From 231597a7a27568bf789944daa8816b82f9102551 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Mon, 11 Dec 2023 09:18:58 +0100 Subject: [PATCH 1/8] Should fix https://github.com/Ysurac/openmptcprouter/issues/3070 --- luci-app-mptcp/luasrc/controller/mptcp.lua | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/luci-app-mptcp/luasrc/controller/mptcp.lua b/luci-app-mptcp/luasrc/controller/mptcp.lua index 98e07b4920..227d26602f 100644 --- a/luci-app-mptcp/luasrc/controller/mptcp.lua +++ b/luci-app-mptcp/luasrc/controller/mptcp.lua @@ -1,19 +1,19 @@ -- Copyright 2008 Steven Barth -- Copyright 2011 Jo-Philipp Wich --- Copyright 2018 Ycarus (Yannick Chabanois) +-- Copyright 2018-2023 Ycarus (Yannick Chabanois) -- Licensed to the public under the Apache License 2.0. module("luci.controller.mptcp", package.seeall) -local uname = nixio.uname() function index() + local uname = nixio.uname() entry({"admin", "network", "mptcp"}, alias("admin", "network", "mptcp", "settings"), _("MPTCP")) entry({"admin", "network", "mptcp", "settings"}, cbi("mptcp"), _("Settings"),2).leaf = true entry({"admin", "network", "mptcp", "bandwidth"}, template("mptcp/multipath"), _("Bandwidth"), 3).leaf = true entry({"admin", "network", "mptcp", "multipath_bandwidth"}, call("multipath_bandwidth")).leaf = true entry({"admin", "network", "mptcp", "interface_bandwidth"}, call("interface_bandwidth")).leaf = true - if uname.release:sub(1,1) == "5" then + if uname ~= nil and uname.release:sub(1,1) == "5" then entry({"admin", "network", "mptcp", "mptcp_check"}, template("mptcp/mptcp_check"), _("MPTCP Support Check"), 4).leaf = true end entry({"admin", "network", "mptcp", "mptcp_check_trace"}, post("mptcp_check_trace")).leaf = true From e1b86c3118b9466f63fccc0245d7075181a3fafd Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 13 Dec 2023 10:55:30 +0100 Subject: [PATCH 2/8] Check if unbound is working, else restart it --- .../usr/share/omr/post-tracking.d/010-services | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/mptcp/files/usr/share/omr/post-tracking.d/010-services b/mptcp/files/usr/share/omr/post-tracking.d/010-services index 4cc11015b1..7f2368b741 100755 --- a/mptcp/files/usr/share/omr/post-tracking.d/010-services +++ b/mptcp/files/usr/share/omr/post-tracking.d/010-services @@ -33,10 +33,16 @@ if [ "$(pgrep -f dnsmasq)" = "" ] && [ -f /etc/init.d/dnsmasq ]; then /etc/init.d/dnsmasq restart 2>&1 >/dev/null sleep 5 fi -if [ "$(pgrep -f unbound)" = "" ] && [ -f /etc/init.d/unbound ] && [ "$(uci -q get unbound.@unbound[0].enabled)" = "1" ]; then - _log "Can't find unbound, restart it..." - /etc/init.d/unbound restart 2>&1 >/dev/null - sleep 5 +if [ -f /etc/init.d/unbound ] && [ "$(uci -q get unbound.