Add MPTCP support to shadowsocks

luci-app-shadowsocks-libev/Makefile

@@ -0,0 +1,17 @@
+#
+# Copyright (C) 2017 Yousong Zhou <yszhou4tech@gmail.com>
+# Copyright (C) 2018 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
+#
+# This is free software, licensed under the Apache License, Version 2.0 .
+#
+
+include $(TOPDIR)/rules.mk
+
+LUCI_TITLE:=LuCI Support for shadowsocks-libev
+LUCI_DEPENDS:=
+
+PKG_LICENSE:=Apache-2.0
+
+include ../luci/luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature

luci-app-shadowsocks-libev/luasrc/controller/shadowsocks-libev.lua

@@ -0,0 +1,33 @@
+-- Copyright 2017 Yousong Zhou <yszhou4tech@gmail.com>
+-- Licensed to the public under the Apache License 2.0.
+--
+module("luci.controller.shadowsocks-libev", package.seeall)
+
+function index()
+	entry({"admin", "services", "shadowsocks-libev"},
+		alias("admin", "services", "shadowsocks-libev", "instances"),
+		_("Shadowsocks-libev"), 59)
+
+	entry({"admin", "services", "shadowsocks-libev", "instances"},
+		arcombine(cbi("shadowsocks-libev/instances"), cbi("shadowsocks-libev/instance-details")),
+		_("Local Instances"), 10).leaf = true
+
+	entry({"admin", "services", "shadowsocks-libev", "servers"},
+		cbi("shadowsocks-libev/servers"),
+		_("Remote Servers"), 20).leaf = true
+
+	entry({"admin", "services", "shadowsocks-libev", "rules"},
+		cbi("shadowsocks-libev/rules"),
+		_("Redir Rules"), 30).leaf = true
+
+	entry({"admin", "services", "shadowsocks-libev", "status"}, call("ss_status"), nil).leaf = true
+
+end
+
+function ss_status()
+	local ut = require "luci.util"
+	local rv = ut.ubus("service", "list", {name = "shadowsocks-libev"})["shadowsocks-libev"] or {_=0}
+
+	luci.http.prepare_content("application/json")
+	luci.http.write_json(rv)
+end

luci-app-shadowsocks-libev/luasrc/model/cbi/shadowsocks-libev/instance-details.lua

@@ -0,0 +1,53 @@
+-- Copyright 2017 Yousong Zhou <yszhou4tech@gmail.com>
+-- Licensed to the public under the Apache License 2.0.
+
+local ds = require "luci.dispatcher"
+local ss = require "luci.model.shadowsocks-libev"
+
+local sname = arg[1]
+local redirect_url = ds.build_url("admin/services/shadowsocks-libev/instances")
+local s, o
+
+local m = Map("shadowsocks-libev")
+local sdata = m:get(sname)
+if not sdata then
+	luci.http.redirect(redirect_url)
+	return
+end
+local stype = sdata[".type"]
+m.redirect = redirect_url
+m.title = "shadowsocks-libev - %s - %s" % {stype, sname}
+
+
+s = m:section(NamedSection, sname, stype)
+s:tab("general", translate("General Settings"))
+s:tab("advanced", translate("Advanced Settings"))
+s:taboption("general", Flag, "disabled", translate("Disable"))
+ss.option_install_package(s, "general")
+ss.options_common(s, "advanced")
+
+if stype == "ss_server" then
+	ss.options_server(s, "general")
+	o = s:taboption("general", Value, "bind_address",
+		translate("Bind address"),
+		translate("The address ss-server will initiate connection from"))
+	o.datatype = "ipaddr"
+	o.placeholder = "0.0.0.0"
+	ss.values_ipaddr(o)
+	o = s:taboption("general", Value, "manager_address", translate("Manager address"))
+	o.datatype = "hostport"
+else
+	ss.options_client(s, "general")
+	if stype == "ss_tunnel" then
+		o = s:taboption("general", Value, "tunnel_address",
+			translate("Tunnel address"),
+			translate("The address ss-tunnel will forward traffic to"))
+		o.datatype = "hostport"
+	elseif stype == "ss_redir" then
+		o = s:taboption("advanced", Flag, "disable_sni",
+			translate("Disable SNI"),
+			translate("Disable parsing HTTP/HTTPS payload to find then resolve hostname at remote server"))
+	end
+end
+
+return m

