mirror of
https://github.com/hackerschoice/segfault.git
synced 2024-06-29 18:21:22 +00:00
resource balancing, gsexecio and MAXMIND key
This commit is contained in:
parent
2dc1fa9e05
commit
a8fec68c59
1
Makefile
1
Makefile
@ -48,6 +48,7 @@ FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/geoip"
|
|||||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/geoiphn"
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/geoiphn"
|
||||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/gssec"
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/gssec"
|
||||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/gsexec"
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/gsexec"
|
||||||
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/gsexecio"
|
||||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/thcssh"
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/thcssh"
|
||||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/transfer"
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/transfer"
|
||||||
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/asn"
|
FILES_GUEST += "segfault-$(VER)/guest/fs-root/sf/bin/asn"
|
||||||
|
@ -108,7 +108,7 @@ services:
|
|||||||
cgroup_parent: sf.slice
|
cgroup_parent: sf.slice
|
||||||
volumes:
|
volumes:
|
||||||
- "${SF_BASEDIR:-.}/config/etc/logpipe/:/app/config/:ro"
|
- "${SF_BASEDIR:-.}/config/etc/logpipe/:/app/config/:ro"
|
||||||
- "/dev/shm/sf/run/logpipe/:/app/sock/:rw"
|
- "${SF_SHMDIR:-/dev/shm/sf}/run/logpipe/:/app/sock/:rw"
|
||||||
|
|
||||||
sf-portd:
|
sf-portd:
|
||||||
build: encfsd
|
build: encfsd
|
||||||
@ -424,7 +424,8 @@ services:
|
|||||||
- SF_MULLVAD_IP=${SF_MULLVAD_IP:?}
|
- SF_MULLVAD_IP=${SF_MULLVAD_IP:?}
|
||||||
- SF_GUEST_MTU=${SF_GUEST_MTU:-1420}
|
- SF_GUEST_MTU=${SF_GUEST_MTU:-1420}
|
||||||
volumes:
|
volumes:
|
||||||
- "${SF_SHMDIR:-/dev/shm/sf}/run/vpn:/sf/run/vpn"
|
- "${SF_SHMDIR:-/dev/shm/sf}/run:/sf/run"
|
||||||
|
- "${SF_BASEDIR:-.}/config/db:/config/db:ro"
|
||||||
- "${SF_BASEDIR:-.}/config/etc/sf:/config/host/etc/sf:ro"
|
- "${SF_BASEDIR:-.}/config/etc/sf:/config/host/etc/sf:ro"
|
||||||
- "${SF_SHMDIR:-/dev/shm/sf}/config-for-guest:/config/guest" # vpn_status to guest
|
- "${SF_SHMDIR:-/dev/shm/sf}/config-for-guest:/config/guest" # vpn_status to guest
|
||||||
- "${SF_BASEDIR:-.}/sfbin:/sf/bin:ro"
|
- "${SF_BASEDIR:-.}/sfbin:/sf/bin:ro"
|
||||||
|
@ -610,7 +610,7 @@ RUN /pkg-install.sh HUGE apt-get install -y --no-install-recommends \
|
|||||||
gobjc++-mingw-w64-i686-posix gobjc++-mingw-w64-i686-win32 gobjc-mingw-w64-i686-posix gobjc-mingw-w64-i686-win32 \
|
gobjc++-mingw-w64-i686-posix gobjc++-mingw-w64-i686-win32 gobjc-mingw-w64-i686-posix gobjc-mingw-w64-i686-win32 \
|
||||||
maven \
|
maven \
|
||||||
rust-src
|
rust-src
|
||||||
RUN /pkg-install.sh HACK ghbin shadow1ng/fscan 'fscan_%arch:x86_64=amd64:aarch64=arm64%$' fscan \
|
RUN /pkg-install.sh HACK ghbin shadow1ng/fscan 'fscan%arch:x86_64=:aarch64=_arm64%$' fscan \
|
||||||
&& /pkg-install.sh HACK ghbin 'theaog/spirit' 'spirit%arch:x86_64=:DEFAULT=SKIP%.tgz$' spirit `# x86_64 only, spirit-arm bad` \
