mptcp/openmptcprouter-feeds
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-feeds.git synced 2025-03-09 15:40:03 +00:00
Code Issues Releases Wiki Activity

Fix error in log when launching omr-bypass

Browse source
This commit is contained in:
Ycarus (Yannick Chabanois) 2020-05-11 09:58:20 +02:00
parent f7476239ad
commit 746927113b
1 changed files with 107 additions and 83 deletions
Download patch file Download diff file Expand all files Collapse all files

190
luci-app-omr-bypass/root/etc/init.d/omr-bypass
View file

@ -57,10 +57,12 @@ _bypass_domain() {
for ip in $resolve; do for ip in $resolve; do
_bypass_ip $ip $intf _bypass_ip $ip $intf
done done
resolve=$(dig aaaa +timeout=1 +nocmd +noall +answer $domain | awk '{print $5}') if [ "$disableipv6" != "1" ]; then
for ip in $resolve; do resolve=$(dig aaaa +timeout=1 +nocmd +noall +answer $domain | awk '{print $5}')
_bypass_ip $ip $intf for ip in $resolve; do
done _bypass_ip $ip $intf
done
fi
fi fi
if [ "$(uci -q get dhcp.@dnsmasq[0].ipset | grep /$domain/)" = "" ]; then if [ "$(uci -q get dhcp.@dnsmasq[0].ipset | grep /$domain/)" = "" ]; then
uci -q add_list dhcp.@dnsmasq[0].ipset="/$domain/omr_dst_bypass_$intf,omr6_dst_bypass_$intf" uci -q add_list dhcp.@dnsmasq[0].ipset="/$domain/omr_dst_bypass_$intf,omr6_dst_bypass_$intf"
@ -92,22 +94,26 @@ _bypass_mac() {
-A omr-bypass -m mac --mac-source $mac -j MARK --set-mark 0x539 -A omr-bypass -m mac --mac-source $mac -j MARK --set-mark 0x539
COMMIT COMMIT
EOF EOF
ip6tables-restore -w --wait=60 --noflush <<-EOF if [ "$disableipv6" != "1" ]; then
*mangle ip6tables-restore -w --wait=60 --noflush <<-EOF
-A omr-bypass6 -m mac --mac-source $mac -j MARK --set-mark 0x6539 *mangle
COMMIT -A omr-bypass6 -m mac --mac-source $mac -j MARK --set-mark 0x6539
EOF COMMIT
EOF
fi
else else
iptables-restore -w --wait=60 --noflush <<-EOF iptables-restore -w --wait=60 --noflush <<-EOF
*mangle *mangle
-A omr-bypass -m mac --mac-source $mac -j MARK --set-mark 0x539$intfid -A omr-bypass -m mac --mac-source $mac -j MARK --set-mark 0x539$intfid
COMMIT COMMIT
EOF EOF
ip6tables-restore -w --wait=60 --noflush <<-EOF if [ "$disableipv6" != "1" ]; then
*mangle ip6tables-restore -w --wait=60 --noflush <<-EOF
-A omr-bypass6 -m mac --mac-source $mac -j MARK --set-mark 0x6539$intfid *mangle
COMMIT -A omr-bypass6 -m mac --mac-source $mac -j MARK --set-mark 0x6539$intfid
EOF COMMIT
EOF
fi
fi fi
} }
@ -162,6 +168,7 @@ _bypass_dest_port() {
[ -z "$intf" ] && intf="all" [ -z "$intf" ] && intf="all"
[ -z "$dport" ] && return [ -z "$dport" ] && return
dport="$(echo $dport | sed 's/-/:/')"
[ -z "$proto" ] && return [ -z "$proto" ] && return
if [ "$intf" = "all" ]; then if [ "$intf" = "all" ]; then
iptables-restore -w --wait=60 --noflush <<-EOF iptables-restore -w --wait=60 --noflush <<-EOF
@ -169,22 +176,26 @@ _bypass_dest_port() {
-A omr-bypass --protocol $proto --destination-port $dport -j MARK --set-mark 0x539 -A omr-bypass --protocol $proto --destination-port $dport -j MARK --set-mark 0x539
COMMIT COMMIT
EOF EOF
ip6tables-restore -w --wait=60 --noflush <<-EOF if [ "$disableipv6" != "1" ]; then
*mangle ip6tables-restore -w --wait=60 --noflush <<-EOF
-A omr-bypass6 --protocol $proto --destination-port $dport -j MARK --set-mark 0x6539 *mangle
COMMIT -A omr-bypass6 --protocol $proto --destination-port $dport -j MARK --set-mark 0x6539
EOF COMMIT
EOF
fi
else else
iptables-restore -w --wait=60 --noflush <<-EOF iptables-restore -w --wait=60 --noflush <<-EOF
*mangle *mangle
-A omr-bypass --protocol $proto --destination-port $dport -j MARK --set-mark 0x539$intfid -A omr-bypass --protocol $proto --destination-port $dport -j MARK --set-mark 0x539$intfid
