mirror of
https://github.com/Ysurac/openmptcprouter-feeds.git
synced 2025-03-09 15:40:03 +00:00
Add nftables support to OMR-DSCP and separate interface and scripts
This commit is contained in:
Ycarus (Yannick Chabanois)
parent
f2a1250ccc
commit
aecc558e9d
5 changed files with 239 additions and 4 deletions
|
|
@ -1,263 +0,0 @@
|
|||
config classify
|
||||
option direction 'both'
|
||||
option proto 'icmp'
|
||||
option class 'cs7'
|
||||
option comment 'ICMP'
|
||||
|
||||
config classify
|
||||
option direction 'both'
|
||||
option proto 'udp'
|
||||
option class 'cs4'
|
||||
option src_port '53,123,5353'
|
||||
option comment 'DNS udp and NTP'
|
||||
|
||||
config classify
|
||||
option direction 'both'
|
||||
option proto 'tcp'
|
||||
option class 'cs4'
|
||||
option src_port '53,5353'
|
||||
option comment 'DNS tcp'
|
||||
|
||||
config classify
|
||||
option direction 'both'
|
||||
option proto 'tcp'
|
||||
option class 'cs4'
|
||||
option dest_port '65500'
|
||||
option comment 'OMR API'
|
||||
|
||||
config classify
|
||||
option direction 'both'
|
||||
option proto 'tcp'
|
||||
option class 'cs7'
|
||||
option dest_port '65001,65301,65401,65011'
|
||||
option comment 'OMR vpn'
|
||||
|
||||
config classify
|
||||
option direction 'both'
|
||||
option proto 'udp'
|
||||
option class 'cs7'
|
||||
option dest_port '65001,65301'
|
||||
option comment 'OMR vpn'
|
||||
|
||||
config classify
|
||||
option direction 'both'
|
||||
option proto 'tcp'
|
||||
option class 'cs6'
|
||||
option dest_port '65101,65228'
|
||||
option comment 'OMR proxy'
|
||||
|
||||
config domains
|
||||
option name 'googlevideo.com'
|
||||
option class 'cs4'
|
||||
option comment 'Youtube'
|
||||
|
||||
config domains
|
||||
option name 'nflxvideo.net'
|
||||
option class 'cs4'
|
||||
option comment 'NetFlix'
|
||||
|
||||
config domains
|
||||
option name 's3.ll.dash.row.aiv-cdn.net'
|
||||
option class 'cs4'
|
||||
option comment 'AmazonVideo'
|
||||
|
||||
config domains
|
||||
option name 'd25xi40x97liuc.cloudfront.net'
|
||||
option class 'cs4'
|
||||
option comment 'AmazonVideo'
|
||||
|
||||
config domains
|
||||
option name 'aiv-delivery.net'
|
||||
option class 'cs4'
|
||||
option comment 'AmazonVideo'
|
||||
|
||||
config domains
|
||||
option name 'fbcdn.net'
|
||||
option class 'cs4'
|
||||
option comment 'Facebook'
|
||||
|
||||
config domains
|
||||
option name 'ttvnw.net'
|
||||
option class 'cs4'
|
||||
option comment 'Twitch'
|
||||
|
||||
config domains
|
||||
option name 'vevo.com'
|
||||
option class 'cs4'
|
||||
option comment 'VeVo'
|
||||
|
||||
config domains
|
||||
option name 'audio-fa.scdn.com'
|
||||
option class 'cs4'
|
||||
option comment 'Spotify'
|
||||
|
||||
config domains
|
||||
option name 'deezer.com'
|
||||
option class 'cs4'
|
||||
option comment 'Deezer'
|
||||
|
||||
config domains
|
||||
option name 'sndcdn.com'
|
||||
option class 'cs4'
|
||||
option comment 'SoundCloud'
|
||||
|
||||
config domains
|
||||
option name 'last.fm'
|
||||
option class 'cs4'
|
||||
option comment 'last.fm'
|
||||
|
||||
config domains
|
||||
option name 'v.redd.it'
|
||||
option class 'cs4'
|
||||
option comment 'reddit videos'
|
||||
|
||||
config domains
|
||||
option name 'ttvnw.net'
|
||||
option class 'cs4'