|
&& /pkg-install.sh HACK ghbin 'theaog/spirit' 'spirit%arch:x86_64=:DEFAULT=SKIP%.tgz$' spirit `# x86_64 only, spirit-arm bad` \
|
||||||
&& /pkg-install.sh HACK bash -c '{ GOBIN=/usr/bin go install github.com/tomnomnom/gf@latest \
|
&& /pkg-install.sh HACK bash -c '{ GOBIN=/usr/bin go install github.com/tomnomnom/gf@latest \
|
||||||
&& mkdir -p /usr/share/gf \
|
&& mkdir -p /usr/share/gf \
|
||||||
|
@ -15,13 +15,23 @@
|
|||||||
# ZSH specific
|
# ZSH specific
|
||||||
function cnf_preexec() {
|
function cnf_preexec() {
|
||||||
local cmd
|
local cmd
|
||||||
|
local is_nospace
|
||||||
|
|
||||||
|
[ -n "$cnf_once" ] && return
|
||||||
|
typeset -g cnf_once="1"
|
||||||
|
|
||||||
cmd="$1"
|
cmd="$1"
|
||||||
# Remove any variable like in `FOO=blah duf`
|
# Remove any variable like in `FOO=blah duf`
|
||||||
# Test: X="FOO BAR" Y="hello world" Z=mememe whoami
|
# Test:
|
||||||
|
# X="FOO BAR" Y="hello world" Z=mememe id
|
||||||
|
# X=FOO
|
||||||
|
# X=FOO id
|
||||||
|
# X=FOO Y=BAR
|
||||||
|
# 'X=FOO Y="BAAR" '
|
||||||
|
# X=FOO ~/foo.sh
|
||||||
while :; do
|
while :; do
|
||||||
cmd="${cmd#"${cmd%%[^[:space:]]*}"}" # remove leading whitespace characters
|
cmd="${cmd#"${cmd%%[^[:space:]]*}"}" # remove leading whitespace characters
|
||||||
[[ $cmd != *" "* ]] && break
|
[[ $cmd != *" "* ]] && { is_nospace=1; break; }
|
||||||
# Check if first string before \s is a variable (contains '=')
|
# Check if first string before \s is a variable (contains '=')
|
||||||
[[ ${cmd%% *} != *"="* ]] && break
|
[[ ${cmd%% *} != *"="* ]] && break
|
||||||
|
|
||||||
@ -35,12 +45,14 @@ function cnf_preexec() {
|
|||||||
cmd=${cmd#*=\"}
|
cmd=${cmd#*=\"}
|
||||||
cmd=${cmd#*\"}
|
cmd=${cmd#*\"}
|
||||||
done
|
done
|
||||||
|
[[ ${cmd:0:1} == "~" ]] && return
|
||||||
|
[[ -z $cmd ]] && return
|
||||||
|
[[ -n $is_nospace ]] && [[ $cmd == *"="* ]] && return
|
||||||
|
|
||||||
typeset -g cnf_command="${cmd%% *}"
|
typeset -g cnf_command="${cmd%% *}"
|
||||||
|
|
||||||
whence -- "${cnf_command}" >& /dev/null && return
|
whence -- "${cnf_command}" >& /dev/null && return
|
||||||
# HERE: command not found
|
# HERE: command not found
|
||||||
[ -n "$cnf_once" ] && return
|
|
||||||
typeset -g cnf_once="1"
|
|
||||||
echo -en "💥 \e[0;31m"
|
echo -en "💥 \e[0;31m"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2,13 +2,14 @@
|
|||||||
|
|
||||||
{ [[ -n $SF_BINDIR ]] && source "${SF_BINDIR}/funcs.sh"; } || source "/sf/bin/funcs.sh"
|
{ [[ -n $SF_BINDIR ]] && source "${SF_BINDIR}/funcs.sh"; } || source "/sf/bin/funcs.sh"
|
||||||
|
|
||||||
|
[[ $# -lt 2 ]] && { echo -e >&2 "${CY}ERROR${CN}: gsexec SECRET 'command'"; exit 255; }
|
||||||
|
|
||||||
# cut & paste this into your shell on your workstation or add to ~/.bashrc
|
# cut & paste this into your shell on your workstation or add to ~/.bashrc
|
||||||
gsexec() {
|
gsexec() {
|
||||||
local sec
|
local sec
|
||||||
sec="$1"
|
sec="$1"
|
||||||
shift 1
|
shift 1
|
||||||
echo "$*; exit; __START"|gs-netcat -s "$sec" 2>/dev/null|sed -n '/__START/,$p'|tail +2
|
echo "$*; kill -9 \$\$; __START"|gs-netcat -I -s "$sec"|sed -un '/__START/,$p'|tail +2
