Fix bypass when multiples IPs

luci-app-omr-bypass/root/etc/init.d/omr-bypass

@@ -287,6 +287,42 @@ _bypass_proto() {
 	fi
 }
 
+_intf_rule_ss_rules() {
+	rule_name=$1
+	[ "$rule_name" = "ss_rules" ] && rule_name="default"
+	if [ "$(iptables --wait=40 -t nat -L -n | grep ss_rules_${rule_name}_pre_src)" != "" ] && [ "$(iptables --wait=40 -t nat -L -n | grep omr_dst_bypass_$intf)" = "" ]; then
+		iptables-restore -w --wait=60 --noflush <<-EOF
+		*nat
+		-I ss_rules_${rule_name}_dst 1 -m set --match-set omr_dst_bypass_$intf dst -j RETURN
+		-I ss_rules_${rule_name}_local_out 1 -m set --match-set omr_dst_bypass_$intf dst -j RETURN
+		-I ss_rules_${rule_name}_local_out 2 -m mark --mark 0x539$count -j RETURN
+		-I ss_rules_${rule_name}_pre_src 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
+		-I ss_rules_${rule_name}_pre_src 2 -m mark --mark 0x539$count -j RETURN
+		COMMIT
+		EOF
+	fi
+	if [ "$disableipv6" != "1" ]; then
+		if [ "$(ip6tables --wait=40 -t mangle -L | grep omr6_dst_bypass_$intf)" = "" ]; then
+			ip6tables-restore -w --wait=60 --noflush <<-EOF
+			*mangle
+			-I omr-bypass6 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
+			COMMIT
+			EOF
+		fi
+		if [ "$(ip6tables --wait=40 -t nat -L | grep ss_rules6_${rule_name}_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L | grep omr6_dst_bypass_$intf)" = "" ]; then
+			ip6tables-restore -w --wait=60 --noflush <<-EOF
+			*nat
+			-I ss_rules6_${rule_name}_dst 1 -m set --match-set omr6_dst_bypass_$intf dst -j RETURN
+			-I ss_rules6_${rule_name}_local_out 1 -m set --match-set omr6_dst_bypass_$intf dst -j RETURN
+			-I ss_rules6_${rule_name}_local_out 2 -m mark --mark 0x6539$count -j RETURN
+			-I ss_rules6_${rule_name}_pre_src 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
+			-I ss_rules6_${rule_name}_pre_src 2 -m mark --mark 0x6539$count -j RETURN
+			COMMIT
+			EOF
+		fi
+	fi
+}
+
 _intf_rule() {
 	local intf
 	config_get intf $1 ifname
@@ -333,37 +369,9 @@ _intf_rule() {
 		COMMIT
 		EOF
 	fi
-	if [ "$(iptables --wait=40 -t nat -L -n | grep ss_rules_default_pre_src)" != "" ] && [ "$(iptables --wait=40 -t nat -L -n | grep omr_dst_bypass_$intf)" = "" ]; then
-		iptables-restore -w --wait=60 --noflush <<-EOF
-		*nat
-		-I ss_rules_default_dst 1 -m set --match-set omr_dst_bypass_$intf dst -j RETURN
-		-I ss_rules_default_local_out 1 -m set --match-set omr_dst_bypass_$intf dst -j RETURN
-		-I ss_rules_default_local_out 2 -m mark --mark 0x539$count -j RETURN
-		-I ss_rules_default_pre_src 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
-		-I ss_rules_default_pre_src 2 -m mark --mark 0x539$count -j RETURN
-		COMMIT
-		EOF
-	fi
-	if [ "$disableipv6" != "1" ]; then
-		if [ "$(ip6tables --wait=40 -t mangle -L | grep omr6_dst_bypass_$intf)" = "" ]; then
-			ip6tables-restore -w --wait=60 --noflush <<-EOF
-			*mangle
-			-I omr-bypass6 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
-			COMMIT
-			EOF
-		fi
-		if [ "$(ip6tables --wait=40 -t nat -L | grep ss_rules6_default_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L | grep omr6_dst_bypass_$intf)" = "" ]; then
-			ip6tables-restore -w --wait=60 --noflush <<-EOF
-			*nat
-			-I ss_rules6_default_dst 1 -m set --match-set omr6_dst_bypass_$intf dst -j RETURN
-			-I ss_rules6_default_local_out 1 -m set --match-set omr6_dst_bypass_$intf dst -j RETURN
-			-I ss_rules6_default_local_out 2 -m mark --mark 0x6539$count -j RETURN
-			-I ss_rules6_default_pre_src 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
-			-I ss_rules6_default_pre_src 2 -m mark --mark 0x6539$count -j RETURN
-			COMMIT
-			EOF
-		fi
-	fi
+	config_load shadowsocks-libev
+	config_foreach _intf_rule_ss_rules ss_rules
+
 	uci -q set omr-bypass.$intf=interface
 	uci -q set omr-bypass.$intf.id=$count
 }
@@ -400,6 +408,43 @@ _bypass_omr_server() {
 	_bypass_ip $ip
 }
 
