From a3c247ed6fb833efb1f668d0a988a2734f840255 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 17 Jun 2022 20:12:31 +0200 Subject: [PATCH 1/3] Fix remove rule with source IP on VPS FW --- openmptcprouter/files/etc/init.d/openmptcprouter-vps | 2 ++ 1 file changed, 2 insertions(+) diff --git a/openmptcprouter/files/etc/init.d/openmptcprouter-vps b/openmptcprouter/files/etc/init.d/openmptcprouter-vps index 60a2764cd..dcde475fc 100755 --- a/openmptcprouter/files/etc/init.d/openmptcprouter-vps +++ b/openmptcprouter/files/etc/init.d/openmptcprouter-vps @@ -1072,6 +1072,7 @@ _vps_firewall_close_port() { src_dport=$(echo $line | awk '{print $5}' | tr -d "\n") source_port=$(echo $line | awk '{print $6}' | tr -d "\n") source_dip=$(echo $line | awk '{print $7}' | tr -d "\n") + [ "$source_dip" = "#" ] && source_sip="" source_ip=$(echo $line | awk '{print $2}' | awk -F ":" '{print $2}' | tr -d "\n") if [ "$source_port" = "-" ]; then settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT","source_dip": "'$source_dip'","source_ip": "'$source_ip'"}' @@ -1096,6 +1097,7 @@ _vps_firewall_close_port() { src_dport=$(echo $line | awk '{print $5}' | tr -d "\n") source_port=$(echo $line | awk '{print $6}' | tr -d "\n") source_dip=$(echo $line | awk '{print $7}' | tr -d "\n") + [ "$source_dip" = "#" ] && source_sip="" source_ip=$(echo $line | awk '{print $2}' | awk -F ":" '{print $2}' | tr -d "\n") if [ "$source_port" = "-" ]; then settings='{"name" : "router '$src_dport'","port" : "'$src_dport'","proto" : "'$proto'","fwtype" : "DNAT","ipproto" : "ipv6","source_dip": "'$source_dip'","source_ip": "'$source_ip'"}' From 0d7c0427a14a10e1c0f5a091c038788f6554c166 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 17 Jun 2022 20:13:05 +0200 Subject: [PATCH 2/3] Use omr-tracker for sqm-autorate --- luci-app-sqm-autorate/root/usr/share/sqm-autorate/config.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/luci-app-sqm-autorate/root/usr/share/sqm-autorate/config.sh b/luci-app-sqm-autorate/root/usr/share/sqm-autorate/config.sh index 9e8fdb0ed..7d0948f2a 100644 --- a/luci-app-sqm-autorate/root/usr/share/sqm-autorate/config.sh +++ b/luci-app-sqm-autorate/root/usr/share/sqm-autorate/config.sh @@ -39,7 +39,8 @@ reflector_ping_interval_s=$(uci -q get sqm.${INTERFACE}.reflector_ping_interval_ # so e.g. if 6 reflectors are specified and the number of pingers is set to 4, the first 4 reflectors will be used initially # and the remaining 2 reflectors in the list will be used in the event any of the first 4 go bad # a bad reflector will go to the back of the queue on reflector rotation -reflectors=("1.1.1.1" "1.0.0.1" "8.8.8.8" "8.8.4.4" "9.9.9.9" "9.9.9.10") +#reflectors=("1.1.1.1" "1.0.0.1" "8.8.8.8" "8.8.4.4" "9.9.9.9" "9.9.9.10") +reflectors=($(uci get omr-tracker.defaults.hosts)) no_pingers=$(uci -q get sqm.