|
||||||
}
|
}
|
||||||
|
|
||||||
[[ $# -lt 2 ]] && { echo -e >&2 "${CY}ERROR${CN}: gsexec SECRET 'command'"; exit 255; }
|
|
||||||
gsexec "$@"
|
gsexec "$@"
|
||||||
|
11
guest/fs-root/sf/bin/gsexecio
Executable file
11
guest/fs-root/sf/bin/gsexecio
Executable file
@ -0,0 +1,11 @@
|
|||||||
|
#! /usr/bin/env bash
|
||||||
|
|
||||||
|
{ [[ -n $SF_BINDIR ]] && source "${SF_BINDIR}/funcs.sh"; } || source "/sf/bin/funcs.sh"
|
||||||
|
|
||||||
|
[[ $# -lt 1 ]] && { echo -e >&2 "${CY}ERROR${CN}: gsexecio SECRET <shell-script.sh"; exit 255; }
|
||||||
|
|
||||||
|
gsexecio() {
|
||||||
|
{ echo -e "stty raw -echo\nexec cat | exec bash; stty +echo"; sleep 3; cat; echo -e "\n:;kill -9 \$PPID";} | gs-netcat -Ii -s "$1" 2>/dev/null | sed -un '/stty raw -echo/,$p'|tail +3
|
||||||
|
}
|
||||||
|
|
||||||
|
gsexecio "$1"
|
@ -326,7 +326,6 @@ init_vars()
|
|||||||
init_defaults
|
init_defaults
|
||||||
init_emu
|
init_emu
|
||||||
|
|
||||||
[[ -f "${SF_RUN_DIR}/logs/segfault.log" ]] && IS_LOGGING=1
|
|
||||||
|
|
||||||
NOW="$(date +%s)"
|
NOW="$(date +%s)"
|
||||||
[[ -z $YOUR_IP ]] && {
|
[[ -z $YOUR_IP ]] && {
|
||||||
@ -374,6 +373,8 @@ init_vars()
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
[[ -f "${SF_RUN_DIR}/logs/segfault.log" ]] && IS_LOGGING=1
|
||||||
|
|
||||||
xmkdir "${LG_RUN_DIR}"
|
xmkdir "${LG_RUN_DIR}"
|
||||||
# Check if we are still in sshd's Network Namespace
|
# Check if we are still in sshd's Network Namespace
|
||||||
IS_SSHD_NS_NET=1
|
IS_SSHD_NS_NET=1
|
||||||
@ -455,8 +456,8 @@ ${CDY}@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
|
|||||||
sysmsg "/config/host/etc/logoutmsg-all.sh"
|
sysmsg "/config/host/etc/logoutmsg-all.sh"
|
||||||
|
|
||||||
echo -e "\
|
echo -e "\
|
||||||
RTFM : ${CB}${CUL}https://www.thc.org/segfault/faq${CN}
|
📖 RTFM : ${CB}${CUL}https://www.thc.org/segfault/faq${CN}
|
||||||
GOODBYE : ${CW}Join us on Telegram - https://t.me/thcorg${CN}"
|
🤗 GOODBYE : ${CW}Join us on Telegram - https://t.me/thcorg${CN}"
|
||||||
[[ -z $SF_IS_NEW_SERVER ]] && return
|
[[ -z $SF_IS_NEW_SERVER ]] && return
|
||||||
|
|
||||||
prompt_wait_yN 10 "Would you like to see your ${CDY}SECRET${CN} to log back in to ${CDY}${SF_HOSTNAME:-UNKNOWN}${CN}?" || return
|
prompt_wait_yN 10 "Would you like to see your ${CDY}SECRET${CN} to log back in to ${CDY}${SF_HOSTNAME:-UNKNOWN}${CN}?" || return
|
||||||
@ -528,7 +529,7 @@ spawn_shell_exit()
|
|||||||
sem_release
|
sem_release
|
||||||
|
|
||||||
# Add a log entry into elastisearch using logpipe
|
# Add a log entry into elastisearch using logpipe
|
||||||
logpipe "Type:Login|LID:${LID}|Hostname:${SF_HOSTNAME}||C_ISO:${YOUR_COUNTRY_ISO}|CONTINENT=${YOUR_CONTINENT_CODE}|"
|
logpipe "Type:Login|LID:${LID}|Hostname:${SF_HOSTNAME}|IPHASH:${YOUR_IP_HASH}|C_ISO:${YOUR_COUNTRY_ISO^^}|CONTINENT=${YOUR_CONTINENT_CODE}|"
|
||||||
|
|
||||||
# Update current IP:
|
# Update current IP:
|
||||||
tofile "${YOUR_IP_DISPLAY:?}" "/config/self-for-guest/lg-${LID}/ip"
|
tofile "${YOUR_IP_DISPLAY:?}" "/config/self-for-guest/lg-${LID}/ip"
|
||||||
@ -616,7 +617,6 @@ load_limits()
