From de06c503103e242a254fca1fa532aba174b947e8 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 27 Nov 2020 18:12:31 +0100 Subject: [PATCH 1/6] Update firewall app to upstream --- .../htdocs/luci-static/resources/view/firewall/rules.js | 1 + .../htdocs/luci-static/resources/view/firewall/zones.js | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js b/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js index 8cb1a1242..bacbbd704 100644 --- a/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js +++ b/luci-app-firewall/htdocs/luci-static/resources/view/firewall/rules.js @@ -308,6 +308,7 @@ return view.extend({ o.value('network-redirect'); o.value('network-unknown'); o.value('network-unreachable'); + o.value('packet-too-big'); o.value('parameter-problem'); o.value('port-unreachable'); o.value('precedence-cutoff'); diff --git a/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js b/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js index 5e2b6cd81..00e272677 100644 --- a/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js +++ b/luci-app-firewall/htdocs/luci-static/resources/view/firewall/zones.js @@ -177,9 +177,11 @@ return view.extend({ } return Promise.all(tasks).then(function(zone_networks) { - if (zone_networks[0]) + if (zone_networks[0]) { + zone_networks[0].clearNetworks(); for (var i = 1; i < zone_networks.length; i++) zone_networks[0].addNetwork(zone_networks[i].getName()); + } }); }; From 5d52e7b297cab5473587e192bf04f4732cfc6155 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 27 Nov 2020 18:13:04 +0100 Subject: [PATCH 2/6] Update wireless from upstream --- luci-mod-network/Makefile | 2 +- .../resources/view/network/wireless.js | 20 ++++++++++++++----- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/luci-mod-network/Makefile b/luci-mod-network/Makefile index 962817219..7a043dc40 100644 --- a/luci-mod-network/Makefile +++ b/luci-mod-network/Makefile @@ -4,7 +4,7 @@ # # This is free software, licensed under the Apache License, Version 2.0 . # -# From https://github.com/openwrt/luci/commit/5ca328440b3a41ab6d415ec96f9db4339715de67 +# From https://github.com/openwrt/luci/commit/83c912716e482000e92443cffc3202726314f480 include $(TOPDIR)/rules.mk diff --git a/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js b/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js index dc75c9509..bb9877217 100644 --- a/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js +++ b/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js @@ -1634,7 +1634,7 @@ return view.extend({ o = ss.taboption('encryption', form.Flag, 'wpa_disable_eapol_key_retries', _('Enable key reinstallation (KRACK) countermeasures'), _('Complicates key reinstallation attacks on the client side by disabling retransmission of EAPOL-Key frames that are used to install keys. This workaround might cause interoperability issues and reduced robustness of key negotiation especially in environments with heavy traffic load.')); add_dependency_permutations(o, { mode: ['ap', 'ap-wds'], encryption: ['psk2', 'psk-mixed', 'sae', 'sae-mixed', 'wpa2', 'wpa3', 'wpa3-mixed'] }); - if (L.hasSystemFeature('hostapd', 'cli') && L.hasSystemFeature('wpasupplicant')) { + if (L.hasSystemFeature('hostapd', 'wps') && L.hasSystemFeature('wpasupplicant')) { o = ss.taboption('encryption', form.Flag, 'wps_pushbutton', _('Enable WPS pushbutton, requires WPA(2)-PSK/WPA3-SAE')) o.enabled = '1'; o.disabled = '0'; @@ -1742,7 +1742,7 @@ return view.extend({ E('span', { 'style': s }, '%h'.format(network.formatWifiEncryption(res.encryption))), E('div', { 'class': 'right' }, E('button', { 'class': 'cbi-button cbi-button-action important', - 'click': L.bind(this.handleJoin, this, radioDev, res) + 'click': ui.createHandlerFn(this, 'handleJoin', radioDev, res) }, _('Join Network'))) ]); @@ -1790,17 +1790,19 @@ return view.extend({ s.handleJoinConfirm = function(radioDev, bss, form, ev) { var nameopt = L.toArray(form.lookupOption('name', '_new_'))[0], passopt = L.toArray(form.lookupOption('password', '_new_'))[0], + ssidopt = L.toArray(form.lookupOption('ssid', '_new_'))[0], bssidopt = L.toArray(form.lookupOption('bssid', '_new_'))[0], zoneopt = L.toArray(form.lookupOption('zone', '_new_'))[0], replopt = L.toArray(form.lookupOption('replace', '_new_'))[0], nameval = (nameopt && nameopt.isValid('_new_')) ? nameopt.formvalue('_new_') : null, passval = (passopt && passopt.isValid('_new_')) ? passopt.formvalue('_new_') : null, + ssidval = (ssidopt && ssidopt.isValid('_new_')) ? ssidopt.formvalue('_new_') : null, bssidval = (bssidopt && bssidopt.isValid('_new_')) ? bssidopt.formvalue('_new_') : null, zoneval = zoneopt ? zoneopt.formvalue('_new_') : null, enc = L.isObject(bss.encryption) ? bss.encryption : null, is_wep = (enc && Array.isArray(enc.wep)), - is_psk = (enc && Array.isArray(enc.wpa) && L.toArray(enc.authentication).filter(function(a) { return a == 'psk' })), - is_sae = (enc && Array.isArray(enc.wpa) && L.toArray(enc.authentication).filter(function(a) { return a == 'sae' })); + is_psk = (enc && Array.isArray(enc.wpa) && L.toArray(enc.authentication).filter(function(a) { return a == 'psk' }).length > 0), + is_sae = (enc && Array.isArray(enc.wpa) && L.toArray(enc.authentication).filter(function(a) { return a == 'sae' }).length > 0); if (nameval == null || (passopt && passval == null)) return; @@ -1841,6 +1843,9 @@ return view.extend({ uci.set('wireless', section_id, 'bssid', bss.bssid); } + if (ssidval != null) + uci.set('wireless', section_id, 'ssid', ssidval); + if (is_sae) { uci.set('wireless', section_id, 'encryption', 'sae'); uci.set('wireless', section_id, 'key', passval); @@ -1886,7 +1891,7 @@ return view.extend({ }; s.handleJoin = function(radioDev, bss, ev) { - this.handleScanAbort(ev); + poll.remove(this.pollFn); var m2 = new form.Map('wireless'), s2 = m2.section(form.NamedSection, '_new_'), @@ -1911,6 +1916,11 @@ return view.extend({ ]).then(this.renderContents.bind(this)); }; + if (bss.ssid == null) { + name = s2.option(form.Value, 'ssid', _('Network SSID'), _('The correct SSID must be manually specified when joining a hidden wireless network')); + name.rmempty = false; + }; + replace = s2.option(form.Flag, 'replace', _('Replace wireless configuration'), _('Check this option to delete the existing networks from this radio.')); name = s2.option(form.Value, 'name', _('Name of the new network'), _('The allowed characters are: A-Z, a-z, 0-9 and _')); From ce18efe89e3dd493af46a0ac8f4f38a4c8d33d86 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 27 Nov 2020 18:13:36 +0100 Subject: [PATCH 3/6] Fix firewall from update --- openmptcprouter/files/etc/uci-defaults/1980-omr-firewall | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall index 267891fd3..e6f918796 100755 --- a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall +++ b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall @@ -157,6 +157,11 @@ uci -q del firewall.@zone[1].network for intf in $allintf; do uci -q add_list firewall.@zone[1].network=$intf done +allintf=$(uci -q get firewall.zone_vpn.network) +uci -q del firewall.zone_vpn.network +for intf in $allintf; do + uci -q add_list firewall.zone_vpn.network=$intf +done uci -q batch <<-EOF >/dev/null set firewall.@zone[0].mtu_fix='1' From 0a3e528fa69ad221b7d37f7d7fb4646d74e905b4 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 27 Nov 2020 19:59:28 +0100 Subject: [PATCH 4/6] Fix omr-rename when not needed --- luci-app-openmptcprouter/root/etc/init.d/openmptcprouter | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/luci-app-openmptcprouter/root/etc/init.d/openmptcprouter b/luci-app-openmptcprouter/root/etc/init.d/openmptcprouter index c49866fd5..63d4d3a3a 100755 --- a/luci-app-openmptcprouter/root/etc/init.d/openmptcprouter +++ b/luci-app-openmptcprouter/root/etc/init.d/openmptcprouter @@ -45,14 +45,15 @@ omr_intf_set() { if [ "$type" != "macvlan" ] && [ -n "$ifname" ] && [ -f /sys/class/net/${ifname}/device/uevent ]; then devicepath=$(readlink -f /sys/class/net/${ifname}) - if [ -n "$devicepath" ] && [ "$(echo ${devicepath} | grep virtual)" = "" ]; then + if [ -n "$devicepath" ] && [ "$(echo ${devicepath} | grep virtual)" = "" ] && [ "$(cat /sys/class/net/${ifname}/device/uevent | grep PRODUCT)" != "" ] && [ "$(cat /sys/class/net/${ifname}/device/uevent | grep PCI_SLOT_NAME)" = "" ]; then uci -q set network.