Merge pull request #3 from Ysurac/develop

同步

.circleci/config.yml

@@ -31,8 +31,8 @@ jobs:
       - run:
           name: cache
           command: |
-            echo "cache 92 $OMR_KERNEL $OMR_TARGET" > /tmp/cache-target
+            echo "cache 98 $OMR_KERNEL $OMR_TARGET" > /tmp/cache-target
-            echo "cache 94 $OMR_KERNEL $OMR_TARGET $OMR_VERSION" > /tmp/cache-version
+            echo "cache 100 $OMR_KERNEL $OMR_TARGET $OMR_VERSION" > /tmp/cache-version
 
       - restore_cache:
           keys:
@@ -94,8 +94,8 @@ jobs:
       - run:
           name: cache
           command: |
-            echo "cache 92 $OMR_KERNEL $OMR_TARGET" > /tmp/cache-target
+            echo "cache 98 $OMR_KERNEL $OMR_TARGET" > /tmp/cache-target
-            echo "cache 94 $OMR_KERNEL $OMR_TARGET $OMR_VERSION" > /tmp/cache-version
+            echo "cache 100 $OMR_KERNEL $OMR_TARGET $OMR_VERSION" > /tmp/cache-version
 
       - restore_cache:
           keys:
@@ -155,8 +155,8 @@ jobs:
       - run:
           name: cache
           command: |
-            echo "cache 92 $OMR_KERNEL $OMR_TARGET" > /tmp/cache-target
+            echo "cache 98 $OMR_KERNEL $OMR_TARGET" > /tmp/cache-target
-            echo "cache 94 $OMR_KERNEL $OMR_TARGET $OMR_VERSION" > /tmp/cache-version
+            echo "cache 100 $OMR_KERNEL $OMR_TARGET $OMR_VERSION" > /tmp/cache-version
 
       - restore_cache:
           keys:
@@ -216,8 +216,8 @@ jobs:
       - run:
           name: cache
           command: |
-            echo "cache 92 $OMR_KERNEL $OMR_TARGET" > /tmp/cache-target
+            echo "cache 98 $OMR_KERNEL $OMR_TARGET" > /tmp/cache-target
-            echo "cache 94 $OMR_KERNEL $OMR_TARGET $OMR_VERSION" > /tmp/cache-version
+            echo "cache 100 $OMR_KERNEL $OMR_TARGET $OMR_VERSION" > /tmp/cache-version
 
       - restore_cache:
           keys:
@@ -277,8 +277,8 @@ jobs:
       - run:
           name: cache
           command: |
-            echo "cache 92 $OMR_KERNEL $OMR_TARGET" > /tmp/cache-target
+            echo "cache 98 $OMR_KERNEL $OMR_TARGET" > /tmp/cache-target
-            echo "cache 94 $OMR_KERNEL $OMR_TARGET $OMR_VERSION" > /tmp/cache-version
+            echo "cache 100 $OMR_KERNEL $OMR_TARGET $OMR_VERSION" > /tmp/cache-version
 
       - restore_cache:
           keys:
@@ -338,8 +338,8 @@ jobs:
       - run:
           name: cache
           command: |
-            echo "cache 92 $OMR_KERNEL $OMR_TARGET" > /tmp/cache-target
+            echo "cache 98 $OMR_KERNEL $OMR_TARGET" > /tmp/cache-target
-            echo "cache 94 $OMR_KERNEL $OMR_TARGET $OMR_VERSION" > /tmp/cache-version
+            echo "cache 100 $OMR_KERNEL $OMR_TARGET $OMR_VERSION" > /tmp/cache-version
 
       - restore_cache:
           keys:
@@ -402,8 +402,8 @@ jobs:
       - run:
           name: cache
           command: |
-            echo "cache 92 $OMR_KERNEL $OMR_TARGET" > /tmp/cache-target
+            echo "cache 98 $OMR_KERNEL $OMR_TARGET" > /tmp/cache-target
-            echo "cache 94 $OMR_KERNEL $OMR_TARGET $OMR_VERSION" > /tmp/cache-version
+            echo "cache 100 $OMR_KERNEL $OMR_TARGET $OMR_VERSION" > /tmp/cache-version
 
       - restore_cache:
           keys:
@@ -462,8 +462,8 @@ jobs:
       - run:
           name: cache
           command: |
-            echo "cache 92 $OMR_KERNEL $OMR_TARGET" > /tmp/cache-target
+            echo "cache 98 $OMR_KERNEL $OMR_TARGET" > /tmp/cache-target
-            echo "cache 94 $OMR_KERNEL $OMR_TARGET $OMR_VERSION" > /tmp/cache-version
+            echo "cache 100 $OMR_KERNEL $OMR_TARGET $OMR_VERSION" > /tmp/cache-version
 
       - restore_cache:
           keys:

bcm27xx-eeprom/Makefile

@@ -0,0 +1,58 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=bcm27xx-eeprom
+PKG_VERSION:=ad18a5b468f787ed37ab62e0a699dabeaa580e27
+PKG_RELEASE:=2
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/raspberrypi/rpi-eeprom/tar.gz/$(PKG_VERSION)?
+PKG_HASH:=2f77ef84d34f77208e4caf90aa65bbbaa6234ee58ffe9c23a819d44c25a631b4
+
+PKG_LICENSE:=BSD-3-Clause Custom
+PKG_LICENSE_FILES:=LICENSE
+
+PKG_MAINTAINER:=Álvaro Fernández Rojas <noltari@gmail.com>
+
+include $(INCLUDE_DIR)/package.mk
+
+TAR_OPTIONS:=--strip-components 1 $(TAR_OPTIONS)
+TAR_CMD=$(HOST_TAR) -C $(1) $(TAR_OPTIONS)
+
+define Package/bcm27xx-eeprom
+  SECTION:=utils
+  CATEGORY:=Utilities
+  DEPENDS:=bcm27xx-userland +blkid +pciutils +python3-light
+  TITLE:=BCM27xx EEPROM tools
+endef
+
+define Package/bcm27xx-eeprom/description
+  BCM27xx EEPROM tools.
+endef
+
+define Build/Compile
+	true
+endef
+
+define Package/bcm27xx-eeprom/conffiles
+/etc/bcm27xx-eeprom.conf
+endef
+
+define Package/bcm27xx-eeprom/install
+	$(INSTALL_DIR) $(1)/etc
+	$(INSTALL_CONF) $(PKG_BUILD_DIR)/rpi-eeprom-update-default $(1)/etc/bcm27xx-eeprom.conf
+
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/rpi-eeprom-config $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/rpi-eeprom-update $(1)/usr/bin
+
+	$(INSTALL_DIR) $(1)/lib/firmware/raspberrypi/bootloader
+	$(CP) $(PKG_BUILD_DIR)/firmware/release-notes.md $(1)/lib/firmware/raspberrypi/bootloader
+
+	$(INSTALL_DIR) $(1)/lib/firmware/raspberrypi/bootloader/critical
+	$(CP) $(PKG_BUILD_DIR)/firmware/critical/ $(1)/lib/firmware/raspberrypi/bootloader/
+
+	$(INSTALL_DIR) $(1)/lib/firmware/raspberrypi/bootloader/stable
+	$(CP) $(PKG_BUILD_DIR)/firmware/stable/ $(1)/lib/firmware/raspberrypi/bootloader/
+endef
+
+$(eval $(call BuildPackage,bcm27xx-eeprom))

bcm27xx-eeprom/patches/0001-rpi-eeprom-update-OpenWrt-defaults.patch

@@ -0,0 +1,48 @@
+From da37f7b051fe6833e25e78184cc9217dd4379187 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=C3=81lvaro=20Fern=C3=A1ndez=20Rojas?= <noltari@gmail.com>
+Date: Mon, 23 Mar 2020 10:10:55 +0100
+Subject: [PATCH] rpi-eeprom-update: OpenWrt defaults
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
+---
+ rpi-eeprom-update         | 6 +++---
+ rpi-eeprom-update-default | 5 +++--
+ 2 files changed, 6 insertions(+), 5 deletions(-)
+
+--- a/rpi-eeprom-update
++++ b/rpi-eeprom-update
+@@ -24,14 +24,14 @@ else
+ fi
+ 
+ # May be used to select beta or stable releases instead of the default critical updates.
+-FIRMWARE_RELEASE_STATUS=${FIRMWARE_RELEASE_STATUS:-critical}
++FIRMWARE_RELEASE_STATUS=${FIRMWARE_RELEASE_STATUS:-stable}
+ FIRMWARE_IMAGE_DIR=${FIRMWARE_IMAGE_DIR:-${FIRMWARE_ROOT}/${FIRMWARE_RELEASE_STATUS}}
+-FIRMWARE_BACKUP_DIR=${FIRMWARE_BACKUP_DIR:-/var/lib/raspberrypi/bootloader/backup}
++FIRMWARE_BACKUP_DIR=${FIRMWARE_BACKUP_DIR:-${FIRMWARE_ROOT}/backup}
+ ENABLE_VL805_UPDATES=${ENABLE_VL805_UPDATES:-1}
+ USE_FLASHROM=${USE_FLASHROM:-0}
+ RECOVERY_BIN=${RECOVERY_BIN:-${FIRMWARE_ROOT}/${FIRMWARE_RELEASE_STATUS}/recovery.bin}
+ BOOTFS=${BOOTFS:-/boot}
+-VCMAILBOX=${VCMAILBOX:-/opt/vc/bin/vcmailbox}
++VCMAILBOX=${VCMAILBOX:-/usr/bin/vcmailbox}
+ 
+ EXIT_SUCCESS=0
+ EXIT_UPDATE_REQUIRED=1
+--- a/rpi-eeprom-update-default
++++ b/rpi-eeprom-update-default
+@@ -1,8 +1,9 @@
+ 
+ FIRMWARE_ROOT=/lib/firmware/raspberrypi/bootloader
+-FIRMWARE_RELEASE_STATUS="critical"
++FIRMWARE_RELEASE_STATUS="stable"
+ FIRMWARE_IMAGE_DIR="${FIRMWARE_ROOT}/${FIRMWARE_RELEASE_STATUS}"
+-FIRMWARE_BACKUP_DIR="/var/lib/raspberrypi/bootloader/backup"
++FIRMWARE_BACKUP_DIR="${FIRMWARE_ROOT}/backup"
+ BOOTFS=/boot
+ USE_FLASHROM=0
+ EEPROM_CONFIG_HOOK=
++VCMAILBOX=/usr/bin/vcmailbox

bcm27xx-eeprom/patches/0002-rpi-eeprom-config-switch-to-Python-3.patch

@@ -0,0 +1,21 @@
+From 869a29ec65a0985670a259f4820df4fafc22c971 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=C3=81lvaro=20Fern=C3=A1ndez=20Rojas?= <noltari@gmail.com>
+Date: Wed, 25 Mar 2020 10:14:34 +0100
+Subject: [PATCH] rpi-eeprom-config: switch to Python 3
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
+---
+ rpi-eeprom-config | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/rpi-eeprom-config
++++ b/rpi-eeprom-config
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python
++#!/usr/bin/python3
+ 
+ # rpi-eeprom-config
+ # Utility for reading and writing the configuration file in the

bcm27xx-eeprom/patches/0003-rpi-eeprom-update-change-default-include-path.patch

@@ -0,0 +1,35 @@
+From 6674d49dea0104031b3f54df4c7a356dc4307bb2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?=C3=81lvaro=20Fern=C3=A1ndez=20Rojas?= <noltari@gmail.com>
+Date: Wed, 25 Mar 2020 20:58:35 +0100
+Subject: [PATCH] rpi-eeprom-update: change default include path
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
+---
+ rpi-eeprom-update | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/rpi-eeprom-update
++++ b/rpi-eeprom-update
+@@ -6,8 +6,8 @@ set -e
+ 
+ script_dir=$(cd "$(dirname "$0")" && pwd)
+ 
+-if [ -f /etc/default/rpi-eeprom-update ]; then
+-   . /etc/default/rpi-eeprom-update
++if [ -f /etc/bcm27xx-eeprom.conf ]; then
++   . /etc/bcm27xx-eeprom.conf
+ fi
+ 
+ LOCAL_MODE=0
+@@ -345,7 +345,7 @@ Options:
+    -u Install the specified VL805 (USB EEPROM) image file.
+ 
+ Environment:
+-Environment variables should be defined in /etc/default/rpi-eeprom-update
++Environment variables should be defined in /etc/bcm27xx-eeprom.conf
+ 
+ EEPROM_CONFIG_HOOK
+ 

glorytun/glorytun.config

@@ -9,4 +9,5 @@ config glorytun 'vpn'
 	option chacha20 '1'
 	option mtuauto '1'
 	option localip '10.255.255.2'
-	option remoteip '10.255.255.1'
+	option remoteip '10.255.255.1'
+	option multiqueue '1'

glorytun/init

@@ -74,6 +74,7 @@ start_instance() {
 	[ "${listener}" = "1" ] && procd_append_param command listener
 	[ "${mptcp}" = "1" ] && procd_append_param command mptcp
 	[ "${chacha20}" = "1" ] && procd_append_param command chacha20
+	[ "${multiqueue}" = "1" ] && procd_append_param command multiqueue
 
 	procd_append_param command \
 		retry count -1 const 500000 \

libwebp/Makefile

@@ -0,0 +1,64 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=libwebp
+PKG_VERSION:=1.1.0
+PKG_RELEASE:=3
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://storage.googleapis.com/downloads.webmproject.org/releases/webp
+PKG_HASH:=98a052268cc4d5ece27f76572a7f50293f439c17a98e67c4ea0c7ed6f50ef043
+
+PKG_MAINTAINER:=
+PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE_FILES:=COPYING
+
+PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/libwebp
+  SECTION:=libs
+  CATEGORY:=Libraries
+  TITLE:=WebP library
+  URL:=https://www.webmproject.org
+endef
+
+define Package/libwebp/description
+  The libwebp package contains a library for the WebP format.
+endef
+
+CONFIGURE_ARGS += \
+	--enable-shared \
+	--disable-static \
+	--disable-neon-rtcd \
+	--disable-gl \
+	--disable-sdl \
+	--disable-gif \
+	--disable-jpeg \
+	--disable-png \
+	--disable-tiff \
+	--disable-wic \
+	--disable-libwebpmux \
+	--disable-libwebpdemux \
+	--disable-libwebpdecoder \
+	--disable-libwebpextras \
+	--without-pic
+
+TARGET_CFLAGS += $(FPIC) -flto
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(1)/usr/include/webp
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/include/webp/* $(1)/usr/include/webp/
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libwebp* $(1)/usr/lib/
+	$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
+	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/libwebp.pc $(1)/usr/lib/pkgconfig/
+endef
+
+define Package/libwebp/install
+	$(INSTALL_DIR) $(1)/usr/lib
+	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libwebp.s* $(1)/usr/lib/
+endef
+
+$(eval $(call BuildPackage,libwebp))

libwebp/patches/010-mips16.patch

@@ -0,0 +1,11 @@
+--- a/src/dsp/dsp.h
++++ b/src/dsp/dsp.h
+@@ -95,7 +95,7 @@ extern "C" {
+ #define WEBP_USE_INTRINSICS
+ #endif
+ 
+-#if defined(__mips__) && !defined(__mips64) && \
++#if defined(__mips__) && !defined(__mips16) && !defined(__mips64) && \
+     defined(__mips_isa_rev) && (__mips_isa_rev >= 1) && (__mips_isa_rev < 6)
+ #define WEBP_USE_MIPS32
+ #if (__mips_isa_rev >= 2)

luci-app-dsvpn/root/usr/share/luci/menu.d/luci-app-dsvpn.json

@@ -0,0 +1,13 @@
+{
+	"admin/vpn/dsvpn": {
+		"title": "DSVPN",
+		"order": 10,
+		"action": {
+			"type": "cbi",
+			"path": "dsvpn"
+		},
+		"depends": {
+			"acl": [ "luci-app-dsvpn" ]
+		}
+	}
+}

luci-app-firewall/root/usr/share/luci/menu.d/luci-app-firewall.json

@@ -7,6 +7,7 @@
 			"path": "admin/network/firewall/zones"
 		},
 		"depends": {
+			"acl": [ "luci-app-firewall" ],
 			"fs": { "/sbin/fw3": "executable" },
 			"uci": { "firewall": true }
 		}

luci-app-firewall/root/usr/share/rpcd/acl.d/luci-app-firewall.json

@@ -0,0 +1,24 @@
+{
+	"luci-app-firewall": {
+		"description": "Grant access to firewall configuration",
+		"read": {
+			"file": {
+				"/etc/firewall.user": [ "read" ]
+			},
+			"ubus": {
+				"file": [ "read" ],
+				"luci": [ "getConntrackHelpers" ]
+			},
+			"uci": [ "firewall" ]
+		},
+		"write": {
+			"file": {
+				"/etc/firewall.user": [ "write" ]
+			},
+			"ubus": {
+				"file": [ "write" ]
+			},
+			"uci": [ "firewall" ]
+		}
+	}
+}

luci-app-glorytun/root/usr/share/luci/menu.d/luci-app-glorytun.json

@@ -0,0 +1,13 @@
+{
+	"admin/vpn/glorytun": {
+		"title": "Glorytun",
+		"order": 20,
+		"action": {
+			"type": "cbi",
+			"path": "glorytun"
+		},
+		"depends": {
+			"acl": [ "luci-app-glorytun" ]
+		}
+	}
+}

luci-app-https-dns-proxy/root/usr/share/luci/menu.d/luci-app-https-dns-proxy.json

@@ -0,0 +1,13 @@
+{
+	"admin/services/https-dns-proxy": {
+		"title": "Proxy DNS Over HTTPS",
+		"order": 20,
+		"action": {
+			"type": "cbi",
+			"path": "https-dns-proxy"
+		},
+		"depends": {
+			"acl": [ "luci-app-https-dns-proxy" ]
+		}
+	}
+}

luci-app-iperf/root/usr/share/luci/menu.d/luci-app-iperf.json

@@ -0,0 +1,13 @@
+{
+	"admin/services/iperf": {
+		"title": "iPerf",
+		"order": 10,
+		"action": {
+			"type": "template",
+			"path": "iperf/test"
+		},
+		"depends": {
+			"acl": [ "luci-app-iperf" ]
+		}
+	}
+}

luci-app-macvlan/po/templates/macvlan.pot

@@ -0,0 +1,23 @@
+msgid ""
+msgstr "Content-Type: text/plain; charset=UTF-8"
+
+#: luci-app-macvlan/root/usr/share/rpcd/acl.d/luci-app-macvlan.json:3
+msgid "Grant UCI access for luci-app-macvlan"
+msgstr ""
+
+#: luci-app-macvlan/htdocs/luci-static/resources/view/network/macvlan.js:30
+msgid "Interface"
+msgstr ""
+
+#: luci-app-macvlan/htdocs/luci-static/resources/view/network/macvlan.js:22
+msgid "Interfaces"
+msgstr ""
+
+#: luci-app-macvlan/htdocs/luci-static/resources/view/network/macvlan.js:20
+#: luci-app-macvlan/root/usr/share/luci/menu.d/luci-app-macvlan.json:3
+msgid "Macvlan"
+msgstr ""
+
+#: luci-app-macvlan/htdocs/luci-static/resources/view/network/macvlan.js:26
+msgid "Name"
+msgstr ""

luci-app-macvlan/root/etc/init.d/macvlan

@@ -46,12 +46,25 @@ _create_interface() {
 		_ifname=$1
 	}
 	config_get _masterifname "$1" ifname
-	uci batch <<-EOF
+	[ "$1" != "$_ifname" ] && {
-		set network.$_ifname=interface
+		uci batch <<-EOF
-		set network.$_ifname.type=macvlan
+			delete macvlan.$1
-		set network.$_ifname.proto=static
+			set macvlan.$_ifname=macvlan
-		set network.$_ifname.masterintf=$_masterifname
+			set macvlan.$_ifname.name=$_ifname
-	EOF
+			set macvlan.$_ifname.ifname=$_masterifname
+			commit macvlan
+		EOF
+	}
+	[ "$(uci -q get network.$_ifname.masterintf)" != "$_masterifname" ] && {
+		logger -t "MACVLAN" "Create interface $_ifname based on $_masterifname"
+		uci batch <<-EOF
+			set network.$_ifname=interface
+			set network.$_ifname.type=macvlan
+			set network.$_ifname.proto=static
+			set network.$_ifname.masterintf=$_masterifname
+			commit network
+		EOF
+	}
 }
 
 # Configuration by interface
@@ -67,6 +80,7 @@ _setup_interface() {
 	config_get _type "$1" type
 
 	[ "$_type" = "macvlan" ] && [ "$(uci -q get macvlan.$1)" = "" ] && {
+		logger -t "MACVLAN" "Delete $1"
 		uci -q batch <<-EOF
 			delete network.$1
 			delete network.$1_dev

luci-app-macvlan/root/usr/share/luci/menu.d/luci-app-macvlan.json

@@ -5,6 +5,9 @@
 		"action": {
 			"type": "view",
 			"path": "network/macvlan"
+		},
+		"depends": {
+			"acl": [ "luci-app-macvlan" ]
 		}
 	}
 }

luci-app-mail/root/usr/share/luci/menu.d/luci-app-mail.json

@@ -0,0 +1,13 @@
+{
+	"admin/services/mail": {
+		"title": "E-Mail",
+		"order": 90,
+		"action": {
+			"type": "cbi",
+			"path": "mail"
+		},
+		"depends": {
+			"acl": [ "luci-app-mail" ]
+		}
+	}
+}

luci-app-mlvpn/root/usr/share/luci/menu.d/luci-app-mlvpn.json

@@ -0,0 +1,13 @@
+{
+	"admin/vpn/mlvpn": {
+		"title": "MLVPN",
+		"order": 30,
+		"action": {
+			"type": "cbi",
+			"path": "mlvpn"
+		},
+		"depends": {
+			"acl": [ "luci-app-mlvpn" ]
+		}
+	}
+}

luci-app-mptcp/root/usr/share/luci/menu.d/luci-app-mptcp.json

@@ -0,0 +1,13 @@
+{
+	"admin/network/mptcp": {
+		"title": "MPTCP",
+		"order": 10,
+		"action": {
+			"type": "cbi",
+			"path": "mptcp"
+		},
+		"depends": {
+			"acl": [ "luci-app-mptcp" ]
+		}
+	}
+}

luci-app-nginx-ha/root/etc/init.d/nginx-ha

@@ -52,7 +52,6 @@ start_instance() {
 			listen ${listen:-0.0.0.0:6666} udp;
 			listen ${listen:-0.0.0.0:6666} so_keepalive=off;
 			proxy_pass ${1};
-			proxy_buffering off;
 		}
 	"
 }

luci-app-nginx-ha/root/usr/share/luci/menu.d/luci-app-nginx-ha.json

@@ -0,0 +1,13 @@
+{
+	"admin/services/nginx-ha": {
+		"title": "Nginx High Availability",
+		"order": 80,
+		"action": {
+			"type": "cbi",
+			"path": "nginx-ha"
+		},
+		"depends": {
+			"acl": [ "luci-app-nginx-ha" ]
+		}
+	}
+}

luci-app-omr-bypass/htdocs/luci-static/resources/view/services/omr-bypass.js

@@ -27,11 +27,13 @@ return L.view.extend({
 		s.addremove = true;
 		s.anonymous = true;
 
-		o = s.option(form.Value, 'domain', _('Domain'));
+		o = s.option(form.Value, 'name', _('Domain'));
 		o.rmempty = false;
 
 		o = s.option(widgets.DeviceSelect, 'interface', _('Interface'));
-		o.rmempty = false;
+		o.noaliases = true;
+		o.noinactive = true;
+		o.nocreate    = true;
 
 		o = s.option(form.Value, 'note', _('Note'));
 		o.rmempty = true;
@@ -43,8 +45,10 @@ return L.view.extend({
 		o = s.option(form.Value, 'ip', _('IP'));
 		o.rmempty = false;
 
-		o = s.option(widgets.DeviceSelect, 'interface', _('Interface'));
+		o = s.option(widgets.DeviceSelect, 'interface', _('Interface'),_('When none selected, MPTCP master interface is used.'));
-		o.rmempty = false;
+		o.noaliases = true;
+		o.noinactive = true;
+		o.nocreate    = true;
 
 		o = s.option(form.Value, 'note', _('Note'));
 		o.rmempty = true;
@@ -56,17 +60,40 @@ return L.view.extend({
 		o = s.option(form.Value, 'dport', _('port'));
 		o.rmempty = false;
 
-		o = s.option(form.MultiValue, 'proto', _('protocol'));
+		o = s.option(form.ListValue, 'proto', _('protocol'));
 		o.default = 'tcp';
-		o.modalonly = true;
-		o.custom = true;
 		o.rmempty = false;
 		o.value('tcp');
 		o.value('udp');
+		o.value('icmp');
 
 		o = s.option(widgets.DeviceSelect, 'interface', _('Interface'));
+		o.noaliases = true;
+		o.noinactive = true;
+		o.nocreate    = true;
+
+		o = s.option(form.Value, 'note', _('Note'));
+		o.rmempty = true;
+
+		s = m.section(form.GridSection, 'src_port', _('Ports source'));
+		s.addremove = true;
+		s.anonymous = true;
+
+		o = s.option(form.Value, 'sport', _('port'));
 		o.rmempty = false;
 
+		o = s.option(form.ListValue, 'proto', _('protocol'));
+		o.default = 'tcp';
+		o.rmempty = false;
+		o.value('tcp');
+		o.value('udp');
+		o.value('icmp');
+
+		o = s.option(widgets.DeviceSelect, 'interface', _('Interface'));
+		o.noaliases = true;
+		o.noinactive = true;
+		o.nocreate    = true;
+
 		o = s.option(form.Value, 'note', _('Note'));
 		o.rmempty = true;
 
@@ -83,7 +110,9 @@ return L.view.extend({
 		});
 
 		o = s.option(widgets.DeviceSelect, 'interface', _('Interface'));
-		o.rmempty = false;
+		o.noaliases = true;
+		o.noinactive = true;
+		o.nocreate    = true;
 
 		o = s.option(form.Value, 'note', _('Note'));
 		o.rmempty = true;
@@ -103,7 +132,9 @@ return L.view.extend({
 		});
 
 		o = s.option(widgets.DeviceSelect, 'interface', _('Interface'));
-		o.rmempty = false;
+		o.noaliases = true;
+		o.noinactive = true;
+		o.nocreate    = true;
 
 		o = s.option(form.Value, 'note', _('Note'));
 		o.rmempty = true;
@@ -116,7 +147,9 @@ return L.view.extend({
 		o.rmempty = false;
 
 		o = s.option(widgets.DeviceSelect, 'interface', _('Interface'));
-		o.rmempty = false;
+		o.noaliases = true;
+		o.noinactive = true;
+		o.nocreate    = true;
 
 		o = s.option(form.Value, 'note', _('Note'));
 		o.rmempty = true;
@@ -154,7 +187,9 @@ return L.view.extend({
 		};
 
 		o = s.option(widgets.DeviceSelect, 'interface', _('Interface'));
-		o.rmempty = false;
+		o.noaliases = true;
+		o.noinactive = true;
+		o.nocreate    = true;
 
 		o = s.option(form.Value, 'note', _('Note'));
 		o.rmempty = true;

luci-app-omr-bypass/root/etc/init.d/omr-bypass

@@ -57,10 +57,12 @@ _bypass_domain() {
 			for ip in $resolve; do
 				_bypass_ip $ip $intf
 			done
-			resolve=$(dig aaaa +timeout=1 +nocmd +noall +answer $domain | awk '{print $5}')
+			if [ "$disableipv6" != "1" ]; then
-			for ip in $resolve; do
+				resolve=$(dig aaaa +timeout=1 +nocmd +noall +answer $domain | awk '{print $5}')
-				_bypass_ip $ip $intf
+				for ip in $resolve; do
-			done
+					_bypass_ip $ip $intf
+				done
+			fi
 		fi
 		if [ "$(uci -q get dhcp.@dnsmasq[0].ipset | grep /$domain/)" = "" ]; then
 			uci -q add_list dhcp.@dnsmasq[0].ipset="/$domain/omr_dst_bypass_$intf,omr6_dst_bypass_$intf"
@@ -92,22 +94,26 @@ _bypass_mac() {
 		-A omr-bypass -m mac --mac-source $mac -j MARK --set-mark 0x539
 		COMMIT
 		EOF
-		ip6tables-restore -w --wait=60  --noflush <<-EOF
+		if [ "$disableipv6" != "1" ]; then
-		*mangle
+			ip6tables-restore -w --wait=60  --noflush <<-EOF
-		-A omr-bypass6 -m mac --mac-source $mac -j MARK --set-mark 0x6539
+			*mangle
-		COMMIT
+			-A omr-bypass6 -m mac --mac-source $mac -j MARK --set-mark 0x6539
-		EOF
+			COMMIT
+			EOF
+		fi
 	else
 		iptables-restore -w --wait=60  --noflush <<-EOF
 		*mangle
 		-A omr-bypass -m mac --mac-source $mac -j MARK --set-mark 0x539$intfid
 		COMMIT
 		EOF
-		ip6tables-restore -w --wait=60  --noflush <<-EOF
+		if [ "$disableipv6" != "1" ]; then
-		*mangle
+			ip6tables-restore -w --wait=60  --noflush <<-EOF
-		-A omr-bypass6 -m mac --mac-source $mac -j MARK --set-mark 0x6539$intfid
+			*mangle
-		COMMIT
+			-A omr-bypass6 -m mac --mac-source $mac -j MARK --set-mark 0x6539$intfid
-		EOF
+			COMMIT
+			EOF
+		fi
 	fi
 }
 
@@ -162,6 +168,7 @@ _bypass_dest_port() {
 
 	[ -z "$intf" ] && intf="all"
 	[ -z "$dport" ] && return
+	dport="$(echo $dport | sed 's/-/:/')"
 	[ -z "$proto" ] && return
 	if [ "$intf" = "all" ]; then
 		iptables-restore -w --wait=60  --noflush <<-EOF
@@ -169,22 +176,66 @@ _bypass_dest_port() {
 		-A omr-bypass --protocol $proto --destination-port $dport -j MARK --set-mark 0x539
 		COMMIT
 		EOF
-		ip6tables-restore -w --wait=60  --noflush <<-EOF
+		if [ "$disableipv6" != "1" ]; then
-		*mangle
+			ip6tables-restore -w --wait=60  --noflush <<-EOF
-		-A omr-bypass6 --protocol $proto --destination-port $dport -j MARK --set-mark 0x6539
+			*mangle
-		COMMIT
+			-A omr-bypass6 --protocol $proto --destination-port $dport -j MARK --set-mark 0x6539
-		EOF
+			COMMIT
+			EOF
+		fi
 	else
 		iptables-restore -w --wait=60  --noflush <<-EOF
 		*mangle
 		-A omr-bypass --protocol $proto --destination-port $dport -j MARK --set-mark 0x539$intfid
 		COMMIT
 		EOF
-		ip6tables-restore -w --wait=60  --noflush <<-EOF
+		if [ "$disableipv6" != "1" ]; then
+			ip6tables-restore -w --wait=60  --noflush <<-EOF
+			*mangle
+			-A omr-bypass6 --protocol $proto --destination-port $dport -j MARK --set-mark 0x6539$intfid
+			COMMIT
+			EOF
+		fi
+	fi
+}
+
+_bypass_src_port() {
+	local intf
+	config_get sport $1 sport
+	config_get proto $1 proto
+	config_get intf $1 interface
+	local intfid="$(uci -q get omr-bypass.$intf.id)"
+
+	[ -z "$intf" ] && intf="all"
+	[ -z "$sport" ] && return
+	sport="$(echo $sport | sed 's/-/:/')"
+	[ -z "$proto" ] && return
+	if [ "$intf" = "all" ]; then
+		iptables-restore -w --wait=60  --noflush <<-EOF
 		*mangle
-		-A omr-bypass6 --protocol $proto --destination-port $dport -j MARK --set-mark 0x6539$intfid
+		-A omr-bypass --protocol $proto --source-port $sport -j MARK --set-mark 0x539
 		COMMIT
 		EOF
+		if [ "$disableipv6" != "1" ]; then
+			ip6tables-restore -w --wait=60  --noflush <<-EOF
+			*mangle
+			-A omr-bypass6 --protocol $proto --source-port $sport -j MARK --set-mark 0x6539
+			COMMIT
+			EOF
+		fi
+	else
+		iptables-restore -w --wait=60  --noflush <<-EOF
+		*mangle
+		-A omr-bypass --protocol $proto --source-port $sport -j MARK --set-mark 0x539$intfid
+		COMMIT
+		EOF
+		if [ "$disableipv6" != "1" ]; then
+			ip6tables-restore -w --wait=60  --noflush <<-EOF
+			*mangle
+			-A omr-bypass6 --protocol $proto --source-port $sport -j MARK --set-mark 0x6539$intfid
+			COMMIT
+			EOF
+		fi
 	fi
 }
 