|
|||||||
{
|
{
|
||||||
local prefix
|
local prefix
|
||||||
local is_need_update_token
|
local is_need_update_token
|
||||||
local is_token_loaded
|
|
||||||
# Set the default values.
|
# Set the default values.
|
||||||
# No default for ROOT_FS limit. Should be set in sf.conf or if not set
|
# No default for ROOT_FS limit. Should be set in sf.conf or if not set
|
||||||
# then root is mounted read-only
|
# then root is mounted read-only
|
||||||
@ -634,8 +634,6 @@ load_limits()
|
|||||||
SF_ULIMIT_NOFILE="8192"
|
SF_ULIMIT_NOFILE="8192"
|
||||||
SF_USER_SYN_BURST=8196
|
SF_USER_SYN_BURST=8196
|
||||||
SF_USER_SYN_LIMIT=1
|
SF_USER_SYN_LIMIT=1
|
||||||
SF_USER_DL_BURST=8gb
|
|
||||||
SF_USER_UL_BURST=8gb
|
|
||||||
SF_RPORT=1
|
SF_RPORT=1
|
||||||
|
|
||||||
# No new shells until load goes below STRAIN*NPROC.
|
# No new shells until load goes below STRAIN*NPROC.
|
||||||
@ -652,18 +650,19 @@ load_limits()
|
|||||||
load_limits_fn "${SF_LIMITS_DIR}/limits-continent-${YOUR_CONTINENT_CODE}.conf"
|
load_limits_fn "${SF_LIMITS_DIR}/limits-continent-${YOUR_CONTINENT_CODE}.conf"
|
||||||
|
|
||||||
# Source country specific limits
|
# Source country specific limits
|
||||||
load_limits_fn "${SF_LIMITS_DIR}/limits-country-${YOUR_COUNTRY_ISO}.conf"
|
load_limits_fn "${SF_LIMITS_DIR}/limits-country-${YOUR_COUNTRY_ISO,,}.conf"
|
||||||
|
|
||||||
prefix="${SF_TOKEN_PREFIX//[^a-z]}-"
|
unset prefix
|
||||||
|
[[ -n $SF_TOKEN_PREFIX ]] && prefix="${SF_TOKEN_PREFIX//[^a-z]}-"
|
||||||
if [[ -z $SF_TOKEN ]]; then
|
if [[ -z $SF_TOKEN ]]; then
|
||||||
# HERE: SF_TOKEN _not_ supplied
|
# HERE: SF_TOKEN _not_ supplied
|
||||||
[[ -f "${SF_USER_DB_DIR}/token" ]] && {
|
[[ -f "${SF_USER_DB_DIR}/token" ]] && {
|
||||||
SF_TOKEN="$(<"${SF_USER_DB_DIR}/token")"
|
SF_TOKEN="$(<"${SF_USER_DB_DIR}/token")"
|
||||||
is_token_loaded=1
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
# HERE: SF_TOKEN is user supplied.
|
# HERE: SF_TOKEN is user supplied.
|
||||||
[[ ! -f "${SF_TOKEN_DIR}/token-${prefix}${SF_TOKEN,,}.conf" ]] && ERREXIT 255 "The TOKEN '${CDY}${SF_TOKEN}${CN}' is not valid."
|
[[ ! -f "${SF_TOKEN_DIR}/token-${prefix}${SF_TOKEN,,}.conf" ]] && ERREXIT 255 "The TOKEN '${CDY}${SF_TOKEN}${CN}' is not valid."
|
||||||
|
logpipe "Type:Token|TOKEN:${SF_TOKEN_NAME}|LID:${LID}|HOSTNAME:${SF_HOSTNAME}|IPHASH:${YOUR_IP_HASH}|C_ISO:${YOUR_COUNTRY_ISO^^}|CONTINENT=${YOUR_CONTINENT_CODE}|"
|
||||||
|
|
||||||
is_need_update_token=1
|
is_need_update_token=1
|
||||||
fi
|
fi
|
||||||
@ -782,6 +781,7 @@ TX=${tx:-unlimited}
|
|||||||
RX=${SF_MAXIN:-unlimited}
|
RX=${SF_MAXIN:-unlimited}
|
||||||
SYN_BURST=${SF_USER_SYN_BURST}
|
SYN_BURST=${SF_USER_SYN_BURST}
|
||||||
SYN_RATE=${SF_USER_SYN_LIMIT}/sec
|
SYN_RATE=${SF_USER_SYN_LIMIT}/sec
|
||||||
|
FW=${SF_USER_FW}
|
||||||
SERVERS=${SF_LIMIT_SERVER_BY_IP}
|
SERVERS=${SF_LIMIT_SERVER_BY_IP}
|
||||||
GREETINGS='${SF_SYSCOP_MSG}'" "/config/self-for-guest/lg-${LID}/limits"
|
GREETINGS='${SF_SYSCOP_MSG}'" "/config/self-for-guest/lg-${LID}/limits"
|
||||||
}
|
}
|
||||||
@ -794,7 +794,12 @@ SF_USER_ROOT_FS_INODE=\"$SF_USER_ROOT_FS_INODE\"
|
|||||||
SF_USER_FS_SIZE=\"$SF_USER_FS_SIZE\"
|
