Merge pull request #10 from Ysurac/develop

同步最新
2025-02-15 03:51:51 +00:00 · 2020-10-18 15:58:41 +08:00 · 2020-10-18 15:58:41 +08:00 · b2f92e3cbf
commit b2f92e3cbf
parent fccca8a8da 102b251ac1
12 changed files with 8206 additions and 42 deletions
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -32,6 +32,9 @@ jobs:
        sudo rm -f /swapfile >/dev/null 2>&1 || true
        sudo apt-get autoremove -y >/dev/null 2>&1 || true
        sudo apt-get autoclean -y >/dev/null 2>&1 || true
+        sudo rm -rf "/usr/local/share/boost" >/dev/null 2>&1 || true
+        sudo rm -rf "$AGENT_TOOLSDIRECTORY" >/dev/null 2>&1 || true
+        sudo docker rmi $(docker images -qf "dangling=true") >/dev/null 2>&1 || true
        df -h
    - name: Clone source code
      working-directory: ../../
@ -67,13 +70,6 @@ jobs:
        OMR_TARGET: ${{ matrix.OMR_TARGET }}
      run: |
        make IGNORE_ERRORS=m -C $OMR_TARGET/source package/{compile,install,index} -j$(nproc) || make IGNORE_ERRORS=m -C $OMR_TARGET/source package/{compile,install,index} -j1 V=s
-    - name: Free disk space
-      working-directory: ../../omr
-      run: |
-        df -h
-        rm -rf toolchain
-        rm -rf dl
-        df -h
    - name: Build image
      working-directory: ../../omr
      env:
--- a/luci-app-omr-bypass/root/etc/init.d/omr-bypass
+++ b/luci-app-omr-bypass/root/etc/init.d/omr-bypass
@ -342,7 +342,7 @@ _bypass_proto() {
 _intf_rule_ss_rules() {
 	rule_name=$1
 	[ "$rule_name" = "ss_rules" ] && rule_name="def"
-	if [ "$(iptables --wait=40 -t nat -L -n | grep ssr_${rule_name}_pre_src)" != "" ] && [ "$(iptables --wait=40 -t nat -L -n | grep omr_dst_bypass_$intf)" = "" ]; then
+	if [ "$(iptables --wait=40 -t nat -L -n | grep ssr_${rule_name}_pre_src)" != "" ] && [ "$(iptables --wait=40 -t nat -L -n | grep ssr | grep omr_dst_bypass_$intf)" = "" ]; then
 		iptables-restore -w --wait=60 --noflush <<-EOF
 		*nat
 		-I ssr_${rule_name}_dst 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
@ -362,7 +362,7 @@ _intf_rule_ss_rules() {
 			COMMIT
 			EOF
 		fi
-		if [ "$(ip6tables --wait=40 -t nat -L -n | grep ssr6_${rule_name}_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L -n | grep omr6_dst_bypass_$intf)" = "" ]; then
+		if [ "$(ip6tables --wait=40 -t nat -L -n | grep ssr6_${rule_name}_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L -n | grep ssr6 | grep omr6_dst_bypass_$intf)" = "" ]; then
 			ip6tables-restore -w --wait=60 --noflush <<-EOF
 			*nat
 			-I ssr6_${rule_name}_dst 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
@ -377,6 +377,45 @@ _intf_rule_ss_rules() {
 	fi
 }

+_intf_rule_v2ray_rules() {
+	#rule_name=$1
+	#[ "$rule_name" = "ss_rules" ] && rule_name="def"
+	rule_name="def"
+	if [ "$(iptables --wait=40 -t nat -L -n | grep v2r_${rule_name}_pre_src)" != "" ] && [ "$(iptables --wait=40 -t nat -L -n | grep v2r | grep omr_dst_bypass_$intf)" = "" ]; then
+		iptables-restore -w --wait=60 --noflush <<-EOF
+		*nat
+		-I v2r_${rule_name}_dst 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
+		-I v2r_${rule_name}_dst 2 -m mark --mark 0x539$count -j RETURN
+		-I v2r_${rule_name}_local_out 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
+		-I v2r_${rule_name}_local_out 2 -m mark --mark 0x539$count -j RETURN
+		-I v2r_${rule_name}_pre_src 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
+		-I v2r_${rule_name}_pre_src 2 -m mark --mark 0x539$count -j RETURN
+		COMMIT
+		EOF
+	fi
+	if [ "$disableipv6" != "1" ]; then
+		if [ "$(ip6tables --wait=40 -t mangle -L -n | grep omr6_dst_bypass_$intf)" = "" ]; then
+			ip6tables-restore -w --wait=60 --noflush <<-EOF
+			*mangle
+			-I omr-bypass6 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
+			COMMIT
+			EOF
+		fi
+		if [ "$(ip6tables --wait=40 -t nat -L -n | grep v2r6_${rule_name}_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L -n | grep v2r6 | grep omr6_dst_bypass_$intf)" = "" ]; then
+			ip6tables-restore -w --wait=60 --noflush <<-EOF
+			*nat
+			-I v2r6_${rule_name}_dst 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
+			-I v2r6_${rule_name}_dst 2 -m mark --mark 0x6539$count -j RETURN
+			-I v2r6_${rule_name}_local_out 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
+			-I v2r6_${rule_name}_local_out 2 -m mark --mark 0x6539$count -j RETURN
+			-I v2r6_${rule_name}_pre_src 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
+			-I v2r6_${rule_name}_pre_src 2 -m mark --mark 0x6539$count -j RETURN
+			COMMIT
+			EOF
+		fi
+	fi
+}
+
 _intf_rule() {
 	local intf
 	config_get intf $1 ifname
@ -425,6 +464,7 @@ _intf_rule() {
 	fi
 	config_load shadowsocks-libev
 	config_foreach _intf_rule_ss_rules ss_rules
+	_intf_rule_v2ray_rules

