1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-feeds.git synced 2025-03-09 15:40:03 +00:00

Add nftables support to v2ray

This commit is contained in:
Ycarus (Yannick Chabanois) 2024-01-10 17:40:43 +01:00
parent 9a141a377e
commit 3f890976ed
5 changed files with 2592 additions and 4 deletions

View file

@ -59,6 +59,20 @@ define Package/v2ray-extra
PKGARCH:=all PKGARCH:=all
endef endef
define Package/v2ray-config
$(call Package/v2ray/template)
TITLE+= (init script)
DEPENDS:=v2ray-core
PKGARCH:=all
endef
define Package/v2ray-config-nft
$(call Package/v2ray/template)
TITLE+= (init script with nft)
DEPENDS:=v2ray-core
PKGARCH:=all
endef
define Package/v2ray/description define Package/v2ray/description
Project V is a set of network tools that help you to build your own computer network. Project V is a set of network tools that help you to build your own computer network.
It secures your network connections and thus protects your privacy. It secures your network connections and thus protects your privacy.
@ -80,6 +94,18 @@ define Package/v2ray-extra/description
This includes extra resources for v2ray-core. This includes extra resources for v2ray-core.
endef endef
define Package/v2ray-config/description
$(call Package/v2ray/description)
This includes init script
endef
define Package/v2ray-config-nft/description
$(call Package/v2ray/description)
This includes init script with nftables support
endef
define Package/v2ray-core/conffiles define Package/v2ray-core/conffiles
/etc/config/v2ray /etc/config/v2ray
/etc/v2ray/ /etc/v2ray/
@ -92,12 +118,17 @@ define Package/v2ray-core/install
$(INSTALL_DIR) $(1)/etc/v2ray/ $(INSTALL_DIR) $(1)/etc/v2ray/
$(INSTALL_DATA) $(PKG_BUILD_DIR)/release/config/config.json $(1)/etc/v2ray/ $(INSTALL_DATA) $(PKG_BUILD_DIR)/release/config/config.json $(1)/etc/v2ray/
endef
define Package/v2ray-config/install
$(CP) ./files/* $(1)/ $(CP) ./files/* $(1)/
# $(INSTALL_DIR) $(1)/etc/config/ rm $(1)/etc/init.d/v2ray-nft
# $(INSTALL_CONF) $(CURDIR)/files/v2ray.conf $(1)/etc/config/v2ray endef
# $(INSTALL_DIR) $(1)/etc/init.d/
# $(INSTALL_BIN) $(CURDIR)/files/v2ray.init $(1)/etc/init.d/v2ray define Package/v2ray-config-nft/install
$(CP) ./files/* $(1)/
mv $(1)/etc/init.d/v2ray-nft $(1)/etc/init.d/v2ray
endef endef
define Package/v2ray-example/install define Package/v2ray-example/install
@ -112,5 +143,7 @@ define Package/v2ray-extra/install
endef endef
$(eval $(call BuildPackage,v2ray-core)) $(eval $(call BuildPackage,v2ray-core))
$(eval $(call BuildPackage,v2ray-config))
$(eval $(call BuildPackage,v2ray-config-nft))
$(eval $(call BuildPackage,v2ray-example)) $(eval $(call BuildPackage,v2ray-example))
$(eval $(call BuildPackage,v2ray-extra)) $(eval $(call BuildPackage,v2ray-extra))

