From 8ac9d01dbf37442fda4f4183b3a8a528dbb0745b Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 15 Oct 2020 15:23:01 +0200 Subject: [PATCH] Update omr-bypass for v2ray --- .../root/etc/init.d/omr-bypass | 84 ++++++++++++++++++- 1 file changed, 82 insertions(+), 2 deletions(-) diff --git a/luci-app-omr-bypass/root/etc/init.d/omr-bypass b/luci-app-omr-bypass/root/etc/init.d/omr-bypass index 29535f3f9..10f715bd2 100755 --- a/luci-app-omr-bypass/root/etc/init.d/omr-bypass +++ b/luci-app-omr-bypass/root/etc/init.d/omr-bypass @@ -342,7 +342,7 @@ _bypass_proto() { _intf_rule_ss_rules() { rule_name=$1 [ "$rule_name" = "ss_rules" ] && rule_name="def" - if [ "$(iptables --wait=40 -t nat -L -n | grep ssr_${rule_name}_pre_src)" != "" ] && [ "$(iptables --wait=40 -t nat -L -n | grep omr_dst_bypass_$intf)" = "" ]; then + if [ "$(iptables --wait=40 -t nat -L -n | grep ssr_${rule_name}_pre_src)" != "" ] && [ "$(iptables --wait=40 -t nat -L -n | grep ssr | grep omr_dst_bypass_$intf)" = "" ]; then iptables-restore -w --wait=60 --noflush <<-EOF *nat -I ssr_${rule_name}_dst 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count @@ -362,7 +362,7 @@ _intf_rule_ss_rules() { COMMIT EOF fi - if [ "$(ip6tables --wait=40 -t nat -L -n | grep ssr6_${rule_name}_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L -n | grep omr6_dst_bypass_$intf)" = "" ]; then + if [ "$(ip6tables --wait=40 -t nat -L -n | grep ssr6_${rule_name}_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L -n | grep ssr6 | grep omr6_dst_bypass_$intf)" = "" ]; then ip6tables-restore -w --wait=60 --noflush <<-EOF *nat -I ssr6_${rule_name}_dst 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count @@ -377,6 +377,45 @@ _intf_rule_ss_rules() { fi } +_intf_rule_v2ray_rules() { + #rule_name=$1 + #[ "$rule_name" = "ss_rules" ] && rule_name="def" + rule_name="def" + if [ "$(iptables --wait=40 -t nat -L -n | grep v2r_${rule_name}_pre_src)" != "" ] && [ "$(iptables --wait=40 -t nat -L -n | grep v2r | grep omr_dst_bypass_$intf)" = "" ]; then + iptables-restore -w --wait=60 --noflush <<-EOF + *nat + -I v2r_${rule_name}_dst 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count + -I v2r_${rule_name}_dst 2 -m mark --mark 0x539$count -j RETURN + -I v2r_${rule_name}_local_out 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count + -I v2r_${rule_name}_local_out 2 -m mark --mark 0x539$count -j RETURN + -I v2r_${rule_name}_pre_src 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count + -I v2r_${rule_name}_pre_src 2 -m mark --mark 0x539$count -j RETURN + COMMIT + EOF + fi + if [ "$disableipv6" != "1" ]; then + if [ "$(ip6tables --wait=40 -t mangle -L -n | grep omr6_dst_bypass_$intf)" = "" ]; then + ip6tables-restore -w --wait=60 --noflush <<-EOF + *mangle + -I omr-bypass6 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count + COMMIT + EOF + fi + if [ "$(ip6tables --wait=40 -t nat -L -n | grep v2r6_${rule_name}_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L -n | grep v2r6 | grep omr6_dst_bypass_$intf)" = "" ]; then + ip6tables-restore -w --wait=60 --noflush <<-EOF + *nat + -I v2r6_${rule_name}_dst 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count + -I v2r6_${rule_name}_dst 2 -m mark --mark 0x6539$count -j RETURN + -I v2r6_${rule_name}_local_out 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count + -I v2r6_${rule_name}_local_out 2 -m mark --mark 0x6539$count -j RETURN + -I v2r6_${rule_name}_pre_src 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count + -I v2r6_${rule_name}_pre_src 2 -m mark --mark 0x6539$count -j RETURN + COMMIT + EOF + fi + fi +} + _intf_rule() { local intf config_get intf $1 ifname @@ -425,6 +464,7 @@ _intf_rule() { fi config_load shadowsocks-libev config_foreach _intf_rule_ss_rules ss_rules + _intf_rule_v2ray_rules uci -q set omr-bypass.$intf=interface uci -q set omr-bypass.$intf.id=$count @@ -507,6 +547,45 @@ _ss_rules_config() { fi } +_v2ray_rules_config() { + #rule_name=$1 + #[ "$rule_name" = "ss_rules" ] && rule_name="def" + rule_name="def" + if [ "$(iptables --wait=40 -t nat -L -n | grep v2r_${rule_name}_pre_src)" != "" ] && [ "$(iptables --wait=40 -t nat -L -n | grep omr_dst_bypass_all)" = "" ]; then + iptables-restore -w --wait=60 --noflush <<-EOF + *nat + -I v2r_${rule_name}_dst 1 -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539 + -I v2r_${rule_name}_dst 1 -m mark --mark 0x539 -j RETURN + -I v2r_${rule_name}_local_out 1 -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539 + -I v2r_${rule_name}_local_out 2 -m mark --mark 0x539 -j RETURN + -I v2r_${rule_name}_pre_src 1 -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539 + -I v2r_${rule_name}_pre_src 2 -m mark --mark 0x539 -j RETURN + COMMIT + EOF + fi + if [ "$disableipv6" != "1" ]; then + if [ "$(ip6tables --wait=40 -t mangle -L -n | grep 'match-set omr6_dst_bypass_all dst MARK set')" = "" ]; then + ip6tables-restore -w --wait=60 --noflush <<-EOF + *mangle + -A omr-bypass6 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539 + COMMIT + EOF + fi + if [ "$(ip6tables --wait=40 -t nat -L -n | grep v2r6_${rule_name}_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L -n | grep omr6_dst_bypass_all)" = "" ]; then + ip6tables-restore -w --wait=60 --noflush <<-EOF + *nat + -I v2r6_${rule_name}_dst 1 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539 + -I v2r6_${rule_name}_dst 1 -m mark --mark 0x6539 -j RETURN + -I v2r6_${rule_name}_local_out 1 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539 + -I v2r6_${rule_name}_local_out 2 -m mark --mark 0x6539 -j RETURN + -I v2r6_${rule_name}_pre_src 1 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539 + -I v2r6_${rule_name}_pre_src 2 -m mark --mark 0x6539 -j RETURN + COMMIT + EOF + fi + fi +} + boot() { BOOT=1 start "$@" @@ -606,6 +685,7 @@ start_service() { config_load shadowsocks-libev config_foreach _ss_rules_config + _v2ray_rules_config iptables-save --counters | grep -v omr-bypass-dpi | iptables-restore -w --counters iptables-restore -w --wait=60 --noflush <<-EOF