Fix omr-bypass

2025-02-15 03:51:51 +00:00 · 2018-10-24 00:29:33 +02:00 · 2018-10-24 00:29:33 +02:00 · a04ddd099c
commit a04ddd099c
parent 4820cfe7e2
1 changed files with 32 additions and 8 deletions
--- a/luci-app-omr-bypass/root/etc/init.d/omr-bypass
+++ b/luci-app-omr-bypass/root/etc/init.d/omr-bypass
@ -57,7 +57,7 @@ _bypass_proto() {
 		EOF
 		ip6tables-restore --wait=60  --noflush <<-EOF
 		*mangle
-		-A omr-bypass-dpi -m ndpi --$proto -j MARK --set-mark 0x539
+		-A omr-bypass-dpi -m ndpi --$proto -j MARK --set-mark 0x6539
 		COMMIT
 		EOF
 	else
@ -68,7 +68,7 @@ _bypass_proto() {
 		EOF
 		ip6tables-restore --wait=60  --noflush <<-EOF
 		*mangle
-		-A omr-bypass-dpi -m ndpi --$proto -j MARK --set-mark 0x539$intfid
+		-A omr-bypass-dpi -m ndpi --$proto -j MARK --set-mark 0x6539$intfid
 		COMMIT
 		EOF
 	fi
@ -89,7 +89,7 @@ _intf_rule() {
 	create omr_rules6_dst_bypass_$intf hash:net family inet6 hashsize 64
 	EOF
 	ip rule add prio 1 fwmark 0x539$count lookup $count > /dev/null 2>&1
-	ip -6 rule add prio 1 fwmark 0x539$count lookup $count > /dev/null 2>&1
+	ip -6 rule add prio 1 fwmark 0x6539$count lookup $count > /dev/null 2>&1
 	if [ "$(iptables -w 40 -t mangle -L | grep omr_rules_dst_bypass_$intf)" = "" ]; then
 		iptables-restore --wait=60 --noflush <<-EOF
 		*mangle
@ -104,7 +104,7 @@ _intf_rule() {
 		-I ss_rules_dst 1 -m set --match-set omr_rules_dst_bypass_$intf dst -j RETURN
 		-I ss_rules_local_out 1 -m set --match-set omr_rules_dst_bypass_$intf dst -j RETURN
 		-I ss_rules_local_out 2 -m mark --mark 0x539$count -j RETURN
-		-I ss_rules_pre_src 1 -m set --match-set omr_rules_dst_bypass_$intf dst -j MARK --set-xmark 0x539$count
+		-I ss_rules_pre_src 1 -m set --match-set omr_rules_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
 		-I ss_rules_pre_src 2 -m set --match-set omr_rules_dst_bypass_$intf dst -j RETURN
 		-I ss_rules_pre_src 3 -m mark --mark 0x539$count -j RETURN
 		COMMIT
@ -113,7 +113,7 @@ _intf_rule() {
 	if [ "$(ip6tables -w 40 -t mangle -L | grep omr_rules6_dst_bypass_$intf)" = "" ]; then
 		ip6tables-restore --wait=60 --noflush <<-EOF
 		*mangle
-		-I PREROUTING 1 -m set --match-set omr_rules6_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
+		-I PREROUTING 1 -m set --match-set omr_rules6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
 		COMMIT
 		EOF
 	fi
@ -123,7 +123,7 @@ _intf_rule() {
 		-I ss_rules6_dst 1 -m set --match-set omr_rules6_dst_bypass_$intf dst -j RETURN
 		-I ss_rules6_local_out 1 -m set --match-set omr_rules6_dst_bypass_$intf dst -j RETURN
 		-I ss_rules6_local_out 2 -m mark --mark 0x539$count -j RETURN
-		-I ss_rules6_pre_src 1 -m set --match-set omr_rules6_dst_bypass_$intf dst -j MARK --set-xmark 0x539$count
+		-I ss_rules6_pre_src 1 -m set --match-set omr_rules6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
 		-I ss_rules6_pre_src 2 -m set --match-set omr_rules6_dst_bypass_$intf dst -j RETURN
 		-I ss_rules6_pre_src 3 -m mark --mark 0x539$count -j RETURN
 		COMMIT
@ -163,7 +163,7 @@ start_service() {
 	/etc/init.d/dnsmasq reload

 	ip rule add prio 1 fwmark 0x539 lookup 991337 > /dev/null 2>&1
-	ip -6 rule add prio 1 fwmark 0x539 lookup 991337 > /dev/null 2>&1
+	ip -6 rule add prio 1 fwmark 0x6539 lookup 991337 > /dev/null 2>&1

 	if [ "$(iptables -w 40 -t mangle -L | grep 'match-set omr_rules_dst_bypass_all dst MARK set')" = "" ]; then
 		iptables-restore --wait=60 --noflush <<-EOF
@ -172,10 +172,34 @@ start_service() {
 		COMMIT
 		EOF
 	fi
+	if [ "$(iptables -w 40 -t nat -L | grep ss_rules_pre_src)" != "" ] && [ "$(iptables -w 40 -t nat -L | grep omr_rules_dst_bypass_all)" = "" ]; then
+		iptables-restore --wait=60 --noflush <<-EOF
+		*nat
+		-I ss_rules_dst 1 -m set --match-set omr_rules_dst_bypass_all dst -j RETURN
+		-I ss_rules_local_out 1 -m set --match-set omr_rules_dst_bypass_all dst -j RETURN
+		-I ss_rules_local_out 2 -m mark --mark 0x539 -j RETURN
+		-I ss_rules_pre_src 1 -m set --match-set omr_rules_dst_bypass_all dst -j MARK --set-mark 0x539
+		-I ss_rules_pre_src 2 -m set --match-set omr_rules_dst_bypass_all dst -j RETURN
+		-I ss_rules_pre_src 3 -m mark --mark 0x539 -j RETURN
+		COMMIT
+		EOF
+	fi
 	if [ "$(ip6tables -w 40 -t mangle -L | grep 'match-set omr_rules6_dst_bypass_all dst MARK set')" = "" ]; then
 		ip6tables-restore --wait=60 --noflush <<-EOF
 		*mangle
-		-A PREROUTING -m set --match-set omr_rules6_dst_bypass_all dst -j MARK --set-mark 0x539
+		-A PREROUTING -m set --match-set omr_rules6_dst_bypass_all dst -j MARK --set-mark 0x6539
+		COMMIT
+		EOF
+	fi
+	if [ "$(ip6tables -w 40 -t nat -L | grep ss_rules6_pre_src)" != "" ] && [ "$(ip6tables -w 40 -t nat -L | grep omr_rules6_dst_bypass_all)" = "" ]; then
+		ip6tables-restore --wait=60 --noflush <<-EOF
+		*nat
+		-I ss_rules6_dst 1 -m set --match-set omr_rules6_dst_bypass_all dst -j RETURN
+		-I ss_rules6_local_out 1 -m set --match-set omr_rules6_dst_bypass_all dst -j RETURN
+		-I ss_rules6_local_out 2 -m mark --mark 0x6539 -j RETURN
+		-I ss_rules6_pre_src 1 -m set --match-set omr_rules6_dst_bypass_all dst -j MARK --set-mark 0x6539
+		-I ss_rules6_pre_src 2 -m set --match-set omr_rules6_dst_bypass_all dst -j RETURN
+		-I ss_rules6_pre_src 3 -m mark --mark 0x6539 -j RETURN
 		COMMIT
 		EOF
 	fi