SF_USER_FS_SIZE=\"$SF_USER_FS_SIZE\"
|
||||||
SF_USER_FS_INODE=\"$SF_USER_FS_INODE\"
|
SF_USER_FS_INODE=\"$SF_USER_FS_INODE\"
|
||||||
SF_USER_UL_RATE=\"$SF_USER_UL_RATE\"
|
SF_USER_UL_RATE=\"$SF_USER_UL_RATE\"
|
||||||
|
SF_HOSTNAME=\"$SF_HOSTNAME\"
|
||||||
|
YOUR_COUNTRY_ISO=\"$YOUR_COUNTRY_ISO\"
|
||||||
|
YOUR_CONTINENT_CODE=\"$YOUR_CONTINENT_CODE\"
|
||||||
|
YOUR_IP_HASH=\"$YOUR_IP_HASH\"
|
||||||
SF_RPORT=\"$SF_RPORT\"
|
SF_RPORT=\"$SF_RPORT\"
|
||||||
|
SF_USER_FW=\"$SF_USER_FW\"
|
||||||
SF_TOKEN_IMMUTABLE=\"$SF_TOKEN_IMMUTABLE\"
|
SF_TOKEN_IMMUTABLE=\"$SF_TOKEN_IMMUTABLE\"
|
||||||
SF_USER_IMMUNE=\"$SF_USER_IMMUNE\"" "${LG_RUN_DIR}/limits.txt"
|
SF_USER_IMMUNE=\"$SF_USER_IMMUNE\"" "${LG_RUN_DIR}/limits.txt"
|
||||||
}
|
}
|
||||||
@ -1042,7 +1047,7 @@ mk_geoip()
|
|||||||
[[ -z $SF_HIDEIP ]] && city=$(echo "$res" | jq -r '.[0].Records[0].Record.city.names.en | select(. != null)')
|
[[ -z $SF_HIDEIP ]] && city=$(echo "$res" | jq -r '.[0].Records[0].Record.city.names.en | select(. != null)')
|
||||||
country=$(echo "$res" | jq -r '.[0].Records[0].Record.country.names.en | select(. != null)')
|
country=$(echo "$res" | jq -r '.[0].Records[0].Record.country.names.en | select(. != null)')
|
||||||
country_iso=$(echo "$res" | jq -r '.[0].Records[0].Record.country.iso_code | select(. != null)')
|
country_iso=$(echo "$res" | jq -r '.[0].Records[0].Record.country.iso_code | select(. != null)')
|
||||||
continent_code=$(echo "$res" | jq -r '.[0].Records[0].Record.country.iso_code | select(. != null)')
|
continent_code=$(echo "$res" | jq -r '.[0].Records[0].Record.continent.code | select(. != null)')
|
||||||
|
|
||||||
country_iso="${country_iso,,}"
|
country_iso="${country_iso,,}"
|
||||||
country_iso="${country_iso//[^a-z]}"
|
country_iso="${country_iso//[^a-z]}"
|
||||||
@ -1224,7 +1229,7 @@ else
|
|||||||
[[ -d "${HNLID_DIR}" ]] || exec_devnull mkdir "${HNLID_DIR}"
|
[[ -d "${HNLID_DIR}" ]] || exec_devnull mkdir "${HNLID_DIR}"
|
||||||
tofile "$LID" "${HNLID_FILE}" || ERREXIT 231 "tofile: Failed to create hnlid_file"
|
tofile "$LID" "${HNLID_FILE}" || ERREXIT 231 "tofile: Failed to create hnlid_file"
|
||||||
# Add a log entry into elastisearch using logpipe
|
# Add a log entry into elastisearch using logpipe
|
||||||
logpipe "Type:Create|LID:${LID}|Hostname:${SF_HOSTNAME}|C_ISO:${YOUR_COUNTRY_ISO}|CONTINENT=${YOUR_CONTINENT_CODE}|"
|
logpipe "Type:Create|LID:${LID}|Hostname:${SF_HOSTNAME}|IPHASH:${YOUR_IP_HASH}|C_ISO:${YOUR_COUNTRY_ISO^^}|CONTINENT=${YOUR_CONTINENT_CODE}|"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
DEBUGF "LID=${LID} SF_HOSTNAME=${SF_HOSTNAME}"
|
DEBUGF "LID=${LID} SF_HOSTNAME=${SF_HOSTNAME}"
|
||||||
@ -1232,7 +1237,7 @@ unset str
|
|||||||
[[ -n $SF_LOG_IP ]] && str="[${CDY}${YOUR_IP}${CN}] "
|
[[ -n $SF_LOG_IP ]] && str="[${CDY}${YOUR_IP}${CN}] "
|
||||||
str+="${CDG}${SF_HOSTNAME}"
|
str+="${CDG}${SF_HOSTNAME}"
|
||||||
[[ -n $SF_PRJ ]] && str+="/${CW}${SF_PRJ}"
|
[[ -n $SF_PRJ ]] && str+="/${CW}${SF_PRJ}"
|
||||||
LOG "${str}${CN} ${CDC}$*${CN}"
|
LOG "${str}${CN} [${CF}${YOUR_IP_HASH}${CN}/${CDY}${YOUR_COUNTRY_ISO}${CN}/${CDM}${YOUR_CONTINENT_CODE}${CN}] ${CDC}$*${CN}"