@unbound[0].enabled)" = "1" ]; then + if [ "$(pgrep -f unbound)" = "" ]; then + _log "Can't find unbound, restart it..." + /etc/init.d/unbound restart 2>&1 >/dev/null + sleep 5 + elif [ "$(uci -q get openmptcprouter.settings.external_check)" != "0" ] && [ "$(uci -q get unbound.ub_main.listen_port)" = "5353" ] && [ -n "$(dig +timeout=4 +tries=1 openmptcprouter.com -p 5353 | grep 'ANSWER: 0')" ]; then + _log "Can't resolve via unbound, restart it..." + /etc/init.d/unbound restart 2>&1 >/dev/null + sleep 5 + fi fi if [ "$(pgrep openvpn)" = "" ] && [ -f /etc/init.d/openvpn ]; then From 63d19c4861941414320b4baa7acf9e688bd3201c Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 13 Dec 2023 10:56:25 +0100 Subject: [PATCH 3/8] Add OpenVPN DCO --- openmptcprouter-full/Makefile | 2 +- .../files/etc/uci-defaults/2020-omr-vpn | 9 +++ openvpn/files/openvpn.options | 1 + ovpn-dco/Makefile | 63 +++++++++++++++++++ 4 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 ovpn-dco/Makefile diff --git a/openmptcprouter-full/Makefile b/openmptcprouter-full/Makefile index ccdf4110c1..898ecef82d 100644 --- a/openmptcprouter-full/Makefile +++ b/openmptcprouter-full/Makefile @@ -85,7 +85,7 @@ MY_DEPENDS := \ (LINUX_5_15||LINUX_6_1):mptcpd (TARGET_x86||TARGET_x86_64):kmod-igc !TARGET_mvebu:kmod-mmc-spi kmod-macsec usbutils v2ray-core syslogd \ (TARGET_x86||TARGET_x86_64):kmod-mlx4-core \ !(TARGET_ips40xx||TARGET_ramips):iptables-mod-ndpi !(TARGET_ips40xx||TARGET_ramips):kmod-ipt-ndpi libip4tc libip6tc \ - xray-core shadowsocks-rust-sslocal shadowsocks-rust-ssservice shadowsocks-rust-config luci-app-shadowsocks-rust (LINUX_5_4&&(TARGET_x86_64||aarch64)):kmod-tcp-bbr2 + xray-core shadowsocks-rust-sslocal shadowsocks-rust-ssservice shadowsocks-rust-config luci-app-shadowsocks-rust (LINUX_5_4&&(TARGET_x86_64||aarch64)):kmod-tcp-bbr2 kmod-ovpn-dco-v2 # !TARGET_mvebu:kmod-usb-net-smsc75xx # libnetfilter-conntrack ebtables ebtables-utils ip-full nstat \ diff --git a/openmptcprouter/files/etc/uci-defaults/2020-omr-vpn b/openmptcprouter/files/etc/uci-defaults/2020-omr-vpn index 962c03d397..334cf75d85 100755 --- a/openmptcprouter/files/etc/uci-defaults/2020-omr-vpn +++ b/openmptcprouter/files/etc/uci-defaults/2020-omr-vpn @@ -45,9 +45,18 @@ if [ "$(uci -q get openvpn.omr.proto)" != "tcp-client" ]; then set openvpn.omr.sndbuf=0 set openvpn.omr.rcvbuf=0 set openvpn.omr.route_delay=5 + set openvpn.omr.disable_dco=1 commit openvpn EOF fi +if [ -z "$(uci -q get openvpn.omr.disable_dco)" ]; then + uci -q batch <<-EOF >/dev/null + set openvpn.omr.disable_dco=1 + commit openvpn + EOF + +fi + uci -q delete openvpn.omr.secret uci -q delete openvpn.omr.ncp_disable=0 diff --git a/openvpn/files/openvpn.options b/openvpn/files/openvpn.options index 5b8d55a079..1dbc4b8fd6 100644 --- a/openvpn/files/openvpn.options +++ b/openvpn/files/openvpn.options @@ -149,6 +149,7 @@ client client_to_client comp_noadapt disable +disable_dco disable_occ down_pre duplicate_cn diff --git a/ovpn-dco/Makefile b/ovpn-dco/Makefile new file mode 100644 index 0000000000..1f0181825b --- /dev/null +++ b/ovpn-dco/Makefile @@ -0,0 +1,63 @@ +# +# Copyright (C) 2021 Jianhui Zhao +# Copyright (C) 2023 Yannick Chabanois (Ycarus) for OpenMPTCProuter +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk +include $(INCLUDE_DIR)/kernel.mk + +PKG_NAME:=ovpn-dco +PKG_VERSION:=0.2.20231127 +PKG_RELEASE:=1 + +PKG_SOURCE_PROTO:=git +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://github.com/OpenVPN/ovpn-dco.git +PKG_SOURCE_VERSION:=c24380cdb8f5eef5a04059bbe82ad4ba4d3616c3 + +PKG_MAINTAINER:=Yannick Chabanois +PKG_LICENSE:=GPL-2.0-only + + +include $(INCLUDE_DIR)/package.mk + +define KernelPackage/ovpn-dco-v2 + SUBMENU:=Network Support + TITLE:=OpenVPN data channel offload + DEPENDS:=+kmod-crypto-aead +kmod-udptunnel4 +IPV6:kmod-udptunnel6 + FILES:=$(PKG_BUILD_DIR)/drivers/net/ovpn-dco/ovpn-dco-v2.ko + AUTOLOAD:=$(call AutoLoad,30,ovpn-dco-v2) +endef + +define KernelPackage/ovpn-dco-v2/description + This module enhances the performance of the OpenVPN userspace software + by offloading the data channel processing to kernelspace. +endef + +NOSTDINC_FLAGS += \ + $(KERNEL_NOSTDINC_FLAGS) \ + -I$(PKG_BUILD_DIR)/include \ + -include $(PKG_BUILD_DIR)/linux-compat.h \ + -I$(PKG_BUILD_DIR)/compat-include/ + +EXTRA_KCONFIG:= \ + CONFIG_OVPN_DCO_V2=m + +PKG_EXTMOD_SUBDIRS = drivers/net/ovpn-dco + +MAKE_OPTS:= \ + $(KERNEL_MAKE_FLAGS) \ + M="$(PKG_BUILD_DIR)/drivers/net/ovpn-dco" \ + NOSTDINC_FLAGS="$(NOSTDINC_FLAGS)" \ + $(EXTRA_KCONFIG) + +define Build/Compile + $(MAKE) -C "$(LINUX_DIR)" \ + $(MAKE_OPTS) \ + modules +endef + +$(eval $(call KernelPackage,ovpn-dco-v2)) From 7139a5db51ba29c4cb5ffb720c5ed0d3d7c5d2d7 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 13 Dec 2023 10:57:05 +0100 Subject: [PATCH 4/8] Fix on omr-test-speed for fasttest --- openmptcprouter/files/bin/omr-test-speed | 10 ++++++++-- openmptcprouter/files/bin/omr-test-speedv6 | 2 +- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/openmptcprouter/files/bin/omr-test-speed b/openmptcprouter/files/bin/omr-test-speed index 36480fcb67..a1de532649 100755 --- a/openmptcprouter/files/bin/omr-test-speed +++ b/openmptcprouter/files/bin/omr-test-speed @@ -13,9 +13,10 @@ if [ "$1" = "fasttest" ]; then fi for i in $@; do :; done INTERFACE="$i" +[ "$INTERFACE" = "forcevps" ] || [ "$INTERFACE" = "fasttest" ] && INTERFACE="" [ -n "$INTERFACE" ] && [ ! -d "/sys/class/net/$INTERFACE" ] && { - echo "You must use a real interface. You wan find them using 'ip a' for example" + echo "You must use a real interface. You wan find them using 'ip a' for example (not $INTERFACE)" exit 0 } @@ -41,7 +42,12 @@ done [ "$FASTTEST" = true ] || echo "Best server is $HOST, running test:" trap : HUP INT TERM if [ -z "$INTERFACE" ]; then - curl -4 -o /dev/null $HOST || echo + if [ "$FASTTEST" = true ]; then + avg_speed=$(curl -4 --max-time 10 -o /dev/null -qfsS -w '%{speed_download}' $HOST 2>/dev/null) + echo "$avg_speed" + else + curl -4 -o /dev/null $HOST || echo + fi else [ -n "$(tc qdisc show dev $INTERFACE | grep ingress)" ] && /etc/init.d/sqm stop $INTERFACE domain=$(echo $HOST | awk -F/ '{print $3}') diff --git a/openmptcprouter/files/bin/omr-test-speedv6 b/openmptcprouter/files/bin/omr-test-speedv6 index 62653aea7d..07fa36c542 100755 --- a/openmptcprouter/files/bin/omr-test-speedv6 +++ b/openmptcprouter/files/bin/omr-test-speedv6 @@ -1,5 +1,4 @@ #!/bin/sh -#!