luci-app-shadowsocks-libev/luasrc/model/cbi/shadowsocks-libev/instances.lua

@@ -0,0 +1,104 @@
+-- Copyright 2017 Yousong Zhou <yszhou4tech@gmail.com>
+-- Licensed to the public under the Apache License 2.0.
+
+local ds = require "luci.dispatcher"
+local ss = require "luci.model.shadowsocks-libev"
+local ut = require "luci.util"
+local m, s, o
+
+m = Map("shadowsocks-libev",
+	translate("Local Instances"),
+	translate("Instances of shadowsocks-libev components, e.g. ss-local, \
+			   ss-redir, ss-tunnel, ss-server, etc.  To enable an instance it \
+			   is required to enable both the instance itself and the remote \
+			   server it refers to."))
+
+local instances = {}
+local cfgtypes = { "ss_local", "ss_redir", "ss_server", "ss_tunnel" }
+
+for sname, sdata in pairs(m:get()) do
+	local key, value = ss.cfgvalue_overview(sdata)
+	if key ~= nil then
+		instances[key] = value
+	end
+end
+
+s = m:section(Table, instances)
+s.addremove = true
+s.template_addremove = "shadowsocks-libev/add_instance"
+s.extedit = function(self, section)
+	local value = instances[section]
+	if type(value) == "table" then
+		return ds.build_url(unpack(ds.context.requestpath),
+					"services/shadowsocks-libev/instances",
+					value[".name"])
+	end
+end
+s.parse = function(self, ...)
+	Table.parse(self, ...)
+
+	local crval = REMOVE_PREFIX .. self.config
+	local name = self.map:formvaluetable(crval)
+	for k,v in pairs(name) do
+		local value = instances[k]
+		local sname = value[".name"]
+		if type(value) == "table" then
+			m:del(sname)
+			instances[k] = nil
+			for _, oname in ipairs({"redir_tcp", "redir_udp"}) do
+				local ovalue = m:get("ss_rules", oname)
+				if ovalue == sname then
+					m:del("ss_rules", oname)
+				end
+			end
+		end
+	end
+
+	local stype = m:formvalue("_newinst.type")
+	local sname = m:formvalue("_newinst.name")
+	if ut.contains(cfgtypes, stype) then
+		local created
+		if sname and #sname > 0 then
+			created = m:set(sname, nil, stype)
+		else
+			created = m:add(stype)
+			sname = created
+		end
+		if created then
+			m.uci:save("shadowsocks-libev")
+			luci.http.redirect(ds.build_url(
+				"admin/services/shadowsocks-libev/instances", sname
+			))
+		end
+	end
+end
+
+o = s:option(DummyValue, "name", translate("Name"))
+o.rawhtml = true
+o = s:option(DummyValue, "overview", translate("Overview"))
+o.rawhtml = true
+
+s:option(DummyValue, "running", translate("Running"))
+
+o = s:option(Button, "disabled", translate("Enable/Disable"))
+o.render = function(self, section, scope)
+	if instances[section].disabled then
+		self.title = translate("Disabled")
+		self.inputstyle = "reset"
+	else
+		self.title = translate("Enabled")
+		self.inputstyle = "save"
+	end
+	Button.render(self, section, scope)
+end
+o.write = function(self, section)
+	local sdata = instances[section]
+	if type(sdata) == "table" then
+		local sname = sdata[".name"]
+		local disabled = not sdata["disabled"]
+		sdata["disabled"] = disabled
+		m:set(sname, "disabled", tostring(disabled))
+	end
+end
+
+return m