 	uci -q set omr-bypass.$intf=interface
 	uci -q set omr-bypass.$intf.id=$count
@ -507,6 +547,45 @@ _ss_rules_config() {
 	fi
 }

+_v2ray_rules_config() {
+	#rule_name=$1
+	#[ "$rule_name" = "ss_rules" ] && rule_name="def"
+	rule_name="def"
+	if [ "$(iptables --wait=40 -t nat -L -n | grep v2r_${rule_name}_pre_src)" != "" ] && [ "$(iptables --wait=40 -t nat -L -n | grep omr_dst_bypass_all)" = "" ]; then
+		iptables-restore -w --wait=60 --noflush <<-EOF
+		*nat
+		-I v2r_${rule_name}_dst 1 -m set --match-set omr_dst_bypass_all dst -j  MARK --set-mark 0x539
+		-I v2r_${rule_name}_dst 1 -m mark --mark 0x539 -j RETURN
+		-I v2r_${rule_name}_local_out 1 -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539
+		-I v2r_${rule_name}_local_out 2 -m mark --mark 0x539 -j RETURN
+		-I v2r_${rule_name}_pre_src 1 -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539
+		-I v2r_${rule_name}_pre_src 2 -m mark --mark 0x539 -j RETURN
+		COMMIT
+		EOF
+	fi
+	if [ "$disableipv6" != "1" ]; then
+		if [ "$(ip6tables --wait=40 -t mangle -L -n | grep 'match-set omr6_dst_bypass_all dst MARK set')" = "" ]; then
+			ip6tables-restore -w --wait=60 --noflush <<-EOF
+			*mangle
+			-A omr-bypass6 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
+			COMMIT
+			EOF
+		fi
+		if [ "$(ip6tables --wait=40 -t nat -L -n | grep v2r6_${rule_name}_pre_src)" != "" ] && [ "$(ip6tables --wait=40 -t nat -L -n | grep omr6_dst_bypass_all)" = "" ]; then
+			ip6tables-restore -w --wait=60 --noflush <<-EOF
+			*nat
+			-I v2r6_${rule_name}_dst 1 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
+			-I v2r6_${rule_name}_dst 1 -m mark --mark 0x6539 -j RETURN
+			-I v2r6_${rule_name}_local_out 1 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
+			-I v2r6_${rule_name}_local_out 2 -m mark --mark 0x6539 -j RETURN
+			-I v2r6_${rule_name}_pre_src 1 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
+			-I v2r6_${rule_name}_pre_src 2 -m mark --mark 0x6539 -j RETURN
+			COMMIT
+			EOF
+		fi
+	fi
+}
+
 boot() {
 	BOOT=1
 	start "$@"
@ -606,6 +685,7 @@ start_service() {

 	config_load shadowsocks-libev
 	config_foreach _ss_rules_config
+	_v2ray_rules_config

 	iptables-save --counters | grep -v omr-bypass-dpi | iptables-restore -w --counters
 	iptables-restore -w --wait=60  --noflush <<-EOF
--- a/luci-app-omr-bypass/root/etc/uci-defaults/41_omr-bypass
+++ b/luci-app-omr-bypass/root/etc/uci-defaults/41_omr-bypass
@ -52,14 +52,15 @@ fi
 if [ "$(uci -q get ucitrack.@shadowsocks-libev[-1].affects | grep omr-bypass)" != "" ]; then
 	uci -q batch <<-EOF >/dev/null
 		del_list ucitrack.@shadowsocks-libev[-1].affects=omr-bypass
+		commit ucitrack
 	EOF
 fi

-if [ "$(uci -q get firewall.omr-bypass)" = "" ]; then
+if [ "$(uci -q get firewall.omr_bypass)" = "" ]; then
 	uci -q batch <<-EOF >/dev/null
-		set firewall.omr-bypass=include
-		set firewall.omr-bypass.path=/etc/firewall.omr-bypass
-		set firewall.omr-bypass.reload=1
+		set firewall.omr_bypass=include
+		set firewall.omr_bypass.path=/etc/firewall.omr-bypass
+		set firewall.omr_bypass.reload=1
 		commit firewall
 	EOF
 fi
--- a/luci-base/po/templates/base.pot
+++ b/luci-base/po/templates/base.pot
--- a/omr-tracker/files/etc/init.d/omr-tracker
+++ b/omr-tracker/files/etc/init.d/omr-tracker
@ -175,7 +175,7 @@ _launch_v2ray_tracker() {

