From 96eebe07cbf6e962b3937ba42b5aea082f13d070 Mon Sep 17 00:00:00 2001
From: "Ycarus (Yannick Chabanois)" <ycarus@zugaina.org>
Date: Fri, 4 Sep 2020 22:00:21 +0200
Subject: [PATCH] Update v2ray support

---
 v2ray-core/files/etc/init.d/v2ray             | 53 ++++++++++++--
 .../files/etc/uci-defaults/3010-omr-v2ray     | 10 +++
 v2ray-core/files/usr/bin/v2ray-rules          | 70 +++++++++----------
 3 files changed, 91 insertions(+), 42 deletions(-)

diff --git a/v2ray-core/files/etc/init.d/v2ray b/v2ray-core/files/etc/init.d/v2ray
index 9b4ec97d5..2205b7d0f 100755
--- a/v2ray-core/files/etc/init.d/v2ray
+++ b/v2ray-core/files/etc/init.d/v2ray
@@ -7,6 +7,7 @@
 
 START=99
 USE_PROCD=1
+EXTRA_COMMANDS="rules_up rules_down rules_exist"
 
 NAME=v2ray
 CONFIG_FOLDER=/var/etc/$NAME
@@ -278,7 +279,7 @@ inbound_section_validate() {
 		'ss_tls_allow_insecure_ciphers:bool:0' \
 		'ss_tls_disable_system_root:bool:0' \
 		'ss_tls_cert_usage:or("encipherment", "verify", "issue")' \
-		'ss_tls_cert_fiile:string' \
+		'ss_tls_cert_file:string' \
 		'ss_tls_key_file:string' \
 		'ss_tcp_header_type:or("none", "http")' \
 		'ss_tcp_header_request_version:string' \
@@ -364,7 +365,7 @@ outbound_section_validate() {
 		'ss_tls_allow_insecure_ciphers:bool:0' \
 		'ss_tls_disable_system_root:bool:0' \
 		'ss_tls_cert_usage:or("encipherment", "verify", "issue")' \
-		'ss_tls_cert_fiile:string' \
+		'ss_tls_cert_file:string' \
 		'ss_tls_key_file:string' \
 		'ss_tcp_header_type:or("none", "http")' \
 		'ss_tcp_header_request_version:string' \
@@ -410,7 +411,7 @@ add_v2ray_redirect_rules() {
 	local ipset_dst_direct="$IPSET_DST_DIRECT_V4"
 
 	test -n "$port" || return
-	logger -t "v2ray" "v2ray-rules -l ${port} -L ${port} -s $OUTBOUND_SERVERS_V4 --rule-name def --src-default forward --dst-default forward --local-default forward"
+	#logger -t "v2ray" "v2ray-rules -l ${port} -L ${port} -s $OUTBOUND_SERVERS_V4 --rule-name def --src-default forward --dst-default forward --local-default forward"
 	v2ray-rules -l ${port} -L ${port} -s $OUTBOUND_SERVERS_V4 --rule-name def --src-default forward --dst-default forward --local-default forward
 }
 
@@ -1076,10 +1077,10 @@ add_inbound_setting() {
 		json_add_boolean "disableSystemRoot" "$ss_tls_disable_system_root"
 
 		json_add_array "certificates"
-		if [ -n "$ss_tls_cert_fiile" ] ; then
+		if [ -n "$ss_tls_cert_file" ] ; then
 			json_add_object ""
 
-			json_add_string "certificateFile" "$ss_tls_cert_fiile"
+			json_add_string "certificateFile" "$ss_tls_cert_file"
 			json_add_string "keyFile" "$ss_tls_key_file"
 			test -n "$ss_tls_cert_usage" && \
 				json_add_string "usage" "$ss_tls_cert_usage"
@@ -1534,9 +1535,9 @@ add_outbound_setting() {
 		json_add_boolean "disableSystemRoot" "$ss_tls_disable_system_root"
 
 		json_add_array "certificates"
-		if [ -n "$ss_tls_cert_fiile" ] ; then
+		if [ -n "$ss_tls_cert_file" ] ; then
 			json_add_object ""
-			json_add_string "certificateFile" "$ss_tls_cert_fiile"
+			json_add_string "certificateFile" "$ss_tls_cert_file"
 			json_add_string "keyFile" "$ss_tls_key_file"
 			test -n "$ss_tls_cert_usage" && \
 				json_add_string "usage" "$ss_tls_cert_usage"
@@ -2069,6 +2070,44 @@ start_instance() {
 	procd_close_instance
 }
 