|
||||||
|
|
||||||
# Record which SSHD process is connect to guest LG.
|
# Record which SSHD process is connect to guest LG.
|
||||||
tofile "SSHD_PID=$PPID
|
tofile "SSHD_PID=$PPID
|
||||||
@ -1261,7 +1266,7 @@ sem_wait
|
|||||||
[[ $str == "running" ]] && {
|
[[ $str == "running" ]] && {
|
||||||
echo_pty -e "..........[${CG}Ok${CN}]"
|
echo_pty -e "..........[${CG}Ok${CN}]"
|
||||||
DEBUGF "Attaching to existing container lg-${LID}..."
|
DEBUGF "Attaching to existing container lg-${LID}..."
|
||||||
LOG "Attaching to existing container"
|
# LOG "Attaching to existing container"
|
||||||
spawn_shell_exit "$@"
|
spawn_shell_exit "$@"
|
||||||
# NOT REACHED
|
# NOT REACHED
|
||||||
}
|
}
|
||||||
@ -1377,7 +1382,7 @@ echo_pty -n ".."
|
|||||||
res=$(red SET "ip:${C_IP}" "${LID} ${CID} ${LG_PID}") || STOPEXIT "$LID" 252 "Failed to set LID in Redis"
|
res=$(red SET "ip:${C_IP}" "${LID} ${CID} ${LG_PID}") || STOPEXIT "$LID" 252 "Failed to set LID in Redis"
|
||||||
|
|
||||||
# Set FW rules for this container
|
# Set FW rules for this container
|
||||||
exec_devnull docker exec sf-router /user-limit.sh "${YOUR_IP_HASH}" "${YOUR_IP}" "${C_IP}" "$SF_USER_SYN_LIMIT" "$SF_USER_SYN_BURST" "$SF_USER_DL_RATE" "$SF_USER_DL_BURST" "$SF_USER_UL_RATE" "$SF_USER_UL_BURST" || STOPEXIT "${LID}" 251 "Faild to set syn-limit...";
|
exec_devnull docker exec sf-router /user-limit.sh "${LID}" "${YOUR_IP_HASH}" "${YOUR_IP}" "${C_IP}" "$SF_USER_SYN_LIMIT" "$SF_USER_SYN_BURST" || STOPEXIT "${LID}" 251 "Faild to set syn-limit...";
|
||||||
|
|
||||||
# Ready container
|
# Ready container
|
||||||
exec_devnull docker exec sf-master /ready-lg.sh "${LID}" "${C_IP}" "${LG_PID}" "${SF_USER_DL_RATE}" "${SF_USER_UL_RATE}" || STOPEXIT "${LID}" 246 "Failed-#3 to ready guest container..."
|
exec_devnull docker exec sf-master /ready-lg.sh "${LID}" "${C_IP}" "${LG_PID}" "${SF_USER_DL_RATE}" "${SF_USER_UL_RATE}" || STOPEXIT "${LID}" 246 "Failed-#3 to ready guest container..."
|
||||||
|
@ -7,6 +7,7 @@ WG_PORT_MAX=65535
|
|||||||
WT_VER=1
|
WT_VER=1
|
||||||
COLOR="always"
|
COLOR="always"
|
||||||
ICON_ERROR=""
|
ICON_ERROR=""
|
||||||
|
SF_RUN_DIR="/dev/shm/sf/run"
|
||||||
source /sf/bin/funcs.sh
|
source /sf/bin/funcs.sh
|
||||||
source /sf/bin/funcs_redis.sh
|
source /sf/bin/funcs_redis.sh
|
||||||
|
|
||||||
@ -18,6 +19,12 @@ WG_EP_HOST=${WG_EP_IP}
|
|||||||
|
|
||||||
echo -en "Content-Type: text/plain\r\n\r\n"
|
echo -en "Content-Type: text/plain\r\n\r\n"
