mptcp/openmptcprouter-feeds
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-feeds.git synced 2025-03-09 15:40:03 +00:00
Code Issues Releases Wiki Activity

Update v2ray support

Browse source
This commit is contained in:
Ycarus (Yannick Chabanois) 2020-09-04 22:00:21 +02:00
parent a01f0d0ec5
commit 96eebe07cb
3 changed files with 91 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

53
v2ray-core/files/etc/init.d/v2ray
View file

@ -7,6 +7,7 @@
START=99 START=99
USE_PROCD=1 USE_PROCD=1
EXTRA_COMMANDS="rules_up rules_down rules_exist"
NAME=v2ray NAME=v2ray
CONFIG_FOLDER=/var/etc/$NAME CONFIG_FOLDER=/var/etc/$NAME
@ -278,7 +279,7 @@ inbound_section_validate() {
'ss_tls_allow_insecure_ciphers:bool:0' \ 'ss_tls_allow_insecure_ciphers:bool:0' \
'ss_tls_disable_system_root:bool:0' \ 'ss_tls_disable_system_root:bool:0' \
'ss_tls_cert_usage:or("encipherment", "verify", "issue")' \ 'ss_tls_cert_usage:or("encipherment", "verify", "issue")' \
'ss_tls_cert_fiile:string' \ 'ss_tls_cert_file:string' \
'ss_tls_key_file:string' \ 'ss_tls_key_file:string' \
'ss_tcp_header_type:or("none", "http")' \ 'ss_tcp_header_type:or("none", "http")' \
'ss_tcp_header_request_version:string' \ 'ss_tcp_header_request_version:string' \
@ -364,7 +365,7 @@ outbound_section_validate() {
'ss_tls_allow_insecure_ciphers:bool:0' \ 'ss_tls_allow_insecure_ciphers:bool:0' \
'ss_tls_disable_system_root:bool:0' \ 'ss_tls_disable_system_root:bool:0' \
'ss_tls_cert_usage:or("encipherment", "verify", "issue")' \ 'ss_tls_cert_usage:or("encipherment", "verify", "issue")' \
'ss_tls_cert_fiile:string' \ 'ss_tls_cert_file:string' \
'ss_tls_key_file:string' \ 'ss_tls_key_file:string' \
'ss_tcp_header_type:or("none", "http")' \ 'ss_tcp_header_type:or("none", "http")' \
'ss_tcp_header_request_version:string' \ 'ss_tcp_header_request_version:string' \
@ -410,7 +411,7 @@ add_v2ray_redirect_rules() {
local ipset_dst_direct="$IPSET_DST_DIRECT_V4" local ipset_dst_direct="$IPSET_DST_DIRECT_V4"
test -n "$port" || return test -n "$port" || return
logger -t "v2ray" "v2ray-rules -l ${port} -L ${port} -s $OUTBOUND_SERVERS_V4 --rule-name def --src-default forward --dst-default forward --local-default forward" #logger -t "v2ray" "v2ray-rules -l ${port} -L ${port} -s $OUTBOUND_SERVERS_V4 --rule-name def --src-default forward --dst-default forward --local-default forward"
v2ray-rules -l ${port} -L ${port} -s $OUTBOUND_SERVERS_V4 --rule-name def --src-default forward --dst-default forward --local-default forward v2ray-rules -l ${port} -L ${port} -s $OUTBOUND_SERVERS_V4 --rule-name def --src-default forward --dst-default forward --local-default forward
} }
@ -1076,10 +1077,10 @@ add_inbound_setting() {
json_add_boolean "disableSystemRoot" "$ss_tls_disable_system_root" json_add_boolean "disableSystemRoot" "$ss_tls_disable_system_root"
json_add_array "certificates" json_add_array "certificates"
if [ -n "$ss_tls_cert_fiile" ] ; then if [ -n "$ss_tls_cert_file" ] ; then
json_add_object "" json_add_object ""
json_add_string "certificateFile" "$ss_tls_cert_fiile" json_add_string "certificateFile" "$ss_tls_cert_file"
json_add_string "keyFile" "$ss_tls_key_file" json_add_string "keyFile" "$ss_tls_key_file"
test -n "$ss_tls_cert_usage" && \ test -n "$ss_tls_cert_usage" && \
json_add_string "usage" "$ss_tls_cert_usage" json_add_string "usage" "$ss_tls_cert_usage"
@ -1534,9 +1535,9 @@ add_outbound_setting() {
json_add_boolean "disableSystemRoot" "$ss_tls_disable_system_root" json_add_boolean "disableSystemRoot" "$ss_tls_disable_system_root"
json_add_array "certificates" json_add_array "certificates"
if [ -n "$ss_tls_cert_fiile" ] ; then if [ -n "$ss_tls_cert_file" ] ; then
json_add_object "" json_add_object ""
json_add_string "certificateFile" "$ss_tls_cert_fiile" json_add_string "certificateFile" "$ss_tls_cert_file"
json_add_string "keyFile" "$ss_tls_key_file" json_add_string "keyFile" "$ss_tls_key_file"
test -n "$ss_tls_cert_usage" && \ test -n "$ss_tls_cert_usage" && \
json_add_string "usage" "$ss_tls_cert_usage" json_add_string "usage" "$ss_tls_cert_usage"
@ -2069,6 +2070,44 @@ start_instance() {
procd_close_instance procd_close_instance
} }
rules_exist() {
[ -n "$(iptables -t nat -L -n | grep v2r)" ] && return 0
return 1
}
rules_up() {
rules_exist && return 0
enabled="0"
config_load v2ray
config_get enabled main enabled "0"
[ "$enabled" = "0" ] && return
logger -t "V2Ray" "Rules UP"
[ -x "$bin" ] && {
"$bin" >/dev/null 2>&1
}
local bin6="/usr/bin/v2ray-rules6"
[ -x "$bin6" ] && {
"$bin6" >/dev/null 2>&1
}
[ -f /etc/init.d/omr-bypass ] && {
logger -t "V2Ray" "Reload omr-bypass rules"
/etc/init.d/omr-bypass reload_rules
}
}
rules_down() {
rules_exist || return 0
logger -t "V2Ray" "Rules DOWN"
local bin="/usr/bin/v2ray-rules"
[ -x "$bin" ] && {
"$bin" -f >/dev/null 2>&1
}
local bin6="/usr/bin/v2ray-rules6"
[ -x "$bin6" ] && {
"$bin6" -f >/dev/null 2>&1
}
}
start_service() { start_service() {
clear_transparent_proxy clear_transparent_proxy

