No more wildcard mark check for bypass

luci-app-omr-bypass/luasrc/model/cbi/omr-bypass.lua

@@ -6,7 +6,7 @@ local sys = require "luci.sys"
 local net = require "luci.model.network".init()
 local ifaces = net:get_interfaces() or { net:get_interface() }
 
-m = Map("omr-bypass", translate("Bypass"))
+m = Map("omr-bypass", translate("Bypass"), translate("Here you can bypass ShadowSocks and VPN. If you set Interface to Default this use any working interface."))
 
 s = m:section(TypedSection, "domains", translate("Domains"))
 s.addremove = true
@@ -60,13 +60,15 @@ ifp.rmempty  = true
 ifd.default = "all"
 ifi.default = "all"
 ifp.default = "all"
-ifd:value("all",translate("Master interface"))
-ifi:value("all",translate("Master interface"))
-ifp:value("all",translate("Master interface"))
+ifd:value("all",translate("Default"))
+ifi:value("all",translate("Default"))
+ifp:value("all",translate("Default"))
 for _, iface in ipairs(ifaces) do
+	if iface:is_up() then
 		ifd:value(iface:name(),"%s" % iface:name())
 		ifi:value(iface:name(),"%s" % iface:name())
 		ifp:value(iface:name(),"%s" % iface:name())
 	end
+end
 
 return m

luci-app-omr-bypass/root/etc/init.d/omr-bypass

@@ -65,6 +65,7 @@ _intf_rule() {
 	local mode
 	config_get mode $1 multipath "off"
 	[ "$mode" = "off" ] && return
+	[ "$(echo $1 | grep _dev)" != "" ] && return
 	ipset -q flush ss_rules_dst_bypass_$intf > /dev/null 2>&1
 	ipset -q flush ss_rules6_dst_bypass_$intf > /dev/null 2>&1
 	ipset -q --exist restore <<-EOF
@@ -79,6 +80,14 @@ _intf_rule() {
 		-A PREROUTING -m set --match-set ss_rules_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
 		COMMIT
 		EOF
+		if [ "$(iptables -w 40 -t nat -L | grep ss_rules_pre_src)" != "" ]; then
+			iptables-restore --wait=60 --noflush <<-EOF
+			*nat
+			-I ss_rules_pre_src 1 -m mark --mark 0x539$count -j RETURN
+			-I ss_rules_local_out 1 -m mark --mark 0x539$count -j RETURN
+			COMMIT
+			EOF
+		fi
 	fi
 	if [ "$(ip6tables -w 40 -t mangle -L | grep ss_rules6_dst_bypass_$intf)" = "" ]; then
 		ip6tables-restore --wait=60 --noflush <<-EOF
@@ -86,6 +95,14 @@ _intf_rule() {
 		-A PREROUTING -m set --match-set ss_rules6_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
 		COMMIT
 		EOF
+		if [ "$(ip6tables -w 40 -t nat -L | grep ss_rules6_pre_src)" != "" ]; then
+			iptables-restore --wait=60 --noflush <<-EOF
+			*nat
+			-I ss_rules6_pre_src 1 -m mark --mark 0x539$count -j RETURN
+			-I ss_rules6_local_out 1 -m mark --mark 0x539$count -j RETURN
+			COMMIT
+			EOF
+		fi
 	fi
 	uci -q set omr-bypass.$intf=interface
 	uci -q set omr-bypass.$intf.id=$count

mptcp/files/etc/init.d/mptcp

@@ -49,7 +49,7 @@ interface_multipath_settings() {
 	[ -n "$intf" ] && [ "$iface" != "$intf" ] && return 0
 	[ -z "$iface" ] && return 0
 	[ -n "$(ifconfig | grep $iface)" ] || return 0
-
+	[ "$(echo $iface | grep _dev)" != "" ] && return 0
 	config_get mode "$config" multipath "off"
 	[ "$mode" = "master" ] && mode="on"
 	multipath "$iface" "$mode"

shadowsocks-libev/files/ss-rules

@@ -192,7 +192,6 @@ ss_rules_iptchains_init_tcp() {
 		-A ss_rules_local_out -m set --match-set ss_rules_dst_bypass dst -j RETURN
 		-A ss_rules_local_out -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
 		-A ss_rules_local_out -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
-		-A ss_rules_local_out -m mark ! --mark 0 -j RETURN
 		-A ss_rules_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
 		COMMIT
 	EOF
@@ -251,7 +250,6 @@ ss_rules_iptchains_init_() {
 		-A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-mark 0x539
 		-A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
 		-A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass dst -j RETURN
-		-A ss_rules_pre_src -m mark ! --mark 0 -j RETURN
 		-A ss_rules_dst -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
 		-A ss_rules_dst -m set --match-set ss_rules_dst_bypass dst -j RETURN
 		-A ss_rules_pre_src -p $proto $o_ipt_extra -j ss_rules_src