mptcp/openmptcprouter-feeds
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-feeds.git synced 2025-03-09 15:40:03 +00:00
Code Issues Releases Wiki Activity

Merge branch 'develop' of https://github.com/Ysurac/openmptcprouter-feeds into test

Browse source
This commit is contained in:
suyuan 2024-01-14 12:50:45 +08:00
commit b8e2618de3
30 changed files with 1354 additions and 677 deletions
Download patch file Download diff file Expand all files Collapse all files

2
luci-app-omr-tracker/Makefile
View file

@ -1,5 +1,5 @@
#
# Copyright (C) 2018-2019 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
# Copyright (C) 2018-2023 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
#
#

289
luci-app-omr-tracker/htdocs/luci-static/resources/view/omr-tracker/network/interface.js Normal file
View file

@ -0,0 +1,289 @@
'use strict';
'require form';
'require fs';
'require view';
'require uci';
var cfgtypes = ['defaults','interface'];
return view.extend({
load: function() {
return Promise.all([
L.resolveDefault(fs.stat('/usr/bin/httping'), {}),
L.resolveDefault(fs.stat('/usr/bin/dig'), {}),
// L.resolveDefault(fs.stat('/usr/bin/nping'), {}),
// L.resolveDefault(fs.stat('/usr/bin/arping'), {}),
uci.load('network')
]);
},
render: function (stats) {
var m, s, o;
m = new form.Map('omr-tracker', _('OMR-Tracker - Interfaces'),
_('Names must match the interface name found in /etc/config/network.') + '<br />' +
_('Names may contain characters A-Z, a-z, 0-9, _ and no spaces-'));
//s = m.section(form.GridSection, 'defaults');
s = m.section(form.GridSection);
s.addremove = true;
s.anonymous = false;
s.nodescriptions = true;
s.cfgsections = function() {
return this.map.data.sections(this.map.config)
.filter(function(s) { return cfgtypes.indexOf(s['.type']) !== -1; })
.map(function(s) { return s['.name']; });
};
o = s.option(form.Flag, 'enabled', _('Enabled'));
o.default = false;
o = s.option(form.ListValue, 'initial_state', _('Initial state'),
_('Expect interface state on up event'));
o.default = 'online';
o.value('online', _('Online'));
o.value('offline', _('Offline'));
o.modalonly = true;
o = s.option(form.ListValue, 'family', _('Internet Protocol'));
o.default = 'ipv4';
o.value('ipv4', _('IPv4'));
o.value('ipv6', _('IPv6'));
o.value('ipv4ipv6', _('IPv4 & IPv6'));
o.modalonly = true;
o = s.option(form.DynamicList, 'hosts', _('Tracking hostname or IP address'),
_('This hostname or IP address will be pinged to determine if the link is up or down. Leave blank to use defaults settings.'));
o.datatype = 'hosts';
o.modalonly = true;
o.rmempty = false;
o = s.option(form.DynamicList, 'hosts6', _('Tracking hostname or IP address for IPv6'),
_('This hostname or IP address will be pinged to determine if the link is up or down. Leave blank to use defaults settings.'));
o.datatype = 'hosts';
o.modalonly = true;
o.depends('family', 'ipv4ipv6');
o.depends('family', 'ipv6');
o.rmempty = false;
o = s.option(form.ListValue, 'type', _('Tracking method'));
o.default = 'ping';
o.value('none');
o.value('ping');
if (stats[0].type === 'file') {
o.value('httping');
}
if (stats[1].type === 'file') {
o.value('dns');
}
/*
if (stats[2].type === 'file') {
o.value('nping-tcp');
o.value('nping-udp');
o.value('nping-icmp');
o.value('nping-arp');
}
if (stats[3].type === 'file') {
o.value('arping');
}
*/
o = s.option(form.Flag, 'server_http_test', _('Server http test'),
_('Check if connection work with http by sending a request to server'));
o.rmempty = false;
o.modalonly = true;
o = s.option(form.Flag, 'mail_alert', _('Mail alert'),
_('Send a mail when connection status change. You need to configure e-mail settings here.'));
o.rmempty = false;
o.modalonly = true;
/*
o = s.option(form.Flag, 'httping_ssl', _('Enable ssl tracking'),
_('Enables https tracking on ssl port 443'));
o.depends('type', 'httping');
o.rmempty = false;
o.modalonly = true;
*/
o = s.option(form.Value, 'reliability', _('Tracking reliability'),
_('Acceptable values: 1-100. This many Tracking IP addresses must respond for the link to be deemed up'));
o.datatype = 'range(1, 100)';
o.default = '1';
o = s.option(form.ListValue, 'count', _('Ping count'));
o.default = '1';
o.value('1');
o.value('2');
o.value('3');
o.value('4');
o.value('5');
o.modalonly = true;
o = s.option(form.Value, 'size', _('Ping size'));
o.default = '56';
o.depends('type', 'ping');
o.value('8');
o.value('24');
o.value('56');
o.value('120');
o.value('248');
o.value('504');
o.value('1016');
o.value('1472');
o.value('2040');
o.datatype = 'range(1, 65507)';
o.modalonly = true;
o =s.option(form.Value, 'max_ttl', _('Max TTL'));
o.default = '60';
o.depends('type', 'ping');
o.value('10');
o.value('20');
o.value('30');
o.value('40');
o.value('50');
o.value('60');
o.value('70');
o.datatype = 'range(1, 255)';
o.modalonly = true;
o = s.option(form.Flag, 'check_quality', _('Check link quality'));
o.depends('type', 'ping');
o.default = false;
o.modalonly = true;
o = s.option(form.Value, 'failure_latency', _('Failure latency [ms]'));
o.depends('check_quality', '1');
o.default = '1000';
o.value('25');
o.value('50');
o.value('75');
o.value('100');
o.value('150');
o.value('200');
o.value('250');
o.value('300');
o.modalonly = true;
o = s.option(form.Value, 'failure_loss', _('Failure packet loss [%]'));
o.depends('check_quality', '1');
o.default = '40';
o.value('2');
o.value('5');
o.value('10');
o.value('20');
o.value('25');
o.modalonly = true;
o = s.option(form.Value, 'recovery_latency', _('Recovery latency [ms]'));
o.depends('check_quality', '1');
o.default = '500';
o.value('25');
o.value('50');
o.value('75');
o.value('100');
o.value('150');
o.value('200');
o.value('250');
o.value('300');
o.modalonly = true;
o = s.option(form.Value, 'recovery_loss', _('Recovery packet loss [%]'));
o.depends('check_quality', '1');
o.default = '10';
o.value('2');
o.value('5');
o.value('10');
o.value('20');
o.value('25');
o.modalonly = true;
o = s.option(form.ListValue, "timeout", _("Ping timeout"));
o.default = '4';
o.value('1', _('%d second').format('1'));
for (var i = 2; i <= 10; i++)
o.value(String(i), _('%d seconds').format(i));
o.modalonly = true;
o = s.option(form.ListValue, 'interval', _('Ping interval'));
o.default = '10';
o.value('1', _('%d second').format('1'));
o.value('3', _('%d seconds').format('3'));
o.value('5', _('%d seconds').format('5'));
o.value('10', _('%d seconds').format('10'));
o.value('20', _('%d seconds').format('20'));
o.value('30', _('%d seconds').format('30'));
o.value('60', _('%d minute').format('1'));
o.value('300', _('%d minutes').format('5'));
o.value('600', _('%d minutes').format('10'));
o.value('900', _('%d minutes').format('15'));
o.value('1800', _('%d minutes').format('30'));
o.value('3600', _('%d hour').format('1'));
o = s.option(form.Value, 'failure_interval', _('Failure interval'),
_('Ping interval during failure detection'));
o.default = '5';
o.value('1', _('%d second').format('1'));
o.value('3', _('%d seconds').format('3'));
o.value('5', _('%d seconds').format('5'));
o.value('10', _('%d seconds').format('10'));
o.value('20', _('%d seconds').format('20'));
o.value('30', _('%d seconds').format('30'));
o.value('60', _('%d minute').format('1'));
o.value('300', _('%d minutes').format('5'));
o.value('600', _('%d minutes').format('10'));
o.value('900', _('%d minutes').format('15'));
o.value('1800', _('%d minutes').format('30'));
o.value('3600', _('%d hour').format('1'));
o.modalonly = true;
o = s.option(form.Flag, 'keep_failure_interval', _('Keep failure interval'),
_('Keep ping failure interval during failure state'));
o.default = false;
o.modalonly = true;
o = s.option(form.ListValue, 'tries', _('Interface down'),
_('Interface will be deemed down after this many failed ping tests'));
o.default = '5';
o.value('1');
o.value('2');
o.value('3');
o.value('4');
o.value('5');
o.value('6');
o.value('7');
o.value('8');
o.value('9');
o.value('10');
o = s.option(form.ListValue, 'tries_up', _('Interface up'),
_('Downed interface will be deemed up after this many successful ping tests'));
o.default = "5";
o.value('1');
o.value('2');
o.value('3');
o.value('4');
o.value('5');
o.value('6');
o.value('7');
o.value('8');
o.value('9');
o.value('10');
o = s.option(form.Flag, 'restart_down', _('Restart if down'),
_('Restart interface if detected as down.'));
o.rmempty = false;
o.modalonly = true;
/*
o = s.option(form.DynamicList, 'flush_conntrack', _('Flush conntrack table'),
_('Flush global firewall conntrack table on interface events'));
o.value('ifup', _('ifup (netifd)'));
o.value('ifdown', _('ifdown (netifd)'));
o.modalonly = true;
*/
return m.render();
}
})

186
luci-app-omr-tracker/htdocs/luci-static/resources/view/omr-tracker/network/proxy.js Normal file
View file

@ -0,0 +1,186 @@
'use strict';
'require form';
'require fs';
'require view';
'require uci';
var cfgtypes = ['proxy'];
return view.extend({
load: function() {
return Promise.all([
L.resolveDefault(fs.stat('/usr/bin/httping'), {}),
L.resolveDefault(fs.stat('/usr/bin/dig'), {}),
// L.resolveDefault(fs.stat('/usr/bin/nping'), {}),
// L.resolveDefault(fs.stat('/usr/bin/arping'), {}),
uci.load('network')
]);
},
render: function (stats) {
var m, s, o;
m = new form.Map('omr-tracker', _('OMR-Tracker - Proxy'),
_('Detect if proxy is down and stop redirection over it.'));
//s = m.section(form.GridSection, 'defaults');
s = m.section(form.GridSection);
//s.addremove = true;
s.anonymous = false;
s.nodescriptions = true;
s.cfgsections = function() {
return this.map.data.sections(this.map.config)
.filter(function(s) { return cfgtypes.indexOf(s['.type']) !== -1; })
.map(function(s) { return s['.name']; });
};
o = s.option(form.Flag, 'enabled', _('Enabled'));
o.default = false;
o = s.option(form.ListValue, 'initial_state', _('Initial state'),
_('Expect interface state on up event'));
o.default = 'online';
o.value('online', _('Online'));
o.value('offline', _('Offline'));
o.modalonly = true;
o = s.option(form.ListValue, 'family', _('Internet Protocol'));
o.default = 'ipv4ipv6';
//o.value('ipv4', _('IPv4'));
//o.value('ipv6', _('IPv6'));
o.value('ipv4ipv6', _('IPv4 & IPv6'));
o.modalonly = true;
o = s.option(form.DynamicList, 'hosts', _('Tracking hostname or IP address'),
_('This hostname or IP address will be pinged to determine if the link is up or down. Leave blank to assume interface is always online'));
o.datatype = 'hosts';
o.modalonly = true;
o = s.option(form.DynamicList, 'hosts6', _('Tracking hostname or IP address for IPv6'),
_('This hostname or IP address will be pinged to determine if the link is up or down. Leave blank to assume interface is always online'));
o.datatype = 'hosts';
o.modalonly = true;
o.depends('family', 'ipv4ipv6');
o.depends('family', 'ipv6');
/*
o = s.option(form.Flag, 'httping_ssl', _('Enable ssl tracking'),
_('Enables https tracking on ssl port 443'));
o.depends('track_method', 'httping');
o.rmempty = false;
o.modalonly = true;
*/
o = s.option(form.Flag, 'mail_alert', _('Mail alert'),
_('Send a mail when connection status change. You need to configure e-mail settings here.'));
o.rmempty = false;
o.modalonly = true;
/*
o = s.option(form.Value, 'reliability', _('Tracking reliability'),
_('Acceptable values: 1-100. This many Tracking IP addresses must respond for the link to be deemed up'));
o.datatype = 'range(1, 100)';
o.default = '1';
*/
o = s.option(form.ListValue, 'tries', _('Test count'));
o.default = '1';
o.value('1');
o.value('2');
o.value('3');
o.value('4');
o.value('5');
o.modalonly = true;
o = s.option(form.ListValue, "timeout", _("Test timeout"));
o.default = '4';
o.value('1', _('%d second').format('1'));
for (var i = 2; i <= 10; i++)
o.value(String(i), _('%d seconds').format(i));
o.modalonly = true;
o = s.option(form.ListValue, 'interval', _('Test interval'));
o.default = '10';
o.value('1', _('%d second').format('1'));
o.value('3', _('%d seconds').format('3'));
o.value('5', _('%d seconds').format('5'));
o.value('10', _('%d seconds').format('10'));
o.value('20', _('%d seconds').format('20'));
o.value('30', _('%d seconds').format('30'));
o.value('60', _('%d minute').format('1'));
o.value('300', _('%d minutes').format('5'));
o.value('600', _('%d minutes').format('10'));
o.value('900', _('%d minutes').format('15'));
o.value('1800', _('%d minutes').format('30'));
o.value('3600', _('%d hour').format('1'));
/*
o = s.option(form.Value, 'failure_interval', _('Failure interval'),
_('Ping interval during failure detection'));
o.default = '5';
o.value('1', _('%d second').format('1'));
o.value('3', _('%d seconds').format('3'));
o.value('5', _('%d seconds').format('5'));
o.value('10', _('%d seconds').format('10'));
o.value('20', _('%d seconds').format('20'));
o.value('30', _('%d seconds').format('30'));
o.value('60', _('%d minute').format('1'));
o.value('300', _('%d minutes').format('5'));
o.value('600', _('%d minutes').format('10'));
o.value('900', _('%d minutes').format('15'));
o.value('1800', _('%d minutes').format('30'));
o.value('3600', _('%d hour').format('1'));
o.modalonly = true;
o = s.option(form.Flag, 'keep_failure_interval', _('Keep failure interval'),
_('Keep ping failure interval during failure state'));
o.default = false;
o.modalonly = true;
o = s.option(form.Value, 'recovery_interval', _('Recovery interval'),
_('Ping interval during failure recovering'));
o.default = '5';
o.value('1', _('%d second').format('1'));
o.value('3', _('%d seconds').format('3'));
o.value('5', _('%d seconds').format('5'));
o.value('10', _('%d seconds').format('10'));
o.value('20', _('%d seconds').format('20'));
o.value('30', _('%d seconds').format('30'));
o.value('60', _('%d minute').format('1'));
o.value('300', _('%d minutes').format('5'));
o.value('600', _('%d minutes').format('10'));
o.value('900', _('%d minutes').format('15'));
o.value('1800', _('%d minutes').format('30'));
o.value('3600', _('%d hour').format('1'));
o.modalonly = true;
o = s.option(form.ListValue, 'tries', _('Proxy down'),
_('Proxy will be deemed down after this many failed tests'));
o.default = '5';
o.value('1');
o.value('2');
o.value('3');
o.value('4');
o.value('5');
o.value('6');
o.value('7');
o.value('8');
o.value('9');
o.value('10');
o = s.option(form.ListValue, 'tries_up', _('Interface up'),
_('Downed interface will be deemed up after this many successful ping tests'));
o.default = "5";
o.value('1');
o.value('2');
o.value('3');
o.value('4');
o.value('5');
o.value('6');
o.value('7');
o.value('8');
o.value('9');
o.value('10');
*/
return m.render();
}
})

163
luci-app-omr-tracker/htdocs/luci-static/resources/view/omr-tracker/network/server.js Normal file
View file