@@ -203,22 +254,26 @@ _bypass_proto() {
 		-A omr-bypass-dpi -m ndpi --proto $proto -j MARK --set-mark 0x539
 		COMMIT
 		EOF
-		ip6tables-restore -w --wait=60  --noflush <<-EOF
+		if [ "$disableipv6" != "1" ]; then
-		*mangle
+			ip6tables-restore -w --wait=60  --noflush <<-EOF
-		-A omr-bypass6-dpi -m ndpi --proto $proto -j MARK --set-mark 0x6539
+			*mangle
-		COMMIT
+			-A omr-bypass6-dpi -m ndpi --proto $proto -j MARK --set-mark 0x6539
-		EOF
+			COMMIT
+			EOF
+		fi
 	else
 		iptables-restore -w --wait=60  --noflush <<-EOF
 		*mangle
 		-A omr-bypass-dpi -m ndpi --proto $proto -j MARK --set-mark 0x539$intfid
 		COMMIT
 		EOF
-		ip6tables-restore -w --wait=60  --noflush <<-EOF
+		if [ "$disableipv6" != "1" ]; then
-		*mangle
+			ip6tables-restore -w --wait=60  --noflush <<-EOF
-		-A omr-bypass6-dpi -m ndpi --proto $proto -j MARK --set-mark 0x6539$intfid
+			*mangle
-		COMMIT
+			-A omr-bypass6-dpi -m ndpi --proto $proto -j MARK --set-mark 0x6539$intfid
-		EOF
+			COMMIT
+			EOF
+		fi
 	fi
 	# Use dnsmasq ipset to bypass domains of the proto
 	local domains
@@ -289,23 +344,25 @@ _intf_rule() {
 		COMMIT
 		EOF
 	fi
-	if [ "$(ip6tables --wait=40 -t mangle -L | grep omr6_dst_bypass_$intf)" = "" ]; then
+	if [ "$disableipv6" != "1" ]; then
-		ip6tables-restore -w --wait=60 --noflush <<-EOF
+		if [ "$(ip6tables --wait=40 -t mangle -L | grep omr6_dst_bypass_$intf)" = "" ]; then
-		*mangle
+			ip6tables-restore -w --wait=60 --noflush <<-EOF
-		-I omr-bypass6 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
+			*mangle
-		COMMIT
+			-I omr-bypass6 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
-		EOF
+			COMMIT
-	fi
+			EOF
-	if [ "$(ip6tables --wait=40 -t nat -L | grep ss_rules6_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L | grep omr6_dst_bypass_$intf)" = "" ]; then
+		fi
-		ip6tables-restore -w --wait=60 --noflush <<-EOF
+		if [ "$(ip6tables --wait=40 -t nat -L | grep ss_rules6_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L | grep omr6_dst_bypass_$intf)" = "" ]; then
-		*nat
+			ip6tables-restore -w --wait=60 --noflush <<-EOF
-		-I ss_rules6_dst 1 -m set --match-set omr6_dst_bypass_$intf dst -j RETURN
+			*nat
-		-I ss_rules6_local_out 1 -m set --match-set omr6_dst_bypass_$intf dst -j RETURN
+			-I ss_rules6_dst 1 -m set --match-set omr6_dst_bypass_$intf dst -j RETURN
-		-I ss_rules6_local_out 2 -m mark --mark 0x6539$count -j RETURN
+			-I ss_rules6_local_out 1 -m set --match-set omr6_dst_bypass_$intf dst -j RETURN
-		-I ss_rules6_pre_src 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
+			-I ss_rules6_local_out 2 -m mark --mark 0x6539$count -j RETURN
-		-I ss_rules6_pre_src 2 -m mark --mark 0x6539$count -j RETURN
+			-I ss_rules6_pre_src 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
-		COMMIT
+			-I ss_rules6_pre_src 2 -m mark --mark 0x6539$count -j RETURN
-		EOF
+			COMMIT
+			EOF
+		fi
 	fi
 	uci -q set omr-bypass.$intf=interface
 	uci -q set omr-bypass.$intf.id=$count
@@ -353,6 +410,7 @@ start_service() {
 	logger -t "omr-bypass" "Starting OMR-ByPass..."
 	config_load omr-bypass
 	config_foreach _add_proto proto
+	disableipv6="$(uci -q get openmptcprouter.settings.disable_ipv6)"
 
 	[ -n "$RELOAD" ] && [ "$(ipset --list | grep omr_dst_bypass_all)" = "" ] && {
 		unset RELOAD
@@ -372,13 +430,15 @@ start_service() {
 	-I PREROUTING 1 -m addrtype ! --dst-type LOCAL -j omr-bypass
 	COMMIT
 	EOF
-	ip6tables-save --counters | grep -v omr-bypass6 | ip6tables-restore -w --counters
+	if [ "$disableipv6" != "1" ]; then
-	ip6tables-restore -w --wait=60  --noflush <<-EOF
+		ip6tables-save --counters | grep -v omr-bypass6 | ip6tables-restore -w --counters
-	*mangle
+		ip6tables-restore -w --wait=60  --noflush <<-EOF
-	:omr-bypass6 -
+		*mangle
-	-I PREROUTING 1 -m addrtype ! --dst-type LOCAL -j omr-bypass6
+		:omr-bypass6 -
-	COMMIT
+		-I PREROUTING 1 -m addrtype ! --dst-type LOCAL -j omr-bypass6
-	EOF
+		COMMIT
+		EOF
+	fi
 	
 	config_load network
 	config_foreach _intf_rule interface
@@ -390,6 +450,7 @@ start_service() {
 	config_foreach _bypass_mac macs
 	config_foreach _bypass_lan_ip lan_ip
 	config_foreach _bypass_dest_port dest_port
+	config_foreach _bypass_src_port src_port
 	config_foreach _bypass_asn asns
 	dnsmasqipset=$(uci -q get dhcp.@dnsmasq[0].ipset | sed 's/ /\n/g' | grep -v dst_bypass)
 	uci -q delete dhcp.@dnsmasq[0].ipset
@@ -433,23 +494,25 @@ start_service() {
 		COMMIT
 		EOF
 	fi
-	if [ "$(ip6tables --wait=40 -t mangle -L | grep 'match-set omr6_dst_bypass_all dst MARK set')" = "" ]; then
+	if [ "$disableipv6" != "1" ]; then
-		ip6tables-restore --wait=60 --noflush <<-EOF
+		if [ "$(ip6tables --wait=40 -t mangle -L | grep 'match-set omr6_dst_bypass_all dst MARK set')" = "" ]; then
-		*mangle
+			ip6tables-restore -w --wait=60 --noflush <<-EOF
-		-A omr-bypass6 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
+			*mangle
-		COMMIT
+			-A omr-bypass6 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
-		EOF
+			COMMIT
-	fi
+			EOF
-	if [ "$(ip6tables --wait=40 -t nat -L | grep ss_rules6_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L | grep omr6_dst_bypass_all)" = "" ]; then
+		fi
-		ip6tables-restore --wait=60 --noflush <<-EOF
+		if [ "$(ip6tables --wait=40 -t nat -L | grep ss_rules6_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L | grep omr6_dst_bypass_all)" = "" ]; then
-		*nat
+			ip6tables-restore -w --wait=60 --noflush <<-EOF
-		-I ss_rules6_dst 1 -m set --match-set omr6_dst_bypass_all dst -j RETURN
+			*nat
-		-I ss_rules6_local_out 1 -m set --match-set omr6_dst_bypass_all dst -j RETURN
+			-I ss_rules6_dst 1 -m set --match-set omr6_dst_bypass_all dst -j RETURN
-		-I ss_rules6_local_out 2 -m mark --mark 0x6539 -j RETURN
+			-I ss_rules6_local_out 1 -m set --match-set omr6_dst_bypass_all dst -j RETURN
-		-I ss_rules6_pre_src 1 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
+			-I ss_rules6_local_out 2 -m mark --mark 0x6539 -j RETURN
-		-I ss_rules6_pre_src 2 -m mark --mark 0x6539 -j RETURN
+			-I ss_rules6_pre_src 1 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
-		COMMIT
+			-I ss_rules6_pre_src 2 -m mark --mark 0x6539 -j RETURN
-		EOF
+			COMMIT
+			EOF
+		fi
 	fi
 
 	iptables-save --counters | grep -v omr-bypass-dpi | iptables-restore -w --counters
@@ -460,14 +523,16 @@ start_service() {
 	-A POSTROUTING -m addrtype --dst-type LOCAL -j omr-bypass-dpi
 	COMMIT
 	EOF
-	ip6tables-save --counters | grep -v omr-bypass6-dpi | ip6tables-restore --counters
+	if [ "$disableipv6" != "1" ]; then
-	ip6tables-restore --wait=60  --noflush <<-EOF
+		ip6tables-save --counters | grep -v omr-bypass6-dpi | ip6tables-restore -w --counters
-	*mangle
+		ip6tables-restore -w --wait=60  --noflush <<-EOF
-	:omr-bypass6-dpi -
+		*mangle
-	-A PREROUTING -m addrtype ! --dst-type LOCAL -j omr-bypass6-dpi
+		:omr-bypass6-dpi -
-	-A POSTROUTING -m addrtype --dst-type LOCAL -j omr-bypass6-dpi
+		-A PREROUTING -m addrtype ! --dst-type LOCAL -j omr-bypass6-dpi
-	COMMIT
+		-A POSTROUTING -m addrtype --dst-type LOCAL -j omr-bypass6-dpi
-	EOF
+		COMMIT
+		EOF
+	fi
 	config_load omr-bypass
 	config_foreach _bypass_proto dpis
 

luci-app-omr-bypass/root/usr/share/luci/menu.d/luci-app-omr-bypass.json

@@ -5,6 +5,9 @@
 		"action": {
 			"type": "view",
 			"path": "services/omr-bypass"
+		},
+		"depends": {
+			"acl": [ "luci-app-omr-bypass" ]
 		}
 	}
 }

luci-app-omr-bypass/root/usr/share/rpcd/acl.d/luci-app-omr-bypass.json

@@ -4,7 +4,7 @@
 	"read": {
 	    "file": {
 		"/proc/net/xt_ndpi/proto": [ "read" ],
-		"/proc/net/xt_ndpi/host_proto": [ "read" ],
+		"/proc/net/xt_ndpi/host_proto": [ "read" ]
 	    },
 	    "ubus": {
 		"luci-rpc": [ "getHostHints" ]

luci-app-omr-dscp/root/etc/init.d/omr-dscp

@@ -81,6 +81,8 @@ _add_dscp_rules() {
 	direction="" ; config_get direction "$1" direction "upload"
 	comment=""   ; config_get comment "$1" comment "-"
 
+	src_port="$(echo $src_port | sed 's/-/:/g')"
+	dest_port="$(echo $dest_port | sed 's/-/:/g')"
 	case "$direction" in
 		upload|both)
 			# Apply the rule locally
@@ -142,28 +144,28 @@ _add_dscp_output_chain() {
 _remove_prerouting_chain() {
 	_ipt4 -F "$1" 2>/dev/null || return
 	_ipt4 -D PREROUTING -i "$lan_device" -j "$1"
-	_ipt4 -X "$1"
+	_ipt4 -X "$1" 2>/dev/null
 	_ipt6 -F "$1" 2>/dev/null || return
 	_ipt6 -D PREROUTING -i "$lan_device" -j "$1"
-	_ipt6 -X "$1"
+	_ipt6 -X "$1" 2>/dev/null
 }
 
 _remove_postrouting_chain() {
 	_ipt4 -F "$1" 2>/dev/null || return
 	_ipt4 -D POSTROUTING -j "$1"
-	_ipt4 -X "$1"
+	_ipt4 -X "$1" 2>/dev/null
 	_ipt6 -F "$1" 2>/dev/null || return
 	_ipt6 -D POSTROUTING -j "$1"
-	_ipt6 -X "$1"
+	_ipt6 -X "$1" 2>/dev/null
 }
 
 _remove_output_chain() {
 	_ipt4 -F "$1" 2>/dev/null || return
 	_ipt4 -D OUTPUT -j "$1"
-	_ipt4 -X "$1"
+	_ipt4 -X "$1" 2>/dev/null
 	_ipt6 -F "$1" 2>/dev/null || return
 	_ipt6 -D OUTPUT -j "$1"
-	_ipt6 -X "$1"
+	_ipt6 -X "$1" 2>/dev/null
 }
 
 _remove_ipset_dnsmasq() {

luci-app-omr-dscp/root/usr/share/luci/menu.d/luci-app-omr-dscp.json

@@ -0,0 +1,13 @@
+{
+	"admin/network/omr-dscp": {
+		"title": "OMR-DSCP",
+		"order": 80,
+		"action": {
+			"type": "cbi",
+			"path": "dscp"
+		},
+		"depends": {
+			"acl": [ "luci-app-omr-dscp" ]
+		}
+	}
+}

luci-app-omr-dscp/root/usr/share/rpcd/acl.d/luci-app-omr-dscp.json

@@ -1,5 +1,5 @@
 {
-    "luci-app-dscp": {
+    "luci-app-omr-dscp": {
 	"description": "Grant UCI access for luci-app-dscp",
 	"read": {
 	    "uci": [ "dscp" ]

luci-app-omr-quota/root/usr/share/luci/menu.d/luci-app-omr-quota.json

@@ -0,0 +1,13 @@
+{
+	"admin/network/quota": {
+		"title": "Quota",
+		"order": 90,
+		"action": {
+			"type": "cbi",
+			"path": "quota/quota"
+		},
+		"depends": {
+			"acl": [ "luci-app-omr-quota" ]
+		}
+	}
+}

luci-app-omr-tracker/luasrc/model/cbi/omr-tracker.lua

@@ -41,6 +41,37 @@ o.default     = { "bing.com", "google.com" }
 o.rmempty     = false
 
 
+s = m:section(TypedSection, "server", translate("Server tracker Settings"), translate("Detect if Server is down and use defined backup server in this case."))
+s.anonymous   = true
+s.addremove = false
+
+local sdata = m:get('server')
+if not sdata then
+	m:set('server', nil, 'server')
+	m:set('server', 'enabled', "1")
+end
+
+o = s:option(Flag, "enabled", translate("Enable"), translate("When tracker is disabled, server failover is also disabled"))
+o.rmempty     = false
+
+o = s:option(Value, "timeout", translate("Timeout (s)"))
+o.placeholder = "1"
+o.default     = "1"
+o.datatype    = "range(1, 100)"
+o.rmempty     = false
+
+o = s:option(Value, "tries", translate("Tries"))
+o.placeholder = "4"
+o.default     = "4"
+o.datatype    = "range(1, 10)"
+o.rmempty     = false
+
+o = s:option(Value, "interval", translate("Retry interval (s)"))
+o.placeholder = "2"
+o.default     = "2"
+o.datatype    = "range(1, 100)"
+o.rmempty     = false
+
 s = m:section(TypedSection, "defaults", translate("Defaults Settings"), translate("OMR-Tracker detect when a connection is down and execute needed scripts"))
 s.anonymous   = true
 

luci-app-omr-tracker/root/usr/share/luci/menu.d/luci-app-omr-tracker.json

@@ -0,0 +1,13 @@
+{
+	"admin/services/omr-tracker": {
+		"title": "OMR-Tracker",
+		"order": 10,
+		"action": {
+			"type": "cbi",
+			"path": "omr-tracker"
+		},
+		"depends": {
+			"acl": [ "luci-app-omr-tracker" ]
+		}
+	}
+}

luci-app-openmptcprouter/htdocs/luci-static/resources/openmptcprouter/css/wanstatus.css

@@ -247,7 +247,7 @@ Thanks :)*/
   width: 400px;
   max-width: 400px;
   box-sizing: border-box;
-  height: 170px;
+  min-height: 170px;
 }
 .network-node .equipment-icon {
   position: relative;
@@ -293,6 +293,13 @@ Thanks :)*/
   font-weight: 700;
   color: #333333;
 }
+
+.network-node .info .title i {
+  font-weight: lighter;
+  font-size: 5px;
+  text-transform: uppercase;
+}
+
 .network-node .info .status-message {
   display: block;
 }
@@ -315,10 +322,10 @@ Thanks :)*/
   padding-right: 195px;
 }
 #omr {
-  height: 190px;
+  min-height: 190px;
 }
 #omr-vps {
-  height: 160px;
+  min-height: 160px;
 }
 .space {
   height: 55px;

luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua

@@ -167,6 +167,8 @@ function wizard_add()
 		ucic:set("sqm","wan" .. i,"verbosity","5")
 		ucic:set("sqm","wan" .. i,"download","0")
 		ucic:set("sqm","wan" .. i,"upload","0")
+		ucic:set("sqm","wan" .. i,"iqdisc_opts","autorate-ingress nat dual-dsthost")
+		ucic:set("sqm","wan" .. i,"eqdisc_opts","nat dual-srchost")
 		ucic:save("sqm")
 		ucic:commit("sqm")
 		
@@ -263,6 +265,8 @@ function wizard_add()
 			ucic:set("sqm",intf,"verbosity","5")
 			ucic:set("sqm",intf,"download","0")
 			ucic:set("sqm",intf,"upload","0")
+			ucic:set("sqm",intf,"iqdisc_opts","autorate-ingress nat dual-dsthost")
+			ucic:set("sqm",intf,"eqdisc_opts","nat dual-srchost")
 		end
 
 		if downloadspeed ~= "0" and uploadspeed ~= "0" and downloadspeed ~= "" and uploadspeed ~= "" then
@@ -281,6 +285,8 @@ function wizard_add()
 			ucic:set("qos",intf,"enabled","0")
 		end
 		if sqmenabled == "1" then
+			ucic:set("sqm",intf,"iqdisc_opts","autorate-ingress nat dual-dsthost")
+			ucic:set("sqm",intf,"eqdisc_opts","nat dual-srchost")
 			ucic:set("sqm",intf,"enabled","1")
 			ucic:set("qos",intf,"enabled","1")
 		else
@@ -306,6 +312,8 @@ function wizard_add()
 	ucic:set("openmptcprouter","settings","disable_ipv6",disableipv6)
 	--local ut = require "luci.util"
 	--local result = ut.ubus("openmptcprouter", "set_ipv6_state", { disable_ipv6 = disableipv6 })
+	local ula = luci.http.formvalue("ula") or ""
+	ucic:set("network","globals","ula_prefix",ula)
 
 	-- Get VPN set by default
 	local default_vpn = luci.http.formvalue("default_vpn") or "glorytun_tcp"
@@ -344,6 +352,7 @@ function wizard_add()
 
 	-- Retrieve all server settings
 	local serversnb = 0
+	local disablednb = 0
 	local servers = luci.http.formvaluetable("server")
 	for server, _ in pairs(servers) do
 		local server_ip = luci.http.formvalue("%s.server_ip" % server) or ""
@@ -352,6 +361,7 @@ function wizard_add()
 		-- OpenMPTCProuter VPS
 		local openmptcprouter_vps_key = luci.http.formvalue("%s.openmptcprouter_vps_key" % server) or ""
 		local openmptcprouter_vps_username = luci.http.formvalue("%s.openmptcprouter_vps_username" % server) or ""
+		local openmptcprouter_vps_disabled = luci.http.formvalue("%s.openmptcprouter_vps_disabled" % server) or ""
 		ucic:set("openmptcprouter",server,"server")
 		ucic:set("openmptcprouter",server,"username",openmptcprouter_vps_username)
 		ucic:set("openmptcprouter",server,"password",openmptcprouter_vps_key)
@@ -364,12 +374,16 @@ function wizard_add()
 			ucic:set("openmptcprouter",server,"master","0")
 			ucic:set("openmptcprouter",server,"backup","1")
 		end
-		ucic:set("openmptcprouter",server,"ip",server_ip)
+		if openmptcprouter_vps_disabled == "1" then
-		ucic:set("openmptcprouter",server,"port","65500")
+			disablednb = disablednb + 1
-		ucic:save("openmptcprouter")
+		end
 		if server_ip ~= "" then
 			serversnb = serversnb + 1
 		end
+		ucic:set("openmptcprouter",server,"disabled",openmptcprouter_vps_disabled)
+		ucic:set("openmptcprouter",server,"ip",server_ip)
+		ucic:set("openmptcprouter",server,"port","65500")
+		ucic:save("openmptcprouter")
 	end
 
 	local ss_servers_nginx = {}
@@ -382,50 +396,40 @@ function wizard_add()
 		local master = luci.http.formvalue("master") or ""
 		local server_ip = luci.http.formvalue("%s.server_ip" % server) or ""
 		-- We have an IP, so set it everywhere
-		if server_ip ~= "" then
+		if server_ip ~= "" and luci.http.formvalue("%s.openmptcprouter_vps_disabled" % server) ~= "1" then
 			-- Check if we have more than one IP, in this case use Nginx HA
 			if serversnb > 1 then
 				if master == server then
 					ss_ip=server_ip
-					table.insert(ss_servers_nginx,server_ip .. ":65101 max_fails=2 fail_timeout=20s")
+					ucic:set("shadowsocks-libev","sss0","server",server_ip)
-					table.insert(ss_servers_ha,server_ip .. ":65101 check")
+					ucic:set("glorytun","vpn","host",server_ip)
-					if vpn_port ~= "" then
+					ucic:set("dsvpn","vpn","host",server_ip)
-						table.insert(vpn_servers,server_ip .. ":" .. vpn_port .. " max_fails=2 fail_timeout=20s")
+					ucic:set("mlvpn","general","host",server_ip)
-					end
+					ucic:set("ubond","general","host",server_ip)
-				else
+					luci.sys.call("uci -q del openvpn.omr.remote")
-					table.insert(ss_servers_nginx,server_ip .. ":65101 backup")
+					luci.sys.call("uci -q add_list openvpn.omr.remote=" .. server_ip)
-					table.insert(ss_servers_ha,server_ip .. ":65101 backup")
+					ucic:set("qos","serverin","srchost",server_ip)
-					if vpn_port ~= "" then
+					ucic:set("qos","serverout","dsthost",server_ip)
-						table.insert(vpn_servers,server_ip .. ":" .. vpn_port .. " backup")
-					end
 				end
 				k = k + 1
-				ucic:set("nginx-ha","ShadowSocks","enable","1")
+				ucic:set("nginx-ha","ShadowSocks","enable","0")
-				ucic:set("nginx-ha","VPN","enable","1")
+				ucic:set("nginx-ha","VPN","enable","0")
-				ucic:set("nginx-ha","ShadowSocks","upstreams",ss_servers_nginx)
-				ucic:set("nginx-ha","VPN","upstreams",vpn_servers)
 				ucic:set("haproxy-tcp","general","enable","0")
-				ucic:set("haproxy-tcp","general","upstreams",ss_servers_ha)
 				ucic:set("openmptcprouter","settings","ha","1")
-				server_ip = "127.0.0.1"
-				--ucic:set("shadowsocks-libev","sss0","server",ss_ip)
 			else
 				ucic:set("openmptcprouter","settings","ha","0")
 				ucic:set("nginx-ha","ShadowSocks","enable","0")
 				ucic:set("nginx-ha","VPN","enable","0")
-				--ucic:set("shadowsocks-libev","sss0","server",server_ip)
+				ucic:set("shadowsocks-libev","sss0","server",server_ip)
-				--ucic:set("openmptcprouter","vps","ip",server_ip)
+				ucic:set("glorytun","vpn","host",server_ip)
-				--ucic:save("openmptcprouter")
+				ucic:set("dsvpn","vpn","host",server_ip)
+				ucic:set("mlvpn","general","host",server_ip)
+				ucic:set("ubond","general","host",server_ip)
+				luci.sys.call("uci -q del openvpn.omr.remote")
+				luci.sys.call("uci -q add_list openvpn.omr.remote=" .. server_ip)
+				ucic:set("qos","serverin","srchost",server_ip)
+				ucic:set("qos","serverout","dsthost",server_ip)
 			end
-			ucic:set("shadowsocks-libev","sss0","server",server_ip)
-			ucic:set("glorytun","vpn","host",server_ip)
-			ucic:set("dsvpn","vpn","host",server_ip)
-			ucic:set("mlvpn","general","host",server_ip)
-			ucic:set("ubond","general","host",server_ip)
-			luci.sys.call("uci -q del openvpn.omr.remote")
-			luci.sys.call("uci -q add_list openvpn.omr.remote=" .. server_ip)
-			ucic:set("qos","serverin","srchost",server_ip)
-			ucic:set("qos","serverout","dsthost",server_ip)
 		end
 	end
 
@@ -449,17 +453,25 @@ function wizard_add()
 	local encryption = luci.http.formvalue("encryption")
 	if encryption == "none" then
 		ucic:set("shadowsocks-libev","sss0","method","none")
+		ucic:save("shadowsocks-libev")
 	elseif encryption == "aes-256-gcm" then
 		ucic:set("shadowsocks-libev","sss0","method","aes-256-gcm")
 		ucic:set("glorytun","vpn","chacha20","0")
+		ucic:save("glorytun")
+		ucic:save("shadowsocks-libev")
 	elseif encryption == "chacha20-ietf-poly1305" then
 		ucic:set("shadowsocks-libev","sss0","method","chacha20-ietf-poly1305")
 		ucic:set("glorytun","vpn","chacha20","1")
+		ucic:save("glorytun")
+		ucic:save("shadowsocks-libev")
 	end
 
 	-- Set ShadowSocks settings
 	local shadowsocks_key = luci.http.formvalue("shadowsocks_key")
 	local shadowsocks_disable = luci.http.formvalue("disableshadowsocks") or "0"
+	if disablednb == serversnb then
+		shadowsocks_disable = 1
+	end
 	if shadowsocks_key ~= "" then
 		ucic:set("shadowsocks-libev","sss0","key",shadowsocks_key)
 		--ucic:set("shadowsocks-libev","sss0","method","chacha20-ietf-poly1305")
@@ -484,7 +496,7 @@ function wizard_add()
 	end
 
 	-- Set Glorytun settings
-	if default_vpn:match("^glorytun.*") then
+	if default_vpn:match("^glorytun.*") and disablednb ~= serversnb then
 		ucic:set("glorytun","vpn","enable",1)
 	else
 		ucic:set("glorytun","vpn","enable",0)
@@ -518,7 +530,7 @@ function wizard_add()
 	ucic:commit("glorytun")
 
 	-- Set A Dead Simple VPN settings
-	if default_vpn == "dsvpn" then
+	if default_vpn == "dsvpn" and disablednb ~= serversnb  then
 		ucic:set("dsvpn","vpn","enable",1)
 	else
 		ucic:set("dsvpn","vpn","enable",0)
@@ -541,7 +553,7 @@ function wizard_add()
 	ucic:commit("dsvpn")
 
 	-- Set MLVPN settings
-	if default_vpn == "mlvpn" then
+	if default_vpn == "mlvpn" and disablednb ~= serversnb  then
 		ucic:set("mlvpn","general","enable",1)
 		ucic:set("network","omrvpn","proto","dhcp")
 	else
@@ -561,7 +573,7 @@ function wizard_add()
 	ucic:commit("mlvpn")
 
 	-- Set UBOND settings
-	if default_vpn == "ubond" then
+	if default_vpn == "ubond" and disablednb ~= serversnb  then
 		ucic:set("ubond","general","enable",1)
 		ucic:set("network","omrvpn","proto","dhcp")
 	else
@@ -580,7 +592,7 @@ function wizard_add()
 	ucic:save("ubond")
 	ucic:commit("ubond")
 
-	if default_vpn == "openvpn" then
+	if default_vpn == "openvpn" and disablednb ~= serversnb  then
 		ucic:set("openvpn","omr","enabled",1)
 		ucic:set("network","omrvpn","proto","none")
 	else
@@ -605,6 +617,7 @@ function wizard_add()
 	-- Restart all
 	if gostatus == true then
 		luci.sys.call("(env -i /bin/ubus call network reload) >/dev/null 2>/dev/null")
+		luci.sys.call("/etc/init.d/omr-tracker stop >/dev/null 2>/dev/null")
 		luci.sys.call("/etc/init.d/mptcp restart >/dev/null 2>/dev/null")
 		if openmptcprouter_vps_key ~= "" then
 			luci.sys.call("/etc/init.d/openmptcprouter-vps restart >/dev/null 2>/dev/null")
@@ -617,7 +630,7 @@ function wizard_add()
 		luci.sys.call("/etc/init.d/ubond restart >/dev/null 2>/dev/null")
 		luci.sys.call("/etc/init.d/openvpn restart >/dev/null 2>/dev/null")
 		luci.sys.call("/etc/init.d/dsvpn restart >/dev/null 2>/dev/null")
-		luci.sys.call("/etc/init.d/omr-tracker restart >/dev/null 2>/dev/null")
+		luci.sys.call("/etc/init.d/omr-tracker start >/dev/null 2>/dev/null")
 		luci.sys.call("/etc/init.d/omr-6in4 restart >/dev/null 2>/dev/null")
 		luci.sys.call("/etc/init.d/mptcpovervpn restart >/dev/null 2>/dev/null")
 		luci.sys.call("/etc/init.d/vnstat restart >/dev/null 2>/dev/null")
@@ -683,6 +696,10 @@ function settings_add()
 	local disablegwping = luci.http.formvalue("disablegwping") or "0"
 	ucic:set("openmptcprouter","settings","disablegwping",disablegwping)
 
+	-- Enable/disable default gateway
+	local disabledefaultgw = luci.http.formvalue("disabledefaultgw") or "1"
+	ucic:set("openmptcprouter","settings","defaultgw",disabledefaultgw)
+
 	-- Enable/disable server ping
 	local disableserverping = luci.http.formvalue("disableserverping") or "0"
 	ucic:set("openmptcprouter","settings","disableserverping",disableserverping)
@@ -701,6 +718,18 @@ function settings_add()
 		ucic:set("shadowsocks-libev",section[".name"],"fast_open",fastopen)
 	end)
 
+	-- Enable/disable no delay
+	local nodelay = luci.http.formvalue("enablenodelay") or "0"
+	ucic:set("openmptcprouter","settings","enable_nodelay",nodelay)
+	luci.sys.exec("sysctl -w net.ipv4.tcp_low_latency=%s" % nodelay)
+	luci.sys.exec("sed -i 's:^net.ipv4.tcp_low_latency=[0-9]*:net.ipv4.tcp_low_latency=%s:' /etc/sysctl.d/zzz_openmptcprouter.conf" % nodelay)
+	ucic:foreach("shadowsocks-libev", "ss_redir", function (section)
+		ucic:set("shadowsocks-libev",section[".name"],"no_delay",nodelay)
+	end)
+	ucic:foreach("shadowsocks-libev", "ss_local", function (section)
+		ucic:set("shadowsocks-libev",section[".name"],"no_delay",nodelay)
+	end)
+
 
