are MPTCP-capable! You can now rest in peace." ]; then @@ -40,7 +42,7 @@ get_mptcp_from_website() { get_mptcp_from_website6() { multipathip=$(dig +short AAAA multipath-tcp.org | tr -d "\n") ipset add ss_rules6_dst_bypass_all $multipathip > /dev/null 2>&1 - support="$(curl -s -6 -m 2 --interface $intf http://www.multipath-tcp.org)" + support="$(curl -s -6 -m ${timeout} --interface $intf http://www.multipath-tcp.org)" ipset del ss_rules6_dst_bypass_all $multipathip > /dev/null 2>&1 [ -n "$support" ] && { if [ "$support" = "Yay, you are MPTCP-capable! You can now rest in peace." ]; then diff --git a/luci-app-openmptcprouter/root/bin/omr-routing-loop b/luci-app-openmptcprouter/root/bin/omr-routing-loop new file mode 100755 index 000000000..396498470 --- /dev/null +++ b/luci-app-openmptcprouter/root/bin/omr-routing-loop @@ -0,0 +1,9 @@ +#!/bin/sh +VPS=$1 +LANIP=$2 + +if [ -n "$(traceroute -q 1 -i eth1 -w 1 -n -m 5 ${VPS} | grep ${LANIP})" ]; then + echo "detected" +else + echo "no loop" +fi \ No newline at end of file diff --git a/luci-app-openmptcprouter/root/etc/uci-defaults/openmptcprouter b/luci-app-openmptcprouter/root/etc/uci-defaults/openmptcprouter index fbcc9968e..f8a0dc21c 100755 --- a/luci-app-openmptcprouter/root/etc/uci-defaults/openmptcprouter +++ b/luci-app-openmptcprouter/root/etc/uci-defaults/openmptcprouter @@ -88,13 +88,13 @@ if [ "$(uci -q get openmptcprouter.settings.check_ipv6_website)" = "" ]; then fi if [ "$(uci -q get openmptcprouter.settings.status_vps_timeout)" = "" ]; then uci -q batch <<-EOF >/dev/null - set openmptcprouter.settings.status_vps_timeout=2 + set openmptcprouter.settings.status_vps_timeout=1 commit openmptcprouter EOF fi if [ "$(uci -q get openmptcprouter.settings.status_getip_timeout)" = "" ]; then uci -q batch <<-EOF >/dev/null - set openmptcprouter.settings.status_getip_timeout=2 + set openmptcprouter.settings.status_getip_timeout=1 commit openmptcprouter EOF fi diff --git a/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter b/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter index cdd3308df..350172aad 100755 --- a/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter +++ b/luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter @@ -763,7 +763,7 @@ function interfaces_status() mArray.openmptcprouter["omr_time"] = os.time() -- dns mArray.openmptcprouter["dns"] = false - local timeout = uci:get("openmptcprouter","settings","status_getip_timeout") or "2" + local timeout = uci:get("openmptcprouter","settings","status_getip_timeout") or "1" local dns_test = sys.exec("dig +timeout=" .. timeout .. " +tries=1 openmptcprouter.com | grep 'ANSWER: 0'") if dns_test == "" then mArray.openmptcprouter["dns"] = true @@ -848,7 +848,7 @@ function interfaces_status() mArray.openmptcprouter["vps_omr_version"] = uci:get("openmptcprouter", s[".name"], "omr_version") or "" mArray.openmptcprouter["vps_kernel"] = uci:get("openmptcprouter",s[".name"],"kernel") or "" mArray.openmptcprouter["vps_machine"] = uci:get("openmptcprouter",s[".name"],"machine") or "" - timeout = uci:get("openmptcprouter","settings","status_vps_timeout") or "2" + timeout = uci:get("openmptcprouter","settings","status_vps_timeout") or "1" if uci:get("openmptcprouter",s[".name"],"admin_error") == "1" then mArray.openmptcprouter["vps_admin_error"] = true end @@ -1484,6 +1484,10 @@ function interfaces_status() end end end + loop = false + if uci:get("openmptcprouter", interface, "loop") == "1" then + loop = true + end end local rx = "" local tx = "" @@ -1536,6 +1540,7 @@ function interfaces_status() zonewan = zonewan, iftype = itype, state = state, + loop = loop, } if ifname ~= nil and ifname:match("^tun.*") then table.insert(mArray.tunnels, data); diff --git a/mptcp/files/usr/share/omr/post-tracking.d/post-tracking b/mptcp/files/usr/share/omr/post-tracking.d/post-tracking index f660a6089..7e79ebc43 100755 --- a/mptcp/files/usr/share/omr/post-tracking.d/post-tracking +++ b/mptcp/files/usr/share/omr/post-tracking.d/post-tracking @@ -1124,6 +1124,35 @@ if [ "$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.lc)" = "" ] || [ $(($( [ -n "$asn" ] && { uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.asn="$asn" } + + # Routing loop detection + local lanip="$(uci -q network.lan.ipaddr)" + local masterip + get_master_ip() { + if [ "$(openmptcprouter.$1.multipath)" = "master" ]; then + masterip="$(uci -q get openmptcprouter.$1.publicip)" + fi + } + config_load openmptcprouter + config_foreach get_master_ip interface + if [ -n "$lanip" ] && [ -n "$masterip" ] && [ -n "$ipaddr" ] && [ "$ipaddr" = "$masterip" ] && [ "$(uci -q get openmptcprouter.settings.disableloopdetection)" != "1" ]; then + loop=0 + routingloop() { + if [ "$(omr-routing-loop $1 $lanip)" = "detected" ]; then + loop=1 + fi + } + config_load openmptcprouter + config_foreach routingloop server + if [ "$loop" = "1" ]; then + uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.loop='1' + else + uci -q delete openmptcprouter.$OMR_TRACKER_INTERFACE.loop + fi + else + uci -q delete openmptcprouter.$OMR_TRACKER_INTERFACE.loop + fi + local omrtracebox traceboxmtutest() { omr_tracebox_mtu() {