@ -0,0 +1,163 @@
'use strict';
'require form';
'require fs';
'require view';
'require uci';
var cfgtypes = ['server'];
return view.extend({
load: function() {
return Promise.all([
L.resolveDefault(fs.stat('/usr/bin/httping'), {}),
L.resolveDefault(fs.stat('/usr/bin/dig'), {}),
// L.resolveDefault(fs.stat('/usr/bin/nping'), {}),
// L.resolveDefault(fs.stat('/usr/bin/arping'), {}),
uci.load('network')
]);
},
render: function (stats) {
var m, s, o;
m = new form.Map('omr-tracker', _('OMR-Tracker - Server'),
_('Detect if server is down and use defined backup server in this case.'));
//s = m.section(form.GridSection, 'defaults');
s = m.section(form.GridSection);
//s.addremove = true;
s.anonymous = false;
s.nodescriptions = true;
s.cfgsections = function() {
return this.map.data.sections(this.map.config)
.filter(function(s) { return cfgtypes.indexOf(s['.type']) !== -1; })
.map(function(s) { return s['.name']; });
};
o = s.option(form.Flag, 'enabled', _('Enabled'));
o.default = false;
o = s.option(form.ListValue, 'initial_state', _('Initial state'),
_('Expect interface state on up event'));
o.default = 'online';
o.value('online', _('Online'));
o.value('offline', _('Offline'));
o.modalonly = true;
o = s.option(form.Flag, 'mail_alert', _('Mail alert'),
_('Send a mail when connection status change. You need to configure e-mail settings here.'));
o.rmempty = false;
o.modalonly = true;
/*
o = s.option(form.Value, 'reliability', _('Tracking reliability'),
_('Acceptable values: 1-100. This many Tracking IP addresses must respond for the link to be deemed up'));
o.datatype = 'range(1, 100)';
o.default = '1';
*/
o = s.option(form.ListValue, 'tries', _('Test count'));
o.default = '1';
o.value('1');
o.value('2');
o.value('3');
o.value('4');
o.value('5');
o.modalonly = true;
/*
o = s.option(form.Flag, 'check_quality', _('Check link quality'));
o.depends('track_method', 'ping');
o.default = false;
o.modalonly = true;
*/
o = s.option(form.ListValue, "timeout", _("Test timeout"));
o.default = '4';
o.value('1', _('%d second').format('1'));
for (var i = 2; i <= 10; i++)
o.value(String(i), _('%d seconds').format(i));
o.modalonly = true;
o = s.option(form.ListValue, 'interval', _('Test interval'));
o.default = '10';
o.value('1', _('%d second').format('1'));
o.value('3', _('%d seconds').format('3'));
o.value('5', _('%d seconds').format('5'));
o.value('10', _('%d seconds').format('10'));
o.value('20', _('%d seconds').format('20'));
o.value('30', _('%d seconds').format('30'));
o.value('60', _('%d minute').format('1'));
o.value('300', _('%d minutes').format('5'));
o.value('600', _('%d minutes').format('10'));
o.value('900', _('%d minutes').format('15'));
o.value('1800', _('%d minutes').format('30'));
o.value('3600', _('%d hour').format('1'));
/*
o = s.option(form.Value, 'failure_interval', _('Failure interval'),
_('Ping interval during failure detection'));
o.default = '5';
o.value('1', _('%d second').format('1'));
o.value('3', _('%d seconds').format('3'));
o.value('5', _('%d seconds').format('5'));
o.value('10', _('%d seconds').format('10'));
o.value('20', _('%d seconds').format('20'));
o.value('30', _('%d seconds').format('30'));
o.value('60', _('%d minute').format('1'));
o.value('300', _('%d minutes').format('5'));
o.value('600', _('%d minutes').format('10'));
o.value('900', _('%d minutes').format('15'));
o.value('1800', _('%d minutes').format('30'));
o.value('3600', _('%d hour').format('1'));
o.modalonly = true;
o = s.option(form.Flag, 'keep_failure_interval', _('Keep failure interval'),
_('Keep ping failure interval during failure state'));
o.default = false;
o.modalonly = true;
o = s.option(form.Value, 'recovery_interval', _('Recovery interval'),
_('Ping interval during failure recovering'));
o.default = '5';
o.value('1', _('%d second').format('1'));
o.value('3', _('%d seconds').format('3'));
o.value('5', _('%d seconds').format('5'));
o.value('10', _('%d seconds').format('10'));
o.value('20', _('%d seconds').format('20'));
o.value('30', _('%d seconds').format('30'));
o.value('60', _('%d minute').format('1'));
o.value('300', _('%d minutes').format('5'));
o.value('600', _('%d minutes').format('10'));
o.value('900', _('%d minutes').format('15'));
o.value('1800', _('%d minutes').format('30'));
o.value('3600', _('%d hour').format('1'));
o.modalonly = true;
o = s.option(form.ListValue, 'down', _('Interface down'),
_('Interface will be deemed down after this many failed ping tests'));
o.default = '5';
o.value('1');
o.value('2');
o.value('3');
o.value('4');
o.value('5');
o.value('6');
o.value('7');
o.value('8');
o.value('9');
o.value('10');
o = s.option(form.ListValue, 'up', _('Interface up'),
_('Downed interface will be deemed up after this many successful ping tests'));
o.default = "5";
o.value('1');
o.value('2');
o.value('3');
o.value('4');
o.value('5');
o.value('6');
o.value('7');
o.value('8');
o.value('9');
o.value('10');
*/
return m.render();
}
})

6
luci-app-omr-tracker/luasrc/controller/omr-tracker.lua
View file

@ -1,6 +0,0 @@
module("luci.controller.omr-tracker", package.seeall)
function index()
--entry({"admin", "openmptcprouter", "omr-tracker"}, cbi("omr-tracker"), _("OMR-Tracker"))
entry({"admin", "services", "omr-tracker"}, cbi("omr-tracker"), _("OMR-Tracker"))
end

254
luci-app-omr-tracker/luasrc/model/cbi/omr-tracker.lua
View file

@ -1,254 +0,0 @@
local net = require "luci.model.network".init()
local sys = require "luci.sys"
local m, s, o
m = Map("omr-tracker", translate("OMR-Tracker"))
s = m:section(TypedSection, "proxy", translate("Proxy tracker Settings"), translate("Detect if Proxy is down and stop traffic redirection over it."))
s.anonymous = true
s.addremove = false
local sdata = m:get('proxy')
if not sdata then
m:set('proxy', nil, 'proxy')
m:set('proxy', 'enabled', "1")
end
o = s:option(Flag, "enabled", translate("Enable"), translate("When tracker is disabled, connection failover is also disabled"))
o.rmempty = false
o = s:option(Value, "timeout", translate("Timeout (s)"))
o.placeholder = "1"
o.default = "1"
o.datatype = "range(1, 100)"
o.rmempty = false
o = s:option(Value, "tries", translate("Tries"))
o.placeholder = "4"
o.default = "4"
o.datatype = "range(1, 10)"
o.rmempty = false
o = s:option(Value, "interval", translate("Retry interval (s)"))
o.placeholder = "2"
o.default = "2"
o.datatype = "range(1, 100)"
o.rmempty = false
o = s:option(Value, "wait_test", translate("Wait after a failed test (s)"))
o.placeholder = "0"
o.default = "0"
o.datatype = "range(0, 100)"
o.rmempty = false
o = s:option(Flag, "mail_alert", translate("Mail alert"), translate("Send a mail when connection state change"))
o.optional = false
o.rmempty = false
o.default = false
o.disabled = 0
o.enabled = 1
o = s:option(DynamicList, "hosts", translate("Hosts"), translate("IPs or domains must be available over http"))
o.placeholder = "bing.com"
o.default = { "bing.com", "google.com" }
o.rmempty = false
s = m:section(TypedSection, "server", translate("Server tracker Settings"), translate("Detect if Server is down and use defined backup server in this case."))
s.anonymous = true
s.addremove = false
local sdata = m:get('server')
if not sdata then
m:set('server', nil, 'server')
m:set('server', 'enabled', "1")
end
o = s:option(Flag, "enabled", translate("Enable"), translate("When tracker is disabled, server failover is also disabled"))
o.rmempty = false
o = s:option(Value, "timeout", translate("Timeout (s)"))
o.placeholder = "1"
o.default = "1"
o.datatype = "range(1, 100)"
o.rmempty = false
o = s:option(Value, "tries", translate("Tries"))
o.placeholder = "4"
o.default = "4"
o.datatype = "range(1, 10)"
o.rmempty = false
o = s:option(Value, "interval", translate("Retry interval (s)"))
o.placeholder = "2"
o.default = "2"
o.datatype = "range(1, 100)"
o.rmempty = false
o = s:option(Value, "wait_test", translate("Wait after a failed test (s)"))
o.placeholder = "0"
o.default = "0"
o.datatype = "range(0, 100)"
o.rmempty = false
o = s:option(Flag, "mail_alert", translate("Mail alert"), translate("Send a mail when connection state change"))
o.optional = false
o.rmempty = false
o.default = false
o.disabled = 0
o.enabled = 1
s = m:section(TypedSection, "defaults", translate("Defaults Settings"), translate("OMR-Tracker create needed routes and detect when a connection is down or up"))
s.anonymous = true
o = s:option(Flag, "enabled", translate("Enable"), translate("When tracker is disabled, connection failover is also disabled"))
o.rmempty = false
o = s:option(Value, "timeout", translate("Timeout (s)"))
o.placeholder = "1"
o.default = "1"
o.datatype = "range(1, 100)"
o.rmempty = false
o = s:option(Value, "tries", translate("Tries"), translate("How many times repeat test"))
o.placeholder = "4"
o.default = "4"
o.datatype = "range(1, 10)"
o.rmempty = false
o = s:option(Value, "count", translate("Count"), translate("How many packets send on each test"))
o.placeholder = "2"
o.default = "2"
o.datatype = "range(1, 100)"
o.rmempty = false
o = s:option(Value, "interval", translate("Retry interval (s)"))
o.placeholder = "2"
o.default = "2"
o.datatype = "range(1, 100)"
o.rmempty = false
o = s:option(Value, "wait_test", translate("Wait after a failed test (s)"))
o.placeholder = "0"
o.default = "0"
o.datatype = "range(0, 100)"
o.rmempty = false
o = s:option(ListValue, "type", translate("Type"), translate("Always ping gateway, then test connection by ping, httping or dns. None mode only ping gateway."))
o:value("ping","ping")
o:value("httping","httping")
o:value("dns","dns")
o:value("none","none")
o = s:option(Flag, "server_http_test", translate("Server http test"), translate("Check if connection work with http by sending a request to server"))
o.optional = false
o.rmempty = false
o.default = true
o.disabled = 0
o.enabled = 1
o = s:option(Flag, "mail_alert", translate("Mail alert"), translate("Send a mail when connection state change"))
o.optional = false
o.rmempty = false
o.default = false
o.disabled = 0
o.enabled = 1
o = s:option(Flag, "restart_down", translate("Restart if down"), translate("Restart interface if detected as down"))
o.optional = false
o.rmempty = false
o.default = false
o.disabled = 0
o.enabled = 1
o = s:option(DynamicList, "hosts", translate("Hosts"), translate("Must be IPs and not domains"))
o.placeholder = "4.2.2.1"
o.default = { "4.2.2.1", "8.8.8.8" }
o.rmempty = false
o = s:option(DynamicList, "hosts6", translate("Hosts IPv6"), translate("Must be IPs and not domains"))
o.placeholder = "2001:4860:4860::8844"
o.default = { "2001:4860:4860::8888", "2001:4860:4860::8844" }
o.rmempty = false
s = m:section(TypedSection, "interface", translate("Interfaces"))
s.template_addremove = "omr-tracker/cbi-select-add"
s.addremove = true
s.add_select_options = { }
s.add_select_options[''] = ''
for _, iface in ipairs(net:get_networks()) do
if not (iface:name() == "loopback") then
s.add_select_options[iface:name()] = iface:name()
end
end
o = s:option(Flag, "enabled", translate("Enable"))
o.rmempty = false
o = s:option(Value, "timeout", translate("Timeout (s)"))
o.placeholder = "1"
o.default = "1"
o.datatype = "range(1, 100)"
o.rmempty = false
o = s:option(Value, "tries", translate("Tries"))
o.placeholder = "4"
o.default = "4"
o.datatype = "range(1, 10)"
o.rmempty = false
o = s:option(Value, "count", translate("Count"), translate("How many packets send on each test, one wrong make test fail, one wrong make tail fail"))
o.placeholder = "2"
o.default = "2"
o.datatype = "range(1, 100)"
o.rmempty = false
o = s:option(Value, "interval", translate("Retry interval (s)"))
o.placeholder = "2"
o.default = "2"
o.datatype = "range(1, 100)"
o.rmempty = false
o = s:option(Value, "wait_test", translate("Wait after a failed test (s)"))
o.placeholder = "0"
o.default = "0"
o.datatype = "range(0, 100)"
o.rmempty = false
o = s:option(ListValue, "type", translate("Type"), translate("Always ping gateway, then test connection by ping, httping or dns. None mode only ping gateway."))
o:value("ping","ping")
o:value("httping","httping")
o:value("dns","dns")
o:value("none","none")
o = s:option(Flag, "server_http_test", translate("Server http test"), translate("Check if connection work with http by sending a request to server"))
o.optional = false
o.rmempty = false
o.default = true
o.disabled = 0
o.enabled = 1
o = s:option(Flag, "mail_alert", translate("Mail alert"), translate("Send a mail when connection status change. You need to configure e-mail settings <a href=\"/cgi-bin/luci/admin/services/mail\">here</a>."))
o.optional = false
o.rmempty = false
o.default = false
o.disabled = 0
o.enabled = 1
o = s:option(Flag, "restart_down", translate("Restart if down"), translate("Restart interface if detected as down"))
o.optional = false
o.rmempty = false
o.default = false
o.disabled = 0
o.enabled = 1
o = s:option(DynamicList, "hosts", translate("Hosts"), translate("Must be IPs and not domains"))
o.placeholder = "4.2.2.1"
o.default = { "4.2.2.1", "8.8.8.8" }
o.rmempty = false
o = s:option(DynamicList, "hosts6", translate("Hosts IPv6"), translate("Must be IPs and not domains"))
o.placeholder = "2001:4860:4860::8844"
o.rmempty = false
return m

10
luci-app-omr-tracker/luasrc/view/omr-tracker/cbi-select-add.htm
View file

@ -1,10 +0,0 @@
<div class="cbi-section-create">
<% if self.invalid_cts then -%><div class="cbi-section-error"><% end %>
<select class="cbi-section-create-name" name="cbi.cts.<%=self.config%>.<%=self.sectiontype%>.select">
<%- for k, v in luci.util.kspairs(self.add_select_options) do %>
<option value="<%=k%>"><%=luci.xml.pcdata(v)%></option>
<% end -%>
</select>
<input class="cbi-button cbi-button-add" type="submit" value="<%:Add%>" title="<%:Add%>" />
<% if self.invalid_cts then %><br /><%:Invalid%></div><% end %>
</div>

31
luci-app-omr-tracker/root/usr/share/luci/menu.d/luci-app-omr-tracker.json
View file

@ -1,13 +1,36 @@
{
"admin/services/omr-tracker": {
"title": "OMR-Tracker",
"order": 10,
"title": "OMR-Tracker Manager",
"order": 60,
"action": {
"type": "cbi",
"path": "omr-tracker"
"type": "firstchild"
},
"depends": {
"acl": [ "luci-app-omr-tracker" ]
}
},
"admin/services/omr-tracker/interface": {
"title": "Interface",
"order": 10,
"action": {
"type": "view",
"path": "omr-tracker/network/interface"
}
},
"admin/services/omr-tracker/proxy": {
"title": "Proxy",
"order": 20,
"action": {
"type": "view",
"path": "omr-tracker/network/proxy"
}
},
"admin/services/omr-tracker/server": {
"title": "Server",
"order": 30,
"action": {
"type": "view",
"path": "omr-tracker/network/server"
}
}
}

8
luci-app-omr-tracker/root/usr/share/rpcd/acl.d/luci-app-omr-tracker.json
View file

@ -2,7 +2,13 @@
"luci-app-omr-tracker": {
"description": "Grant UCI access for luci-app-omr-tracker",
"read": {
"uci": [ "omr-tracker" ]
"uci": [ "omr-tracker" ],
"file": {
"/usr/bin/httping": [ "list" ],
"/usr/bin/dig": [ "list" ],
"/usr/bin/nping": [ "list" ],
"/usr/bin/arping": [ "list" ]
}
},
"write": {
"uci": [ "omr-tracker" ]