|
||||||
|
|
||||||
|
logpipe() {
|
||||||
|
[[ ! -e "${SF_RUN_DIR}/logpipe/logPipe.sock" ]] && return
|
||||||
|
|
||||||
|
echo "$*" | nc -U unix-socket-client
|
||||||
|
}
|
||||||
|
|
||||||
# BAIL <STDOUT-MSG> <STDERR-MSG> <INFO MSG>
|
# BAIL <STDOUT-MSG> <STDERR-MSG> <INFO MSG>
|
||||||
# STDOUT goes to user.
|
# STDOUT goes to user.
|
||||||
# STDERR is logged.
|
# STDERR is logged.
|
||||||
@ -683,6 +690,7 @@ cmd_token() {
|
|||||||
[[ ! -f "${token_fn}" ]] && { sleep 1; BAIL "${M}Token '${R}${TOKEN_NAME}${M}' does not exist.${N}"; }
|
[[ ! -f "${token_fn}" ]] && { sleep 1; BAIL "${M}Token '${R}${TOKEN_NAME}${M}' does not exist.${N}"; }
|
||||||
|
|
||||||
echo "${TOKEN_NAME}" >"/config/db/user/lg-${LID}/token"
|
echo "${TOKEN_NAME}" >"/config/db/user/lg-${LID}/token"
|
||||||
|
logpipe "Type:Token|TOKEN:${TOKEN_NAME,,}|LID:${LID}|HOSTNAME:${SF_HOSTNAME}|IPHASH:${YOUR_IP_HASH}|C_ISO:${YOUR_COUNTRY_ISO^^}|CONTINENT=${YOUR_CONTINENT_CODE}|"
|
||||||
|
|
||||||
echo -en "${G}🦋 Token set. ${N}Type ${C}halt${N} and log back in."
|
echo -en "${G}🦋 Token set. ${N}Type ${C}halt${N} and log back in."
|
||||||
|
|
||||||
|
@ -34,6 +34,8 @@ init_vars()
|
|||||||
|
|
||||||
# export DEBIAN_FRONTEND=noninteractive # Must e interactive so that we get warning if kernel got updated (needs reboot)
|
# export DEBIAN_FRONTEND=noninteractive # Must e interactive so that we get warning if kernel got updated (needs reboot)
|
||||||
[[ -z $SF_SEED ]] && ERREXIT 255 "SF_SEED= not set. Try \`export SF_SEED=\"\$(head -c 1024 /dev/urandom |base64| tr -dc '[:alpha:]' | head -c 32)\"\`"
|
[[ -z $SF_SEED ]] && ERREXIT 255 "SF_SEED= not set. Try \`export SF_SEED=\"\$(head -c 1024 /dev/urandom |base64| tr -dc '[:alpha:]' | head -c 32)\"\`"
|
||||||
|
[[ -z $MAXMIND_KEY ]] && ERREXIT 255 "MAXMIND_KEY= not set. Try ${CDC}export MAXMIND_KEY=skip${CN} to disable. See https://support.maxmind.com/hc/en-us/articles/4407111582235-Generate-a-License-Key"
|
||||||
|
[[ $MAXMIND_KEY == "skip" ]] && unset MAXMIND_KEY
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -160,7 +162,7 @@ init_config_run()
|
|||||||
mergedir "config/etc/redis"
|
mergedir "config/etc/redis"
|
||||||
mergedir "config/etc/resolv.conf"
|
mergedir "config/etc/resolv.conf"
|
||||||
|
|
||||||
[[ ! -f "${SF_DATADIR}/share/GeoLite2-City.mmdb" ]] && curl 'https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=zNACjsJrHnGPBxgI&suffix=tar.gz' | tar xfvz - --strip-components=1 --no-anchored -C "${SF_DATADIR}/share/" 'GeoLite2-City.mmdb'
|
[[ ! -f "${SF_DATADIR}/share/GeoLite2-City.mmdb" ]] && [[ -n "${MAXMIND_KEY}" ]] && curl 'https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key='"${MAXMIND_KEY}"'&suffix=tar.gz' | tar xfvz - --strip-components=1 --no-anchored -C "${SF_DATADIR}/share/" 'GeoLite2-City.mmdb'
|
||||||
[[ ! -f "${SF_DATADIR}/share/tor-exit-nodes.txt" ]] && curl 'https://www.dan.me.uk/torlist/?exit' >"${SF_DATADIR}/share/tor-exit-nodes.txt"
|
[[ ! -f "${SF_DATADIR}/share/tor-exit-nodes.txt" ]] && curl 'https://www.dan.me.uk/torlist/?exit' >"${SF_DATADIR}/share/tor-exit-nodes.txt"