10
v2ray-core/files/etc/uci-defaults/3010-omr-v2ray
View file

@ -12,6 +12,7 @@ if [ -z "$(uci -q get v2ray.main2)" ]; then
set v2ray.main.enabled='0' set v2ray.main.enabled='0'
set v2ray.main.outbounds='omrout' set v2ray.main.outbounds='omrout'
set v2ray.main.inbounds='omr' set v2ray.main.inbounds='omr'
add_list v2ray.main.inbounds='omrtest'
set v2ray.main_dns=dns set v2ray.main_dns=dns
set v2ray.main_dns.hosts='example.com|127.0.0.1' set v2ray.main_dns.hosts='example.com|127.0.0.1'
set v2ray.main_dns.enabled='0' set v2ray.main_dns.enabled='0'
@ -56,6 +57,7 @@ if [ -z "$(uci -q get v2ray.main2)" ]; then
set v2ray.omrout.ss_tls_allow_insecure='1' set v2ray.omrout.ss_tls_allow_insecure='1'
set v2ray.omrout.ss_tls_disable_system_root='1' set v2ray.omrout.ss_tls_disable_system_root='1'
set v2ray.omrout.ss_tls_cert_usage='verify' set v2ray.omrout.ss_tls_cert_usage='verify'
set v2ray.omrout.ss_tls_cert_file='/etc/luci-uploads/client.crt'
set v2ray.omrout.ss_tls_key_file='/etc/luci-uploads/client.key' set v2ray.omrout.ss_tls_key_file='/etc/luci-uploads/client.key'
set v2ray.omrout.mux_concurrency='8' set v2ray.omrout.mux_concurrency='8'
set v2ray.omr=inbound set v2ray.omr=inbound
@ -68,6 +70,14 @@ if [ -z "$(uci -q get v2ray.main2)" ]; then
set v2ray.omr.ss_sockopt_tproxy='redirect' set v2ray.omr.ss_sockopt_tproxy='redirect'
set v2ray.omr.ss_sockopt_tcp_fast_open='1' set v2ray.omr.ss_sockopt_tcp_fast_open='1'
set v2ray.omr.s_dokodemo_door_follow_redirect='1' set v2ray.omr.s_dokodemo_door_follow_redirect='1'
set v2ray.omrtest=inbound
set v2ray.omrtest.port='1111'
set v2ray.omrtest.protocol='socks'
set v2ray.omrtest.listen='127.0.0.1'
set v2ray.omrtest.s_socks_auth='noauth'
set v2ray.omrtest.s_socks_udp='1'
set v2ray.omrtest.s_socks_ip='127.0.0.1'
set v2ray.omrtest.s_socks_userlevel='0
commit v2ray commit v2ray
EOF EOF
fi fi