COMMIT COMMIT
EOF EOF
ip6tables-restore -w --wait=60 --noflush <<-EOF if [ "$disableipv6" != "1" ]; then
*mangle ip6tables-restore -w --wait=60 --noflush <<-EOF
-A omr-bypass6 --protocol $proto --destination-port $dport -j MARK --set-mark 0x6539$intfid *mangle
COMMIT -A omr-bypass6 --protocol $proto --destination-port $dport -j MARK --set-mark 0x6539$intfid
EOF COMMIT
EOF
fi
fi fi
} }
@ -203,22 +214,26 @@ _bypass_proto() {
-A omr-bypass-dpi -m ndpi --proto $proto -j MARK --set-mark 0x539 -A omr-bypass-dpi -m ndpi --proto $proto -j MARK --set-mark 0x539
COMMIT COMMIT
EOF EOF
ip6tables-restore -w --wait=60 --noflush <<-EOF if [ "$disableipv6" != "1" ]; then
*mangle ip6tables-restore -w --wait=60 --noflush <<-EOF
-A omr-bypass6-dpi -m ndpi --proto $proto -j MARK --set-mark 0x6539 *mangle
COMMIT -A omr-bypass6-dpi -m ndpi --proto $proto -j MARK --set-mark 0x6539
EOF COMMIT
EOF
fi
else else
iptables-restore -w --wait=60 --noflush <<-EOF iptables-restore -w --wait=60 --noflush <<-EOF
*mangle *mangle
-A omr-bypass-dpi -m ndpi --proto $proto -j MARK --set-mark 0x539$intfid -A omr-bypass-dpi -m ndpi --proto $proto -j MARK --set-mark 0x539$intfid
COMMIT COMMIT
EOF EOF
ip6tables-restore -w --wait=60 --noflush <<-EOF if [ "$disableipv6" != "1" ]; then
*mangle ip6tables-restore -w --wait=60 --noflush <<-EOF
-A omr-bypass6-dpi -m ndpi --proto $proto -j MARK --set-mark 0x6539$intfid *mangle
COMMIT -A omr-bypass6-dpi -m ndpi --proto $proto -j MARK --set-mark 0x6539$intfid
EOF COMMIT
EOF
fi
fi fi
# Use dnsmasq ipset to bypass domains of the proto # Use dnsmasq ipset to bypass domains of the proto
local domains local domains
@ -289,23 +304,25 @@ _intf_rule() {
COMMIT COMMIT
EOF EOF
fi fi
if [ "$(ip6tables --wait=40 -t mangle -L | grep omr6_dst_bypass_$intf)" = "" ]; then if [ "$disableipv6" != "1" ]; then
ip6tables-restore -w --wait=60 --noflush <<-EOF if [ "$(ip6tables --wait=40 -t mangle -L | grep omr6_dst_bypass_$intf)" = "" ]; then
*mangle ip6tables-restore -w --wait=60 --noflush <<-EOF
-I omr-bypass6 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count *mangle
COMMIT -I omr-bypass6 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
EOF COMMIT
fi EOF
if [ "$(ip6tables --wait=40 -t nat -L | grep ss_rules6_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L | grep omr6_dst_bypass_$intf)" = "" ]; then fi
ip6tables-restore -w --wait=60 --noflush <<-EOF if [ "$(ip6tables --wait=40 -t nat -L | grep ss_rules6_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L | grep omr6_dst_bypass_$intf)" = "" ]; then
*nat ip6tables-restore -w --wait=60 --noflush <<-EOF
-I ss_rules6_dst 1 -m set --match-set omr6_dst_bypass_$intf dst -j RETURN *nat
-I ss_rules6_local_out 1 -m set --match-set omr6_dst_bypass_$intf dst -j RETURN -I ss_rules6_dst 1 -m set --match-set omr6_dst_bypass_$intf dst -j RETURN
-I ss_rules6_local_out 2 -m mark --mark 0x6539$count -j RETURN -I ss_rules6_local_out 1 -m set --match-set omr6_dst_bypass_$intf dst -j RETURN
-I ss_rules6_pre_src 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count -I ss_rules6_local_out 2 -m mark --mark 0x6539$count -j RETURN
-I ss_rules6_pre_src 2 -m mark --mark 0x6539$count -j RETURN -I ss_rules6_pre_src 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
COMMIT -I ss_rules6_pre_src 2 -m mark --mark 0x6539$count -j RETURN
EOF COMMIT
EOF
fi
fi fi
uci -q set omr-bypass.$intf=interface uci -q set omr-bypass.$intf=interface
uci -q set omr-bypass.$intf.id=$count uci -q set omr-bypass.$intf.id=$count
@ -353,6 +370,7 @@ start_service() {
logger -t "omr-bypass" "Starting OMR-ByPass..." logger -t "omr-bypass" "Starting OMR-ByPass..."
