Add LuCI interface to bypass hosts

luci-app-omr-bypass/Makefile

@@ -0,0 +1,15 @@
+#
+# Copyright (C) 2018 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
+#
+#
+
+include $(TOPDIR)/rules.mk
+
+LUCI_TITLE:=LuCI Interface to bypass domains
+LUCI_DEPENDS:=+dnsmasq-full +shadowsocks-libev-ss-rules
+
+PKG_LICENSE:=Apache-2.0
+
+include ../luci/luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature

luci-app-omr-bypass/luasrc/controller/omr-bypass.lua

@@ -0,0 +1,27 @@
+local ucic = uci.cursor()
+module("luci.controller.omr-bypass", package.seeall)
+
+function index()
+	entry({"admin", "services", "omr-bypass"}, alias("admin", "services", "omr-bypass", "index"), _("OMR-Bypass"))
+	entry({"admin", "services", "omr-bypass", "index"}, template("omr-bypass/bypass"))
+	entry({"admin", "services", "omr-bypass", "add"}, post("bypass_add"))
+end
+
+function bypass_add()
+	local hosts = luci.http.formvalue("cbid.omr-bypass.hosts")
+	if (type(hosts) ~= "table") then
+		hosts = {hosts}
+	end
+	local ipset = ""
+	for _, k in pairs(hosts) do
+		if k ~= "" then
+			ipset = ipset .. '/' .. k
+		end
+	end
+	ucic:set_list("dhcp",ucic:get_first("dhcp","dnsmasq"),"ipset",ipset .. "/ss_rules_dst_bypass")
+	ucic:save("dhcp")
+	ucic:commit("dhcp")
+	luci.sys.exec("/etc/init.d/dnsmasq restart")
+	luci.http.redirect(luci.dispatcher.build_url("admin/services/omr-bypass"))
+	return
+end

luci-app-omr-bypass/luasrc/view/omr-bypass/bypass.htm

@@ -0,0 +1,51 @@
+<%+header%>
+
+<script type="text/javascript" src="<%=resource%>/cbi.js" data-strings="{&#34;path&#34;:{&#34;resource&#34;:&#34;\/luci-static\/resources&#34;,&#34;browser&#34;:&#34;\/cgi-bin\/luci\/admin\/filebrowser&#34;},&#34;label&#34;:{&#34;choose&#34;:&#34;-- Choisir --&#34;,&#34;custom&#34;:&#34;-- autre --&#34;}}"></script>
+
+<%
+	local uci = require("luci.model.uci").cursor()
+	local hosts = uci:get_list("dhcp", uci:get_first("dhcp","dnsmasq"), "ipset")
+%>
+
+<% if stderr and #stderr > 0 then %><pre class="error"><%=pcdata(stderr)%></pre><% end %>
+<form class="inline" method="post" action="<%=url('admin/services/omr-bypass/add')%>">
+    <div class="cbi-map">
+	<h2 name="content"><%:Bypass%></h2>
+	<fieldset class="cbi-section" id="hosts">
+	    <legend><%:Hostnames%></legend>
+	    <div class="cbi-section-descr"><%:Set hostname that you want to bypass.%></div>
+	    <div class="cbi-value cbi-value-last" id="cbi-omr-tracker-hosts" data-depends="[]" data-index="<%=table.getn(hosts)%>">
+		<label class="cbi-value-title" for="cbid.omr-tracker.hosts">Hosts</label>
+		<div class="cbi-value-field">
+		    <div data-prefix="cbid.omr-bypass.hosts" data-browser-path="" data-dynlist="[[],[],null,false]" data-placeholder="google.com">
+<%
+	local j = 1
+	for _ , host in pairs(hosts) do
+%><%=host%><%
+	    j = j+1
+	    for hst in string.gmatch(host,"([^/]*)/") do
+		if hst ~= "" then
+%>
+			<input class="cbi-input-text" value="<%=hst%>" data-update="change" type="text" id="cbid.omr-bypass.hosts.<%=j%>" name="cbid.omr-bypass.hosts" placeholder="google.com" /><br />
+<%
+	        end
+	    end
+	end
+	if j == 1 then
+%>
+			<input class="cbi-input-text" value="" data-update="change" type="text" id="cbid.omr-bypass.hosts.1" name="cbid.omr-bypass.hosts" placeholder="google.com" /><br />
+<%
+	end
+%>
+		    </div>
+		</div>
+	    </div>
+	</fieldset>
+    </div>
+    <div class="cbi-page-actions">
+	<input type="hidden" name="token" value="<%=token%>" />
+	<button class="btn" type="submit">Submit</button>
+    </div>
+</form>
+<script type="text/javascript">cbi_init();</script>
+<%+footer%>

mptcp/files/usr/share/omr/post-tracking.d/post-tracking

@@ -21,6 +21,7 @@ set_route() {
 		if [ "$interface_gw" != "" ]; then
 			_log "Replace default route by $interface_gw dev $interface_if"
 			ip route replace default scope global nexthop via $interface_gw dev $interface_if && SETROUTE=true
+			ip route replace default via $interface_gw dev $interface_if table 991337
 		fi
 	fi
 }
@@ -93,6 +94,7 @@ if [ "$multipath_config" = "master" ]; then
 			config_load shadowsocks-libev
 			config_foreach set_ss_route server
 		fi
+		ip route replace default via $OMR_TRACKER_DEVICE_GATEWAY dev $OMR_TRACKER_DEVICE table 991337
 	fi
 	multipath_config="on"
 fi

shadowsocks-libev/files/shadowsocks-libev.init

@@ -295,6 +295,8 @@ start_service() {
 	done
 	ss_rules
 	ss_rules6
+	# Add rule to match traffic marked by firewall for bypass
+	ip rule add prio 1 fwmark 0x539 lookup 991337
 }
 
 stop_service() {

shadowsocks-libev/files/ss-rules

@@ -156,6 +156,15 @@ ss_rules_ipset_mkadd() {
 ss_rules_iptchains_init() {
 	ss_rules_iptchains_init_tcp
 	ss_rules_iptchains_init_udp
+	ss_rules_iptchains_init_mark
+}
+
+ss_rules_iptchains_init_mark() {
+	iptables-restore --noflush <<-EOF
+		*mangle
+		-A OUTPUT -m set --match-set ss_rules_dst_bypass dst -j MARK --set-mark 0x539
+		COMMIT
+	EOF
 }
 
 ss_rules_iptchains_init_tcp() {

shadowsocks-libev/files/ss-rules6

@@ -139,8 +139,18 @@ ss_rules6_ipset_mkadd() {
 ss_rules6_iptchains_init() {
 	ss_rules6_iptchains_init_tcp
 	ss_rules6_iptchains_init_udp
+	ss_rules6_iptchains_init_mark
 }
 
+ss_rules_iptchains_init_mark() {
+	iptables-restore --noflush <<-EOF
+		*mangle
+		-A OUTPUT -m set --match-set ss_rules6_dst_bypass dst -j MARK --set-mark 0x539
+		COMMIT
+	EOF
+}
+
+
 ss_rules6_iptchains_init_tcp() {
 	local local_target