8
luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm
View file

@ -240,7 +240,7 @@
end
for _, proxy in pairs(available_proxys) do
if proxy == "shadowsocks" then %>
<% if nixio.fs.access("/etc/init.d/shadowsocks-libev") then %><option value="shadowsocks" <% if uci:get("openmptcprouter","settings","shadowsocks") == "0" or uci:get("openmptcprouter","settings","proxy") == nil then %>selected="selected"<% end %>>Shadowsocks</option><% end %>
<% if nixio.fs.access("/etc/init.d/shadowsocks-libev") then %><option value="shadowsocks" <% if uci:get("openmptcprouter","settings","proxy") == "shadowsocks" then %>selected="selected"<% end %>>Shadowsocks</option><% end %>
<% elseif proxy == "v2ray" then %>
<% if nixio.fs.access("/etc/init.d/v2ray") then %><option value="v2ray" <% if uci:get("openmptcprouter","settings","proxy") == "v2ray" then %>selected="selected"<% end %>>V2Ray VLESS</option><% end %>
<% elseif proxy == "v2ray-vmess" then %>
@ -262,13 +262,13 @@
<% elseif proxy == "xray-shadowsocks" then %>
<% if nixio.fs.access("/etc/init.d/xray") then %><option value="xray-shadowsocks" <% if uci:get("openmptcprouter","settings","proxy") == "xray-shadowsocks" then %>selected="selected"<% end %>>XRay Shadowsocks 2022</option><% end %>
<% elseif proxy == "shadowsocks-rust" or proxy == "shadowsocks-go" then %>
<% if nixio.fs.access("/etc/init.d/shadowsocks-rust") then %><option value="shadowsocks-rust" <% if uci:get("openmptcprouter","settings","proxy") == "shadowsocks-rust" then %>selected="selected"<% end %>>Shadowsocks-Rust 2022</option><% end %>
<% if nixio.fs.access("/etc/init.d/shadowsocks-rust") then %><option value="shadowsocks-rust" <% if uci:get("openmptcprouter","settings","proxy") == "shadowsocks-rust" or uci:get("openmptcprouter","settings","proxy") == nil then %>selected="selected"<% end %>>Shadowsocks-Rust 2022</option><% end %>
<% end
end %>
<%
else
%>
<% if nixio.fs.access("/etc/init.d/shadowsocks-libev") then %><option value="shadowsocks" <% if uci:get("openmptcprouter","settings","shadowsocks") == "0" or uci:get("openmptcprouter","settings","proxy") == nil then %>selected="selected"<% end %>>Shadowsocks</option><% end %>
<% if nixio.fs.access("/etc/init.d/shadowsocks-libev") then %><option value="shadowsocks" <% if uci:get("openmptcprouter","settings","proxy") == "shadowsocks" then %>selected="selected"<% end %>>Shadowsocks</option><% end %>
<% if nixio.fs.access("/etc/init.d/v2ray") then %><option value="v2ray" <% if uci:get("openmptcprouter","settings","proxy") == "v2ray" then %>selected="selected"<% end %>>V2Ray VLESS</option><% end %>
<% if nixio.fs.access("/etc/init.d/v2ray") then %><option value="v2ray-vmess" <% if uci:get("openmptcprouter","settings","proxy") == "v2ray-vmess" then %>selected="selected"<% end %>>V2Ray VMESS</option><% end %>
<% if nixio.fs.access("/etc/init.d/v2ray") then %><option value="v2ray-trojan" <% if uci:get("openmptcprouter","settings","proxy") == "v2ray-trojan" then %>selected="selected"<% end %>>V2Ray TROJAN</option><% end %>
@ -279,7 +279,7 @@
<% if nixio.fs.access("/etc/init.d/xray") then %><option value="xray-trojan" <% if uci:get("openmptcprouter","settings","proxy") == "xray-trojan" then %>selected="selected"<% end %>>XRay Trojan</option><% end %>
<% if nixio.fs.access("/etc/init.d/xray") then %><option value="xray-socks" <% if uci:get("openmptcprouter","settings","proxy") == "xray-socks" then %>selected="selected"<% end %>>XRay Socks</option><% end %>
<% if nixio.fs.access("/etc/init.d/xray") then %><option value="xray-shadowsocks" <% if uci:get("openmptcprouter","settings","proxy") == "xray-shadowsocks" then %>selected="selected"<% end %>>XRay Shadowsocks 2022</option><% end %>
<% if nixio.fs.access("/etc/init.d/shadowsocks-rust") then %><option value="shadowsocks-rust" <% if uci:get("openmptcprouter","settings","proxy") == "shadowsocks-rust" then %>selected="selected"<% end %>>Shadowsocks-Rust 2022</option><% end %>
<% if nixio.fs.access("/etc/init.d/shadowsocks-rust") then %><option value="shadowsocks-rust" <% if uci:get("openmptcprouter","settings","proxy") == "shadowsocks-rust" or uci:get("openmptcprouter","settings","proxy") == nil then %>selected="selected"<% end %>>Shadowsocks-Rust 2022</option><% end %>
<%
end
%>

4
mptcp/files/etc/init.d/mptcp
View file

@ -305,7 +305,7 @@ interface_multipath_settings() {
ip route replace $network/$netmask dev $iface scope link table $id $initcwrwnd 2>&1 >/dev/null
ip route replace default via $gateway dev $iface table $id $initcwrwnd 2>&1 >/dev/null
[ "$(uci -q get openmptcprouter.settings.defaultgw)" != "0" ] && ip route replace default via $gateway dev $iface metric $id $initcwrwnd 2>&1 >/dev/null
#ip route flush $id
ip route flush cache $id 2>&1 >/dev/null
fi
#config_get mode "$config" multipath ""
@ -395,7 +395,7 @@ interface_multipath_settings() {
ip -6 route replace $network6/$netmask6 dev $iface scope link table 6$id $initcwrwnd 2>&1 >/dev/null
ip -6 route replace default via $gateway6 dev $iface table 6$id $initcwrwnd 2>&1 >/dev/null
[ "$(uci -q get openmptcprouter.settings.defaultgw)" != "0" ] && ip -6 route replace default via $gateway6 dev $iface metric 6$id $initcwrwnd 2>&1 >/dev/null
#ip -6 route flush 6$id 2>&1 >/dev/null
ip -6 route flush cache 6$id 2>&1 >/dev/null
fi
#config_get mode "$config" multipath "off"

12
mptcp/files/usr/share/omr/post-tracking.d/001-post-tracking
View file

@ -828,6 +828,10 @@ if [ "$OMR_TRACKER_STATUS" = "ERROR" ] || [ "$interface_up" != "true" ]; then
config_load network
config_foreach set_route interface $OMR_TRACKER_INTERFACE "no"
config_foreach set_route6 interface $OMR_TRACKER_INTERFACE "no"
elif [ -n "$OMR_TRACKER_DEVICE" ] && [ -n "$(ip r show table 991337 | grep "$OMR_TRACKER_DEVICE ")" ]; then
config_load network
config_foreach set_route interface $OMR_TRACKER_INTERFACE "no"
config_foreach set_route6 interface $OMR_TRACKER_INTERFACE "no"
fi
fi
if [ "$(uci -q get openmptcprouter.settings.master)" = "balancing" ]; then
@ -1077,6 +1081,7 @@ if [ "$multipath_config" = "master" ]; then
config_foreach set_server_default_route server
#config_foreach set_server_default_route6 server
fi
ip route flush cache 2>&1 >/dev/null
fi
if ([ "$default_gw6" != "$OMR_TRACKER_DEVICE_GATEWAY6" ] || [ "$default_gw6" = "" ]) && [ "$OMR_TRACKER_DEVICE_GATEWAY6" != "" ] && [ "$(uci -q get openmptcprouter.settings.master)" != "balancing" ]; then
omrvpn_intf=$(uci -q get "network.omrvpn.device" || echo "tun0")
@ -1092,6 +1097,7 @@ if [ "$multipath_config" = "master" ]; then
#config_foreach set_server_default_route server
config_foreach set_server_default_route6 server
fi
ip -6 route flush cache 2>&1 >/dev/null
fi
#if [ "$(uci -q get openmptcprouter.settings.master)" = "balancing" ] && [ "$(ip route show default | grep weight)" = "" ] && [ "$(uci -q get openmptcprouter.settings.defaultgw)" != "0" ] && [ "$(uci -q get openmptcprouter.settings.vpn)" != "mlvpn" ]; then
if [ "$(uci -q get openmptcprouter.settings.master)" = "balancing" ] && ([ "$(ip route show default | grep weight)" = "" ] || [ "$(ip -6 route show default | grep weight)" = "" ]) && [ "$(uci -q get openmptcprouter.settings.defaultgw)" != "0" ]; then
@ -1153,12 +1159,16 @@ if [ "$multipath_config" = "master" ]; then
}
}
fi
ip route flush cache 2>&1 >/dev/null
ip -6 route flush cache 2>&1 >/dev/null
fi
if [ -n "$OMR_TRACKER_DEVICE_GATEWAY" ] && [ -n "$OMR_TRACKER_DEVICE" ] && [ "$(ip r show table 991337)" != "default via $OMR_TRACKER_DEVICE_GATEWAY dev $OMR_TRACKER_DEVICE " ]; then
ip route replace default via $OMR_TRACKER_DEVICE_GATEWAY dev $OMR_TRACKER_DEVICE table 991337 $initcwrwnd 2>&1 >/dev/null
ip route flush cache 2>&1 >/dev/null
fi
if [ -n "$OMR_TRACKER_DEVICE_GATEWAY6" ] && [ -n "$OMR_TRACKER_DEVICE" ] && [ "$(ip -6 r show table 991337)" != "default via $OMR_TRACKER_DEVICE_GATEWAY6 dev $OMR_TRACKER_DEVICE " ]; then
ip -6 route replace default via $OMR_TRACKER_DEVICE_GATEWAY6 dev $OMR_TRACKER_DEVICE table 991337 $initcwrwnd 2>&1 >/dev/null
ip -6 route flush cache 2>&1 >/dev/null
fi
if ([ -n "$OMR_TRACKER_INTERFACE" ] && [ "$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.lc)" = "" ]) || [ $(($(date +"%s") + $((10 + RANDOM % 31)) - $(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.lc))) -gt 3600 ] || [ "$(uci -q show openmptcprouter | grep get_config=\'1\')" != "" ] || [ "$(uci -q show openmptcprouter | grep admin_error=\'1\')" != "" ]; then
[ "$(pgrep -f openmptcprouter-vps)" = "" ] && /etc/init.d/openmptcprouter-vps restart >/dev/null 2>&1 &
@ -1177,6 +1187,7 @@ if [ -n "$OMR_TRACKER_DEVICE_IP" ] && [ -n "$OMR_TRACKER_DEVICE_GATEWAY" ]; then
if [ "$(uci -q get openmptcprouter.settings.defaultgw)" != "0" ] && [ -n "$OMR_TRACKER_DEVICE_GATEWAY" ] && [ -n "$OMR_TRACKER_DEVICE" ] && [ "$(ip r show dev $OMR_TRACKER_DEVICE | grep default)" = "" ] && [ -n "$OMR_TRACKER_INTERFACE" ] && [ "$(uci -q get network.$OMR_TRACKER_INTERFACE.metric)" != "" ]; then
_log "Interface route not yet set, set route ip r add default via $OMR_TRACKER_DEVICE_GATEWAY dev $OMR_TRACKER_DEVICE metric $(uci -q get network.$OMR_TRACKER_INTERFACE.metric)"
ip r add default via $OMR_TRACKER_DEVICE_GATEWAY dev $OMR_TRACKER_DEVICE metric $(uci -q get network.$OMR_TRACKER_INTERFACE.metric) >/dev/null 2>&1
ip route flush cache 2>&1 >/dev/null
fi
fi
if [ -n "$OMR_TRACKER_DEVICE_IP6" ] && [ -n "$OMR_TRACKER_DEVICE_GATEWAY6" ]; then
@ -1189,6 +1200,7 @@ if [ -n "$OMR_TRACKER_DEVICE_IP6" ] && [ -n "$OMR_TRACKER_DEVICE_GATEWAY6" ]; th
fi
if [ "$(uci -q get openmptcprouter.settings.defaultgw)" != "0" ] && [ -n "$OMR_TRACKER_DEVICE_GATEWAY6" ] && [ -n "$OMR_TRACKER_DEVICE" ] && [ "$(ip -6 r show dev $OMR_TRACKER_DEVICE | grep default)" = "" ] && [ -n "$OMR_TRACKER_INTERFACE" ] && [ "$(uci -q get network.$OMR_TRACKER_INTERFACE.metric)" != "" ]; then
ip -6 r replace default via $OMR_TRACKER_DEVICE_GATEWAY6 dev $OMR_TRACKER_DEVICE metric $(uci -q get network.$OMR_TRACKER_INTERFACE.metric) >/dev/null 2>&1
ip -6 route flush cache 2>&1 >/dev/null
fi
fi

1
mptcp/files/usr/share/omr/post-tracking.d/021-latencies
View file

@ -42,6 +42,7 @@ interface_up=$(ifstatus "$OMR_TRACKER_INTERFACE" 2>/dev/null | jsonfilter -q -e
fi
fi
fi
[ -n "$(uci -q changes openmptcprouter)" ] && uci -q commit openmptcprouter
}
if [ -n "$OMR_TRACKER_INTERFACE" ] && [ -n "$OMR_TRACKER_DEVICE" ]; then