config_load omr-bypass config_load omr-bypass
config_foreach _add_proto proto config_foreach _add_proto proto
disableipv6="$(uci -q get openmptcprouter.settings.disable_ipv6)"
[ -n "$RELOAD" ] && [ "$(ipset --list | grep omr_dst_bypass_all)" = "" ] && { [ -n "$RELOAD" ] && [ "$(ipset --list | grep omr_dst_bypass_all)" = "" ] && {
unset RELOAD unset RELOAD
@ -372,13 +390,15 @@ start_service() {
-I PREROUTING 1 -m addrtype ! --dst-type LOCAL -j omr-bypass -I PREROUTING 1 -m addrtype ! --dst-type LOCAL -j omr-bypass
COMMIT COMMIT
EOF EOF
ip6tables-save --counters | grep -v omr-bypass6 | ip6tables-restore -w --counters if [ "$disableipv6" != "1" ]; then
ip6tables-restore -w --wait=60 --noflush <<-EOF ip6tables-save --counters | grep -v omr-bypass6 | ip6tables-restore -w --counters
*mangle ip6tables-restore -w --wait=60 --noflush <<-EOF
:omr-bypass6 - *mangle
-I PREROUTING 1 -m addrtype ! --dst-type LOCAL -j omr-bypass6 :omr-bypass6 -
COMMIT -I PREROUTING 1 -m addrtype ! --dst-type LOCAL -j omr-bypass6
EOF COMMIT
EOF
fi
config_load network config_load network
config_foreach _intf_rule interface config_foreach _intf_rule interface
@ -433,23 +453,25 @@ start_service() {
COMMIT COMMIT
EOF EOF
fi fi
if [ "$(ip6tables --wait=40 -t mangle -L | grep 'match-set omr6_dst_bypass_all dst MARK set')" = "" ]; then if [ "$disableipv6" != "1" ]; then
ip6tables-restore --wait=60 --noflush <<-EOF if [ "$(ip6tables --wait=40 -t mangle -L | grep 'match-set omr6_dst_bypass_all dst MARK set')" = "" ]; then
*mangle ip6tables-restore -w --wait=60 --noflush <<-EOF
-A omr-bypass6 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539 *mangle
COMMIT -A omr-bypass6 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
EOF COMMIT
fi EOF
if [ "$(ip6tables --wait=40 -t nat -L | grep ss_rules6_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L | grep omr6_dst_bypass_all)" = "" ]; then fi
ip6tables-restore --wait=60 --noflush <<-EOF if [ "$(ip6tables --wait=40 -t nat -L | grep ss_rules6_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L | grep omr6_dst_bypass_all)" = "" ]; then
*nat ip6tables-restore -w --wait=60 --noflush <<-EOF
-I ss_rules6_dst 1 -m set --match-set omr6_dst_bypass_all dst -j RETURN *nat
-I ss_rules6_local_out 1 -m set --match-set omr6_dst_bypass_all dst -j RETURN -I ss_rules6_dst 1 -m set --match-set omr6_dst_bypass_all dst -j RETURN
-I ss_rules6_local_out 2 -m mark --mark 0x6539 -j RETURN -I ss_rules6_local_out 1 -m set --match-set omr6_dst_bypass_all dst -j RETURN
-I ss_rules6_pre_src 1 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539 -I ss_rules6_local_out 2 -m mark --mark 0x6539 -j RETURN
-I ss_rules6_pre_src 2 -m mark --mark 0x6539 -j RETURN -I ss_rules6_pre_src 1 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
COMMIT -I ss_rules6_pre_src 2 -m mark --mark 0x6539 -j RETURN
EOF COMMIT
EOF
fi
fi fi
iptables-save --counters | grep -v omr-bypass-dpi | iptables-restore -w --counters iptables-save --counters | grep -v omr-bypass-dpi | iptables-restore -w --counters
@ -460,14 +482,16 @@ start_service() {
-A POSTROUTING -m addrtype --dst-type LOCAL -j omr-bypass-dpi -A POSTROUTING -m addrtype --dst-type LOCAL -j omr-bypass-dpi
COMMIT COMMIT
EOF EOF
ip6tables-save --counters | grep -v omr-bypass6-dpi | ip6tables-restore --counters if [ "$disableipv6" != "1" ]; then
ip6tables-restore --wait=60 --noflush <<-EOF ip6tables-save --counters | grep -v omr-bypass6-dpi | ip6tables-restore -w --counters
*mangle ip6tables-restore -w --wait=60 --noflush <<-EOF
:omr-bypass6-dpi - *mangle
-A PREROUTING -m addrtype ! --dst-type LOCAL -j omr-bypass6-dpi :omr-bypass6-dpi -
-A POSTROUTING -m addrtype --dst-type LOCAL -j omr-bypass6-dpi -A PREROUTING -m addrtype ! --dst-type LOCAL -j omr-bypass6-dpi
COMMIT -A POSTROUTING -m addrtype --dst-type LOCAL -j omr-bypass6-dpi
EOF COMMIT
EOF
fi
config_load omr-bypass config_load omr-bypass
config_foreach _bypass_proto dpis config_foreach _bypass_proto dpis