luci-app-shadowsocks-libev/luasrc/model/cbi/shadowsocks-libev/rules.lua

@@ -0,0 +1,110 @@
+-- Copyright 2017 Yousong Zhou <yszhou4tech@gmail.com>
+-- Licensed to the public under the Apache License 2.0.
+
+local ss = require("luci.model.shadowsocks-libev")
+
+local m, s, o
+
+m = Map("shadowsocks-libev",
+	translate("Redir Rules"),
+	translate("On this page you can configure how traffics are to be \
+		forwarded to ss-redir instances. \
+		If enabled, packets will first have their src ip addresses checked \
+		against <em>Src ip/net bypass</em>, <em>Src ip/net forward</em>, \
+		<em>Src ip/net checkdst</em> and if none matches <em>Src default</em> \
+		will give the default action to be taken. \
+		If the prior check results in action <em>checkdst</em>, packets will continue \
+		to have their dst addresses checked."))
+
+local sdata = m:get('ss_rules')
+if not sdata then
+	m:set('ss_rules', nil, 'ss_rules')
+	m:set('ss_rules', 'disabled', "1")
+end
+
+function src_dst_option(s, ...)
+	local o = s:taboption(...)
+	--o.datatype = "or(ip4addr,cidr4)"
+	o.datatype = "ip4addr"
+end
+
+s = m:section(NamedSection, "ss_rules", "ss_rules")
+s:tab("general", translate("General Settings"))
+s:tab("src", translate("Source Settings"))
+s:tab("dst", translate("Destination Settings"))
+
+s:taboption('general', Flag, "disabled", translate("Disable"))
+ss.option_install_package(s, 'general')
+
+o = s:taboption('general', ListValue, "redir_tcp",
+	translate("ss-redir for TCP"))
+ss.values_redir(o, 'tcp')
+o = s:taboption('general', ListValue, "redir_udp",
+	translate("ss-redir for UDP"))
+ss.values_redir(o, 'udp')
+
+o = s:taboption('general', ListValue, "local_default",
+	translate("Local-out default"),
+	translate("Default action for locally generated TCP packets"))
+ss.values_actions(o)
+o = s:taboption('general', DynamicList, "ifnames",
+	translate("Ingress interfaces"),
+	translate("Only apply rules on packets from these network interfaces"))
+ss.values_ifnames(o)
+s:taboption('general', Value, "ipt_args",
+	translate("Extra arguments"),
+	translate("Passes additional arguments to iptables. Use with care!"))
+
+src_dst_option(s, 'src', DynamicList, "src_ips_bypass",
+	translate("Src ip/net bypass"),
+	translate("Bypass ss-redir for packets with src address in this list"))
+src_dst_option(s, 'src', DynamicList, "src_ips_forward",
+	translate("Src ip/net forward"),
+	translate("Forward through ss-redir for packets with src address in this list"))
+src_dst_option(s, 'src', DynamicList, "src_ips_checkdst",
+	translate("Src ip/net checkdst"),
+	translate("Continue to have dst address checked for packets with src address in this list"))
+o = s:taboption('src', ListValue, "src_default",
+	translate("Src default"),
+	translate("Default action for packets whose src address do not match any of the src ip/net list"))
+ss.values_actions(o)
+
+src_dst_option(s, 'dst', DynamicList, "dst_ips_bypass",
+	translate("Dst ip/net bypass"),
+	translate("Bypass ss-redir for packets with dst address in this list"))
+src_dst_option(s, 'dst', DynamicList, "dst_ips_forward",
+	translate("Dst ip/net forward"),
+	translate("Forward through ss-redir for packets with dst address in this list"))
+
+o = s:taboption('dst', FileBrowser, "dst_ips_bypass_file",
+	translate("Dst ip/net bypass file"),
+	translate("File containing ip/net for the purposes as with <em>Dst ip/net bypass</em>"))
+o.datatype = "file"
+s:taboption('dst', FileBrowser, "dst_ips_forward_file",
+	translate("Dst ip/net forward file"),
+	translate("File containing ip/net for the purposes as with <em>Dst ip/net forward</em>"))
+o.datatype = "file"
+o = s:taboption('dst', ListValue, "dst_default",
+	translate("Dst default"),
+	translate("Default action for packets whose dst address do not match any of the dst ip list"))
+ss.values_actions(o)
+
+local installed = os.execute("iptables -m recent -h &>/dev/null") == 0
+if installed then
+	o = s:taboption('dst', Flag, "dst_forward_recentrst")
+else
+	m:set('ss_rules', 'dst_forward_recentrst', "0")
+	o = s:taboption("dst", Button, "_install")
+	o.inputtitle = translate("Install package iptables-mod-conntrack-extra")
+	o.inputstyle = "apply"
+	o.write = function()
+		return luci.http.redirect(
+			luci.dispatcher.build_url("admin/system/packages") ..
+			"?submit=1&install=iptables-mod-conntrack-extra"
+		)
+	end
+end
+o.title = translate("Forward recentrst")
+o.description = translate("Forward those packets whose dst have recently sent to us multiple tcp-rst")
+
+return m

