mirror of
https://github.com/Ysurac/openmptcprouter-feeds.git
synced 2025-03-09 15:40:03 +00:00
Choose interface used for each domains, ips, networks or protocols that bypass OMR
This commit is contained in:
Ycarus
parent
d1d69d8043
commit
4171d8e07a
7 changed files with 296 additions and 196 deletions
|
|
@ -4,48 +4,6 @@ module("luci.controller.omr-bypass", package.seeall)
|
||||||
|
|
||||||
function index()
|
function index()
|
||||||
entry({"admin", "services", "omr-bypass"}, alias("admin", "services", "omr-bypass", "index"), _("OMR-Bypass"))
|
entry({"admin", "services", "omr-bypass"}, alias("admin", "services", "omr-bypass", "index"), _("OMR-Bypass"))
|
||||||
entry({"admin", "services", "omr-bypass", "index"}, template("omr-bypass/bypass"))
|
--entry({"admin", "services", "omr-bypass", "index"}, template("omr-bypass/bypass"))
|
||||||
entry({"admin", "services", "omr-bypass", "add"}, post("bypass_add"))
|
entry({"admin", "services", "omr-bypass", "index"}, cbi("omr-bypass"))
|
||||||
end
|
end
|
||||||
|
|
||||||
function bypass_add()
|
|
||||||
local hosts = luci.http.formvalue("cbid.omr-bypass.hosts")
|
|
||||||
if (type(hosts) ~= "table") then
|
|
||||||
hosts = {hosts}
|
|
||||||
end
|
|
||||||
local domains_ipset = ""
|
|
||||||
local ip_ipset = {}
|
|
||||||
for _, k in pairs(hosts) do
|
|
||||||
if k ~= "" then
|
|
||||||
if dt.ipmask(k) then
|
|
||||||
table.insert(ip_ipset, k)
|
|
||||||
else
|
|
||||||
domains_ipset = domains_ipset .. '/' .. k
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
ucic:set_list("omr-bypass","ips","ip",ip_ipset)
|
|
||||||
|
|
||||||
local dpi = luci.http.formvalue("cbid.omr-bypass.dpi")
|
|
||||||
if dpi ~= "" then
|
|
||||||
if (type(dpi) ~= "table") then
|
|
||||||
dpi = {dpi}
|
|
||||||
end
|
|
||||||
ucic:set_list("omr-bypass","dpi","proto",dpi)
|
|
||||||
else
|
|
||||||
ucic:delete("omr-bypass","dpi","proto")
|
|
||||||
end
|
|
||||||
|
|
||||||
local interface = luci.http.formvalue("cbid.omr-bypass.interface") or ""
|
|
||||||
ucic:set("omr-bypass","defaults","ifname",interface)
|
|
||||||
|
|
||||||
ucic:save("omr-bypass")
|
|
||||||
ucic:commit("omr-bypass")
|
|
||||||
ucic:set_list("dhcp",ucic:get_first("dhcp","dnsmasq"),"ipset",domains_ipset .. "/ss_rules_dst_bypass_all")
|
|
||||||
ucic:save("dhcp")
|
|
||||||
ucic:commit("dhcp")
|
|
||||||
luci.sys.exec("/etc/init.d/dnsmasq reload")
|
|
||||||
luci.sys.exec("/etc/init.d/omr-bypass restart")
|
|
||||||
luci.http.redirect(luci.dispatcher.build_url("admin/services/omr-bypass"))
|
|
||||||
return
|
|
||||||
end
|
|
||||||
72
luci-app-omr-bypass/luasrc/model/cbi/omr-bypass.lua
Normal file
72
luci-app-omr-bypass/luasrc/model/cbi/omr-bypass.lua
Normal file
|
|
@ -0,0 +1,72 @@
|
||||||
|
-- Copyright 2018 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
|
||||||
|
-- Licensed to the public under the Apache License 2.0.