|
||||
option comment 'twitch.tv'
|
||||
|
||||
config domains
|
||||
option name 'googletagmanager.com'
|
||||
option class 'cs2'
|
||||
option comment 'cdn'
|
||||
|
||||
config domains
|
||||
option name 'googleusercontent.com'
|
||||
option class 'cs2'
|
||||
option comment 'cdn'
|
||||
|
||||
config domains
|
||||
option name 'google.com'
|
||||
option class 'cs2'
|
||||
option comment 'cdn'
|
||||
|
||||
config domains
|
||||
option name 'fbcdn.net'
|
||||
option class 'cs2'
|
||||
option comment 'cdn'
|
||||
|
||||
config domains
|
||||
option name 'akamaihd.net'
|
||||
option class 'cs2'
|
||||
option comment 'cdn'
|
||||
|
||||
config domains
|
||||
option name 'whatsapp.net'
|
||||
option class 'cs2'
|
||||
option comment 'chat'
|
||||
|
||||
config domains
|
||||
option name 'whatsapp.com'
|
||||
option class 'cs2'
|
||||
option comment 'chat'
|
||||
|
||||
config domains
|
||||
option name 'zoom.us'
|
||||
option class 'cs2'
|
||||
option comment 'chat'
|
||||
|
||||
config domains
|
||||
option name 'googleapis.com'
|
||||
option class 'cs2'
|
||||
option comment 'cdn'
|
||||
|
||||
config domains
|
||||
option name '1e100.net'
|
||||
option class 'cs2'
|
||||
option comment 'cdn'
|
||||
|
||||
config domains
|
||||
option name 'hwcdn.net'
|
||||
option class 'cs2'
|
||||
option comment 'cdn'
|
||||
|
||||
config domains
|
||||
option name 'download.qq.com'
|
||||
option class 'cs1'
|
||||
option comment 'qq download'
|
||||
|
||||
config domains
|
||||
option name 'steamcontent.com'
|
||||
option class 'cs1'
|
||||
option comment 'Steam download'
|
||||
|
||||
config domains
|
||||
option name 'gs2.ww.prod.dl.playstation.net'
|
||||
option class 'cs1'
|
||||
option comment 'PSN download'
|
||||
|
||||
config domains
|
||||
option name 'dropbox.com'
|
||||
option class 'cs1'
|
||||
option comment 'Dropbox'
|
||||
|
||||
config domains
|
||||
option name 'dropboxstatic.com'
|
||||
option class 'cs1'
|
||||
option comment 'Dropbox'
|
||||
|
||||
config domains
|
||||
option name 'dropbox-dns.com'
|
||||
option class 'cs1'
|
||||
option comment 'Dropbox'
|
||||
|
||||
config domains
|
||||
option name 'log.getdropbox.com'
|
||||
option class 'cs1'
|
||||
option comment 'Dropbox'
|
||||
|
||||
config domains
|
||||
option name 'drive.google.com'
|
||||
option class 'cs1'
|
||||
option comment 'Google Drive'
|
||||
|
||||
config domains
|
||||
option name 'drive-thirdparty.googleusercontent.com'
|
||||
option class 'cs1'
|
||||
option comment 'Google Drive'
|
||||
|
||||
config domains
|
||||
option name 'docs.google.com'
|
||||
option class 'cs1'
|
||||
option comment 'Google Docs'
|
||||
|
||||
config domains
|
||||
option name 'docs.googleusercontent.com'
|
||||
option class 'cs1'
|
||||
option comment 'Google Docs'
|
||||
|
||||
config domains
|
||||
option name 'gvt1.com'
|
||||
option class 'cs1'
|
||||
option comment 'PlayStore Download'
|
||||
|
||||
config domains
|
||||
option name 'mmg-fna.whatsapp.net'
|
||||
option class 'cs1'
|
||||
option comment 'WhatsApp Files'
|
||||
|
||||
config domains
|
||||
option name 'upload.youtube.com'
|
||||
option class 'cs1'
|
||||
option comment 'Youtube Upload'
|
||||
|
||||
config domains
|
||||
option name 'upload.video.google.com'
|
||||
option class 'cs1'