luci-app-shadowsocks-libev/luasrc/model/cbi/shadowsocks-libev/servers.lua

@@ -0,0 +1,31 @@
+-- Copyright 2017 Yousong Zhou <yszhou4tech@gmail.com>
+-- Licensed to the public under the Apache License 2.0.
+
+local ds = require "luci.dispatcher"
+local ss = require("luci.model.shadowsocks-libev")
+
+local m, s
+
+m = Map("shadowsocks-libev",
+	translate("Remote Servers"),
+	translate("Definition of remote shadowsocks servers.  \
+			Disable any of them will also disable instances refering to it."))
+
+local sname = arg[1]
+if sname then
+	if not m:get(sname) then
+		luci.http.redirect(ds.build_url("admin/services/shadowsocks-libev/servers"))
+		return
+	end
+	s = m:section(NamedSection, sname, "server")
+	m.title = m.title .. ' - ' .. sname
+else
+	s = m:section(TypedSection, "server")
+	s.template = 'cbi/tblsection'
+	s.addremove = true
+end
+
+s:option(Flag, "disabled", translate("Disable"))
+ss.options_server(s)
+
+return m

luci-app-shadowsocks-libev/luasrc/model/shadowsocks-libev.lua

@@ -0,0 +1,265 @@
+-- Copyright 2017 Yousong Zhou <yszhou4tech@gmail.com>
+-- Licensed to the public under the Apache License 2.0.
+
+local _up = getfenv(3)
+local ut = require("luci.util")
+local sys = require("luci.sys")
+local ds = require("luci.dispatcher")
+local nw = require("luci.model.network")
+nw.init()
+module("luci.model.shadowsocks-libev", function(m)
+	setmetatable(m, {__index=function (self, k)
+		local tb = _up
+		return rawget(self, k) or _up[k]
+	end})
+end)
+
+function values_actions(o)
+	o:value("bypass")
+	o:value("forward")
+	if o.option ~= "dst_default" then
+		o:value("checkdst")
+	end
+end
+
+function values_redir(o, xmode)
+	o.map.uci.foreach("shadowsocks-libev", "ss_redir", function(sdata)
+		local disabled = ucival_to_bool(sdata["disabled"])
+		local sname = sdata[".name"]
+		local mode = sdata["mode"] or "tcp_only"
+		if not disabled and mode:find(xmode) then
+			local desc = "%s - %s" % {sname, mode}
+			o:value(sname, desc)
+		end
+	end)
+	o:value("", "<unset>")
+	o.default = ""
+end
+
+function values_serverlist(o)
+	o.map.uci.foreach("shadowsocks-libev", "server", function(sdata)
+		local sname = sdata[".name"]
+		local server = sdata["server"]
+		local server_port = sdata["server_port"]
+		if server and server_port then
+			local desc = "%s - %s:%s" % {sname, sdata["server"], sdata["server_port"]}
+			o:value(sname, desc)
+		end
+	end)
+end
+
+function values_ipaddr(o)
+	for _, v in ipairs(nw:get_interfaces()) do
+		for _, a in ipairs(v:ipaddrs()) do
+			o:value(a:host():string(), '%s (%s)' %{ a:host(), v:shortname() })
+		end
+	end
+end
+
+function values_ifnames(o)
+	for _, v in ipairs(sys.net.devices()) do
+		o:value(v)
+	end
+end
+
+function options_client(s, tab)
+	local o
+
+	o = s:taboption(tab, ListValue, "server", translate("Remote server"))
+	values_serverlist(o)
+	o = s:taboption(tab, Value, "local_address", translate("Local address"))
+	o.datatype = "ipaddr"
+	o.placeholder = "0.0.0.0"
+	values_ipaddr(o)
+	o = s:taboption(tab, Value, "local_port", translate("Local port"))
+	o.datatype = "port"
+end
+
+function options_server(s, tab)
+	local o
+	local optfunc
+
+	if tab == nil then
+		optfunc = function(...) return s:option(...) end
+	else
+		optfunc = function(...) return s:taboption(tab, ...) end
+	end
+
+	o = optfunc(Value, "server", translate("Server"))
+	o.datatype = "host"
+	o.size = 16
+	o = optfunc(Value, "server_port", translate("Server port"))
+	o.datatype = "port"
+	o.size = 5
+	o = optfunc(ListValue, "method", translate("Method"))
+	for _, m in ipairs(methods) do
+		o:value(m)
+	end
+	o = optfunc(Value, "key", translate("Key (base64 encoding)"))
+	o.datatype = "base64"
+	o.password = true
+	o.size = 12
+	o = optfunc(Value, "password", translate("Password"))
+	o.password = true
+	o.size = 12
+end
+
+function options_common(s, tab)
+	local o
+