|
||||||
|
|
||||||
|
local ipc = require "luci.ip"
|
||||||
|
local sys = require "luci.sys"
|
||||||
|
local net = require "luci.model.network".init()
|
||||||
|
local ifaces = net:get_interfaces() or { net:get_interface() }
|
||||||
|
|
||||||
|
m = Map("omr-bypass", translate("Bypass"))
|
||||||
|
|
||||||
|
s = m:section(TypedSection, "domains", translate("Domains"))
|
||||||
|
s.addremove = true
|
||||||
|
s.anonymous = true
|
||||||
|
s.template = "cbi/tblsection"
|
||||||
|
|
||||||
|
hn = s:option(Value, "name", translate("Domain"))
|
||||||
|
hn.datatype = "hostname"
|
||||||
|
hn.optional = false
|
||||||
|
hn.rmempty = true
|
||||||
|
|
||||||
|
ifd = s:option(Value, "interface", translate("Interface"))
|
||||||
|
ifd.rmempty = true
|
||||||
|
|
||||||
|
s = m:section(TypedSection, "ip", translate("IPs and Networks"))
|
||||||
|
s.addremove = true
|
||||||
|
s.anonymous = true
|
||||||
|
s.template = "cbi/tblsection"
|
||||||
|
|
||||||
|
ip = s:option(Value, "ips", translate("IP"))
|
||||||
|
ip.datatype = "ipaddr"
|
||||||
|
ip.rmempty = true
|
||||||
|
ip.optional = false
|
||||||
|
|
||||||
|
ifi = s:option(Value, "interface", translate("Interface"))
|
||||||
|
ifi.rmempty = true
|
||||||
|
|
||||||
|
s = m:section(TypedSection, "dpis", translate("Protocols"))
|
||||||
|
s.addremove = true
|
||||||
|
s.anonymous = true
|
||||||
|
s.template = "cbi/tblsection"
|
||||||
|
|
||||||
|
dpi = s:option(Value, "proto", translate("Protocol"))
|
||||||
|
dpi.rmempty = true
|
||||||
|
dpi.optional = false
|
||||||
|
local protos = {}
|
||||||
|
for l in io.lines("/proc/net/xt_ndpi/proto") do
|
||||||
|
local a,b,c,d = l:match('(%w+) (%w+)')
|
||||||
|
if b ~= "2" and not string.match(b,"custom") then
|
||||||
|
table.insert(protos,b)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
table.sort(protos)
|
||||||
|
for _,b in ipairs(protos) do
|
||||||
|
dpi:value(b,"%s" % tostring(b))
|
||||||
|
end
|
||||||
|
|
||||||
|
ifp = s:option(ListValue, "interface", translate("Interface"))
|
||||||
|
ifp.rmempty = true
|
||||||
|
|
||||||
|
ifd.default = "all"
|
||||||
|
ifi.default = "all"
|
||||||
|
ifp.default = "all"
|
||||||
|
ifd:value("all",translate("Master interface"))
|
||||||
|
ifi:value("all",translate("Master interface"))
|
||||||
|
ifp:value("all",translate("Master interface"))
|
||||||
|
for _, iface in ipairs(ifaces) do
|
||||||
|
ifd:value(iface:name(),"%s" % iface:name())
|
||||||
|
ifi:value(iface:name(),"%s" % iface:name())
|
||||||
|
ifp:value(iface:name(),"%s" % iface:name())
|
||||||
|
end
|
||||||
|
|
||||||
|
return m
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
<%+header%>
|
<%+header%>
|
||||||
|
|
||||||
<script type="text/javascript" src="<%=resource%>/cbi.js" data-strings="{"path":{"resource":"\/luci-static\/resources","browser":"\/cgi-bin\/luci\/admin\/filebrowser"}}"></script>
|
<script type="text/javascript" src="<%=resource%>/cbi.js?v=git-18.274.67584-38176e6" data-strings="{"path":{"resource":"\/luci-static\/resources","browser":"\/cgi-bin\/luci\/admin\/filebrowser"}}"></script>
|
||||||
|
|
||||||
<%
|
<%
|
||||||
local uci = require("luci.model.uci").cursor()
|
local uci = require("luci.model.uci").cursor()
|
||||||
|
|
@ -17,114 +17,82 @@
|
||||||
<form class="inline" method="post" action="<%=url('admin/services/omr-bypass/add')%>">
|
<form class="inline" method="post" action="<%=url('admin/services/omr-bypass/add')%>">
|
||||||
<div class="cbi-map">
|
<div class="cbi-map">
|
||||||
<h2 name="content"><%:Bypass%></h2>
|
<h2 name="content"><%:Bypass%></h2>
|
||||||
<fieldset class="cbi-section" id="hosts">
|
<div class="cbi-section cbi-tblsection" id="cbi-omr-bypass-domains">
|
||||||