/bin/sh # (c) Yannick Chabanois (ycarus@zugaina.org) for OpenMPTCProuter # # @@ -14,6 +13,7 @@ if [ "$1" = "fasttest" ]; then fi for i in $@; do :; done INTERFACE="$i" +[ "$INTERFACE" = "forcevps" ] || [ "$INTERFACE" = "fasttest" ] && INTERFACE="" [ -n "$INTERFACE" ] && [ ! -d "/sys/class/net/$INTERFACE" ] && { echo "You must use a real interface. You wan find them using 'ip a' for example" From e41723e2959bd09e81b3b854fd4d29050ab150b3 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 13 Dec 2023 10:57:47 +0100 Subject: [PATCH 5/8] Check DNS only if external tests are not disabled --- openmptcprouter-api/files/usr/libexec/rpcd/openmptcprouter | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openmptcprouter-api/files/usr/libexec/rpcd/openmptcprouter b/openmptcprouter-api/files/usr/libexec/rpcd/openmptcprouter index f28df60c15..3dfda3661d 100755 --- a/openmptcprouter-api/files/usr/libexec/rpcd/openmptcprouter +++ b/openmptcprouter-api/files/usr/libexec/rpcd/openmptcprouter @@ -789,7 +789,10 @@ function interfaces_status() -- dns mArray.openmptcprouter["dns"] = false local timeout = uci:get("openmptcprouter","settings","status_getip_timeout") or "1" - local dns_test = sys.exec("dig +timeout=" .. timeout .. " +tries=1 openmptcprouter.com | grep 'ANSWER: 0'") + local dns_test = "" + if uci:get("openmptcprouter","settings","external_check") ~= "0" then + dns_test = sys.exec("dig +timeout=" .. timeout .. " +tries=1 openmptcprouter.com | grep 'ANSWER: 0'") + end if dns_test == "" then mArray.openmptcprouter["dns"] = true end From b8d2414f51f0672c42cae39af75a326c2fdd3ba6 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 13 Dec 2023 10:58:47 +0100 Subject: [PATCH 6/8] Allow to change encryption on XRay Shadowsocks --- .../luasrc/controller/openmptcprouter.lua | 4 +++- openmptcprouter/files/etc/init.d/openmptcprouter-vps | 6 ++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua b/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua index ec876228cd..5f7b1487af 100644 --- a/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua +++ b/luci-app-openmptcprouter/luasrc/controller/openmptcprouter.lua @@ -915,7 +915,8 @@ function wizard_add() ucic:set("xray","omrout","s_vless_reality_user_security","none") ucic:set("xray","omrout","s_trojan_user_security","none") ucic:set("xray","omrout","s_socks_user_security","none") - ucic:set("xray","omrout","s_shadowsocks_method","none") + --ucic:set("xray","omrout","s_shadowsocks_method","none") + ucic:set("xray","omrout","s_shadowsocks_method","2022-blake3-aes-256-gcm") elseif encryption == "aes-256-gcm" then ucic:set("openmptcprouter","settings","encryption","aes-256-gcm") ucic:set("shadowsocks-libev","sss0","method","aes-256-gcm") @@ -974,6 +975,7 @@ function wizard_add() ucic:set("xray","omrout","s_trojan_user_security","chacha20-poly1305") ucic:set("xray","omrout","s_socks_user_security","chacha20-poly1305") ucic:set("xray","omrout","s_shadowsocks_method","2022-blake3-chacha20-poly1305") + --ucic:set("xray","omrout","s_shadowsocks_method","2022-blake3-aes-256-gcm") --ucic:set("shadowsocks-rust","sss0","method","2022-blake3-chacha20-poly1305") --ucic:set("shadowsocks-rust","sss1","method","2022-blake3-chacha20-poly1305") ucic:set("shadowsocks-rust","sss0","method","2022-blake3-aes-256-gcm") diff --git a/openmptcprouter/files/etc/init.d/openmptcprouter-vps b/openmptcprouter/files/etc/init.d/openmptcprouter-vps index 0176273ea8..110b0e87d5 100755 --- a/openmptcprouter/files/etc/init.d/openmptcprouter-vps +++ b/openmptcprouter/files/etc/init.d/openmptcprouter-vps @@ -353,6 +353,7 @@ _set_xray_server_vps() { enabled=$(uci -q get xray.main.enabled) userid=$(uci -q get xray.omrout.s_vless_user_id) protocol=$(uci -q get xray.omrout.protocol) + ss_method=$(uci -q get xray.omrout.s_shadowsocks_method) if [ "$protocol" = "vless-reality" ] && [ "$enabled" = "1" ]; then vless_reality='true' else @@ -363,10 +364,11 @@ _set_xray_server_vps() { [ -z "$vps_config" ] && return current_userid="$(echo "$vps_config" | jsonfilter -q -e '@.xray.config.key')" current_vlessreality="$(echo "$vps_config" | jsonfilter -q -e '@.xray.config.vless_reality')" + current_method="$(echo "$vps_config" | jsonfilter -q -e '@.xray.config.ss_method')" - if [ "$current_userid" != "$userid" ] || [ "$current_vlessreality" != "$vless_reality" ]; then + if [ "$current_userid" != "$userid" ] || [ "$current_vlessreality" != "$vless_reality" ] || [ "$current_method" != "$ss_method" ]; then local settings - settings='{"userid": "'$userid'","vless_reality": '$vless_reality'}' + settings='{"userid": "'$userid'","vless_reality": '$vless_reality',"ss_method": "'$ss_method'"}' echo $(_set_json "xray" "$settings") fi } From 4e8f5847f6ed0768cf0dfcbde4f47d6c2dcd08c0 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 13 Dec 2023 10:59:20 +0100 Subject: [PATCH 7/8] Double quote for sqm-autorate config --- sqm-autorate/files/usr/share/sqm-autorate/config.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sqm-autorate/files/usr/share/sqm-autorate/config.sh b/sqm-autorate/files/usr/share/sqm-autorate/config.sh index 509dee6353..2dcf3f7bac 100755 --- a/sqm-autorate/files/usr/share/sqm-autorate/config.sh +++ b/sqm-autorate/files/usr/share/sqm-autorate/config.sh @@ -10,7 +10,7 @@ # Modified by Ycarus (Yannick Chabanois) for OpenMPTCProuter: # * Get configuration via uci -INTERFACE=$1 +INTERFACE="$1" # *** OUTPUT OPTIONS *** @@ -26,10 +26,10 @@ debug=1 #dl_if=ifb4eth1 # download interface #dl_if=$(uci -q get sqm.${INTERFACE}.download_interface) -dl_if=ifb4$(uci -q get sqm.${INTERFACE}.interface) +dl_if="ifb4$(uci -q get sqm.${INTERFACE}.interface)" #ul_if=eth1 # upload interface #ul_if=$(uci -q get sqm.${INTERFACE}.upload_interface) -ul_if=$(uci -q get sqm.${INTERFACE}.interface) +ul_if="$(uci -q get sqm.${INTERFACE}.interface)" #reflector_ping_interval_s=0.2 # (seconds, e.g. 0.2s or 2s) reflector_ping_interval_s=$(uci -q get sqm.${INTERFACE}.reflector_ping_interval_s || echo "0.2") From 9656539d48c827171a7931ad9bdb42d9826a32e5 Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Wed, 13 Dec 2023 14:24:46 +0100 Subject: [PATCH 8/8] Ignore routes when nexthop link is down --- shadowsocks-libev/files/shadowsocks.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/shadowsocks-libev/files/shadowsocks.conf b/shadowsocks-libev/files/shadowsocks.conf index c9aedd2de0..f02474433d 100644 --- a/shadowsocks-libev/files/shadowsocks.conf +++ b/shadowsocks-libev/files/shadowsocks.conf @@ -52,6 +52,9 @@ net.ipv4.tcp_mtu_probing = 0 # Default conntrack is too small net.netfilter.nf_conntrack_max = 131072 +net.ipv4.conf.all.ignore_routes_with_linkdown = 1 +net.ipv4.conf.default.ignore_routes_with_linkdown = 1 + net.ipv4.tcp_ecn = 2 #net.ipv4.tcp_sack = 0 #net.ipv4.tcp_dsack = 0