+	o = s:taboption(tab, ListValue, "mode", translate("Mode of operation"))
+	for _, m in ipairs(modes) do
+		o:value(m)
+	end
+	o.default = "tcp_and_udp"
+	o = s:taboption(tab, Value, "mtu", translate("MTU"))
+	o.datatype = "uinteger"
+	o = s:taboption(tab, Value, "timeout", translate("Timeout (sec)"))
+	o.datatype = "uinteger"
+	s:taboption(tab, Value, "user", translate("Run as"))
+
+	s:taboption(tab, Flag, "verbose", translate("Verbose"))
+	s:taboption(tab, Flag, "ipv6_first", translate("IPv6 First"), translate("Prefer IPv6 addresses when resolving names"))
+	s:taboption(tab, Flag, "fast_open", translate("Enable TCP Fast Open"))
+	s:taboption(tab, Flag, "reuse_port", translate("Enable SO_REUSEPORT"))
+	s:taboption(tab, Flag, "mptcp", translate("Enable MPTCP"))
+end
+
+function ucival_to_bool(val)
+	return val == "true" or val == "1" or val == "yes" or val == "on"
+end
+
+function cfgvalue_overview(sdata)
+	local stype = sdata[".type"]
+	local lines  = {}
+
+	if stype == "ss_server" then
+		cfgvalue_overview_(sdata, lines, names_options_server)
+		cfgvalue_overview_(sdata, lines, names_options_common)
+		cfgvalue_overview_(sdata, lines, {
+			"bind_address",
+			"manager_address",
+		})
+	elseif stype == "ss_local" or stype == "ss_redir" or stype == "ss_tunnel" then
+		cfgvalue_overview_(sdata, lines, names_options_client)
+		if stype == "ss_tunnel" then
+			cfgvalue_overview_(sdata, lines, {"tunnel_address"})
+		elseif stype == "ss_redir" then
+			cfgvalue_overview_(sdata, lines, {"disable_sni"})
+		end
+		cfgvalue_overview_(sdata, lines, names_options_common)
+	else
+		return nil, nil
+	end
+	local sname = sdata[".name"]
+	local key = "%s.%s" % {stype, sname}
+	local value = {
+		[".name"] = sname,
+		name = '%s.<var>%s</var>' % {stype, sname},
+		overview = table.concat(lines, "</br>"),
+		disabled = ucival_to_bool(sdata["disabled"]),
+	}
+	return key, value
+end
+
+function cfgvalue_overview_(sdata, lines, names)
+	local line
+
+	for _, n in ipairs(names) do
+		local v = sdata[n]
+		if v ~= nil then
+			if n == "key" or n == "password" then
+				v = translate("<hidden>")
+			end
+			local fv = "<var>%s</var>" % ut.pcdata(v)
+			if sdata[".type"] ~= "ss_server" and n == "server" then
+				fv = '<a class="label" href="%s">%s</a>' % {
+					ds.build_url("admin/services/shadowsocks-libev/servers", v), fv}
+			end
+			line = n .. ": " .. fv
+			table.insert(lines, line)
+		end
+	end
+end
+
+function option_install_package(s, tab)
+	local bin = s.sectiontype:gsub("_", "-", 1)
+	local installed = nixio.fs.access("/usr/bin/" .. bin)
+	if installed then
+		return
+	end
+	local opkg_package = "shadowsocks-libev-" .. bin
+	local p_install
+	if tab then
+		p_install = s:taboption(tab, Button, "_install")
+	else
+		p_install = s:option(Button, "_install")
+	end
+	p_install.title      = translate("Package is not installed")
+	p_install.inputtitle = translate("Install package %q" % opkg_package)
+	p_install.inputstyle = "apply"
+
+	function p_install.write()
+		return luci.http.redirect(
+			luci.dispatcher.build_url("admin/system/packages") ..
+			"?submit=1&install=%s" % opkg_package
+		)
+	end
+end
+
+names_options_server = {
+	"server",
+	"server_port",
+	"method",
+	"key",
+	"password",
+}
+
+names_options_client = {
+	"server",
+	"local_address",
+	"local_port",
+}
+
+names_options_common = {
+	"verbose",
+	"ipv6_first",
+	"fast_open",
+	"reuse_port",
+	"mode",
+	"mtu",
+	"timeout",
+	"user",
+}
+
+modes = {
+	"tcp_only",
+	"tcp_and_udp",
+	"udp_only",
+}
+
+methods = {
+	-- aead
+	"aes-128-gcm",
+	"aes-192-gcm",
+	"aes-256-gcm",
+	"chacha20-ietf-poly1305",
+	"xchacha20-ietf-poly1305",
+	-- stream
+	"table",
+	"rc4",
+	"rc4-md5",
+	"aes-128-cfb",
+	"aes-192-cfb",
+	"aes-256-cfb",
+	"aes-128-ctr",
+	"aes-192-ctr",
+	"aes-256-ctr",
+	"bf-cfb",
+	"camellia-128-cfb",
+	"camellia-192-cfb",
+	"camellia-256-cfb",
+	"salsa20",
+	"chacha20",
+	"chacha20-ietf",
+}

