Rename omr-6in4, add shorewall net interface in params.net and add multipath utility

debian9-x86_64.sh

@@ -192,14 +192,19 @@ if ! grep -q tun /etc/modules ; then
 	echo tun >> /etc/modules
 fi
 
-# Add 6in4 support
-wget -O /usr/local/bin/omr-6in4 http://www.openmptcprouter.com/server/omr-6in4
-chmod 755 /usr/local/bin/omr-6in4
-wget -O /usr/local/bin/omr-6in4-service http://www.openmptcprouter.com/server/omr-6in4-service
-chmod 755 /usr/local/bin/omr-6in4-service
-wget -O /lib/systemd/system/omr-6in4.service http://www.openmptcprouter.com/server/omr-6in4.service.in
-systemctl enable omr-6in4.service
+# Add multipath utility
+wget -O /usr/local/bin/multipath http://www.openmptcprouter.com/server/multipath
+chmod 755 /usr/local/bin/multipath
 
+# Add OpenMPTCProuter service
+wget -O /usr/local/bin/omr-service http://www.openmptcprouter.com/server/omr-service
+chmod 755 /usr/local/bin/omr-service
+wget -O /lib/systemd/system/omr.service http://www.openmptcprouter.com/server/omr.service.in
+if systemctl -q is-active omr-6in4.service; then
+	systemctl -q stop omr-6in4 > /dev/null 2>&1
+fi
+systemctl -q disable omr-6in4 > /dev/null 2>&1
+systemctl enable omr.service
 
 
 # Change SSH port to 65222
@@ -242,9 +247,9 @@ fi
 
 # Add OpenMPTCProuter VPS script version to /etc/motd
 if grep --quiet 'OpenMPTCProuter VPS' /etc/motd; then
-	sed -i 's:< OpenMPTCProuter VPS [0-9]*\.[0-9]* >:< OpenMPCTProuter VPS 0.36 >:' /etc/motd
+	sed -i 's:< OpenMPTCProuter VPS [0-9]*\.[0-9]* >:< OpenMPCTProuter VPS 0.37 >:' /etc/motd
 else
-	echo '< OpenMPTCProuter VPS 0.36 >' >> /etc/motd
+	echo '< OpenMPTCProuter VPS 0.37 >' >> /etc/motd
 fi
 
 if [ "$update" = "0" ]; then
@@ -292,10 +297,10 @@ else
 	echo 'Restarting systemd network...'
 	systemctl -q restart systemd-networkd
 	echo 'done'
-	echo 'Restarting glorytun and omr-6in4...'
+	echo 'Restarting glorytun and omr...'
 	systemctl -q start glorytun-tcp@tun0
 	systemctl -q start glorytun-udp@tun0
-	systemctl -q restart omr-6in4
+	systemctl -q restart omr
 	echo 'done'
 	echo 'Restarting shadowsocks...'
 	systemctl -q restart shadowsocks-libev-server@config