 	-- Enable/disable obfs
 	local obfs = luci.http.formvalue("obfs") or "0"

luci-app-openmptcprouter/luasrc/view/openmptcprouter/settings.htm

@@ -164,6 +164,16 @@
 		    </div>
 		</div>
 	    </div>
+	    <div class="cbi-value">
+		<label class="cbi-value-title"><%:Enable TCP Low Latency%></label>
+		<div class="cbi-value-field">
+		    <input type="checkbox" name="enablenodelay" class="cbi-input-checkbox" value="1" <% if luci.model.uci.cursor():get("openmptcprouter","settings","enable_nodelay") == "1" then %>checked<% end %>>
+		    <br />
+		    <div class="cbi-value-description">
+			<%:Optimize for latency instead of bandwidth%>
+		    </div>
+		</div>
+	    </div>
 	    <div class="cbi-value">
 		<label class="cbi-value-title"><%:Save vnstats stats%></label>
 		<div class="cbi-value-field">
@@ -184,6 +194,16 @@
 		    </div>
 		</div>
 	    </div>
+	    <div class="cbi-value">
+		<label class="cbi-value-title"><%:Disable default gateway%></label>
+		<div class="cbi-value-field">
+		    <input type="checkbox" name="disabledefaultgw" class="cbi-input-checkbox" value="0" <% if luci.model.uci.cursor():get("openmptcprouter","settings","defaultgw") == "0" then %>checked<% end %>>
+		    <br />
+		    <div class="cbi-value-description">
+			<%:Disable default gateway, no internet if VPS are down%>
+		    </div>
+		</div>
+	    </div>
 	    <div class="cbi-value">
 		<label class="cbi-value-title"><%:Disable server ping%></label>
 		<div class="cbi-value-field">

luci-app-openmptcprouter/luasrc/view/openmptcprouter/wanstatus.htm

@@ -31,9 +31,9 @@
 -- * Many tests
 -%>
 <%+header%>
-<link rel="stylesheet" type="text/css" href="<%=resource%>/openmptcprouter/css/wanstatus.css?v=git-18.120.38690-2678b12"/>
+<link rel="stylesheet" type="text/css" href="<%=resource%>/openmptcprouter/css/wanstatus.css?v=git-20"/>
-<script type="text/javascript" src="<%=resource%>/seedrandom.js?v=git-18.120.38690-2678b12"></script>
+<script type="text/javascript" src="<%=resource%>/seedrandom.js?v=git-20"></script>
-<script type="text/javascript" src="<%=resource%>/cbi.js?v=git-18.120.38690-2678b12"></script>
+<script type="text/javascript" src="<%=resource%>/cbi.js?v=git-20"></script>
 <script type="text/javascript">//<![CDATA[
 	var anonymize = false;
 	function getCookieValue(a) {
@@ -382,6 +382,7 @@
 					var operator = mArray.wans[i].operator;
 					var phonenumber = mArray.wans[i].phonenumber;
 					var donglestate = mArray.wans[i].donglestate;
+					var networktype = mArray.wans[i].networktype;
 					var gateway = mArray.wans[i].gateway;
 					if (anonymize == "true" && testPrivateIP(gateway) == false)
 					{
@@ -429,7 +430,7 @@
 					{
 						content += String.format('%s %s<br />',_('mtu:'), mtu);
 					}
-					if (operator !== '' && anonymize !== 'true')
+					if (operator !== '')
 					{
 						content += String.format('%s %s<br />',_('operator:'), operator);
 					}
@@ -437,7 +438,7 @@
 					{
 						content += String.format('%s %s<br />',_('phone number:'), phonenumber);
 					}
-					if (donglestate !== '' && anonymize !== 'true')
+					if (donglestate !== '')
 					{
 						content += String.format('%s %s<br />',_('state:'), donglestate);
 					}
@@ -455,6 +456,10 @@
 						else 
 							title += ' <img src="/luci-static/resources/icons/signal-75-100.png" />';
 					}
+					if (networktype !== '')
+					{
+						title += String.format(' <i>%s</i>',networktype);
+					}
 					if(ipaddr == '')
 					{
 						statusMessage += _('No IP defined') + '<br />';
@@ -506,6 +511,11 @@
 					{
 						statusMessage += _('IPv6 route received') + '<br />'
 					}
+					if (statusMessage !== "" && statusMessageClass !== "error")
+					{
+						statusMessageClass = "warning";
+						statusIcon = "<%=resource%>/openmptcprouter/images/statusWarning.png";
+					}
 					content += String.format('multipath: %s<br />',multipath);
 					if(mArray.wans[i].qos && mArray.wans[i].download > 0 && mArray.wans[i].upload > 0)
 					{

luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm

@@ -110,6 +110,15 @@ end
 		</div>
 	    <%
 		    end
+	    %>
+		<br />
+		<div class="cbi-value">
+		    <label class="cbi-value-title"><%:Disable server%></label>
+		    <div class="cbi-value-field">
+			<input class="cbi-input-radio" type="checkbox" name="<%=servername%>.openmptcprouter_vps_disabled" value="1" <% if uci:get("openmptcprouter",servername,"openmptcprouter_vps_disabled") == "1" then %>checked<% end %>/>
+		    </div>
+		</div>
+	    <%
 		end)
 	    %>
 		<div class="cbi-section-create">
@@ -122,6 +131,16 @@ end
 	</fieldset>
 	<fieldset class="cbi-section" id="server_common">
 	    <legend><%:Common server settings%></legend>
+	    <div class="cbi-value">
+		<label class="cbi-value-title"><%:Advanced settings%></label>
+		<div class="cbi-value-field">
+		    <input type="checkbox" class="cbi-input-checkbox" id="showadv" value="1" onclick="jsshowadv()" />
+		</div>
+	    </div>
+	</fieldset>
+	<span id="advancedsettings" style="display:none;">
+	<fieldset class="cbi-section" id="ipv6">
+	    <legend><%:IPv6 settings%></legend>
 	    <div class="cbi-value">
 		<label class="cbi-value-title"><%:Enable IPv6%></label>
 		<div class="cbi-value-field">
@@ -133,13 +152,16 @@ end
 		</div>
 	    </div>
 	    <div class="cbi-value">
-		<label class="cbi-value-title"><%:Advanced settings%></label>
+		<label class="cbi-value-title"><%:IPv6 ULA-Prefix%></label>
 		<div class="cbi-value-field">
-		    <input type="checkbox" class="cbi-input-checkbox" id="showadv" value="1" onclick="jsshowadv()" />
+		    <input type="text" name="ula" class="cbi-input-text" value="<%=uci:get("network","globals","ula_prefix")%>" data-type="ula_prefix" />
+		    <br />
+		    <div class="cbi-value-description">
+		        <%:You can set a public IPv6 prefix only if you set only one server.%>
+		    </div>
 		</div>
 	    </div>
 	</fieldset>
-	<span id="advancedsettings" style="display:none;">
 	<fieldset class="cbi-section" id="shadowsocks">
 	    <legend><%:ShadowSocks settings%></legend>
 	    <div class="cbi-section-descr"><%:By default ShadowSocks is used for TCP traffic.%></div>
@@ -149,7 +171,7 @@ end
 		    <input type="text" name="shadowsocks_key" placeholder="<%:ShadowSocks key%>" class="cbi-input-text" value="<%=uci:get("shadowsocks-libev","sss0","key")%>" />
 		    <br />
 		    <div class="cbi-value-description">
-		        <%:ShadowSocks is used for TCP.%>
+		        <%:Key is retrieved from server API by default. ShadowSocks is used for TCP.%>
 		    </div>
 		</div>
 	    </div>
@@ -195,7 +217,7 @@ end
 		    <input type="text" name="glorytun_key" placeholder="<%:Glorytun key%>" class="cbi-input-text" value="<%=uci:get("glorytun","vpn","key")%>">
 		    <br />
 		    <div class="cbi-value-description">
-		        <%:Glorytun TCP is used by default for UDP and ICMP%>
+		        <%:Key is retrieved from server API by default. Glorytun TCP is used by default for UDP and ICMP%>
 		    </div>
 		</div>
 	    </div>
@@ -207,7 +229,7 @@ end
 		    <input type="text" name="dsvpn_key" placeholder="<%:A Dead Simple VPN key%>" class="cbi-input-text" value="<%=uci:get("dsvpn","vpn","key")%>">
 		    <br />
 		    <div class="cbi-value-description">
-		        <%:A Dead Simple VPN is a TCP VPN that can replace Glorytun TCP%>
+		        <%:Key is retrieved from server API by default. A Dead Simple VPN is a TCP VPN that can replace Glorytun TCP%>
 		    </div>
 		</div>
 	    </div>
@@ -219,7 +241,7 @@ end
 		    <input type="text" name="mlvpn_password" placeholder="<%:MLVPN password%>" class="cbi-input-text" value="<%=uci:get("mlvpn","general","password")%>">
 		    <br />
 		    <div class="cbi-value-description">
-		        <%:MLVPN can replace Glorytun with connections with same latency%>
+		        <%:Key is retrieved from server API by default. MLVPN can replace Glorytun with connections with same latency%>
 		    </div>
 		</div>
 	    </div>
@@ -231,7 +253,7 @@ end
 		    <input type="text" name="ubond_password" placeholder="<%:UBOND password%>" class="cbi-input-text" value="<%=uci:get("ubond","general","password")%>">
 		    <br />
 		    <div class="cbi-value-description">
-		        <%:UBOND can replace Glorytun with connections with same latency%>
+		        <%:Key is retrieved from server API by default. UBOND can replace Glorytun with connections with same latency%>
 		    </div>
 		</div>
 	    </div>

luci-app-openmptcprouter/root/bin/omr-huawei

@@ -1,14 +1,48 @@
 #!/bin/sh
 MODEM_IP=`echo $1 | grep -E '^(192\.168|10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.)'`
 [ -z "$MODEM_IP" ] && return
+INFO=$2
 SESTOK=$(curl -s -m 1 -X GET "http://$MODEM_IP/api/webserver/SesTokInfo")
 [ -z "$SESTOK" ] && return
 COOKIE=$(echo $SESTOK | sed -ne '/SesInfo/{s/.*<SesInfo>\(.*\)<\/SesInfo>.*/\1/p;q;}')
 COOKIE=$(echo $COOKIE | sed 's:SessionID=::')
 TOKEN=$(echo $SESTOK | sed -ne '/TokInfo/{s/.*<TokInfo>\(.*\)<\/TokInfo>.*/\1/p;q;}')
-curl -s -m 1 -X GET "http://$MODEM_IP/api/monitoring/status" -H "Cookie: SessionID=$COOKIE" -H "__RequestVerificationToken: $TOKEN" -H "Content-Type: text/xml" > /tmp/huawei-$1-status
+tmpfile=$(mktemp)
-SIGNAL_ICON=$(cat /tmp/huawei-$1-status | grep SignalIcon | sed -e 's/<[^>]*>//g')
+curl -s -m 1 -X GET "http://$MODEM_IP/api/monitoring/status" -H "Cookie: SessionID=$COOKIE" -H "__RequestVerificationToken: $TOKEN" -H "Content-Type: text/xml" > ${tmpfile}
-MAX_SIGNAL=$(cat /tmp/huawei-$1-status | grep maxsignal | sed -e 's/<[^>]*>//g')
+SIGNAL_STRENGTH=$(cat ${tmpfile} | grep SignalStrength | sed -e 's/<[^>]*>//g' | sed 's/[^\x00-\x7F]//g')
-if [ -n "$SIGNAL_ICON" ] && [ -n "$MAX_SIGNAL" ]; then
+if [ "$SIGNAL_STRENGTH" = "" ]; then
-        echo $((100 * ${SIGNAL_ICON} / ${MAX_SIGNAL}))
+	SIGNAL_ICON=$(cat ${tmpfile} | grep SignalIcon | sed -e 's/<[^>]*>//g' | sed 's/[^\x00-\x7F]//g')
-fi
+	MAX_SIGNAL=$(cat ${tmpfile} | grep maxsignal | sed -e 's/<[^>]*>//g' | sed 's/[^\x00-\x7F]//g')
+	if [ -n "$SIGNAL_ICON" ] && [ -n "$MAX_SIGNAL" ]; then
+	        PERCENT=$((100 * ${SIGNAL_ICON} / ${MAX_SIGNAL}))
+	fi
+else
+	echo "signal"
+	PERCENT=$SIGNAL_STRENGTH
+fi
+
+STATE=""
+CONNECTSTATE=$(cat ${tmpfile} | grep ConnectionStatus | sed -e 's/<[^>]*>//g' | sed 's/[^\x00-\x7F]//g')
+[ "$CONNECTSTATE" = "201" ] && STATE="connection failed, bandwidth exceeded"
+[ "$CONNECTSTATE" = "900" ] && STATE="connecting"
+[ "$CONNECTSTATE" = "901" ] && STATE="connected"
+[ "$CONNECTSTATE" = "902" ] && STATE="disconnected"
+[ "$CONNECTSTATE" = "903" ] && STATE="disconnecting"
+[ "$CONNECTSTATE" = "904" ] && STATE="connection failed or disabled"
+TYPE=""
+NETWORKTYPE=$(cat ${tmpfile} | grep CurrentNetworkType\> | sed -e 's/<[^>]*>//g' | sed 's/[^\x00-\x7F]//g' | tr -d "\n")
+[ "$NETWORKTYPE" = "2" ] || [ "$NETWORKTYPE" = "3" ] && TYPE="2g"
+[ "$NETWORKTYPE" = "4" ] || [ "$NETWORKTYPE" = "5" ] || [ "$NETWORKTYPE" = "6" ] || [ "$NETWORKTYPE" = "7" ] || [ "$NETWORKTYPE" = "8" ] || [ "$NETWORKTYPE" = "9" ] || [ "$NETWORKTYPE" = "17" ] || [ "$NETWORKTYPE" = "18" ] || [ "$NETWORKTYPE" = "41" ] || [ "$NETWORKTYPE" = "44" ] || [ "$NETWORKTYPE" = "45" ] || [ "$NETWORKTYPE" = "46" ] || [ "$NETWORKTYPE" = "64" ] || [ "$NETWORKTYPE" = "65" ] && TYPE="3g"
+[ "$NETWORKTYPE" = "19" ] || [ "$NETWORKTYPE" = "101" ] && TYPE="lte"
+rm -f ${tmpfile}
+OPERATOR=""
+if [ "$CONNECTSTATE" = "901" ]; then
+	tmpfile=$(mktemp)
+	curl -s -m 1 -X GET "http://$MODEM_IP/api/net/current-plmn" -H "Cookie: SessionID=$COOKIE" -H "__RequestVerificationToken: $TOKEN" -H "Content-Type: text/xml" > ${tmpfile}
+	OPERATOR=$(grep FullName ${tmpfile} | cut -f2 -d'>' | cut -f1 -d'<')
+	#$(cat ${tmpfile} | grep FullName | sed -e 's/<[^>]*>//g' | sed 's/[^\x00-\x7F]//g' | tr -d "\n")
+	rm -f ${tmpfile}
+fi
+NUMBER=""
+[ -z "$INFO" ] && echo "$PERCENT"
+[ "$INFO" = "all" ] && echo "$PERCENT;$OPERATOR;$NUMBER;$STATE;$TYPE"

luci-app-openmptcprouter/root/bin/omr-modemmanager

@@ -10,8 +10,9 @@ timeout 1 mmcli -L | while read MODEM; do
 		OPERATOR=$(echo "$MODEM_INFO" | grep 'modem.3gpp.operator-name' | awk -F": " '{print $2}')
 		NUMBER=$(echo "$MODEM_INFO" | grep 'modem.generic.own-numbders.value[1]' | awk -F": " '{print $2}')
 		STATE=$(echo "$MODEM_INFO" | grep 'modem.generic.state' | awk -F": " '{print $2}')
+		TYPE=$(echo "$MODEM_INFO" | grep 'modem.generic.access-technologies.values[1]' | awk -F": " '{print $2}')
 		[ -z "$INFO" ] && echo $PERCENT
-		[ "$INFO" = "all" ] && echo "$PERCENT;$OPERATOR;$NUMBER;$STATE"
+		[ "$INFO" = "all" ] && echo "$PERCENT;$OPERATOR;$NUMBER;$STATE;$TYPE"
 		exit
 	fi
 done

luci-app-openmptcprouter/root/bin/omr-qmi

@@ -26,4 +26,4 @@ fi
 OPERATOR=$(timeout 1 uqmi -d $MODEM_INTF --get-serving-system | jsonfilter -e '@.plmn_description' | tr -d '\n')
 NUMBER=$(timeout 1 uqmi -d $MODEM_INTF --msisdn | jsonfilter -e '@' | tr -d '\n')
 STATE=$(timeout 1 uqmi -d $MODEM_INTF --get-data-status | jsonfilter -e '@' | tr -d '\n')
-[ "$INFO" = "all" ] && echo "$PERCENT;$OPERATOR;$NUMBER;$TATE"
+[ "$INFO" = "all" ] && echo "$PERCENT;$OPERATOR;$NUMBER;$TATE;$TYPE"

luci-app-openmptcprouter/root/etc/init.d/openmptcprouter

@@ -7,6 +7,7 @@ START=5
 USE_PROCD=1
 
 omr_intf_del() {
+	[ -z "$1" ] && return
 	uci -q delete openmptcprouter.$1
 }
 
@@ -17,10 +18,6 @@ omr_intf_check() {
 omr_intf_set() {
 	config_get multipath "$1" multipath
 	config_get ifname "$1" ifname
-	[ -n "$(ubus call system board | jsonfilter -e '@.board_name' | grep raspberry)" ] && [ -n "$(echo $ifname | grep usb)" ] && {
-		uci -q set openmptcprouter.settings.scaling_min_freq=800000
-		uci -q set openmptcprouter.settings.scaling_max_freq=800000
-	}
 	[ -z "$multipath" ] || [ "$multipath" = "off" ] && [ "$1" != "omrvpn" ] && [ "$1" != "glorytun" ] && return
 
 	uci -q set openmptcprouter.$1=interface
@@ -41,6 +38,12 @@ start_service() {
 	config_load network
 	config_foreach omr_intf_set interface
 
+	[ -n "$(ubus call system board | jsonfilter -e '@.board_name' | grep raspberry)" ] && {
+		# force CPU speed for RPI
+		uci -q set openmptcprouter.settings.scaling_min_freq=$(cat /sys/devices/system/cpu/cpufreq/policy0/scaling_max_freq | tr -d "\n")
+		uci -q set openmptcprouter.settings.scaling_max_freq=$(cat /sys/devices/system/cpu/cpufreq/policy0/scaling_max_freq | tr -d "\n")
+	}
+
 	config_load openmptcprouter
 	config_get scaling_min_freq settings scaling_min_freq
 	[ -n "$scaling_min_freq" ] && {

luci-app-openmptcprouter/root/etc/sysctl.d/zzz_openmptcprouter.conf

@@ -2,4 +2,5 @@ net.ipv4.tcp_keepalive_time=7200
 net.ipv6.conf.all.disable_ipv6=0
 net.ipv4.tcp_fin_timeout=60
 net.ipv4.tcp_syn_retries=3
-net.ipv4.tcp_fastopen=3
+net.ipv4.tcp_fastopen=3
+net.ipv4.tcp_low_latency=1

luci-app-openmptcprouter/root/etc/uci-defaults/openmptcprouter

@@ -95,4 +95,10 @@ if [ "$(uci -q get openmptcprouter.settings.status_getip_timeout)" = "" ]; then
 		commit openmptcprouter
 	EOF
 fi
+if [ "$(uci -q get openmptcprouter.settings.enable_nodelay)" = "" ]; then
+	uci -q batch <<-EOF >/dev/null
+		set openmptcprouter.settings.enable_nodelay=1
+		commit openmptcprouter
+	EOF
+fi
 exit 0

luci-app-openmptcprouter/root/usr/libexec/rpcd/openmptcprouter

@@ -821,7 +821,8 @@ function interfaces_status()
 					mArray.openmptcprouter["tun_state"] = "DOWN"
 				end
 				if mArray.openmptcprouter["ipv6"] == "enabled" then
-					local tunnel_ping6_test = ut.trim(sys.exec("ping6 -w 1 -c 1 fe80::a00:1%6in4-omr6in4 | grep '100% packet loss'"))
+					local tunnel_ipv6_gw = uci:get("network","omr6in4","gateway")
+					local tunnel_ping6_test = ut.trim(sys.exec("ping6 -w 1 -c 1 " .. tunnel_ipv6_gw .. "%6in4-omr6in4 | grep '100% packet loss'"))
 					if tunnel_ping6_test == "" then
 						mArray.openmptcprouter["tun6_state"] = "UP"
 					else
@@ -1040,6 +1041,7 @@ function interfaces_status()
 	    local operator = ""
 	    local phonenumber = ""
 	    local donglestate = ""
+	    local networktype = ""
 	    if gateway ~= "" then
 		    if uci:get("openmptcprouter", "settings", "disablegwping") ~= "1" and connectivity ~= "ERROR" then
 			    local gw_ping_test = ut.trim(sys.exec("ping -w 1 -c 1 " .. gateway .. " | grep '100% packet loss'"))
@@ -1051,7 +1053,14 @@ function interfaces_status()
 			    end
 		    end
 		    if uci:get("openmptcprouter", interface, "manufacturer") == "huawei" then
-			    signal = sys.exec("omr-huawei " .. gateway .. " | tr -d '\n'")
+			    intfdata = ut.trim(sys.exec("omr-huawei " .. gateway .. " all"))
+			    if intfdata ~= "" then
+				    signal = ut.trim(sys.exec("echo '".. intfdata .. "' | awk -F';' '{print $1}'"))
+				    operator = ut.trim(sys.exec("echo '".. intfdata .. "' | awk -F';' '{print $2}'"))
+				    phonenumber = ut.trim(sys.exec("echo '".. intfdata .. "' | awk -F';' '{print $3}'"))
+				    donglestate = ut.trim(sys.exec("echo '".. intfdata .. "' | awk -F';' '{print $4}'"))
+				    networktype = ut.trim(sys.exec("echo '".. intfdata .. "' | awk -F';' '{print $5}'"))
+			    end
 		    end
 	    elseif gateway == "" then
 		    gw_ping = "DOWN"
@@ -1062,24 +1071,26 @@ function interfaces_status()
 		    local proto = section['proto']
 		    if proto == "qmi" then
 			    local device = section['device']
-			    intfdata = sys.exec("omr-qmi " .. device .. " | tr -d '\n'")
+			    intfdata = ut.trim(sys.exec("omr-qmi " .. device .. " all"))
 			    if intfdata ~= "" then
-				    signal = sys.exec("echo ".. intfdata .. " | awk -F';' '{print $1}' | tr -d '\n'")
+				    signal = ut.trim(sys.exec("echo '".. intfdata .. "' | awk -F';' '{print $1}'"))
-				    operator = sys.exec("echo ".. intfdata .. " | awk -F';' '{print $2}' | tr -d '\n'")
+				    operator = ut.trim(sys.exec("echo '".. intfdata .. "' | awk -F';' '{print $2}'"))
-				    phonenumber = sys.exec("echo ".. intfdata .. " | awk -F';' '{print $3}' | tr -d '\n'")
+				    phonenumber = ut.trim(sys.exec("echo '".. intfdata .. "' | awk -F';' '{print $3}'"))
-				    donglestate = sys.exec("echo ".. intfdata .. " | awk -F';' '{print $4}' | tr -d '\n'")
+				    donglestate = ut.trim(sys.exec("echo '".. intfdata .. "' | awk -F';' '{print $4}'"))
+				    networktype = ut.trim(sys.exec("echo '".. intfdata .. "' | awk -F';' '{print $5}'"))
 			    end
 		    elseif proto == "3g" then
 			    local device = section['device']
 			    signal = sys.exec("omr-3g " .. device .. " | tr -d '\n'")
 		    elseif proto == "modemmanager" then
 			    local device = section['device']
-			    intfdata = sys.exec("omr-modemmanager " .. device .. " | tr -d '\n'")
+			    intfdata = ut.trim(sys.exec("omr-modemmanager " .. device .. " all"))
 			    if intfdata ~= "" then
-				    signal = sys.exec("echo ".. intfdata .. " | awk -F';' '{print $1}' | tr -d '\n'")
+				    signal = ut.trim(sys.exec("echo '".. intfdata .. "' | awk -F';' '{print $1}'"))
-				    operator = sys.exec("echo ".. intfdata .. " | awk -F';' '{print $2}' | tr -d '\n'")
+				    operator = ut.trim(sys.exec("echo '".. intfdata .. "' | awk -F';' '{print $2}'"))
-				    phonenumber = sys.exec("echo ".. intfdata .. " | awk -F';' '{print $3}' | tr -d '\n'")
+				    phonenumber = ut.trim(sys.exec("echo '".. intfdata .. "' | awk -F';' '{print $3}'"))
-				    donglestate = sys.exec("echo ".. intfdata .. " | awk -F';' '{print $4}' | tr -d '\n'")
+				    donglestate = ut.trim(sys.exec("echo '".. intfdata .. "' | awk -F';' '{print $4}'"))
+				    networktype = ut.trim(sys.exec("echo '".. intfdata .. "' | awk -F';' '{print $5}'"))
 			    end
 		    end
 	    end
@@ -1108,11 +1119,12 @@ function interfaces_status()
 		    end
 	    end
 
-	    local multipath_available
+	    local multipath_available = ""
+	    local multipath_available_state = ""
 	    if connectivity ~= "ERROR" and mArray.openmptcprouter["dns"] == true and ifname ~= nil and ifname ~= "" and gateway ~= "" and gw_ping == "UP" then
 		    -- Test if multipath can work on the connection
-		    local multipath_available_state = uci:get("openmptcprouter",interface,"mptcp_status") or ""
+		    -- local multipath_available_state = uci:get("openmptcprouter",interface,"mptcp_status") or ""
-		    if multipath_available_state == "" then
+		    -- if multipath_available_state == "" then
 			    if mArray.openmptcprouter["external_check"] ~= false then
 			    --if mArray.openmptcprouter["service_addr"] ~= "" then
 			    --    multipath_available_state = ut.trim(sys.exec("omr-tracebox-mptcp " .. mArray.openmptcprouter["service_addr"] .. " " .. ifname .. " | grep 'MPTCP disabled'"))
@@ -1120,12 +1132,12 @@ function interfaces_status()
 				    multipath_available_state = ut.trim(sys.exec("omr-mptcp-intf " .. ifname .. " | grep 'Nay, Nay, Nay'"))
 			    --end
 			    end
-		    else
+		    -- else
-			    multipath_available_state = ut.trim(sys.exec("echo '" .. multipath_available_state .. "' | grep 'MPTCP disabled'"))
+		    --    multipath_available_state = ut.trim(sys.exec("echo '" .. multipath_available_state .. "' | grep 'MPTCP disabled'"))
-		    end
+		    -- end
 		    if multipath_available_state == "" then
 			    multipath_available = "OK"
-		    --else
+		    else
 		    --	    if mArray.openmptcprouter["external_check"] ~= false then
 		    --		    multipath_available_state_wan = ut.trim(sys.exec("omr-mptcp-intf " .. ifname .. " | grep 'Nay, Nay, Nay'"))
 		    --		    if multipath_available_state_wan == "" then
@@ -1134,7 +1146,7 @@ function interfaces_status()
 		    --				    mArray.openmptcprouter["server_mptcp"] = "disabled"
 		    --			    end
 		    --		    else
-		    --			    multipath_available = "ERROR"
+		    	    multipath_available = "ERROR"
 		    --			    connectivity = "WARNING"
 		    --		    end
 		    --	    else
@@ -1198,6 +1210,12 @@ function interfaces_status()
 			    end
 		    end
 	    end
+	    local rx = ""
+	    local tx = ""
+	    if ifname ~= "" and ifname ~= nil then
+		    rx = ut.trim(sys.exec("devstatus " .. ifname .. " | jsonfilter -e '@.statistics.rx_bytes'"))
+		    tx = ut.trim(sys.exec("devstatus " .. ifname .. " | jsonfilter -e '@.statistics.tx_bytes'"))
+	    end
 	    local data = {
 		label = section["label"] or interface,
 		name = interface,
@@ -1224,6 +1242,9 @@ function interfaces_status()
 		operator = operator,
 		phonenumber = phonenumber,
 		donglestate = donglestate,
+		networktype = networktype,
+		rx = rx,
+		tx = tx,
 	    }
 	    if ifname ~= nil and ifname:match("^tun.*") then
 		    table.insert(mArray.tunnels, data);

luci-app-openmptcprouter/root/usr/share/luci/menu.d/luci-app-openmptcprouter.json

@@ -0,0 +1,13 @@
+{
+	"admin/system/openmptcprouter": {
+		"title": "OpenMPTCProuter",
+		"order": 1,
+		"action": {
+			"type": "template",
+			"path": "openmptcprouter/wizard"
+		},
+		"depends": {
+			"acl": [ "luci-app-openmptcprouter" ]
+		}
+	}
+}

luci-app-shadowsocks-libev/root/usr/share/luci/menu.d/luci-app-shadowsocks-libev.json

@@ -0,0 +1,39 @@
+{
+	"admin/services/shadowsocks-libev": {
+		"title": "Shadowsocks-libev",
+		"order": 59,
+		"action": {
+			"type": "firstchild"
+		},
+		"depends": {
+			"acl": [ "luci-app-shadowsocks-libev" ]
+		}
+	},
+
+	"admin/services/shadowsocks-libev/instances": {
+		"title": "Local Instances",
+		"order": 10,
+		"action": {
+			"type": "view",
+			"path": "shadowsocks-libev/instances"
+		}
+	},
+
+	"admin/services/shadowsocks-libev/servers": {
+		"title": "Remote Servers",
+		"order": 20,
+		"action": {
+			"type": "view",
+			"path": "shadowsocks-libev/servers"
+		}
+	},
+
+	"admin/services/shadowsocks-libev/rules": {
+		"title": "Redir Rules",
+		"order": 30,
+		"action": {
+			"type": "view",
+			"path": "shadowsocks-libev/rules"
+		}
+	}
+}

luci-app-shutdown/po/templates/shutdown.pot

@@ -0,0 +1,27 @@
+msgid ""
+msgstr "Content-Type: text/plain; charset=UTF-8"
+
+#: luci-app-shutdown/root/usr/share/rpcd/acl.d/luci-app-shutdown.json:3
+msgid "Allow shutdown the device"
+msgstr ""
+
+#: luci-app-shutdown/htdocs/luci-static/resources/view/system/shutdown.js:23
+msgid "Perform shutdown"
+msgstr ""
+
+#: luci-app-shutdown/htdocs/luci-static/resources/view/system/shutdown.js:9
+#: luci-app-shutdown/root/usr/share/luci/menu.d/luci-app-shutdown.json:3
+msgid "Shutdown"
+msgstr ""
+
+#: luci-app-shutdown/htdocs/luci-static/resources/view/system/shutdown.js:10
+msgid "Shutdown the operating system of your device"
+msgstr ""
+
+#: luci-app-shutdown/htdocs/luci-static/resources/view/system/shutdown.js:31
+msgid "The poweroff command failed with code %d"
+msgstr ""
+
+#: luci-app-shutdown/htdocs/luci-static/resources/view/system/shutdown.js:15
+msgid "Warning: There are unsaved changes that will get lost on shutdown!"
+msgstr ""

luci-app-shutdown/root/usr/share/luci/menu.d/luci-app-shutdown.json

@@ -5,6 +5,9 @@
 		"action": {
 			"type": "view",
 			"path": "system/shutdown"
+		},
+		"depends": {
+			"acl": [ "luci-app-shutdown" ]
 		}
 	}
 }

luci-app-snmpd/po/templates/snmpd.pot

@@ -0,0 +1,175 @@
+msgid ""
+msgstr "Content-Type: text/plain; charset=UTF-8"
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:82
+msgid "Access"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/view/snmpd.htm:81
+#: luci-app-snmpd/luasrc/view/snmpd.htm:122
+msgid "Add"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/view/snmpd.htm:66
+#: luci-app-snmpd/luasrc/view/snmpd.htm:116
+msgid "All"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:139
+msgid "Arguments"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:42
+msgid "Community"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:23
+msgid "Contact"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:97
+msgid "Context"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/view/snmpd.htm:54
+msgid "Domain, IP or network"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:9
+#: luci-app-snmpd/luasrc/view/snmpd.htm:24
+msgid "Enabled"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:132
+msgid "Exec"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:6
+#: luci-app-snmpd/luasrc/view/snmpd.htm:21
+#: luci-app-snmpd/luasrc/view/snmpd.htm:48
+msgid "General"
+msgstr ""
+
+#: luci-app-snmpd/root/usr/share/rpcd/acl.d/luci-app-snmpd.json:3
+msgid "Grant UCI access for luci-app-snmpd"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:63
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:72
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:86
+msgid "Group"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:63
+msgid "Groups help define access methods"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/view/snmpd.htm:64
+#: luci-app-snmpd/luasrc/view/snmpd.htm:114
+msgid "Interface"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:101
+msgid "Level"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:22
+msgid "Location"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:24
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:137
+msgid "Name"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:12
+msgid "Networks"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:116
+msgid "Notify"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:136
+msgid "ObjectID"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/view/snmpd.htm:55
+#: luci-app-snmpd/luasrc/view/snmpd.htm:90
+msgid "Output interface"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:138
+msgid "Program"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/view/snmpd.htm:85
+#: luci-app-snmpd/luasrc/view/snmpd.htm:89
+msgid "Protocols"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:106
+msgid "Read"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:34
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:69
+msgid "Read-only"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:35
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:70
+msgid "Read-write"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/controller/snmpd.lua:6
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:4
+#: luci-app-snmpd/luasrc/view/snmpd.htm:19
+#: luci-app-snmpd/root/usr/share/luci/menu.d/luci-app-snmpd.json:3
+msgid "SNMPd"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:4
+msgid "SNMPd settings interface (Beta)"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:32
+msgid "Server"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:37
+msgid "Source"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:19
+msgid "System"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:111
+msgid "Write"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:92
+msgid "any"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:104
+msgid "auth"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:29
+msgid "com2sec security"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:103
+msgid "noauth"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:67
+msgid "secname"
+msgstr ""
+
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:76
+#: luci-app-snmpd/luasrc/model/cbi/snmpd.lua:90
+msgid "version"
+msgstr ""

luci-app-snmpd/root/usr/share/luci/menu.d/luci-app-snmpd.json

@@ -0,0 +1,13 @@
+{
+	"admin/network/snmpd": {
+		"title": "SNMPd",
+		"order": 91,
+		"action": {
+			"type": "cbi",
+			"path": "snmpd"
+		},
+		"depends": {
+			"acl": [ "luci-app-snmpd" ]
+		}
+	}
+}

luci-mod-network/Makefile

@@ -4,7 +4,7 @@
 #
 # This is free software, licensed under the Apache License, Version 2.0 .
 #
-# From https://github.com/openwrt/luci/commit/1e07e3a52d4d06cc82ab07f2b7fbba0a9a6fb801
+# From https://github.com/openwrt/luci/commit/01d5d5f92963d9596a3c0b669a7e8d87b64132d5
 
 include $(TOPDIR)/rules.mk
 

luci-mod-network/htdocs/luci-static/resources/view/network/dhcp.js

@@ -66,6 +66,9 @@ CBILease6Status = form.DummyValue.extend({
 });
 
 function validateHostname(sid, s) {
+	if (s == null || s == '')
+		return true;
+
 	if (s.length > 256)
 		return _('Expecting: %s').format(_('valid hostname'));
 