|
||||
option comment 'Youtube Upload'
|
||||
|
||||
config domains
|
||||
option name 'windowsupdate.com'
|
||||
option class 'cs1'
|
||||
option comment 'WindowsUpdate'
|
||||
|
||||
config domains
|
||||
option name 'update.microsoft.com'
|
||||
option class 'cs1'
|
||||
option comment 'WindowsUpdate'
|
||||
|
||||
config domains
|
||||
option name 'tv.milkywan.fr'
|
||||
option class 'cs5'
|
||||
option comment 'MilkyWan TV'
|
||||
|
||||
|
|
@ -1,250 +0,0 @@
|
|||
#!/bin/sh /etc/rc.common
|
||||
# vim: set noexpandtab tabstop=4 shiftwidth=4 softtabstop=4 :
|
||||
|
||||
# shellcheck disable=SC2034
|
||||
START=90
|
||||
# shellcheck disable=SC2034
|
||||
STOP=10
|
||||
# shellcheck disable=SC2034
|
||||
USE_PROCD=1
|
||||
|
||||
# shellcheck disable=SC1091
|
||||
. /lib/functions.sh
|
||||
|
||||
if [ -f /usr/sbin/iptables-legacy ]; then
|
||||
IPTABLES="/usr/sbin/iptables-legacy"
|
||||
IP6TABLES="/usr/sbin/ip6tables-legacy"
|
||||
else
|
||||
IPTABLES="/usr/sbin/iptables"
|
||||
IP6TABLES="/usr/sbin/ip6tables"
|
||||
fi
|
||||
|
||||
# Get the lan interface name
|
||||
lan_device=
|
||||
config_load network
|
||||
config_get lan_device lan ifname
|
||||
|
||||
config_load dscp
|
||||
|
||||
_ipt4() {
|
||||
$IPTABLES -w -t mangle "$@" 2>&1 >/dev/null
|
||||
}
|
||||
_ipt6() {
|
||||
$IP6TABLES -w -t mangle "$@" 2>&1 >/dev/null
|
||||
}
|
||||
|
||||
_add_dscp_rule() {
|
||||
_ipt4 -A dscp_prerouting -p "$proto" -s "$src_ip" -d "$dest_ip" "$@" -m comment --comment "$comment" -j DSCP --set-dscp-class "$class"
|
||||
_ipt4 -A dscp_prerouting -p "$proto" -s "$src_ip" -d "$dest_ip" "$@" -m comment --comment "$comment" -j RETURN
|
||||
_ipt4 -A dscp_postrouting -p "$proto" -s "$src_ip" -d "$dest_ip" "$@" -m comment --comment "$comment" -j DSCP --set-dscp-class "$class"
|
||||
_ipt4 -A dscp_postrouting -p "$proto" -s "$src_ip" -d "$dest_ip" "$@" -m comment --comment "$comment" -j RETURN
|
||||
_ipt6 -A dscp_prerouting -p "$proto" -s "$src_ip" -d "$dest_ip" "$@" -m comment --comment "$comment" -j DSCP --set-dscp-class "$class"
|
||||
_ipt6 -A dscp_prerouting -p "$proto" -s "$src_ip" -d "$dest_ip" "$@" -m comment --comment "$comment" -j RETURN
|
||||
_ipt6 -A dscp_postrouting -p "$proto" -s "$src_ip" -d "$dest_ip" "$@" -m comment --comment "$comment" -j DSCP --set-dscp-class "$class"
|
||||
_ipt6 -A dscp_postrouting -p "$proto" -s "$src_ip" -d "$dest_ip" "$@" -m comment --comment "$comment" -j RETURN
|
||||
}
|
||||
|
||||
_add_dscp_domain() {
|
||||
domain=""; config_get domain "$1" name ""
|
||||
class=""; config_get class "$1" class ""
|
||||
[ -n "$domain" ] && [ -n "$class" ] && {
|
||||
if [ "$(uci -q get dhcp.@dnsmasq[0].ipset | grep /$domain/)" = "" ]; then
|
||||
uci -q add_list dhcp.@dnsmasq[0].ipset="/$domain/omr_dscp-$class,omr_dscp6-$class"
|
||||
else
|
||||
dnsmasqipset=$(uci -q get dhcp.@dnsmasq[0].ipset | sed 's/ /\n/g')
|
||||
for dnsipset in $dnsmasqipset; do
|
||||
if [ "$(echo $dnsipset | cut -d/ -f2)" = "$domain" ]; then
|
||||
uci -q del_list dhcp.@dnsmasq[0].ipset=$dnsipset
|
||||
uci -q add_list dhcp.@dnsmasq[0].ipset="$dnsipset,omr_dscp-$class,omr_dscp6-$class"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
}
|
||||
}
|
||||
|
||||
_add_dscp_domains_rules() {
|
||||