<div class="cbi-section-descr"><%:Set domains name, ips or networks you want to bypass.%></div>
|
<h3><%:Domains, ips or networks%></h3>
|
||||||
<div class="cbi-value cbi-value-last" id="cbi-omr-tracker-hosts" data-depends="[]" data-index="<%=table.getn(hosts)%>">
|
<div class="cbi-section-descr"></div>
|
||||||
<label class="cbi-value-title" for="cbid.omr-tracker.hosts"><%:Domain, IP or network%></label>
|
<div class="table cbi-section-table">
|
||||||
<div class="cbi-value-field">
|
<div class="tr cbi-section-table-titles-anonymous">
|
||||||
<div data-prefix="cbid.omr-bypass.hosts" data-browser-path="" data-dynlist="[[],[],null,false]" data-placeholder="google.com">
|
<div class="th cbi-section-table-cell" data-type="value"><%:Domain, IP or network%></div>
|
||||||
<%
|
<div class="th cbi-section-table-cell" data-type="value"><%:Output interface%></div>
|
||||||
local j = 1
|
<div class="th cbi-section-table-cell cbi-section-actions"></div>
|
||||||
for _ , host in pairs(hosts) do
|
|
||||||
j = j+1
|
|
||||||
for hst in string.gmatch(host,"([^/]*)/") do
|
|
||||||
if hst ~= "" then
|
|
||||||
%>
|
|
||||||
<input class="cbi-input-text" value="<%=hst%>" data-update="change" type="text" id="cbid.omr-bypass.hosts.<%=j%>" name="cbid.omr-bypass.hosts" placeholder="google.com" />
|
|
||||||
<br />
|
|
||||||
<%
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
for _ , ip in pairs(ips) do
|
|
||||||
j = j+1
|
|
||||||
%>
|
|
||||||
<input class="cbi-input-text" value="<%=ip%>" data-update="change" type="text" id="cbid.omr-bypass.hosts.<%=j%>" name="cbid.omr-bypass.hosts" placeholder="google.com" /><br />
|
|
||||||
</div>
|
|
||||||
<div class="cbi-value-description">
|
|
||||||
<%:You need to use OpenMPTCProuter as DNS server when you want to bypass a domain%>
|
|
||||||
</div>
|
|
||||||
<%
|
|
||||||
end
|
|
||||||
if j == 1 then
|
|
||||||
%>
|
|
||||||
<input class="cbi-input-text" value="" data-update="change" type="text" id="cbid.omr-bypass.hosts.1" name="cbid.omr-bypass.hosts" placeholder="google.com" />
|
|
||||||
<br />
|
|
||||||
</div>
|
|
||||||
<div class="cbi-value-description">
|
|
||||||
<%:You need to use OpenMPTCProuter as DNS server when you want to bypass a domain%>
|
|
||||||
</div>
|
|
||||||
<%
|
|
||||||
end
|
|
||||||
%>
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
<div class="tr cbi-section-table-row" id="cbi-omr-bypass-cfg">
|
||||||
</fieldset>
|
<div class="td cbi-value-field" data-name="name" data-type="value" data-title="Domain">
|
||||||
<fieldset class="cbi-section" id="dpi">
|
<div id="cbi-omr-bypass-cfg-domain" data-index="" data-depends="[]">
|
||||||
<div class="cbi-section-descr"><%:Set protocols you want to bypass.%></div>
|
<input data-update="change" id="cbid.omr.bypass.cfg.domain"" name="cbid.omr.bypass.cfg.domain" type="text" class="cbi-input-text" value="" data-optional="true" />
|
||||||
<div class="cbi-value cbi-value-last" id="cbi-omr-tracker-dpi" data-depends="[]" data-index="<%=table.getn(dpi)%>">
|
</div>
|
||||||
<label class="cbi-value-title" for="cbid.omr-tracker.dpi"><%:Protocol%></label>
|
</div>
|
||||||
<div class="cbi-value-field">
|
<div class="td cbi-value-field" data-name="interface" data-type="value" data-title="<%:Interface%>">
|
||||||
<%
|
<select class="cbi-input-select" data-update="change" id="cbid.omr.bypass.cfg.interface" name="cbid.omr.bypass.cfg.interface" size="1">
|
||||||
local allprt=""""
|
<option id="cbid.omr.bypass.cfg.interface-all" value="all" data-index="1" data-depends="[]"><%:All%></option>
|
||||||
local protos = {}
|
<%
|
||||||
for l in io.lines("/proc/net/xt_ndpi/proto") do
|
for _, iface in ipairs(ifaces) do
|
||||||
local a,b,c,d = l:match('(%w+) (%w+)')
|
