Add MPTCP support to shadowsocks

luci-app-shadowsocks-libev/luasrc/model/cbi/shadowsocks-libev/instance-details.lua

@@ -0,0 +1,53 @@
+-- Copyright 2017 Yousong Zhou <yszhou4tech@gmail.com>
+-- Licensed to the public under the Apache License 2.0.
+
+local ds = require "luci.dispatcher"
+local ss = require "luci.model.shadowsocks-libev"
+
+local sname = arg[1]
+local redirect_url = ds.build_url("admin/services/shadowsocks-libev/instances")
+local s, o
+
+local m = Map("shadowsocks-libev")
+local sdata = m:get(sname)
+if not sdata then
+	luci.http.redirect(redirect_url)
+	return
+end
+local stype = sdata[".type"]
+m.redirect = redirect_url
+m.title = "shadowsocks-libev - %s - %s" % {stype, sname}
+
+
+s = m:section(NamedSection, sname, stype)
+s:tab("general", translate("General Settings"))
+s:tab("advanced", translate("Advanced Settings"))
+s:taboption("general", Flag, "disabled", translate("Disable"))
+ss.option_install_package(s, "general")
+ss.options_common(s, "advanced")
+
+if stype == "ss_server" then
+	ss.options_server(s, "general")
+	o = s:taboption("general", Value, "bind_address",
+		translate("Bind address"),
+		translate("The address ss-server will initiate connection from"))
+	o.datatype = "ipaddr"
+	o.placeholder = "0.0.0.0"
+	ss.values_ipaddr(o)
+	o = s:taboption("general", Value, "manager_address", translate("Manager address"))
+	o.datatype = "hostport"
+else
+	ss.options_client(s, "general")
+	if stype == "ss_tunnel" then
+		o = s:taboption("general", Value, "tunnel_address",
+			translate("Tunnel address"),
+			translate("The address ss-tunnel will forward traffic to"))
+		o.datatype = "hostport"
+	elseif stype == "ss_redir" then
+		o = s:taboption("advanced", Flag, "disable_sni",
+			translate("Disable SNI"),
+			translate("Disable parsing HTTP/HTTPS payload to find then resolve hostname at remote server"))
+	end
+end
+
+return m