@@ -99,7 +102,7 @@ function validateServerSpec(sid, s) {
 	if (s == null || s == '')
 		return true;
 
-	var m = s.match(/^\/(.+)\/(.*)$/);
+	var m = s.match(/^(?:\/(.+)\/)?(.*)$/);
 	if (!m)
 		return _('Expecting: %s').format(_('valid hostname'));
 
@@ -116,11 +119,20 @@ function validateServerSpec(sid, s) {
 
 	if (!m)
 		return _('Expecting: %s').format(_('valid IP address'));
-	else if (validation.parseIPv4(m[1]) && m[3] != null && !validation.parseIPv4(m[3]))
+
-		return _('Expecting: %s').format(_('valid IPv4 address'));
+	if (validation.parseIPv4(m[1])) {
-	else if (validation.parseIPv6(m[1]) && m[3] != null && !validation.parseIPv6(m[3]))
+		if (m[3] != null && !validation.parseIPv4(m[3]))
-		return _('Expecting: %s').format(_('valid IPv6 address'));
+			return _('Expecting: %s').format(_('valid IPv4 address'));
-	else if ((m[2] != null && +m[2] > 65535) || (m[4] != null && +m[4] > 65535))
+	}
+	else if (validation.parseIPv6(m[1])) {
+		if (m[3] != null && !validation.parseIPv6(m[3]))
+			return _('Expecting: %s').format(_('valid IPv6 address'));
+	}
+	else {
+		return _('Expecting: %s').format(_('valid IP address'));
+	}
+
+	if ((m[2] != null && +m[2] > 65535) || (m[4] != null && +m[4] > 65535))
 		return _('Expecting: %s').format(_('valid port value'));
 
 	return true;

luci-mod-network/htdocs/luci-static/resources/view/network/interfaces.js

@@ -10,6 +10,8 @@
 'require firewall';
 'require tools.widgets as widgets';
 
+var isReadonlyView = !L.hasViewPermission() || null;
+
 function count_changes(section_id) {
 	var changes = ui.changes.changes, n = 0;
 
@@ -281,8 +283,8 @@ return view.extend({
 				]);
 			}
 
-			btn1.disabled = btn1.classList.contains('spinning') || btn2.classList.contains('spinning') || dynamic;
+			btn1.disabled = isReadonlyView || btn1.classList.contains('spinning') || btn2.classList.contains('spinning') || dynamic;
-			btn2.disabled = btn1.classList.contains('spinning') || btn2.classList.contains('spinning') || dynamic || disabled;
+			btn2.disabled = isReadonlyView || btn1.classList.contains('spinning') || btn2.classList.contains('spinning') || dynamic || disabled;
 		}
 
 		return Promise.all([ resolveZone, network.flushCache() ]);

luci-mod-network/htdocs/luci-static/resources/view/network/routes.js

@@ -77,7 +77,7 @@ return view.extend({
 			o.rmempty = true;
 			o.modalonly = true;
 			o.cfgvalue = function(section_id) {
-				var cfgvalue = this.super('cfgvalue', [section_id]);
+				var cfgvalue = this.map.data.get('network', section_id, 'table');
 				return cfgvalue || 'main';
 			};
 

luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js

@@ -11,6 +11,8 @@
 'require firewall';
 'require tools.widgets as widgets';
 
+var isReadonlyView = !L.hasViewPermission();
+
 function count_changes(section_id) {
 	var changes = ui.changes.changes, n = 0;
 
@@ -441,7 +443,8 @@ var CBIWifiFrequencyValue = form.Value.extend({
 				E('select', {
 					'class': 'mode',
 					'style': 'width:auto',
-					'change': L.bind(this.toggleWifiMode, this, elem)
+					'change': L.bind(this.toggleWifiMode, this, elem),
+					'disabled': (this.disabled != null) ? this.disabled : this.map.readonly
 				})
 			]),
 			E('label', { 'style': 'float:left; margin-right:3px' }, [
@@ -449,21 +452,24 @@ var CBIWifiFrequencyValue = form.Value.extend({
 				E('select', {
 					'class': 'band',
 					'style': 'width:auto',
-					'change': L.bind(this.toggleWifiBand, this, elem)
+					'change': L.bind(this.toggleWifiBand, this, elem),
+					'disabled': (this.disabled != null) ? this.disabled : this.map.readonly
 				})
 			]),
 			E('label', { 'style': 'float:left; margin-right:3px' }, [
 				_('Channel'), E('br'),
 				E('select', {
 					'class': 'channel',
-					'style': 'width:auto'
+					'style': 'width:auto',
+					'disabled': (this.disabled != null) ? this.disabled : this.map.readonly
 				})
 			]),
 			E('label', { 'style': 'float:left; margin-right:3px' }, [
 				_('Width'), E('br'),
 				E('select', {
 					'class': 'htmode',
-					'style': 'width:auto'
+					'style': 'width:auto',
+					'disabled': (this.disabled != null) ? this.disabled : this.map.readonly
 				})
 			]),
 			E('br', { 'style': 'clear:left' })
@@ -592,9 +598,9 @@ return view.extend({
 			if (stat.hasAttribute('restart'))
 				dom.content(stat, E('em', _('Device is restarting…')));
 
-			btns[0].disabled = busy;
+			btns[0].disabled = isReadonlyView || busy;
-			btns[1].disabled = busy;
+			btns[1].disabled = (isReadonlyView && radioDev) || busy;
-			btns[2].disabled = busy;
+			btns[2].disabled = isReadonlyView || busy;
 		}
 
 		var table = document.querySelector('#wifi_assoclist_table'),
@@ -654,7 +660,8 @@ return view.extend({
 						ev.currentTarget.blur();
 
 						net.disconnectClient(mac, true, 5, 60000);
-					}, this, bss.network, bss.mac)
+					}, this, bss.network, bss.mac),
+					'disabled': isReadonlyView || null
 				}, [ _('Disconnect') ]));
 			}
 			else {
@@ -886,7 +893,7 @@ return view.extend({
 					o.default = o.enabled;
 
 					o = ss.taboption('advanced', form.Value, 'distance', _('Distance Optimization'), _('Distance to farthest network member in meters.'));
-					o.datatype = 'range(0,114750)';
+					o.datatype = 'or(range(0,114750),"auto")';
 					o.placeholder = 'auto';
 
 					o = ss.taboption('advanced', form.Value, 'frag', _('Fragmentation Threshold'));

luci-mod-network/root/usr/share/luci/menu.d/luci-mod-network.json

@@ -7,6 +7,7 @@
 			"path": "network/switch"
 		},
 		"depends": {
+			"acl": [ "luci-mod-network-config" ],
 			"fs": { "/sbin/swconfig": "executable" },
 			"uci": { "network": { "@switch": true } }
 		}
@@ -20,6 +21,7 @@
 			"path": "network/wireless"
 		},
 		"depends": {
+			"acl": [ "luci-mod-network-config" ],
 			"uci": { "wireless": { "@wifi-device": true } }
 		}
 	},
@@ -38,6 +40,9 @@
 		"action": {
 			"type": "view",
 			"path": "network/interfaces"
+		},
+		"depends": {
+			"acl": [ "luci-mod-network-config" ]
 		}
 	},
 
@@ -49,6 +54,7 @@
 			"path": "network/dhcp"
 		},
 		"depends": {
+			"acl": [ "luci-mod-network-dhcp" ],
 			"uci": { "dhcp": true }
 		}
 	},
@@ -61,6 +67,7 @@
 			"path": "network/hosts"
 		},
 		"depends": {
+			"acl": [ "luci-mod-network-dhcp" ],
 			"uci": { "dhcp": true }
 		}
 	},
@@ -71,6 +78,9 @@
 		"action": {
 			"type": "view",
 			"path": "network/routes"
+		},
+		"depends": {
+			"acl": [ "luci-mod-network-config" ]
 		}
 	},
 
@@ -80,6 +90,9 @@
 		"action": {
 			"type": "view",
 			"path": "network/diagnostics"
+		},
+		"depends": {
+			"acl": [ "luci-mod-network-diagnostics" ]
 		}
 	}
 }

luci-mod-network/root/usr/share/rpcd/acl.d/luci-mod-network.json

@@ -0,0 +1,65 @@
+{
+	"luci-mod-network-config": {
+		"description": "Grant access to network configuration",
+		"read": {
+			"cgi-io": [ "exec" ],
+			"file": {
+				"/usr/libexec/luci-peeraddr": [ "exec" ]
+			},
+			"ubus": {
+				"file": [ "exec" ],
+				"iwinfo": [ "assoclist", "countrylist", "freqlist", "txpowerlist" ],
+				"luci": [ "getSwconfigFeatures", "getSwconfigPortState" ]
+			},
+			"uci": [ "dhcp", "firewall", "network", "wireless" ]
+		},
+		"write": {
+			"cgi-io": [ "exec" ],
+			"file": {
+				"/sbin/ifup": [ "exec" ],
+				"/sbin/ifdown": [ "exec" ],
+				"/sbin/wifi": [ "exec" ]
+			},
+			"ubus": {
+				"file": [ "exec" ],
+				"hostapd.*": [ "del_client" ],
+				"iwinfo": [ "scan" ]
+			},
+			"uci": [ "dhcp", "firewall", "network", "wireless" ]
+		}
+	},
+
+	"luci-mod-network-dhcp": {
+		"description": "Grant access to DHCP configuration",
+		"read": {
+			"ubus": {
+				"luci-rpc": [ "getDHCPLeases", "getDUIDHints" ]
+			},
+			"uci": [ "dhcp" ]
+		},
+		"write": {
+			"uci": [ "dhcp" ]
+		}
+	},
+
+	"luci-mod-network-diagnostics": {
+		"description": "Grant access to network diagnostic tools",
+		"read": {
+			"file": {
+				"/bin/ping": [ "exec" ],
+				"/bin/ping6": [ "exec", "list" ],
+				"/bin/traceroute": [ "exec" ],
+				"/bin/traceroute6": [ "exec", "list" ],
+				"/usr/bin/nslookup": [ "exec" ],
+				"/usr/bin/ping": [ "exec" ],
+				"/usr/bin/ping6": [ "exec", "list" ],
+				"/usr/bin/traceroute": [ "exec" ],
+				"/usr/bin/traceroute6": [ "exec", "list" ]
+			},
+			"ubus": {
+				"file": [ "exec", "stat" ]
+			},
+			"uci": [ "luci" ]
+		}
+	}
+}

luci-proto-bonding/Makefile

@@ -1,17 +0,0 @@
-#
-# Copyright (C) 2017 TDT AG <development@tdt.de>
-#
-# This is free software, licensed under the Apache License Version 2.0.
-# See https://www.apache.org/licenses/LICENSE-2.0 for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-LUCI_TITLE:=Support for Link Aggregation (Channel Bonding)
-LUCI_DEPENDS:=+proto-bonding
-
-PKG_MAINTAINER:=Helge Mader <ma@dev.tdt.de>
-
-include $(TOPDIR)/feeds/luci/luci.mk
-
-# call BuildPackage - OpenWrt buildroot signature

luci-proto-bonding/htdocs/luci-static/resources/protocol/bonding.js

@@ -1,442 +0,0 @@
-'use strict';
-'require ui';
-'require uci';
-'require form';
-'require network';
-
-function getSelectableSlaves(section_id) {
-	var rv = [];
-	var interfaces = uci.sections('network', 'interface');
-
-	return network.getDevices().then(function(devices) {
-		for (var i = 0; i < devices.length; i++) {
-			var in_use = false;
-			if (devices[i].ifname.match(/eth/)) {
-				for (var j = 0; j < interfaces.length; j++) {
-					if (uci.get('network', interfaces[j]['.name'], 'proto') == 'bonding') {
-						var slaves = uci.get('network', interfaces[j]['.name'], 'slaves');
-						if (slaves != null) {
-							for (var k = 0; k < slaves.length; k++) {
-								if (devices[i].ifname == slaves[k] && interfaces[j]['.name'] != section_id) {
-									in_use = true;
-								}
-							}
-						}
-					}
-				}
-				if (in_use == false) {
-					rv.push(devices[i].ifname);
-				}
-			}
-		}
-
-	return rv.sort();
-	});
-}
-
-function validateEmpty(section, value) {
-	if (value) {
-		return true;
-	}
-	else {
-		return _('Expecting: non-empty value');
-	}
-}
-
-function validate_arp_policy(section, value) {
-
-	var opt = this.map.lookupOption('link_monitoring', section);
-	var selected_link_monitoring = opt[0].formvalue(section);
-
-	var opt = this.map.lookupOption('bonding_policy', section);
-	var selected_policy = opt[0].formvalue(section);
-
-	if (selected_link_monitoring == 'arp') {
-		if (selected_policy == '802.3ad' || selected_policy == 'balance-tlb' || selected_policy == 'balance-alb') {
-			return _('ARP monitoring is not supported for the selected policy!');
-		}
-	}
-
-	return true;
-}
-
-function validate_arp_ip_targets(section, value) {
-
-	var opt = this.map.lookupOption('link_monitoring', section);
-	var selected_link_monitoring = opt[0].formvalue(section);
-
-	var opt = this.map.lookupOption('arp_ip_target', section);
-	var selected_arp_ip_targets = opt[0].formvalue(section);
-
-	var opt = this.map.lookupOption('bonding_policy', section);
-	var selected_policy = opt[0].formvalue(section);
-
-	if (selected_link_monitoring == 'arp' && selected_arp_ip_targets.length == 0) {
-		return _('You must select at least one ARP IP target if ARP monitoring is selected!');
-	}
-
-	return true;
-}
-
-function validate_primary_interface(section, value) {
-
-	var primary_valid = 'false';
-
-	var opt = this.map.lookupOption('bonding_policy', section);
-	var selected_policy = opt[0].formvalue(section);
-
-	var opt = this.map.lookupOption('slaves', section);
-	var selected_slaves = opt[0].formvalue(section);
-
-	var opt = this.map.lookupOption('primary', section);
-	var selected_primary = opt[0].formvalue(section);
-
-	if (selected_policy == 'active-backup' || selected_policy == 'balance-tlb' || selected_policy == 'balance-alb') {
-
-		for (var i = 0; i < selected_slaves.length; i++) {
-			if (selected_slaves[i] == selected_primary) {
-				primary_valid = 'true';
-			}
-		}
-
-		if (primary_valid == 'false') {
-			return _('You must select a primary interface which is included in selected slave interfaces!');
-		}
-	}
-
-	return true;
-}
-
-return network.registerProtocol('bonding', {
-	getI18n: function() {
-		return _('Link Aggregation (Channel Bonding)');
-	},
-
-	getIfname: function() {
-		return null;
-	},
-
-	getOpkgPackage: function() {
-		return 'bonding';
-	},
-
-	isFloating: function() {
-		return true;
-	},
-
-	isCreateable: function(ifname) {
-		return getSelectableSlaves(ifname).then(L.bind(function(devices) {
-			return devices.length == 0 ?  _('No more slaves available') : null;
-		}, this));
-
-		return _('No more slaves available');
-	},
-
-	isVirtual: function() {
-		return true;
-	},
-
-	getDevices: function() {
-		return null;
-	},
-
-	containsDevice: function(ifname) {
-		return (network.getIfnameOf(ifname) == this.getIfname());
-	},
-
-	renderFormOptions: function(s) {
-		var o;
-
-		o = s.taboption('general', form.Value, 'ipaddr',
-				_('IPv4 address'),
-				_('The local IPv4 address'));
-		o.datatype = 'ip4addr';
-		o.validate = validateEmpty;
-
-		o = s.taboption('general', form.Value, 'netmask',
-				_('IPv4 netmask'),
-				_('The local IPv4 netmask'));
-		o.datatype = 'ip4addr';
-		o.validate = validateEmpty;
-		o.value("255.255.255.0");
-		o.value("255.255.0.0");
-		o.value("255.0.0.0");
-
-		o = s.taboption('advanced', form.MultiValue, 'slaves',
-				_('Slave Interfaces'),
-				_('Specifies which slave interfaces should be attached to this bonding interface'));
-
-		o.load = function(section_id) {
-			return getSelectableSlaves(section_id).then(L.bind(function(devices) {
-				for (var i = 0; i < devices.length; i++) {
-					this.value(devices[i], devices[i]);
-				}
-
-				if (devices.length == 0) {
-					this.placeholder = _('No more slaves available, can not save interface');
-					this.value('', '');
-					return '';
-				}
-
-				var if_slaves = uci.get('network', section_id, 'slaves');
-
-				if (if_slaves != null) {
-					return if_slaves;
-				}
-
-				return;
-			}, this));
-		};
-		o.cfgvalue = function(section_id) {
-			return uci.get('network', section_id, 'slaves');
-		};
-		o.validate = validateEmpty;
-		
-		o = s.taboption('advanced', form.ListValue, 'bonding_policy',
-				_('Bonding Policy'),
-				_('Specifies the mode to be used for this bonding interface'));
-		o.default = 'balance-rr';
-		o.value('balance-rr', _('Round-Robin policy (balance-rr, 0)'));
-		o.value('active-backup', _('Active-Backup policy (active-backup, 1)'));
-		o.value('balance-xor', _('XOR policy (balance-xor, 2)'));
-		o.value('broadcast', _('Broadcast policy (broadcast, 3)'));
-		o.value('802.3ad', _('IEEE 802.3ad Dynamic link aggregation (802.3ad, 4)'));
-		o.value('balance-tlb', _('Adaptive transmit load balancing (balance-tlb, 5)'));
-		o.value('balance-alb', _('Adaptive load balancing (balance-alb, 6)'));
-
-		o = s.taboption('advanced', form.ListValue, 'primary',
-				_('Primary Slave'),
-				_('Specifies which slave is the primary device. It will always be the active slave while it is available'));
-		o.depends('bonding_policy', 'active-backup');
-		o.depends('bonding_policy', 'balance-tlb');
-		o.depends('bonding_policy', 'balance-alb');
-
-		o.load = function(section_id) {
-			return getSelectableSlaves(section_id).then(L.bind(function(devices) {
-				for (var i = 0; i < devices.length; i++) {
-					this.value(devices[i], devices[i]);
-				}
-
-				if (devices.length == 0) {
-					this.placeholder = _('No more primaries available, can not save interface');
-					this.value('', '');
-					return '';
-				}
-
-				var primary = uci.get('network', section_id, 'primary');
-
-				if (primary != null) {
-					return primary;
-				}
-
-				return;
-			}, this));
-		};
-		o.cfgvalue = function(section_id) {
-			return uci.get('network', section_id, 'primary');
-		};
-		o.validate = validate_primary_interface;
-
-		o = s.taboption('advanced', form.ListValue, 'primary_reselect',
-				_('Reselection policy for primary slave'),
-				_('Specifies the reselection policy for the primary slave when failure of the active slave or recovery of the primary slave occurs'));
-		o.default = 'always';
-		o.value('always', _('Primary becomes active slave whenever it comes back up (always, 0)'));
-		o.value('better', _('Primary becomes active slave when it comes back up if speed and duplex better than current slave (better, 1)'));
-		o.value('failure', _('Only if current active slave fails and the primary slave is up (failure, 2)'));
-		o.depends('bonding_policy', 'active-backup');
-		o.depends('bonding_policy', 'balance-tlb');
-		o.depends('bonding_policy', 'balance-alb');
-
-		o = s.taboption('advanced', form.Value, 'min_links',
-				_('Minimum Number of Links'),
-				_('Specifies the minimum number of links that must be active before asserting carrier'));
-		o.datatype = 'uinteger';
-		o.default = 0;
-		o.validate = validateEmpty;
-		o.depends('bonding_policy', '802.3ad');
-
-		o = s.taboption('advanced', form.Value, 'ad_actor_sys_prio',
-				_('System Priority'),
-				_('Specifies the system priority'));
-		o.datatype = 'range(1,65535)';
-		o.default = 65535;
-		o.validate = validateEmpty;
-		o.depends('bonding_policy', '802.3ad');
-
-		o = s.taboption('advanced', form.Value, 'ad_actor_system',
-				_('MAC Address For The Actor'),
-				_("Specifies the mac-address for the actor in protocol packet exchanges (LACPDUs). If empty, masters' mac address defaults to system default"));
-		o.datatype = 'macaddr';
-		o.default = '';
-		o.depends('bonding_policy', '802.3ad');
-
-		o = s.taboption('advanced', form.ListValue, 'ad_select',
-				_('Aggregation Selection Logic'),
-				_('Specifies the aggregation selection logic to use'));
-		o.default = 'stable';
-		o.value('stable', _('Aggregator: All slaves down or has no slaves (stable, 0)'));
-		o.value('bandwidth', _('Aggregator: Slave added/removed or state changes (bandwidth, 1)'));
-		o.value('count', _('Aggregator: Chosen by the largest number of ports + slave added/removed or state changes (count, 2)'));
-		o.depends('bonding_policy', '802.3ad');
-
-		o = s.taboption('advanced', form.ListValue, 'lacp_rate',
-				_('LACPDU Packets'),
-				_('Specifies the rate in which the link partner will be asked to transmit LACPDU packets'));
-		o.default = 'slow';
-		o.value('slow', _('Every 30 seconds (slow, 0)'));
-		o.value('fast', _('Every second (fast, 1)'));
-		o.depends('bonding_policy', '802.3ad');
-
-		o = s.taboption('advanced', form.Value, 'packets_per_slave',
-				_('Packets To Transmit Before Moving To Next Slave'),
-				_("Specifies the number of packets to transmit through a slave before moving to the next one"));
-		o.datatype = 'range(0,65535)';
-		o.default = '1';
-		o.validate = validateEmpty;
-		o.depends('bonding_policy', 'balance-rr');
-
-		o = s.taboption('advanced', form.Value, 'lp_interval',
-				_('Interval For Sending Learning Packets'),
-				_("Specifies the number of seconds between instances where the bonding	driver sends learning packets to each slaves peer switch"));
-		o.datatype = 'range(1,2147483647)';
-		o.default = '1';
-		o.validate = validateEmpty;
-		o.depends('bonding_policy', 'balance-tlb');
-		o.depends('bonding_policy', 'balance-alb');
-
-		o = s.taboption('advanced', form.ListValue, 'tlb_dynamic_lb',
-				_('Enable Dynamic Shuffling Of Flows'),
-				_('Specifies whether to shuffle active flows across slaves based on the load'));
-		o.default = '1';
-		o.value('1', _('Yes'));
-		o.value('0', _('No'));
-		o.depends('bonding_policy', 'balance-tlb');
-
-		o = s.taboption('advanced', form.ListValue, 'fail_over_mac',
-				_('Set same MAC Address to all slaves'),
-				_('Specifies whether active-backup mode should set all slaves to the same MAC address at enslavement'));
-		o.default = 'none';
-		o.value('none', _('Yes (none, 0)'));
-		o.value('active', _('Set to currently active slave (active, 1)'));
-		o.value('follow', _('Set to first slave added to the bond (follow, 2)'));
-		o.depends('bonding_policy', 'active-backup');
-
-		o = s.taboption('advanced', form.Value, 'num_grat_arp__num_unsol_na',
-				_('Number of peer notifications after failover event'),
-				_("Specifies the number of peer notifications (gratuitous ARPs and unsolicited IPv6 Neighbor Advertisements) to be issued after a failover event"));
-		o.datatype = 'range(0,255)';
-		o.default = '1';
-		o.validate = validateEmpty;
-		o.depends('bonding_policy', 'active-backup');
-
-		o = s.taboption('advanced', form.ListValue, 'xmit_hash_policy',
-				_('Transmit Hash Policy'),
-				_('Selects the transmit hash policy to use for slave selection'));
-		o.default = 'layer2';
-		o.value('layer2', _('Use XOR of hardware MAC addresses (layer2)'));
-		o.value('layer2+3', _('Use XOR of hardware MAC addresses and IP addresses (layer2+3)'));
-		o.value('layer3+4', _('Use upper layer protocol information (layer3+4)'));
-		o.value('encap2+3', _('Use XOR of hardware MAC addresses and IP addresses, rely on skb_flow_dissect (encap2+3)'));
-		o.value('encap3+4', _('Use upper layer protocol information, rely on skb_flow_dissect (encap3+4)'));
-		o.depends('bonding_policy', 'balance-rr');
-		o.depends('bonding_policy', 'active-backup');
-		o.depends('bonding_policy', 'balance-tlb');
-		o.depends('bonding_policy', 'balance-alb');
-		o.depends('bonding_policy', 'balance-xor');
-
-		o = s.taboption('advanced', form.Value, 'resend_igmp',
-				_('Number of IGMP membership reports'),
-				_("Specifies the number of IGMP membership reports to be issued after a failover event in 200ms intervals"));
-		o.datatype = 'range(0,255)';
-		o.default = '1';
-		o.validate = validateEmpty;
-		o.depends('bonding_policy', 'balance-tlb');
-		o.depends('bonding_policy', 'balance-alb');
-
-		o = s.taboption('advanced', form.ListValue, 'all_slaves_active',
-				_('Drop Duplicate Frames'),
-				_('Specifies that duplicate frames (received on inactive ports) should be dropped or delivered'));
-		o.default = '0';
-		o.value('0', _('Yes'));
-		o.value('1', _('No'));
-
-		o = s.taboption('advanced', form.ListValue, 'link_monitoring',
-				_('Link Monitoring'),
-				_('Method of link monitoring'));
-		o.default = 'off';
-		o.value('off', _('Off'));
-		o.value('arp', _('ARP'));
-		o.value('mii', _('MII'));
-		o.validate = validate_arp_policy;
-
-		o = s.taboption('advanced', form.Value, 'arp_interval',
-				_('ARP Interval'),
-				_("Specifies the ARP link monitoring frequency in milliseconds"));
-		o.datatype = 'uinteger';
-		o.default = '0';
-		o.validate = validateEmpty;
-		o.depends('link_monitoring', 'arp');
-
-		o = s.taboption('advanced', form.DynamicList, 'arp_ip_target',
-				_('ARP IP Targets'),
-				_('Specifies the IP addresses to use for ARP monitoring'));
-		o.datatype = 'ipaddr';
-		o.cast = 'string';
-		o.depends('link_monitoring', 'arp');
-		o.validate = validate_arp_ip_targets;
-
-		o = s.taboption('advanced', form.ListValue, 'arp_all_targets',
-				_('ARP mode to consider a slave as being up'),
-				_('Specifies the quantity of ARP IP targets that must be reachable'));
-		o.default = 'any';
-		o.value('any', _('Consider the slave up when any ARP IP target is reachable (any, 0)'));
-		o.value('all', _('Consider the slave up when all ARP IP targets are reachable (all, 1)'));
-		o.depends({link_monitoring: 'arp', bonding_policy: 'active-backup'});
-
-		o = s.taboption('advanced', form.ListValue, 'arp_validate',
-				_('ARP Validation'),
-				_('Specifies whether ARP probes and replies should be validated or non-ARP traffic should be filtered for link monitoring'));
-		o.default = 'filter';
-		o.value('none', _('No validation or filtering'));
-		o.value('active', _('Validation only for active slave'));
-		o.value('backup', _('Validation only for backup slaves'));
-		o.value('all', _('Validation for all slaves'));
-		o.value('filter', _('Filtering for all slaves, no validation'));
-		o.value('filter_active', _('Filtering for all slaves, validation only for active slave'));
-		o.value('filter_backup', _('Filtering for all slaves, validation only for backup slaves'));
-		o.depends('link_monitoring', 'arp');
-
-		o = s.taboption('advanced', form.Value, 'miimon',
-				_('MII Interval'),
-				_("Specifies the MII link monitoring frequency in milliseconds"));
-		o.datatype = 'uinteger';
-		o.default = '0';
-		o.validate = validateEmpty;
-		o.depends('link_monitoring', 'mii');
-
-		o = s.taboption('advanced', form.Value, 'downdelay',
-				_('Down Delay'),
-				_("Specifies the time in milliseconds to wait before disabling a slave after a link failure detection"));
-		o.datatype = 'uinteger';
-		o.default = '0';
-		o.validate = validateEmpty;
-		o.depends('link_monitoring', 'mii');
-
-		o = s.taboption('advanced', form.Value, 'updelay',
-				_('Up Delay'),
-				_("Specifies the time in milliseconds to wait before enabling a slave after a link recovery detection"));
-		o.datatype = 'uinteger';
-		o.default = '0';
-		o.validate = validateEmpty;
-		o.depends('link_monitoring', 'mii');
-
-		o = s.taboption('advanced', form.ListValue, 'use_carrier',
-				_('Method to determine link status'),
-				_('Specifies whether or not miimon should use MII or ETHTOOL ioctls vs. netif_carrier_ok()'));
-		o.default = '1';
-		o.value('0', _('MII / ETHTOOL ioctls'));
-		o.value('1', _('netif_carrier_ok()'));
-		o.depends('link_monitoring', 'mii');
-	}
-});

luci-proto-gre/Makefile

@@ -0,0 +1,21 @@
+#
+# Based on luci-proto-ipip.
+# Credited author of luci-proto-ipip is Roger Pueyo Centelles <roger.pueyo@guifi.net>
+# Copyright 2016 Roger Pueyo Centelles <roger.pueyo@guifi.net>
+#
+# Modified by Jan Betik <jan.betik@svine.su>
+# Copyright 2020 Jan Betik <jan.betik@svine.su>
+#
+# This is free software, licensed under the Apache License, Version 2.0 .
+#
+
+include $(TOPDIR)/rules.mk
+
+LUCI_TITLE:=Support for GRE tunnels (RFC2784)
+LUCI_DEPENDS:=+gre
+
+PKG_MAINTAINER:=Jan Betik <jan.betik@svine.su>
+
+include $(TOPDIR)/feeds/luci/luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature

luci-proto-gre/htdocs/luci-static/resources/protocol/gre.js

@@ -0,0 +1,96 @@
+'use strict';
+'require form';
+'require network';
+'require tools.widgets as widgets';
+
+network.registerPatternVirtual(/^gre4-.+$/);
+
+return network.registerProtocol('gre', {
+	getI18n: function() {
+		return _('GRE tunnel over IPv4');
+	},
+
+	getIfname: function() {
+		return this._ubus('l3_device') || 'gre4-%s'.format(this.sid);
+	},
+
+	getOpkgPackage: function() {
+		return 'gre';
+	},
+
+	isFloating: function() {
+		return true;
+	},
+
+	isVirtual: function() {
+		return true;
+	},
+
+	getDevices: function() {
+		return null;
+	},
+
+	containsDevice: function(ifname) {
+		return (network.getIfnameOf(ifname) == this.getIfname());
+	},
+
+	renderFormOptions: function(s) {
+		var o;
+
+		// -- general ---------------------------------------------------------------------
+
+		o = s.taboption('general', form.Value, 'peeraddr', _("Remote IPv4 address or FQDN"), _("The IPv4 address or the fully-qualified domain name of the remote tunnel end."));
+		o.optional = false;
+		o.datatype = 'or(hostname,ip4addr("nomask"))';
+
+		o = s.taboption('general', form.Value, 'ipaddr', _("Local IPv4 address"), _("The local IPv4 address over which the tunnel is created (optional)."));
+		o.optional = true;
+		o.datatype = 'ip4addr("nomask")';
+
+		// -- advanced ---------------------------------------------------------------------
+
+		o = s.taboption('advanced', widgets.NetworkSelect, 'tunlink', _("Bind interface"), _("Bind the tunnel to this interface (optional)."));
+		o.exclude = s.section;
+		o.nocreate = true;
+		o.optional = true;
+
+		o = s.taboption('advanced', form.Value, 'mtu', _("Override MTU"), _("Specify an MTU (Maximum Transmission Unit) other than the default (1280 bytes) (optional)."));
+		o.optional = true;
+		o.placeholder = 1280;
+		o.datatype = 'range(68, 9200)';
+
+		o = s.taboption('advanced', form.Value, 'ttl', _("Override TTL"), _("Specify a TTL (Time to Live) for the encapsulating packet other than the default (64) (optional)."));
+		o.optional = true;
+		o.placeholder = 64;
+		o.datatype = 'min(1)';
+
+		o = s.taboption('advanced', form.Value, 'tos', _('Override TOS'), _("Specify a TOS (Type of Service). Can be either <code>inherit</code> (the outer      header inherits the value of the inner header) or an hexadecimal value starting with <code>0x</code> (optional)."));
+		o.optional = true;
+		o.validate = function(section_id, value) {
+			if (value.length > 0 && !value.match(/^0x[a-fA-F0-9]{1,2}$/) && !value.match(/^inherit$/i))
+				return _('Invalid value');
+
+			return true;
+		};
+
+		o = s.taboption('advanced', form.Flag, 'df', _("Don't Fragment"), _("Enable the DF (Don't Fragment) flag of the encapsulating packets."));
+		o.default = o.enabled;
+
+		o = s.taboption('advanced', form.Flag, 'nohostroute', _("No host route"), _("Do not create host route to peer (optional)."));
+		o.optional = true;
+
+		o = s.taboption('advanced', form.Value, 'ikey', _("Incoming key"), _("Key for incoming packets (optional)."));
+		o.optional = true;
+		o.datatype = 'integer';
+
+		o = s.taboption('advanced', form.Value, 'okey', _("Outgoing key"), _("Key for outgoing packets (optinal)."));
+		o.optional = true;
+		o.datatype = 'integer';
+
+		s.taboption('advanced', form.Flag, 'icsum', _("Incoming checksum"), _("Require incoming checksum (optional)."));
+		s.taboption('advanced', form.Flag, 'ocsum', _("Outgoing checksum"), _("Compute outgoing checksum (optional)."));
+		s.taboption('advanced', form.Flag, 'iseqno', _("Incoming serialization"), _("Require incoming packets serialization (optional)."));
+		s.taboption('advanced', form.Flag, 'oseqno', _("Outgoing serialization"), _("Perform outgoing packets serialization (optional)."));
+
+	}
+});

luci-proto-gre/htdocs/luci-static/resources/protocol/gretap.js

@@ -0,0 +1,101 @@
+'use strict';
+'require form';
+'require network';
+'require tools.widgets as widgets';
+
+network.registerPatternVirtual(/^gre4t-.+$/);
+
+return network.registerProtocol('gretap', {
+	getI18n: function() {
+		return _('GRETAP tunnel over IPv4');
+	},
+
+	getIfname: function() {
+		return this._ubus('l3_device') || 'gre4t-%s'.format(this.sid);
+	},
+
+	getOpkgPackage: function() {
+		return 'gre';
+	},
+
+	isFloating: function() {
+		return true;
+	},
+
+	isVirtual: function() {
+		return true;
+	},
+
+	getDevices: function() {
+		return null;
+	},
+
+	containsDevice: function(ifname) {
+		return (network.getIfnameOf(ifname) == this.getIfname());
+	},
+
+	renderFormOptions: function(s) {
+		var o;
+
+		// -- general ---------------------------------------------------------------------
+
+		o = s.taboption('general', form.Value, 'peeraddr', _("Remote IPv4 address or FQDN"), _("The IPv4 address or the fully-qualified domain name of the remote tunnel end."));
+		o.optional = false;
+		o.datatype = 'or(hostname,ip4addr("nomask"))';
+
+		o = s.taboption('general', form.Value, 'ipaddr', _("Local IPv4 address"), _("The local IPv4 address over which the tunnel is created (optional)."));
+		o.optional = true;
+		o.datatype = 'ip4addr("nomask")';
+
+		o = s.taboption('general', widgets.NetworkSelect, 'network', _("Network interface"), _("Logical network to which the tunnel will be added (bridged) (optional)."));
+		o.exclude = s.section;
+		o.nocreate = true;
+		o.optional = true;
+
+		// -- advanced ---------------------------------------------------------------------
+
+		o = s.taboption('advanced', widgets.NetworkSelect, 'tunlink', _("Bind interface"), _("Bind the tunnel to this interface (optional)."));
+		o.exclude = s.section;
+		o.nocreate = true;
+		o.optional = true;
+
+		o = s.taboption('advanced', form.Value, 'mtu', _("Override MTU"), _("Specify an MTU (Maximum Transmission Unit) other than the default (1280 bytes) (optional)."));
+		o.optional = true;
+		o.placeholder = 1280;
+		o.datatype = 'range(68, 9200)';
+
+		o = s.taboption('advanced', form.Value, 'ttl', _("Override TTL"), _("Specify a TTL (Time to Live) for the encapsulating packet other than the default (64) (optional)."));
+		o.optional = true;
+		o.placeholder = 64;
+		o.datatype = 'min(1)';
+
+		o = s.taboption('advanced', form.Value, 'tos', _('Override TOS'), _("Specify a TOS (Type of Service). Can be either <code>inherit</code> (the outer      header inherits the value of the inner header) or an hexadecimal value starting with <code>0x</code> (optional)."));
+		o.optional = true;
+		o.validate = function(section_id, value) {
+			if (value.length > 0 && !value.match(/^0x[a-fA-F0-9]{1,2}$/) && !value.match(/^inherit$/i))
+				return _('Invalid value');
+
+			return true;
+		};
+
+		o = s.taboption('advanced', form.Flag, 'df', _("Don't Fragment"), _("Enable the DF (Don't Fragment) flag of the encapsulating packets."));
+		o.default = o.enabled;
+
+		o = s.taboption('advanced', form.Flag, 'nohostroute', _("No host route"), _("Do not create host route to peer (optional)."));
+		o.optional = true;
+
+		o = s.taboption('advanced', form.Value, 'ikey', _("Incoming key"), _("Key for incoming packets (optional)."));
+		o.optional = true;
+		o.datatype = 'integer';
+
+		o = s.taboption('advanced', form.Value, 'okey', _("Outgoing key"), _("Key for outgoing packets (optinal)."));
+		o.optional = true;
+		o.datatype = 'integer';
+
+		s.taboption('advanced', form.Flag, 'icsum', _("Incoming checksum"), _("Require incoming checksum (optional)."));
+		s.taboption('advanced', form.Flag, 'ocsum', _("Outgoing checksum"), _("Compute outgoing checksum (optional)."));
+		s.taboption('advanced', form.Flag, 'iseqno', _("Incoming serialization"), _("Require incoming packets serialization (optional)."));
+		s.taboption('advanced', form.Flag, 'oseqno', _("Outgoing serialization"), _("Perform outgoing packets serialization (optional)."));
+
+	}
+});

luci-proto-gre/htdocs/luci-static/resources/protocol/grev6.js

@@ -0,0 +1,98 @@
+'use strict';
+'require form';
+'require network';
+'require tools.widgets as widgets';
+
+network.registerPatternVirtual(/^gre6-.+$/);
+
+return network.registerProtocol('grev6', {
+	getI18n: function() {
+		return _('GRE tunnel over IPv6');
+	},
+
+	getIfname: function() {
+		return this._ubus('l3_device') || 'gre6-%s'.format(this.sid);
+	},
+
+	getOpkgPackage: function() {
+		return 'gre';
+	},
+
+	isFloating: function() {
+		return true;
+	},
+
+	isVirtual: function() {
+		return true;
+	},
+
+	getDevices: function() {
+		return null;
+	},
+
+	containsDevice: function(ifname) {
+		return (network.getIfnameOf(ifname) == this.getIfname());
+	},
+
+	renderFormOptions: function(s) {
+		var o;
+
+		// -- general ---------------------------------------------------------------------
+
+		o = s.taboption('general', form.Value, 'peer6addr', _("Remote IPv6 address or FQDN"), _("The IPv6 address or the fully-qualified domain name of the remote tunnel end."));
+		o.optional = false;
+		o.datatype = 'or(hostname,ip6addr("nomask"))';
+
+		o = s.taboption('general', form.Value, 'ip6addr', _("Local IPv6 address"), _("The local IPv6 address over which the tunnel is created (optional)."));
+		o.optional = true;
+		o.datatype = 'ip6addr("nomask")';
+
+		o = s.taboption('general', widgets.NetworkSelect, 'weakif', _("Source interface"), _("Logical network from which to select the local endpoint if local IPv6 address is empty and no WAN IPv6 is available (optional)."));
+		o.exclude = s.section;
+		o.nocreate = true;
+		o.optional = true;
+
+		// -- advanced ---------------------------------------------------------------------
+
+		o = s.taboption('advanced', widgets.NetworkSelect, 'tunlink', _("Bind interface"), _("Bind the tunnel to this interface (optional)."));
+		o.exclude = s.section;
+		o.nocreate = true;
+		o.optional = true;
+
+		o = s.taboption('advanced', form.Value, 'mtu', _("Override MTU"), _("Specify an MTU (Maximum Transmission Unit) other than the default (1280 bytes) (optional)."));
+		o.optional = true;
+		o.placeholder = 1280;
+		o.datatype = 'range(68, 9200)';
+
+		o = s.taboption('advanced', form.Value, 'ttl', _("Override TTL"), _("Specify a TTL (Time to Live) for the encapsulating packet other than the default (64) (optional)."));
+		o.optional = true;
+		o.placeholder = 64;
+		o.datatype = 'min(1)';
+
+		o = s.taboption('advanced', form.Value, 'tos', _('Traffic Class'), _("Specify a Traffic Class. Can be either <code>inherit</code> (the outer header inherits the value of the inner header) or an hexadecimal value starting with <code>0x</code> (optional)."));
+		o.optional = true;
+		o.validate = function(section_id, value) {
+			if (value.length > 0 && !value.match(/^0x[a-fA-F0-9]{1,2}$/) && !value.match(/^inherit$/i))
+				return _('Invalid value');
+
+			return true;
+		};
+
+		o = s.taboption('advanced', form.Flag, 'nohostroute', _("No host route"), _("Do not create host route to peer (optional)."));
+		o.optional = true;
+
+		o = s.taboption('advanced', form.Value, 'ikey', _("Incoming key"), _("Key for incoming packets (optional)."));
+		o.optional = true;
+		o.datatype = 'integer';
+
+		o = s.taboption('advanced', form.Value, 'okey', _("Outgoing key"), _("Key for outgoing packets (optinal)."));
+		o.optional = true;
+		o.datatype = 'integer';
+
+		s.taboption('advanced', form.Flag, 'icsum', _("Incoming checksum"), _("Require incoming checksum (optional)."));
+		s.taboption('advanced', form.Flag, 'ocsum', _("Outgoing checksum"), _("Compute outgoing checksum (optional)."));
+		s.taboption('advanced', form.Flag, 'iseqno', _("Incoming serialization"), _("Require incoming packets serialization (optional)."));
+		s.taboption('advanced', form.Flag, 'oseqno', _("Outgoing serialization"), _("Perform outgoing packets serialization (optional)."));
+
+	}
+});

luci-proto-gre/htdocs/luci-static/resources/protocol/grev6tap.js

@@ -0,0 +1,103 @@
+'use strict';
+'require form';
+'require network';
+'require tools.widgets as widgets';
+
+network.registerPatternVirtual(/^gre6t-.+$/);
+
+return network.registerProtocol('grev6tap', {
+	getI18n: function() {
+		return _('GRETAP tunnel over IPv6');
+	},
+
+	getIfname: function() {
+		return this._ubus('l3_device') || 'gre6t-%s'.format(this.sid);
+	},
+
+	getOpkgPackage: function() {
+		return 'gre';
+	},
+
+	isFloating: function() {
+		return true;
+	},
+
+	isVirtual: function() {
+		return true;
+	},
+
+	getDevices: function() {
+		return null;
+	},
+
+	containsDevice: function(ifname) {
+		return (network.getIfnameOf(ifname) == this.getIfname());
+	},
+
+	renderFormOptions: function(s) {
+		var o;
+
+		// -- general ---------------------------------------------------------------------
+
+		o = s.taboption('general', form.Value, 'peer6addr', _("Remote IPv6 address or FQDN"), _("The IPv6 address or the fully-qualified domain name of the remote tunnel end."));
+		o.optional = false;
+		o.datatype = 'or(hostname,ip6addr("nomask"))';
+
+		o = s.taboption('general', form.Value, 'ip6addr', _("Local IPv6 address"), _("The local IPv6 address over which the tunnel is created (optional)."));
+		o.optional = true;
+		o.datatype = 'ip6addr("nomask")';
+
+		o = s.taboption('general', widgets.NetworkSelect, 'weakif', _("Source interface"), _("Logical network from which to select the local endpoint if local IPv6 address is empty and no WAN IPv6 is available (optional)."));
+		o.exclude = s.section;
+		o.nocreate = true;
+		o.optional = true;
+
+		o = s.taboption('general', widgets.NetworkSelect, 'network', _("Network interface"), _("Logical network to which the tunnel will be added (bridged) (optional)."));
+		o.exclude = s.section;
+		o.nocreate = true;
+		o.optional = true;
+
+		// -- advanced ---------------------------------------------------------------------
+
+		o = s.taboption('advanced', widgets.NetworkSelect, 'tunlink', _("Bind interface"), _("Bind the tunnel to this interface (optional)."));
+		o.exclude = s.section;
+		o.nocreate = true;
+		o.optional = true;
+
+		o = s.taboption('advanced', form.Value, 'mtu', _("Override MTU"), _("Specify an MTU (Maximum Transmission Unit) other than the default (1280 bytes) (optional)."));
+		o.optional = true;
+		o.placeholder = 1280;
+		o.datatype = 'range(68, 9200)';
+
+		o = s.taboption('advanced', form.Value, 'ttl', _("Override TTL"), _("Specify a TTL (Time to Live) for the encapsulating packet other than the default (64) (optional)."));
+		o.optional = true;
+		o.placeholder = 64;
+		o.datatype = 'min(1)';
+
+		o = s.taboption('advanced', form.Value, 'tos', _('Traffic Class'), _("Specify a Traffic Class. Can be either <code>inherit</code> (the outer header inherits the value of the inner header) or an hexadecimal value starting with <code>0x</code> (optional)."));
+		o.optional = true;
+		o.validate = function(section_id, value) {
+			if (value.length > 0 && !value.match(/^0x[a-fA-F0-9]{1,2}$/) && !value.match(/^inherit$/i))
+				return _('Invalid value');
+
+			return true;
+		};
+
+		o = s.taboption('advanced', form.Flag, 'nohostroute', _("No host route"), _("Do not create host route to peer (optional)."));
+		o.optional = true;
+
+		o = s.taboption('advanced', form.Value, 'ikey', _("Incoming key"), _("Key for incoming packets (optional)."));
+		o.optional = true;
+		o.datatype = 'integer';
+
+		o = s.taboption('advanced', form.Value, 'okey', _("Outgoing key"), _("Key for outgoing packets (optinal)."));
+		o.optional = true;
+		o.datatype = 'integer';
+
+		s.taboption('advanced', form.Flag, 'icsum', _("Incoming checksum"), _("Require incoming checksum (optional)."));
+		s.taboption('advanced', form.Flag, 'ocsum', _("Outgoing checksum"), _("Compute outgoing checksum (optional)."));
+		s.taboption('advanced', form.Flag, 'iseqno', _("Incoming serialization"), _("Require incoming packets serialization (optional)."));
+		s.taboption('advanced', form.Flag, 'oseqno', _("Outgoing serialization"), _("Perform outgoing packets serialization (optional)."));
+
+	}
+});

luci-theme-openmptcprouter/htdocs/luci-static/openmptcprouter/cascade.css

@@ -1782,7 +1782,8 @@ button.btn::-moz-focus-inner, input[type=submit].btn::-moz-focus-inner {
 	line-height: 28px;
 }
 
-.label {
+.label,
+header [data-indicator] {
 	padding: 1px 3px 2px;
 	font-size: 9.75px;
 	font-weight: bold;
@@ -1792,6 +1793,11 @@ button.btn::-moz-focus-inner, input[type=submit].btn::-moz-focus-inner {
 	background-color: #bfbfbf;
 	border-radius: 3px;
 	text-shadow: none;
+	margin-left: .4em;
+}
+
+header [data-indicator][data-clickable] {
+	cursor: pointer;
 }
 
 a.label:link,
@@ -1815,17 +1821,14 @@ a.label:hover {
 	background-color: #46a546;
 }
 
-.label.notice {
+.label.notice,
+header [data-indicator][data-style="active"] {
 	background-color: #62cffc;
 }
 
 /* LuCI specific items */
 .hidden { display: none }
 
-#xhr_poll_status {
-	  cursor: pointer;
-}
-
 form.inline { display: inline; margin-bottom: 0; }
 
 /*header .pull-right { padding-top: 8px; }*/

luci-theme-openmptcprouter/htdocs/luci-static/resources/menu-openmptcprouter.js

@@ -0,0 +1,118 @@
+'use strict';
+'require baseclass';
+'require ui';
+
+return baseclass.extend({
+	__init__: function() {
+		ui.menu.load().then(L.bind(this.render, this));
+	},
+
+	render: function(tree) {
+		var node = tree,
+		    url = '';
+
+		this.renderModeMenu(tree);
+
+		if (L.env.dispatchpath.length >= 3) {
+			for (var i = 0; i < 3 && node; i++) {
+				node = node.children[L.env.dispatchpath[i]];
+				url = url + (url ? '/' : '') + L.env.dispatchpath[i];
+			}
+
+			if (node)
+				this.renderTabMenu(node, url);
+		}
+
+		document.addEventListener('poll-start', this.handleBodyMargin);
+		document.addEventListener('poll-stop', this.handleBodyMargin);
+		document.addEventListener('uci-new-changes', this.handleBodyMargin);
+		document.addEventListener('uci-clear-changes', this.handleBodyMargin);
+		window.addEventListener('resize', this.handleBodyMargin);
+
+		this.handleBodyMargin();
+	},
+
+	renderTabMenu: function(tree, url, level) {
+		var container = document.querySelector('#tabmenu'),
+		    ul = E('ul', { 'class': 'tabs' }),
+		    children = ui.menu.getChildren(tree),
+		    activeNode = null;
+
+		for (var i = 0; i < children.length; i++) {
+			var isActive = (L.env.dispatchpath[3 + (level || 0)] == children[i].name),
+			    activeClass = isActive ? ' active' : '',
+			    className = 'tabmenu-item-%s %s'.format(children[i].name, activeClass);
+
+			ul.appendChild(E('li', { 'class': className }, [
+				E('a', { 'href': L.url(url, children[i].name) }, [ _(children[i].title) ] )]));
+
+			if (isActive)
+				activeNode = children[i];
+		}
+
+		if (ul.children.length == 0)
+			return E([]);
+
+		container.appendChild(ul);
+		container.style.display = '';
+
+		if (activeNode)
+			this.renderTabMenu(activeNode, url + '/' + activeNode.name, (level || 0) + 1);
+
+		return ul;
+	},
+
+	renderMainMenu: function(tree, url, level) {
+		var ul = level ? E('ul', { 'class': 'dropdown-menu' }) : document.querySelector('#topmenu'),
+		    children = ui.menu.getChildren(tree);
+
+		if (children.length == 0 || level > 1)
+			return E([]);
+
+		for (var i = 0; i < children.length; i++) {
+			var submenu = this.renderMainMenu(children[i], url + '/' + children[i].name, (level || 0) + 1),
+			    subclass = (!level && submenu.firstElementChild) ? 'dropdown' : null,
+			    linkclass = (!level && submenu.firstElementChild) ? 'menu' : null,
+			    linkurl = submenu.firstElementChild ? '#' : L.url(url, children[i].name);
+
+			var li = E('li', { 'class': subclass }, [
+				E('a', { 'class': linkclass, 'href': linkurl }, [ _(children[i].title) ]),
+				submenu
+			]);
+
+			ul.appendChild(li);
+		}
+
+		ul.style.display = '';
+
+		return ul;
+	},
+
+	renderModeMenu: function(tree) {
+		var ul = document.querySelector('#modemenu'),
+		    children = ui.menu.getChildren(tree);
+
+		for (var i = 0; i < children.length; i++) {
+			var isActive = (L.env.requestpath.length ? children[i].name == L.env.requestpath[0] : i == 0);
+
+			ul.appendChild(E('li', { 'class': isActive ? 'active' : null }, [
+				E('a', { 'href': L.url(children[i].name) }, [ _(children[i].title) ]),
+				' ',
+				E('span', { 'class': 'divider' }, [ '|' ])
+			]));
+
+			if (isActive)
+				this.renderMainMenu(children[i], children[i].name);
+		}
+
+		if (ul.children.length > 1)
+			ul.style.display = '';
+	},
+
+	handleBodyMargin: function(ev) {
+		var body = document.querySelector('body'),
+		    head = document.querySelector('header');
+
+		body.style.marginTop = head.offsetHeight + 'px';
+	}
+});

luci-theme-openmptcprouter/luasrc/view/themes/openmptcprouter/footer.htm

@@ -12,6 +12,7 @@
     <ul class="breadcrumb pull-right" id="modemenu" style="display:none"></ul>
    </footer>
   </div>
+  <script type="text/javascript">L.require('menu-openmptcprouter')</script>
  </body>
 </html>
 

luci-theme-openmptcprouter/luasrc/view/themes/openmptcprouter/header.htm

@@ -40,9 +40,6 @@
 		<% end -%>
 		<script src="<%=url('admin/translations', luci.i18n.context.lang)%><%# ?v=PKG_VERSION %>"></script>
 		<script src="<%=resource%>/cbi.js"></script>
-		<script src="<%=resource%>/xhr.js"></script>
-
-		<% include("themes/openmptcprouter/json-menu") %>
 	</head>
 
 	<body class="lang_<%=luci.i18n.context.lang%> <% if node then %><%= striptags( node.title ) %><%- end %>" data-page="<%= table.concat(disp.context.requestpath, "-") %>">
@@ -51,12 +48,7 @@
 				<div class="container">
 					<a class="brand" href="#" alt="OpenMPTCProuter"><img src="<%=resource%>/openmptcprouter/images/omr-logo.png" height="30" width="30" alt="OMR" /> OpenMPTCProuter</a>
 					<ul class="nav" id="topmenu" style="display:none"></ul>
-					<div class="pull-right">
+					<div id="indicators" class="pull-right"></div>
-						<span id="xhr_poll_status" style="display:none" onclick="XHR.running() ? XHR.halt() : XHR.run()">
-							<span class="label success" id="xhr_poll_status_on"><%:Auto Refresh%> <%:on%></span>
-							<span class="label" id="xhr_poll_status_off" style="display:none"><%:Auto Refresh%> <%:off%></span>
-						</span>
-					</div>
 				</div>
 			</div>
 		</header>

luci-theme-openmptcprouter/luasrc/view/themes/openmptcprouter/json-menu.htm

@@ -1,119 +0,0 @@
-<script type="text/javascript">
-	(function() {
-		function get_children(node) {
-			var children = [];
-
-			for (var k in node.children) {
-				if (!node.children.hasOwnProperty(k))
-					continue;
-
-				if (!node.children[k].satisfied)
-					continue;
-
-				if (!node.children[k].hasOwnProperty('title'))
-					continue;
-
-				children.push(Object.assign(node.children[k], { name: k }));
-			}
-
-			return children.sort(function(a, b) {
-				return ((a.order || 1000) - (b.order || 1000));
-			});
-		}
-
-		function render_tabmenu(tree, url, level) {
-			var container = document.querySelector('#tabmenu'),
-			    ul = E('ul', { 'class': 'tabs' }),
-			    children = get_children(tree),
-			    activeNode = null;
-
-			for (var i = 0; i < children.length; i++) {
-				var isActive = (L.env.dispatchpath[3 + (level || 0)] == children[i].name),
-				    activeClass = isActive ? ' active' : '',
-				    className = 'tabmenu-item-%s %s'.format(children[i].name, activeClass);
-
-				ul.appendChild(E('li', { 'class': className }, [
-					E('a', { 'href': L.url(url, children[i].name) }, [ _(children[i].title) ] )]));
-
-				if (isActive)
-					activeNode = children[i];
-			}
-
-			if (ul.children.length == 0)
-				return E([]);
-
-			container.appendChild(ul);
-			container.style.display = '';
-
-			if (activeNode)
-				render_tabmenu(activeNode, url + '/' + activeNode.name, (level || 0) + 1);
-
-			return ul;
-		}
-
-		function render_mainmenu(tree, url, level) {
-			var ul = level ? E('ul', { 'class': 'dropdown-menu' }) : document.querySelector('#topmenu'),
-			    children = get_children(tree);
-
-			if (children.length == 0 || level > 1)
-				return E([]);
-
-			for (var i = 0; i < children.length; i++) {
-				var submenu = render_mainmenu(children[i], url + '/' + children[i].name, (level || 0) + 1),
-				    subclass = (!level && submenu.firstElementChild) ? 'dropdown' : null,
-				    linkclass = (!level && submenu.firstElementChild) ? 'menu' : null,
-				    linkurl = submenu.firstElementChild ? '#' : L.url(url, children[i].name);
-
-				var li = E('li', { 'class': subclass }, [
-					E('a', { 'class': linkclass, 'href': linkurl }, [ _(children[i].title) ]),
-					submenu
-				]);
-
-				ul.appendChild(li);
-			}
-
-			ul.style.display = '';
-
-			return ul;
-		}
-
-		function render_modemenu(tree) {
-			var ul = document.querySelector('#modemenu'),
-			    children = get_children(tree);
-
-			for (var i = 0; i < children.length; i++) {
-				var isActive = (L.env.requestpath.length ? children[i].name == L.env.requestpath[0] : i == 0);
-
-				ul.appendChild(E('li', { 'class': isActive ? 'active' : null }, [
-					E('a', { 'href': L.url(children[i].name) }, [ _(children[i].title) ]),
-					' ',
-					E('span', { 'class': 'divider' }, [ '|' ])
-				]));
-
-				if (isActive)
-					render_mainmenu(children[i], children[i].name);
-			}
-
-			if (ul.children.length > 1)
-				ul.style.display = '';
-		}
-
-		document.addEventListener('luci-loaded', function(ev) {
-			var tree = <%= luci.http.write_json(luci.dispatcher.context.authsession and luci.dispatcher.menu_json() or {}) %>,
-			    node = tree,
-			    url = '';
-
-			render_modemenu(tree);
-
-			if (L.env.dispatchpath.length >= 3) {
-				for (var i = 0; i < 3 && node; i++) {
-					node = node.children[L.env.dispatchpath[i]];
-					url = url + (url ? '/' : '') + L.env.dispatchpath[i];
-				}
-
-				if (node)
-					render_tabmenu(node, url);
-			}
-		});
-	})();
-</script>

mlvpn/Makefile

@@ -8,16 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mlvpn
-#PKG_VERSION:=6f13423b
+PKG_VERSION:=67f9f31d
-#PKG_VERSION:=8f972097
-#PKG_VERSION:=f45cec35
-PKG_VERSION:=3cf976fe
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
-#PKG_SOURCE_URL:=https://github.com/zehome/MLVPN.git
+PKG_SOURCE_URL:=https://github.com/zehome/MLVPN.git
-#PKG_SOURCE_VERSION:=6f13423b8108f46edb9f230deee20e3741abe64c
+PKG_SOURCE_VERSION:=67f9f31ddd6dba9514e51b36e855a2a5e973ee93
-#PKG_SOURCE_DATE:=2017-09-01
+PKG_SOURCE_DATE:=2020-03-29
 #PKG_SOURCE_URL:=https://github.com/markfoodyburton/MLVPN.git
 #PKG_SOURCE_VERSION:=8f9720978b28c1954f9f229525333547283316d2
 #PKG_SOURCE_DATE:=2018-09-03
@@ -26,9 +23,9 @@ PKG_SOURCE_PROTO:=git
 #PKG_SOURCE_VERSION:=f45cec350a6879b8b020143a78134a022b5df2a7
 #PKG_SOURCE_DATE:=2019-05-31
 
-PKG_SOURCE_URL:=https://github.com/link4all/MLVPN.git
+#PKG_SOURCE_URL:=https://github.com/link4all/MLVPN.git
-PKG_SOURCE_VERSION:=3cf976fe37a118a47bc42f51c0294beba0499652
+#PKG_SOURCE_VERSION:=3cf976fe37a118a47bc42f51c0294beba0499652
-PKG_SOURCE_DATE:=2019-07-13
+#PKG_SOURCE_DATE:=2019-07-13
 