+
+_ss_rules_config() {
+	rule_name=$1
+	[ "$rule_name" = "ss_rules" ] && rule_name="default"
+	if [ "$(iptables --wait=40 -t nat -L -n | grep ss_rules_${rule_name}_pre_src)" != "" ] && [ "$(iptables --wait=40 -t nat -L -n | grep omr_dst_bypass_all)" = "" ]; then
+		iptables-restore -w --wait=60 --noflush <<-EOF
+		*nat
+		-I ss_rules_${rule_name}_dst 1 -m set --match-set omr_dst_bypass_all dst -j RETURN
+		-I ss_rules_${rule_name}_local_out 1 -m set --match-set omr_dst_bypass_all dst -j RETURN
+		-I ss_rules_${rule_name}_local_out 2 -m mark --mark 0x539 -j RETURN
+		-I ss_rules_${rule_name}_pre_src 1 -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539
+		-I ss_rules_${rule_name}_pre_src 2 -m mark --mark 0x539 -j RETURN
+		COMMIT
+		EOF
+	fi
+	if [ "$disableipv6" != "1" ]; then
+		if [ "$(ip6tables --wait=40 -t mangle -L | grep 'match-set omr6_dst_bypass_all dst MARK set')" = "" ]; then
+			ip6tables-restore -w --wait=60 --noflush <<-EOF
+			*mangle
+			-A omr-bypass6 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
+			COMMIT
+			EOF
+		fi
+		if [ "$(ip6tables --wait=40 -t nat -L | grep ss_rules6_default_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L | grep omr6_dst_bypass_all)" = "" ]; then
+			ip6tables-restore -w --wait=60 --noflush <<-EOF
+			*nat
+			-I ss_rules6_${rule_name}_dst 1 -m set --match-set omr6_dst_bypass_all dst -j RETURN
+			-I ss_rules6_${rule_name}_local_out 1 -m set --match-set omr6_dst_bypass_all dst -j RETURN
+			-I ss_rules6_${rule_name}_local_out 2 -m mark --mark 0x6539 -j RETURN
+			-I ss_rules6_${rule_name}_pre_src 1 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
+			-I ss_rules6_${rule_name}_pre_src 2 -m mark --mark 0x6539 -j RETURN
+			COMMIT
+			EOF
+		fi
+	fi
+}
+
 boot() {
 	BOOT=1
 	start "$@"
@@ -483,37 +528,9 @@ start_service() {
 		COMMIT
 		EOF
 	fi
-	if [ "$(iptables --wait=40 -t nat -L -n | grep ss_rules_default_pre_src)" != "" ] && [ "$(iptables --wait=40 -t nat -L -n | grep omr_dst_bypass_all)" = "" ]; then
-		iptables-restore -w --wait=60 --noflush <<-EOF
-		*nat
-		-I ss_rules_default_dst 1 -m set --match-set omr_dst_bypass_all dst -j RETURN
-		-I ss_rules_default_local_out 1 -m set --match-set omr_dst_bypass_all dst -j RETURN
-		-I ss_rules_default_local_out 2 -m mark --mark 0x539 -j RETURN
-		-I ss_rules_default_pre_src 1 -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539
-		-I ss_rules_default_pre_src 2 -m mark --mark 0x539 -j RETURN
-		COMMIT
-		EOF
-	fi
-	if [ "$disableipv6" != "1" ]; then
-		if [ "$(ip6tables --wait=40 -t mangle -L | grep 'match-set omr6_dst_bypass_all dst MARK set')" = "" ]; then
-			ip6tables-restore -w --wait=60 --noflush <<-EOF
-			*mangle
-			-A omr-bypass6 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
-			COMMIT
-			EOF
-		fi
-		if [ "$(ip6tables --wait=40 -t nat -L | grep ss_rules6_default_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L | grep omr6_dst_bypass_all)" = "" ]; then
-			ip6tables-restore -w --wait=60 --noflush <<-EOF
-			*nat
-			-I ss_rules6_default_dst 1 -m set --match-set omr6_dst_bypass_all dst -j RETURN
-			-I ss_rules6_default_local_out 1 -m set --match-set omr6_dst_bypass_all dst -j RETURN
-			-I ss_rules6_default_local_out 2 -m mark --mark 0x6539 -j RETURN
-			-I ss_rules6_default_pre_src 1 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
-			-I ss_rules6_default_pre_src 2 -m mark --mark 0x6539 -j RETURN
-			COMMIT
-			EOF
-		fi
-	fi
+
+	config_load shadowsocks-libev
+	config_foreach _ss_rules_config
 
 	iptables-save --counters | grep -v omr-bypass-dpi | iptables-restore -w --counters
 	iptables-restore -w --wait=60  --noflush <<-EOF