mptcp/openmptcprouter-feeds
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-feeds.git synced 2025-03-09 15:40:03 +00:00
Code Issues Releases Wiki Activity

Fix bypass when multiples IPs

Browse source
This commit is contained in:
Ycarus (Yannick Chabanois) 2020-06-29 15:11:35 +02:00
parent 266119d29f
commit 66b1ee2f15
1 changed files with 79 additions and 62 deletions
Download patch file Download diff file Expand all files Collapse all files

141
luci-app-omr-bypass/root/etc/init.d/omr-bypass
View file

@ -287,6 +287,42 @@ _bypass_proto() {
fi fi
} }
_intf_rule_ss_rules() {
rule_name=$1
[ "$rule_name" = "ss_rules" ] && rule_name="default"
if [ "$(iptables --wait=40 -t nat -L -n | grep ss_rules_${rule_name}_pre_src)" != "" ] && [ "$(iptables --wait=40 -t nat -L -n | grep omr_dst_bypass_$intf)" = "" ]; then
iptables-restore -w --wait=60 --noflush <<-EOF
*nat
-I ss_rules_${rule_name}_dst 1 -m set --match-set omr_dst_bypass_$intf dst -j RETURN
-I ss_rules_${rule_name}_local_out 1 -m set --match-set omr_dst_bypass_$intf dst -j RETURN
-I ss_rules_${rule_name}_local_out 2 -m mark --mark 0x539$count -j RETURN
-I ss_rules_${rule_name}_pre_src 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
-I ss_rules_${rule_name}_pre_src 2 -m mark --mark 0x539$count -j RETURN
COMMIT
EOF
fi
if [ "$disableipv6" != "1" ]; then
if [ "$(ip6tables --wait=40 -t mangle -L | grep omr6_dst_bypass_$intf)" = "" ]; then
ip6tables-restore -w --wait=60 --noflush <<-EOF
*mangle
-I omr-bypass6 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
COMMIT
EOF
fi
if [ "$(ip6tables --wait=40 -t nat -L | grep ss_rules6_${rule_name}_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L | grep omr6_dst_bypass_$intf)" = "" ]; then
ip6tables-restore -w --wait=60 --noflush <<-EOF
*nat
-I ss_rules6_${rule_name}_dst 1 -m set --match-set omr6_dst_bypass_$intf dst -j RETURN
-I ss_rules6_${rule_name}_local_out 1 -m set --match-set omr6_dst_bypass_$intf dst -j RETURN
-I ss_rules6_${rule_name}_local_out 2 -m mark --mark 0x6539$count -j RETURN
-I ss_rules6_${rule_name}_pre_src 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
-I ss_rules6_${rule_name}_pre_src 2 -m mark --mark 0x6539$count -j RETURN
COMMIT
EOF
fi
fi
}
_intf_rule() { _intf_rule() {
local intf local intf
config_get intf $1 ifname config_get intf $1 ifname
@ -333,37 +369,9 @@ _intf_rule() {
COMMIT COMMIT
EOF EOF
fi fi
if [ "$(iptables --wait=40 -t nat -L -n | grep ss_rules_default_pre_src)" != "" ] && [ "$(iptables --wait=40 -t nat -L -n | grep omr_dst_bypass_$intf)" = "" ]; then config_load shadowsocks-libev
iptables-restore -w --wait=60 --noflush <<-EOF config_foreach _intf_rule_ss_rules ss_rules
*nat
-I ss_rules_default_dst 1 -m set --match-set omr_dst_bypass_$intf dst -j RETURN
-I ss_rules_default_local_out 1 -m set --match-set omr_dst_bypass_$intf dst -j RETURN
-I ss_rules_default_local_out 2 -m mark --mark 0x539$count -j RETURN
-I ss_rules_default_pre_src 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
-I ss_rules_default_pre_src 2 -m mark --mark 0x539$count -j RETURN
COMMIT
EOF
fi
if [ "$disableipv6" != "1" ]; then
if [ "$(ip6tables --wait=40 -t mangle -L | grep omr6_dst_bypass_$intf)" = "" ]; then
ip6tables-restore -w --wait=60 --noflush <<-EOF
*mangle
-I omr-bypass6 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
COMMIT
EOF
fi
if [ "$(ip6tables --wait=40 -t nat -L | grep ss_rules6_default_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L | grep omr6_dst_bypass_$intf)" = "" ]; then
ip6tables-restore -w --wait=60 --noflush <<-EOF
*nat
-I ss_rules6_default_dst 1 -m set --match-set omr6_dst_bypass_$intf dst -j RETURN
-I ss_rules6_default_local_out 1 -m set --match-set omr6_dst_bypass_$intf dst -j RETURN
-I ss_rules6_default_local_out 2 -m mark --mark 0x6539$count -j RETURN
-I ss_rules6_default_pre_src 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
