shadowsocks

c9ad36aa · 神楽坂玲奈 · a819e3b5 · 7b18108c · c9ad36aa · c9ad36aa
Commit c9ad36aa authored Dec 27, 2015 by 神楽坂玲奈
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 5 deletions

db.coffee db.coffee +3 -2

iptables-rules iptables-rules +5 -3

start.sh start.sh +1 -0

No files found.
--- a/db.coffee
+++ b/db.coffee
@@ -42,7 +42,7 @@ module.exports =
                regions[row.region_id].addresses.push row.address
              reachable_servers = (server.id for i, server of servers when server.link?)
              reachable_servers.push server_id
-              client.query 'SELECT DISTINCT ON (region_id) region_id, server_id FROM gateways WHERE server_id = ANY($1::smallint[]) ORDER BY region_id, delay', [reachable_servers], (error, result) ->
+              client.query 'SELECT DISTINCT ON (region_id) region_id, server_id FROM gateways WHERE server_id = ANY($1::smallint[]) ORDER BY region_id, server_id = $2::smallint DESC, delay', [reachable_servers, server_id], (error, result) ->
                throw error if error
                for row in result.rows
                  regions[row.region_id].gateway = row.server_id
@@ -53,7 +53,8 @@ module.exports =
                    servers[21].next_hop = 20
                    servers[22].next_hop = 20
                    servers[23].next_hop = 20
-                    #regions[1].gateway = 23
+                    regions[0].gateway = 21
+                    regions[1].gateway = 23
                  when 1, 9
                    servers[20].next_hop = 8
                    servers[21].next_hop = 8

--- a/iptables-rules
+++ b/iptables-rules
@@ -4,16 +4,18 @@
 -A PREROUTING -i ${RAILGUN_INTERFACE} -p tcp -m addrtype --dst-type LOCAL -m set --match-set ports1 dst -j REDIRECT --to-ports 3128
 -A PREROUTING -i ${RAILGUN_INTERFACE} -p tcp -m addrtype --dst-type LOCAL -m set --match-set ports2 dst -j REDIRECT --to-ports 3129
 -A PREROUTING -i ${RAILGUN_INTERFACE} -p tcp -m addrtype --dst-type LOCAL -m set --match-set ports3 dst -j REDIRECT --to-ports 1080
-A PREROUTING -i ${RAILGUN_INTERFACE} -p tcp -m addrtype --dst-type LOCAL -m set --match-set ports3 dst -j ACCEPT
+-A PREROUTING -i ${RAILGUN_INTERFACE} -p tcp -m addrtype --dst-type LOCAL -m set --match-set ports4 dst -j ACCEPT 
 -A PREROUTING -i ${RAILGUN_INTERFACE} -p tcp -m addrtype --dst-type LOCAL -j REDIRECT --to-ports 3100
 # socks5 dns hack
 -A OUTPUT -o ${RAILGUN_INTERFACE} -p udp --dport 53 -m owner --uid-owner proxy -j REDIRECT --to-ports 53
 -A POSTROUTING -o ${RAILGUN_INTERFACE} -s 10.0.0.0/8 -j SNAT --to-source ${RAILGUN_PRIVATE_ADDRESS}
 COMMIT
 *mangle
+-A PREROUTING -s ${RAILGUN_ADDRESS}/16 ! -d 10.0.0.0/8 -p tcp -m multiport --dports 9300,9301,9400 -j MARK --set-xmark 0x1/0xffffffff
+-A PREROUTING -s ${RAILGUN_ADDRESS}/16 ! -d 10.0.0.0/8 -p tcp -m multiport --dports 9300,9301,9400 -j ACCEPT
 -A PREROUTING -s ${RAILGUN_ADDRESS}/16 -p tcp -m addrtype ! --dst-type LOCAL -j TPROXY --on-port 5000 --on-ip 0.0.0.0 --tproxy-mark 0x3
 -A PREROUTING -s ${RAILGUN_ADDRESS}/16 ! -p tcp -j MARK --set-mark 0x1
-A INPUT -s 10.${RAILGUN_ID}.32.0/20,10.${RAILGUN_ID}.64.0/20,10.${RAILGUN_ID}.176.0/20 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1361:1536 -j TCPMSS --set-mss 1360
+-A INPUT -s ${RAILGUN_ADDRESS}/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1301:1536 -j TCPMSS --set-mss 1300
-A OUTPUT -d 10.${RAILGUN_ID}.32.0/20,10.${RAILGUN_ID}.64.0/20,10.${RAILGUN_ID}.176.0/20 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1361:1536 -j TCPMSS --set-mss 1360
+-A OUTPUT -d ${RAILGUN_ADDRESS}/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1301:1536 -j TCPMSS --set-mss 1300
 -A POSTROUTING -o ${RAILGUN_INTERFACE} -j TOS --set-tos 0x3c
 COMMIT
--- a/start.sh
+++ b/start.sh
@@ -11,6 +11,7 @@ echo 'ipset...'
 ipset create -exist ports1 bitmap:port range 10000-32767
 ipset create -exist ports2 bitmap:port range 10000-32767
 ipset create -exist ports3 bitmap:port range 10000-32767
+ipset create -exist ports4 bitmap:port range 10000-32767
 ipset create -exist block_ip hash:ip
 echo 'iptables...'