luci-app-shadowsocks-libev/luasrc/model/cbi/shadowsocks-libev/instances.lua

@@ -0,0 +1,104 @@
+-- Copyright 2017 Yousong Zhou <yszhou4tech@gmail.com>
+-- Licensed to the public under the Apache License 2.0.
+
+local ds = require "luci.dispatcher"
+local ss = require "luci.model.shadowsocks-libev"
+local ut = require "luci.util"
+local m, s, o
+
+m = Map("shadowsocks-libev",
+	translate("Local Instances"),
+	translate("Instances of shadowsocks-libev components, e.g. ss-local, \
+			   ss-redir, ss-tunnel, ss-server, etc.  To enable an instance it \
+			   is required to enable both the instance itself and the remote \
+			   server it refers to."))
+
+local instances = {}
+local cfgtypes = { "ss_local", "ss_redir", "ss_server", "ss_tunnel" }
+
+for sname, sdata in pairs(m:get()) do
+	local key, value = ss.cfgvalue_overview(sdata)
+	if key ~= nil then
+		instances[key] = value
+	end
+end
+
+s = m:section(Table, instances)
+s.addremove = true
+s.template_addremove = "shadowsocks-libev/add_instance"
+s.extedit = function(self, section)
+	local value = instances[section]
+	if type(value) == "table" then
+		return ds.build_url(unpack(ds.context.requestpath),
+					"services/shadowsocks-libev/instances",
+					value[".name"])
+	end
+end
+s.parse = function(self, ...)
+	Table.parse(self, ...)
+
+	local crval = REMOVE_PREFIX .. self.config
+	local name = self.map:formvaluetable(crval)
+	for k,v in pairs(name) do
+		local value = instances[k]
+		local sname = value[".name"]
+		if type(value) == "table" then
+			m:del(sname)
+			instances[k] = nil
+			for _, oname in ipairs({"redir_tcp", "redir_udp"}) do
+				local ovalue = m:get("ss_rules", oname)
+				if ovalue == sname then
+					m:del("ss_rules", oname)
+				end
+			end
+		end
+	end
+
+	local stype = m:formvalue("_newinst.type")
+	local sname = m:formvalue("_newinst.name")
+	if ut.contains(cfgtypes, stype) then
+		local created
+		if sname and #sname > 0 then
+			created = m:set(sname, nil, stype)
+		else
+			created = m:add(stype)
+			sname = created
+		end
+		if created then
+			m.uci:save("shadowsocks-libev")
+			luci.http.redirect(ds.build_url(
+				"admin/services/shadowsocks-libev/instances", sname
+			))
+		end
+	end
+end
+
+o = s:option(DummyValue, "name", translate("Name"))
+o.rawhtml = true
+o = s:option(DummyValue, "overview", translate("Overview"))
+o.rawhtml = true
+
+s:option(DummyValue, "running", translate("Running"))
+
+o = s:option(Button, "disabled", translate("Enable/Disable"))
+o.render = function(self, section, scope)
+	if instances[section].disabled then
+		self.title = translate("Disabled")
+		self.inputstyle = "reset"
+	else
+		self.title = translate("Enabled")
+		self.inputstyle = "save"
+	end
+	Button.render(self, section, scope)
+end
+o.write = function(self, section)
+	local sdata = instances[section]
+	if type(sdata) == "table" then
+		local sname = sdata[".name"]
+		local disabled = not sdata["disabled"]
+		sdata["disabled"] = disabled
+		m:set(sname, "disabled", tostring(disabled))
+	end
+end
+
+return m