751
omr-bypass/files/etc/init.d/omr-bypass
View file

@ -1,5 +1,5 @@
#!/bin/sh /etc/rc.common
# Copyright (C) 2018-2023 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
# Copyright (C) 2018-2020 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
START=98
STOP=10
@ -8,14 +8,13 @@ EXTRA_COMMANDS="reload_rules bypass_asn"
. /usr/lib/unbound/iptools.sh
# Still used by ndpi
if [ -e /usr/sbin/iptables-nft ]; then
IPTABLES="/usr/sbin/iptables-nft"
IPTABLESRESTORE="/usr/sbin/iptables-nft-restore"
IPTABLESSAVE="/usr/sbin/iptables-nft-save"
IP6TABLES="/usr/sbin/ip6tables-nft"
IP6TABLESRESTORE="/usr/sbin/ip6tables-nft-restore"
IP6TABLESSAVE="/usr/sbin/ip6tables-nft-save"
if [ -f /usr/sbin/iptables-legacy ]; then
IPTABLES="/usr/sbin/iptables-legacy"
IPTABLESRESTORE="/usr/sbin/iptables-legacy-restore"
IPTABLESSAVE="/usr/sbin/iptables-legacy-save"
IP6TABLES="/usr/sbin/ip6tables-legacy"
IP6TABLESRESTORE="/usr/sbin/ip6tables-legacy-restore"
IP6TABLESSAVE="/usr/sbin/ip6tables-legacy-save"
else
IPTABLES="/usr/sbin/iptables"
IPTABLESRESTORE="/usr/sbin/iptables-restore"
@ -59,13 +58,9 @@ _bypass_ip() {
valid_ip4=$( valid_subnet4 $ip)
valid_ip6=$( valid_subnet6 $ip)
if [ "$valid_ip4" = "ok" ]; then
uci -q add_list firewall.omr_dst_bypass_${type}_4.entry=$ip
uci -q set firewall.omr_dst_bypass_${type}_4.enabled='1'
uci -q set firewall.omr_dst_bypass_${type}_dstip_4.enabled='1'
ipset -q add omr_dst_bypass_$type $ip
elif [ "$valid_ip6" = "ok" ]; then
uci -q add_list firewall.omr_dst_bypass_${type}_6.entry=$ip
uci -q set firewall.omr_dst_bypass_${type}_6.enabled='1'
uci -q set firewall.omr_dst_bypass_${type}_dstip_6.enabled='1'
ipset -q add omr6_dst_bypass_$type $ip
fi
}
@ -81,7 +76,6 @@ _bypass_domains() {
[ -z "$intf" ] && intf="all"
config_get vpn $1 vpn
[ "$vpn" = "1" ] && intf="srv_vpn1"
#echo "bypass $domain $enabled $family $intf $vpn"
[ "$enabled" = "0" ] && return
[ -z "$domain" ] && return
[ -z "$family" ] && family="ipv4ipv6"
@ -113,7 +107,6 @@ _bypass_domains() {
_bypass_domain $validdomain $intf $family $noipv6
done
else
#echo "_bypass_domain $domain $intf $family $noipv6"
_bypass_domain $domain $intf $family $noipv6
fi
}
@ -124,6 +117,7 @@ _bypass_domain() {
local family=$3
local noipv6=$4
intf=$(echo $intf | sed -e 's/\./_/')
[ -n "$intf" ] && [ -z "$(ipset --list | grep omr_dst_bypass_$intf)" ] && return
[ -z "$intf" ] && intf="all"
if [ -n "$domain" ]; then
domain=$(echo $domain | sed 's:^\.::')
@ -140,13 +134,35 @@ _bypass_domain() {
done
fi
fi
if [ "$(uci -q get dhcp.omr_dst_bypass_$intf | grep /$domain/)" = "" ]; then
uci -q add_list dhcp.omr_dst_bypass_$intf.domain=$domain
if [ "$(uci -q get dhcp.@dnsmasq[0].ipset | grep /$domain/)" = "" ]; then
if [ "$family" = "ipv4ipv6" ]; then
uci -q add_list dhcp.@dnsmasq[0].ipset="/$domain/omr_dst_bypass_$intf,omr6_dst_bypass_$intf"
elif [ "$family" = "ipv4" ]; then
uci -q add_list dhcp.@dnsmasq[0].ipset="/$domain/omr_dst_bypass_$intf"
elif [ "$family" = "ipv6" ]; then
uci -q add_list dhcp.@dnsmasq[0].ipset="/$domain/omr6_dst_bypass_$intf"
fi
add_domains="true"
else
dnsmasqipset=$(uci -q get dhcp.@dnsmasq[0].ipset | sed 's/ /\n/g')
for dnsipset in $dnsmasqipset; do
if [ "$(echo $dnsipset | cut -d/ -f2)" = "$domain" ]; then
uci -q del_list dhcp.@dnsmasq[0].ipset=$dnsipset
if [ "$family" = "ipv4ipv6" ]; then
uci -q add_list dhcp.@dnsmasq[0].ipset="$dnsipset,omr_dst_bypass_$intf,omr6_dst_bypass_$intf"
elif [ "$family" = "ipv4" ]; then
uci -q add_list dhcp.@dnsmasq[0].ipset="$dnsipset,omr_dst_bypass_$intf"
elif [ "$family" = "ipv6" ]; then
uci -q add_list dhcp.@dnsmasq[0].ipset="$dnsipset,omr6_dst_bypass_$intf"
fi
add_domains="true"
fi
done
fi
if [ "$(uci -q get dhcp.@dnsmasq[0].noipv6 | grep /$domain/)" = "" ] && [ "$noipv6" = "1" ]; then
uci -q add_list dhcp.@dnsmasq[0].noipv6="$domain"
fi
#logger -t "omr-bypass" "Get IPs of $domain... Done"
fi
}
@ -160,13 +176,38 @@ _bypass_mac() {
config_get enabled $1 enabled
[ "$enabled" = "0" ] && return
intf=$(echo $intf | sed -e 's/\./_/')
[ -n "$intf" ] && [ -z "$(ipset --list | grep omr_dst_bypass_$intf)" ] && return
local intfid="$(uci -q get omr-bypass.$intf.id)"
[ -z "$intf" ] && intf="all"
[ -z "$mac" ] && return
uci -q batch <<-EOF
add_list firewall.omr_dst_bypass_$intf_mac.src_mac="$mac"
EOF
if [ "$intf" = "all" ]; then
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass -m mac --mac-source $mac -j MARK --set-mark 0x539
COMMIT
EOF
if [ "$disableipv6" = "0" ]; then
$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass6 -m mac --mac-source $mac -j MARK --set-mark 0x6539
COMMIT
EOF
fi
else
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass -m mac --mac-source $mac -j MARK --set-mark 0x539$intfid
COMMIT
EOF
if [ "$disableipv6" = "0" ]; then
$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass6 -m mac --mac-source $mac -j MARK --set-mark 0x6539$intfid
COMMIT
EOF
fi
fi
}
_bypass_lan_ip() {
@ -185,16 +226,44 @@ _bypass_lan_ip() {
[ -z "$ip" ] && return
valid_ip4=$(valid_subnet4 $ip)
valid_ip6=$(valid_subnet6 $ip)
if [ "$valid_ip4" = "ok" ]; then
uci -q batch <<-EOF
add_list firewall.omr_dst_bypass_${intf}_srcip_4.src_ip="$ip"
set firewall.omr_dst_bypass_${intf}_srcip_4.enabled='1'
EOF
elif [ "$valid_ip6" = "ok" ] && [ "$disableipv6" = "0" ]; then
uci -q batch <<-EOF
add_list firewall.omr_dst_bypass_${intf}_srcip_6.src_ip="$ip"
set firewall.omr_dst_bypass_${intf}_srcip_6.enabled='1'
EOF
if [ "$intf" = "all" ]; then
if [ "$valid_ip4" = "ok" ]; then
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass -s $ip -j MARK --set-mark 0x539
COMMIT
EOF
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass-local -s $ip -j MARK --set-mark 0x539
COMMIT
EOF
elif [ "$valid_ip6" = "ok" ] && [ "$disableipv6" = "0" ]; then
$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass6 -s $ip -j MARK --set-mark 0x6539
COMMIT
EOF
fi
else
if [ "$valid_ip4" = "ok" ]; then
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass -s $ip -j MARK --set-mark 0x539$intfid
COMMIT
EOF
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass-local -s $ip -j MARK --set-mark 0x539$intfid
COMMIT
EOF
elif [ "$valid_ip6" = "ok" ] && [ "$disableipv6" = "0" ]; then
$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass6 -s $ip -j MARK --set-mark 0x6539$intfid
COMMIT
EOF
fi
fi
}
@ -209,24 +278,49 @@ _bypass_dest_port() {
config_get enabled $1 enabled
[ "$enabled" = "0" ] && return
intf=$(echo $intf | sed -e 's/\./_/')
#[ -n "$intf" ] && [ -z "$(ipset --list | grep omr_dst_bypass_$intf)" ] && return
[ -n "$intf" ] && [ -z "$(ipset --list | grep omr_dst_bypass_$intf)" ] && return
local intfid="$(uci -q get omr-bypass.$intf.id)"
[ -z "$intf" ] && intf="all"
[ -z "$dport" ] && return
dport="$(echo $dport | sed 's/-/:/')"
[ -z "$proto" ] && return
if [ "$proto" = "tcp" ] || [ "$proto" = "tcp udp" ]; then
uci -q batch <<-EOF
add_list firewall.omr_dst_bypass_${intf}_dstport_tcp.dst_port="$dport"
set firewall.omr_dst_bypass_${intf}_dstport_tcp.enabled='1'
if [ "$intf" = "all" ]; then
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass --protocol $proto --destination-port $dport -j MARK --set-mark 0x539
COMMIT
EOF
fi
if [ "$proto" = "udp" ] || [ "$proto" = "tcp udp" ]; then
uci -q batch <<-EOF
add_list firewall.omr_dst_bypass_${intf}_dstport_udp.dst_port="$dport"
set firewall.omr_dst_bypass_${intf}_dstport_udp.enabled='1'
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass-local --protocol $proto --destination-port $dport -j MARK --set-mark 0x539
COMMIT
EOF
if [ "$disableipv6" = "0" ]; then
$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass6 --protocol $proto --destination-port $dport -j MARK --set-mark 0x6539
COMMIT
EOF
fi
else
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass --protocol $proto --destination-port $dport -j MARK --set-mark 0x539$intfid
COMMIT
EOF
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass-local --protocol $proto --destination-port $dport -j MARK --set-mark 0x539$intfid
COMMIT
EOF
if [ "$disableipv6" = "0" ]; then
$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass6 --protocol $proto --destination-port $dport -j MARK --set-mark 0x6539$intfid
COMMIT
EOF
fi
fi
}
@ -241,24 +335,49 @@ _bypass_src_port() {
config_get enabled $1 enabled
[ "$enabled" = "0" ] && return
intf=$(echo $intf | sed -e 's/\./_/')
#[ -n "$intf" ] && [ -z "$(ipset --list | grep omr_dst_bypass_$intf)" ] && return
[ -n "$intf" ] && [ -z "$(ipset --list | grep omr_dst_bypass_$intf)" ] && return
local intfid="$(uci -q get omr-bypass.$intf.id)"
[ -z "$intf" ] && intf="all"
[ -z "$sport" ] && return
sport="$(echo $sport | sed 's/-/:/')"
[ -z "$proto" ] && return
if [ "$proto" = "tcp" ] || [ "$proto" = "tcp udp" ]; then
uci -q batch <<-EOF
add_list firewall.omr_dst_bypass_${intf}_dstport_tcp.dst_port="$dport"
set firewall.omr_dst_bypass_${intf}_dstport_tcp.enabled='1'
if [ "$intf" = "all" ]; then
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass --protocol $proto --source-port $sport -j MARK --set-mark 0x539
COMMIT
EOF
fi
if [ "$proto" = "udp" ] || [ "$proto" = "tcp udp" ]; then
uci -q batch <<-EOF
add_list firewall.omr_dst_bypass_${intf}_dstport_udp.dst_port="$dport"
set firewall.omr_dst_bypass_${intf}_dstport_udp.enabled='1'
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass-local --protocol $proto --source-port $sport -j MARK --set-mark 0x539
COMMIT
EOF
if [ "$disableipv6" = "0" ]; then
$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass6 --protocol $proto --source-port $sport -j MARK --set-mark 0x6539
COMMIT
EOF
fi
else
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass --protocol $proto --source-port $sport -j MARK --set-mark 0x539$intfid
COMMIT
EOF
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass-local --protocol $proto --source-port $sport -j MARK --set-mark 0x539$intfid
COMMIT
EOF
if [ "$disableipv6" = "0" ]; then
$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass6 --protocol $proto --source-port $sport -j MARK --set-mark 0x6539$intfid
COMMIT
EOF
fi
fi
}
@ -279,7 +398,7 @@ _bypass_proto() {
[ -z "$noipv6" ] && noipv6="0"
[ -z "$family" ] && family="ipv4ipv6"
intf=$(echo $intf | sed -e 's/\./_/')
#[ -n "$intf" ] && [ -z "$(ipset --list | grep omr_dst_bypass_$intf)" ] && return
[ -n "$intf" ] && [ -z "$(ipset --list | grep omr_dst_bypass_$intf)" ] && return
local intfid="$(uci -q get omr-bypass.$intf.id)"
[ -z "$intf" ] && intf="all"
@ -289,8 +408,8 @@ _bypass_proto() {
if [ "$family" = "ipv4" ] || [ "$family" = "ipv4ipv6" ]; then
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass-dpi -m ndpi --proto $proto -j MARK --set-mark 0x4539
-A omr-bypass-dpi -m mark --mark 0x4539 -j RETURN
-A omr-bypass-dpi -m ndpi --proto $proto -j MARK --set-mark 0x539
-A omr-bypass-dpi -m mark --mark 0x539 -j RETURN
COMMIT
EOF
fi
@ -306,8 +425,8 @@ _bypass_proto() {
if [ "$family" = "ipv4" ] || [ "$family" = "ipv4ipv6" ]; then
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass-dpi -m ndpi --proto $proto -j MARK --set-mark 0x4539$intfid
-A omr-bypass-dpi -m mark --mark 0x4539$intfid -j RETURN
-A omr-bypass-dpi -m ndpi --proto $proto -j MARK --set-mark 0x539$intfid
-A omr-bypass-dpi -m mark --mark 0x539$intfid -j RETURN
COMMIT
EOF
fi
@ -378,84 +497,74 @@ _bypass_proto_without_ndpi() {
[ -z "$noipv6" ] && noipv6="0"
[ -z "$family" ] && family="ipv4ipv6"
intf=$(echo $intf | sed -e 's/\./_/')
#[ -n "$intf" ] && [ -z "$(ipset --list | grep omr_dst_bypass_$intf)" ] && return
[ -n "$intf" ] && [ -z "$(ipset --list | grep omr_dst_bypass_$intf)" ] && return
local intfid="$(uci -q get omr-bypass.$intf.id)"
[ -z "$intf" ] && intf="all"
[ "$intf" = "all" ] && intfid=""
[ -z "$proto" ] && return
if [ "$(uci -q get openmptcprouter.settings.ndpi)" == "0" ] || [ "$ndpi" == "0" ] || [ "$vpn" = "1" ]; then
ALLIPS=$(sqlite3 /usr/share/omr-bypass/omr-bypass.db "select ip from ipproto where proto=\"$proto\";" ".exit")
if [ -n "$ALLIPS" ]; then
if [ "$vpn" != "1" ]; then
uci -q batch <<-EOF >/dev/null
set firewall.bypass_$proto=ipset
set firewall.bypass_$proto.name="bypass_$proto"
set firewall.bypass_$proto.match='dest_ip'
set firewall.bypass_$proto_rule=rule
set firewall.bypass_$proto_rule.name="bypass_$proto"
set firewall.bypass_$proto_rule.src='lan'
set firewall.bypass_$proto_rule.dest='*'
set firewall.bypass_$proto_rule.target='MARK'
set firewall.bypass_$proto_rule.set_xmark="4539${intfid}"
commit firewall
ipset -q flush bypass_$proto > /dev/null 2>&1
ipset -q flush bypass6_$proto > /dev/null 2>&1
ipset -q --exist restore <<-EOF
create bypass_$proto hash:net hashsize 64
create bypass6_$proto hash:net family inet6 hashsize 64
EOF
uci -q batch <<-EOF >/dev/null
set firewall.bypass6_$proto=ipset
set firewall.bypass6_$proto.name="bypas6s_$proto"
set firewall.bypass6_$proto.match='dest_ip'
set firewall.bypass6_$proto_rule=rule
set firewall.bypass6_$proto_rule.name="bypass6_$proto"
set firewall.bypass6_$proto_rule.src='lan'
set firewall.bypass6_$proto_rule.dest='*'
set firewall.bypass6_$proto_rule.target='MARK'
set firewall.bypass6_$proto_rule.set_xmark="6539${intfid}"
commit firewall
EOF
#if [ "$intfid" != "" ]; then
# uci -q batch <<-EOF >/dev/null
# delete network.${1}_fw_rule=rule
# set network.${1}_fw_rule=rule
# set network.${1}_fw_rule.priority=1
# set network.${1}_fw_rule.mark=0x539${intfid}
# set network.${1}_fw_rule.lookup=${intfid}
# delete network.${1}_fw_rule6=rule6
# set network.${1}_fw_rule6=rule6
# set network.${1}_fw_rule6.priority=1
# set network.${1}_fw_rule6.mark=0x6539${intfid}
# set network.${1}_fw_rule6.lookup=${intfid}
# commit network
# EOF
#fi
#ipset -q flush bypass_$proto > /dev/null 2>&1
#ipset -q flush bypass6_$proto > /dev/null 2>&1
#ipset -q --exist restore <<-EOF
#create bypass_$proto hash:net hashsize 64
#create bypass6_$proto hash:net family inet6 hashsize 64
#EOF
fi
for ip in $ALLIPS; do
valid_ip4=$( valid_subnet4 $ip)
valid_ip6=$( valid_subnet6 $ip)
if [ "$valid_ip4" = "ok" ]; then
if [ "$vpn" != "1" ]; then
#ipset -q add bypass_$proto $ip
uci -q add_list firewall.bypass_$proto.entry=$ip
ipset -q add bypass_$proto $ip
else
#ipset -q add omr_dst_bypass_$intf $ip
uci -q add_list firewall.omr_dst_bypass_$intf_4.entry=$ip
ipset -q add omr_dst_bypass_$intf $ip
fi
elif [ "$valid_ip6" = "ok" ]; then
if [ "$vpn" != "1" ]; then
#ipset -q add bypass6_$proto $ip
uci -q add_list firewall.bypass6_$proto.entry=$ip
ipset -q add bypass6_$proto $ip
else
#ipset -q add omr6_dst_bypass_$intf $ip
uci -q add_list firewall.omr6_dst_bypass_$intf_4.entry=$ip
ipset -q add omr6_dst_bypass_$intf $ip
fi
fi
done
if [ "$intf" = "all" ]; then
if [ "$family" = "ipv4" ] || [ "$family" = "ipv4ipv6" ]; then
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass-dpi -m set --match-set bypass_$proto dst -j MARK --set-mark 0x539
-A omr-bypass-dpi -m mark --mark 0x539 -j RETURN
COMMIT
EOF
fi
if [ "$disableipv6" = "0" ] && ([ "$family" = "ipv6" ] || [ "$family" = "ipv4ipv6" ]); then
$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass6-dpi -m set --match-set bypass6_$proto dst -j MARK --set-mark 0x6539
-A omr-bypass6-dpi -m mark --mark 0x6539 -j RETURN
COMMIT
EOF
fi
elif [ "$vpn" != "1" ]; then
if [ "$family" = "ipv4" ] || [ "$family" = "ipv4ipv6" ]; then
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass-dpi -m set --match-set bypass_$proto dst -j MARK --set-mark 0x539$intfid
-A omr-bypass-dpi -m mark --mark 0x539$intfid -j RETURN
COMMIT
EOF
fi
if [ "$disableipv6" = "0" ] && ([ "$family" = "ipv6" ] || [ "$family" = "ipv4ipv6" ]); then
$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass6-dpi -m set --match-set bypass6_$proto dst -j MARK --set-mark 0x6539$intfid
-A omr-bypass6-dpi -m mark --mark 0x6539$intfid -j RETURN
COMMIT
EOF
fi
fi
fi
fi
# Use dnsmasq ipset to bypass domains of the proto
@ -500,16 +609,53 @@ _bypass_proto_without_ndpi() {
}
_intf_rule_ss_rules() {
cat >> /etc/firewall.omr-bypass <<-EOF
nft insert rule inet fw4 ss_rules_dst_tcp ip daddr @omr_dst_bypass_${intf}_4 accept
nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_${intf}_4 accept
EOF
if [ "$disableipv6" = "0" ]; then
cat >> /etc/firewall.omr-bypass <<-EOF
nft insert rule inet fw4 ss_rules_dst_tcp ip6 daddr @omr_dst_bypass_${intf}_6 accept
nft insert rule inet fw4 ss_rules_local_out ip6 daddr @omr_dst_bypass_${intf}_6 accept
rule_name=$1
[ "$rule_name" = "ss_rules" ] && rule_name="def"
if [ "$($IPTABLES --wait=40 -t nat -L -n | grep ssr_${rule_name}_dst)" != "" ] && [ "$($IPTABLESSAVE 2>/dev/null | grep ssr_${rule_name}_dst | grep omr_dst_bypass_$intf)" = "" ]; then
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*nat
-I ssr_${rule_name}_dst 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
-I ssr_${rule_name}_dst 2 -m mark --mark 0x539$count -j RETURN
COMMIT
EOF
fi
if [ "$($IPTABLES --wait=40 -t nat -L -n | grep ssr_${rule_name}_local_out)" != "" ] && [ "$($IPTABLESSAVE 2>/dev/null | grep ssr_${rule_name}_local_out | grep omr_dst_bypass_$intf)" = "" ]; then
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*nat
-I ssr_${rule_name}_local_out 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
-I ssr_${rule_name}_local_out 2 -m mark --mark 0x539$count -j RETURN
COMMIT
EOF
fi
if [ "$($IPTABLES --wait=40 -t nat -L -n | grep ssr_${rule_name}_pre_src)" != "" ] && [ "$($IPTABLESSAVE 2>/dev/null | grep ssr_${rule_name}_pre_src | grep omr_dst_bypass_$intf)" = "" ]; then
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*nat
-I ssr_${rule_name}_pre_src 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
-I ssr_${rule_name}_pre_src 2 -m mark --mark 0x539$count -j RETURN
COMMIT
EOF
fi
if [ "$disableipv6" = "0" ]; then
if [ "$($IP6TABLES --wait=40 -t mangle -L -n | grep omr6_dst_bypass_$intf)" = "" ]; then
$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-I omr-bypass6 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
COMMIT
EOF
fi
if [ "$($IP6TABLES --wait=40 -t nat -L -n | grep ssr6_${rule_name}_pre_src)" != "" ] && [ "$($IP6TABLESSAVE 2>/dev/null | grep ssr6 | grep omr6_dst_bypass_$intf)" = "" ]; then
$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
*nat
-I ssr6_${rule_name}_dst 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
-I ssr6_${rule_name}_dst 2 -m mark --mark 0x6539$count -j RETURN
-I ssr6_${rule_name}_local_out 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