 	procd_open_instance
 	# shellcheck disable=SC2086
-	procd_set_param command /bin/omr-tracker-ss "$1"
+	procd_set_param command /bin/omr-tracker-v2ray "$1"
 	procd_append_param env "OMR_TRACKER_HOSTS=$hosts"
 	procd_append_param env "OMR_TRACKER_TIMEOUT=$timeout"
 	procd_append_param env "OMR_TRACKER_TRIES=$tries"
--- a/openmptcprouter-full/Makefile
+++ b/openmptcprouter-full/Makefile
@ -79,7 +79,7 @@ MY_DEPENDS := \
    kmod-rt2800-usb kmod-rtl8xxxu kmod-rtl8192cu kmod-net-rtl8192su \
    !TARGET_mvebu:luci-proto-qmi wpad-basic kmod-mt7601u kmod-rtl8187 \
    luci-app-mlvpn mlvpn 464xlat !TARGET_mvebu:kmod-usb-net-smsc75xx kmod-zram kmod-swconfig swconfig kmod-ipt-nat kmod-ipt-nat6 luci-app-https-dns-proxy kmod-tcp-nanqinlang iptables-mod-ipopt igmpproxy ss iptraf-ng \
-    luci-app-acl block-mount blockd fstools luci-app-shutdown libwebp luci-proto-gre tcptraceroute luci-proto-mbim kmod-rtl8xxxu kmod-ath9k-htc luci-app-ttyd luci-mod-dashboard (TARGET_x86||TARGET_x86_64):rtl8192eu-firmware kmod-usb2
+    luci-app-acl block-mount blockd fstools luci-app-shutdown libwebp luci-proto-gre tcptraceroute luci-proto-mbim kmod-rtl8xxxu kmod-ath9k-htc luci-app-ttyd luci-mod-dashboard (TARGET_x86||TARGET_x86_64):rtl8192eu-firmware kmod-usb2 libustream-wolfssl
 #     luci-theme-bootstrap luci-theme-openwrt-2020 luci-theme-openwrt luci-app-status
 #  luci-proto-bonding luci-app-statistics luci-proto-gre
 #    softethervpn5-client softethervpn5-server luci-app-nginx-ha
--- a/openmptcprouter/files/bin/tcpping
+++ b/openmptcprouter/files/bin/tcpping
@ -0,0 +1,150 @@
+#!/bin/sh
+#
+# tcpping: test response times using TCP SYN packets
+#          URL: http://www.vdberg.org/~richard/tcpping.html
+#
+# uses tcptraceroute from http://michael.toren.net/code/tcptraceroute/
+#
+# (c) 2002-2005 Richard van den Berg <richard@vdberg.org> under the GPL
+#               http://www.gnu.org/copyleft/gpl.html
+#
+# 2002/12/20 v1.0 initial version
+# 2003/01/25 v1.1 added -c and -r options
+#                 now accepting all other tcptraceroute options
+# 2003/01/30 v1.2 removed double quotes around backquotes
+# 2003/03/25 v1.3 added -x option, courtesy of Alvin Austin <alvin@crlogic.com>
+# 2005/03/31 v1.4 added -C option, courtesy of Norman Rasmussen <norman@rasmussen.org>
+# 2007/01/11 v1.5 catch bad destination addresses
+# 2007/01/19 v1.6 catch non-root tcptraceroute
+# 2008/02/10 v1.7 make -C work when reverse lookup fails, courtesy of Fabrice Le Dorze <Fabrice.LeDorze@apx.fr>
+# 2010/06/04 v1.8 make -C work when ipaddress doesn't reply, courtesy of Yann Beulque
+
+
+ver="v1.8"
+format="%Y%m%d%H%M%S"
+d="no"
+c="no"
+C="no"
+ttl=255
+seq=0
+q=1
+r=1
+w=3
+topts=""
+
+usage () {
+	name=`basename $0`
+	echo "tcpping $ver Richard van den Berg <richard@vdberg.org>"
+	echo
+	echo "Usage: $name [-d] [-c] [-C] [-w sec] [-q num] [-x count] ipaddress [port]"
+	echo
+	echo "        -d   print timestamp before every result"
+	echo "        -c   print a columned result line"
+	echo "        -C   print in the same format as fping's -C option"
+	echo "        -w   wait time in seconds (defaults to 3)"
+	echo "        -r   repeat every n seconds (defaults to 1)"
+	echo "        -x   repeat n times (defaults to unlimited)"
+	echo
+	echo "See also: man tcptraceroute"
+	echo
+}
+
+_checksite() {
+	ttr=`tcptraceroute -f ${ttl} -m ${ttl} -q ${q} -w ${w} $* 2>&1`
+	if echo "${ttr}" | egrep -i "(bad destination|got roo)" >/dev/null 2>&1; then
+		echo "${ttr}"
+		exit
+	fi
+}
+	
+_testsite() {
+	myseq="${1}"
+	shift
+	[ "${c}" = "yes" ] && nows=`date +${format}`
+	[ "${d}" = "yes" ] && nowd=`date`
+	ttr=`tcptraceroute -f ${ttl} -m ${ttl} -q ${q} -w ${w} $* 2>/dev/null`
+	host=`echo "${ttr}" | awk '{print $2 " " $3}'`
+	rtt=`echo "${ttr}" | sed 's/.*] //' | awk '{print $1}'`
+	not=`echo "${rtt}" | tr -d ".0123456789"`
+	[ "${d}" = "yes" ] && echo "$nowd"
+	if [ "${c}" = "yes" ]; then
+		if [ "x${rtt}" != "x" -a "x${not}" = "x" ]; then
+			echo "$myseq $nows $rtt $host"
+		else
+			echo "$myseq $nows $max $host"
+		fi
+	elif [ "${C}" = "yes" ]; then
+		if [ "$myseq" = "0" ]; then
+			echo -n "$1 :"
+		fi
+		if [ "x${rtt}" != "x" -a "x${not}" = "x" ]; then
+			if [ $rtt != "255" ]; then
+				echo -n " $rtt"
+			else
+				echo -n " -"
+			fi
+		else
+			echo -n " -"
+		fi
+		if [ "$x" = "1" ]; then
+			echo
+		fi
+	else
+		echo "${ttr}" | sed -e "s/^.*\*.*$/seq $myseq: no response (timeout)/" -e "s/^$ttl /seq $myseq: tcp response from/"
+	fi
+#       echo "${ttr}"
+}
+
+while getopts dhq:w:cr:nNFSAEi:f:l:m:p:s:x:C opt ; do
+	case "$opt" in
+		d|c|C) eval $opt="yes" ;;
+		q|w|r|x) eval $opt="$OPTARG" ;;
+		n|N|F|S|A|E) topt="$topt -$opt" ;;
+		i|l|p|s) topt="$topt -$opt $OPTARG" ;;
+		f|m) ttl="$OPTARG" ;;
+		?) usage; exit ;;
+	esac
+done
+
+shift `expr $OPTIND - 1`
+
+if [ "x$1" = "x" ]; then
+	usage
+	exit
+fi
+
+max=`echo "${w} * 1000" | bc`
+
+if [ `date +%s` != "%s" ]; then
+	format="%s"
+fi
+
+_checksite ${topt} $*
+
+if [ "$x" = "" ]; then
+	while [ 1 ] ; do
+		_testsite ${seq} ${topt} $* &
+		pid=$!
+		if [ "${C}" = "yes" ]; then
+			wait $pid
+		fi
+		seq=`expr $seq + 1`
+		sleep ${r}
+	done
+else
+	while [ "$x" -gt 0 ] ; do
+		_testsite ${seq} ${topt} $* &
+		pid=$!
+		if [ "${C}" = "yes" ]; then
+			wait $pid
+		fi
+		seq=`expr $seq + 1`
+		x=`expr $x - 1`
+		if [ "$x" -gt 0 ]; then
+			sleep ${r}
+		fi
+	done
+fi
+
+exit
+
--- a/v2ray-core/files/etc/firewall.v2ray-rules
+++ b/v2ray-core/files/etc/firewall.v2ray-rules
@ -0,0 +1,2 @@
+#!/bin/sh
+/etc/init.d/v2ray rules_up
--- a/v2ray-core/files/etc/init.d/v2ray
+++ b/v2ray-core/files/etc/init.d/v2ray
@ -411,8 +411,14 @@ add_v2ray_redirect_rules() {
 	local ipset_dst_direct="$IPSET_DST_DIRECT_V4"