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,126 @@
{%
function get_local_verdict() {
let v = o_local_default;
if (v == "checkdst") {
return "goto v2r_rules_dst_" + proto;
} else if (v == "forward") {
return "goto v2r_rules_forward_" + proto;
} else {
return null;
}
}
function get_src_default_verdict() {
let v = o_src_default;
if (v == "checkdst") {
return "goto v2r_rules_dst_" + proto;
} else if (v == "forward") {
return "goto v2r_rules_forward_" + proto;
} else {
return "accept";
}
}
function get_dst_default_verdict() {
let v = o_dst_default;
if (v == "forward") {
return "goto v2r_rules_forward_" + proto;
} else {
return "accept";
}
}
function get_ifnames() {
let res = [];
for (let ifname in split(o_ifnames, /[ \t\n]/)) {
ifname = trim(ifname);
if (ifname) push(res, ifname);
}
return res;
}
let type, hook, priority, redir_port;
if (proto == "tcp") {
type = "nat";
hook = "prerouting";
priority = -1;
redir_port = o_redir_tcp_port;
} else if (proto == "udp") {
type = "filter";
hook = "prerouting";
priority = "mangle";
redir_port = o_redir_udp_port;
if (system("
set -o errexit
iprr() {
while ip $1 rule del fwmark 1 lookup 100 2>/dev/null; do true; done
ip $1 rule add fwmark 1 lookup 100
ip $1 route flush table 100 2>/dev/null || true
ip $1 route add local default dev lo table 100
}
iprr -4
iprr -6
") != 0) {
return ;
}
} else {
return;
}
%}
{% if (redir_port): %}
chain v2r_rules_pre_{{ proto }} {
type {{ type }} hook {{ hook }} priority {{ priority }};
meta l4proto {{ proto }}{%- let ifnames=get_ifnames(); if (length(ifnames)): %} iifname { {{join(", ", ifnames)}} }{% endif %} goto v2r_rules_pre_src_{{ proto }};
}
chain v2r_rules_pre_src_{{ proto }} {
ip daddr @v2r_rules_dst_bypass_ accept;
ip6 daddr @v2r_rules6_dst_bypass_ accept;
goto v2r_rules_src_{{ proto }};
}
chain v2r_rules_src_{{ proto }} {
ip saddr @v2r_rules_src_bypass accept;
ip saddr @v2r_rules_src_forward goto v2r_rules_forward_{{ proto }};
ip saddr @v2r_rules_src_checkdst goto v2r_rules_dst_{{ proto }};
ip6 saddr @v2r_rules6_src_bypass accept;
ip6 saddr @v2r_rules6_src_forward goto v2r_rules_forward_{{ proto }};
ip6 saddr @v2r_rules6_src_checkdst goto v2r_rules_dst_{{ proto }};
{{ get_src_default_verdict() }};
}
chain v2r_rules_dst_{{ proto }} {
ip daddr @v2r_rules_dst_bypass accept;
ip daddr @v2r_rules_remote_servers accept;
ip daddr @v2r_rules_dst_forward goto v2r_rules_forward_{{ proto }};
ip6 daddr @v2r_rules6_dst_bypass accept;
ip6 daddr @v2r_rules6_remote_servers accept;
ip6 daddr @v2r_rules6_dst_forward goto v2r_rules_forward_{{ proto }};
{{ get_dst_default_verdict() }};
}
{% if (proto == "tcp"): %}
chain v2r_rules_forward_{{ proto }} {
meta l4proto tcp {{ o_nft_tcp_extra }} redirect to :{{ redir_port }};
}
{% let local_verdict = get_local_verdict(); if (local_verdict): %}
chain v2r_rules_local_out {
type {{ type }} hook output priority -1;
meta l4proto != tcp accept;
ip daddr @v2r_rules_remote_servers accept;
ip daddr @v2r_rules_dst_bypass_ accept;
ip daddr @v2r_rules_dst_bypass accept;
ip6 daddr @v2r_rules6_remote_servers accept;
ip6 daddr @v2r_rules6_dst_bypass_ accept;
ip6 daddr @v2r_rules6_dst_bypass accept;
{{ local_verdict }};
}
{% endif %}
{% elif (proto == "udp"): %}
chain v2r_rules_forward_{{ proto }} {
meta l4proto udp {{ o_nft_udp_extra }} meta mark set 1 tproxy to :{{ redir_port }};
}
{% endif %}
{% endif %}

View file

@ -0,0 +1,117 @@
{%
let fs = require("fs");
let o_dst_bypass4_ = "
0.0.0.0/8
10.0.0.0/8
100.64.0.0/10
127.0.0.0/8
169.254.0.0/16
172.16.0.0/12
192.0.0.0/24
192.0.2.0/24
192.168.0.0/16
192.31.196.0/24
192.52.193.0/24
192.88.99.0/24
192.175.48.0/24
198.18.0.0/15
198.51.100.0/24
203.0.113.0/24
224.0.0.0/4
240.0.0.0/4
";
let o_dst_bypass6_ = "
::1/128
::/128
::ffff:0:0/96
64:ff9b:1::/48
100::/64
fe80::/10
2001::/23
fc00::/7
";
let o_dst_bypass_ = o_dst_bypass4_ + " " + o_dst_bypass6_;
let set_suffix = {
"src_bypass": {
str: o_src_bypass,
},
"src_forward": {
str: o_src_forward,
},
"src_checkdst": {
str: o_src_checkdst,
},
"remote_servers": {
str: o_remote_servers
},
"dst_bypass": {
str: o_dst_bypass,
file: o_dst_bypass_file,
},
"dst_bypass_": {
str: o_dst_bypass_,
},
"dst_forward": {
str: o_dst_forward,
file: o_dst_forward_file,
},
"dst_forward_rrst_": {},
};
function set_name(suf, af) {
if (af == 4) {
return "v2r_rules_"+suf;
} else {
return "v2r_rules6_"+suf;
}
}
function set_elements_parse(res, str, af) {
for (let addr in split(str, /[ \t\n]/)) {
addr = trim(addr);
if (!addr) continue;
if (af == 4 && index(addr, ":") != -1) continue;
if (af == 6 && index(addr, ":") == -1) continue;
push(res, addr);
}
}
function set_elements(suf, af) {
let obj = set_suffix[suf];
let res = [];
let addr;
let str = obj["str"];
if (str) {
set_elements_parse(res, str, af);
}
let file = obj["file"];
if (file) {
let fd = fs.open(file);
if (fd) {
str = fd.read("all");
set_elements_parse(res, str, af);
}
}
return res;
}
%}
{% for (let suf in set_suffix): for (let af in [4, 6]): %}
set {{ set_name(suf, af) }} {
type ipv{{af}}_addr;
flags interval;
auto-merge;
{% let elems = set_elements(suf, af); if (length(elems)): %}
elements = {
{% for (let i = 0; i < length(elems); i++): %}
{{ elems[i] }}{% if (i < length(elems) - 1): %},{% endif %}{% print("\n") %}
{% endfor %}
}
{% endif %}
}
{% endfor; endfor %}

View file

@ -0,0 +1,8 @@
{%
include("set.uc");
include("chain.uc", {proto: "tcp"});
include("chain.uc", {proto: "udp"});
%}