multipath

@@ -0,0 +1,102 @@
+#!/bin/sh
+#
+# Update the MP-TCP flags without the pached iproute2
+#
+# Author: Mario Krueger <openwrt at xedp3x.de>
+# Released under GPL 3 or later
+
+if [ -d "/proc/sys/net/mptcp" ]; then
+        if [ `cat /proc/sys/net/mptcp/mptcp_enabled` = 0 ]; then
+                echo "MPTCP is disabled!"
+                echo "Please set net.mptcp.mptcp_enabled = 1"
+                exit 1
+        fi
+else
+        echo "Your device don't support multipath-TCP."
+        echo "You have to install the pached kernel to use MPTCP."
+        echo "See http://multipath-tcp.org/ for details"
+        exit 1
+fi
+
+case $1 in
+   "-h")
+        echo "          Multipath-TCP configuration tool"
+        echo "show/update flags:"
+        echo "  multipath [device]"
+        echo "  multipath device {on | off | backup | handover}"
+        echo
+        echo "show established conections: -c"
+        echo "show mullmesh info: -f"
+        echo "show kernel config: -k"
+        echo
+        echo "Flag on the device, to enable/disable MPTCP for this interface. The backup-flag"
+        echo "will allow a subflow to be established across this interface, but only be used"
+        echo "as backup. Handover-flag indicates that his interface is not used at all (even "
+        echo "no subflow being established), as long as there are other interfaces available."
+        echo "See http://multipath-tcp.org/ for details"
+        echo
+        exit 0 ;;
+   "-c")
+        cat /proc/net/mptcp_net/mptcp
+        exit 0;;
+   "-f")
+        cat /proc/net/mptcp_fullmesh
+        exit 0;;
+   "-k")
+        echo Enabled: `cat /proc/sys/net/mptcp/mptcp_enabled`
+        echo Path Manager: `cat /proc/sys/net/mptcp/mptcp_path_manager`
+        echo Use checksum: `cat /proc/sys/net/mptcp/mptcp_checksum`
+        echo Scheduler: `cat /proc/sys/net/mptcp/mptcp_scheduler`
+        echo Syn retries: `cat /proc/sys/net/mptcp/mptcp_syn_retries`
+        echo Debugmode: `cat /proc/sys/net/mptcp/mptcp_debug`
+        echo
+        echo See http://multipath-tcp.org/ for details
+        exit 0 ;;
+   "")
+        for ifpath in /sys/class/net/*; do
+                $0 ${ifpath##*/}
+        done
+        exit 0;;
+   *);;
+esac
+
+DEVICE="$1"
+TYPE="$2"
+#FLAG_PATH=`find /sys/devices/ -path "*/net/$DEVICE/flags"`
+
+[ -d "/sys/class/net/$DEVICE/" ] || {
+        echo "Device '$DEVICE' can't found!"
+        echo "Use the hardware name like in ifconfig"
+        exit 1
+}
+
+FLAG_PATH="/sys/class/net/$DEVICE/flags"
+IFF=`cat $FLAG_PATH`
+
+IFF_OFF="0x80000"
+IFF_ON="0x00"
+IFF_BACKUP="0x100000"
+IFF_HANDOVER="0x200000"
+IFF_MASK="0x380000"
+
+case $TYPE in
+        "off")          FLAG=$IFF_OFF;;
+        "on")           FLAG=$IFF_ON;;
+        "backup")       FLAG=$IFF_BACKUP;;
+        "handover")     FLAG=$IFF_HANDOVER;;
+        "")
+                IFF=`printf "0x%02x" $(($IFF&$IFF_MASK))`
+                case "$IFF" in
+                        $IFF_OFF)       echo $DEVICE is deactivated;;
+                        $IFF_ON)        echo $DEVICE is in default mode;;
+                        $IFF_BACKUP)    echo $DEVICE is in backup mode;;
+                        $IFF_HANDOVER)  echo $DEVICE is in handover mode;;
+                        *) echo "Unkown state!" && exit 1;;
+                esac
+                exit 0;;
+        *) echo "Unkown flag! Use 'multipath -h' for help" && exit 1;;
+esac
+
+printf "0x%02x" $(($(($IFF^$(($IFF&$IFF_MASK))))|$FLAG)) > $FLAG_PATH
+
+

omr-service

@@ -1,5 +1,6 @@
 #!/bin/bash
-# OpenMPTCProuter VPS 6in4 service script
+# OpenMPTCProuter VPS service script
+# This script configure 6in4, multipath and firewall for current VPN
 
 if [ "$1" = "stop" ] && [ "$(ip link show omr-6in4 up 2>/dev/null)" ]; then
 	ip route del fd00::/8 via fe80::a00:2 dev omr-6in4
@@ -8,6 +9,16 @@ if [ "$1" = "stop" ] && [ "$(ip link show omr-6in4 up 2>/dev/null)" ]; then
 	exit 0
 fi
 
+# Force multipath status
+source /etc/shorewall/params.net
+for intf in `ls -1 /sys/class/net`; do
+	if [ "$intf" = "$NET_IFACE" ]; then
+		multipath $intf on
+	else
+		multipath $intf off
+	fi
+done
+
 # Add IPv6 tunnel
 if [ "$(ip link show omr-6in4 up 2>/dev/null)" ]; then
 	ip tunnel change omr-6in4 mode sit remote 10.255.255.2 local 10.255.255.1

shorewall4/interfaces

@@ -14,7 +14,7 @@
 ?FORMAT 2
 ###############################################################################
 #ZONE   INTERFACE       OPTIONS
-net	eth0		dhcp,tcpflags,routefilter,nosmurfs,logmartians,sourceroute=0
+net	$NET_IFACE	dhcp,tcpflags,routefilter,nosmurfs,logmartians,sourceroute=0
 vpn	gt-tun0		nosmurfs,routefilter,logmartians,tcpflags
 vpn	gt-udp-tun0	nosmurfs,routefilter,logmartians,tcpflags
 vpn	mlvpn0		nosmurfs,routefilter,logmartians,tcpflags

shorewall4/params

@@ -22,4 +22,5 @@
 #	net	eth0		130.252.100.255	routefilter,norfc1918
 #
 ###############################################################################
+INCLUDE params.net
 INCLUDE params.vpn

shorewall4/params.net

@@ -0,0 +1 @@
+NET_IFACE=eth0

shorewall6/params

@@ -21,3 +21,4 @@
 #	net	eth0		-	dhcp,nosmurfs
 #
 ###############################################################################
+INCLUDE params.net

shorewall6/params.net

@@ -0,0 +1 @@
+NET_IFACE=eth0