 
 PKG_LICENSE:=BSD-2-Clause

mlvpn/patches/021-mlvpn-bind.patch

@@ -1,11 +0,0 @@
---- a/src/mlvpn.c	2018-08-25 07:39:53.625002006 +0200
-+++ b/src/mlvpn.c	2018-08-25 07:40:35.696481066 +0200
-@@ -1019,7 +1019,7 @@
- #endif
-     if (*t->binddev) {
-       memset(&ifr, 0, sizeof(ifr));
--      snprintf(ifr.ifr_name, sizeof(ifr.ifr_name) - 1, t->binddev);
-+      snprintf(ifr.ifr_name, sizeof(ifr.ifr_name) - 1, "%s", t->binddev);
-       if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, (void *)&ifr, sizeof(ifr)) < 0) {
-         log_warn(NULL, "failed to bind on interface %s", t->binddev);
-       }

mptcp/files/etc/init.d/mptcp

@@ -62,7 +62,7 @@ interface_multipath_settings() {
 		[ "$config" = "lan" ] && mode="off"
 		[ "$config" = "omrvpn" ] && mode="off"
 		[ "$config" = "omr6in4" ] && mode="off"
-		[ "$mode" = "" ] && mode="on"
+		[ "$mode" = "" ] && mode="off"
 		logger -t "MPTCP" "Multipath not defined for $config set to $mode"
 		uci -q set network.${config}.multipath="$mode"
 		uci -q set openmptcprouter.${config}.multipath="$mode"
@@ -74,10 +74,10 @@ interface_multipath_settings() {
 		uci -q set network.${config}.peerdns=0
 	}
 	[ "$mode" = "master" ] && {
-		mode="on"
 		# Force that only one interface is master
 		if [ "$master" != "" ]; then
 			logger -t "MPTCP" "Multipath master already set, disable master for $config"
+			mode="on"
 			config_set "$config" multipath "on"
 			uci -q set network.${config}.multipath="on"
 			uci -q set openmptcprouter.${config}.multipath="on"
@@ -274,11 +274,11 @@ interface_multipath_settings() {
 			[ "$mode" = "master" ] && {
 				ip -6 route replace default via $gateway6 dev $iface
 			}
-			[ "$mode" = "off" ] && {
+			#[ "$mode" = "off" ] && {
-				ifconfig $iface txqueuelen 50 > /dev/null 2>&1
+			#	ifconfig $iface txqueuelen 50 > /dev/null 2>&1
-			} || {
+			#} || {
-				ifconfig $iface txqueuelen 100 > /dev/null 2>&1
+			#	ifconfig $iface txqueuelen 100 > /dev/null 2>&1
-			}
+			#}
 		fi
 	fi
 }
@@ -355,6 +355,15 @@ start_service() {
 	. /lib/functions.sh
 	. /lib/functions/network.sh
 	global_multipath_settings
+
+	[ -n "$(ubus call system board | jsonfilter -e '@.board_name' | grep '3-model-b')" ] && [ "$(ip link show eth0 | grep UP)" = "" ] && {
+		# RPI 3 workaround no network at boot
+		ethtool eth0 > /dev/null 2>&1
+		ethtool -s eth0 autoneg off > /dev/null 2>&1
+		ip link set eth0 up > /dev/null 2>&1
+		ethtool -s eth0 autoneg on > /dev/null 2>&1
+	}
+
 	mptcpintf=""
 	master=""
 	config_load network
@@ -363,9 +372,12 @@ start_service() {
 	#config_foreach remove rule
 	#config_foreach remove rule6
 	[ -z "$intf" ] && [ -n "$(uci -q get network.@route[-1])" ] && {
-		logger -t "MPTCP" "Flush main table"
+	#	logger -t "MPTCP" "Flush main table"
-		ip route flush table main
+	#	ip route flush table main
-		ip -6 route flush table main
+	#	ip -6 route flush table main
+		logger -t "MPTCP" "Flush route cache"
+		ip route flush cache
+		ip -6 route flush cache
 	}
 	config_foreach interface_multipath_settings interface $intf
 	set_multipath
@@ -383,7 +395,7 @@ start_service() {
 	uci -q commit network
 	uci -q commit openmptcprouter
 	[ -n "$(ubus call system board | jsonfilter -e '@.board_name' | grep raspberry)" ] && [ -z "$(ubus call system board | jsonfilter -e '@.board_name' | grep '4-model-b')" ] && {
-		ethtool --offload eth0 rx off tx off
+		ethtool --offload eth0 rx off tx off > /dev/null 2>&1
 	}
 }
 

mptcp/files/etc/uci-defaults/mptcp-defaults

@@ -1,5 +1,5 @@
 #!/bin/sh
-if [ "$(uci -q show network.globals | grep mptcp_path_manager)" = "" ]; then
+if [ "$(uci -q get network.globals.mptcp_path_manager)" = "" ]; then
 	uci -q batch <<-EOF >/dev/null
 	set network.globals.multipath='enable'
 	set network.globals.mptcp_path_manager='fullmesh'
@@ -11,12 +11,12 @@ if [ "$(uci -q show network.globals | grep mptcp_path_manager)" = "" ]; then
 	commit network
 	EOF
 fi
-if [ "$(uci -q get network.globals.congestion)" != "bbr" ]; then
+#if [ "$(uci -q get network.globals.congestion)" != "bbr" ]; then
-	uci -q batch <<-EOF >/dev/null
+#	uci -q batch <<-EOF >/dev/null
-	set network.globals.congestion=bbr
+#	set network.globals.congestion=bbr
-	commit network
+#	commit network
-	EOF
+#	EOF
-fi
+#fi
 if [ "$(uci -q get network.globals.mptcp_syn_retries)" = "1" ]; then
 	uci -q batch <<-EOF >/dev/null
 	set network.globals.mptcp_syn_retries=2

mptcp/files/usr/share/omr/post-tracking.d/post-tracking

@@ -2,16 +2,16 @@
 
 SETROUTE=false
 set_route() {
-	local multipath_config interface_gw interface_if
+	local multipath_config_route interface_gw interface_if
 	INTERFACE=$1
 	PREVINTERFACE=$2
-	multipath_config=$(uci -q get network.$INTERFACE.multipath)
+	multipath_config_route=$(uci -q get openmptcprouter.$INTERFACE.multipath)
-	[ -z "$multipath_config" ] && multipath_config=$(uci -q get openmptcprouter.$INTERFACE.multipath || echo "off")
+	[ -z "$multipath_config_route" ] && multipath_config_route=$(uci -q get network.$INTERFACE.multipath || echo "off")
 	interface_if=$(ifstatus "$INTERFACE" 2>/dev/null | jsonfilter -q -e '@["l3_device"]')
 	[ -z "$interface_if" ] && interface_if=$(ifstatus "${INTERFACE}_4" 2>/dev/null | jsonfilter -q -e '@["l3_device"]')
 	[ -z "$interface_if" ] && interface_if=$(uci -q get network.$INTERFACE.ifname)
 	interface_current_config=$(uci -q get openmptcprouter.$INTERFACE.state || echo "up")
-	if [ "$multipath_config" != "off" ] && [ "$SETROUTE" != true ] && [ "$INTERFACE" != "$PREVINTERFACE" ] && [ "$interface_current_config" = "up" ]; then
+	if [ "$multipath_config_route" != "off" ] && [ "$SETROUTE" != true ] && [ "$INTERFACE" != "$PREVINTERFACE" ] && [ "$interface_current_config" = "up" ]; then
 		interface_gw="$(uci -q get network.$INTERFACE.gateway)"
 		if [ -z "$interface_gw" ]; then
 			interface_gw=$(ubus call network.interface.$INTERFACE status 2>/dev/null | jsonfilter -q -l 1 -e '@.inactive.route[@.target="0.0.0.0"].nexthop' | tr -d "\n")
@@ -32,9 +32,11 @@ set_route() {
 
 set_server_default_route() {
 	local server=$1
-	local serverip
+	local serverip multipath_config_route
 	config_get serverip $server ip
-	multipath_config_route=$(uci -q get network.$OMR_TRACKER_INTERFACE.multipath)
+	config_get disabled $server disabled
+	[ "$disabled" = "1" ] && return
+	multipath_config_route=$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.multipath)
 	[ -z "$multipath_config_route" ] && multipath_config_route=$(uci -q get network.$OMR_TRACKER_INTERFACE.multipath || echo "off")
 	if [ "$serverip" != "" ] && [ "$OMR_TRACKER_DEVICE_GATEWAY" != "" ] && [ "$(ip route show dev $OMR_TRACKER_DEVICE metric 1 | grep $serverip | grep $OMR_TRACKER_DEVICE_GATEWAY)" = "" ] && [ "$multipath_config_route" != "off" ]; then
 		_log "Set server $server ($serverip) default route via $OMR_TRACKER_DEVICE_GATEWAY"
@@ -46,6 +48,8 @@ delete_server_default_route() {
 	local server=$1
 	local serverip
 	config_get serverip $server ip
+	config_get disabled $server disabled
+	[ "$disabled" = "1" ] && return
 	if [ "$serverip" != "" ] && [ "$(ip route show $serverip metric 1)" != "" ]; then
 		_log "Delete server ($serverip) default route"
 		ip route del $serverip metric 1 >/dev/null 2>&1
@@ -53,16 +57,17 @@ delete_server_default_route() {
 }
 
 set_routes_intf() {
+	local multipath_config_route
 	local INTERFACE=$1
-	multipath_config=$(uci -q get network.$INTERFACE.multipath)
+	nbintf=$((nbintf+1))
-	[ -z "$multipath_config" ] && multipath_config_route=$(uci -q get network.$INTERFACE.multipath || echo "off")
+	multipath_config_route=$(uci -q get openmptcprouter.$INTERFACE.multipath)
+	[ -z "$multipath_config_route" ] && multipath_config_route=$(uci -q get network.$INTERFACE.multipath || echo "off")
 	interface_if=$(ifstatus "$INTERFACE" 2>/dev/null | jsonfilter -q -e '@["l3_device"]')
 	[ -z "$interface_if" ] && interface_if=$(ifstatus "${INTERFACE}_4" 2>/dev/null | jsonfilter -q -e '@["l3_device"]')
 	[ -z "$interface_if" ] && interface_if=$(uci -q get network.$INTERFACE.ifname)
 	#multipath_current_config=$(multipath $interface_if | grep 'deactivated')
 	interface_current_config=$(uci -q get openmptcprouter.$INTERFACE.state || echo "up")
-	#if [ "$multipath_config" != "off" ] && [ "$multipath_current_config" = "" ] && [ "$interface_if" != "" ]; then
+	if [ "$multipath_config_route" != "off" ] && [ "$interface_current_config" = "up" ] && [ "$interface_if" != "" ]; then
-	if [ "$multipath_config" != "off" ] && [ "$interface_current_config" = "up" ] && [ "$interface_if" != "" ]; then
 		interface_gw="$(uci -q get network.$INTERFACE.gateway)"
 		if [ -z "$interface_gw" ]; then
 			interface_gw=$(ubus call network.interface.$INTERFACE status 2>/dev/null | jsonfilter -q -l 1 -e '@.inactive.route[@.target="0.0.0.0"].nexthop' | tr -d "\n")
@@ -75,21 +80,31 @@ set_routes_intf() {
 		fi
 		#if [ "$interface_gw" != "" ] && [ "$interface_if" != "" ] && [ "$(ip route show $serverip | grep $interface_if)" = "" ]; then
 		if [ "$interface_gw" != "" ] && [ "$interface_if" != "" ]; then
-			routesintf="$routesintf nexthop via $interface_gw dev $interface_if weight 1"
+			if [ "$multipath_config_route" = "master" ]; then
+				weight=10
+			else
+				weight=1
+			fi
+			if [ "$multipath_config_route" = "backup" ]; then
+				routesintfbackup="$routesintf nexthop via $interface_gw dev $interface_if weight $weight"
+			else
+				routesintf="$routesintf nexthop via $interface_gw dev $interface_if weight $weight"
+			fi
 		fi
 	fi
 }
 
 set_route_balancing() {
-	local multipath_config interface_gw interface_if
+	local multipath_config_route interface_gw interface_if
 	INTERFACE=$1
-	multipath_config=$(uci -q get network.$INTERFACE.multipath)
+	nbintf=$((nbintf+1))
-	[ -z "$multipath_config" ] && multipath_config=$(uci -q get openmptcprouter.$INTERFACE.multipath || echo "off")
+	multipath_config_route=$(uci -q get openmptcprouter.$INTERFACE.multipath)
+	[ -z "$multipath_config_route" ] && multipath_config_route=$(uci -q get network.$INTERFACE.multipath || echo "off")
 	interface_if=$(ifstatus "$INTERFACE" 2>/dev/null | jsonfilter -q -e '@["l3_device"]')
 	[ -z "$interface_if" ] && interface_if=$(ifstatus "${INTERFACE}_4" 2>/dev/null | jsonfilter -q -e '@["l3_device"]')
 	[ -z "$interface_if" ] && interface_if=$(uci -q get network.$INTERFACE.ifname)
 	interface_current_config=$(uci -q get openmptcprouter.$INTERFACE.state || echo "up")
-	if [ "$multipath_config" != "off" ] && [ "$interface_current_config" = "up" ]; then
+	if [ "$multipath_config_route" != "off" ] && [ "$interface_current_config" = "up" ]; then
 		interface_gw="$(uci -q get network.$INTERFACE.gateway)"
 		if [ -z "$interface_gw" ]; then
 			interface_gw=$(ubus call network.interface.$INTERFACE status 2>/dev/null | jsonfilter -q -l 1 -e '@.inactive.route[@.target="0.0.0.0"].nexthop' | tr -d "\n")
@@ -101,28 +116,48 @@ set_route_balancing() {
 			interface_gw=$(ubus call network.interface.${INTERFACE}_4 status 2>/dev/null | jsonfilter -q -l 1 -e '@.inactive.route[@.target="0.0.0.0"].nexthop' | tr -d "\n")
 		fi
 		if [ "$interface_gw" != "" ] && [ "$interface_if" != "" ]; then
-			routesbalancing="$routesbalancing nexthop via $interface_gw dev $interface_if weight 1"
+			if [ "$(uci -q get network.$INTERFACE.weight)" != "" ]; then
+				weight=$(uci -q get network.$INTERFACE.weight)
+			elif [ "$(uci -q get openmtpcprouter.$INTERFACE.weight)" != "" ]; then
+				weight=$(uci -q get openmtpcprouter.$INTERFACE.weight)
+			elif [ "$multipath_config_route" = "master" ]; then
+				weight=2
+			else
+				weight=1
+			fi
+			if [ "$multipath_config_route" = "backup" ]; then
+				routesbalancingbackup="$routesbalancingbackup nexthop via $interface_gw dev $interface_if weight $weight"
+			else
+				routesbalancing="$routesbalancing nexthop via $interface_gw dev $interface_if weight $weight"
+			fi
 		fi
 	fi
 }
 
 set_server_all_routes() {
 	local server=$1
-	local serverip
+	local serverip multipath_config_route
 	config_get serverip $server ip
+	config_get disabled $server disabled
+	[ "$disabled" = "1" ] && return
 	interface_if=$(uci -q get network.$OMR_TRACKER_INTERFACE.ifname)
 	[ -z "$interface_if" ] && interface_if=$(ifstatus "$OMR_TRACKER_INTERFACE" 2>/dev/null | jsonfilter -q -e '@["l3_device"]')
 	[ -z "$interface_if" ] && interface_if=$(ifstatus "${OMR_TRACKER_INTERFACE}_4" 2>/dev/null | jsonfilter -q -e '@["l3_device"]')
-	multipath_config_route=$(uci -q get network.$OMR_TRACKER_INTERFACE.multipath)
+	multipath_config_route=$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.multipath || echo "off")
-	[ -z "$multipath_config_route" ] && multipath_config_route=$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.multipath || echo "off")
+	if [ "$serverip" != "" ] && [ "$OMR_TRACKER_DEVICE_GATEWAY" != "" ] && [ "$multipath_config_route" != "off" ]; then
-	if [ "$serverip" != "" ] && [ "$OMR_TRACKER_DEVICE_GATEWAY" != "" ] && [ "$(ip route show $serverip | grep nexthop | grep $OMR_TRACKER_DEVICE_GATEWAY | grep $OMR_TRACKER_DEVICE)" = "" ] && [ "$multipath_config_route" != "off" ]; then
 		routesintf=""
+		routesintfbackup=""
+		nbintf=0
 		config_load network
 		config_foreach set_routes_intf interface
-		[ -n "$routesintf" ] && {
+		[ -n "$routesintf" ] && ([ "$nbintf" -gt "1" ] && [ "$(ip r show $serverip | tr -d '\t' | tr -d '\n')" != "$serverip $routesintf " ]) || ([ "$nbintf" = "1" ] && [ "$(ip r show $serverip | grep $OMR_TRACKER_INTERFACE)" = "" ]) && {
-			_log "Set server $server default route $serverip $routesintf"
+			_log "Set server $server ($serverip) default route $serverip $routesintf"
 			ip route replace $serverip scope global $routesintf
 		}
+		[ -n "$routesintfbackup" ] && ([ "$nbintf" -gt "1" ] && [ "$(ip r show $serverip | tr -d '\t' | tr -d '\n')" != "$serverip $routesintfbackup " ]) || ([ "$nbintf" = "1" ] && [ "$(ip r show $serverip | grep $OMR_TRACKER_INTERFACE)" = "" ]) && {
+			_log "Set server $server ($serverip) default route $serverip $routesintf"
+			ip route replace $serverip scope global metric 999 $routesintf
+		}
 	fi
 }
 
@@ -130,12 +165,14 @@ set_server_all_routes() {
 
 set_server_route() {
 	local server=$1
-	local serverip
+	local serverip multipath_config_route
 	config_get serverip $server ip
+	config_get disabled $server disabled
+	[ "$disabled" = "1" ] && return
 	local metric=$2
 	[ -z "$metric" ] && metric=$(uci -q get network.$OMR_TRACKER_INTERFACE.metric)
-	multipath_config_route=$(uci -q get network.$OMR_TRACKER_INTERFACE.multipath)
+	multipath_config_route=$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.multipath)
-	[ "$multipath_config_route" ] && multipath_config_route=$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.multipath || echo "off")
+	[ "$multipath_config_route" ] && multipath_config_route=$(uci -q get network.$OMR_TRACKER_INTERFACE.multipath || echo "off")
 	interface_if=$(uci -q get network.$OMR_TRACKER_INTERFACE.ifname)
 	[ -z "$interface_if" ] && interface_if=$(ifstatus "$OMR_TRACKER_INTERFACE" 2>/dev/null | jsonfilter -q -e '@["l3_device"]')
 	[ -z "$interface_if" ] && interface_if=$(ifstatus "${OMR_TRACKER_INTERFACE}_4" 2>/dev/null | jsonfilter -q -e '@["l3_device"]')
@@ -218,22 +255,13 @@ default_gw=$(ip route show default | grep -v "metric" | awk '/default/ {print $3
 # An interface in error will never be used in MPTCP
 if [ "$OMR_TRACKER_STATUS" = "ERROR" ]; then
 	if [ "$(uci -q get network.$OMR_TRACKER_INTERFACE.proto)" = "modemmanager" ]; then
-		timeout 1 mmcli -L | while read MODEM; do
+		_log "No answer from $OMR_TRACKER_INTERFACE ($OMR_TRACKER_DEVICE), restart interface"
-			MODEM_ID=$(echo $MODEM |  awk -F' ' '{print $1}' | awk -F/ '{print $6}')
+		_log "Set $OMR_TRACKER_INTERFACE down"
-			MODEM_INFO="$(timeout 1 mmcli -m $MODEM_ID --output-keyvalue)"
+		ifdown $OMR_TRACKER_INTERFACE
-			if [ -n "$MODEM_INFO" ] && [ "$(echo "$MODEM_INFO" | grep 'modem.generic.device ' | awk -F": " '{print $2}')" = "$(uci -q get network.$OMR_TRACKER_INTERFACE.device)" ]; then
+		sleep 5
-				STATE=$(echo "$MODEM_INFO" | grep 'modem.generic.state' | awk -F": " '{print $2}')
+		_log "Set $OMR_TRACKER_INTERFACE up"
-				if [ "$STATE" = "connected" ] || [ "$STATE" = "disabled" ] || [ "$STATE" = "searching" ] || [ "$STATE" = "registered" ] || [ "$STATE" = "idle" ]; then
+		ifup $OMR_TRACKER_INTERFACE
-					_log "No answer from $OMR_TRACKER_INTERFACE ($OMR_TRACKER_DEVICE), restart interface"
+		sleep 10
-					_log "Set $OMR_TRACKER_INTERFACE down"
-					ifdown $OMR_TRACKER_INTERFACE
-					sleep 5
-					_log "Set $OMR_TRACKER_INTERFACE up"
-					ifup $OMR_TRACKER_INTERFACE
-					sleep 10
-				fi
-			fi
-		done
 	fi
 
 	if [ "$OMR_TRACKER_PREV_STATUS" = "$OMR_TRACKER_STATUS" ]; then
@@ -241,9 +269,9 @@ if [ "$OMR_TRACKER_STATUS" = "ERROR" ]; then
 	fi
 	[ "$multipath_status" = "off" ] || {
 		if [ "$OMR_TRACKER_STATUS_MSG" = "" ]; then
-			_log "$OMR_TRACKER_DEVICE switched off"
+			_log "$OMR_TRACKER_INTERFACE ($OMR_TRACKER_DEVICE) switched off"
 		else
-			_log "$OMR_TRACKER_DEVICE switched off because $OMR_TRACKER_STATUS_MSG"
+			_log "$OMR_TRACKER_INTERFACE ($OMR_TRACKER_DEVICE) switched off because $OMR_TRACKER_STATUS_MSG"
 		fi
 		uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.state='down'
 		#if [ "$(sysctl -n net.mptcp.mptcp_enabled | tr -d '\n')" = "1" ]; then
@@ -252,14 +280,23 @@ if [ "$OMR_TRACKER_STATUS" = "ERROR" ]; then
 		if [ -n "$OMR_TRACKER_DEVICE_IP" ]; then
 			glorytun-udp path $OMR_TRACKER_DEVICE_IP dev tun0 down > /dev/null 2>&1
 		fi
+		if [ "$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.vpn)" = "1" ]; then
+			VPN_BASE_INTF="$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.baseintf)"
+			VPN_BASE_INTF_IP=$(ubus call network.interface.$VPN_BASE_INTF status | jsonfilter -e '@["ipv4-address"][0].address' | tr -d "\n")
+			uci -q batch <<-EOF >/dev/null
+				set openvpn.$VPN_BASE_INTF.local=$VPN_BASE_INTF_IP
+				commit openvpn
+			EOF
+			/etc/init.d/openvpn restart $VPN_BASE_INTF
+		fi
 		config_load openmptcprouter
 		config_foreach del_server_route server
-		#if [ "$(uci -q get openmptcprouter.settings.master)" = "balancing" ]; then
+		if [ "$(uci -q get openmptcprouter.settings.master)" = "balancing" ]; then
-		#	config_foreach set_server_all_routes server
+			config_foreach set_server_all_routes server
-		#fi
+		fi
 	}
 
-	if [ "$default_gw" = "$OMR_TRACKER_DEVICE_GATEWAY" ] || [ "$default_gw" = "" ]; then
+	if ([ "$default_gw" = "$OMR_TRACKER_DEVICE_GATEWAY" ] || [ "$default_gw" = "" ]) && [ "$(uci -q get openmptcprouter.settings.defaultgw)" != "0" ]; then
 		config_load network
 		config_foreach set_route interface $OMR_TRACKER_INTERFACE
 	fi
@@ -273,6 +310,8 @@ if [ "$OMR_TRACKER_STATUS" = "ERROR" ]; then
 			echo -e "Subject: $OMR_SYSNAME: $OMR_TRACKER_INTERFACE ($OMR_TRACKER_DEVICE) is down\n\nConnection failure of $OMR_TRACKER_INTERFACE ($OMR_TRACKER_DEVICE) detected. The reason is \"$OMR_TRACKER_STATUS_MSG\"." | sendmail $(uci -q get mail.default.to)
 		fi
 	}
+	script_alert_down="$(uci -q get omr-tracker.$OMR_TRACKER_INTERFACE.script_alert_down)"
+	[ -n "$script_alert_down" ] && eval $script_alert_down
 
 	if [ "$OMR_TRACKER_INTERFACE" = "glorytun" ] || [ "$OMR_TRACKER_INTERFACE" = "omrvpn" ]; then
 		if [ "$OMR_TRACKER_STATUS_MSG" = "" ]; then
@@ -280,8 +319,10 @@ if [ "$OMR_TRACKER_STATUS" = "ERROR" ]; then
 		else
 			_log "$OMR_TRACKER_INTERFACE down because $OMR_TRACKER_STATUS_MSG"
 		fi
-		config_load network
+		if [ "$(uci -q get openmptcprouter.settings.defaultgw)" != "0" ]; then
-		config_foreach set_route interface $OMR_TRACKER_INTERFACE
+			config_load network
+			config_foreach set_route interface $OMR_TRACKER_INTERFACE
+		fi
 		if [ "$(uci -q get shadowsocks-libev.sss0.disabled)" != "1" ] && [ "$(uci -q get openmptcprouter.omr.shadowsocks)" = "up" ] && [ "$(uci -q get shadowsocks-libev.ss_rules.redir_udp)" = "" ] && [ "$(uci -q get shadowsocks-libev.hi2.mode)" = "tcp_and_udp" ]; then
 			_log "Tunnel down use ShadowSocks for UDP"
 			uci -q set shadowsocks-libev.ss_rules.redir_udp='hi2'
@@ -375,46 +416,55 @@ if [ "$OMR_TRACKER_INTERFACE" = "glorytun" ] || [ "$OMR_TRACKER_INTERFACE" = "om
 fi
 
 if [ "$OMR_TRACKER_PREV_STATUS" != "" ] && [ "$OMR_TRACKER_PREV_STATUS" != "$OMR_TRACKER_STATUS" ]; then
+	_log "$OMR_TRACKER_INTERFACE ($OMR_TRACKER_DEVICE) switched up"
 	mail_alert="$(uci -q get omr-tracker.$OMR_TRACKER_INTERFACE.mail_alert)"
 	[ -z "$mail_alert" ] && mail_alert="$(uci -q get omr-tracker.defaults.mail_alert)"
 	[ "$mail_alert" = "1" ] && {
 		OMR_SYSNAME="$(uci -q get system.@system[0].hostname)"
 		echo -e "Subject: $OMR_SYSNAME: $OMR_TRACKER_INTERFACE ($OMR_TRACKER_DEVICE) is up\n\nDetected that connection $OMR_TRACKER_INTERFACE ($OMR_TRACKER_DEVICE) is up again." | sendmail $(uci -q get mail.default.to)
 	}
+	script_alert_up="$(uci -q get omr-tracker.$OMR_TRACKER_INTERFACE.script_alert_up)"
+	[ -n "$script_alert_up" ] && eval $script_alert_up
+fi
+if [ "$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.state)" != "up" ]; then
 	uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.state='up'
 	uci -q commit openmptcprouter
 	dns_flush
 fi
 