 	test -n "$port" || return
-	#logger -t "v2ray" "v2ray-rules -l ${port} -L ${port} -s $OUTBOUND_SERVERS_V4 --rule-name def --src-default forward --dst-default forward --local-default forward"
+
+	# This part need a rewrite
 	v2ray-rules -l ${port} -L ${port} -s $OUTBOUND_SERVERS_V4 --rule-name def --src-default forward --dst-default forward --local-default forward
+	v2ray-rules6 -l $((port+1)) -L $((port+1)) --rule-name def --src-default forward --dst-default forward --local-default forward
+	[ -f /etc/init.d/omr-bypass ] && {
+		logger -t "V2Ray" "Reload omr-bypass rules"
+		/etc/init.d/omr-bypass reload_rules
+	}
 }

 init_rules_for_listfile() {
@ -1268,18 +1274,18 @@ add_inbound_setting() {

 	json_add_object "sockopt"

-	if [ -n "$port" ] && [ "x$port" = "x$TRANSPARENT_PROXY_PORT" ] ; then
-		if [ "x$TRANSPARENT_PROXY_USE_TPROXY" = "x1" ] ; then
-			json_add_string "tproxy" "tproxy"
-		else
-			json_add_string "tproxy" "redirect"
-		fi
-	else
+#	if [ -n "$port" ] && [ "x$port" = "x$TRANSPARENT_PROXY_PORT" ] ; then
+#		if [ "x$TRANSPARENT_PROXY_USE_TPROXY" = "x1" ] ; then
+#			json_add_string "tproxy" "tproxy"
+#		else
+#			json_add_string "tproxy" "redirect"
+#		fi
+#	else
 		test -n "$ss_sockopt_tcp_fast_open" && \
 			json_add_boolean "tcpFastOpen" "$ss_sockopt_tcp_fast_open"
 		test -n "$ss_sockopt_tproxy" && \
 			json_add_string "tproxy" "$ss_sockopt_tproxy"
-	fi
+#	fi

 	json_close_object # sockopt

@ -2071,7 +2077,7 @@ start_instance() {
 }

 rules_exist() {
-	[ -n "$(iptables -t nat -L -n | grep v2r)" ] && return 0
+	[ -n "$(iptables -t nat -L -n | grep v2r_)" ] && return 0
 	return 1
 }