-I ssr6_${rule_name}_local_out 2 -m mark --mark 0x6539$count -j RETURN
-I ssr6_${rule_name}_pre_src 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
-I ssr6_${rule_name}_pre_src 2 -m mark --mark 0x6539$count -j RETURN
COMMIT
EOF
fi
fi
}
_intf_rule_v2ray_rules() {
@ -620,133 +766,56 @@ _intf_rule_xray_rules() {
_intf_rule() {
local intf
[ "$1" = "all" ] && intf="all"
[ -z "$intf" ] && intf=$(ifstatus "$1" | jsonfilter -q -e '@["l3_device"]')
intf=$(ifstatus "$1" | jsonfilter -q -e '@["l3_device"]')
[ -n "$(echo $intf | grep '@')" ] && intf=$(ifstatus "$1" | jsonfilter -q -e '@["device"]')
[ -z "$intf" ] && config_get intf $1 device
[ -n "$(echo $intf | grep '/')" ] && return
#count=$((count+1))
[ "$intf" != "all" ] && config_get count $1 metric
[ "$intf" = "all" ] && count=""
config_get count $1 metric
local mode
#config_get mode $1 multipath "off"
#[ "$mode" = "off" ] && return
[ "$intf" != "all" ] && [ -z "$count" ] && return
[ -z "$count" ] && return
[ -z "$intf" ] && return
intf=$(echo $intf | sed -e 's/\./_/')
intf=$(echo $intf | sed -e 's/-/_/')
[ "$(echo $1 | grep _dev)" != "" ] && return
[ "$intf" = "lo" ] && return
[ -z "$intf" ] && return
# [ -z "$RELOAD" ] || [ "$(uci show firewall.omr_dst_bypass_$intf_4)" = "" ] && {
#unset RELOAD
#echo "$intf ip set dhcp"
uci batch <<-EOF
set dhcp.omr_dst_bypass_$intf=ipset
set dhcp.omr_dst_bypass_$intf.name="omr_dst_bypass_${intf}_4,omr_dst_bypass_${intf}_6"
commit dhcp
[ -z "$RELOAD" ] || [ "$(ipset --list | grep omr_dst_bypass_$intf)" = "" ] && {
unset RELOAD
ipset -q flush omr_dst_bypass_$intf > /dev/null 2>&1
ipset -q flush omr6_dst_bypass_$intf > /dev/null 2>&1
ipset -q --exist restore <<-EOF
create omr_dst_bypass_$intf hash:net hashsize 64
create omr6_dst_bypass_$intf hash:net family inet6 hashsize 64
EOF
#echo "firewall omr_dst_bypass ipset"
uci -q batch <<-EOF
set firewall.omr_dst_bypass_${intf}_4=ipset
set firewall.omr_dst_bypass_${intf}_4.name="omr_dst_bypass_${intf}_4"
set firewall.omr_dst_bypass_${intf}_4.match='dest_ip'
EOF
#echo "firewall omr_dst_bypass rules"
if [ "$disableipv6" = "0" ]; then
protocol="4 6"
else
protocol="4"
fi
for ipv46 in $protocol; do
echo "ipv46: $ipv46 for $intf"
uci batch <<-EOF
set firewall.omr_dst_bypass_${intf}_dstip_${ipv46}=rule
set firewall.omr_dst_bypass_${intf}_dstip_${ipv46}.name="omr_dst_bypass_${intf}_rule"
set firewall.omr_dst_bypass_${intf}_dstip_${ipv46}.ipset="omr_dst_bypass_${intf}_4"
set firewall.omr_dst_bypass_${intf}_dstip_${ipv46}.src='lan'
set firewall.omr_dst_bypass_${intf}_dstip_${ipv46}.dest='*'
set firewall.omr_dst_bypass_${intf}_dstip_${ipv46}.target='MARK'
set firewall.omr_dst_bypass_${intf}_dstip_${ipv46}.enabled='0'
set firewall.omr_dst_bypass_${intf}_dstip_${ipv46}.set_xmark="${ipv46}539${count}"
set firewall.omr_dst_bypass_${intf}_srcip_${ipv46}=rule
set firewall.omr_dst_bypass_${intf}_srcip_${ipv46}.name="omr_dst_bypass_${intf}_srcip"
set firewall.omr_dst_bypass_${intf}_srcip_${ipv46}.ipset="omr_dst_bypass_${intf}_4"
set firewall.omr_dst_bypass_${intf}_srcip_${ipv46}.src='lan'
set firewall.omr_dst_bypass_${intf}_srcip_${ipv46}.dest='*'
set firewall.omr_dst_bypass_${intf}_srcip_${ipv46}.target='MARK'
set firewall.omr_dst_bypass_${intf}_srcip_${ipv46}.enabled='0'
set firewall.omr_dst_bypass_${intf}_srcip_${ipv46}.set_xmark="${ipv46}539${count}"
set firewall.omr_dst_bypass_${intf}_mac_${ipv46}=rule
set firewall.omr_dst_bypass_${intf}_mac_${ipv46}.name='omr_dst_bypass_${intf}_mac'
set firewall.omr_dst_bypass_${intf}_mac_${ipv46}.src='lan'
set firewall.omr_dst_bypass_${intf}_mac_${ipv46}.dest='*'
set firewall.omr_dst_bypass_${intf}_mac_${ipv46}.target='MARK'
set firewall.omr_dst_bypass_${intf}_mac_${ipv46}.enabled='0'
set firewall.omr_dst_bypass_${intf}_mac_${ipv46}.set_xmark="${ipv46}539${count}"
set firewall.omr_dst_bypass_${intf}_srcport_tcp_${ipv46}=rule
set firewall.omr_dst_bypass_${intf}_srcport_tcp_${ipv46}.name="omr_dst_bypass_${intf}_srcport"
set firewall.omr_dst_bypass_${intf}_srcport_tcp_${ipv46}.proto='tcp'
set firewall.omr_dst_bypass_${intf}_srcport_tcp_${ipv46}.src='lan'
set firewall.omr_dst_bypass_${intf}_srcport_tcp_${ipv46}.dest='*'
set firewall.omr_dst_bypass_${intf}_srcport_tcp_${ipv46}.target='MARK'
set firewall.omr_dst_bypass_${intf}_srcport_tcp_${ipv46}.enabled='0'
set firewall.omr_dst_bypass_${intf}_srcport_tcp_${ipv46}.set_xmark="${ipv46}539${count}"
set firewall.omr_dst_bypass_${intf}_srcport_udp_${ipv46}=rule
set firewall.omr_dst_bypass_${intf}_srcport_udp_${ipv46}.name="omr_dst_bypass_${intf}_srcport"
set firewall.omr_dst_bypass_${intf}_srcport_udp_${ipv46}.proto='udp'
set firewall.omr_dst_bypass_${intf}_srcport_udp_${ipv46}.src='lan'
set firewall.omr_dst_bypass_${intf}_srcport_udp_${ipv46}.dest='*'
set firewall.omr_dst_bypass_${intf}_srcport_udp_${ipv46}.target='MARK'
set firewall.omr_dst_bypass_${intf}_srcport_udp_${ipv46}.enabled='0'
set firewall.omr_dst_bypass_${intf}_srcport_udp_${ipv46}.set_xmark="${ipv46}539${count}"
set firewall.omr_dst_bypass_${intf}_dstport_tcp_${ipv46}=rule
set firewall.omr_dst_bypass_${intf}_dstport_tcp_${ipv46}.name="omr_dst_bypass_${intf}_dstport"
set firewall.omr_dst_bypass_${intf}_dstport_tcp_${ipv46}.src='lan'
set firewall.omr_dst_bypass_${intf}_dstport_tcp_${ipv46}.dest='*'
set firewall.omr_dst_bypass_${intf}_dstport_tcp_${ipv46}.target='MARK'
set firewall.omr_dst_bypass_${intf}_dstport_tcp_${ipv46}.enabled='0'
set firewall.omr_dst_bypass_${intf}_dstport_tcp_${ipv46}.set_xmark="${ipv46}539${count}"
set firewall.omr_dst_bypass_${intf}_dstport_udp_${ipv46}=rule
set firewall.omr_dst_bypass_${intf}_dstport_udp_${ipv46}.name="omr_dst_bypass_${intf}_dstport"
set firewall.omr_dst_bypass_${intf}_dstport_udp_${ipv46}.src='lan'
set firewall.omr_dst_bypass_${intf}_dstport_udp_${ipv46}.dest='*'
set firewall.omr_dst_bypass_${intf}_dstport_udp_${ipv46}.target='MARK'
set firewall.omr_dst_bypass_${intf}_dstport_udp_${ipv46}.enabled='0'
set firewall.omr_dst_bypass_${intf}_dstport_udp_${ipv46}.set_xmark="${ipv46}539${count}"
commit firewall
EOF
done
if [ "$intf" = "all" ]; then
if [ "$(uci -q get openmptcprouter.settings.uci_rules)" = "1" ]; then
uci -q batch <<-EOF >/dev/null
delete network.${intf}_fw_rule=rule
set network.${intf}_fw_rule=rule
set network.${intf}_fw_rule.priority=1
set network.${intf}_fw_rule.mark=0x4539
set network.${intf}_fw_rule.lookup=991337
delete network.${intf}_fw_rule6=rule6
set network.${intf}_fw_rule6=rule6
set network.${intf}_fw_rule6.priority=1
set network.${intf}_fw_rule6.mark=0x6539
set network.${intf}_fw_rule6.lookup=6991337
delete network.${1}_fw_rule=rule
set network.${1}_fw_rule=rule
set network.${1}_fw_rule.priority=1
set network.${1}_fw_rule.mark=0x539${count}
set network.${1}_fw_rule.lookup=${count}
delete network.${1}_fw_rule6=rule6
set network.${1}_fw_rule6=rule6
set network.${1}_fw_rule6.priority=1
set network.${1}_fw_rule6.mark=0x6539${count}
set network.${1}_fw_rule6.lookup=${count}
commit network
EOF
else
uci -q batch <<-EOF >/dev/null
delete network.${intf}_fw_rule=rule
set network.${intf}_fw_rule=rule
set network.${intf}_fw_rule.priority=1
set network.${intf}_fw_rule.mark=0x4539${count}
set network.${intf}_fw_rule.lookup=${count}
delete network.${intf}_fw_rule6=rule6
set network.${intf}_fw_rule6=rule6
set network.${intf}_fw_rule6.priority=1
set network.${intf}_fw_rule6.mark=0x6539${count}
set network.${intf}_fw_rule6.lookup=${count}
commit network
EOF
ip rule add prio 1 fwmark 0x539$count lookup $count pref 1 > /dev/null 2>&1
ip -6 rule add prio 1 fwmark 0x6539$count lookup 6$count pref 1 > /dev/null 2>&1
fi
}
if [ "$($IPTABLESSAVE 2>/dev/null | grep omr-bypass | grep omr_dst_bypass_$intf)" = "" ]; then
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-I omr-bypass 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
-I omr-bypass 2 -m mark --mark 0x539$count -j RETURN
-I omr-bypass-local 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
-I omr-bypass-local 2 -m mark --mark 0x539$count -j RETURN
COMMIT
EOF
fi
if [ "$(uci -q get openmptcprouter.settings.proxy)" = "shadowsocks" ]; then
config_load shadowsocks-libev
config_foreach _intf_rule_ss_rules ss_rules
@ -787,6 +856,7 @@ _bypass_asn() {
for ip in $asnips; do
_bypass_ip $ip $interface
done
}
bypass_asn() {
@ -802,16 +872,41 @@ _bypass_omr_server() {
_ss_rules_config() {
cat >> /etc/firewall.omr-bypass <<-EOF
nft insert rule inet fw4 ss_rules_dst_tcp ip daddr @omr_dst_bypass_all_4 accept
nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_all_4 accept
EOF
if [ "$disableipv6" = "0" ]; then
cat >> /etc/firewall.omr-bypass <<-EOF
nft insert rule inet fw4 ss_rules_dst_tcp ip6 daddr @omr_dst_bypass_all_6 accept
nft insert rule inet fw4 ss_rules_local_out ip6 daddr @omr_dst_bypass_all_6 accept
rule_name=$1
[ "$rule_name" = "ss_rules" ] && rule_name="def"
if [ "$($IPTABLES --wait=40 -t nat -L -n | grep ssr_${rule_name}_pre_src)" != "" ] && [ "$($IPTABLES --wait=40 -t nat -L -n | grep omr_dst_bypass_all)" = "" ]; then
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*nat
-I ssr_${rule_name}_dst 1 -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539
-I ssr_${rule_name}_dst 2 -m mark --mark 0x539 -j RETURN
-I ssr_${rule_name}_local_out 1 -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539
-I ssr_${rule_name}_local_out 2 -m mark --mark 0x539 -j RETURN
-I ssr_${rule_name}_pre_src 1 -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539
-I ssr_${rule_name}_pre_src 2 -m mark --mark 0x539 -j RETURN
COMMIT
EOF
fi
if [ "$disableipv6" = "0" ]; then
if [ "$($IP6TABLES --wait=40 -t mangle -L -n | grep 'match-set omr6_dst_bypass_all dst MARK set')" = "" ]; then
$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass6 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
COMMIT
EOF
fi
if [ "$($IP6TABLES --wait=40 -t nat -L -n | grep ssr6_${rule_name}_pre_src)" != "" ] && [ "$($IP6TABLES --wait=40 -t nat -L -n | grep omr6_dst_bypass_all)" = "" ]; then
$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
*nat
-I ssr6_${rule_name}_dst 1 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
-I ssr6_${rule_name}_dst 1 -m mark --mark 0x6539 -j RETURN
-I ssr6_${rule_name}_local_out 1 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
-I ssr6_${rule_name}_local_out 2 -m mark --mark 0x6539 -j RETURN
-I ssr6_${rule_name}_pre_src 1 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
-I ssr6_${rule_name}_pre_src 2 -m mark --mark 0x6539 -j RETURN
COMMIT
EOF
fi
fi
}
_v2ray_rules_config() {
@ -892,18 +987,6 @@ _xray_rules_config() {
fi
}
_delete_dhcp_ipset() {
[ -n "$(echo $1 | grep omr_dst_bypass)" ] && {
uci -q delete dhcp.$1
}
}
_delete_firewall_rules() {
[ -n "$(echo $1 | grep omr_dst_bypass)" ] && {
uci -q delete firewall.$1
}
}
boot() {
BOOT=1
start "$@"
@ -912,16 +995,6 @@ boot() {
start_service() {
#local count
logger -t "omr-bypass" "Starting OMR-ByPass..."
config_load dhcp
config_foreach _delete_dhcp_ipset ipset
#uci -q commit dhcp
config_load firewall
config_foreach _delete_firewall_rules rule
config_foreach _delete_firewall_rules ipset
#uci -q commit firewall
add_domains="false"
[ -d /proc/net/xt_ndpi ] && {
config_load omr-bypass
@ -930,58 +1003,128 @@ start_service() {
disableipv6="$(uci -q get openmptcprouter.settings.disable_ipv6)"
#noipv6="$(uci -q get omr-bypass.global.noipv6)"
cat > /etc/firewall.omr-bypass <<-EOF
#!/bin/sh
#nft insert rule inet fw4 ss_rules_dst_tcp ip daddr @omr_dst_bypass_all accept
#nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_all accept
[ -n "$RELOAD" ] && [ "$(ipset --list | grep omr_dst_bypass_all)" = "" ] && {
unset RELOAD
}
[ -z "$RELOAD" ] && {
ipset -q flush omr_dst_bypass_all > /dev/null 2>&1
ipset -q flush omr6_dst_bypass_all > /dev/null 2>&1
ipset -q --exist restore <<-EOF
create omr_dst_bypass_all hash:net hashsize 64
create omr6_dst_bypass_all hash:net family inet6 hashsize 64
EOF
ipset -q flush omr_dst_bypass_srv_vpn1 > /dev/null 2>&1
ipset -q flush omr6_dst_bypass_srv_vpn1 > /dev/null 2>&1
ipset -q --exist restore <<-EOF
create omr_dst_bypass_srv_vpn1 hash:net hashsize 64
create omr6_dst_bypass_srv_vpn1 hash:net family inet6 hashsize 64
EOF
}
$IPTABLESSAVE --counters 2>/dev/null | grep -v omr-bypass | $IPTABLESRESTORE -w --counters 2>/dev/null
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
:omr-bypass -
-A PREROUTING -j omr-bypass
COMMIT
EOF
uci batch <<-EOF
set firewall.omr_bypass=include
set firewall.omr_bypass.enabled='1'
set firewall.omr_bypass.type='script'
set firewall.omr_bypass.path='/etc/firewall.omr-bypass'
set firewall.omr_bypass.fw4_compatible='1'
commit firewall
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
:omr-bypass-local -
-A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass-local
COMMIT
EOF
echo "intf_rule"
if [ "$disableipv6" = "0" ]; then
$IP6TABLESSAVE --counters 2>/dev/null | grep -v omr-bypass6 | $IP6TABLESRESTORE -w --counters 2>/dev/null
$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
:omr-bypass6 -
-A PREROUTING -j omr-bypass6
COMMIT
EOF
$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
:omr-bypass6-local -
-A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass6-local
COMMIT
EOF
fi
config_load network
config_foreach _intf_rule interface
_intf_rule all
local ndpi_rules=""
echo "bypass server"
if [ "$(uci -q get openmptcprouter.settings.bypass_servers)" = "1" ]; then
config_load openmptcprouter
config_foreach _bypass_omr_server server
fi
config_load omr-bypass
echo "bypass ip"
config_foreach _bypass_ip_set ips
echo "bypass mac"
config_foreach _bypass_mac macs
echo "bypass lan ip"
config_foreach _bypass_lan_ip lan_ip
echo "bypass dest port"
config_foreach _bypass_dest_port dest_port
echo "bypass src port"
config_foreach _bypass_src_port src_port
echo "bypass asn"
config_foreach _bypass_asn asns
echo "bypass domains"
dnsmasqipset=$(uci -q get dhcp.@dnsmasq[0].ipset | sed 's/ /\n/g' | grep -v dst_bypass)
uci -q delete dhcp.@dnsmasq[0].ipset
uci -q delete dhcp.@dnsmasq[0].noipv6
if [ -n "$dnsmasqipset" ]; then
for dnsipset in $dnsmasqipset; do
ipsets=""
allipsets=$(echo $dnsipset | cut -d/ -f3 | sed 's/,/\n/g')
for ipset in $allipsets; do
[ "$(echo $ipset | grep -v dst_bypass)" != "" ] && {
[ "$ipsets" != "" ] && ipsets="$ipsets,$ipset"
[ "$ipsets" = "" ] && ipsets="$ipset"
}
done
if [ "$ipsets" != "" ]; then
resultipset="/$(echo $dnsipset | cut -d/ -f2)/$ipsets"
[ -n "$resultipset" ] && uci -q add_list dhcp.@dnsmasq[0].ipset=$resultipset
fi
done
fi
config_foreach _bypass_domains domains
uci -q commit dhcp
# ip rule add prio 1 fwmark 0x4539 lookup 991337 > /dev/null 2>&1
# ip -6 rule add prio 1 fwmark 0x6539 lookup 6991337 > /dev/null 2>&1
ip rule add prio 1 fwmark 0x539 lookup 991337 > /dev/null 2>&1
ip -6 rule add prio 1 fwmark 0x6539 lookup 6991337 > /dev/null 2>&1
#config_load shadowsocks-libev
#config_foreach _ss_rules_config ss_rules
([ "$(uci -q get shadowsocks-libev.sss0.disabled)" != "1" ] || [ "$(uci -q get shadowsocks-rust.sss0.disabled)" != "1" ]) && _ss_rules_config
#config_load shadowsocks-rust
#config_foreach _ss_rules_config ss_rules
if [ "$($IPTABLES --wait=40 -t mangle -L -n | grep 'match-set omr_dst_bypass_all dst MARK set')" = "" ]; then
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539
-A omr-bypass -m mark --mark 0x539 -j RETURN
COMMIT
EOF
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass-local -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539
-A omr-bypass-local -m mark --mark 0x539 -j RETURN
COMMIT
EOF
fi
if [ "$disableipv6" = "0" ]; then
if [ "$($IP6TABLES --wait=40 -t mangle -L -n | grep 'match-set omr6_dst_bypass_all dst MARK set')" = "" ]; then
$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass6 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x539
-A omr-bypass6 -m mark --mark 0x539 -j RETURN
COMMIT
EOF
$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
-A omr-bypass6-local -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x539
-A omr-bypass6-local -m mark --mark 0x539 -j RETURN
COMMIT
EOF
fi
fi
config_load shadowsocks-libev
config_foreach _ss_rules_config
config_load shadowsocks-rust
config_foreach _ss_rules_config
_v2ray_rules_config
_xray_rules_config
# NDPI Netfilter is not available for nftables
$IPTABLESSAVE --counters 2>/dev/null | grep -v omr-bypass-dpi | $IPTABLESRESTORE -w --counters 2>/dev/null
$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
*mangle
@ -1013,7 +1156,7 @@ start_service() {
logger -t "omr-bypass" "Reload dnsmasq..."
/etc/init.d/dnsmasq reload
}
fw4 restart
# Create a protocol list for UI from a sqlite DB when NDPI is not available
sqlite3 /usr/share/omr-bypass/omr-bypass.db "select distinct(proto) from (select proto from hostproto union all select proto from ipproto) a order by proto;" ".exit" > /usr/share/omr-bypass/omr-bypass-proto.lst
config_load omr-bypass
@ -1025,25 +1168,15 @@ start_service() {
stop_service() {
$IPTABLESSAVE --counters 2>/dev/null | grep -v omr-bypass | $IPTABLESRESTORE -w --counters 2>/dev/null
# $IPTABLESSAVE --counters 2>/dev/null | grep -v omr_dst | $IPTABLESRESTORE -w --counters 2>/dev/null
$IPTABLESSAVE --counters 2>/dev/null | grep -v omr_dst | $IPTABLESRESTORE -w --counters 2>/dev/null
$IP6TABLESSAVE --counters 2>/dev/null | grep -v omr-bypass6 | $IP6TABLESRESTORE -w --counters 2>/dev/null
# $IP6TABLESSAVE --counters 2>/dev/null | grep -v omr6_dst | $IP6TABLESRESTORE -w --counters 2>/dev/null
#for setname in $(ipset -n list | grep "omr_"); do
# ipset -q destroy "$setname" 2>/dev/null || true
#done
#for setname in $(ipset list | awk '/Name: bypass_/ {print $2}'); do
# ipset -q destroy "$setname" 2>/dev/null || true
#done
# disable all rules ?
uci -q set firewall.omr-bypass.enabled='0'
config_load dhcp
config_foreach _delete_dhcp_ipset ipset
uci -q commit dhcp
config_load firewall
config_foreach _delete_firewall_rules rule
config_foreach _delete_firewall_rules ipset
uci -q commit firewall
exit 0
$IP6TABLESSAVE --counters 2>/dev/null | grep -v omr6_dst | $IP6TABLESRESTORE -w --counters 2>/dev/null
for setname in $(ipset -n list | grep "omr_"); do
ipset -q destroy "$setname" 2>/dev/null || true
done
for setname in $(ipset list | awk '/Name: bypass_/ {print $2}'); do
ipset -q destroy "$setname" 2>/dev/null || true
done
}
service_triggers() {