if not (iface == "lo" or iface:match("^ifb.*")) then
|
||||||
if b ~= "2" and not string.match(b,"custom") then
|
%>
|
||||||
table.insert(protos,b)
|
<option value="<%=iface%>"><%=iface%></option>
|
||||||
end
|
<%
|
||||||
end
|
end
|
||||||
table.sort(protos)
|
end
|
||||||
for _,b in ipairs(protos) do
|
%>
|
||||||
allprt=allprt .. ","" .. b .. """
|
</select>
|
||||||
end
|
|
||||||
%>
|
|
||||||
|
|
||||||
|
|
||||||
<div data-prefix="cbid.omr-bypass.dpi" data-browser-path="" data-dynlist="[[<%=allprt%>],[<%=allprt%>],null,false]">
|
|
||||||
<%
|
|
||||||
local k = 1
|
|
||||||
for _ , proto in pairs(dpi) do
|
|
||||||
k = k+1
|
|
||||||
%>
|
|
||||||
<input class="cbi-input-text" id="cbid.omr-bypass.dpi.<%=k%>" name="cbid.omr-bypass.dpi" data-update="change" value="<%=proto%>" /><br />
|
|
||||||
<%
|
|
||||||
end
|
|
||||||
if k == 1 then
|
|
||||||
%>
|
|
||||||
<input class="cbi-input-text" id="cbid.omr-bypass.dpi.<%=k%>" name="cbid.omr-bypass.dpi" data-update="change" /><br />
|
|
||||||
<%
|
|
||||||
end
|
|
||||||
%>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
</fieldset>
|
|
||||||
|
|
||||||
<fieldset>
|
|
||||||
<div class="cbi-section-descr"><%:Set interface you want to use for bypassed traffic.%></div>
|
|
||||||
<div class="cbi-value">
|
|
||||||
<label class="cbi-value-title">Interface</label>
|
|
||||||
<div class="cbi-value-field">
|
|
||||||
<select class="cbi-input-select" name="cbid.omr-bypass.interface" size="1">
|
|
||||||
<option value="" <% if iface == bypassif then %>selected="selected"<% end %>><%=iface%></option>
|
|
||||||
<%
|
|
||||||
for _, iface in ipairs(ifaces) do
|
|
||||||
if not (iface == "lo" or iface:match("^ifb.*")) then
|
|
||||||
%>
|
|
||||||
<option value="<%=iface%>" <% if iface == bypassif then %>selected="selected"<% end %>><%=iface%></option>
|
|
||||||
<%
|
|
||||||
end
|
|
||||||
end
|
|
||||||
%>
|
|
||||||
</select>
|
|
||||||
<br />
|
|
||||||
<div class="cbi-value-description">
|
|
||||||
<%:If empty, multipath master interface is used if up else any other up interface.%>
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</fieldset>
|
<div class="cbi-section-create cbi-tblsection-create">
|
||||||
|
<input class="cbi-button cbi-button-add" type="submit" value="Add" name="cbi.cts.omr.bypass.domains" title="<%:Add%>" />
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="cbi-section cbi-tblsection" id="cbi-omr-bypass-proto">
|
||||||
|
<h3><%:Protocols%></h3>
|
||||||
|
<div class="cbi-section-descr"></div>
|
||||||
|
<div class="table cbi-section-table">
|
||||||
|
<div class="tr cbi-section-table-titles-anonymous">
|
||||||
|
<div class="th cbi-section-table-cell" data-type="value"><%:Protocols%></div>
|
||||||
|
<div class="th cbi-section-table-cell" data-type="value"><%:Output interface%></div>
|
||||||
|
<div class="th cbi-section-table-cell cbi-section-actions"></div>
|
||||||
|
</div>
|
||||||
|
<div class="tr cbi-section-table-row" id="cbi-omr-bypass-cfg">
|
||||||
|
<div class="td cbi-value-field" data-name="name" data-type="value" data-title="Domain">
|
||||||
|
<%
|
||||||
|
local allprt=""""
|
||||||
|
local protos = {}
|
||||||
|
for l in io.lines("/proc/net/xt_ndpi/proto") do
|
||||||
|
local a,b,c,d = l:match('(%w+) (%w+)')
|
||||||
|
if b ~= "2" and not string.match(b,"custom") then
|
||||||
|
table.insert(protos,b)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
table.sort(protos)
|
||||||
|
for _,b in ipairs(protos) do
|
||||||
|
allprt=allprt .. ","" .. b .. """
|
||||||
|
end
|
||||||
|
%>
|
||||||
|
<div data-prefix="cbid.omr.bypass.cfg.proto" data-browser-path="" data-dynlist="[[<%=allprt%>],[<%=allprt%>],null,false]">
|
||||||
|