-multipath_config=$(uci -q get "network.$OMR_TRACKER_INTERFACE.multipath")
+multipath_config=$(uci -q get "openmtpcprouter.$OMR_TRACKER_INTERFACE.multipath")
-[ -z "$multipath_config" ] && multipath_config=$(uci -q get "openmptcprouter.$OMR_TRACKER_INTERFACE.multipath" || echo "off")
+[ -z "$multipath_config" ] && multipath_config=$(uci -q get "network.$OMR_TRACKER_INTERFACE.multipath" || echo "off")
 if [ "$multipath_config" = "master" ]; then
 	if ([ "$default_gw" != "$OMR_TRACKER_DEVICE_GATEWAY" ] || [ "$default_gw" = "" ]) && [ "$OMR_TRACKER_DEVICE_GATEWAY" != "" ] && [ "$(uci -q get openmptcprouter.settings.master)" != "balancing" ]; then
 		omrvpn_intf=$(uci -q get "network.omrvpn.ifname" || echo "tun")
-		if [ -n "$omrvpn_intf" ] && [ "$(ip route show default | awk '/default/ {print $5}' | grep $omrvpn_intf)" = "" ]; then
+		if [ -n "$omrvpn_intf" ] && [ "$(ip route show default | awk '/default/ {print $5}' | grep $omrvpn_intf)" = "" ] && [ "$(uci -q get openmptcprouter.settings.defaultgw)" != "0" ]; then
 			_log "Master up : Replace default route by $OMR_TRACKER_DEVICE_GATEWAY dev $OMR_TRACKER_DEVICE"
 			ip route replace default scope global nexthop via $OMR_TRACKER_DEVICE_GATEWAY dev $OMR_TRACKER_DEVICE
-		else
+		fi
-			config_load openmptcprouter
+		config_load openmptcprouter
-			if [ "$(uci -q get openmptcprouter.settings.master)" = "balancing" ]; then
+		if [ "$(uci -q get openmptcprouter.settings.master)" = "balancing" ]; then
-				config_foreach set_server_all_routes server
+			config_foreach set_server_all_routes server
-			elif [ "$(uci -q get openmptcprouter.settings.master)" != "failover" ]; then
+		elif [ "$(uci -q get openmptcprouter.settings.master)" != "failover" ]; then
-				config_foreach set_server_default_route server
+			config_foreach set_server_default_route server
-			fi
 		fi
 		ip route replace default via $OMR_TRACKER_DEVICE_GATEWAY dev $OMR_TRACKER_DEVICE table 991337
 	fi
-	if [ "$(uci -q get openmptcprouter.settings.master)" = "balancing" ] && [ "$(ip route show default | grep weight)" = "" ]; then
+	if [ "$(uci -q get openmptcprouter.settings.master)" = "balancing" ] && [ "$(ip route show default | grep weight)" = "" ] && [ "$(uci -q get openmptcprouter.settings.defaultgw)" != "0" ]; then
 		omrvpn_intf=$(uci -q get "network.omrvpn.ifname" || echo "tun")
 		if [ -n "$omrvpn_intf" ] && [ "$(ip route show default | awk '/default/ {print $5}' | grep $omrvpn_intf)" = "" ]; then
 			ip route replace default via $OMR_TRACKER_DEVICE_GATEWAY dev $OMR_TRACKER_DEVICE table 991337
 			routesbalancing=""
+			routesbalancingbackup=""
 			config_load network
 			config_foreach set_route_balancing interface
-			[ -n "$routesbalancing" ] && {
+			[ -n "$routesbalancing" ] && ([ "$nbintf" -gt "1" ] && [ "$(ip r show default metric 0 | tr -d '\t' | tr -d '\n')" != "default via $routesbalancing " ]) || ([ "$nbintf" = "1" ] && [ "$(ip r show default metric 0 | grep $OMR_TRACKER_INTERFACE)" = "" ]) && {
 				_log "Set ip route replace default scope global $routesbalancing"
 				ip route replace default scope global $routesbalancing
 			}
+			[ -n "$routesbalancingbackup" ] && ([ "$nbintf" -gt "1" ] && [ "$(ip r show default metric 999 | tr -d '\t' | tr -d '\n')" != "default via $routesbalancingbackup " ]) || ([ "$nbintf" = "1" ] && [ "$(ip r show default metric 999 | grep $OMR_TRACKER_INTERFACE)" = "" ]) && {
+				_log "Set ip route replace default scope global $routesbalancingbackup"
+				ip route replace default scope global metric 999 $routesbalancingbackup
+			}
 		fi
 	fi
 	if [ "$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.lc)" = "" ] || [ $(($(date +"%s") + $((10 + RANDOM % 31)) - $(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.lc))) -gt 3600 ] || [ "$(uci -q show openmptcprouter | grep get_config=\'1\')" != "" ] || [ "$(uci -q show openmptcprouter | grep admin_error=\'1\')" != "" ]; then
@@ -473,28 +523,28 @@ if [ "$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.lc)" = "" ] || [ $(($(
 	fi
 	[ -n "$ipaddr" ] && {
 		# Check if we can get a IPv6 address, if yes enable RA else disable
-		local check_ipv6_website="$(uci -q get openmptcprouter.settings.check_ipv6_website)"
+		#local check_ipv6_website="$(uci -q get openmptcprouter.settings.check_ipv6_website)"
-		[ -z "$check_ipv6_website" ] && check_ipv6_website="http://ipv6.openmptcprouter.com/"
+		#[ -z "$check_ipv6_website" ] && check_ipv6_website="http://ipv6.openmptcprouter.com/"
-		local ip6addr="$(curl -s -6 -m 2 $check_ipv6_website)"
+		#local ip6addr="$(curl -s -6 -m 2 $check_ipv6_website)"
-		[ -z "$ip6addr" ] && {
+		#[ -z "$ip6addr" ] && {
-			local ip6addr="$(curl -s -6 -m 2 http://ifconfig.co/)"
+		#	local ip6addr="$(curl -s -6 -m 2 http://ifconfig.co/)"
-		}
+		#}
-		if [ "$(uci -q get openmptcprouter.settings.ipv6_disable)" = "0" ]; then
+		#if [ "$(uci -q get openmptcprouter.settings.ipv6_disable)" = "0" ]; then
-			if [ -n "$ip6addr" ] && [ "$(uci -q get dhcp.lan.ra_default)" != 1 ]; then
+		#	if [ -n "$ip6addr" ] && [ "$(uci -q get dhcp.lan.ra_default)" != 1 ]; then
-				_log "Enable IPv6 RA"
+		#		_log "Enable IPv6 RA"
-				uci -q set dhcp.lan.ra=server
+		#		uci -q set dhcp.lan.ra=server
-				uci -q set dhcp.lan.ra_default=1
+		#		uci -q set dhcp.lan.ra_default=1
-				uci -q set dhcp.lan.dhcpv6=server
+		#		uci -q set dhcp.lan.dhcpv6=server
-				/etc/init.d/odhcpd start > /dev/null 2>&1
+		#		/etc/init.d/odhcpd start > /dev/null 2>&1
-				/etc/init.d/odhcpd enable > /dev/null 2>&1
+		#		/etc/init.d/odhcpd enable > /dev/null 2>&1
-			elif [ -z "$ip6addr" ] && [ "$(uci -q set dhcp.lan.ra_default)" = 1 ]; then
+		#	elif [ -z "$ip6addr" ] && [ "$(uci -q set dhcp.lan.ra_default)" = 1 ]; then
-				_log "Disable IPv6 RA"
+		#		_log "Disable IPv6 RA"
-				uci -q delete dhcp.lan.ra
+		#		uci -q delete dhcp.lan.ra
-				uci -q delete dhcp.lan.dhcpv6
+		#		uci -q delete dhcp.lan.dhcpv6
-				/etc/init.d/odhcpd start > /dev/null 2>&1
+		#		/etc/init.d/odhcpd start > /dev/null 2>&1
-				/etc/init.d/odhcpd enable > /dev/null 2>&1
+		#		/etc/init.d/odhcpd enable > /dev/null 2>&1
-			fi
+		#	fi
-		fi
+		#fi
 		if [ "$(uci -q get openmptcprouter.settings.external_check)" != "0" ]; then
 			local asn="$(wget -4 -qO- -T 4 http://api.iptoasn.com/v1/as/ip/$ipaddr | jsonfilter -q -e '@.as_description')"
 			[ -z "$asn" ] && {
@@ -552,18 +602,19 @@ if [ "$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.lc)" = "" ] || [ $(($(
 			uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.lc=$(date +"%s")
 		fi
 	fi
-	protocol="$(uci -q get network.$OMR_TRACKER_INTERFACE.proto)"
+	proto="$(uci -q get network.$OMR_TRACKER_INTERFACE.proto)"
-	if [ "$proto" = "qmi" ]; then
+	#if [ "$proto" = "qmi" ]; then
-		intfdata="$(omr-qmi $OMR_TRACKER_DEVICE all | tr -d '\n')"
+	#	intfdata="$(omr-qmi $OMR_TRACKER_DEVICE all | tr -d '\n')"
-		uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.operator=$(echo $intfdata | awk -F";" '{print $2}')
+	#	uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.operator=$(echo $intfdata | awk -F";" '{print $2}')
-		uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.number=$(echo $intfdata | awk -F";" '{print $3}')
+	#	uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.number=$(echo $intfdata | awk -F";" '{print $3}')
-		uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.state=$(echo $intfdata | awk -F";" '{print $4}')
+	#	uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.state=$(echo $intfdata | awk -F";" '{print $4}')
-	elif [ "$proto" = "modemmanager" ]; then
+	#elif [ "$proto" = "modemmanager" ]; then
-		intfdata="$(omr-modemmanager $OMR_TRACKER_DEVICE all)"
+	#	intfdata="$(omr-modemmanager $OMR_TRACKER_DEVICE all)"
-		uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.operator=$(echo $intfdata | awk -F";" '{print $2}')
+	#	uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.operator=$(echo $intfdata | awk -F";" '{print $2}')
-		uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.number=$(echo $intfdata | awk -F";" '{print $3}')
+	#	uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.number=$(echo $intfdata | awk -F";" '{print $3}')
-		uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.state=$(echo $intfdata | awk -F";" '{print $4}')
+	#	uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.state=$(echo $intfdata | awk -F";" '{print $4}')
-	else
+	#else
+	if [ "$proto" != "qmi" ] && [ "$proto" != "modemmanager" ]; then
 		if [ -n "$OMR_TRACKER_DEVICE_GATEWAY" ] && [ -n "$(curl -s -m 1 -X GET http://$OMR_TRACKER_DEVICE_GATEWAY/api/webserver/SesTokInfo)" ]; then
 			uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.manufacturer='huawei'
 		else
@@ -587,9 +638,9 @@ fi
 	uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.latency="$OMR_TRACKER_LATENCY"
 	#[ -z "$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.latency_max)" ] && uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.latency_max="$OMR_TRACKER_LATENCY"
 	#[ "$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.latency_max)" -lt "$OMR_TRACKER_LATENCY" ] && uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.latency_max="$OMR_TRACKER_LATENCY"
-	if [ "$multipath_config" = "on" ] && [ "$(uci -q get network.$OMR_TRACKER_INTERFACE.multipath)" != "master" ] && ([ "$(uci -q get openmptcprouter.settings.master)" = "dynamic" ] || (([ "$(uci -q get openmptcprouter.settings.master)" = "change" ] || [ "$(uci -q get openmptcprouter.settings.master)" = "" ]) && [ "$(uci -q get openmptcprouter.settings.master_lcintf | grep $OMR_TRACKER_INTERFACE)" = "" ])); then
+	if [ "$multipath_config" = "on" ] && [ "$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.multipath)" != "master" ] && ([ "$(uci -q get openmptcprouter.settings.master)" = "dynamic" ] || (([ "$(uci -q get openmptcprouter.settings.master)" = "change" ] || [ "$(uci -q get openmptcprouter.settings.master)" = "" ]) && [ "$(uci -q get openmptcprouter.settings.master_lcintf | grep $OMR_TRACKER_INTERFACE)" = "" ])); then
-		masterintf="$(uci -q show network | grep multipath=\'master\' | cut -d'.' -f2)"
+		masterintf="$(uci -q show openmptcprouter | grep -m 1 multipath=\'master\' | cut -d'.' -f2)"
-		[ -z "$masterintf" ] && masterintf="$(uci -q show openmptcprouter | grep multipath=\'master\' | cut -d'.' -f2)"
+		[ -z "$masterintf" ] && masterintf="$(uci -q show network | grep -m 1 multipath=\'master\' | cut -d'.' -f2)"
 		masterlatency="$(uci -q get openmptcprouter.$masterintf.latency | tr -d '\n')"
 		if [ -z "$masterlatency" ] || [ "$(uci -q get openmptcprouter.$masterintf.state)" = "down" ]; then
 			masterlatency=1000
@@ -628,11 +679,21 @@ if [ "$(pgrep glorytun)" = "" ] && [ "$(uci -q get glorytun.vpn.enabled)" = "1"
 	/etc/init.d/glorytun-udp restart
 	sleep 5
 fi
-if [ "$(pgrep openvpn)" = "" ] && [ "$(uci -q get openvpn.omr.enabled)" = "1" ] && [ -f /etc/init.d/openvpn ]; then
+
-	_log "Can't find OpenVPN, restart it..."
+if [ "$(pgrep openvpn)" = "" ] && [ -f /etc/init.d/openvpn ]; then
-	/etc/init.d/openvpn restart
+	openvpn_enable=0
-	sleep 5
+	openvpn_enabled() {
+		[ "$(uci -q get openvpn.$1.enabled)" = "1" ] && openvpn_enable=1
+	}
+	config_load openvpn
+	config_foreach openvpn_enabled openvpn
+	if [ "$openvpn_enable" = "1" ]; then
+		_log "Can't find OpenVPN, restart it"
+		/etc/init.d/openvpn restart
+		sleep 5
+	fi
 fi
+
 if [ "$(pgrep mlvpn)" = "" ] && [ "$(uci -q get mlvpn.general.enable)" = "1" ] && [ -f /etc/init.d/mlvpn ]; then
 	_log "Can't find MLVPN, restart it..."
 	/etc/init.d/mlvpn restart

mptcpd/Makefile

@@ -8,10 +8,10 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mptcpd
-PKG_VERSION:=0.3
+PKG_VERSION:=0.4
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://github.com/intel/mptcpd/releases/download/v0.3
+PKG_SOURCE_URL:=https://github.com/intel/mptcpd/releases/download/v$(PKG_VERSION)
-PKG_HASH:=c2e1711e01b11f16a0c91dc0f3815b6460e603f52a31225d3a4d4012e858c967
+PKG_HASH:=459c45ba86ea574f1ad7a062a9914474ca650229b97375017bd46d0732f985ba
 PKG_RELEASE:=1
 PKG_MAINTAINER:=Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
 

ndpi-netfilter2/Makefile

@@ -11,7 +11,7 @@ include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=ndpi-netfilter2
 PKG_RELEASE:=2
-PKG_REV:=7aa4c293f23d6ab1fac5574c8e9c486cb1ced93d
+PKG_REV:=77d882638232fb9236123b50b9aac8bccc409ed9
 PKG_VERSION:=3.2-$(PKG_REV)
 
 PKG_SOURCE_PROTO:=git

omr-6in4/files/bin/omr-6in4

@@ -42,6 +42,7 @@ while true; do
 				[ "$ipv6_gw" = "::" ] && ipv6_gw='fe80::a00:1'
 				[ -z "$ipv6_gw" ] && ipv6_gw='fe80::a00:1'
 				#[ -z "$ipv6_gw" ] && ipv6_gw='fe80::aff:ff01'
+				ip -6 route add ${ipv6_gw} dev 6in4-omr6in4
 				ip -6 route replace default via ${ipv6_gw} dev 6in4-omr6in4 > /dev/null 2>&1
 				if [ "$(uci -q get openmptcprouter.settings.uci_route)" = "1" ]; then
 					uci -q batch <<-EOF

omr-6in4/files/etc/init.d/omr-6in4

@@ -10,10 +10,14 @@
 	USE_PROCD=1
 }
 
+set_shadowsocks_address() {
+	uci -q set shadowsocks-libev.$1.local_address="$2"
+}
+
 set_ipv6_state() {
 	local disable_ipv6="$(uci -q get openmptcprouter.settings.disable_ipv6)"
 	[ -z "$disable_ipv6" ] && disable_ipv6="1"
-	sysctl -w net.ipv6.conf.all.disable_ipv6=$disable_ipv6
+	sysctl -qw net.ipv6.conf.all.disable_ipv6=$disable_ipv6
 	sed -i "s:^net.ipv6.conf.all.disable_ipv6=[0-9]*:net.ipv6.conf.all.disable_ipv6=$disable_ipv6:" /etc/sysctl.d/zzz_openmptcprouter.conf
 
 	uci -q batch <<-EOF >/dev/null
@@ -32,8 +36,9 @@ set_ipv6_state() {
 			delete dhcp.lan.ra_default
 			delete dhcp.lan.ra_management
 			delete dhcp.lan.ra_preference
-			set shadowsocks-libev.hi.local_address="0.0.0.0"
 		EOF
+		config_load shadowsocks-libev
+		config_foreach set_shadowsocks_address ss_redir "0.0.0.0"
 	else
 		logger -t "omr-6in4" "Enable IPv6"
 		uci -q batch <<-EOF >/dev/null
@@ -44,8 +49,9 @@ set_ipv6_state() {
 			set dhcp.lan.ra_management="1"
 			set network.lan.ipv6="1"
 			set network.lan.delegate="0"
-			set shadowsocks-libev.hi.local_address="::"
 		EOF
+		config_load shadowsocks-libev
+		config_foreach set_shadowsocks_address ss_redir "::"
 	fi
 	uci -q batch <<-EOF >/dev/null
 		commit network

omr-quota/files/etc/init.d/omr-quota

@@ -11,7 +11,7 @@ _validate_section() {
 		'txquota:uinteger'  \
 		'rxquota:uinteger'  \
 		'ttquota:uinteger'  \
-		'interval:uinteger' \
+		'interval:uinteger:30' \
 		'enabled:bool:0'
 }
 

omr-tracker/files/bin/omr-tracker

@@ -177,119 +177,123 @@ while true; do
 	OMR_TRACKER_DEVICE_GATEWAY=
 	serverip_ping=false
 
-	if [ -d "/sys/class/net/$OMR_TRACKER_DEVICE" ] && [ -n "$(ip link show $OMR_TRACKER_DEVICE | grep UP)" ]; then
+	if [ -d "/sys/class/net/$OMR_TRACKER_DEVICE" ]; then
-		# retrieve iface ip and gateway
+		if [ -n "$(ip link show $OMR_TRACKER_DEVICE | grep UP)" ]; then
-		OMR_TRACKER_DEVICE_IP=$(ip -4 -br addr ls dev "$OMR_TRACKER_DEVICE" | awk -F'[ /]+' '{print $3}')
+			# retrieve iface ip and gateway
-		if [ -z "$OMR_TRACKER_DEVICE_IP" ]; then
+			OMR_TRACKER_DEVICE_IP=$(ip -4 -br addr ls dev "$OMR_TRACKER_DEVICE" | awk -F'[ /]+' '{print $3}')
-			OMR_TRACKER_DEVICE_IP=$(ip -4 addr show dev "$OMR_TRACKER_DEVICE" | grep -m 1 inet | awk '{print $2}' | cut -d'/' -s -f1)
+			if [ -z "$OMR_TRACKER_DEVICE_IP" ]; then
-		fi
+				OMR_TRACKER_DEVICE_IP=$(ip -4 addr show dev "$OMR_TRACKER_DEVICE" | grep -m 1 inet | awk '{print $2}' | cut -d'/' -s -f1)
-		#OMR_TRACKER_DEVICE_IP=$(ubus call network.interface.$OMR_TRACKER_INTERFACE status | jsonfilter -e '@["ipv4-address"][0].address' | tr -d "\n")
-		#if [ -z "$OMR_TRACKER_DEVICE_GATEWAY" ]; then
-		#	OMR_TRACKER_DEVICE_GATEWAY=$(ip -4 r list dev "$OMR_TRACKER_DEVICE" | grep -v default | awk '/proto static/ {print $1}' | tr -d "\n")
-		#fi
-		if [ -z "$OMR_TRACKER_DEVICE_GATEWAY" ]; then
-			OMR_TRACKER_DEVICE_GATEWAY=$(uci -q get "network.$OMR_TRACKER_INTERFACE.gateway")
-		fi
-		if [ -z "$OMR_TRACKER_DEVICE_GATEWAY" ] || [ "$OMR_TRACKER_DEVICE_GATEWAY" = "0.0.0.0" ]; then
-			OMR_TRACKER_DEVICE_GATEWAY=$(ubus call network.interface.$OMR_TRACKER_INTERFACE status | jsonfilter -q -l 1 -e '@.inactive.route[@.target="0.0.0.0"].nexthop' | tr -d "\n")
-		fi
-		if [ -z "$OMR_TRACKER_DEVICE_GATEWAY" ] || [ "$OMR_TRACKER_DEVICE_GATEWAY" = "0.0.0.0" ]; then
-			OMR_TRACKER_DEVICE_GATEWAY=$(ubus call network.interface.$OMR_TRACKER_INTERFACE status | jsonfilter -q -l 1 -e '@.route[@.target="0.0.0.0"].nexthop' | tr -d "\n")
-		fi
-		if [ -z "$OMR_TRACKER_DEVICE_GATEWAY" ] || [ "$OMR_TRACKER_DEVICE_GATEWAY" = "0.0.0.0" ]; then
-			OMR_TRACKER_DEVICE_GATEWAY=$(ubus call network.interface.${OMR_TRACKER_INTERFACE}_4 status 2>/dev/null | jsonfilter -q -l 1 -e '@.inactive.route[@.target="0.0.0.0"].nexthop' | tr -d "\n")
-		fi
-		if [ -z "$OMR_TRACKER_DEVICE_GATEWAY" ] || [ "$OMR_TRACKER_DEVICE_GATEWAY" = "0.0.0.0" ]; then
-			if [ "$OMR_TRACKER_INTERFACE" = "omrvpn" ] && [ "$(uci -q get glorytun.vpn.enable)" = "1" ]; then
-				OMR_TRACKER_DEVICE_GATEWAY=$(uci -q get glorytun.vpn.remoteip)
-			else
-				OMR_TRACKER_DEVICE_GATEWAY=""
 			fi
-		fi
+			#OMR_TRACKER_DEVICE_IP=$(ubus call network.interface.$OMR_TRACKER_INTERFACE status | jsonfilter -e '@["ipv4-address"][0].address' | tr -d "\n")
-		if [ -z "$OMR_TRACKER_DEVICE_GATEWAY" ]; then
+			#if [ -z "$OMR_TRACKER_DEVICE_GATEWAY" ]; then
-			OMR_TRACKER_DEVICE_ROUTE=$(ip -4 r list dev "$OMR_TRACKER_DEVICE" | grep via | grep -v default | grep -v metric | grep -v / | awk '{print $1; exit}' | tr -d "\n")
+			#	OMR_TRACKER_DEVICE_GATEWAY=$(ip -4 r list dev "$OMR_TRACKER_DEVICE" | grep -v default | awk '/proto static/ {print $1}' | tr -d "\n")
-		fi
+			#fi
-		if [ -z "$OMR_TRACKER_DEVICE_GATEWAY" ]; then
+			if [ -z "$OMR_TRACKER_DEVICE_GATEWAY" ]; then
-			OMR_TRACKER_DEVICE_GATEWAY=$(ip -4 r list dev "$OMR_TRACKER_DEVICE" | grep kernel | awk '/proto kernel/ {print $1}' | tr -d "\n")
+				OMR_TRACKER_DEVICE_GATEWAY=$(uci -q get "network.$OMR_TRACKER_INTERFACE.gateway")
-		fi
+			fi
-
+			if [ -z "$OMR_TRACKER_DEVICE_GATEWAY" ] || [ "$OMR_TRACKER_DEVICE_GATEWAY" = "0.0.0.0" ]; then
-		# execute specific tracker
+				OMR_TRACKER_DEVICE_GATEWAY=$(ubus call network.interface.$OMR_TRACKER_INTERFACE status | jsonfilter -q -l 1 -e '@.inactive.route[@.target="0.0.0.0"].nexthop' | tr -d "\n")
-		if [ -n "$OMR_TRACKER_DEVICE_IP" ] && [ -n "$OMR_TRACKER_DEVICE_GATEWAY" ]; then
+			fi
-			# setup loop variable
+			if [ -z "$OMR_TRACKER_DEVICE_GATEWAY" ] || [ "$OMR_TRACKER_DEVICE_GATEWAY" = "0.0.0.0" ]; then
-			tries="$OMR_TRACKER_TRIES"
+				OMR_TRACKER_DEVICE_GATEWAY=$(ubus call network.interface.$OMR_TRACKER_INTERFACE status | jsonfilter -q -l 1 -e '@.route[@.target="0.0.0.0"].nexthop' | tr -d "\n")
-			# loop until tries attempts have been reached
+			fi
-			while [ "$tries" -gt 0 ]; do
+			if [ -z "$OMR_TRACKER_DEVICE_GATEWAY" ] || [ "$OMR_TRACKER_DEVICE_GATEWAY" = "0.0.0.0" ]; then
-				if [ -n "$OMR_TRACKER_DEVICE_ROUTE" ]; then
+				OMR_TRACKER_DEVICE_GATEWAY=$(ubus call network.interface.${OMR_TRACKER_INTERFACE}_4 status 2>/dev/null | jsonfilter -q -l 1 -e '@.inactive.route[@.target="0.0.0.0"].nexthop' | tr -d "\n")
-					_ping "$OMR_TRACKER_DEVICE_ROUTE" "$OMR_TRACKER_DEVICE" "no"
+			fi
-					status=$?
+			if [ -z "$OMR_TRACKER_DEVICE_GATEWAY" ] || [ "$OMR_TRACKER_DEVICE_GATEWAY" = "0.0.0.0" ]; then
+				if [ "$OMR_TRACKER_INTERFACE" = "omrvpn" ] && [ "$(uci -q get glorytun.vpn.enable)" = "1" ]; then
+					OMR_TRACKER_DEVICE_GATEWAY=$(uci -q get glorytun.vpn.remoteip)
 				else
-					_ping "$OMR_TRACKER_DEVICE_GATEWAY" "$OMR_TRACKER_DEVICE" "no"
+					OMR_TRACKER_DEVICE_GATEWAY=""
-					status=$?
 				fi
-				if $(exit $status) && [ "$OMR_TRACKER_TYPE" = "none" ]; then
+			fi
-					OMR_TRACKER_STATUS_MSG=""
+			if [ -z "$OMR_TRACKER_DEVICE_GATEWAY" ]; then
-					OMR_TRACKER_STATUS="OK"
+				OMR_TRACKER_DEVICE_ROUTE=$(ip -4 r list dev "$OMR_TRACKER_DEVICE" | grep via | grep -v default | grep -v metric | grep -v / | awk '{print $1; exit}' | tr -d "\n")
-					break
+			fi
-				elif [ "$OMR_TRACKER_TYPE" != "none" ]; then
+			if [ -z "$OMR_TRACKER_DEVICE_GATEWAY" ]; then
-					if ! $(exit $status); then
+				OMR_TRACKER_DEVICE_GATEWAY=$(ip -4 r list dev "$OMR_TRACKER_DEVICE" | grep kernel | awk '/proto kernel/ {print $1}' | tr -d "\n")
-						OMR_TRACKER_STATUS_MSG="gateway down"
+			fi
-					fi
+
-					serverip_ping=false
+			# execute specific tracker
-					if [ "$OMR_TRACKER_TYPE" = "ping" ]; then
+			if [ -n "$OMR_TRACKER_DEVICE_IP" ] && [ -n "$OMR_TRACKER_DEVICE_GATEWAY" ]; then
-						config_load openmptcprouter
+				# setup loop variable
-						config_foreach _ping_server server $OMR_TRACKER_DEVICE
+				tries="$OMR_TRACKER_TRIES"
-					fi
+				# loop until tries attempts have been reached
-					if [ "$serverip_ping" = false ] && [ -n "$OMR_TRACKER_HOST" ]; then
+				while [ "$tries" -gt 0 ]; do
-						OMR_TRACKER_HOST=$(resolveip -4 $OMR_TRACKER_HOST | tr -d "\n")
+					if [ -n "$OMR_TRACKER_DEVICE_ROUTE" ]; then
-						if [ "$(uci -q get network.$OMR_TRACKER_INTERFACE.proto)" = "3g" ] || [ "$(uci -q get network.$OMR_TRACKER_INTERFACE.proto)" = "qmi" ] || [ "$(uci -q get network.$OMR_TRACKER_INTERFACE.proto)" = "ncm" ]; then
+						_ping "$OMR_TRACKER_DEVICE_ROUTE" "$OMR_TRACKER_DEVICE" "no"
-							# Check if route is not used
+						status=$?
-							while ! ip route add $OMR_TRACKER_HOST via $OMR_TRACKER_DEVICE_GATEWAY dev $OMR_TRACKER_DEVICE src $OMR_TRACKER_DEVICE_IP > /dev/null 2>&1
-							do
-								logger -t "omr-tracker" "Can't create route to $OMR_TRACKER_HOST via $OMR_TRACKER_DEVICE_GATEWAY dev $OMR_TRACKER_DEVICE src $OMR_TRACKER_DEVICE_IP. waiting..."
-								sleep 2
-								ip route del "$OMR_TRACKER_HOST" via "$OMR_TRACKER_DEVICE_GATEWAY" dev "$OMR_TRACKER_DEVICE" src "$OMR_TRACKER_DEVICE_IP" > /dev/null 2>&1
-								_restart
-							done
-						fi
-						if [ "$OMR_TRACKER_TYPE" = "ping" ]; then
-							_ping "$OMR_TRACKER_HOST" "$OMR_TRACKER_DEVICE" "yes"
-							statusb=$?
-						elif [ "$OMR_TRACKER_TYPE" = "httping" ]; then
-							_httping "$OMR_TRACKER_HOST" "$OMR_TRACKER_DEVICE_IP" "yes"
-							statusb=$?
-						elif [ "$OMR_TRACKER_TYPE" = "dns" ]; then
-							_dns "$OMR_TRACKER_HOST" "$OMR_TRACKER_DEVICE_IP" "yes"
-							statusb=$?
-						fi
-						ip route del "$OMR_TRACKER_HOST" via "$OMR_TRACKER_DEVICE_GATEWAY" dev "$OMR_TRACKER_DEVICE" src "$OMR_TRACKER_DEVICE_IP" > /dev/null 2>&1
-						if $(exit $statusb); then
-							OMR_TRACKER_STATUS_MSG=""
-							OMR_TRACKER_STATUS="OK"
-							break
-						else
-							if [ "$OMR_TRACKER_LIST_HOSTS" = "" ]; then
-								OMR_TRACKER_LIST_HOSTS="$OMR_TRACKER_HOST"
-							else
-								OMR_TRACKER_LIST_HOSTS="$OMR_TRACKER_LIST_HOSTS,$OMR_TRACKER_HOST"
-							fi
-						fi
 					else
+						_ping "$OMR_TRACKER_DEVICE_GATEWAY" "$OMR_TRACKER_DEVICE" "no"
+						status=$?
+					fi
+					if $(exit $status) && [ "$OMR_TRACKER_TYPE" = "none" ]; then
 						OMR_TRACKER_STATUS_MSG=""
 						OMR_TRACKER_STATUS="OK"
 						break
+					elif [ "$OMR_TRACKER_TYPE" != "none" ]; then
+						if ! $(exit $status); then
+							OMR_TRACKER_STATUS_MSG="gateway down"
+						fi
+						serverip_ping=false
+						if [ "$OMR_TRACKER_TYPE" = "ping" ]; then
+							config_load openmptcprouter
+							config_foreach _ping_server server $OMR_TRACKER_DEVICE
+						fi
+						if [ "$serverip_ping" = false ] && [ -n "$OMR_TRACKER_HOST" ]; then
+							OMR_TRACKER_HOST=$(resolveip -4 $OMR_TRACKER_HOST | tr -d "\n")
+							if [ "$(uci -q get network.$OMR_TRACKER_INTERFACE.proto)" = "3g" ] || [ "$(uci -q get network.$OMR_TRACKER_INTERFACE.proto)" = "qmi" ] || [ "$(uci -q get network.$OMR_TRACKER_INTERFACE.proto)" = "ncm" ]; then
+								# Check if route is not used
+								while ! ip route add $OMR_TRACKER_HOST via $OMR_TRACKER_DEVICE_GATEWAY dev $OMR_TRACKER_DEVICE src $OMR_TRACKER_DEVICE_IP > /dev/null 2>&1
+								do
+									logger -t "omr-tracker" "Can't create route to $OMR_TRACKER_HOST via $OMR_TRACKER_DEVICE_GATEWAY dev $OMR_TRACKER_DEVICE src $OMR_TRACKER_DEVICE_IP. waiting..."
+									sleep 2
+									ip route del "$OMR_TRACKER_HOST" via "$OMR_TRACKER_DEVICE_GATEWAY" dev "$OMR_TRACKER_DEVICE" src "$OMR_TRACKER_DEVICE_IP" > /dev/null 2>&1
+									_restart
+								done
+							fi
+							if [ "$OMR_TRACKER_TYPE" = "ping" ]; then
+								_ping "$OMR_TRACKER_HOST" "$OMR_TRACKER_DEVICE" "yes"
+								statusb=$?
+							elif [ "$OMR_TRACKER_TYPE" = "httping" ]; then
+								_httping "$OMR_TRACKER_HOST" "$OMR_TRACKER_DEVICE_IP" "yes"
+								statusb=$?
+							elif [ "$OMR_TRACKER_TYPE" = "dns" ]; then
+								_dns "$OMR_TRACKER_HOST" "$OMR_TRACKER_DEVICE_IP" "yes"
+								statusb=$?
+							fi
+							ip route del "$OMR_TRACKER_HOST" via "$OMR_TRACKER_DEVICE_GATEWAY" dev "$OMR_TRACKER_DEVICE" src "$OMR_TRACKER_DEVICE_IP" > /dev/null 2>&1
+							if $(exit $statusb); then
+								OMR_TRACKER_STATUS_MSG=""
+								OMR_TRACKER_STATUS="OK"
+								break
+							else
+								if [ "$OMR_TRACKER_LIST_HOSTS" = "" ]; then
+									OMR_TRACKER_LIST_HOSTS="$OMR_TRACKER_HOST"
+								else
+									OMR_TRACKER_LIST_HOSTS="$OMR_TRACKER_LIST_HOSTS,$OMR_TRACKER_HOST"
+								fi
+							fi
+						else
+							OMR_TRACKER_STATUS_MSG=""
+							OMR_TRACKER_STATUS="OK"
+							break
+						fi
+					elif ! $(exit $status); then
+						OMR_TRACKER_STATUS_MSG="gateway down"
 					fi
-				elif ! $(exit $status); then
+					tries=$((tries - 1))
-					OMR_TRACKER_STATUS_MSG="gateway down"
+					#_restart
-				fi
+					OMR_TRACKER_HOST="${OMR_TRACKER_HOSTS%% *}"
-				tries=$((tries - 1))
+					[ "$OMR_TRACKER_HOST" = "$OMR_TRACKER_HOSTS" ] || {
-				#_restart
+						OMR_TRACKER_HOSTS="${OMR_TRACKER_HOSTS#* } $OMR_TRACKER_HOST"
-				OMR_TRACKER_HOST="${OMR_TRACKER_HOSTS%% *}"
+					}
-				[ "$OMR_TRACKER_HOST" = "$OMR_TRACKER_HOSTS" ] || {
+					#OMR_TRACKER_TIMEOUT=$((OMR_TRACKER_TIMEOUT * 2))
-					OMR_TRACKER_HOSTS="${OMR_TRACKER_HOSTS#* } $OMR_TRACKER_HOST"
+					sleep "$OMR_TRACKER_INTERVAL_TRIES"
-				}
+				done
-				#OMR_TRACKER_TIMEOUT=$((OMR_TRACKER_TIMEOUT * 2))
+			fi
-				sleep "$OMR_TRACKER_INTERVAL_TRIES"
+		else
-			done
+			OMR_TRACKER_STATUS_MSG="link down"
 		fi
 	fi
 

omr-tracker/files/bin/omr-tracker-server

@@ -0,0 +1,125 @@
+#!/bin/sh
+# vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
+
+name=$0
+basename="$(basename $0)"
+
+_log() {
+	logger -p daemon.info -t "${basename}" "$@"
+}
+
+_ping_server() {
+	local host=$1
+	ret=$(ping \
+	    -w "$OMR_TRACKER_TIMEOUT" \
+	    -c 1 \
+	    -q \
+	    "${host}"
+	) && echo "$ret" | grep -sq " 0% packet loss" && {
+		server_ping=true
+	}
+}
+
+_check_server() {
+	local host=$1
+	local port=$2
+	local k=0
+	while [ "$server_ping" = false ] && [ "$k" -le "$retry" ]; do
+		ret=$(curl -4 \
+		    --max-time "$OMR_TRACKER_TIMEOUT" \
+		    -s \
+		    -k \
+		    "https://${host}:${port}/"
+		)
+		[ -n "$ret" ] && server_ping=true
+		k=$((k+1))
+		sleep "${intervaltries}"
+	done
+}
+
+_check_master() {
+	local name=$1
+	config_get master $1 master
+	config_get ip $1 ip
+	config_get port $1 port "65500"
+	[ "$master" = "1" ] && [ -n "$ip" ] && {
+		#_ping_server $ip
+		_check_server $ip $port
+		[ "$server_ping" = true ] && [ "$(uci -q get shadowsocks-libev.sss0.server | tr -d '\n')" != "$ip" ] && {
+			logger -t "OMR-Tracker-Server" "Master server up, set it back"
+			logger -t "OMR-Tracker-Server" "$(uci -q get shadowsocks-libev.sss0.server | tr -d '\n') - $ip"
+			uci -q batch <<-EOF >/dev/null
+				set shadowsocks-libev.sss0.server=$ip
+				commit shadowsocks-libev
+				set glorytun.vpn.host=$ip
+				commit glorytun
+				set dsvpn.vpn.host=$ip
+				commit dsvpn
+				set mlvpn.general.host=$ip
+				commit mlvpn
+				del openvpn.omr.remote
+				add_list openvpn.omr.remote=$ip
+				commit openvpn
+			EOF
+			/etc/init.d/shadowsocks-libev restart >/dev/null 2>/dev/null
+			/etc/init.d/glorytun restart >/dev/null 2>/dev/null
+			/etc/init.d/glorytun-udp restart >/dev/null 2>/dev/null
+			/etc/init.d/mlvpn restart >/dev/null 2>/dev/null
+			/etc/init.d/openvpn restart >/dev/null 2>/dev/null
+			/etc/init.d/dsvpn restart >/dev/null 2>/dev/null
+		}
+		break
+	}
+}
+
+_check_backup() {
+	local name=$1
+	config_get backup $1 backup
+	config_get ip $1 ip
+	config_get port $1 port
+	[ "$backup" = "1" ] && [ -n "$ip" ] && {
+		#_ping_server $ip
+		_check_server $ip $port
+	}
+	[ "$server_ping" = true ] && [ "$(uci -q get shadowsocks-libev.sss0.server | tr -d '\n')" = "$ip" ] && break
+	[ "$server_ping" = true ] && [ "$(uci -q get shadowsocks-libev.sss0.server | tr -d '\n')" != "$ip" ] && {
+		logger -t "OMR-Tracker-Server" "User backup server $1 ($ip)"
+		uci -q batch <<-EOF >/dev/null
+			set shadowsocks-libev.sss0.server=$ip
+			commit shadowsocks-libev
+			set glorytun.vpn.host=$ip
+			commit glorytun
+			set dsvpn.vpn.host=$ip
+			commit dsvpn
+			set mlvpn.general.host=$ip
+			commit mlvpn
+			del openvpn.omr.remote
+			add_list openvpn.omr.remote=$ip
+			commit openvpn
+		EOF
+		/etc/init.d/shadowsocks-libev restart >/dev/null 2>/dev/null
+		/etc/init.d/glorytun restart >/dev/null 2>/dev/null
+		/etc/init.d/glorytun-udp restart >/dev/null 2>/dev/null
+		/etc/init.d/mlvpn restart >/dev/null 2>/dev/null
+		/etc/init.d/openvpn restart >/dev/null 2>/dev/null
+		/etc/init.d/dsvpn restart >/dev/null 2>/dev/null
+		break
+	}
+}
+
+. /lib/functions.sh
+
+timeout=${OMR_TRACKER_TIMEOUT:-5}
+interval=${OMR_TRACKER_INTERVAL:-10}
+intervaltries=${OMR_TRACKER_INTERVAL_TRIES:-2}
+retry=${OMR_TRACKER_TRIES:-4}
+
+while true; do
+	server_ping=false
+	config_load openmptcprouter
+	config_foreach _check_master server
+	[ "$server_ping" = false ] && {
+		config_foreach _check_backup server
+	}
+	sleep "${interval}"
+done

omr-tracker/files/etc/config/omr-tracker

@@ -31,4 +31,10 @@ config shadowsocks 'shadowsocks'
 	option timeout '10'
 	option tries '3'
 	option interval_tries '1'
+	option interval '5'
+
+config server 'server'
+	option enabled '1'
+	option tries '3'
+	option timeout '10'
 	option interval '5'

omr-tracker/files/etc/init.d/omr-tracker

@@ -77,6 +77,26 @@ _launch_tracker() {
 	procd_close_instance
 }
 
+_launch_server_tracker() {
+	local hosts timeout tries interval interval_tries options type enabled
+	_validate_section "server" "server"
+
+	[ "${enabled}" = "0" ] && return
+	[ -z "${interval_tries}" ] && interval_tries=1
+
+	procd_open_instance
+	# shellcheck disable=SC2086
+	procd_set_param command /bin/omr-tracker-server "$1" $options
+	procd_append_param env "OMR_TRACKER_TIMEOUT=$timeout"
+	procd_append_param env "OMR_TRACKER_TRIES=$tries"
+	procd_append_param env "OMR_TRACKER_INTERVAL=$interval"
+	procd_append_param env "OMR_TRACKER_INTERVAL_TRIES=$interval_tries"
+	procd_set_param limits nofile="51200 51200"
+	procd_set_param respawn 0 10 0
+	procd_set_param stderr 1
+	procd_close_instance
+}
+
 _initialize_shadowsocks_tracker() {
 	local redir_tcp server tracker_server
 	config_get redir_tcp ss_rules redir_tcp
@@ -146,6 +166,11 @@ _launch_shadowsocks_tracker() {
 	procd_close_instance
 }
 