+rules_exist() {
+	[ -n "$(iptables -t nat -L -n | grep v2r)" ] && return 0
+	return 1
+}
+
+rules_up() {
+	rules_exist && return 0
+	enabled="0"
+	config_load v2ray
+	config_get enabled main enabled "0"
+	[ "$enabled" = "0" ] && return
+	logger -t "V2Ray" "Rules UP"
+	[ -x "$bin" ] && {
+		"$bin" >/dev/null 2>&1
+	}
+	local bin6="/usr/bin/v2ray-rules6"
+	[ -x "$bin6" ] && {
+		"$bin6" >/dev/null 2>&1
+	}
+	[ -f /etc/init.d/omr-bypass ] && {
+		logger -t "V2Ray" "Reload omr-bypass rules"
+		/etc/init.d/omr-bypass reload_rules
+	}
+}
+
+rules_down() {
+	rules_exist || return 0
+	logger -t "V2Ray" "Rules DOWN"
+	local bin="/usr/bin/v2ray-rules"
+	[ -x "$bin" ] && {
+		"$bin" -f >/dev/null 2>&1
+	}
+	local bin6="/usr/bin/v2ray-rules6"
+	[ -x "$bin6" ] && {
+		"$bin6" -f >/dev/null 2>&1
+	}
+}
+
 start_service() {
 	clear_transparent_proxy
 
diff --git a/v2ray-core/files/etc/uci-defaults/3010-omr-v2ray b/v2ray-core/files/etc/uci-defaults/3010-omr-v2ray
index d51162ab8..5cc5bc145 100644
--- a/v2ray-core/files/etc/uci-defaults/3010-omr-v2ray
+++ b/v2ray-core/files/etc/uci-defaults/3010-omr-v2ray
@@ -12,6 +12,7 @@ if [ -z "$(uci -q get v2ray.main2)" ]; then
 		set v2ray.main.enabled='0'
 		set v2ray.main.outbounds='omrout'
 		set v2ray.main.inbounds='omr'
+		add_list v2ray.main.inbounds='omrtest'
 		set v2ray.main_dns=dns
 		set v2ray.main_dns.hosts='example.com|127.0.0.1'
 		set v2ray.main_dns.enabled='0'
@@ -56,6 +57,7 @@ if [ -z "$(uci -q get v2ray.main2)" ]; then
 		set v2ray.omrout.ss_tls_allow_insecure='1'
 		set v2ray.omrout.ss_tls_disable_system_root='1'
 		set v2ray.omrout.ss_tls_cert_usage='verify'
+		set v2ray.omrout.ss_tls_cert_file='/etc/luci-uploads/client.crt'
 		set v2ray.omrout.ss_tls_key_file='/etc/luci-uploads/client.key'
 		set v2ray.omrout.mux_concurrency='8'
 		set v2ray.omr=inbound
@@ -68,6 +70,14 @@ if [ -z "$(uci -q get v2ray.main2)" ]; then
 		set v2ray.omr.ss_sockopt_tproxy='redirect'
 		set v2ray.omr.ss_sockopt_tcp_fast_open='1'
 		set v2ray.omr.s_dokodemo_door_follow_redirect='1'
+		set v2ray.omrtest=inbound
+		set v2ray.omrtest.port='1111'
+		set v2ray.omrtest.protocol='socks'
+		set v2ray.omrtest.listen='127.0.0.1'
+		set v2ray.omrtest.s_socks_auth='noauth'
+		set v2ray.omrtest.s_socks_udp='1'
+		set v2ray.omrtest.s_socks_ip='127.0.0.1'
+		set v2ray.omrtest.s_socks_userlevel='0
 		commit v2ray
 	EOF
 fi
diff --git a/v2ray-core/files/usr/bin/v2ray-rules b/v2ray-core/files/usr/bin/v2ray-rules
index b1d1eb7a0..3e46911f6 100755
--- a/v2ray-core/files/usr/bin/v2ray-rules
+++ b/v2ray-core/files/usr/bin/v2ray-rules
@@ -188,13 +188,13 @@ v2r_rules_iptchains_init_tcp() {
 
 	iptables-restore -w --noflush <<-EOF
 		*nat
-		:v2r_rules_${rule}_local_out -
-		-I OUTPUT 1 -p tcp -j v2r_rules_${rule}_local_out
-		-A v2r_rules_${rule}_local_out -m set --match-set ss_rules_dst_bypass dst -j RETURN
-		-A v2r_rules_${rule}_local_out -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
-		-A v2r_rules_${rule}_local_out -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
-		-A v2r_rules_${rule}_local_out -m mark --mark 0x539 -j RETURN
-		-A v2r_rules_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
+		:v2r_${rule}_local_out -
+		-I OUTPUT 1 -p tcp -j v2r_${rule}_local_out
+		-A v2r_${rule}_local_out -m set --match-set ss_rules_dst_bypass dst -j RETURN
+		-A v2r_${rule}_local_out -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
+		-A v2r_${rule}_local_out -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
+		-A v2r_${rule}_local_out -m mark --mark 0x539 -j RETURN
+		-A v2r_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
 		COMMIT
 	EOF
 }
@@ -213,56 +213,56 @@ v2r_rules_iptchains_init_() {
 
 	case "$proto" in
 		tcp)
-			forward_rules="-A v2r_rules_${rule}_forward -p tcp -j REDIRECT --to-ports $o_redir_tcp_port"
+			forward_rules="-A v2r_${rule}_forward -p tcp -j REDIRECT --to-ports $o_redir_tcp_port"
 			if [ -n "$o_dst_forward_recentrst" ]; then
 				recentrst_mangle_rules="
 					*mangle
-					-I PREROUTING 1 -p tcp -m tcp --tcp-flags RST RST -m recent --name v2r_rules_recentrst --set --rsource
+					-I PREROUTING 1 -p tcp -m tcp --tcp-flags RST RST -m recent --name v2r_recentrst --set --rsource
 					COMMIT
 				"
 				recentrst_addset_rules="
-					-A v2r_rules_${rule}_dst -m recent --name v2r_rules_recentrst --rcheck --rdest --seconds 3 --hitcount 3 -j SET --add-set ss_rules_dst_forward_recentrst_ dst --exist
-					-A v2r_rules_${rule}_dst -m set --match-set ss_rules_dst_forward_recentrst_ dst -j v2r_rules_${rule}_forward
+					-A v2r_${rule}_dst -m recent --name v2r_recentrst --rcheck --rdest --seconds 3 --hitcount 3 -j SET --add-set ss_rules_dst_forward_recentrst_ dst --exist
+					-A v2r_${rule}_dst -m set --match-set ss_rules_dst_forward_recentrst_ dst -j v2r_${rule}_forward
 				"
 			fi
 			;;
 		udp)
 			ip rule add fwmark 1 lookup 100
 			ip route add local default dev lo table 100
-			forward_rules="-A v2r_rules_${rule}_forward -p udp -j TPROXY --on-port "$o_redir_udp_port" --tproxy-mark 0x01/0x01"
+			forward_rules="-A v2r_${rule}_forward -p udp -j TPROXY --on-port "$o_redir_udp_port" --tproxy-mark 0x01/0x01"
 			;;
 	esac
 	case "$o_src_default" in
-		forward) src_default_target=v2r_rules_${rule}_forward ;;
-		checkdst) src_default_target=v2r_rules_${rule}_dst ;;
+		forward) src_default_target=v2r_${rule}_forward ;;
+		checkdst) src_default_target=v2r_${rule}_dst ;;
 		bypass|*) src_default_target=RETURN ;;
 	esac
 	case "$o_dst_default" in
-		forward) dst_default_target=v2r_rules_${rule}_forward ;;
+		forward) dst_default_target=v2r_${rule}_forward ;;
 		bypass|*) dst_default_target=RETURN ;;
 	esac