31
omr-bypass/files/etc/init.d/omr-bypass-nft
View file

@ -580,7 +580,7 @@ _intf_rule() {
protocol="4"
fi
for ipv46 in $protocol; do
echo "ipv46: $ipv46 for $intf"
#echo "ipv46: $ipv46 for $intf"
uci batch <<-EOF
set firewall.omr_dst_bypass_${intf}_dstip_${ipv46}=rule
set firewall.omr_dst_bypass_${intf}_dstip_${ipv46}.name="omr_dst_bypass_${intf}_rule"
@ -724,6 +724,7 @@ _bypass_omr_server() {
_ss_rules_config() {
cat >> /etc/firewall.omr-bypass <<-EOF
[ -z "\$(nft list ruleset | grep ss_rules)" ] && exit 0
nft insert rule inet fw4 ss_rules_dst_tcp ip daddr @omr_dst_bypass_all_4 accept
nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_all_4 accept
EOF
@ -737,6 +738,7 @@ _ss_rules_config() {
_v2ray_rules_config() {
cat >> /etc/firewall.omr-bypass <<-EOF
[ -z "\$(nft list ruleset | grep v2r_rules)" ] && exit 0
nft insert rule inet fw4 v2r_rules_dst_tcp ip daddr @omr_dst_bypass_all_4 accept
nft insert rule inet fw4 v2r_rules_local_out ip daddr @omr_dst_bypass_all_4 accept
EOF
@ -750,6 +752,7 @@ _v2ray_rules_config() {
_xray_rules_config() {
cat >> /etc/firewall.omr-bypass <<-EOF
[ -z "\$(nft list ruleset | grep xr_rules)" ] && exit 0
nft insert rule inet fw4 xr_rules_dst_tcp ip daddr @omr_dst_bypass_all_4 accept
nft insert rule inet fw4 xr_rules_local_out ip daddr @omr_dst_bypass_all_4 accept
EOF
@ -798,7 +801,7 @@ start_service() {
}
disableipv6="$(uci -q get openmptcprouter.settings.disable_ipv6)"
#noipv6="$(uci -q get omr-bypass.global.noipv6)"
rm -f /etc/firewall.omr-bypass
cat > /etc/firewall.omr-bypass <<-EOF
#!/bin/sh
#nft insert rule inet fw4 ss_rules_dst_tcp ip daddr @omr_dst_bypass_all accept
@ -812,31 +815,31 @@ start_service() {
set firewall.omr_bypass.fw4_compatible='1'
commit firewall
EOF
echo "intf_rule"
#echo "intf_rule"
config_load network
config_foreach _intf_rule interface
_intf_rule all
_intf_rule srv_vpn1
local ndpi_rules=""
echo "bypass server"
#echo "bypass server"
if [ "$(uci -q get openmptcprouter.settings.bypass_servers)" = "1" ]; then
config_load openmptcprouter
config_foreach _bypass_omr_server server
fi
config_load omr-bypass
echo "bypass ip"
#echo "bypass ip"
config_foreach _bypass_ip_set ips
echo "bypass mac"
#echo "bypass mac"
config_foreach _bypass_mac macs
echo "bypass lan ip"
#echo "bypass lan ip"
config_foreach _bypass_lan_ip lan_ip
echo "bypass dest port"
#echo "bypass dest port"
config_foreach _bypass_dest_port dest_port
echo "bypass src port"
#echo "bypass src port"
config_foreach _bypass_src_port src_port
echo "bypass asn"
#echo "bypass asn"
config_foreach _bypass_asn asns
echo "bypass domains"
#echo "bypass domains"
config_foreach _bypass_domains domains
uci -q commit dhcp
@ -883,7 +886,7 @@ start_service() {
logger -t "omr-bypass" "Reload dnsmasq..."
/etc/init.d/dnsmasq reload
}
fw4 restart
fw4 -q restart
# Create a protocol list for UI from a sqlite DB when NDPI is not available
sqlite3 /usr/share/omr-bypass/omr-bypass.db "select distinct(proto) from (select proto from hostproto union all select proto from ipproto) a order by proto;" ".exit" > /usr/share/omr-bypass/omr-bypass-proto.lst
config_load omr-bypass
@ -906,7 +909,7 @@ stop_service() {
config_foreach _delete_firewall_rules rule
config_foreach _delete_firewall_rules ipset
uci -q commit firewall
fw4 restart
fw4 -q restart
exit 0
}
@ -916,11 +919,13 @@ service_triggers() {
reload_service() {
RELOAD=1
stop
start
}
reload_rules() {
#[ "$( ipset -n list | grep omr_ )" = "" ] && return 0
RELOAD=1
stop
start
}

4
omr-dscp/files/etc/init.d/omr-dscp-nft
View file

@ -152,7 +152,7 @@ _cleanup() {
config_foreach _remove_rules
uci -q commit dhcp
uci -q commit firewall
fw4 restart
fw4 -q restart
}
start_service() {
@ -171,7 +171,7 @@ start_service() {
config_foreach _add_dscp_rules classify
config_foreach _add_dscp_domain domains
uci -q commit dhcp
fw4 restart
fw4 -q restart
}
stop_service() {

2
omr-schedule/Makefile
View file

@ -15,7 +15,7 @@ include $(INCLUDE_DIR)/package.mk
define Package/$(PKG_NAME)
SECTION:=OMR
CATEGORY:=OMR-Schedule
CATEGORY:=OpenMPTCProuter
DEPENDS:=$(foreach p,$(MY_DEPENDS),+$(p))
TITLE:=OpenMPTCProuter schedule scripts
endef

4
omr-tracker/Makefile
View file

@ -1,6 +1,6 @@
#
# OpenMPTCProuter tracker is a modified version of OverTheBox tracker from OVH
# Copyright (C) 2017-2019 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
# Copyright (C) 2017-2023 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
#
# This is free software, licensed under the GNU General Public License v3.
# See /LICENSE for more information.
@ -9,7 +9,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=omr-tracker
PKG_VERSION:=1.7
PKG_VERSION:=2.0
PKG_RELEASE:=1
include $(INCLUDE_DIR)/package.mk