+_multi_server() {
+	config_get backup $1 backup
+	[ "$backup" = "1" ] && multiserver=true
+}
+
 start_service() {
 	local ss_disabled
 	logger -t "omr-tracker" "Launching..."
@@ -161,6 +186,11 @@ start_service() {
 	else
 		/etc/init.d/shadowsocks-libev rules_down
 	fi
+	
+	multiserver=false
+	config_load openmptcprouter
+	config_foreach _multi_server server
+	[ "$multiserver" = true ] && _launch_server_tracker
 	logger -t "omr-tracker" "Launched"
 }
 

openmptcprouter-full/Makefile

@@ -36,7 +36,7 @@ MY_DEPENDS := \
     libiwinfo-lua \
     ca-bundle ca-certificates libustream-openssl \
     luci-mod-admin-full luci-app-firewall luci-app-glorytun luci-app-shadowsocks-libev luci-app-unbound luci-theme-openmptcprouter luci-theme-argon luci-base \
-    luci-app-nginx-ha luci-app-omr-tracker luci-app-omr-dscp \
+    luci-app-omr-tracker luci-app-omr-dscp \
     luci-app-sqm sqm-scripts-extra \
     luci-app-vnstat2 omr-quota luci-app-omr-quota \
     luci-app-mptcp luci-app-openmptcprouter luci-app-omr-bypass luci-app-mail luci-app-upnp \
@@ -79,10 +79,11 @@ MY_DEPENDS := \
     !TARGET_mvebu:kmod-usb-net-huawei-cdc-ncm !TARGET_mvebu:kmod-usb-net-rndis !TARGET_mvebu:kmod-usb-net-cdc-ether !TARGET_mvebu:kmod-usb-net-ipheth !TARGET_mvebu:usbmuxd \
     kmod-rt2800-usb kmod-rtl8xxxu kmod-rtl8192cu kmod-net-rtl8192su \
     !TARGET_mvebu:luci-proto-qmi wpad-basic kmod-mt7601u kmod-rtl8187 \
-    wireguard luci-app-mlvpn mlvpn 464xlat !TARGET_mvebu:kmod-usb-net-smsc75xx kmod-zram kmod-swconfig swconfig kmod-ipt-nat kmod-ipt-nat6 luci-app-advanced-reboot luci-app-https-dns-proxy kmod-tcp-nanqinlang iptables-mod-ipopt igmpproxy ss mptcpd iptraf-ng \
+    wireguard luci-app-mlvpn mlvpn 464xlat !TARGET_mvebu:kmod-usb-net-smsc75xx kmod-zram kmod-swconfig swconfig kmod-ipt-nat kmod-ipt-nat6 luci-app-https-dns-proxy kmod-tcp-nanqinlang iptables-mod-ipopt igmpproxy ss mptcpd iptraf-ng \
-    luci-app-acl block-mount blockd fstools luci-app-shutdown
+    luci-app-acl block-mount blockd fstools luci-app-shutdown libwebp
-# luci-theme-openwrt-2020  luci-proto-bonding luci-app-statistics
+#     luci-theme-bootstrap luci-theme-openwrt-2020 luci-theme-openwrt luci-app-status
-#    softethervpn5-client softethervpn5-server
+#  luci-proto-bonding luci-app-statistics luci-proto-gre
+#    softethervpn5-client softethervpn5-server luci-app-nginx-ha
 
 #    luci-app-mlvpn ubond \
 #     kmod-ath9k kmod-ath9k-htc

openmptcprouter/files/etc/init.d/mptcpovervpn

@@ -59,6 +59,7 @@ mptcp_over_vpn() {
 				set openmptcprouter.ovpn${interface}="interface"
 				set openmptcprouter.ovpn${interface}.multipath="${multipath}"
 				set openmptcprouter.ovpn${interface}.vpn="1"
+				set openmptcprouter.ovpn${interface}.baseintf="${interface}"
 				commit openmptcprouter
 			EOF
 		fi
@@ -68,13 +69,14 @@ mptcp_over_vpn() {
 		[ -z "$multipath" ] && multipath="on"
 		uci -q batch <<-EOF >/dev/null
 			delete network.ovpn${interface}
-			commit network
 			delete openvpn.${interface}
 			commit openvpn
 			set openmptcprouter.${interface}.multipath="${multipath}"
+			set network.${interface}.multipath="${multipath}"
 			set openmptcprouter.${interface}.multipathvpn="0"
 			delete openmptcprouter.ovpn${interface}
 			commit openmptcprouter
+			commit network
 		EOF
 	fi
 }

openmptcprouter/files/etc/init.d/openmptcprouter-vps

@@ -275,26 +275,30 @@ _get_vps_config() {
 		fi
 	fi
 	vpsip="$(uci -q get openmptcprouter.${servername}.ip)"
-	if [ "$(uci -q get shadowsocks-libev.sss0.server)" != "127.0.0.1" ] && [ "$(uci -q get shadowsocks-libev.sss0.server)" != "$vpsip" ]; then
+	if [ "$(uci -q get shadowsocks-libev.sss0.server)" != "127.0.0.1" ] && [ "$(uci -q get shadowsocks-libev.sss0.server)" != "$vpsip" ] && [ "$(uci -q get openmptcprouter.settings.ha)" != "1" ]; then
 		uci -q batch <<-EOF >/dev/null
 			set shadowsocks-libev.sss0.server="$vpsip"
 			commit shadowsocks-libev
 		EOF
-		logger -t "OMR-VPS" "Restart shadowsocks..."
+		if [ "$(uci -q get shadowsocks-libev.sss0.disabled)" = "0" ]; then
-		/etc/init.d/shadowsocks-libev restart
+			logger -t "OMR-VPS" "Restart shadowsocks..."
+			/etc/init.d/shadowsocks-libev restart
+		fi
 	fi
-	if [ "$(uci -q get openvpn.omr.remote)" != "127.0.0.1" ] && [ "$(uci -q get openvpn.omr.remote)" != "$vpsip" ]; then
+	if [ "$(uci -q get openvpn.omr.remote)" != "127.0.0.1" ] && [ "$(uci -q get openvpn.omr.remote)" != "$vpsip" ] && [ "$(uci -q get openmptcprouter.settings.ha)" != "1" ]; then
 		uci -q batch <<-EOF >/dev/null
 			set openvpn.omr.remote="$vpsip"
 			commit openvpn
 		EOF
-		logger -t "OMR-VPS" "Restart OpenVPN..."
+		if [ "$(uci -q get openvpn.omr.enabled)" = "1" ]; then
-		/etc/init.d/openvpn restart
+			logger -t "OMR-VPS" "Restart OpenVPN..."
+			/etc/init.d/openvpn restart
+		fi
 	fi
 	port="$(echo "$vps_config" | jsonfilter -q -e '@.dsvpn.port')"
 	localip="$(echo "$vps_config" | jsonfilter -q -e '@.dsvpn.client_ip')"
 	remoteip="$(echo "$vps_config" | jsonfilter -q -e '@.dsvpn.host_ip')"
-	if ([ "$(uci -q get dsvpn.vpn.host)" != "127.0.0.1" ] && [ "$(uci -q get dsvpn.vpn.host)" != "$vpsip" ]) || [ "$(uci -q get dsvpn.vpn.port)" != "$port" ] || [ "$(uci -q get dsvpn.vpn.localip)" != "$localip" ] || [ "$(uci -q get dsvpn.vpn.remoteip)" != "$remoteip" ]; then
+	if ([ "$(uci -q get dsvpn.vpn.host)" != "127.0.0.1" ] && [ "$(uci -q get dsvpn.vpn.host)" != "$vpsip" ] && [ "$(uci -q get openmptcprouter.settings.ha)" != "1" ]) || [ "$(uci -q get dsvpn.vpn.port)" != "$port" ] || [ "$(uci -q get dsvpn.vpn.localip)" != "$localip" ] || [ "$(uci -q get dsvpn.vpn.remoteip)" != "$remoteip" ]; then
 		uci -q batch <<-EOF >/dev/null
 			set dsvpn.vpn.port=$port
 			set dsvpn.vpn.localip=$localip
@@ -302,20 +306,24 @@ _get_vps_config() {
 			set dsvpn.vpn.host="$vpsip"
 			commit dsvpn
 		EOF
-		logger -t "OMR-VPS" "Restart DSVPN..."
+		if [ "$(uci -q get dsvpn.vpn.enable)" = "1" ]; then
-		/etc/init.d/dsvpn restart
+			logger -t "OMR-VPS" "Restart DSVPN..."
+			/etc/init.d/dsvpn restart
+		fi
 	fi
 
-	if [ "$(uci -q get mlvpn.general.host)" != "127.0.0.1" ] && [ "$(uci -q get mlvpn.general.host)" != "$vpsip" ] && [ -f /etc/init.d/mlvpn ]; then
+	if [ "$(uci -q get mlvpn.general.host)" != "127.0.0.1" ] && [ "$(uci -q get mlvpn.general.host)" != "$vpsip" ] && [ "$(uci -q get openmptcprouter.settings.ha)" != "1" ] && [ -f /etc/init.d/mlvpn ]; then
 		uci -q batch <<-EOF >/dev/null
 			set mlvpn.general=mlvpn
 			set mlvpn.general.host="$vpsip"
 			commit mlvpn
 		EOF
-		logger -t "OMR-VPS" "Restart MLVPN..."
+		if [ "$(uci -q get mlvpn.general.enable)" = "1" ]; then
-		/etc/init.d/mlvpn restart
+			logger -t "OMR-VPS" "Restart MLVPN..."
+			/etc/init.d/mlvpn restart
+		fi
 	fi
-	if [ "$(uci -q get glorytun.vpn.host)" != "127.0.0.1" ] && [ "$(uci -q get glorytun.vpn.host)" != "$vpsip" ]; then
+	if [ "$(uci -q get glorytun.vpn.host)" != "127.0.0.1" ] && [ "$(uci -q get glorytun.vpn.host)" != "$vpsip" ] && [ "$(uci -q get openmptcprouter.settings.ha)" != "1" ]; then
 		uci -q batch <<-EOF >/dev/null
 			set glorytun.vpn.host="$vpsip"
 		EOF
@@ -323,12 +331,14 @@ _get_vps_config() {
 	fi
 
 	if [ "$glorytun_change" != "0" ]; then
-		logger -t "OMR-VPS" "Restart glorytun..."
 		uci -q batch <<-EOF >/dev/null
 			commit glorytun
 		EOF
-		/etc/init.d/glorytun restart >/dev/null 2>&1
+		if [ "$(uci -q get glorytun.vpn.enable)" = "1" ]; then
-		/etc/init.d/glorytun-udp restart >/dev/null 2>&1
+			logger -t "OMR-VPS" "Restart glorytun..."
+			/etc/init.d/glorytun restart >/dev/null 2>&1
+			/etc/init.d/glorytun-udp restart >/dev/null 2>&1
+		fi
 	fi
 }
 
@@ -521,8 +531,10 @@ _set_vpn_ip() {
 	vpnip_remote=$(ip -4 r list dev ${vpnifname} | grep via | grep -v default | grep -v / | grep -v metric | awk '{print $1}' | tr -d "\n")
 	[ -z "$vpnip_remote" ] && vpnip_remote=$(ip -4 r list dev ${vpnifname} | grep kernel | awk '{print $1}' | tr -d "\n")
 	[ -z "$vpnip_remote" ] && vpnip_remote=$(ip -4 r list dev ${vpnifname} | grep "proto static src" | awk '{print $3}' | tr -d "\n")
-	if [ "$vpnip_remote" != "" ] && [ "$vpnip_local" != "" ] && ([ "$vpnip_remote" != "$vpnip_remote_current" ] || [ "$vpnip_local" != "$vpnip_local_current" ]); then
+	ula="$(uci -q get network.globals.ula_prefix)"
-		settings='{"remoteip" : "'$vpnip_local'","localip" : "'$vpnip_remote'"}'
+	ula_current="$(echo "$vps_config" | jsonfilter -q -e '@.ip6in4.ula')"
+	if [ "$vpnip_remote" != "" ] && [ "$vpnip_local" != "" ] && ([ "$vpnip_remote" != "$vpnip_remote_current" ] || [ "$vpnip_local" != "$vpnip_local_current" ] || [ "$ula" != "$ula_current" ]); then
+		settings='{"remoteip" : "'$vpnip_local'","localip" : "'$vpnip_remote'","ula" : ["'$ula'"]}'
 		result=$(_set_json "vpnips" "$settings")
 	fi
 }
@@ -564,8 +576,23 @@ _vps_firewall_redirect_port() {
 	config_get src_dport $1 src_dport
 	config_get family $1 family "ipv4"
 	config_get enabled $1 enabled "1"
+	[ "$(echo $src_dport | cut -d'-' -f2)" -ge "65000" ] && {
+		logger -t "OMR-VPS" "You can't redirect ports >= 65000, they are needed by OpenMPTCProuter Server part"
+		uci -q delete firewall.$1
+		return
+	}
 	[ "$src" = "vpn" ] && [ -n "$proto" ] && [ -n "$src_dport" ] && [ "$enabled" != "0" ] && {
 		if [ "$proto" = "tcp udp" ]; then
+			checkfw=""
+			if [ "$family" = "ipv4" ]; then
+				checkfw=$(echo "$vpsfwlist" | grep "$src_dport	# OMR $username redirect router $src_dport port tcp")
+			else
+				checkfw=$(echo "$vpsfw6list" | grep "$src_dport	# OMR $username redirect router $src_dport port tcp")
+			fi
+			if [ "$checkfw" = "" ]; then
+				settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "tcp","fwtype" : "DNAT","ipproto" : "'$family'"}'
+				_set_json "shorewallopen" "$settings"
+			fi
 			if [ "$family" = "ipv4" ]; then
 				vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport	# OMR $username redirect router $src_dport port tcp")
 				[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport	# OMR redirect router $src_dport port tcp")
@@ -573,8 +600,17 @@ _vps_firewall_redirect_port() {
 				vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport	# OMR $username redirect router $src_dport port tcp")
 				[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport	# OMR redirect router $src_dport port tcp")
 			fi
-			settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "tcp","fwtype" : "DNAT","ipproto" : "'$family'"}'
+
-			_set_json "shorewallopen" "$settings"
+			checkfw=""
+			if [ "$family" = "ipv4" ]; then
+				checkfw=$(echo "$vpsfwlist" | grep "$src_dport	# OMR $username redirect router $src_dport port udp")
+			else
+				checkfw=$(echo "$vpsfw6list" | grep "$src_dport	# OMR $username redirect router $src_dport port udp")
+			fi
+			if [ "$checkfw" = "" ]; then
+				settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "udp","fwtype" : "DNAT","ipproto" : "'$family'"}'
+				_set_json "shorewallopen" "$settings"
+			fi
 			if [ "$family" = "ipv4" ]; then
 				vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport	# OMR $username redirect router $src_dport port udp")
 				[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport	# OMR redirect router $src_dport port udp")
@@ -582,9 +618,17 @@ _vps_firewall_redirect_port() {
 				vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport	# OMR $username redirect router $src_dport port udp")
 				[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport	# OMR redirect router $src_dport port udp")
 			fi
-			settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "udp","fwtype" : "DNAT","ipproto" : "'$family'"}'
-			_set_json "shorewallopen" "$settings"
 		else
+			checkfw=""
+			if [ "$family" = "ipv4" ]; then
+				checkfw=$(echo "$vpsfwlist" | grep "$src_dport	# OMR $username redirect router $src_dport port $proto")
+			else
+				checkfw=$(echo "$vpsfw6list" | grep "$src_dport	# OMR $username redirect router $src_dport port $proto")
+			fi
+			if [ "$checkfw" = "" ]; then
+				settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT","ipproto" : "'$family'"}'
+				_set_json "shorewallopen" "$settings"
+			fi
 			if [ "$family" = "ipv4" ]; then
 				vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport	# OMR $username redirect router $src_dport port $proto")
 				[ "$username" = "openmptcprouter" ] && vpsfwlist=$(echo "$vpsfwlist" | grep -v "$src_dport	# OMR redirect router $src_dport port $proto")
@@ -592,8 +636,6 @@ _vps_firewall_redirect_port() {
 				vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport	# OMR $username redirect router $src_dport port $proto")
 				[ "$username" = "openmptcprouter" ] && vpsfw6list=$(echo "$vpsfw6list" | grep -v "$src_dport	# OMR redirect router $src_dport port $proto")
 			fi
-			settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT","ipproto" : "'$family'"}'
-			_set_json "shorewallopen" "$settings"
 		fi
 	}
 }
@@ -676,7 +718,7 @@ _set_config_from_vps() {
 	[ -z "$vps_config" ] && return
 
 	logger -t "OMR-VPS" "Get config from VPS..."
-
+	noerror=1
 	# get VPS ip
 	vpsip="$(uci -q get openmptcprouter.${servername}.ip)"
 	vps_lastchange="$(echo "$vps_config" | jsonfilter -q -e '@.vps.lastchange')"
@@ -692,6 +734,13 @@ _set_config_from_vps() {
 		/etc/init.d/omr-tracker restart
 	fi
 
+	ula="$(echo "$vps_config" | jsonfilter -q -e '@.ip6in4.ula')"
+	if [ -n "$ula" ] && [[ "$ula" != *" "* ]]; then
+		uci -q batch <<-EOF >/dev/null
+		set network.globals.ula_prefix=$ula
+		EOF
+	fi
+
 	# Set current VPN
 	current_vpn="$(uci -q get openmptcprouter.settings.vpn)"
 	if [ -z "$current_vpn" ] || [ -n "$vps_lastchange" ] || [ "$user_permission" = "ro" ]; then
@@ -937,14 +986,17 @@ _set_config_from_vps() {
 		EOF
 	fi
 
-	omr6in4_vps_localip="$(echo "$vps_config" | jsonfilter -q -e '@.6in4.localip')"
+	omr6in4_vps_localip="$(echo "$vps_config" | jsonfilter -q -e '@.ip6in4.localip')"
-	omr6in4_vps_remoteip="$(echo "$vps_config" | jsonfilter -q -e '@.6in4.remoteip')"
+	omr6in4_vps_remoteip="$(echo "$vps_config" | jsonfilter -q -e '@.ip6in4.remoteip')"
 	if ([ -n "$omr6in4_vps_localip" ] && [ "$omr6in4_vps_localip" != "$(uci -q get network.omr6in4.gateway)" ]) || ([ -n "$omr6in4_vps_remoteip" ] && [ "$omr6in4_vps_remoteip" != "$(uci -q get network.omr6in4.ip6addr)" ]); then
+		logger -t "OMR-VPS" "Set omr6in4 ip address and gateway"
 		uci -q batch <<-EOF >/dev/null
-			set network.omr6in4.ip6addr=$omr6in4_vps_remoteip
+			set network.omr6in4.ip6addr="$omr6in4_vps_remoteip"
-			set network.omr6in4.gateway=$omr6in4_vps_localip
+			set network.omr6in4.gateway="$omr6in4_vps_localip"
 			commit network
 		EOF
+		/etc/init.d/network restart
+		sleep 6
 	fi
 
 	# Get VPS iperf config
@@ -990,10 +1042,12 @@ _set_config_from_vps() {
 			done
 		fi
 	fi
-	uci -q batch <<-EOF >/dev/null
+	if [ "$noerror" = "1" ]; then
-		set openmptcprouter.${servername}.get_config=0
+		uci -q batch <<-EOF >/dev/null
-		commit openmptcprouter
+			set openmptcprouter.${servername}.get_config=0
-	EOF
+			commit openmptcprouter
+		EOF
+	fi
 }
 
 _backup_send() {

openmptcprouter/files/etc/uci-defaults/1920-omr-network

@@ -42,6 +42,15 @@ _setup_macvlan_update() {
 	EOF
 }
 
+_setup_mptcp_handover_to_on() {
+	if [ "$(uci -q get network.$1.multipath)" = "handover" ]; then
+		uci -q set network.$1.multipath=on
+	fi
+	if [ "$(uci -q get openmptcprouter.$1.multipath)" = "handover" ]; then
+		uci -q set openmptcprouter.$1.multipath=on
+	fi
+}
+
 _setup_multipath_off() {
     uci -q get "network.$1.multipath" >/dev/null && return
     uci -q set "network.$1.multipath=off"
@@ -64,6 +73,7 @@ _setup_wan_interface() {
 
 config_load network
 config_foreach _setup_macvlan_update interface
+config_foreach _setup_mptcp_handover_to_on interface
 
 if [ "$(uci -q show network.lan | grep multipath)" != "" ]; then
 	exit 0

openmptcprouter/files/etc/uci-defaults/2030-omr-wifi

@@ -1,12 +0,0 @@
-#!/bin/sh
-
-if [ "$(uci -q get openmptcprouter.latest_versions)" = "" ]; then
-	uci -q show wireless.default_radio0 && {
-		uci -q batch <<-EOF >/dev/null
-			delete wireless.default_radio0
-			commit wireless
-		EOF
-	}
-fi
-
-exit 0

openmptcprouter/files/etc/uci-defaults/2040-omr-sqm

@@ -16,6 +16,8 @@ if [ "$(uci -q get openmptcprouter.latest_versions)" = "" ]; then
 			set sqm.wan1.upload='0'
 			set sqm.wan1.debug_logging='0'
 			set sqm.wan1.verbosity='5'
+			set sqm.wan1.iqdisc_opts='autorate-ingress nat dual-dsthost'
+			set sqm.wan1.eqdisc_opts='nat dual-srchost'
 			set sqm.wan2=queue
 			set sqm.wan2.qdisc="fq_codel"
 			set sqm.wan2.script="simple.qos"
@@ -27,6 +29,8 @@ if [ "$(uci -q get openmptcprouter.latest_versions)" = "" ]; then
 			set sqm.wan2.upload='0'
 			set sqm.wan2.debug_logging='0'
 			set sqm.wan2.verbosity='5'
+			set sqm.wan2.iqdisc_opts='autorate-ingress nat dual-dsthost'
+			set sqm.wan2.eqdisc_opts='nat dual-srchost'
 			commit sqm
 		EOF
 		if [ "$(uci -q get network.wan3)" != "" ]; then
@@ -43,6 +47,8 @@ if [ "$(uci -q get openmptcprouter.latest_versions)" = "" ]; then
 				set sqm.wan3.upload='0'
 				set sqm.wan3.debug_logging='0'
 				set sqm.wan3.verbosity='5'
+				set sqm.wan3.iqdisc_opts='autorate-ingress nat dual-dsthost'
+				set sqm.wan3.eqdisc_opts='nat dual-srchost'
 				commit sqm
 			EOF
 		fi
@@ -60,6 +66,8 @@ if [ "$(uci -q get openmptcprouter.latest_versions)" = "" ]; then
 				set sqm.wan4.upload='0'
 				set sqm.wan4.debug_logging='0'
 				set sqm.wan4.verbosity='5'
+				set sqm.wan4.iqdisc_opts='autorate-ingress nat dual-dsthost'
+				set sqm.wan4.eqdisc_opts='nat dual-srchost'
 				commit sqm
 			EOF
 		fi
@@ -79,6 +87,8 @@ if [ "$(uci -q get sqm.omrvpn)" = "" ]; then
 		set sqm.omrvpn.upload='0'
 		set sqm.omrvpn.debug_logging='0'
 		set sqm.omrvpn.verbosity='5'
+		set sqm.omrvpn.iqdisc_opts='autorate-ingress nat dual-dsthost'
+		set sqm.omrvpn.eqdisc_opts='nat dual-srchost'
 		commit sqm
 	EOF
 fi

openmptcprouter/files/etc/uci-defaults/2060-omr-system

@@ -4,7 +4,7 @@ uci -q batch <<-EOF >/dev/null
 	set system.ntp.use_dhcp='0'
 	set system.ntp.enable_server='1'
 	commit system
-	set rpcd.@rpcd[0].timeout=90
+	set rpcd.@rpcd[0].timeout=120
 	commit rpcd
 EOF
 exit 0

rpi-eeprom/Makefile

@@ -1,49 +0,0 @@
-# 
-# Copyright (C) 2012 OpenWrt.org
-# Copyright (C) 2018-2019 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=rpi-eeprom
-PKG_VERSION:=20200319
-PKG_RELEASE:=1
-
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://github.com/raspberrypi/rpi-eeprom.git
-PKG_SOURCE_VERSION:=a9ca308223c1d0426b9ab320696b95954078c3b4
-
-CMAKE_INSTALL:=1
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/rpi-eeprom
-  SECTION:=rpi
-  CATEGORY:=Raspberry Pi
-  URL:=https://github.com/raspberrypi/rpi-eeprom
-  TITLE:=rpi-eeprom
-  DEPENDS:=+fwtool +pciutils +blkid
-endef
-
-define Package/rpi-eeprom/description
- Update Raspberry PI 4 bootloader EEPROM
-endef
-
-define Build/Compile
-endef
-
-define Package/rpi-eeprom/install
-	$(INSTALL_DIR) $(1)/lib/firmware/raspberrypi/bootloader \
-		$(1)/usr/bin \
-		$(1)/etc/default
-	$(CP) $(PKG_BUILD_DIR)/rpi-eeprom-update $(1)/usr/bin
-	$(CP) $(PKG_BUILD_DIR)/rpi-eeprom-config $(1)/usr/bin
-	$(CP) $(PKG_BUILD_DIR)/rpi-eeprom-update-default $(1)/etc/default/rpi-eeprom-update
-	$(CP) $(PKG_BUILD_DIR)/firmware/vl805 $(1)/usr/bin
-	$(CP) -r $(PKG_BUILD_DIR)/firmware/critical $(1)/lib/firmware/raspberrypi/bootloader/critical
-	$(CP) -r $(PKG_BUILD_DIR)/firmware/beta $(1)/lib/firmware/raspberrypi/bootloader/beta
-endef
-
-$(eval $(call BuildPackage,rpi-eeprom))

shadowsocks-libev/files/shadowsocks.conf

@@ -2,14 +2,14 @@
 # max open files
 fs.file-max = 512000
 # max read buffer
-net.core.rmem_max = 15000000
+net.core.rmem_max = 67108864
 # max write buffer
-net.core.wmem_max = 7500000
+net.core.wmem_max = 67108864
-net.core.optmem_max = 7500000
+net.core.optmem_max = 33554432
 # default read buffer
-net.core.rmem_default = 131072
+#net.core.rmem_default = 131072
 # default write buffer
-net.core.wmem_default = 131072
+#net.core.wmem_default = 131072
 # max processor input queue
 net.core.netdev_max_backlog = 4096
 # max backlog
@@ -34,13 +34,13 @@ net.ipv4.tcp_max_tw_buckets = 10000
 # turn on TCP Fast Open on both client and server side
 #net.ipv4.tcp_fastopen = 3
 # TCP receive buffer
-net.ipv4.tcp_rmem = 4096 524288 7500000
+net.ipv4.tcp_rmem = 4096 87380 33554432
 # TCP write buffer
-net.ipv4.tcp_wmem = 4096 524288 7500000
+net.ipv4.tcp_wmem = 4096 65536 33554432
 # TCP buffer
-net.ipv4.tcp_mem = 768174 7500000 15000000
+net.ipv4.tcp_mem = 8092 131072 67108864
 # UDP buffer
-net.ipv4.udp_mem = 768174 75000000 150000000
+net.ipv4.udp_mem = 8092 131072 67108864
 # turn off path MTU discovery
 net.ipv4.tcp_mtu_probing = 0
 
@@ -48,7 +48,8 @@ net.ipv4.tcp_mtu_probing = 0
 # net.ipv4.tcp_congestion_control = balia
 
 # Default conntrack is too small
-net.netfilter.nf_conntrack_max=131072
+net.netfilter.nf_conntrack_max = 131072
 
-net.ipv4.tcp_ecn=1
+net.ipv4.tcp_ecn = 1
-net.ipv4.tcp_retries2=10
+net.ipv4.tcp_retries2 = 10
+#net.ipv4.tcp_sack = 0

tracebox/Makefile

@@ -1,3 +1,11 @@
+#
+# Copyright (C) 2018-2020 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter project
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=tracebox
@@ -7,7 +15,7 @@ PKG_RELEASE:=2
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 PKG_SOURCE_URL:=https://github.com/tracebox/tracebox.git
-PKG_MAINTAINER:=Gregory Detal <gregory.detal@uclouvain.be>
+PKG_MAINTAINER:=Ycarus <ycarus@zugaina.org>
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_VERSION:=v0.4.4