luci-app-shadowsocks-libev/luasrc/model/cbi/shadowsocks-libev/rules.lua

@@ -0,0 +1,110 @@
+-- Copyright 2017 Yousong Zhou <yszhou4tech@gmail.com>
+-- Licensed to the public under the Apache License 2.0.
+
+local ss = require("luci.model.shadowsocks-libev")
+
+local m, s, o
+
+m = Map("shadowsocks-libev",
+	translate("Redir Rules"),
+	translate("On this page you can configure how traffics are to be \
+		forwarded to ss-redir instances. \
+		If enabled, packets will first have their src ip addresses checked \
+		against <em>Src ip/net bypass</em>, <em>Src ip/net forward</em>, \
+		<em>Src ip/net checkdst</em> and if none matches <em>Src default</em> \
+		will give the default action to be taken. \
+		If the prior check results in action <em>checkdst</em>, packets will continue \
+		to have their dst addresses checked."))
+
+local sdata = m:get('ss_rules')
+if not sdata then
+	m:set('ss_rules', nil, 'ss_rules')
+	m:set('ss_rules', 'disabled', "1")
+end
+
+function src_dst_option(s, ...)
+	local o = s:taboption(...)
+	--o.datatype = "or(ip4addr,cidr4)"
+	o.datatype = "ip4addr"
+end
+
+s = m:section(NamedSection, "ss_rules", "ss_rules")
+s:tab("general", translate("General Settings"))
+s:tab("src", translate("Source Settings"))
+s:tab("dst", translate("Destination Settings"))
+
+s:taboption('general', Flag, "disabled", translate("Disable"))
+ss.option_install_package(s, 'general')
+
+o = s:taboption('general', ListValue, "redir_tcp",
+	translate("ss-redir for TCP"))
+ss.values_redir(o, 'tcp')
+o = s:taboption('general', ListValue, "redir_udp",
+	translate("ss-redir for UDP"))
+ss.values_redir(o, 'udp')
+
+o = s:taboption('general', ListValue, "local_default",
+	translate("Local-out default"),
+	translate("Default action for locally generated TCP packets"))
+ss.values_actions(o)
+o = s:taboption('general', DynamicList, "ifnames",
+	translate("Ingress interfaces"),
+	translate("Only apply rules on packets from these network interfaces"))
+ss.values_ifnames(o)
+s:taboption('general', Value, "ipt_args",
+	translate("Extra arguments"),
+	translate("Passes additional arguments to iptables. Use with care!"))
+
+src_dst_option(s, 'src', DynamicList, "src_ips_bypass",
+	translate("Src ip/net bypass"),
+	translate("Bypass ss-redir for packets with src address in this list"))
+src_dst_option(s, 'src', DynamicList, "src_ips_forward",
+	translate("Src ip/net forward"),
+	translate("Forward through ss-redir for packets with src address in this list"))
+src_dst_option(s, 'src', DynamicList, "src_ips_checkdst",
+	translate("Src ip/net checkdst"),
+	translate("Continue to have dst address checked for packets with src address in this list"))
+o = s:taboption('src', ListValue, "src_default",
+	translate("Src default"),
+	translate("Default action for packets whose src address do not match any of the src ip/net list"))
+ss.values_actions(o)
+
+src_dst_option(s, 'dst', DynamicList, "dst_ips_bypass",
+	translate("Dst ip/net bypass"),
+	translate("Bypass ss-redir for packets with dst address in this list"))
+src_dst_option(s, 'dst', DynamicList, "dst_ips_forward",
+	translate("Dst ip/net forward"),
+	translate("Forward through ss-redir for packets with dst address in this list"))
+
+o = s:taboption('dst', FileBrowser, "dst_ips_bypass_file",
+	translate("Dst ip/net bypass file"),
+	translate("File containing ip/net for the purposes as with <em>Dst ip/net bypass</em>"))
+o.datatype = "file"
+s:taboption('dst', FileBrowser, "dst_ips_forward_file",
+	translate("Dst ip/net forward file"),
+	translate("File containing ip/net for the purposes as with <em>Dst ip/net forward</em>"))
+o.datatype = "file"
+o = s:taboption('dst', ListValue, "dst_default",
+	translate("Dst default"),
+	translate("Default action for packets whose dst address do not match any of the dst ip list"))
+ss.values_actions(o)
+
+local installed = os.execute("iptables -m recent -h &>/dev/null") == 0
+if installed then
+	o = s:taboption('dst', Flag, "dst_forward_recentrst")
+else
+	m:set('ss_rules', 'dst_forward_recentrst', "0")
+	o = s:taboption("dst", Button, "_install")
+	o.inputtitle = translate("Install package iptables-mod-conntrack-extra")
+	o.inputstyle = "apply"
+	o.write = function()
+		return luci.http.redirect(
+			luci.dispatcher.build_url("admin/system/packages") ..
+			"?submit=1&install=iptables-mod-conntrack-extra"
+		)
+	end
+end
+o.title = translate("Forward recentrst")
+o.description = translate("Forward those packets whose dst have recently sent to us multiple tcp-rst")
+
+return m

luci-app-shadowsocks-libev/luasrc/model/cbi/shadowsocks-libev/servers.lua

@@ -0,0 +1,31 @@
+-- Copyright 2017 Yousong Zhou <yszhou4tech@gmail.com>
+-- Licensed to the public under the Apache License 2.0.
+
+local ds = require "luci.dispatcher"
+local ss = require("luci.model.shadowsocks-libev")
+
+local m, s
+
+m = Map("shadowsocks-libev",
+	translate("Remote Servers"),
+	translate("Definition of remote shadowsocks servers.  \
+			Disable any of them will also disable instances refering to it."))
+
+local sname = arg[1]
+if sname then
+	if not m:get(sname) then
+		luci.http.redirect(ds.build_url("admin/services/shadowsocks-libev/servers"))
+		return
+	end
+	s = m:section(NamedSection, sname, "server")
+	m.title = m.title .. ' - ' .. sname
+else
+	s = m:section(TypedSection, "server")
+	s.template = 'cbi/tblsection'
+	s.addremove = true
+end
+
+s:option(Flag, "disabled", translate("Disable"))
+ss.options_server(s)
+
+return m