@ -2081,18 +2087,9 @@ rules_up() {
 	config_load v2ray
 	config_get enabled main enabled "0"
 	[ "$enabled" = "0" ] && return
+	OUTBOUND_SERVERS_V4="$(uci -q get v2ray.omrout.s_vless_address)"
 	logger -t "V2Ray" "Rules UP"
-	[ -x "$bin" ] && {
-		"$bin" >/dev/null 2>&1
-	}
-	local bin6="/usr/bin/v2ray-rules6"
-	[ -x "$bin6" ] && {
-		"$bin6" >/dev/null 2>&1
-	}
-	[ -f /etc/init.d/omr-bypass ] && {
-		logger -t "V2Ray" "Reload omr-bypass rules"
-		/etc/init.d/omr-bypass reload_rules
-	}
+	add_v2ray_redirect_rules
 }

 rules_down() {
@ -2122,6 +2119,7 @@ start_service() {

 	setup_transparent_proxy
 	gracefully_restart_dnsmasq
+	rules_up

 	unset OUTBOUND_SERVERS_V4 \
 		OUTBOUND_SERVERS_V6 \
@ -2138,8 +2136,8 @@ stop_service() {
 	fi

 	clear_transparent_proxy
+	rules_down
 	gracefully_restart_dnsmasq
-
 	test -d "$CONFIG_FOLDER" && rm -rf "$CONFIG_FOLDER"
 }

--- a/v2ray-core/files/etc/uci-defaults/3010-omr-v2ray
+++ b/v2ray-core/files/etc/uci-defaults/3010-omr-v2ray
@ -1,6 +1,6 @@
 #!/bin/sh

-if [ -z "$(uci -q get v2ray.main2)" ]; then
+if [ -z "$(uci -q get v2ray.main)" ]; then
 	touch /etc/config/v2ray
 	uci batch <<-EOF
 		set v2ray.main=v2ray
@ -12,6 +12,7 @@ if [ -z "$(uci -q get v2ray.main2)" ]; then
 		set v2ray.main.enabled='0'
 		set v2ray.main.outbounds='omrout'
 		set v2ray.main.inbounds='omr'
+		add_list v2ray.main.inbounds='omr6'
 		add_list v2ray.main.inbounds='omrtest'
 		set v2ray.main_dns=dns
 		set v2ray.main_dns.hosts='example.com|127.0.0.1'
@ -39,7 +40,7 @@ if [ -z "$(uci -q get v2ray.main2)" ]; then
 		set v2ray.main_transparent_proxy.redirect_udp='1'
 		set v2ray.main_transparent_proxy.redirect_port='1897'
 		set v2ray.omrout=outbound
-		set v2ray.omrout.alias='out'
+		set v2ray.omrout.tag='out'
 		set v2ray.omrout.protocol='vless'
 		set v2ray.omrout.s_vmess_address=''
 		set v2ray.omrout.s_vmess_port='65228'
@ -61,8 +62,8 @@ if [ -z "$(uci -q get v2ray.main2)" ]; then
 		set v2ray.omrout.ss_tls_key_file='/etc/luci-uploads/client.key'
 		set v2ray.omrout.mux_concurrency='8'
 		set v2ray.omr=inbound
-		set v2ray.omr.alias='V2RayServer'
-		set v2ray.omr.listen='127.0.0.1'
+		set v2ray.omr.tag='omrtunnel'
+		set v2ray.omr.listen='0.0.0.0'
 		set v2ray.omr.port='1897'
 		set v2ray.omr.protocol='dokodemo-door'
 		set v2ray.omr.s_dokodemo_door_network='tcp'
@ -70,6 +71,16 @@ if [ -z "$(uci -q get v2ray.main2)" ]; then
 		set v2ray.omr.ss_sockopt_tproxy='redirect'
 		set v2ray.omr.ss_sockopt_tcp_fast_open='1'
 		set v2ray.omr.s_dokodemo_door_follow_redirect='1'
+		set v2ray.omr6=inbound
+		set v2ray.omr6.tag='omrtunnel6'
+		set v2ray.omr6.listen='::'
+		set v2ray.omr6.port='1898'
+		set v2ray.omr6.protocol='dokodemo-door'
+		set v2ray.omr6.s_dokodemo_door_network='tcp'
+		add_list v2ray.omr6.s_dokodemo_door_network='udp'
+		set v2ray.omr6.ss_sockopt_tproxy='tproxy'
+		set v2ray.omr6.ss_sockopt_tcp_fast_open='1'
+		set v2ray.omr6.s_dokodemo_door_follow_redirect='1'
 		set v2ray.omrtest=inbound
 		set v2ray.omrtest.port='1111'
 		set v2ray.omrtest.protocol='socks'
@ -81,5 +92,39 @@ if [ -z "$(uci -q get v2ray.main2)" ]; then
 		commit v2ray
 	EOF
 fi
+uci -q set v2ray.omr.listen='::'
+
+if [ "$(uci -q get firewall.v2ray)" = "" ]; then
+	uci -q batch <<-EOF >/dev/null
+		set firewall.v2ray=include
+		set firewall.v2ray.path=/etc/firewall.v2ray
+		set firewall.v2ray.reload=1
+		commit firewall
+	EOF
+fi
+
+if [ "$(uci -q get v2ray.omrreverse)" = "" ]; then
+	uci -q batch <<-EOF >/dev/null
+		set v2ray.omrbridge=reverse
+		set v2ray.omrbridge.enabled=1
+		set v2ray.omrbridge.bridges='omrbridge|omr.lan'
+		commit v2ray
+	EOF
+fi
+if [ "$(uci -q get v2ray.omrrouting)" = "" ]; then
+	uci -q batch <<-EOF >/dev/null
+		set v2ray.omrrouting=routing_rule
+		set v2ray.omrrouting.type='field'
+		set v2ray.omrrouting.inbound_tag='omrbridge'
+		set v2ray.omrrouting.outbound_tag='omrtunnel'
+		set v2ray.omrrouting.domain='full:omr.lan'
+		set v2ray.omrroutingo=routing_rule
+		set v2ray.omrroutingo.type='field'
+		set v2ray.omrroutingo.inbound_tag='omrbridge'
+		set v2ray.omrroutingo.outbound_tag='out'
+		commit v2ray
+	EOF
+fi
+

 exit 0
--- a/v2ray-core/files/usr/bin/v2ray-rules
+++ b/v2ray-core/files/usr/bin/v2ray-rules
@ -122,7 +122,7 @@ v2r_rules_parse_args() {
 v2r_rules_flush() {
 	local setname

-	iptables-save --counters | grep -v v2r_rules_ | iptables-restore -w --counters
+	iptables-save --counters | grep -v v2r_ | iptables-restore -w --counters
 	while ip rule del fwmark 1 lookup 100 2>/dev/null; do true; done
 	ip route flush table 100 || true
 	for setname in $(ipset -n list | grep "ss_rules_"); do
--- a/v2ray-core/files/usr/bin/v2ray-rules6
+++ b/v2ray-core/files/usr/bin/v2ray-rules6
@ -0,0 +1,281 @@
+#!/bin/sh -e
+#
+# Copyright (C) 2017 Yousong Zhou <yszhou4tech@gmail.com>
+# Copyright (C) 2018-2020 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
+#
+# The design idea was derived from ss-rules by Jian Chang <aa65535@live.com>
+#
+# This is free software, licensed under the GNU General Public License v3.
+# See /LICENSE for more information.
+#
+
+v2ray_rules6_usage() {
+	cat >&2 <<EOF
+Usage: v2ray-rules6 [options]
+
+	-h, --help      Show this help message then exit
+	-f, --flush     Flush rules, ipset then exit
+	-l <port>       Local port number of ss-redir with TCP mode
+	-L <port>       Local port number of ss-redir with UDP mode
+	-s <ips>        List of ip addresses of remote shadowsocks server
+	--ifnames       Only apply rules on packets from these ifnames
+	--src-bypass <ips|cidr>
+	--src-forward <ips|cidr>
+	--src-checkdst <ips|cidr>
+	--src-default <bypass|forward|checkdst>
+	                Packets will have their src ip checked in order against
+	                bypass, forward, checkdst list and will bypass, forward
+	                through, or continue to have their dst ip checked
+	                respectively on the first match.  Otherwise, --src-default
+	                decide the default action
+	--dst-bypass <ips|cidr>
+	--dst-forward <ips|cidr>
+	--dst-bypass-file <file>
+	--dst-forward-file <file>
+	--dst-default <bypass|forward>
+	                Same as with their --src-xx equivalent
+	--dst-forward-recentrst
+	                Forward those packets whose destinations have recently
+	                sent to us multiple tcp-rst packets
+	--local-default <bypass|forward|checkdst>
+	                Default action for local out TCP traffic
+
+The following ipsets will be created by ss-rules.  They are also intended to be
+populated by other programs like dnsmasq with ipset support
+
+	v2ray_rules6_src_bypass
+	v2ray_rules6_src_forward
+	v2ray_rules6_src_checkdst
+	v2ray_rules6_dst_bypass
+	v2ray_rules6_dst_forward
+EOF
+}
+
+o_dst_bypass_="
+	fe80::/10
+	fd00::/8
+	::1
+"
+o_src_default=bypass
+o_dst_default=bypass
+o_local_default=bypass
+
+__errmsg() {
+	echo "ss-rules6: $*" >&2
+}
+
+v2ray_rules6_parse_args() {
+	while [ "$#" -gt 0 ]; do
+		case "$1" in
+			-h|--help) v2ray_rules6_usage; exit 0;;
+			-f|--flush) v2ray_rules6_flush; exit 0;;
+			-l) o_redir_tcp_port="$2"; shift 2;;
+			-L) o_redir_udp_port="$2"; shift 2;;
+			-s) o_remote_servers="$2"; shift 2;;
+			--ifnames) o_ifnames="$2"; shift 2;;
+			--ipt-extra) o_ipt_extra="$2"; shift 2;;
+			--src-default) o_src_default="$2"; shift 2;;
+			--dst-default) o_dst_default="$2"; shift 2;;
+			--local-default) o_local_default="$2"; shift 2;;
+			--src-bypass) o_src_bypass="$2"; shift 2;;
+			--src-forward) o_src_forward="$2"; shift 2;;
+			--src-checkdst) o_src_checkdst="$2"; shift 2;;
+			--dst-bypass) o_dst_bypass="$2"; shift 2;;
+			--dst-bypass_all) o_dst_bypass_all="$2"; shift 2;;
+			--dst-forward) o_dst_forward="$2"; shift 2;;
+			--dst-forward-recentrst) o_dst_forward_recentrst=1; shift 1;;