71
omr-tracker/files/bin/omr-tracker
View file

@ -17,6 +17,9 @@ export OMR_TRACKER_INTERFACE
export OMR_TRACKER_HOST
export OMR_TRACKER_HOST6
export OMR_TRACKER_TIMEOUT
export OMR_TRACKER_SIZE
export OMR_TRACKER_MAX_TTL
export OMR_TRACKER_LOSS
export OMR_TRACKER_STATUS
export OMR_TRACKER_STATUS_MSG
export OMR_TRACKER_PREV_STATUS
@ -150,6 +153,8 @@ _ping() {
ret=$(ping -I "${device}" \
-w "$OMR_TRACKER_TIMEOUT" \
-c "$OMR_TRACKER_COUNT" \
-s "$OMR_TRACKER_SIZE" \
-t "$OMR_TRACKER_MAX_TTL" \
-Q 184 \
"${host}" 2>&1
) && echo "$ret" | grep -sq " 0% packet loss" && {
@ -163,15 +168,23 @@ _ping() {
ret=$(ping -B -I "${device}" \
-w "$OMR_TRACKER_TIMEOUT" \
-c "$OMR_TRACKER_COUNT" \
-s "$OMR_TRACKER_SIZE" \
-t "$OMR_TRACKER_MAX_TTL" \
-Q 184 \
"${host}" 2>&1
) && echo "$ret" | grep -sq " 0% packet loss" && {
)
loss=$(echo "$ret" | grep 'packet loss' | sed -ne 's/.*\([0-9]\+\)% packet loss.*/\1/p')
if [ -n "$loss" ] && [ "$loss" -ne 100 ]; then
if [ "$localip" = "yes" ]; then
OMR_TRACKER_LATENCY=$(echo "$ret" | cut -d "/" -s -f5 | cut -d "." -f1 | tr -d '\n')
_update_rto "$OMR_TRACKER_LATENCY"
latency=$(echo "$ret" | cut -d "/" -s -f5 | cut -d "." -f1 | tr -d '\n')
[ -n "$latency" ] && {
OMR_TRACKER_LATENCY="$latency"
_update_rto "$OMR_TRACKER_LATENCY"
}
OMR_TRACKER_LOSS="$loss"
fi
return
}
fi
#) && echo "$ret" | grep -sq "bytes from" && {
fi
false
@ -242,6 +255,7 @@ while true; do
OMR_TRACKER_STATUS="ERROR"
OMR_TRACKER_STATUS_MSG=""
OMR_TRACKER_LATENCY=
OMR_TRACKER_LOSS=
#OMR_TRACKER_TIMEOUT=$((rto / 1000 + (rto % 1000 ? 1 : 0)))
OMR_TRACKER_LIST_HOSTS=""
OMR_TRACKER_DEVICE_GATEWAY=
@ -259,7 +273,7 @@ while true; do
if [ -n "$OMR_TRACKER_DEVICE" ] && [ -d "/sys/class/net/$OMR_TRACKER_DEVICE" ]; then
if [ -n "$(ip link show $OMR_TRACKER_DEVICE | grep UP)" ]; then
# retrieve iface ip and gateway
if [ "$OMR_TRACKER_INTERFACE_PROTO" != "dhcpv6" ]; then
if ([ "$OMR_TRACKER_FAMILY" = "ipv4" ] || [ "$OMR_TRACKER_FAMILY" = "ipv4ipv6" ]) && [ "$OMR_TRACKER_INTERFACE_PROTO" != "dhcpv6" ]; then
OMR_TRACKER_DEVICE_IP=$(ip -4 -br addr ls dev "$OMR_TRACKER_DEVICE" | awk -F'[ /]+' '{print $3}')
if [ -z "$OMR_TRACKER_DEVICE_IP" ]; then
OMR_TRACKER_DEVICE_IP=$(ip -4 addr show dev "$OMR_TRACKER_DEVICE" | grep -m 1 inet | awk '{print $2}' | cut -d'/' -s -f1)
@ -305,7 +319,7 @@ while true; do
OMR_TRACKER_DEVICE_GATEWAY=$(ip -4 r list dev "$OMR_TRACKER_DEVICE" | awk '/via/ {print $3}' | tr -d "\n")
fi
fi
if [ "$OMR_TRACKER_IPV6" = "1" ] || [ "$OMR_TRACKER_IPV6" = "auto" ]; then
if ([ "$OMR_TRACKER_IPV6" = "1" ] || [ "$OMR_TRACKER_IPV6" = "auto" ] || [ -z "$OMR_TRACKER_IPV6" ]) && ([ "$OMR_TRACKER_FAMILY" = "ipv6" ] || [ "$OMR_TRACKER_FAMILY" = "ipv4ipv6" ]); then
#OMR_TRACKER_DEVICE_IP6=$(ip -6 -br addr ls dev "$OMR_TRACKER_DEVICE" | awk -F'[ /]+' '{print $3}')
#if [ -z "$OMR_TRACKER_DEVICE_IP6" ]; then
OMR_TRACKER_DEVICE_IP6=$(ip -6 addr show dev "$OMR_TRACKER_DEVICE" | sort -r | grep -m 1 inet6 | awk '{print $2}' | cut -d'/' -s -f1)
@ -331,9 +345,13 @@ while true; do
fi
# execute specific tracker
if [ -n "$OMR_TRACKER_DEVICE_IP" ] && [ -n "$OMR_TRACKER_DEVICE_GATEWAY" ]; then
if ([ "$OMR_TRACKER_FAMILY" = "ipv4" ] || [ "$OMR_TRACKER_FAMILY" = "ipv4ipv6" ]) && [ -n "$OMR_TRACKER_DEVICE_IP" ] && [ -n "$OMR_TRACKER_DEVICE_GATEWAY" ]; then
# setup loop variable
tries="$OMR_TRACKER_TRIES"
if [ "$OMR_TRACKER_PREV_STATUS" = "ERROR" ]; then
tries="$OMR_TRACKER_TRIES"
else
tries="$OMR_TRACKER_TRIES_UP"
fi
# loop until tries attempts have been reached
while [ "$tries" -gt 0 ]; do
if [ -n "$OMR_TRACKER_DEVICE_ROUTE" ]; then
@ -430,9 +448,14 @@ while true; do
sleep "$OMR_TRACKER_INTERVAL_TRIES"
done
fi
if [ "$(uci -q get openmptcprouter.settings.disable_ipv6)" = "0" ] && [ -n "$OMR_TRACKER_DEVICE_IP6" ] && [ -n "$OMR_TRACKER_DEVICE_GATEWAY6" ]; then
#if [ "$(uci -q get openmptcprouter.settings.disable_ipv6)" = "0" ] && [ -n "$OMR_TRACKER_DEVICE_IP6" ] && [ -n "$OMR_TRACKER_DEVICE_GATEWAY6" ]; then
if ([ "$OMR_TRACKER_FAMILY" = "ipv6" ] || [ "$OMR_TRACKER_FAMILY" = "ipv4ipv6" ]) && [ "$(uci -q get openmptcprouter.settings.disable_ipv6)" = "0" ] && [ -n "$OMR_TRACKER_DEVICE_IP6" ] && [ -n "$OMR_TRACKER_DEVICE_GATEWAY6" ]; then
# setup loop variable
tries="$OMR_TRACKER_TRIES"
if [ "$OMR_TRACKER_PREV_STATUS" = "ERROR" ]; then
tries="$OMR_TRACKER_TRIES"
else
tries="$OMR_TRACKER_TRIES_UP"
fi
# loop until tries attempts have been reached
while [ "$tries" -gt 0 ]; do
#if [ -n "$OMR_TRACKER_DEVICE_ROUTE" ]; then
@ -534,7 +557,7 @@ while true; do
[ -z "$OMR_TRACKER_STATUS_MSG" ] && OMR_TRACKER_STATUS_MSG="$OMR_TRACKER_INTERFACE may have ip issues"
[ -z "$OMR_TRACKER_DEVICE_IP" ] && OMR_TRACKER_STATUS_MSG="$OMR_TRACKER_STATUS_MSG, interface have no IPv4"
[ -z "$OMR_TRACKER_DEVICE_GATEWAY" ] && OMR_TRACKER_STATUS_MSG="$OMR_TRACKER_STATUS_MSG, interface have no IPv4 gateway"
if [ "$(uci -q get openmptcprouter.settings.disable_ipv6)" = "0" ]; then
if ([ "$OMR_TRACKER_IPV6" = "1" ] || [ "$OMR_TRACKER_IPV6" = "auto" ] || [ -z "$OMR_TRACKER_IPV6" ]) && ([ "$OMR_TRACKER_FAMILY" = "ipv6" ] || [ "$OMR_TRACKER_FAMILY" = "ipv4ipv6" ]); then
[ -z "$OMR_TRACKER_DEVICE_IP6" ] && OMR_TRACKER_STATUS_MSG="$OMR_TRACKER_STATUS_MSG, interface have no IPv6"
[ -z "$OMR_TRACKER_DEVICE_GATEWAY6" ] && OMR_TRACKER_STATUS_MSG="$OMR_TRACKER_STATUS_MSG, interface have no IPv6 gateway"
fi
@ -558,6 +581,26 @@ while true; do
OMR_TRACKER_STATUS_MSG="$OMR_TRACKER_STATUS_MSG and $OMR_TRACKER_TYPE from $OMR_TRACKER_DEVICE_IP error ($OMR_TRACKER_LIST_HOSTS6)"
fi
fi
if [ "$OMR_TRACKER_CHECK_QUALITY" = "1" ]; then
if [ "$OMR_TRACKER_PREV_STATUS" = "OK" ]; then
if [ -n "$OMR_TRACKER_LOSS" ] && [ "$OMR_TRACKER_LOSS" -ge "$OMR_TRACKER_LOSS_FAILURE" ] && [ "$OMR_TRACKER_STATUS" = "OK" ]; then
OMR_TRACKER_STATUS="ERROR"
OMR_TRACKER_STATUS_MSG="Packet loss is $OMR_TRACKER_LOSS this is more than limit defined at $OMR_TRACKER_LOSS_FAILURE"
fi
if [ -n "$OMR_TRACKER_LATENCY" ] && [ "$OMR_TRACKER_LATENCY" -ge "$OMR_TRACKER_LATENCY_FAILURE" ] && [ "$OMR_TRACKER_STATUS" = "OK" ]; then
OMR_TRACKER_STATUS="ERROR"
OMR_TRACKER_STATUS_MSG="Latency is $OMR_TRACKER_LATENCY this is more than limit defined at $OMR_TRACKER_LATENCY_FAILURE"
fi
elif [ "$OMR_TRACKER_PREV_STATUS" = "ERROR" ]; then
OMR_TRACKER_STATUS="ERROR"
if [ -n "$OMR_TRACKER_LOSS" ] && [ "$OMR_TRACKER_LOSS" -le "$OMR_TRACKER_LOSS_RECOVERY" ] && [ "$OMR_TRACKER_STATUS" = "OK" ]; then
OMR_TRACKER_STATUS="OK"
fi
if [ -n "$OMR_TRACKER_LATENCY" ] && [ "$OMR_TRACKER_LATENCY" -ge "$OMR_TRACKER_LATENCY_RECOVERY" ] && [ "$OMR_TRACKER_STATUS" = "OK" ]; then
OMR_TRACKER_STATUS="OK"
fi
fi
fi
#[ "$OMR_TRACKER_HOSTS" = "$initial_hosts" ] || [ "$OMR_TRACKER_STATUS" = "OK" ] && _post_tracking
#[ "$OMR_TRACKER_STATUS" = "ERROR" ] && _restart
@ -567,5 +610,9 @@ while true; do
OMR_TRACKER_PREV_STATUS="$OMR_TRACKER_STATUS"
_restart
sleep "$OMR_TRACKER_INTERVAL"
if [ "$OMR_TRACKER_STATUS" = "ERROR" ]; then
sleep "$OMR_TRACKER_FAILURE_INTERVAL"
else
sleep "$OMR_TRACKER_INTERVAL"
fi
done

63
omr-tracker/files/etc/config/omr-tracker
View file

@ -1,32 +1,38 @@
config defaults 'defaults'
option enabled '1'
list hosts '4.2.2.1'
list hosts '8.8.8.8'
list hosts '80.67.169.12'
list hosts '8.8.4.4'
list hosts '9.9.9.9'
list hosts '1.0.0.1'
list hosts '114.114.115.115'
list hosts '1.2.4.8'
list hosts '80.67.169.40'
list hosts '114.114.114.114'
list hosts '1.1.1.1'
list hosts6 '2606:4700:4700::1111'
list hosts6 '2606:4700:4700::1001'
list hosts6 '2620:fe::fe'
list hosts6 '2620:fe::9'
list hosts6 '2001:4860:4860::8888'
list hosts6 '2001:4860:4860::8844'
option timeout '2'
option count '2'
option tries '3'
option interval '2'
option interval_tries '1'
option type 'ping'
option wait_test '0'
option server_http_test '0'
option restart_down '0'
option mail_alert '0'
list hosts '4.2.2.1'
list hosts '8.8.8.8'
list hosts '80.67.169.12'
list hosts '8.8.4.4'
list hosts '9.9.9.9'
list hosts '1.0.0.1'
list hosts '114.114.115.115'
list hosts '1.2.4.8'
list hosts '80.67.169.40'
list hosts '114.114.114.114'
list hosts '1.1.1.1'
list hosts6 '2606:4700:4700::1111'
list hosts6 '2606:4700:4700::1001'
list hosts6 '2620:fe::fe'
list hosts6 '2620:fe::9'
list hosts6 '2001:4860:4860::8888'
list hosts6 '2001:4860:4860::8844'
option timeout '2'
option count '2'
option tries '3'
option interval '2'
option interval_tries '1'
option type 'ping'
option wait_test '0'
option server_http_test '0'
option restart_down '0'
option mail_alert '0'
option initial_state 'online'
option family 'ipv4'
option reliability '1'
option count '2'
option failure_interval '5'
option tries_up '5'
config proxy 'proxy'
option enabled '1'
@ -43,6 +49,8 @@ config proxy 'proxy'
option interval_tries '1'
option interval '10'
option mail_alert '0'
option initial_state 'online'
option family 'ipv4ipv6'
config server 'server'
option enabled '1'
@ -51,3 +59,4 @@ config server 'server'
option wait_test '0'
option interval '5'
option mail_alert '0'
option initial_state 'online'

41
omr-tracker/files/etc/init.d/omr-tracker
View file

@ -16,34 +16,54 @@
. /lib/functions/network.sh
_validate_section() {
local tmp_hosts=$hosts tmp_hosts6=$hosts6 tmp_timeout=$timeout tmp_count=$count tmp_tries=$tries
local tmp_interval=$interval tmp_interval_tries=$interval_tries tmp_options=$options tmp_type=$type tmp_enabled=$enabled tmp_wait_test=$wait_test tmp_server_http_test=$server_http_test
local tmp_hosts=$hosts tmp_hosts6=$hosts6 tmp_timeout=$timeout tmp_count=$count tmp_tries=$tries tmp_size=$size tmp_max_ttl=$max_ttl tmp_failure_loss=$failure_loss tmp_failure_latency=$failure_latency tmp_recovery_loss=$recovery_loss tmp_recovery_latency=$recovery_latency
local tmp_interval=$interval tmp_interval_tries=$interval_tries tmp_options=$options tmp_type=$type tmp_enabled=$enabled tmp_wait_test=$wait_test tmp_server_http_test=$server_http_test tmp_check_quality=$check_quality tmp_failure_interval=$failure_interval tmp_tries_up=$tries_up tmp_family=$family
uci_validate_section omr-tracker "$1" "$2" \
'hosts:list(host)' \
'hosts6:list(host)' \
'timeout:uinteger' \
'size:uinteger' \
'max_ttl:uinteger' \
'failure_loss:uinteger' \
'failure_latency:uinteger' \
'recovery_loss:uinteger' \
'recovery_latency:uinteger' \
'check_quality:bool:0' \
'count:uinteger' \
'tries:uinteger' \
'tries_up:uinteger' \
'interval:uinteger' \
'interval_tries:uinteger' \
'failure_interval:uinteger' \
'wait_test:uinteger' \
'type:string:undef' \
'enabled:bool:1' \
'server_http_test:bool:0' \
'family:string' \
'options:string'
[ -z "$hosts" ] && hosts=$tmp_hosts
[ -z "$hosts6" ] && hosts6=$tmp_hosts6
[ -z "$timeout" ] && timeout=$tmp_timeout
[ -z "$count" ] && count=$tmp_count
[ -z "$size" ] && size=$tmp_size
[ -z "$failure_loss" ] && failure_loss=$tmp_failure_loss
[ -z "$failure_latency" ] && failure_latency=$tmp_failure_latency
[ -z "$failure_interval" ] && failure_interval=$tmp_failure_interval
[ -z "$recovery_loss" ] && recovery_loss=$tmp_recovery_loss
[ -z "$recovery_latency" ] && recovery_latency=$tmp_recovery_latency
[ -z "$check_quality" ] && check_quality=$tmp_check_quality
[ -z "$max_ttl" ] && max_ttl=$tmp_max_ttl
[ -z "$tries" ] && tries=$tmp_tries
[ -z "$tries_up" ] && tries_up=$tmp_tries_up
[ -z "$interval" ] && interval=$tmp_interval
[ -z "$interval_tries" ] && interval_tries=$tmp_interval_tries
[ -z "$wait_test" ] && wait_test=$tmp_wait_test
[ -z "$options" ] && options=$tmp_options
[ "$type" = "undef" ] && type=${tmp_type:-ping}
[ -z "$server_http_test" ] && server_http_test=$tmp_server_http_test
[ -z "$family" ] && family=$tmp_family
[ -z "$enabled" ] && enabled=$tmp_enabled
}
@ -52,7 +72,7 @@ _launch_tracker() {
loopback|lan*|if0*) return;;
esac
[ -z "$1" ] && return
local hosts hosts6 timeout count tries interval interval_tries options type enabled wait_test ipv6 proto server_http_test
local hosts hosts6 timeout count tries tries_up interval interval_tries options type enabled wait_test ipv6 proto server_http_test size max_ttl failure_loss failure_interval failure_latency recovery_loss recovery_latency family
_validate_section "defaults" "defaults"
_validate_section "interface" "$1"
@ -80,6 +100,11 @@ _launch_tracker() {
#[ "${ifstatus}" = "false" ] && [ -z "${ifdevice}" ] && return
[ -z "${interval_tries}" ] && interval_tries=1
[ -z "${count}" ] && count=2
[ -z "${max_ttl}" ] && max_ttl=60
[ -z "${size}" ] && size=56
[ -z "${check_quality}" ] && check_quality=0
[ -z "${tries}" ] && tries=5
[ -z "${tries_up}" ] && tries_up=${tries}
procd_open_instance
# shellcheck disable=SC2086
@ -87,14 +112,24 @@ _launch_tracker() {
procd_append_param env "OMR_TRACKER_HOSTS=$hosts"
procd_append_param env "OMR_TRACKER_HOSTS6=$hosts6"
procd_append_param env "OMR_TRACKER_TIMEOUT=$timeout"
procd_append_param env "OMR_TRACKER_SIZE=$size"
procd_append_param env "OMR_TRACKER_CHECK_QUALITY=$check_quality"
procd_append_param env "OMR_TRACKER_MAX_TTL=$max_ttl"
procd_append_param env "OMR_TRACKER_FAILURE_LOSS=$failure_loss"
procd_append_param env "OMR_TRACKER_FAILURE_LATENCY=$failure_latency"
procd_append_param env "OMR_TRACKER_RECOVERY_LOSS=$recovery_loss"
procd_append_param env "OMR_TRACKER_RECOVERY_LATENCY=$recovery_latency"
procd_append_param env "OMR_TRACKER_COUNT=$count"
procd_append_param env "OMR_TRACKER_TRIES=$tries"
procd_append_param env "OMR_TRACKER_TRIES_UP=$tries_up"
procd_append_param env "OMR_TRACKER_INTERVAL=$interval"
procd_append_param env "OMR_TRACKER_FAILURE_INTERVAL=$failure_interval"
procd_append_param env "OMR_TRACKER_INTERVAL_TRIES=$interval_tries"
procd_append_param env "OMR_TRACKER_TABLE=$ip4table"
procd_append_param env "OMR_TRACKER_DEVICE=$ifname"
procd_append_param env "OMR_TRACKER_DEVICE_GATEWAY=$gateway"
procd_append_param env "OMR_TRACKER_TYPE=$type"
procd_append_param env "OMR_TRACKER_FAMILY=$family"
procd_append_param env "OMR_TRACKER_IPV6=$ipv6"
procd_append_param env "OMR_TRACKER_PROTO=$proto"
procd_append_param env "OMR_TRACKER_WAIT_TEST=$wait_test"