luci-app-shadowsocks-libev/luasrc/view/shadowsocks-libev/add_instance.htm

@@ -0,0 +1,45 @@
+<div class="cbi-section-create cbi-tblsection-create">
+	<br />
+	<table class="cbi-section-table">
+		<tr class="cbi-section-table-row">
+			<td class="cbi-section-table-cell" style="width:140px">
+				<select class="cbi-input-select" id="_newinst.type" name="_newinst.type">
+					<option value="_dummy">-- instance type --</option>
+					<option value="ss_local">ss-local</option>
+					<option value="ss_tunnel">ss-tunnel</option>
+					<option value="ss_redir">ss-redir</option>
+					<option value="ss_server">ss-server</option>
+				</select>
+			</td>
+			<td class="cbi-section-table-cell" style="width:110px">
+				<input type="text" class="cbi-input-text" id="_newinst.name" name="_newinst.name" placeholder="<%:Name%>"/>
+			</td>
+			<td class="cbi-section-table-cell left">
+				<input type="submit" class="cbi-button cbi-button-add" name="cbi.cts.<%=self.config%>" value="<%:Add%>" />
+			</td>
+		</tr>
+	</table>
+</div>
+<script type="text/javascript">//<![CDATA[
+	XHR.poll(5, '<%=url('admin/services/shadowsocks-libev/status')%>', null,
+		function(x, st)
+		{
+			var names = [
+				<%-
+					for _, name in ipairs(self:cfgsections()) do
+						write("%q," % name)
+					end
+				-%>
+			];
+			var instances = st["instances"] || {};
+			for (var i = 0, len = names.length; i < len; i++) {
+				var name = names[i];
+				var el = document.getElementById('cbi-table-' + name + '-running');
+				if (el) {
+					var running = instances.hasOwnProperty(name)? instances[name].running : false;
+					el.innerText = running ? 'yes' : 'no';
+				}
+			}
+		}
+	);
+//]]></script>

luci-app-shadowsocks-libev/root/etc/uci-defaults/40_luci-shadowsocks-libev

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+uci -q batch <<-EOF >/dev/null
+	delete ucitrack.@shadowsocks-libev[-1]
+	add ucitrack shadowsocks-libev
+	set ucitrack.@shadowsocks-libev[-1].init=shadowsocks-libev
+	commit ucitrack
+EOF
+
+rm -f /tmp/luci-indexcache
+exit 0