+			--dst-bypass-file) o_dst_bypass_file="$2"; shift 2;;
+			--dst-forward-file) o_dst_forward_file="$2"; shift 2;;
+			--rule-name) rule="$2"; shift 2;;
+			*) __errmsg "unknown option $1"; return 1;;
+		esac
+	done
+
+	if [ -z "$o_redir_tcp_port" -a -z "$o_redir_udp_port" ]; then
+		__errmsg "Requires at least -l or -L option"
+		return 1
+	fi
+	if [ -n "$o_dst_forward_recentrst" ] && ! ip6tables -m recent -h >/dev/null; then
+		__errmsg "Please install ip6tables-mod-conntrack-extra with opkg"
+		return 1
+	fi
+	o_remote_servers="$(for s in $o_remote_servers; do resolveip -6 "$s"; done)"
+}
+
+v2ray_rules6_flush() {
+	local setname
+
+	ip6tables-save --counters | grep -v v2r6_ | ip6tables-restore -w --counters
+	while ip -f inet6 rule del fwmark 1 lookup 100 2>/dev/null; do true; done
+	ip -f inet6 route flush table 100 || true
+	for setname in $(ipset -n list | grep "ss_rules6_"); do
+		ipset destroy "$setname" 2>/dev/null || true
+	done
+}
+
+v2ray_rules6_ipset_init() {
+	ipset --exist restore <<-EOF
+		create ss_rules6_src_bypass hash:net family inet6 hashsize 64
+		create ss_rules6_src_forward hash:net family inet6 hashsize 64
+		create ss_rules6_src_checkdst hash:net family inet6 hashsize 64
+		create ss_rules6_dst_bypass hash:net family inet6 hashsize 64
+		create ss_rules6_dst_bypass_all hash:net family inet6 hashsize 64
+		create ss_rules6_dst_bypass_ hash:net family inet6 hashsize 64
+		create ss_rules6_dst_forward hash:net family inet6 hashsize 64
+		create ss_rules6_dst_forward_recrst_ hash:ip family inet6 hashsize 64 timeout 3600
+		$(v2ray_rules6_ipset_mkadd ss_rules6_dst_bypass_ "$o_dst_bypass_ $o_remote_servers")
+		$(v2ray_rules6_ipset_mkadd ss_rules6_dst_bypass_all "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')")
+		$(v2ray_rules6_ipset_mkadd ss_rules6_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')")
+		$(v2ray_rules6_ipset_mkadd ss_rules6_src_bypass "$o_src_bypass")
+		$(v2ray_rules6_ipset_mkadd ss_rules6_src_forward "$o_src_forward")
+		$(v2ray_rules6_ipset_mkadd ss_rules6_src_checkdst "$o_src_checkdst")
+		$(v2ray_rules6_ipset_mkadd ss_rules6_dst_forward "$o_dst_forward $(cat "$o_dst_forward_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')")
+	EOF
+}
+
+v2ray_rules6_ipset_mkadd() {
+	local setname="$1"; shift
+	local i
+
+	for i in $*; do
+		echo "add $setname $i"
+	done
+}
+
+v2ray_rules6_iptchains_init() {
+	v2ray_rules6_iptchains_init_mark
+	v2ray_rules6_iptchains_init_tcp
+	v2ray_rules6_iptchains_init_udp
+}
+
+v2ray_rules6_iptchains_init_mark() {
+	ip6tables-restore -w --noflush <<-EOF
+		*mangle
+		-A PREROUTING -m set --match-set ss_rules6_dst_bypass_all dst -j MARK --set-mark 0x6539
+		COMMIT
+	EOF
+}
+
+
+v2ray_rules6_iptchains_init_tcp() {
+	local local_target
+
+	[ -n "$o_redir_tcp_port" ] || return 0
+
+	#v2ray_rules6_iptchains_init_ nat tcp
+	v2ray_rules6_iptchains_init_ mangle tcp
+
+	case "$o_local_default" in
+		checkdst) local_target=v2r6_${rule}_dst ;;
+		forward) local_target=v2r6_${rule}_forward ;;
+		bypass|*) return 0;;
+	esac
+
+#	echo "tcp mangle"
+#	ip6tables-restore -w --noflush <<-EOF
+#		*mangle
+#		:v2r6_${rule}_local_out -
+#		-I OUTPUT 1 -p tcp -j v2r6_${rule}_local_out
+#		-A v2r6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass dst -j RETURN
+#		-A v2r6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
+#		-A v2r6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN
+#		-A v2r6_${rule}_local_out -m mark --mark 0x6539 -j RETURN
+#		-A v2r6_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
+#		COMMIT
+#	EOF
+#	echo "done"
+}
+
+v2ray_rules6_iptchains_init_udp() {
+	[ -n "$o_redir_udp_port" ] || return 0
+	echo "v2ray udp"
+	v2ray_rules6_iptchains_init_ mangle udp
+}
+
+v2ray_rules6_iptchains_init_() {
+	local table="$1"
+	local proto="$2"
+	local forward_rules
+	local src_default_target dst_default_target
+	local recentrst_mangle_rules recentrst_addset_rules
+
+	case "$proto" in
+		tcp)
+			#forward_rules="-A v2r6_${rule}_forward -p tcp -j REDIRECT --to-ports $o_redir_tcp_port"
+			forward_rules="-A v2r6_${rule}_forward -p tcp -j TPROXY --on-port $o_redir_tcp_port --tproxy-mark 0x01/0x01"
+			if [ -n "$o_dst_forward_recentrst" ]; then
+				recentrst_mangle_rules="
+					*mangle
+					-I PREROUTING 1 -p tcp -m tcp --tcp-flags RST RST -m recent --name ss_rules6_recentrst --set --rsource
+					COMMIT
+				"
+				recentrst_addset_rules="
+					-A v2r6_${rule}_dst -m recent --name ss_rules6_recentrst --rcheck --rdest --seconds 3 --hitcount 3 -j SET --add-set ss_rules6_dst_forward_recrst_ dst --exist
+					-A v2r6_${rule}_dst -m set --match-set ss_rules6_dst_forward_recrst_ dst -j v2r6_${rule}_forward
+				"
+			fi
+			;;
+		udp)
+			ip -f inet6 rule add fwmark 1 lookup 100
+			ip -f inet6 route add local default dev lo table 100
+			forward_rules="
+				-A v2r6_${rule}_forward -p udp -j TPROXY --on-port "$o_redir_udp_port" --tproxy-mark 0x01/0x01
+				-A v2r6_${rule}_forward -p tcp -j TPROXY --on-port "$o_redir_udp_port" --tproxy-mark 0x01/0x01
+			"
+			;;
+	esac
+	case "$o_src_default" in
+		forward) src_default_target=v2r6_${rule}_forward ;;
+		checkdst) src_default_target=v2r6_${rule}_dst ;;
+		bypass|*) src_default_target=RETURN ;;
+	esac
+	case "$o_dst_default" in
+		forward) dst_default_target=v2r6_${rule}_forward ;;
+		bypass|*) dst_default_target=RETURN ;;
+	esac
+	sed -e '/^\s*$/d' -e 's/^\s\+//' <<-EOF | ip6tables-restore -w --noflush
+		*$table
+		:v2r6_${rule}_pre_src -
+		:v2r6_${rule}_src -
+		:v2r6_${rule}_dst -
+		:v2r6_${rule}_forward -
+		$(v2ray_rules6_iptchains_mkprerules "udp")
+		$(v2ray_rules6_iptchains_mkprerules "tcp")
+		-A v2r6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN
+		-A v2r6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j MARK --set-mark 0x6539
+		-A v2r6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
+		-A v2r6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass dst -j RETURN
+		-A v2r6_${rule}_pre_src -m mark --mark 0x6539 -j RETURN
+		-A v2r6_${rule}_dst -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
+		-A v2r6_${rule}_dst -m set --match-set ss_rules6_dst_bypass dst -j RETURN
+		-A v2r6_${rule}_pre_src -p tcp $o_ipt_extra -j v2r6_${rule}_src
+		-A v2r6_${rule}_pre_src -p udp $o_ipt_extra -j v2r6_${rule}_src
+		-A v2r6_${rule}_src -m set --match-set ss_rules6_src_bypass src -j RETURN
+		-A v2r6_${rule}_src -m set --match-set ss_rules6_src_forward src -j v2r6_${rule}_forward
+		-A v2r6_${rule}_src -m set --match-set ss_rules6_src_checkdst src -j v2r6_${rule}_dst
+		-A v2r6_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default"
+		-A v2r6_${rule}_dst -m set --match-set ss_rules6_dst_forward dst -j v2r6_${rule}_forward
+		$recentrst_addset_rules
+		-A v2r6_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default"
+		$forward_rules
+		COMMIT
+		$recentrst_mangle_rules
+	EOF
+}
+
+v2ray_rules6_iptchains_mkprerules() {
+	local proto="$1"
+
+	if [ -z "$o_ifnames" ]; then
+		echo "-I PREROUTING 1 -p $proto -j v2r6_${rule}_pre_src"
+	else
+		echo $o_ifnames \
+			| tr ' ' '\n' \
+			| sed "s/.*/-I PREROUTING 1 -i \\0 -p $proto -j v2r6_${rule}_pre_src/"
+	fi
+}
+
+v2ray_rules6_parse_args "$@"
+v2ray_rules6_flush
+v2ray_rules6_ipset_init
+v2ray_rules6_iptchains_init