<div id="cbi-omr-bypass-cfg-proto" data-index="" data-depends="[]">
|
||||||
|
<input data-update="change" id="cbid.omr.bypass.cfg.proto" name="cbid.omr.bypass.cfg.proto" type="text" class="cbi-input-text" value="" data-optional="true" />
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="td cbi-value-field" data-name="interface" data-type="value" data-title="<%:Interface%>">
|
||||||
|
<select class="cbi-input-select" data-update="change" id="cbid.omr.bypass.cfg.interface" name="cbid.omr.bypass.cfg.interface" size="1">
|
||||||
|
<option id="cbid.omr.bypass.cfg.interface-all" value="all" data-index="1" data-depends="[]"><%:All%></option>
|
||||||
|
</select>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="cbi-section-create cbi-tblsection-create">
|
||||||
|
<input class="cbi-button cbi-button-add" type="submit" value="Add" name="cbi.cts.omr.bypass.domains" title="<%:Add%>" />
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="cbi-page-actions">
|
<div class="cbi-page-actions">
|
||||||
<input type="hidden" name="token" value="<%=token%>" />
|
<input type="hidden" name="token" value="<%=token%>" />
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,2 @@
|
||||||
config defaults 'defaults'
|
config interface 'all'
|
||||||
|
|
||||||
config bypass 'ips'
|
|
||||||
|
|
||||||
config bypass 'dpi'
|
|
||||||
|
|
|
||||||
|
|
@ -8,52 +8,119 @@ USE_PROCD=1
|
||||||
. /usr/lib/unbound/iptools.sh
|
. /usr/lib/unbound/iptools.sh
|
||||||
|
|
||||||
_bypass_ip() {
|
_bypass_ip() {
|
||||||
local ip="$1"
|
local ip=$1
|
||||||
|
local type=$2
|
||||||
|
[ -z "$type" ] && type="all"
|
||||||
valid_ip4=$( valid_subnet4 $ip)
|
valid_ip4=$( valid_subnet4 $ip)
|
||||||
valid_ip6=$( valid_subnet6 $ip)
|
valid_ip6=$( valid_subnet6 $ip)
|
||||||
if [ "$valid_ip4" = "ok" ]; then
|
if [ "$valid_ip4" = "ok" ]; then
|
||||||
ipset add ss_rules_dst_bypass_all $ip
|
ipset add ss_rules_dst_bypass_$type $ip
|
||||||
elif [ "$valid_ip6" = "ok" ]; then
|
elif [ "$valid_ip6" = "ok" ]; then
|
||||||
ipset add ss_rules6_dst_bypass_all $ip
|
ipset add ss_rules6_dst_bypass_$type $ip
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
_bypass_domain() {
|
_bypass_domain() {
|
||||||
# Bypass domain even if OMR DNS is not used
|
local domain
|
||||||
domains=$(uci -q get dhcp.@dnsmasq[0].ipset)
|
local intf
|
||||||
for domain in ${domains//\// }; do
|
config_get domain $1 name
|
||||||
if [ -n "$domain" ] && [ "$domain" != "ss_rules_dst_bypass_all" ]; then
|
config_get intf $1 interface
|
||||||
resolve=$(dig a +nocmd +noall +answer $domain | awk '{print $5}')
|
|
||||||
for ip in $resolve; do
|
[ -z "$intf" ] && intf="all"
|
||||||
_bypass_ip $ip
|
if [ -n "$domain" ]; then
|
||||||
done
|
resolve=$(dig a +nocmd +noall +answer $domain | awk '{print $5}')
|
||||||
resolve=$(dig aaaa +nocmd +noall +answer $domain | awk '{print $5}')
|
for ip in $resolve; do
|
||||||
for ip in $resolve; do
|
_bypass_ip $ip $intf
|
||||||
_bypass_ip $ip
|
done
|
||||||
done
|
resolve=$(dig aaaa +nocmd +noall +answer $domain | awk '{print $5}')
|
||||||
fi
|
for ip in $resolve; do
|
||||||
done
|
_bypass_ip $ip $intf
|
||||||
|
done
|
||||||
|
uci -q add_list dhcp.@dnsmasq[0].ipset="/$domain/ss_rules_dst_bypass_$intf,ss_rules6_dst_bypass_$intf"
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
_bypass_proto() {
|
_bypass_proto() {
|
||||||
local proto="$1"
|
local proto
|
||||||
|
local intf
|
||||||
|
config_get proto $1 proto
|
||||||
|
config_get intf $1 interface
|
||||||
|
local intfid="$(uci -q get omr-bypass.$intf.id)"
|
||||||
|
|
||||||
|
[ -z "$intf" ] && intf="all"
|
||||||
[ -z "$proto" ] && return
|
[ -z "$proto" ] && return
|
||||||
ndpi_rules="-A omr-bypass-dpi -m ndpi --$proto -j MARK --set-mark 0x539