-I ss_rules6_default_pre_src 2 -m mark --mark 0x6539$count -j RETURN
COMMIT
EOF
fi
fi
uci -q set omr-bypass.$intf=interface uci -q set omr-bypass.$intf=interface
uci -q set omr-bypass.$intf.id=$count uci -q set omr-bypass.$intf.id=$count
} }
@ -400,6 +408,43 @@ _bypass_omr_server() {
_bypass_ip $ip _bypass_ip $ip
} }
_ss_rules_config() {
rule_name=$1
[ "$rule_name" = "ss_rules" ] && rule_name="default"
if [ "$(iptables --wait=40 -t nat -L -n | grep ss_rules_${rule_name}_pre_src)" != "" ] && [ "$(iptables --wait=40 -t nat -L -n | grep omr_dst_bypass_all)" = "" ]; then
iptables-restore -w --wait=60 --noflush <<-EOF
*nat
-I ss_rules_${rule_name}_dst 1 -m set --match-set omr_dst_bypass_all dst -j RETURN
-I ss_rules_${rule_name}_local_out 1 -m set --match-set omr_dst_bypass_all dst -j RETURN
-I ss_rules_${rule_name}_local_out 2 -m mark --mark 0x539 -j RETURN
-I ss_rules_${rule_name}_pre_src 1 -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539
-I ss_rules_${rule_name}_pre_src 2 -m mark --mark 0x539 -j RETURN
COMMIT
EOF
fi
if [ "$disableipv6" != "1" ]; then
if [ "$(ip6tables --wait=40 -t mangle -L | grep 'match-set omr6_dst_bypass_all dst MARK set')" = "" ]; then
ip6tables-restore -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass6 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
COMMIT
EOF
fi
if [ "$(ip6tables --wait=40 -t nat -L | grep ss_rules6_default_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L | grep omr6_dst_bypass_all)" = "" ]; then
ip6tables-restore -w --wait=60 --noflush <<-EOF
*nat
-I ss_rules6_${rule_name}_dst 1 -m set --match-set omr6_dst_bypass_all dst -j RETURN
-I ss_rules6_${rule_name}_local_out 1 -m set --match-set omr6_dst_bypass_all dst -j RETURN
-I ss_rules6_${rule_name}_local_out 2 -m mark --mark 0x6539 -j RETURN
-I ss_rules6_${rule_name}_pre_src 1 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
-I ss_rules6_${rule_name}_pre_src 2 -m mark --mark 0x6539 -j RETURN
COMMIT
EOF
fi
fi
}
boot() { boot() {
BOOT=1 BOOT=1
start "$@" start "$@"
@ -483,37 +528,9 @@ start_service() {
COMMIT COMMIT
EOF EOF
fi fi
if [ "$(iptables --wait=40 -t nat -L -n | grep ss_rules_default_pre_src)" != "" ] && [ "$(iptables --wait=40 -t nat -L -n | grep omr_dst_bypass_all)" = "" ]; then
iptables-restore -w --wait=60 --noflush <<-EOF config_load shadowsocks-libev
*nat config_foreach _ss_rules_config
-I ss_rules_default_dst 1 -m set --match-set omr_dst_bypass_all dst -j RETURN
-I ss_rules_default_local_out 1 -m set --match-set omr_dst_bypass_all dst -j RETURN
-I ss_rules_default_local_out 2 -m mark --mark 0x539 -j RETURN
-I ss_rules_default_pre_src 1 -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539
-I ss_rules_default_pre_src 2 -m mark --mark 0x539 -j RETURN
COMMIT
EOF
fi
if [ "$disableipv6" != "1" ]; then
if [ "$(ip6tables --wait=40 -t mangle -L | grep 'match-set omr6_dst_bypass_all dst MARK set')" = "" ]; then
ip6tables-restore -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass6 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
COMMIT
EOF
fi
if [ "$(ip6tables --wait=40 -t nat -L | grep ss_rules6_default_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L | grep omr6_dst_bypass_all)" = "" ]; then
ip6tables-restore -w --wait=60 --noflush <<-EOF
*nat
-I ss_rules6_default_dst 1 -m set --match-set omr6_dst_bypass_all dst -j RETURN
-I ss_rules6_default_local_out 1 -m set --match-set omr6_dst_bypass_all dst -j RETURN
-I ss_rules6_default_local_out 2 -m mark --mark 0x6539 -j RETURN
-I ss_rules6_default_pre_src 1 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
-I ss_rules6_default_pre_src 2 -m mark --mark 0x6539 -j RETURN
COMMIT
EOF
fi
fi
iptables-save --counters | grep -v omr-bypass-dpi | iptables-restore -w --counters iptables-save --counters | grep -v omr-bypass-dpi | iptables-restore -w --counters
iptables-restore -w --wait=60 --noflush <<-EOF iptables-restore -w --wait=60 --noflush <<-EOF