$1.modalias="$(cat /sys/class/net/${ifname}/device/uevent | grep MODALIAS | cut -d '=' -f2 | tr -d '\n')" uci -q set network.$1.product="$(cat /sys/class/net/${ifname}/device/uevent | grep PRODUCT | cut -d '=' -f2 | tr -d '\n')" - elif [ -n "$devicepath" ] && [ "$(echo ${devicepath} | grep virtual)" != "" ]; then + elif [ -n "$devicepath" ] && ([ "$(echo ${devicepath} | grep virtual)" != "" ] || [ "$(echo ${devicepath} | grep virtual)" = "" ] && [ "$(cat /sys/class/net/${ifname}/device/uevent | grep PRODUCT)" = "" ] || [ "$(cat /sys/class/net/${ifname}/device/uevent | grep PCI_SLOT_NAME)" != "" ] || [ "$(cat /sys/class/net/${ifname}tmp/device/uevent)" != "" ]); then uci -q delete network.$1.device uci -q delete network.$1.modalias + uci -q delete network.$1.product fi - elif [ "$type" != "macvlan" ] && [ -n "$device" ] && [ -f /sys/bus/usb-serial/devices/${devicename}/device/uevent ]; then + elif [ "$type" != "macvlan" ] && [ -n "$device" ] && [ -f /sys/bus/usb-serial/devices/${devicename}/device/uevent ] && [ "$(cat /sys/class/net/${ifname}/device/uevent | grep PRODUCT)" != "" ]; then uci -q set network.$1.modalias="$(cat /sys/bus/usb-serial/devices/${devicename}/device/uevent | grep MODALIAS | cut -d '=' -f2 | tr -d '\n')" uci -q set network.$1.product="$(cat /sys/bus/usb-serial/devices/${devicename}/device/uevent | grep PRODUCT | cut -d '=' -f2 | tr -d '\n')" fi From c0d0fa3d3d210c1c607a52dbc7708d585fe7bf96 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Sat, 28 Nov 2020 20:30:52 +0100 Subject: [PATCH 5/6] Fix glorytun UDP init script --- glorytun-udp/init | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/glorytun-udp/init b/glorytun-udp/init index 638736017..b9a18c526 100755 --- a/glorytun-udp/init +++ b/glorytun-udp/init @@ -62,10 +62,10 @@ start_instance() { procd_open_instance procd_set_param command ${PROG} \ - ${bind:+bind "$bind"} \ - ${bindport:+ "$bindport"} \ - ${host:+to "$host"} \ - ${port:+ "$port"} \ + ${bind:+bind from "$bind"} \ + ${bindport:+port "$bindport"} \ + ${host:+to addr "$host"} \ + ${port:+port "$port"} \ ${dev:+dev "$dev"} \ keyfile /tmp/${PROG_NAME}-${1}.key \ persist From 16e9927d3753ff6c6b849e1fbafeaa49b4ad1152 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Sat, 28 Nov 2020 20:58:14 +0100 Subject: [PATCH 6/6] Fix shadowsocks config from router --- .../files/etc/init.d/openmptcprouter-vps | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/openmptcprouter/files/etc/init.d/openmptcprouter-vps b/openmptcprouter/files/etc/init.d/openmptcprouter-vps index 3c94e42e0..8db25ea42 100755 --- a/openmptcprouter/files/etc/init.d/openmptcprouter-vps +++ b/openmptcprouter/files/etc/init.d/openmptcprouter-vps @@ -153,14 +153,15 @@ _get_ss_server() { _set_ss_server_vps() { local disabled port key method - config_get disabled $1 disabled + config_load shadowsocks-libev + config_get disabled sss0 disabled [ "$disabled" = "1" ] && return - config_get port $1 server_port + config_get port sss0 server_port #config_get server $1 server - config_get key $1 key + config_get key sss0 key key="$(echo $key | sed 's/+/-/g; s/\//_/g;')" [ -z "$key" ] && return - config_get method $1 method + config_get method sss0 method local current_port current_key current_method [ -z "$vps_config" ] && vps_config=$(_get_json "config") [ -z "$vps_config" ] && return @@ -1562,8 +1563,9 @@ _config_service() { [ -n "$vps_config" ] && uci -q set openmptcprouter.settings.firstboot=0 fi if [ "$user_permission" != "ro" ]; then - config_load shadowsocks-libev - config_foreach _set_ss_server_vps server + #config_load shadowsocks-libev + #config_foreach _set_ss_server_vps server + _set_ss_server_vps _set_v2ray_server_vps [ -z "$(_set_glorytun_vps)" ] && error=1 [ -z "$(_set_openvpn_vps)" ] && error=1