for class in cs0 cs1 cs2 cs3 cs4 cs5 cs6 cs7 ef; do
|
||||
ipset -q --exist restore <<-EOF
|
||||
create omr_dscp-$class hash:net hashsize 64
|
||||
create omr_dscp6-$class hash:net family inet6 hashsize 64
|
||||
EOF
|
||||
_ipt4 -A dscp_prerouting -m set --match-set omr_dscp-$class src,dst -m comment --comment "$class" -j DSCP --set-dscp-class "$class"
|
||||
_ipt4 -A dscp_prerouting -m set --match-set omr_dscp-$class src,dst -m comment --comment "$class" -j RETURN
|
||||
_ipt4 -A dscp_postrouting -m set --match-set omr_dscp-$class src,dst -m comment --comment "$class" -j DSCP --set-dscp-class "$class"
|
||||
_ipt4 -A dscp_postrouting -m set --match-set omr_dscp-$class src,dst -m comment --comment "$class" -j RETURN
|
||||
_ipt6 -A dscp_prerouting -m set --match-set omr_dscp6-$class src,dst -m comment --comment "$class" -j DSCP --set-dscp-class "$class"
|
||||
_ipt6 -A dscp_prerouting -m set --match-set omr_dscp6-$class src,dst -m comment --comment "$class" -j RETURN
|
||||
_ipt6 -A dscp_postrouting -m set --match-set omr_dscp6-$class src,dst -m comment --comment "$class" -j DSCP --set-dscp-class "$class"
|
||||
_ipt6 -A dscp_postrouting -m set --match-set omr_dscp6-$class src,dst -m comment --comment "$class" -j RETURN
|
||||
done
|
||||
}
|
||||
|
||||
_add_dscp_rules() {
|
||||
proto="" ; config_get proto "$1" proto all
|
||||
src_ip="" ; config_get src_ip "$1" src_ip 0.0.0.0/0
|
||||
src_port="" ; config_get src_port "$1" src_port 0:65535
|
||||
dest_ip="" ; config_get dest_ip "$1" dest_ip 0.0.0.0/0
|
||||
dest_port="" ; config_get dest_port "$1" dest_port 0:65535
|
||||
class="" ; config_get class "$1" class
|
||||
direction="" ; config_get direction "$1" direction "upload"
|
||||
comment="" ; config_get comment "$1" comment "-"
|
||||
|
||||
src_port="$(echo $src_port | sed 's/-/:/g')"
|
||||
dest_port="$(echo $dest_port | sed 's/-/:/g')"
|
||||
case "$direction" in
|
||||
upload|both)
|
||||
# Apply the rule locally
|
||||
case "$proto" in
|
||||
tcp|udp)
|
||||
_add_dscp_rule -m multiport --sports "$src_port" -m multiport --dports "$dest_port"
|
||||
;;
|
||||
*)
|
||||
_add_dscp_rule
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
download|both)
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
_add_prerouting_chain() {
|
||||
_ipt4 -N "$1"
|
||||
_ipt4 -I PREROUTING -i "$lan_device" -j "$1"
|
||||
_ipt6 -N "$1"
|
||||
_ipt6 -I PREROUTING -i "$lan_device" -j "$1"
|
||||
}
|
||||
|
||||
_add_postrouting_chain() {
|
||||
_ipt4 -N "$1"
|
||||
_ipt4 -I POSTROUTING -j "$1"
|
||||
_ipt6 -N "$1"
|
||||
_ipt6 -I POSTROUTING -j "$1"
|
||||
}
|
||||
|
||||
_add_fwmark_chain() {
|
||||
_ipt4 -N dscp_mark
|
||||
_ipt4 -A PREROUTING -i "$lan_device" -j dscp_mark
|
||||
_ipt4 -A POSTROUTING -j dscp_mark
|
||||
_ipt6 -N dscp_mark
|
||||
_ipt6 -A PREROUTING -i "$lan_device" -j dscp_mark
|
||||
_ipt6 -A POSTROUTING -j dscp_mark
|
||||
for class in cs4 cs5 cs6 cs7; do
|
||||
# xtun (hex) -> 0x7874756e
|
||||
_ipt4 -A dscp_mark \
|
||||
-m comment --comment "$class" \
|
||||
-m dscp --dscp-class "$class" \
|
||||
-j MARK --set-mark 0x7874756e
|
||||
_ipt6 -A dscp_mark \
|
||||
-m comment --comment "$class" \
|
||||
-m dscp --dscp-class "$class" \
|
||||
-j MARK --set-mark 0x7874756e
|
||||
done
|
||||
}
|
||||
|
||||