 	sed -e '/^\s*$/d' -e 's/^\s\+//' <<-EOF | iptables-restore -w --noflush
 		*$table
-		:v2r_rules_${rule}_pre_src -
-		:v2r_rules_${rule}_src -
-		:v2r_rules_${rule}_dst -
-		:v2r_rules_${rule}_forward -
+		:v2r_${rule}_pre_src -
+		:v2r_${rule}_src -
+		:v2r_${rule}_dst -
+		:v2r_${rule}_forward -
 		$(v2r_rules_iptchains_mkprerules "$proto")
-		-A v2r_rules_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
-		-A v2r_rules_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-mark 0x539
-		-A v2r_rules_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
-		-A v2r_rules_${rule}_pre_src -m set --match-set ss_rules_dst_bypass dst -j RETURN
-		-A v2r_rules_${rule}_pre_src -m mark --mark 0x539 -j RETURN
-		-A v2r_rules_${rule}_dst -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
-		-A v2r_rules_${rule}_dst -m set --match-set ss_rules_dst_bypass dst -j RETURN
-		-A v2r_rules_${rule}_pre_src -p $proto $o_ipt_extra -j v2r_rules_${rule}_src
-		-A v2r_rules_${rule}_src -m set --match-set ss_rules_src_bypass src -j RETURN
-		-A v2r_rules_${rule}_src -m set --match-set ss_rules_src_forward src -j v2r_rules_${rule}_forward
-		-A v2r_rules_${rule}_src -m set --match-set ss_rules_src_checkdst src -j v2r_rules_${rule}_dst
-		-A v2r_rules_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default"
-		-A v2r_rules_${rule}_dst -m set --match-set ss_rules_dst_forward dst -j v2r_rules_${rule}_forward
+		-A v2r_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
+		-A v2r_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-mark 0x539
+		-A v2r_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
+		-A v2r_${rule}_pre_src -m set --match-set ss_rules_dst_bypass dst -j RETURN
+		-A v2r_${rule}_pre_src -m mark --mark 0x539 -j RETURN
+		-A v2r_${rule}_dst -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
+		-A v2r_${rule}_dst -m set --match-set ss_rules_dst_bypass dst -j RETURN
+		-A v2r_${rule}_pre_src -p $proto $o_ipt_extra -j v2r_${rule}_src
+		-A v2r_${rule}_src -m set --match-set ss_rules_src_bypass src -j RETURN
+		-A v2r_${rule}_src -m set --match-set ss_rules_src_forward src -j v2r_${rule}_forward
+		-A v2r_${rule}_src -m set --match-set ss_rules_src_checkdst src -j v2r_${rule}_dst
+		-A v2r_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default"
+		-A v2r_${rule}_dst -m set --match-set ss_rules_dst_forward dst -j v2r_${rule}_forward
 		$recentrst_addset_rules
-		-A v2r_rules_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default"
+		-A v2r_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default"
 		$forward_rules
 		COMMIT
 		$recentrst_mangle_rules
@@ -273,11 +273,11 @@ v2r_rules_iptchains_mkprerules() {
 	local proto="$1"
 
 	if [ -z "$o_ifnames" ]; then
-		echo "-I PREROUTING 1 -p $proto -j v2r_rules_${rule}_pre_src"
+		echo "-I PREROUTING 1 -p $proto -j v2r_${rule}_pre_src"
 	else
 		echo $o_ifnames \
 			| tr ' ' '\n' \
-			| sed "s/.*/-I PREROUTING 1 -i \\0 -p $proto -j v2r_rules_${rule}_pre_src/"
+			| sed "s/.*/-I PREROUTING 1 -i \\0 -p $proto -j v2r_${rule}_pre_src/"
 	fi
 }