70
v2ray-core/files/usr/bin/v2ray-rules
View file

@ -188,13 +188,13 @@ v2r_rules_iptchains_init_tcp() {
iptables-restore -w --noflush <<-EOF iptables-restore -w --noflush <<-EOF
*nat *nat
:v2r_rules_${rule}_local_out - :v2r_${rule}_local_out -
-I OUTPUT 1 -p tcp -j v2r_rules_${rule}_local_out -I OUTPUT 1 -p tcp -j v2r_${rule}_local_out
-A v2r_rules_${rule}_local_out -m set --match-set ss_rules_dst_bypass dst -j RETURN -A v2r_${rule}_local_out -m set --match-set ss_rules_dst_bypass dst -j RETURN
-A v2r_rules_${rule}_local_out -m set --match-set ss_rules_dst_bypass_all dst -j RETURN -A v2r_${rule}_local_out -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
-A v2r_rules_${rule}_local_out -m set --match-set ss_rules_dst_bypass_ dst -j RETURN -A v2r_${rule}_local_out -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
-A v2r_rules_${rule}_local_out -m mark --mark 0x539 -j RETURN -A v2r_${rule}_local_out -m mark --mark 0x539 -j RETURN
-A v2r_rules_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default" -A v2r_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
COMMIT COMMIT
EOF EOF
} }
@ -213,56 +213,56 @@ v2r_rules_iptchains_init_() {
case "$proto" in case "$proto" in
tcp) tcp)
forward_rules="-A v2r_rules_${rule}_forward -p tcp -j REDIRECT --to-ports $o_redir_tcp_port" forward_rules="-A v2r_${rule}_forward -p tcp -j REDIRECT --to-ports $o_redir_tcp_port"
if [ -n "$o_dst_forward_recentrst" ]; then if [ -n "$o_dst_forward_recentrst" ]; then
recentrst_mangle_rules=" recentrst_mangle_rules="
*mangle *mangle
-I PREROUTING 1 -p tcp -m tcp --tcp-flags RST RST -m recent --name v2r_rules_recentrst --set --rsource -I PREROUTING 1 -p tcp -m tcp --tcp-flags RST RST -m recent --name v2r_recentrst --set --rsource
COMMIT COMMIT
" "
recentrst_addset_rules=" recentrst_addset_rules="
-A v2r_rules_${rule}_dst -m recent --name v2r_rules_recentrst --rcheck --rdest --seconds 3 --hitcount 3 -j SET --add-set ss_rules_dst_forward_recentrst_ dst --exist -A v2r_${rule}_dst -m recent --name v2r_recentrst --rcheck --rdest --seconds 3 --hitcount 3 -j SET --add-set ss_rules_dst_forward_recentrst_ dst --exist
-A v2r_rules_${rule}_dst -m set --match-set ss_rules_dst_forward_recentrst_ dst -j v2r_rules_${rule}_forward -A v2r_${rule}_dst -m set --match-set ss_rules_dst_forward_recentrst_ dst -j v2r_${rule}_forward
" "
fi fi
;; ;;
udp) udp)
ip rule add fwmark 1 lookup 100 ip rule add fwmark 1 lookup 100
ip route add local default dev lo table 100 ip route add local default dev lo table 100
forward_rules="-A v2r_rules_${rule}_forward -p udp -j TPROXY --on-port "$o_redir_udp_port" --tproxy-mark 0x01/0x01" forward_rules="-A v2r_${rule}_forward -p udp -j TPROXY --on-port "$o_redir_udp_port" --tproxy-mark 0x01/0x01"
;; ;;
esac esac
case "$o_src_default" in case "$o_src_default" in
forward) src_default_target=v2r_rules_${rule}_forward ;; forward) src_default_target=v2r_${rule}_forward ;;
checkdst) src_default_target=v2r_rules_${rule}_dst ;; checkdst) src_default_target=v2r_${rule}_dst ;;
bypass|*) src_default_target=RETURN ;; bypass|*) src_default_target=RETURN ;;
esac esac
case "$o_dst_default" in case "$o_dst_default" in
forward) dst_default_target=v2r_rules_${rule}_forward ;; forward) dst_default_target=v2r_${rule}_forward ;;
