From 69f657dbc7cf4f7c1ad41ffb55dc832f076e54cd Mon Sep 17 00:00:00 2001
From: Ycarus <ycarus@zugaina.org>
Date: Mon, 15 Oct 2018 15:11:04 +0200
Subject: [PATCH] No more wildcard mark check for bypass

---
 .../luasrc/model/cbi/omr-bypass.lua             | 16 +++++++++-------
 luci-app-omr-bypass/root/etc/init.d/omr-bypass  | 17 +++++++++++++++++
 mptcp/files/etc/init.d/mptcp                    |  2 +-
 shadowsocks-libev/files/ss-rules                |  2 --
 4 files changed, 27 insertions(+), 10 deletions(-)

diff --git a/luci-app-omr-bypass/luasrc/model/cbi/omr-bypass.lua b/luci-app-omr-bypass/luasrc/model/cbi/omr-bypass.lua
index e7da2ed95..7f3932a2b 100644
--- a/luci-app-omr-bypass/luasrc/model/cbi/omr-bypass.lua
+++ b/luci-app-omr-bypass/luasrc/model/cbi/omr-bypass.lua
@@ -6,7 +6,7 @@ local sys = require "luci.sys"
 local net = require "luci.model.network".init()
 local ifaces = net:get_interfaces() or { net:get_interface() }
 
-m = Map("omr-bypass", translate("Bypass"))
+m = Map("omr-bypass", translate("Bypass"), translate("Here you can bypass ShadowSocks and VPN. If you set Interface to Default this use any working interface."))
 
 s = m:section(TypedSection, "domains", translate("Domains"))
 s.addremove = true
@@ -60,13 +60,15 @@ ifp.rmempty  = true
 ifd.default = "all"
 ifi.default = "all"
 ifp.default = "all"
-ifd:value("all",translate("Master interface"))
-ifi:value("all",translate("Master interface"))
-ifp:value("all",translate("Master interface"))
+ifd:value("all",translate("Default"))
+ifi:value("all",translate("Default"))
+ifp:value("all",translate("Default"))
 for _, iface in ipairs(ifaces) do
-	ifd:value(iface:name(),"%s" % iface:name())
-	ifi:value(iface:name(),"%s" % iface:name())
-	ifp:value(iface:name(),"%s" % iface:name())
+	if iface:is_up() then
+		ifd:value(iface:name(),"%s" % iface:name())
+		ifi:value(iface:name(),"%s" % iface:name())
+		ifp:value(iface:name(),"%s" % iface:name())
+	end
 end
 
 return m
diff --git a/luci-app-omr-bypass/root/etc/init.d/omr-bypass b/luci-app-omr-bypass/root/etc/init.d/omr-bypass
index a120dc945..02e62a455 100755
--- a/luci-app-omr-bypass/root/etc/init.d/omr-bypass
+++ b/luci-app-omr-bypass/root/etc/init.d/omr-bypass
@@ -65,6 +65,7 @@ _intf_rule() {
 	local mode
 	config_get mode $1 multipath "off"
 	[ "$mode" = "off" ] && return
+	[ "$(echo $1 | grep _dev)" != "" ] && return
 	ipset -q flush ss_rules_dst_bypass_$intf > /dev/null 2>&1
 	ipset -q flush ss_rules6_dst_bypass_$intf > /dev/null 2>&1
 	ipset -q --exist restore <<-EOF
@@ -79,6 +80,14 @@ _intf_rule() {
 		-A PREROUTING -m set --match-set ss_rules_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
 		COMMIT
 		EOF
+		if [ "$(iptables -w 40 -t nat -L | grep ss_rules_pre_src)" != "" ]; then
+			iptables-restore --wait=60 --noflush <<-EOF
+			*nat
+			-I ss_rules_pre_src 1 -m mark --mark 0x539$count -j RETURN
+			-I ss_rules_local_out 1 -m mark --mark 0x539$count -j RETURN
+			COMMIT
+			EOF
+		fi
 	fi
 	if [ "$(ip6tables -w 40 -t mangle -L | grep ss_rules6_dst_bypass_$intf)" = "" ]; then
 		ip6tables-restore --wait=60 --noflush <<-EOF
@@ -86,6 +95,14 @@ _intf_rule() {
 		-A PREROUTING -m set --match-set ss_rules6_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
 		COMMIT
 		EOF
+		if [ "$(ip6tables -w 40 -t nat -L | grep ss_rules6_pre_src)" != "" ]; then
+			iptables-restore --wait=60 --noflush <<-EOF
+			*nat
+			-I ss_rules6_pre_src 1 -m mark --mark 0x539$count -j RETURN
+			-I ss_rules6_local_out 1 -m mark --mark 0x539$count -j RETURN
+			COMMIT
+			EOF
+		fi
 	fi
 	uci -q set omr-bypass.$intf=interface
 	uci -q set omr-bypass.$intf.id=$count
diff --git a/mptcp/files/etc/init.d/mptcp b/mptcp/files/etc/init.d/mptcp
index ae7a604f8..034ac5348 100755
--- a/mptcp/files/etc/init.d/mptcp
+++ b/mptcp/files/etc/init.d/mptcp
@@ -49,7 +49,7 @@ interface_multipath_settings() {
 	[ -n "$intf" ] && [ "$iface" != "$intf" ] && return 0
 	[ -z "$iface" ] && return 0
 	[ -n "$(ifconfig | grep $iface)" ] || return 0
-
+	[ "$(echo $iface | grep _dev)" != "" ] && return 0
 	config_get mode "$config" multipath "off"
 	[ "$mode" = "master" ] && mode="on"
 	multipath "$iface" "$mode"
diff --git a/shadowsocks-libev/files/ss-rules b/shadowsocks-libev/files/ss-rules
index 4245159e1..e30acd1c1 100755
--- a/shadowsocks-libev/files/ss-rules
+++ b/shadowsocks-libev/files/ss-rules
@@ -192,7 +192,6 @@ ss_rules_iptchains_init_tcp() {
 		-A ss_rules_local_out -m set --match-set ss_rules_dst_bypass dst -j RETURN
 		-A ss_rules_local_out -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
 		-A ss_rules_local_out -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
-		-A ss_rules_local_out -m mark ! --mark 0 -j RETURN
 		-A ss_rules_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
 		COMMIT
 	EOF
@@ -251,7 +250,6 @@ ss_rules_iptchains_init_() {
 		-A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-mark 0x539
 		-A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
 		-A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass dst -j RETURN
-		-A ss_rules_pre_src -m mark ! --mark 0 -j RETURN
 		-A ss_rules_dst -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
 		-A ss_rules_dst -m set --match-set ss_rules_dst_bypass dst -j RETURN
 		-A ss_rules_pre_src -p $proto $o_ipt_extra -j ss_rules_src