|
if [ "$intf" = "all" ]; then
|
||||||
$ndpi_rules"
|
ndpi_rules="-A omr-bypass-dpi -m ndpi --$proto -j MARK --set-mark 0x539
|
||||||
|
$ndpi_rules"
|
||||||
|
else
|
||||||
|
local intfid="$(uci -q get omr-bypass.$intf.id)"
|
||||||
|
ndpi_rules="-A omr-bypass-dpi -m ndpi --$proto -j MARK --set-mark 0x539$intfid
|
||||||
|
$ndpi_rules"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
_intf_rule() {
|
||||||
|
local intf="$1"
|
||||||
|
local mode
|
||||||
|
count=$((count+1))
|
||||||
|
ipset -q flush ss_rules_dst_bypass_$intf > /dev/null 2>&1
|
||||||
|
ipset -q flush ss_rules6_dst_bypass_$intf > /dev/null 2>&1
|
||||||
|
ipset -q --exist restore <<-EOF
|
||||||
|
create ss_rules_dst_bypass_$intf hash:net hashsize 64
|
||||||
|
create ss_rules6_dst_bypass_$intf hash:net family inet6 hashsize 64
|
||||||
|
EOF
|
||||||
|
ip rule add prio 1 fwmark 0x539$count lookup $count > /dev/null 2>&1
|
||||||
|
ip -6 rule add prio 1 fwmark 0x539$count lookup $count > /dev/null 2>&1
|
||||||
|
if [ "$(iptables -w 40 -t mangle -L | grep ss_rules_dst_bypass_$intf)" = "" ]; then
|
||||||
|
iptables-restore --wait=60 --noflush <<-EOF
|
||||||
|
*mangle
|
||||||
|
-A PREROUTING -m set --match-set ss_rules_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
|
||||||
|
COMMIT
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
if [ "$(ip6tables -w 40 -t mangle -L | grep ss_rules6_dst_bypass_$intf)" = "" ]; then
|
||||||
|
ip6tables-restore --wait=60 --noflush <<-EOF
|
||||||
|
*mangle
|
||||||
|
-A PREROUTING -m set --match-set ss_rules6_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
|
||||||
|
COMMIT
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
uci -q set omr-bypass.$intf=interface
|
||||||
|
uci -q set omr-bypass.$intf.id=$count
|
||||||
|
}
|
||||||
|
|
||||||
|
_bypass_ip_set() {
|
||||||
|
local ip
|
||||||
|
local interface
|
||||||
|
config_get ip $1 ip
|
||||||
|
config_get interface $1 interface
|
||||||
|
_bypass_ip $ip $interface
|
||||||
}
|
}
|
||||||
|
|
||||||
start_service() {
|
start_service() {
|
||||||
|
local count
|
||||||
|
|
||||||
|
uci -q del omr-bypass
|
||||||
|
|
||||||
ipset -q flush ss_rules_dst_bypass_all > /dev/null 2>&1
|
ipset -q flush ss_rules_dst_bypass_all > /dev/null 2>&1
|
||||||
|
ipset -q flush ss_rules6_dst_bypass_all > /dev/null 2>&1
|
||||||
ipset -q --exist restore <<-EOF
|
ipset -q --exist restore <<-EOF
|
||||||
create ss_rules_dst_bypass_all hash:net hashsize 64
|
create ss_rules_dst_bypass_all hash:net hashsize 64
|
||||||
|
create ss_rules6_dst_bypass_all hash:net family inet6 hashsize 64
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
config_load omr-bypass
|
config_load network
|
||||||
config_list_foreach ips "ip" _bypass_ip
|
config_foreach _intf_rule interface
|
||||||
|
|
||||||
_bypass_domain
|
local ndpi_rules=""
|
||||||
|
config_load omr-bypass
|
||||||
|
config_foreach _bypass_ip_set ips
|
||||||
|
uci -q del dhcp.@dnsmasq[0].ipset
|
||||||
|
config_foreach _bypass_domain domains
|
||||||
|
config_foreach _bypass_proto dpis
|
||||||
|
|
||||||
ip rule add prio 1 fwmark 0x539 lookup 991337 > /dev/null 2>&1
|
ip rule add prio 1 fwmark 0x539 lookup 991337 > /dev/null 2>&1
|
||||||
|
ip -6 rule add prio 1 fwmark 0x539 lookup 991337 > /dev/null 2>&1
|
||||||
|
|
||||||
if [ "$(iptables -w 40 -t mangle -L | grep 'match-set ss_rules_dst_bypass_all dst MARK set')" = "" ]; then
|
if [ "$(iptables -w 40 -t mangle -L | grep 'match-set ss_rules_dst_bypass_all dst MARK set')" = "" ]; then
|
||||||
iptables-restore --wait=60 --noflush <<-EOF
|
iptables-restore --wait=60 --noflush <<-EOF
|
||||||
|
|
@ -62,10 +129,16 @@ start_service() {
|
||||||
COMMIT
|
COMMIT
|