|
||||||
|
|
||||||
# Setup /dev/shm/sf/run/log (in-memory /var/run...)
|
# Setup /dev/shm/sf/run/log (in-memory /var/run...)
|
||||||
|
@ -1,23 +1,36 @@
|
|||||||
#! /bin/bash
|
#! /bin/bash
|
||||||
|
|
||||||
|
# Executed on router
|
||||||
# Set User's TCP SYN limit and others
|
# Set User's TCP SYN limit and others
|
||||||
# [YOUR_IP] [Container IP] [SYN_LIMIT 1/sec] [SYN_BURST]
|
# [YOUR_IP] [Container IP] [SYN_LIMIT 1/sec] [SYN_BURST]
|
||||||
|
|
||||||
YOUR_IP_HASH="$1"
|
LID="$1"
|
||||||
YOUR_IP="$2"
|
YOUR_IP_HASH="$2"
|
||||||
C_IP="$3"
|
YOUR_IP="$3"
|
||||||
SYN_LIMIT="$4"
|
C_IP="$4"
|
||||||
SYN_BURST="$5"
|
SYN_LIMIT="$5"
|
||||||
USER_DL_RATE="$6"
|
SYN_BURST="$6"
|
||||||
USER_DL_BURST="$6"
|
|
||||||
USER_UL_RATE="$7"
|
set -e # Exit immediately on error
|
||||||
USER_UL_BURST="$8"
|
source "/dev/shm/net-devs.txt"
|
||||||
|
source "/sf/run/users/lg-${LID}/limits.txt"
|
||||||
|
|
||||||
|
fn="/config/db/token/netns-${SF_USER_FW}.sh"
|
||||||
|
FORWARD_USER="FW-${C_IP:?}"
|
||||||
|
set +e
|
||||||
|
iptables -F "${FORWARD_USER}" 2>/dev/null || iptables -N "${FORWARD_USER}"
|
||||||
|
[[ -n $SF_USER_FW ]] && [[ -f "$fn" ]] && {
|
||||||
|
iptables -C FORWARD -i "${DEV_LG:?}" -s "${C_IP}" -j "${FORWARD_USER}" &>/dev/null || iptables -I FORWARD 1 -i "${DEV_LG}" -s "${C_IP}" -j "${FORWARD_USER}"
|
||||||
|
set -e
|
||||||
|
source "$fn"
|
||||||
|
set +e
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
# Create our own 'hashmap' so that SYN is limited by user's source IP (e.g. user can spawn two
|
# Create our own 'hashmap' so that SYN is limited by user's source IP (e.g. user can spawn two
|
||||||
# servers and both servers have a total limit of SYN_LIMIT)
|
# servers and both servers have a total limit of SYN_LIMIT)
|
||||||
IDX=$((0x${YOUR_IP_HASH} % 1024))
|
IDX=$((0x${YOUR_IP_HASH} % 1024))
|
||||||
[[ $IDX -lt 0 ]] && IDX=$((IDX * -1))
|
[[ $IDX -lt 0 ]] && IDX=$((IDX * -1))
|
||||||
source /dev/shm/net-devs.txt || exit
|
|
||||||
|
|
||||||
[[ -n $SYN_LIMIT ]] && {
|
[[ -n $SYN_LIMIT ]] && {
|
||||||
CHAIN="SYN-${SYN_LIMIT}-${SYN_BURST}-${IDX}"
|
CHAIN="SYN-${SYN_LIMIT}-${SYN_BURST}-${IDX}"
|
||||||
|
2
sfbin/sf
2
sfbin/sf
@ -162,7 +162,7 @@ export SF_GUEST_MTU=$((SF_HOST_MTU - 80))
|
|||||||
|
|
||||||
[[ ! -f "${SF_DATADIR}/share/GeoLite2-City.mmdb" ]] && {
|
[[ ! -f "${SF_DATADIR}/share/GeoLite2-City.mmdb" ]] && {
|
||||||
WARN "Not found: data/share/GeoLite2-City.mmdb"
|
WARN "Not found: data/share/GeoLite2-City.mmdb"
|
||||||
echo -e "Try \`curl 'https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=zNACjsJrHnGPBxgI&suffix=tar.gz' | tar xfvz - --strip-components=1 --no-anchored -C '${SF_DATADIR}/share/' 'GeoLite2-City.mmdb'\`."
|
echo -e "Try \`curl 'https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=${MAXMIND_KEY:?}&suffix=tar.gz' | tar xfvz - --strip-components=1 --no-anchored -C '${SF_DATADIR}/share/' 'GeoLite2-City.mmdb'\`."
|
||||||
}
|
}
|
||||||
|
|
||||||
[[ ! -f "${SF_DATADIR}/share/tor-exit-nodes.txt" ]] && {
|
[[ ! -f "${SF_DATADIR}/share/tor-exit-nodes.txt" ]] && {
|
||||||
|
Loading…
Reference in New Issue
Block a user