22
omr-tracker/files/etc/uci-defaults/omr-tracker
View file

@ -106,4 +106,26 @@ if [ "$(uci -q get omr-tracker.defaults.server_http_test)" = "" ]; then
EOF
fi
if [ "$(uci -q get omr-tracker.defaults.family)" = "" ]; then
uci -q batch <<-EOF >/dev/null
set omr-tracker.defaults.initial_state='online'
set omr-tracker.defaults.family='ipv4ipv6'
set omr-tracker.defaults.reliability='1'
set omr-tracker.defaults.interval='1'
set omr-tracker.defaults.failure_interval='5'
set omr-tracker.defaults.count='1'
set omr-tracker.defaults.tries_up='5'
set omr-tracker.omrvpn.initial_state='online'
set omr-tracker.omrvpn.family='ipv4'
set omr-tracker.omrvpn.reliability='1'
set omr-tracker.omrvpn.failure_interval='5'
set omr-tracker.omrvpn.tries_up='5'
set omr-tracker.omrvpn.count='1'
set omr-tracker.proxy.initial_state='online'
set omr-tracker.proxy.family='ipv4ipv6'
set omr-tracker.server.initial_state='online'
commit omr-tracker
EOF
fi
exit 0

2
openmptcprouter-api/files/usr/libexec/rpcd/openmptcprouter
View file

@ -1143,7 +1143,7 @@ function interfaces_status()
else
mArray.openmptcprouter["shadowsocks_service_key"] = true
end
local ssr_key = uci:get("shadowsocks-rust","sss0","key") or ""
local ssr_key = uci:get("shadowsocks-rust","sss0","password") or ""
mArray.openmptcprouter["shadowsocksrust_service_method"] = uci:get("shadowsocks-rust","sss0","method")
if ssr_key == "" then
mArray.openmptcprouter["shadowsocksrust_service_key"] = false

7
openmptcprouter-full/Makefile
View file

@ -32,7 +32,7 @@ MY_DEPENDS := \
LINUX_5_4:iptables-mod-iface LINUX_5_4:iptables-mod-ipmark LINUX_5_4:iptables-mod-hashlimit LINUX_5_4:iptables-mod-condition LINUX_5_4:iptables-mod-trace LINUX_5_4:iptables-mod-conntrack-extra LINUX_5_4:iptables-mod-account \
kmod-nf-nat kmod-nf-nathelper kmod-nf-nathelper-extra LINUX_5_4:iptables-mod-extra conntrack LINUX_5_4:kmod-ipt-offload \
LINUX_5_4:iptables-mod-ipsec kmod-crypto-authenc kmod-ipsec kmod-ipsec4 kmod-ipsec6 LINUX_5_4:kmod-ipt-ipsec \
!LINUX_5_4:nftables-json !LINUX_5_4:iptables-nft !LINUX_5_4:kmod-nft-connlimit !LINUX_5_4:kmod-nft-offload
!LINUX_5_4:nftables-json !LINUX_5_4:iptables-nft !LINUX_5_4:kmod-nft-connlimit !LINUX_5_4:kmod-nft-offload \
wireless-tools \
libiwinfo-lua \
ca-bundle ca-certificates \
@ -86,7 +86,10 @@ MY_DEPENDS := \
!(LINUX_5_4):mptcpd (TARGET_x86||TARGET_x86_64):kmod-igc !TARGET_mvebu:kmod-mmc-spi kmod-macsec usbutils v2ray-core LINUX_5_4:v2ray-config !LINUX_5_4:v2ray-config-nft syslogd \
(TARGET_x86||TARGET_x86_64):kmod-mlx4-core \
!(TARGET_ips40xx||TARGET_ramips):iptables-mod-ndpi !(TARGET_ips40xx||TARGET_ramips):kmod-ipt-ndpi libip4tc libip6tc \
xray-core LINUX_5_4:xray-config !LINUX_5_4:xray-config-nft shadowsocks-rust-sslocal shadowsocks-rust-ssservice LINUX_5_4:shadowsocks-rust-config !LINUX_5_4:shadowsocks-rust-config-nft luci-app-shadowsocks-rust (LINUX_5_4&&(TARGET_x86_64||aarch64)):kmod-tcp-bbr2 kmod-ovpn-dco-v2 keepalived
xray-core LINUX_5_4:xray-config !LINUX_5_4:xray-config-nft shadowsocks-rust-sslocal shadowsocks-rust-ssservice LINUX_5_4:shadowsocks-rust-config !LINUX_5_4:shadowsocks-rust-config-nft luci-app-shadowsocks-rust (LINUX_5_4&&(TARGET_x86_64||aarch64)):kmod-tcp-bbr2 kmod-ovpn-dco-v2 \
(TARGET_x86||TARGET_x86_64):luci-app-keepalived luci-proto-external omr-schedule
# !TARGET_mvebu:kmod-usb-net-smsc75xx
# libnetfilter-conntrack ebtables ebtables-utils ip-full nstat \

15
openmptcprouter/files/etc/init.d/openmptcprouter-vps
View file

@ -947,10 +947,15 @@ _set_lan_ip() {
_set_bypass_ips() {
local settings
[ -z "$servername" ] && servername=$1
bypassipv4s=$(ipset -q -o save list omr_dst_bypass_srv_vpn1_4 | awk '/add/ NF {print "\""$3"\""}' | tr '\n' ',' | sed 's/,$//')
[ -z "$bypassipvs4" ] && bypassipv4s=$(nft -j list set inet fw4 "omr_dst_bypass_srv_vpn1_4" | jsonfilter -e @.nftables[1].set.elem[*].prefix | awk '{gsub(/"/,"",$3);gsub(/,/,"/",$3); print $3 $5}')
bypassipv6s=$(ipset -q -o save list omr6_dst_bypass_srv_vpn1_6 | awk '/add/ NF {print "\""$3"\""}' | tr '\n' ',' | sed 's/,$//')
[ -z "$bypassipvs6" ] && bypassipv4s=$(nft -j list set inet fw4 "omr_dst_bypass_srv_vpn1_6" | jsonfilter -e @.nftables[1].set.elem[*].prefix | awk '{gsub(/"/,"",$3);gsub(/,/,"/",$3); print $3 $5}')
bypassipv4s=$(ipset -q -o save list omr_dst_bypass_srv_vpn1_4 2>/dev/null | awk '/add/ NF {print "\""$3"\""}' | tr '\n' ',' | sed 's/,$//')
[ -z "$bypassipvs4" ] && {
bypassipv4slst=$(nft -j list set inet fw4 "omr_dst_bypass_srv_vpn1_4" 2>/dev/null)
[ -n "$bypassipv4slst" ] && bypassipv4s=$(echo "$bypassipv4slst" | jsonfilter -q -e @.nftables[1].set.elem[*].prefix | awk '{gsub(/"/,"",$3);gsub(/,/,"/",$3); print $3 $5}')
bypassipv6s=$(ipset -q -o save list omr6_dst_bypass_srv_vpn1_6 2>/dev/null | awk '/add/ NF {print "\""$3"\""}' | tr '\n' ',' | sed 's/,$//')
[ -z "$bypassipvs6" ] && {
bypassipv6slst=$(nft -j list set inet fw4 "omr_dst_bypass_srv_vpn1_6" 2>/dev/null)
[ -n "$bypassipv6slst" ] && bypassipv6s=$(echo "$bypassipv4slst" | jsonfilter -q -e @.nftables[1].set.elem[*].prefix | awk '{gsub(/"/,"",$3);gsub(/,/,"/",$3); print $3 $5}')
}
# "
if [ "$bypassipv4s" != "" ] || [ "$bypassipv6s" != "" ]; then
settings='{"ipv4s" : ['$bypassipv4s'],"ipv6s" : ['$bypassipv6s'],"intf" : "vpn1"}'
@ -1704,7 +1709,7 @@ _set_config_from_vps() {
uci -q set xray.omrout.s_socks_address="$vpsip"
uci -q set xray.omrout.s_shadowsocks_address="$vpsip"
fi
uci -q commit v2ray
uci -q commit xray
logger -t "OMR-VPS" "Xray restart..."
/etc/init.d/xray restart >/dev/null 2>&1
fi

6
openmptcprouter/files/etc/uci-defaults/1990-omr-tracker
View file

@ -15,6 +15,12 @@ if [ "$(uci -q get omr-tracker.omrvpn)" = "" ]; then
set omr-tracker.omrvpn.restart_down=0
add_list omr-tracker.omrvpn.hosts='4.2.2.1'
add_list omr-tracker.omrvpn.hosts='8.8.8.8'
set omr-tracker.omrvpn.initial_state='online'
set omr-tracker.omrvpn.family='ipv4'
set omr-tracker.omrvpn.reliability='1'
set omr-tracker.omrvpn.count='1'
set omr-tracker.omrvpn.failure_interval='5'
set omr-tracker.omrvpn.tries_up='5
commit omr-tracker
EOF
fi

12
shadowsocks-libev/files/shadowsocks-libev.init-nft
View file

@ -181,7 +181,7 @@ ss_rules_nft_gen() {
echo "table inet chk {include \"$tmp.nft\";}" >"$tmp.nft.chk"
if nft -f "$tmp.nft.chk" -c; then
mv "$tmp.nft" "$ssrules_nft"
fw4 restart
fw4 -q restart
fi
rm -f "$tmp.nft.chk"
fi
@ -192,7 +192,7 @@ ss_rules_nft_gen() {
ss_rules_nft_reset() {
if [ -f "$ssrules_nft" ]; then
rm -f "$ssrules_nft"
fw4 restart
fw4 -q restart
fi
}
@ -205,14 +205,14 @@ ss_rules() {
rules_up() {
if [ -f "${ssrules_nft}.down" ]; then
mv -f "${ssrules_nft}.down" "$ssrules_nft"
fw4 restart
fw4 -q restart
fi
}
rules_down() {
if [ -f "${ssrules_nft}" ]; then
mv -f "$ssrules_nft" "${ssrules_nft}.down"
fw4 restart
fw4 -q restart
fi
}
@ -328,8 +328,8 @@ validate_ss_redir_section() {
validate_ss_rules_section() {
"${2:-ss_validate}" ss_rules "$1" \
'disabled:bool:0' \
'redir_tcp:uci("shadowsocks-libev", "@ss_redir","all")' \
'redir_udp:uci("shadowsocks-libev", "@ss_redir","all")' \
'redir_tcp:or(uci("shadowsocks-libev", "@ss_redir"),"all")' \
'redir_udp:or(uci("shadowsocks-libev", "@ss_redir"),"all")' \
'src_ips_bypass:or(ipaddr,cidr)' \
'src_ips_forward:or(ipaddr,cidr)' \
'src_ips_checkdst:or(ipaddr,cidr)' \

8
shadowsocks-rust/files/shadowsocks-rust.init-nft
View file

@ -163,7 +163,7 @@ ss_rules_nft_gen() {
echo "table inet chk {include \"$tmp.nft\";}" >"$tmp.nft.chk"
if nft -f "$tmp.nft.chk" -c; then
mv "$tmp.nft" "$ssrules_nft"
fw4 restart
fw4 -q restart
fi
rm -f "$tmp.nft.chk"
fi
@ -174,7 +174,7 @@ ss_rules_nft_gen() {
ss_rules_nft_reset() {
if [ -f "$ssrules_nft" ]; then
rm -f "$ssrules_nft"
fw4 restart
fw4 -q restart
fi
}
@ -187,14 +187,14 @@ ss_rules() {
rules_up() {
if [ -f "${ssrules_nft}.down" ]; then
mv -f "${ssrules_nft}.down" "$ssrules_nft"
fw4 restart
fw4 -q restart
fi
}
rules_down() {
if [ -f "${ssrules_nft}" ]; then
mv -f "$ssrules_nft" "${ssrules_nft}.down"
fw4 restart
fw4 -q restart
fi
}

9
v2ray-core/files/etc/init.d/v2ray-nft
View file

@ -472,6 +472,7 @@ add_v2ray_redirect_rules() {
| sort -u)"
[ "$(uci -q get v2ray.main_transparent_proxy.redirect_udp)" = "1" ] && [ "$(uci -q get v2ray.omrout.protocol)" != "socks" ] && portudp="$port"
ifnames="$(uci -q get shadowsocks-libev.ss_rules.ifnames)"
local tmp="/tmp/v2rrules"
json_init
@ -498,7 +499,7 @@ add_v2ray_redirect_rules() {
echo "table inet chk {include \"$tmp.nft\";}" >"$tmp.nft.chk"
if nft -f "$tmp.nft.chk" -c; then
mv "$tmp.nft" "$v2rrules_nft"
fw4 restart
fw4 -q restart
fi
rm -f "$tmp.nft.chk"
fi
@ -2086,7 +2087,7 @@ clear_transparent_proxy() {
if [ -f "${v2rrules_nft}" ] || [ -f "${v2rrules_nft}.down" ]; then
rm -f "$v2rrules_nft"
rm -f "${v2rrules_nft}.down"
fw4 restart
fw4 -q restart
fi
v2ray-rules -f
@ -2252,14 +2253,14 @@ rules_exist() {
rules_up() {
if [ -f "${v2rrules_nft}.down" ]; then
mv -f "${v2rrules_nft}.down" "$v2rrules_nft"
fw4 restart
fw4 -q restart
fi
}
rules_down() {
if [ -f "${v2rrules_nft}" ]; then
mv -f "$v2rrules_nft" "${v2rrules_nft}.down"
fw4 restart
fw4 -q restart
fi
}

9
xray-core/files/etc/init.d/xray-nft
View file

@ -481,6 +481,7 @@ add_xray_redirect_rules() {
| sort -u)"
[ "$(uci -q get xray.main_transparent_proxy.redirect_udp)" = "1" ] && [ "$(uci -q get xray.omrout.protocol)" != "socks" ] && portudp="$port"
ifnames="$(uci -q get shadowsocks-libev.ss_rules.ifnames)"
local tmp="/tmp/xrrules"
json_init
@ -507,7 +508,7 @@ add_xray_redirect_rules() {
echo "table inet chk {include \"$tmp.nft\";}" >"$tmp.nft.chk"
if nft -f "$tmp.nft.chk" -c; then
mv "$tmp.nft" "$xrrules_nft"
fw4 restart
fw4 -q restart
fi
rm -f "$tmp.nft.chk"
fi
@ -2142,7 +2143,7 @@ clear_transparent_proxy() {
if [ -f "${xrrules_nft}" ] || [ -f "${xrrules_nft}.down" ]; then
rm -f "$xrrules_nft"
rm -f "$xrrules_nft.down"
fw4 restart
fw4 -q restart
fi
@ -2307,14 +2308,14 @@ rules_exist() {
rules_up() {
if [ -f "${xrrules_nft}.down" ]; then
mv -f "${xrrules_nft}.down" "$xrrules_nft"
fw4 restart
fw4 -q restart
fi
}
rules_down() {
if [ -f "${xrrules_nft}" ]; then
mv -f "$xrrules_nft" "${xrrules_nft}.down"
fw4 restart
fw4 -q restart
fi
}