||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
|
if [ "$(ip6tables -w 40 -t mangle -L | grep 'match-set ss_rules6_dst_bypass_all dst MARK set')" = "" ]; then
|
||||||
|
ip6tables-restore --wait=60 --noflush <<-EOF
|
||||||
|
*mangle
|
||||||
|
-A PREROUTING -m set --match-set ss_rules6_dst_bypass_all dst -j MARK --set-mark 0x539
|
||||||
|
COMMIT
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
|
||||||
iptables-save --counters | grep -v omr-bypass-dpi | iptables-restore --counters
|
iptables-save --counters | grep -v omr-bypass-dpi | iptables-restore --counters
|
||||||
local ndpi_rules=""
|
ip6tables-save --counters | grep -v omr-bypass-dpi | ip6tables-restore --counters
|
||||||
config_list_foreach dpi "proto" _bypass_proto
|
|
||||||
ndpi_rules=$(echo $ndpi_rules | awk 'NF')
|
ndpi_rules=$(echo $ndpi_rules | awk 'NF')
|
||||||
if [ "$ndpi_rules" != "" ]; then
|
if [ "$ndpi_rules" != "" ]; then
|
||||||
iptables-restore --wait=60 --noflush <<-EOF
|
iptables-restore --wait=60 --noflush <<-EOF
|
||||||
|
|
@ -75,6 +148,13 @@ start_service() {
|
||||||
$ndpi_rules
|
$ndpi_rules
|
||||||
COMMIT
|
COMMIT
|
||||||
EOF
|
EOF
|
||||||
|
ip6tables-restore --wait=60 --noflush <<-EOF
|
||||||
|
*mangle
|
||||||
|
:omr-bypass-dpi -
|
||||||
|
-A PREROUTING -m addrtype ! --dst-type LOCAL -j omr-bypass-dpi
|
||||||
|
$ndpi_rules
|
||||||
|
COMMIT
|
||||||
|
EOF
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -7,21 +7,51 @@ uci -q batch <<-EOF >/dev/null
|
||||||
commit ucitrack
|
commit ucitrack
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
if [ "$(uci -q get omr-bypass.dpi)" = "" ]; then
|
if [ -n "$(uci -q get omr-bypass.dpi)" ]; then
|
||||||
uci -q batch <<-EOF >/dev/null
|
proto=$(uci -q get omr-bypass.dpi.proto)
|
||||||
set omr-bypass.dpi=bypass
|
[ -n "$proto" ] && {
|
||||||
EOF
|
for pro in $proto; do
|
||||||
|
uci -q batch <<-EOF >/dev/null
|
||||||
|
set omr-bypass.dpi[-1]=dpi
|
||||||
|
set omr-bypass.dpi[-1].proto=$pro
|
||||||
|
set omr-bypass.dpi[-1].interface=all
|
||||||
|
EOF
|
||||||
|
done
|
||||||
|
uci -q commit omr-bypass
|
||||||
|
}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$(uci -q get omr-bypass.default)" = "" ]; then
|
if [ -n "$(uci -q get omr-bypass.ips)" ]; then
|
||||||
uci -q batch <<-EOF >/dev/null
|
ips=$(uci -q get omr-bypass.ips.ip)
|
||||||
set omr-bypass.defaults=defaults
|
[ -n "$ips" ] && {
|
||||||
EOF
|
for ip in $ips; do
|
||||||
|
uci -q batch <<-EOF >/dev/null
|
||||||
|
set omr-bypass.ips[-1]=ips
|
||||||
|
set omr-bypass.ips[-1].name=$ip
|
||||||
|
set omr-bypass.ips[-1].interface=all
|
||||||
|
EOF
|
||||||
|
done
|
||||||
|
uci -q commit omr-bypass
|
||||||
|
}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$(uci -q get ucitrack.@shadowsocks-libev[-1].affects)" = "" ]; then
|
if [ -n "$(uci -q get dhcp.dnsmasq[0].ipset)" ]; then
|
||||||
|
domains="$(uci -q get dhcp.dnsmasq[0].ipset | sed -e 's:/::' -e 's:/ss_rules_dst_bypass_all::' -e 's:/: :g')"
|
||||||
|
[ -n "$domains" ] && {
|
||||||
|
for domain in $domains; do
|
||||||
|
uci -q batch <<-EOF >/dev/null
|
||||||
|
set omr-bypass.domains[-1]=domains
|
||||||
|
set omr-bypass.domains[-1].name=$domain
|
||||||
|
set omr-bypass.domains[-1].interface=all
|
||||||
|
EOF
|
||||||
|
done
|
||||||
|
uci -q commit omr-bypass
|
||||||
|
}
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$(uci -q get ucitrack.@shadowsocks-libev[-1].affects | grep omr-bypass)" != "" ]; then
|
||||||
uci -q batch <<-EOF >/dev/null
|
uci -q batch <<-EOF >/dev/null
|
||||||
set ucitrack.@shadowsocks-libev[-1].affects=omr-bypass
|
del_list ucitrack.@shadowsocks-libev[-1].affects=omr-bypass
|
||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