_add_dscp_output_chain() {
|
||||
_ipt4 -N dscp_output
|
||||
_ipt4 -I OUTPUT -j dscp_output
|
||||
_ipt6 -N dscp_output
|
||||
_ipt6 -I OUTPUT -j dscp_output
|
||||
}
|
||||
|
||||
_remove_prerouting_chain() {
|
||||
_ipt4 -F "$1" 2>/dev/null || return
|
||||
_ipt4 -D PREROUTING -i "$lan_device" -j "$1"
|
||||
_ipt4 -X "$1" 2>/dev/null
|
||||
_ipt6 -F "$1" 2>/dev/null || return
|
||||
_ipt6 -D PREROUTING -i "$lan_device" -j "$1"
|
||||
_ipt6 -X "$1" 2>/dev/null
|
||||
}
|
||||
|
||||
_remove_postrouting_chain() {
|
||||
_ipt4 -F "$1" 2>/dev/null || return
|
||||
_ipt4 -D POSTROUTING -j "$1"
|
||||
_ipt4 -X "$1" 2>/dev/null
|
||||
_ipt6 -F "$1" 2>/dev/null || return
|
||||
_ipt6 -D POSTROUTING -j "$1"
|
||||
_ipt6 -X "$1" 2>/dev/null
|
||||
}
|
||||
|
||||
_remove_output_chain() {
|
||||
_ipt4 -F "$1" 2>/dev/null || return
|
||||
_ipt4 -D OUTPUT -j "$1"
|
||||
_ipt4 -X "$1" 2>/dev/null
|
||||
_ipt6 -F "$1" 2>/dev/null || return
|
||||
_ipt6 -D OUTPUT -j "$1"
|
||||
_ipt6 -X "$1" 2>/dev/null
|
||||
}
|
||||
|
||||
_remove_ipset_dnsmasq() {
|
||||
#dnsmasqipset=$(uci -q get dhcp.@dnsmasq[0].ipset | sed 's/ /\n/g' | grep -v omr_dscp)
|
||||
# Remove DSCP ipset in DNSMASQ and keep others
|
||||
dnsmasqipset=$(uci -q get dhcp.@dnsmasq[0].ipset | sed 's/ /\n/g')
|
||||
uci -q delete dhcp.@dnsmasq[0].ipset
|
||||
if [ -n "$dnsmasqipset" ]; then
|
||||
for dnsipset in $dnsmasqipset; do
|
||||
ipsets=""
|
||||
allipsets=$(echo $dnsipset | cut -d/ -f3 | sed 's/,/\n/g')
|
||||
for ipset in $allipsets; do
|
||||
[ "$(echo $ipset | grep -v omr_dscp)" != "" ] && {
|
||||
[ "$ipsets" != "" ] && ipsets="$ipsets,$ipset"
|
||||
[ "$ipsets" = "" ] && ipsets="$ipset"
|
||||
}
|
||||
done
|
||||
if [ "$ipsets" != "" ]; then
|
||||
resultipset="/$(echo $dnsipset | cut -d/ -f2)/$ipsets"
|
||||
uci -q add_list dhcp.@dnsmasq[0].ipset=$resultipset
|
||||
fi
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
||||
_setup_tunnel() {
|
||||
# Mark the packets to route through xtun0
|
||||
_add_fwmark_chain
|
||||
# tun0: cs0 (default)
|
||||
# xtun0: cs6
|
||||
_ipt4 -A dscp_output -o "tun0" -j DSCP --set-dscp-class cs6
|
||||
_ipt6 -A dscp_output -o "tun0" -j DSCP --set-dscp-class cs6
|
||||
}
|
||||
|
||||
_cleanup() {
|
||||
_remove_prerouting_chain dscp_prerouting
|
||||
_remove_prerouting_chain dscp_mark
|
||||
_remove_postrouting_chain dscp_postrouting
|
||||
_remove_postrouting_chain dscp_mark
|
||||
_remove_output_chain dscp_output
|
||||
_remove_ipset_dnsmasq
|
||||
uci -q commit dhcp
|
||||
}
|
||||
|
||||
start_service() {
|
||||
# Cleanup
|
||||
_cleanup
|
||||
|
||||
# Add chains
|
||||
_add_prerouting_chain dscp_prerouting
|
||||
_add_postrouting_chain dscp_postrouting
|
||||
_add_dscp_output_chain
|
||||
_add_dscp_domains_rules
|
||||
|
||||
# Setup the tunnels dscp / marks
|
||||
_setup_tunnel
|
||||
|
||||
# Add rules base on the user configuration
|
||||
config_foreach _add_dscp_rules classify
|
||||
config_foreach _add_dscp_domain domains
|
||||
uci -q commit dhcp
|
||||
}
|
||||
|
||||
stop_service() {
|
||||
_cleanup
|
||||
}
|
||||
|
||||
reload_service() {
|
||||
start
|
||||
}
|
||||
|
||||
service_triggers() {
|
||||
procd_add_reload_trigger dscp glorytun
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue