mptcp/openmptcprouter-feeds
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-feeds.git synced 2025-02-13 02:51:50 +00:00
Code Issues Releases Wiki Activity

No more wildcard mark check for bypass

Browse source
This commit is contained in:
Ycarus 2018-10-15 15:11:04 +02:00
parent ba685393b4
commit 69f657dbc7
4 changed files with 27 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
luci-app-omr-bypass/luasrc/model/cbi/omr-bypass.lua
View file

@ -6,7 +6,7 @@ local sys = require "luci.sys"
local net = require "luci.model.network".init()
local ifaces = net:get_interfaces() or { net:get_interface() }
m = Map("omr-bypass", translate("Bypass"))
m = Map("omr-bypass", translate("Bypass"), translate("Here you can bypass ShadowSocks and VPN. If you set Interface to Default this use any working interface."))
s = m:section(TypedSection, "domains", translate("Domains"))
s.addremove = true
@ -60,13 +60,15 @@ ifp.rmempty = true
ifd.default = "all"
ifi.default = "all"
ifp.default = "all"
ifd:value("all",translate("Master interface"))
ifi:value("all",translate("Master interface"))
ifp:value("all",translate("Master interface"))
ifd:value("all",translate("Default"))
ifi:value("all",translate("Default"))
ifp:value("all",translate("Default"))
for _, iface in ipairs(ifaces) do
ifd:value(iface:name(),"%s" % iface:name())
ifi:value(iface:name(),"%s" % iface:name())
ifp:value(iface:name(),"%s" % iface:name())
if iface:is_up() then
ifd:value(iface:name(),"%s" % iface:name())
ifi:value(iface:name(),"%s" % iface:name())
ifp:value(iface:name(),"%s" % iface:name())
end
end
return m

17
luci-app-omr-bypass/root/etc/init.d/omr-bypass
View file

@ -65,6 +65,7 @@ _intf_rule() {
local mode
config_get mode $1 multipath "off"
[ "$mode" = "off" ] && return
[ "$(echo $1 | grep _dev)" != "" ] && return
ipset -q flush ss_rules_dst_bypass_$intf > /dev/null 2>&1
ipset -q flush ss_rules6_dst_bypass_$intf > /dev/null 2>&1
ipset -q --exist restore <<-EOF
@ -79,6 +80,14 @@ _intf_rule() {
-A PREROUTING -m set --match-set ss_rules_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
COMMIT
EOF
if [ "$(iptables -w 40 -t nat -L | grep ss_rules_pre_src)" != "" ]; then
iptables-restore --wait=60 --noflush <<-EOF
*nat
-I ss_rules_pre_src 1 -m mark --mark 0x539$count -j RETURN
-I ss_rules_local_out 1 -m mark --mark 0x539$count -j RETURN
COMMIT
EOF
fi
fi
if [ "$(ip6tables -w 40 -t mangle -L | grep ss_rules6_dst_bypass_$intf)" = "" ]; then
ip6tables-restore --wait=60 --noflush <<-EOF
@ -86,6 +95,14 @@ _intf_rule() {
-A PREROUTING -m set --match-set ss_rules6_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
COMMIT
EOF
if [ "$(ip6tables -w 40 -t nat -L | grep ss_rules6_pre_src)" != "" ]; then
iptables-restore --wait=60 --noflush <<-EOF
*nat
-I ss_rules6_pre_src 1 -m mark --mark 0x539$count -j RETURN
-I ss_rules6_local_out 1 -m mark --mark 0x539$count -j RETURN
COMMIT
EOF
fi
fi
uci -q set omr-bypass.$intf=interface
uci -q set omr-bypass.$intf.id=$count

2
mptcp/files/etc/init.d/mptcp
View file

@ -49,7 +49,7 @@ interface_multipath_settings() {
[ -n "$intf" ] && [ "$iface" != "$intf" ] && return 0
[ -z "$iface" ] && return 0
[ -n "$(ifconfig | grep $iface)" ] || return 0
[ "$(echo $iface | grep _dev)" != "" ] && return 0
config_get mode "$config" multipath "off"
[ "$mode" = "master" ] && mode="on"
multipath "$iface" "$mode"

2
shadowsocks-libev/files/ss-rules
View file

@ -192,7 +192,6 @@ ss_rules_iptchains_init_tcp() {
-A ss_rules_local_out -m set --match-set ss_rules_dst_bypass dst -j RETURN
-A ss_rules_local_out -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
-A ss_rules_local_out -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
-A ss_rules_local_out -m mark ! --mark 0 -j RETURN
-A ss_rules_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
COMMIT
EOF
@ -251,7 +250,6 @@ ss_rules_iptchains_init_() {
-A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-mark 0x539
-A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
-A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass dst -j RETURN
-A ss_rules_pre_src -m mark ! --mark 0 -j RETURN
-A ss_rules_dst -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
-A ss_rules_dst -m set --match-set ss_rules_dst_bypass dst -j RETURN
-A ss_rules_pre_src -p $proto $o_ipt_extra -j ss_rules_src