bypass|*) dst_default_target=RETURN ;; bypass|*) dst_default_target=RETURN ;;
esac esac
sed -e '/^\s*$/d' -e 's/^\s\+//' <<-EOF | iptables-restore -w --noflush sed -e '/^\s*$/d' -e 's/^\s\+//' <<-EOF | iptables-restore -w --noflush
*$table *$table
:v2r_rules_${rule}_pre_src - :v2r_${rule}_pre_src -
:v2r_rules_${rule}_src - :v2r_${rule}_src -
:v2r_rules_${rule}_dst - :v2r_${rule}_dst -
:v2r_rules_${rule}_forward - :v2r_${rule}_forward -
$(v2r_rules_iptchains_mkprerules "$proto") $(v2r_rules_iptchains_mkprerules "$proto")
-A v2r_rules_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_ dst -j RETURN -A v2r_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
-A v2r_rules_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-mark 0x539 -A v2r_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-mark 0x539
-A v2r_rules_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j RETURN -A v2r_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
-A v2r_rules_${rule}_pre_src -m set --match-set ss_rules_dst_bypass dst -j RETURN -A v2r_${rule}_pre_src -m set --match-set ss_rules_dst_bypass dst -j RETURN
-A v2r_rules_${rule}_pre_src -m mark --mark 0x539 -j RETURN -A v2r_${rule}_pre_src -m mark --mark 0x539 -j RETURN
-A v2r_rules_${rule}_dst -m set --match-set ss_rules_dst_bypass_all dst -j RETURN -A v2r_${rule}_dst -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
-A v2r_rules_${rule}_dst -m set --match-set ss_rules_dst_bypass dst -j RETURN -A v2r_${rule}_dst -m set --match-set ss_rules_dst_bypass dst -j RETURN
-A v2r_rules_${rule}_pre_src -p $proto $o_ipt_extra -j v2r_rules_${rule}_src -A v2r_${rule}_pre_src -p $proto $o_ipt_extra -j v2r_${rule}_src
-A v2r_rules_${rule}_src -m set --match-set ss_rules_src_bypass src -j RETURN -A v2r_${rule}_src -m set --match-set ss_rules_src_bypass src -j RETURN
-A v2r_rules_${rule}_src -m set --match-set ss_rules_src_forward src -j v2r_rules_${rule}_forward -A v2r_${rule}_src -m set --match-set ss_rules_src_forward src -j v2r_${rule}_forward
-A v2r_rules_${rule}_src -m set --match-set ss_rules_src_checkdst src -j v2r_rules_${rule}_dst -A v2r_${rule}_src -m set --match-set ss_rules_src_checkdst src -j v2r_${rule}_dst
-A v2r_rules_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default" -A v2r_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default"
-A v2r_rules_${rule}_dst -m set --match-set ss_rules_dst_forward dst -j v2r_rules_${rule}_forward -A v2r_${rule}_dst -m set --match-set ss_rules_dst_forward dst -j v2r_${rule}_forward
$recentrst_addset_rules $recentrst_addset_rules
-A v2r_rules_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default" -A v2r_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default"
$forward_rules $forward_rules
COMMIT COMMIT
$recentrst_mangle_rules $recentrst_mangle_rules
@ -273,11 +273,11 @@ v2r_rules_iptchains_mkprerules() {
local proto="$1" local proto="$1"
if [ -z "$o_ifnames" ]; then if [ -z "$o_ifnames" ]; then
echo "-I PREROUTING 1 -p $proto -j v2r_rules_${rule}_pre_src" echo "-I PREROUTING 1 -p $proto -j v2r_${rule}_pre_src"
else else
echo $o_ifnames \ echo $o_ifnames \
| tr ' ' '\n' \ | tr ' ' '\n' \
| sed "s/.*/-I PREROUTING 1 -i \\0 -p $proto -j v2r_rules_${rule}_pre_src/" | sed "s/.*/-I PREROUTING 1 -i \\0 -p $proto -j v2r_${rule}_pre_src/"
fi fi
} }