${INTERFACE}.no_pingers || echo "4") # delay threshold in ms is the extent of RTT increase to classify as a delay From f110c5309e8abd6b4019db3e45b7df1326fc112e Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Fri, 17 Jun 2022 20:13:55 +0200 Subject: [PATCH 3/3] Fixes for shadowsocks dead loop and multiple fw run --- mptcp/files/usr/share/omr/post-tracking.d/post-tracking | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mptcp/files/usr/share/omr/post-tracking.d/post-tracking b/mptcp/files/usr/share/omr/post-tracking.d/post-tracking index 1cfecffc7..57b1412c5 100755 --- a/mptcp/files/usr/share/omr/post-tracking.d/post-tracking +++ b/mptcp/files/usr/share/omr/post-tracking.d/post-tracking @@ -1463,7 +1463,7 @@ if [ -n "$OMR_TRACKER_INTERFACE" ] && ([ "$(uci -q get openmptcprouter.$OMR_TRAC uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.lc=$(date +"%s") } if [ "$(uci -q get shadowsocks-libev.sss0.server)" != "" ] && [ "$(uci -q get openmptcprouter.settings.external_check)" = "0" ]; then - if ping -c 1 $(uci -q get shadowsocks-libev.sss0.server) 2>&1 >/dev/null; then + if ping -B -I $OMR_TRACKER_DEVICE -c 1 $(uci -q get shadowsocks-libev.sss0.server) 2>&1 >/dev/null; then uci -q set openmptcprouter.$OMR_TRACKER_INTERFACE.lc=$(date +"%s") fi fi @@ -1538,7 +1538,7 @@ fi } # If a service is down, force restart it -if [ -f /etc/init.d/shadowsocks-libev ] && [ "$(pgrep ss-redir)" = "" ] && [ "$(pgrep ss-local)" = "" ] && [ "$(uci -q get shadowsocks-libev.sss0.disabled)" != "1" ] && [ "$(uci -q get shadowsocks-libev.sss0.server)" != "" ] && [ "$(uci -q get shadowsocks-libev.sss0.server)" != "192.18.1.3" ] && [ "$(uci -q get shadowsocks-libev.sss0.key)" != "" ]; then +if [ -f /etc/init.d/shadowsocks-libev ] && [ "$(pgrep -f omr-tracker-ss)" = "" ] && [ "$(pgrep ss-redir)" = "" ] && [ "$(pgrep ss-local)" = "" ] && [ "$(uci -q get shadowsocks-libev.sss0.disabled)" != "1" ] && [ "$(uci -q get shadowsocks-libev.sss0.server)" != "" ] && [ "$(uci -q get shadowsocks-libev.sss0.server)" != "192.18.1.3" ] && [ "$(uci -q get shadowsocks-libev.sss0.key)" != "" ]; then _log "Can't find Shadowsocks, restart it..." /etc/init.d/shadowsocks-libev restart 2>&1 >/dev/null sleep 5 @@ -1668,7 +1668,7 @@ if [ "$(pgrep openmptcprouter-vps)" = "" ] && ([ "$(uci -q show openmptcprouter fi #if [ "$(uci -q show openmptcprouter | grep server)" != "" ] && [ "$(uci -q show openmptcprouter | grep password)" != "" ] && [ "$(pgrep openmptcprouter-vps)" = "" ] && [ "$(uci -q show openmptcprouter | grep admin_error=\'1\')" = "" ] && ([ "$(uci -q show openmptcprouter | grep set_firewall=\'1\')" != "" ] || [ -z "$(iptables-save | grep omr_dst_bypass_${OMR_TRACKER_DEVICE})" ]); then -if [ "$(uci -q show openmptcprouter | grep server)" != "" ] && [ "$(uci -q show openmptcprouter | grep password)" != "" ] && [ "$(pgrep openmptcprouter-vps)" = "" ] && [ "$(uci -q show openmptcprouter | grep admin_error=\'1\')" = "" ] && [ "$(uci -q show openmptcprouter | grep set_firewall=\'1\')" != "" ]; then +if [ "$(pgrep -f set_vps_firewall)" = "" ] && [ "$(uci -q show openmptcprouter | grep server)" != "" ] && [ "$(uci -q show openmptcprouter | grep password)" != "" ] && [ "$(pgrep openmptcprouter-vps)" = "" ] && [ "$(uci -q show openmptcprouter | grep admin_error=\'1\')" = "" ] && [ "$(uci -q show openmptcprouter | grep set_firewall=\'1\')" != "" ]; then _log "Set firewall on server" /etc/init.d/openmptcprouter-vps set_vps_firewall >/dev/null 2>&1