rm -f /tmp/luci-indexcache
|
rm -f /tmp/luci-indexcache
|
||||||
|
|
|
||||||
|
|
@ -26,9 +26,7 @@ set_route() {
|
||||||
if [ "$interface_gw" != "" ]; then
|
if [ "$interface_gw" != "" ]; then
|
||||||
_log "$PREVINTERFACE down. Replace default route by $interface_gw dev $interface_if"
|
_log "$PREVINTERFACE down. Replace default route by $interface_gw dev $interface_if"
|
||||||
ip route replace default scope global nexthop via $interface_gw dev $interface_if && SETROUTE=true
|
ip route replace default scope global nexthop via $interface_gw dev $interface_if && SETROUTE=true
|
||||||
if [ "$(uci -q get omr-bypass.defaults.ifname)" = "" ]; then
|
ip route replace default via $interface_gw dev $interface_if table 991337
|
||||||
ip route replace default via $interface_gw dev $interface_if table 991337
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
@ -168,6 +166,7 @@ if [ "$OMR_TRACKER_STATUS" = "ERROR" ]; then
|
||||||
uci -q set shadowsocks-libev.ss_rules.redir_udp='hi2'
|
uci -q set shadowsocks-libev.ss_rules.redir_udp='hi2'
|
||||||
/etc/init.d/shadowsocks-libev rules_down
|
/etc/init.d/shadowsocks-libev rules_down
|
||||||
/etc/init.d/shadowsocks-libev rules_up
|
/etc/init.d/shadowsocks-libev rules_up
|
||||||
|
/etc/init.d/omr-bypass reload >/dev/null 2>&1
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
exit 0
|
exit 0
|
||||||
|
|
@ -183,6 +182,7 @@ if [ "$OMR_TRACKER_INTERFACE" = "glorytun" ] || [ "$OMR_TRACKER_INTERFACE" = "om
|
||||||
uci -q delete shadowsocks-libev.ss_rules.redir_udp
|
uci -q delete shadowsocks-libev.ss_rules.redir_udp
|
||||||
/etc/init.d/shadowsocks-libev rules_down
|
/etc/init.d/shadowsocks-libev rules_down
|
||||||
/etc/init.d/shadowsocks-libev rules_up
|
/etc/init.d/shadowsocks-libev rules_up
|
||||||
|
/etc/init.d/omr-bypass reload >/dev/null 2>&1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Set VPN MTU
|
# Set VPN MTU
|
||||||
|
|
@ -223,9 +223,7 @@ if [ "$multipath_config" = "master" ]; then
|
||||||
config_load shadowsocks-libev
|
config_load shadowsocks-libev
|
||||||
config_foreach set_ss_route server 1
|
config_foreach set_ss_route server 1
|
||||||
fi
|
fi
|
||||||
if [ "$(uci -q get omr-bypass.defaults.ifname)" = "" ]; then
|
ip route replace default via $OMR_TRACKER_DEVICE_GATEWAY dev $OMR_TRACKER_DEVICE table 991337
|
||||||
ip route replace default via $OMR_TRACKER_DEVICE_GATEWAY dev $OMR_TRACKER_DEVICE table 991337
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
if [ -n "$OMR_TRACKER_DEVICE_IP" ] && [ -n "$OMR_TRACKER_DEVICE_GATEWAY" ]; then
|
if [ -n "$OMR_TRACKER_DEVICE_IP" ] && [ -n "$OMR_TRACKER_DEVICE_GATEWAY" ]; then
|
||||||
local metric=$(ip rule show | grep -m 1 "$OMR_TRACKER_DEVICE_IP" | awk '{print $5}')
|
local metric=$(ip rule show | grep -m 1 "$OMR_TRACKER_DEVICE_IP" | awk '{print $5}')
|
||||||
|
|
@ -244,9 +242,6 @@ else
|
||||||
}
|
}
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
if [ "$(uci -q get omr-bypass.defaults.ifname)" = "$OMR_TRACKER_DEVICE" ] && [ "$(ip route show table 991337 | grep $OMR_TRACKER_DEVICE_GATEWAY)" = "" ]; then
|
|
||||||
ip route replace default via $OMR_TRACKER_DEVICE_GATEWAY dev $OMR_TRACKER_DEVICE table 991337
|
|
||||||
fi
|
|
||||||
|
|
||||||
[ "$multipath_config" = "on" ] && glorytun-udp path $OMR_TRACKER_DEVICE_IP dev tun0 up > /dev/null 2>&1
|
[ "$multipath_config" = "on" ] && glorytun-udp path $OMR_TRACKER_DEVICE_IP dev tun0 up > /dev/null 2>&1
|
||||||
[ "$multipath_config" = "backup" ] && glorytun-udp path $OMR_TRACKER_DEVICE_IP dev tun0 backup > /dev/null 2>&1
|
[ "$multipath_config" = "backup" ] && glorytun-udp path $OMR_TRACKER_DEVICE_IP dev tun0 backup > /dev/null 2>&1
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue