Merge branch 'develop' of https://github.com/Ysurac/openmptcprouter-feeds into test

luci-app-omr-tracker/Makefile

@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2018-2019 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
+# Copyright (C) 2018-2023 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
 #
 #
 

luci-app-omr-tracker/htdocs/luci-static/resources/view/omr-tracker/network/interface.js

@@ -0,0 +1,289 @@
+'use strict';
+'require form';
+'require fs';
+'require view';
+'require uci';
+
+var cfgtypes = ['defaults','interface'];
+
+return view.extend({
+	load: function() {
+		return Promise.all([
+			L.resolveDefault(fs.stat('/usr/bin/httping'), {}),
+			L.resolveDefault(fs.stat('/usr/bin/dig'), {}),
+//			L.resolveDefault(fs.stat('/usr/bin/nping'), {}),
+//			L.resolveDefault(fs.stat('/usr/bin/arping'), {}),
+			uci.load('network')
+		]);
+	},
+
+	render: function (stats) {
+		var m, s, o;
+
+		m = new form.Map('omr-tracker', _('OMR-Tracker - Interfaces'),
+			_('Names must match the interface name found in /etc/config/network.') + '<br />' +
+			_('Names may contain characters A-Z, a-z, 0-9, _ and no spaces-'));
+
+		//s = m.section(form.GridSection, 'defaults');
+		s = m.section(form.GridSection);
+		s.addremove = true;
+		s.anonymous = false;
+		s.nodescriptions = true;
+		s.cfgsections = function() {
+			return this.map.data.sections(this.map.config)
+				.filter(function(s) { return cfgtypes.indexOf(s['.type']) !== -1; })
+				.map(function(s) { return s['.name']; });
+		};
+
+		o = s.option(form.Flag, 'enabled', _('Enabled'));
+		o.default = false;
+
+		o = s.option(form.ListValue, 'initial_state', _('Initial state'),
+			_('Expect interface state on up event'));
+		o.default = 'online';
+		o.value('online', _('Online'));
+		o.value('offline', _('Offline'));
+		o.modalonly = true;
+
+		o = s.option(form.ListValue, 'family', _('Internet Protocol'));
+		o.default = 'ipv4';
+		o.value('ipv4', _('IPv4'));
+		o.value('ipv6', _('IPv6'));
+		o.value('ipv4ipv6', _('IPv4 & IPv6'));
+		o.modalonly = true;
+
+		o = s.option(form.DynamicList, 'hosts', _('Tracking hostname or IP address'),
+			_('This hostname or IP address will be pinged to determine if the link is up or down. Leave blank to use defaults settings.'));
+		o.datatype = 'hosts';
+		o.modalonly = true;
+		o.rmempty = false;
+
+		o = s.option(form.DynamicList, 'hosts6', _('Tracking hostname or IP address for IPv6'),
+			_('This hostname or IP address will be pinged to determine if the link is up or down. Leave blank to use defaults settings.'));
+		o.datatype = 'hosts';
+		o.modalonly = true;
+		o.depends('family', 'ipv4ipv6');
+		o.depends('family', 'ipv6');
+		o.rmempty = false;
+
+		o = s.option(form.ListValue, 'type', _('Tracking method'));
+		o.default = 'ping';
+		o.value('none');
+		o.value('ping');
+		if (stats[0].type === 'file') {
+			o.value('httping');
+		}
+		if (stats[1].type === 'file') {
+			o.value('dns');
+		}
+		/*
+		if (stats[2].type === 'file') {
+			o.value('nping-tcp');
+			o.value('nping-udp');
+			o.value('nping-icmp');
+			o.value('nping-arp');
+		}
+		if (stats[3].type === 'file') {
+			o.value('arping');
+		}
+		*/
+		o = s.option(form.Flag, 'server_http_test', _('Server http test'),
+			_('Check if connection work with http by sending a request to server'));
+		o.rmempty = false;
+		o.modalonly = true;
+
+		o = s.option(form.Flag, 'mail_alert', _('Mail alert'),
+			_('Send a mail when connection status change. You need to configure e-mail settings here.'));
+		o.rmempty = false;
+		o.modalonly = true;
+
+		/*
+		o = s.option(form.Flag, 'httping_ssl', _('Enable ssl tracking'),
+			_('Enables https tracking on ssl port 443'));
+		o.depends('type', 'httping');
+		o.rmempty = false;
+		o.modalonly = true;
+		*/
+
+		o = s.option(form.Value, 'reliability', _('Tracking reliability'),
+			_('Acceptable values: 1-100. This many Tracking IP addresses must respond for the link to be deemed up'));
+		o.datatype = 'range(1, 100)';
+		o.default = '1';
+
+		o = s.option(form.ListValue, 'count', _('Ping count'));
+		o.default = '1';
+		o.value('1');
+		o.value('2');
+		o.value('3');
+		o.value('4');
+		o.value('5');
+		o.modalonly = true;
+
+		o = s.option(form.Value, 'size', _('Ping size'));
+		o.default = '56';
+		o.depends('type', 'ping');
+		o.value('8');
+		o.value('24');
+		o.value('56');
+		o.value('120');
+		o.value('248');
+		o.value('504');
+		o.value('1016');
+		o.value('1472');
+		o.value('2040');
+		o.datatype = 'range(1, 65507)';
+		o.modalonly = true;
+
+		o =s.option(form.Value, 'max_ttl', _('Max TTL'));
+		o.default = '60';
+		o.depends('type', 'ping');
+		o.value('10');
+		o.value('20');
+		o.value('30');
+		o.value('40');
+		o.value('50');
+		o.value('60');
+		o.value('70');
+		o.datatype = 'range(1, 255)';
+		o.modalonly = true;
+
+		o = s.option(form.Flag, 'check_quality', _('Check link quality'));
+		o.depends('type', 'ping');
+		o.default = false;
+		o.modalonly = true;
+
+		o = s.option(form.Value, 'failure_latency', _('Failure latency [ms]'));
+		o.depends('check_quality', '1');
+		o.default = '1000';
+		o.value('25');
+		o.value('50');
+		o.value('75');
+		o.value('100');
+		o.value('150');
+		o.value('200');
+		o.value('250');
+		o.value('300');
+		o.modalonly = true;
+
+		o = s.option(form.Value, 'failure_loss', _('Failure packet loss [%]'));
+		o.depends('check_quality', '1');
+		o.default = '40';
+		o.value('2');
+		o.value('5');
+		o.value('10');
+		o.value('20');
+		o.value('25');
+		o.modalonly = true;
+
+		o = s.option(form.Value, 'recovery_latency', _('Recovery latency [ms]'));
+		o.depends('check_quality', '1');
+		o.default = '500';
+		o.value('25');
+		o.value('50');
+		o.value('75');
+		o.value('100');
+		o.value('150');
+		o.value('200');
+		o.value('250');
+		o.value('300');
+		o.modalonly = true;
+
+		o = s.option(form.Value, 'recovery_loss', _('Recovery packet loss [%]'));
+		o.depends('check_quality', '1');
+		o.default = '10';
+		o.value('2');
+		o.value('5');
+		o.value('10');
+		o.value('20');
+		o.value('25');
+		o.modalonly = true;
+
+		o = s.option(form.ListValue, "timeout", _("Ping timeout"));
+		o.default = '4';
+		o.value('1', _('%d second').format('1'));
+		for (var i = 2; i <= 10; i++)
+			o.value(String(i), _('%d seconds').format(i));
+		o.modalonly = true;
+
+		o = s.option(form.ListValue, 'interval', _('Ping interval'));
+		o.default = '10';
+		o.value('1', _('%d second').format('1'));
+		o.value('3', _('%d seconds').format('3'));
+		o.value('5', _('%d seconds').format('5'));
+		o.value('10', _('%d seconds').format('10'));
+		o.value('20', _('%d seconds').format('20'));
+		o.value('30', _('%d seconds').format('30'));
+		o.value('60', _('%d minute').format('1'));
+		o.value('300', _('%d minutes').format('5'));
+		o.value('600', _('%d minutes').format('10'));
+		o.value('900', _('%d minutes').format('15'));
+		o.value('1800', _('%d minutes').format('30'));
+		o.value('3600', _('%d hour').format('1'));
+
+		o = s.option(form.Value, 'failure_interval', _('Failure interval'),
+			_('Ping interval during failure detection'));
+		o.default = '5';
+		o.value('1', _('%d second').format('1'));
+		o.value('3', _('%d seconds').format('3'));
+		o.value('5', _('%d seconds').format('5'));
+		o.value('10', _('%d seconds').format('10'));
+		o.value('20', _('%d seconds').format('20'));
+		o.value('30', _('%d seconds').format('30'));
+		o.value('60', _('%d minute').format('1'));
+		o.value('300', _('%d minutes').format('5'));
+		o.value('600', _('%d minutes').format('10'));
+		o.value('900', _('%d minutes').format('15'));
+		o.value('1800', _('%d minutes').format('30'));
+		o.value('3600', _('%d hour').format('1'));
+		o.modalonly = true;
+
+		o = s.option(form.Flag, 'keep_failure_interval', _('Keep failure interval'),
+			_('Keep ping failure interval during failure state'));
+		o.default = false;
+		o.modalonly = true;
+
+		o = s.option(form.ListValue, 'tries', _('Interface down'),
+			_('Interface will be deemed down after this many failed ping tests'));
+		o.default = '5';
+		o.value('1');
+		o.value('2');
+		o.value('3');
+		o.value('4');
+		o.value('5');
+		o.value('6');
+		o.value('7');
+		o.value('8');
+		o.value('9');
+		o.value('10');
+
+		o = s.option(form.ListValue, 'tries_up', _('Interface up'),
+			_('Downed interface will be deemed up after this many successful ping tests'));
+		o.default = "5";
+		o.value('1');
+		o.value('2');
+		o.value('3');
+		o.value('4');
+		o.value('5');
+		o.value('6');
+		o.value('7');
+		o.value('8');
+		o.value('9');
+		o.value('10');
+
+		o = s.option(form.Flag, 'restart_down', _('Restart if down'),
+			_('Restart interface if detected as down.'));
+		o.rmempty = false;
+		o.modalonly = true;
+
+
+		/*
+		o = s.option(form.DynamicList, 'flush_conntrack', _('Flush conntrack table'),
+			_('Flush global firewall conntrack table on interface events'));
+		o.value('ifup', _('ifup (netifd)'));
+		o.value('ifdown', _('ifdown (netifd)'));
+		o.modalonly = true;
+		*/
+
+		return m.render();
+	}
+})

luci-app-omr-tracker/htdocs/luci-static/resources/view/omr-tracker/network/proxy.js

@@ -0,0 +1,186 @@
+'use strict';
+'require form';
+'require fs';
+'require view';
+'require uci';
+
+var cfgtypes = ['proxy'];
+
+return view.extend({
+	load: function() {
+		return Promise.all([
+			L.resolveDefault(fs.stat('/usr/bin/httping'), {}),
+			L.resolveDefault(fs.stat('/usr/bin/dig'), {}),
+//			L.resolveDefault(fs.stat('/usr/bin/nping'), {}),
+//			L.resolveDefault(fs.stat('/usr/bin/arping'), {}),
+			uci.load('network')
+		]);
+	},
+
+	render: function (stats) {
+		var m, s, o;
+
+		m = new form.Map('omr-tracker', _('OMR-Tracker - Proxy'),
+			_('Detect if proxy is down and stop redirection over it.'));
+
+		//s = m.section(form.GridSection, 'defaults');
+		s = m.section(form.GridSection);
+		//s.addremove = true;
+		s.anonymous = false;
+		s.nodescriptions = true;
+		s.cfgsections = function() {
+			return this.map.data.sections(this.map.config)
+				.filter(function(s) { return cfgtypes.indexOf(s['.type']) !== -1; })
+				.map(function(s) { return s['.name']; });
+		};
+
+		o = s.option(form.Flag, 'enabled', _('Enabled'));
+		o.default = false;
+
+		o = s.option(form.ListValue, 'initial_state', _('Initial state'),
+			_('Expect interface state on up event'));
+		o.default = 'online';
+		o.value('online', _('Online'));
+		o.value('offline', _('Offline'));
+		o.modalonly = true;
+
+		o = s.option(form.ListValue, 'family', _('Internet Protocol'));
+		o.default = 'ipv4ipv6';
+		//o.value('ipv4', _('IPv4'));
+		//o.value('ipv6', _('IPv6'));
+		o.value('ipv4ipv6', _('IPv4 & IPv6'));
+		o.modalonly = true;
+
+		o = s.option(form.DynamicList, 'hosts', _('Tracking hostname or IP address'),
+			_('This hostname or IP address will be pinged to determine if the link is up or down. Leave blank to assume interface is always online'));
+		o.datatype = 'hosts';
+		o.modalonly = true;
+
+		o = s.option(form.DynamicList, 'hosts6', _('Tracking hostname or IP address for IPv6'),
+			_('This hostname or IP address will be pinged to determine if the link is up or down. Leave blank to assume interface is always online'));
+		o.datatype = 'hosts';
+		o.modalonly = true;
+		o.depends('family', 'ipv4ipv6');
+		o.depends('family', 'ipv6');
+
+		/*
+		o = s.option(form.Flag, 'httping_ssl', _('Enable ssl tracking'),
+			_('Enables https tracking on ssl port 443'));
+		o.depends('track_method', 'httping');
+		o.rmempty = false;
+		o.modalonly = true;
+		*/
+		
+		o = s.option(form.Flag, 'mail_alert', _('Mail alert'),
+			_('Send a mail when connection status change. You need to configure e-mail settings here.'));
+		o.rmempty = false;
+		o.modalonly = true;
+
+
+/*
+		o = s.option(form.Value, 'reliability', _('Tracking reliability'),
+			_('Acceptable values: 1-100. This many Tracking IP addresses must respond for the link to be deemed up'));
+		o.datatype = 'range(1, 100)';
+		o.default = '1';
+*/
+		o = s.option(form.ListValue, 'tries', _('Test count'));
+		o.default = '1';
+		o.value('1');
+		o.value('2');
+		o.value('3');
+		o.value('4');
+		o.value('5');
+		o.modalonly = true;
+
+		o = s.option(form.ListValue, "timeout", _("Test timeout"));
+		o.default = '4';
+		o.value('1', _('%d second').format('1'));
+		for (var i = 2; i <= 10; i++)
+			o.value(String(i), _('%d seconds').format(i));
+		o.modalonly = true;
+
+		o = s.option(form.ListValue, 'interval', _('Test interval'));
+		o.default = '10';
+		o.value('1', _('%d second').format('1'));
+		o.value('3', _('%d seconds').format('3'));
+		o.value('5', _('%d seconds').format('5'));
+		o.value('10', _('%d seconds').format('10'));
+		o.value('20', _('%d seconds').format('20'));
+		o.value('30', _('%d seconds').format('30'));
+		o.value('60', _('%d minute').format('1'));
+		o.value('300', _('%d minutes').format('5'));
+		o.value('600', _('%d minutes').format('10'));
+		o.value('900', _('%d minutes').format('15'));
+		o.value('1800', _('%d minutes').format('30'));
+		o.value('3600', _('%d hour').format('1'));
+/*
+		o = s.option(form.Value, 'failure_interval', _('Failure interval'),
+			_('Ping interval during failure detection'));
+		o.default = '5';
+		o.value('1', _('%d second').format('1'));
+		o.value('3', _('%d seconds').format('3'));
+		o.value('5', _('%d seconds').format('5'));
+		o.value('10', _('%d seconds').format('10'));
+		o.value('20', _('%d seconds').format('20'));
+		o.value('30', _('%d seconds').format('30'));
+		o.value('60', _('%d minute').format('1'));
+		o.value('300', _('%d minutes').format('5'));
+		o.value('600', _('%d minutes').format('10'));
+		o.value('900', _('%d minutes').format('15'));
+		o.value('1800', _('%d minutes').format('30'));
+		o.value('3600', _('%d hour').format('1'));
+		o.modalonly = true;
+
+		o = s.option(form.Flag, 'keep_failure_interval', _('Keep failure interval'),
+			_('Keep ping failure interval during failure state'));
+		o.default = false;
+		o.modalonly = true;
+
+		o = s.option(form.Value, 'recovery_interval', _('Recovery interval'),
+			_('Ping interval during failure recovering'));
+		o.default = '5';
+		o.value('1', _('%d second').format('1'));
+		o.value('3', _('%d seconds').format('3'));
+		o.value('5', _('%d seconds').format('5'));
+		o.value('10', _('%d seconds').format('10'));
+		o.value('20', _('%d seconds').format('20'));
+		o.value('30', _('%d seconds').format('30'));
+		o.value('60', _('%d minute').format('1'));
+		o.value('300', _('%d minutes').format('5'));
+		o.value('600', _('%d minutes').format('10'));
+		o.value('900', _('%d minutes').format('15'));
+		o.value('1800', _('%d minutes').format('30'));
+		o.value('3600', _('%d hour').format('1'));
+		o.modalonly = true;
+
+		o = s.option(form.ListValue, 'tries', _('Proxy down'),
+			_('Proxy will be deemed down after this many failed tests'));
+		o.default = '5';
+		o.value('1');
+		o.value('2');
+		o.value('3');
+		o.value('4');
+		o.value('5');
+		o.value('6');
+		o.value('7');
+		o.value('8');
+		o.value('9');
+		o.value('10');
+
+		o = s.option(form.ListValue, 'tries_up', _('Interface up'),
+			_('Downed interface will be deemed up after this many successful ping tests'));
+		o.default = "5";
+		o.value('1');
+		o.value('2');
+		o.value('3');
+		o.value('4');
+		o.value('5');
+		o.value('6');
+		o.value('7');
+		o.value('8');
+		o.value('9');
+		o.value('10');
+*/
+		return m.render();
+	}
+})

luci-app-omr-tracker/htdocs/luci-static/resources/view/omr-tracker/network/server.js

@@ -0,0 +1,163 @@
+'use strict';
+'require form';
+'require fs';
+'require view';
+'require uci';
+
+var cfgtypes = ['server'];
+
+return view.extend({
+	load: function() {
+		return Promise.all([
+			L.resolveDefault(fs.stat('/usr/bin/httping'), {}),
+			L.resolveDefault(fs.stat('/usr/bin/dig'), {}),
+//			L.resolveDefault(fs.stat('/usr/bin/nping'), {}),
+//			L.resolveDefault(fs.stat('/usr/bin/arping'), {}),
+			uci.load('network')
+		]);
+	},
+
+	render: function (stats) {
+		var m, s, o;
+
+		m = new form.Map('omr-tracker', _('OMR-Tracker - Server'),
+			_('Detect if server is down and use defined backup server in this case.'));
+
+		//s = m.section(form.GridSection, 'defaults');
+		s = m.section(form.GridSection);
+		//s.addremove = true;
+		s.anonymous = false;
+		s.nodescriptions = true;
+		s.cfgsections = function() {
+			return this.map.data.sections(this.map.config)
+				.filter(function(s) { return cfgtypes.indexOf(s['.type']) !== -1; })
+				.map(function(s) { return s['.name']; });
+		};
+
+		o = s.option(form.Flag, 'enabled', _('Enabled'));
+		o.default = false;
+
+		o = s.option(form.ListValue, 'initial_state', _('Initial state'),
+			_('Expect interface state on up event'));
+		o.default = 'online';
+		o.value('online', _('Online'));
+		o.value('offline', _('Offline'));
+		o.modalonly = true;
+
+		o = s.option(form.Flag, 'mail_alert', _('Mail alert'),
+			_('Send a mail when connection status change. You need to configure e-mail settings here.'));
+		o.rmempty = false;
+		o.modalonly = true;
+/*
+		o = s.option(form.Value, 'reliability', _('Tracking reliability'),
+			_('Acceptable values: 1-100. This many Tracking IP addresses must respond for the link to be deemed up'));
+		o.datatype = 'range(1, 100)';
+		o.default = '1';
+*/
+		o = s.option(form.ListValue, 'tries', _('Test count'));
+		o.default = '1';
+		o.value('1');
+		o.value('2');
+		o.value('3');
+		o.value('4');
+		o.value('5');
+		o.modalonly = true;
+
+/*
+		o = s.option(form.Flag, 'check_quality', _('Check link quality'));
+		o.depends('track_method', 'ping');
+		o.default = false;
+		o.modalonly = true;
+*/
+		o = s.option(form.ListValue, "timeout", _("Test timeout"));
+		o.default = '4';
+		o.value('1', _('%d second').format('1'));
+		for (var i = 2; i <= 10; i++)
+			o.value(String(i), _('%d seconds').format(i));
+		o.modalonly = true;
+
+		o = s.option(form.ListValue, 'interval', _('Test interval'));
+		o.default = '10';
+		o.value('1', _('%d second').format('1'));
+		o.value('3', _('%d seconds').format('3'));
+		o.value('5', _('%d seconds').format('5'));
+		o.value('10', _('%d seconds').format('10'));
+		o.value('20', _('%d seconds').format('20'));
+		o.value('30', _('%d seconds').format('30'));
+		o.value('60', _('%d minute').format('1'));
+		o.value('300', _('%d minutes').format('5'));
+		o.value('600', _('%d minutes').format('10'));
+		o.value('900', _('%d minutes').format('15'));
+		o.value('1800', _('%d minutes').format('30'));
+		o.value('3600', _('%d hour').format('1'));
+/*
+		o = s.option(form.Value, 'failure_interval', _('Failure interval'),
+			_('Ping interval during failure detection'));
+		o.default = '5';
+		o.value('1', _('%d second').format('1'));
+		o.value('3', _('%d seconds').format('3'));
+		o.value('5', _('%d seconds').format('5'));
+		o.value('10', _('%d seconds').format('10'));
+		o.value('20', _('%d seconds').format('20'));
+		o.value('30', _('%d seconds').format('30'));
+		o.value('60', _('%d minute').format('1'));
+		o.value('300', _('%d minutes').format('5'));
+		o.value('600', _('%d minutes').format('10'));
+		o.value('900', _('%d minutes').format('15'));
+		o.value('1800', _('%d minutes').format('30'));
+		o.value('3600', _('%d hour').format('1'));
+		o.modalonly = true;
+
+		o = s.option(form.Flag, 'keep_failure_interval', _('Keep failure interval'),
+			_('Keep ping failure interval during failure state'));
+		o.default = false;
+		o.modalonly = true;
+
+		o = s.option(form.Value, 'recovery_interval', _('Recovery interval'),
+			_('Ping interval during failure recovering'));
+		o.default = '5';
+		o.value('1', _('%d second').format('1'));
+		o.value('3', _('%d seconds').format('3'));
+		o.value('5', _('%d seconds').format('5'));
+		o.value('10', _('%d seconds').format('10'));
+		o.value('20', _('%d seconds').format('20'));
+		o.value('30', _('%d seconds').format('30'));
+		o.value('60', _('%d minute').format('1'));
+		o.value('300', _('%d minutes').format('5'));
+		o.value('600', _('%d minutes').format('10'));
+		o.value('900', _('%d minutes').format('15'));
+		o.value('1800', _('%d minutes').format('30'));
+		o.value('3600', _('%d hour').format('1'));
+		o.modalonly = true;
+
+		o = s.option(form.ListValue, 'down', _('Interface down'),
+			_('Interface will be deemed down after this many failed ping tests'));
+		o.default = '5';
+		o.value('1');
+		o.value('2');
+		o.value('3');
+		o.value('4');
+		o.value('5');
+		o.value('6');
+		o.value('7');
+		o.value('8');
+		o.value('9');
+		o.value('10');
+
+		o = s.option(form.ListValue, 'up', _('Interface up'),
+			_('Downed interface will be deemed up after this many successful ping tests'));
+		o.default = "5";
+		o.value('1');
+		o.value('2');
+		o.value('3');
+		o.value('4');
+		o.value('5');
+		o.value('6');
+		o.value('7');
+		o.value('8');
+		o.value('9');
+		o.value('10');
+*/
+		return m.render();
+	}
+})

luci-app-omr-tracker/luasrc/controller/omr-tracker.lua

@@ -1,6 +0,0 @@
-module("luci.controller.omr-tracker", package.seeall)
-
-function index()
-	--entry({"admin", "openmptcprouter", "omr-tracker"}, cbi("omr-tracker"), _("OMR-Tracker"))
-	entry({"admin", "services", "omr-tracker"}, cbi("omr-tracker"), _("OMR-Tracker"))
-end

luci-app-omr-tracker/luasrc/model/cbi/omr-tracker.lua

@@ -1,254 +0,0 @@
-local net = require "luci.model.network".init()
-local sys = require "luci.sys"
-local m, s, o
-
-m = Map("omr-tracker", translate("OMR-Tracker"))
-
-s = m:section(TypedSection, "proxy", translate("Proxy tracker Settings"), translate("Detect if Proxy is down and stop traffic redirection over it."))
-s.anonymous   = true
-s.addremove = false
-
-local sdata = m:get('proxy')
-if not sdata then
-	m:set('proxy', nil, 'proxy')
-	m:set('proxy', 'enabled', "1")
-end
-
-o = s:option(Flag, "enabled", translate("Enable"), translate("When tracker is disabled, connection failover is also disabled"))
-o.rmempty     = false
-
-o = s:option(Value, "timeout", translate("Timeout (s)"))
-o.placeholder = "1"
-o.default     = "1"
-o.datatype    = "range(1, 100)"
-o.rmempty     = false
-
-o = s:option(Value, "tries", translate("Tries"))
-o.placeholder = "4"
-o.default     = "4"
-o.datatype    = "range(1, 10)"
-o.rmempty     = false
-
-o = s:option(Value, "interval", translate("Retry interval (s)"))
-o.placeholder = "2"
-o.default     = "2"
-o.datatype    = "range(1, 100)"
-o.rmempty     = false
-
-o = s:option(Value, "wait_test", translate("Wait after a failed test (s)"))
-o.placeholder = "0"
-o.default     = "0"
-o.datatype    = "range(0, 100)"
-o.rmempty     = false
-
-o = s:option(Flag, "mail_alert", translate("Mail alert"), translate("Send a mail when connection state change"))
-o.optional    = false
-o.rmempty     = false
-o.default     = false
-o.disabled    = 0
-o.enabled     = 1
-
-o = s:option(DynamicList, "hosts", translate("Hosts"), translate("IPs or domains must be available over http"))
-o.placeholder = "bing.com"
-o.default     = { "bing.com", "google.com" }
-o.rmempty     = false
-
-
-s = m:section(TypedSection, "server", translate("Server tracker Settings"), translate("Detect if Server is down and use defined backup server in this case."))
-s.anonymous   = true
-s.addremove = false
-
-local sdata = m:get('server')
-if not sdata then
-	m:set('server', nil, 'server')
-	m:set('server', 'enabled', "1")
-end
-
-o = s:option(Flag, "enabled", translate("Enable"), translate("When tracker is disabled, server failover is also disabled"))
-o.rmempty     = false
-
-o = s:option(Value, "timeout", translate("Timeout (s)"))
-o.placeholder = "1"
-o.default     = "1"
-o.datatype    = "range(1, 100)"
-o.rmempty     = false
-
-o = s:option(Value, "tries", translate("Tries"))
-o.placeholder = "4"
-o.default     = "4"
-o.datatype    = "range(1, 10)"
-o.rmempty     = false
-
-o = s:option(Value, "interval", translate("Retry interval (s)"))
-o.placeholder = "2"
-o.default     = "2"
-o.datatype    = "range(1, 100)"
-o.rmempty     = false
-
-o = s:option(Value, "wait_test", translate("Wait after a failed test (s)"))
-o.placeholder = "0"
-o.default     = "0"
-o.datatype    = "range(0, 100)"
-o.rmempty     = false
-
-o = s:option(Flag, "mail_alert", translate("Mail alert"), translate("Send a mail when connection state change"))
-o.optional    = false
-o.rmempty     = false
-o.default     = false
-o.disabled    = 0
-o.enabled     = 1
-
-s = m:section(TypedSection, "defaults", translate("Defaults Settings"), translate("OMR-Tracker create needed routes and detect when a connection is down or up"))
-s.anonymous   = true
-
-o = s:option(Flag, "enabled", translate("Enable"), translate("When tracker is disabled, connection failover is also disabled"))
-o.rmempty     = false
-
-o = s:option(Value, "timeout", translate("Timeout (s)"))
-o.placeholder = "1"
-o.default     = "1"
-o.datatype    = "range(1, 100)"
-o.rmempty     = false
-
-o = s:option(Value, "tries", translate("Tries"), translate("How many times repeat test"))
-o.placeholder = "4"
-o.default     = "4"
-o.datatype    = "range(1, 10)"
-o.rmempty     = false
-
-o = s:option(Value, "count", translate("Count"), translate("How many packets send on each test"))
-o.placeholder = "2"
-o.default     = "2"
-o.datatype    = "range(1, 100)"
-o.rmempty     = false
-
-o = s:option(Value, "interval", translate("Retry interval (s)"))
-o.placeholder = "2"
-o.default     = "2"
-o.datatype    = "range(1, 100)"
-o.rmempty     = false
-
-o = s:option(Value, "wait_test", translate("Wait after a failed test (s)"))
-o.placeholder = "0"
-o.default     = "0"
-o.datatype    = "range(0, 100)"
-o.rmempty     = false
-
-o = s:option(ListValue, "type", translate("Type"), translate("Always ping gateway, then test connection by ping, httping or dns. None mode only ping gateway."))
-o:value("ping","ping")
-o:value("httping","httping")
-o:value("dns","dns")
-o:value("none","none")
-
-o = s:option(Flag, "server_http_test", translate("Server http test"), translate("Check if connection work with http by sending a request to server"))
-o.optional    = false
-o.rmempty     = false
-o.default     = true
-o.disabled    = 0
-o.enabled     = 1
-
-o = s:option(Flag, "mail_alert", translate("Mail alert"), translate("Send a mail when connection state change"))
-o.optional    = false
-o.rmempty     = false
-o.default     = false
-o.disabled    = 0
-o.enabled     = 1
-
-o = s:option(Flag, "restart_down", translate("Restart if down"), translate("Restart interface if detected as down"))
-o.optional    = false
-o.rmempty     = false
-o.default     = false
-o.disabled    = 0
-o.enabled     = 1
-
-o = s:option(DynamicList, "hosts", translate("Hosts"), translate("Must be IPs and not domains"))
-o.placeholder = "4.2.2.1"
-o.default     = { "4.2.2.1", "8.8.8.8" }
-o.rmempty     = false
-
-o = s:option(DynamicList, "hosts6", translate("Hosts IPv6"), translate("Must be IPs and not domains"))
-o.placeholder = "2001:4860:4860::8844"
-o.default     = { "2001:4860:4860::8888", "2001:4860:4860::8844" }
-o.rmempty     = false
-
-s = m:section(TypedSection, "interface", translate("Interfaces"))
-s.template_addremove = "omr-tracker/cbi-select-add"
-s.addremove = true
-s.add_select_options = { }
-s.add_select_options[''] = ''
-for _, iface in ipairs(net:get_networks()) do
-	if not (iface:name() == "loopback") then
-		s.add_select_options[iface:name()] = iface:name()
-	end
-end
-
-o = s:option(Flag, "enabled", translate("Enable"))
-o.rmempty     = false
-
-o = s:option(Value, "timeout", translate("Timeout (s)"))
-o.placeholder = "1"
-o.default     = "1"
-o.datatype    = "range(1, 100)"
-o.rmempty     = false
-
-o = s:option(Value, "tries", translate("Tries"))
-o.placeholder = "4"
-o.default     = "4"
-o.datatype    = "range(1, 10)"
-o.rmempty     = false
-
-o = s:option(Value, "count", translate("Count"), translate("How many packets send on each test, one wrong make test fail, one wrong make tail fail"))
-o.placeholder = "2"
-o.default     = "2"
-o.datatype    = "range(1, 100)"
-o.rmempty     = false
-
-o = s:option(Value, "interval", translate("Retry interval (s)"))
-o.placeholder = "2"
-o.default     = "2"
-o.datatype    = "range(1, 100)"
-o.rmempty     = false
-
-o = s:option(Value, "wait_test", translate("Wait after a failed test (s)"))
-o.placeholder = "0"
-o.default     = "0"
-o.datatype    = "range(0, 100)"
-o.rmempty     = false
-
-o = s:option(ListValue, "type", translate("Type"), translate("Always ping gateway, then test connection by ping, httping or dns. None mode only ping gateway."))
-o:value("ping","ping")
-o:value("httping","httping")
-o:value("dns","dns")
-o:value("none","none")
-
-o = s:option(Flag, "server_http_test", translate("Server http test"), translate("Check if connection work with http by sending a request to server"))
-o.optional    = false
-o.rmempty     = false
-o.default     = true
-o.disabled    = 0
-o.enabled     = 1
-
-o = s:option(Flag, "mail_alert", translate("Mail alert"), translate("Send a mail when connection status change. You need to configure e-mail settings <a href=\"/cgi-bin/luci/admin/services/mail\">here</a>."))
-o.optional    = false
-o.rmempty     = false
-o.default     = false
-o.disabled    = 0
-o.enabled     = 1
-
-o = s:option(Flag, "restart_down", translate("Restart if down"), translate("Restart interface if detected as down"))
-o.optional    = false
-o.rmempty     = false
-o.default     = false
-o.disabled    = 0
-o.enabled     = 1
-
-o = s:option(DynamicList, "hosts", translate("Hosts"), translate("Must be IPs and not domains"))
-o.placeholder = "4.2.2.1"
-o.default     = { "4.2.2.1", "8.8.8.8" }
-o.rmempty     = false
-
-o = s:option(DynamicList, "hosts6", translate("Hosts IPv6"), translate("Must be IPs and not domains"))
-o.placeholder = "2001:4860:4860::8844"
-o.rmempty     = false
-
-return m

luci-app-omr-tracker/luasrc/view/omr-tracker/cbi-select-add.htm

@@ -1,10 +0,0 @@
-<div class="cbi-section-create">
-	<% if self.invalid_cts then -%><div class="cbi-section-error"><% end %>
-	<select class="cbi-section-create-name" name="cbi.cts.<%=self.config%>.<%=self.sectiontype%>.select">
-	<%- for k, v in luci.util.kspairs(self.add_select_options) do %>
-		<option value="<%=k%>"><%=luci.xml.pcdata(v)%></option>
-	<% end -%>
-	</select>
-	<input class="cbi-button cbi-button-add" type="submit" value="<%:Add%>" title="<%:Add%>" />
-	<% if self.invalid_cts then %><br /><%:Invalid%></div><% end %>
-</div>

luci-app-omr-tracker/root/usr/share/luci/menu.d/luci-app-omr-tracker.json

@@ -1,13 +1,36 @@
 {
 	"admin/services/omr-tracker": {
-		"title": "OMR-Tracker",
+		"title": "OMR-Tracker Manager",
-		"order": 10,
+		"order": 60,
 		"action": {
-			"type": "cbi",
+			"type": "firstchild"
-			"path": "omr-tracker"
 		},
 		"depends": {
 			"acl": [ "luci-app-omr-tracker" ]
 		}
+	},
+	"admin/services/omr-tracker/interface": {
+		"title": "Interface",
+		"order": 10,
+		"action": {
+			"type": "view",
+			"path": "omr-tracker/network/interface"
+		}
+	},
+	"admin/services/omr-tracker/proxy": {
+		"title": "Proxy",
+		"order": 20,
+		"action": {
+			"type": "view",
+			"path": "omr-tracker/network/proxy"
+		}
+	},
+	"admin/services/omr-tracker/server": {
+		"title": "Server",
+		"order": 30,
+		"action": {
+			"type": "view",
+			"path": "omr-tracker/network/server"
+		}
 	}
 }

luci-app-omr-tracker/root/usr/share/rpcd/acl.d/luci-app-omr-tracker.json

@@ -2,7 +2,13 @@
     "luci-app-omr-tracker": {
 	"description": "Grant UCI access for luci-app-omr-tracker",
 	"read": {
-	    "uci": [ "omr-tracker" ]
+	    "uci": [ "omr-tracker" ],
+	    "file": {
+		"/usr/bin/httping": [ "list" ],
+		"/usr/bin/dig": [ "list" ],
+		"/usr/bin/nping": [ "list" ],
+		"/usr/bin/arping": [ "list" ]
+	    }
 	},
 	"write": {
 	    "uci": [ "omr-tracker" ]

luci-app-openmptcprouter/luasrc/view/openmptcprouter/wizard.htm

@@ -240,7 +240,7 @@
 				end
 				for _, proxy in pairs(available_proxys) do
 					if proxy == "shadowsocks" then %>
-						<% if nixio.fs.access("/etc/init.d/shadowsocks-libev") then %><option value="shadowsocks" <% if uci:get("openmptcprouter","settings","shadowsocks") == "0" or uci:get("openmptcprouter","settings","proxy") == nil then %>selected="selected"<% end %>>Shadowsocks</option><% end %>
+						<% if nixio.fs.access("/etc/init.d/shadowsocks-libev") then %><option value="shadowsocks" <% if uci:get("openmptcprouter","settings","proxy") == "shadowsocks" then %>selected="selected"<% end %>>Shadowsocks</option><% end %>
 					<% elseif proxy == "v2ray" then %>
 						<% if nixio.fs.access("/etc/init.d/v2ray") then %><option value="v2ray" <% if uci:get("openmptcprouter","settings","proxy") == "v2ray" then %>selected="selected"<% end %>>V2Ray VLESS</option><% end %>
 					<% elseif proxy == "v2ray-vmess" then %>
@@ -262,13 +262,13 @@
 					<% elseif proxy == "xray-shadowsocks" then %>
 						<% if nixio.fs.access("/etc/init.d/xray") then %><option value="xray-shadowsocks" <% if uci:get("openmptcprouter","settings","proxy") == "xray-shadowsocks" then %>selected="selected"<% end %>>XRay Shadowsocks 2022</option><% end %>
 					<% elseif proxy == "shadowsocks-rust" or proxy == "shadowsocks-go" then %>
-						<% if nixio.fs.access("/etc/init.d/shadowsocks-rust") then %><option value="shadowsocks-rust" <% if uci:get("openmptcprouter","settings","proxy") == "shadowsocks-rust" then %>selected="selected"<% end %>>Shadowsocks-Rust 2022</option><% end %>
+						<% if nixio.fs.access("/etc/init.d/shadowsocks-rust") then %><option value="shadowsocks-rust" <% if uci:get("openmptcprouter","settings","proxy") == "shadowsocks-rust" or uci:get("openmptcprouter","settings","proxy") == nil then %>selected="selected"<% end %>>Shadowsocks-Rust 2022</option><% end %>
 					<% end
 				end %>
 			<%
 			else
 			%>
-			<% if nixio.fs.access("/etc/init.d/shadowsocks-libev") then %><option value="shadowsocks" <% if uci:get("openmptcprouter","settings","shadowsocks") == "0" or uci:get("openmptcprouter","settings","proxy") == nil then %>selected="selected"<% end %>>Shadowsocks</option><% end %>
+			<% if nixio.fs.access("/etc/init.d/shadowsocks-libev") then %><option value="shadowsocks" <% if uci:get("openmptcprouter","settings","proxy") == "shadowsocks" then %>selected="selected"<% end %>>Shadowsocks</option><% end %>
 			<% if nixio.fs.access("/etc/init.d/v2ray") then %><option value="v2ray" <% if uci:get("openmptcprouter","settings","proxy") == "v2ray" then %>selected="selected"<% end %>>V2Ray VLESS</option><% end %>
 			<% if nixio.fs.access("/etc/init.d/v2ray") then %><option value="v2ray-vmess" <% if uci:get("openmptcprouter","settings","proxy") == "v2ray-vmess" then %>selected="selected"<% end %>>V2Ray VMESS</option><% end %>
 			<% if nixio.fs.access("/etc/init.d/v2ray") then %><option value="v2ray-trojan" <% if uci:get("openmptcprouter","settings","proxy") == "v2ray-trojan" then %>selected="selected"<% end %>>V2Ray TROJAN</option><% end %>
@@ -279,7 +279,7 @@
 			<% if nixio.fs.access("/etc/init.d/xray") then %><option value="xray-trojan" <% if uci:get("openmptcprouter","settings","proxy") == "xray-trojan" then %>selected="selected"<% end %>>XRay Trojan</option><% end %>
 			<% if nixio.fs.access("/etc/init.d/xray") then %><option value="xray-socks" <% if uci:get("openmptcprouter","settings","proxy") == "xray-socks" then %>selected="selected"<% end %>>XRay Socks</option><% end %>
 			<% if nixio.fs.access("/etc/init.d/xray") then %><option value="xray-shadowsocks" <% if uci:get("openmptcprouter","settings","proxy") == "xray-shadowsocks" then %>selected="selected"<% end %>>XRay Shadowsocks 2022</option><% end %>
-			<% if nixio.fs.access("/etc/init.d/shadowsocks-rust") then %><option value="shadowsocks-rust" <% if uci:get("openmptcprouter","settings","proxy") == "shadowsocks-rust" then %>selected="selected"<% end %>>Shadowsocks-Rust 2022</option><% end %>
+			<% if nixio.fs.access("/etc/init.d/shadowsocks-rust") then %><option value="shadowsocks-rust" <% if uci:get("openmptcprouter","settings","proxy") == "shadowsocks-rust" or uci:get("openmptcprouter","settings","proxy") == nil then %>selected="selected"<% end %>>Shadowsocks-Rust 2022</option><% end %>
 			<% 
 			end
 			%>

mptcp/files/etc/init.d/mptcp

@@ -305,7 +305,7 @@ interface_multipath_settings() {
 			ip route replace $network/$netmask dev $iface scope link table $id $initcwrwnd 2>&1 >/dev/null
 			ip route replace default via $gateway dev $iface table $id $initcwrwnd 2>&1 >/dev/null
 			[ "$(uci -q get openmptcprouter.settings.defaultgw)" != "0" ] && ip route replace default via $gateway dev $iface metric $id $initcwrwnd 2>&1 >/dev/null
-			#ip route flush $id
+			ip route flush cache $id 2>&1 >/dev/null
 		fi
 
 		#config_get mode "$config" multipath ""
@@ -395,7 +395,7 @@ interface_multipath_settings() {
 				ip -6 route replace $network6/$netmask6 dev $iface scope link table 6$id $initcwrwnd 2>&1 >/dev/null
 				ip -6 route replace default via $gateway6 dev $iface table 6$id $initcwrwnd 2>&1 >/dev/null
 				[ "$(uci -q get openmptcprouter.settings.defaultgw)" != "0" ] && ip -6 route replace default via $gateway6 dev $iface metric 6$id $initcwrwnd 2>&1 >/dev/null
-				#ip -6 route flush 6$id 2>&1 >/dev/null
+				ip -6 route flush cache 6$id 2>&1 >/dev/null
 			fi
 
 			#config_get mode "$config" multipath "off"

mptcp/files/usr/share/omr/post-tracking.d/001-post-tracking

@@ -828,6 +828,10 @@ if [ "$OMR_TRACKER_STATUS" = "ERROR" ] || [ "$interface_up" != "true" ]; then
 				config_load network
 				config_foreach set_route interface $OMR_TRACKER_INTERFACE "no"
 				config_foreach set_route6 interface $OMR_TRACKER_INTERFACE "no"
+			elif [ -n "$OMR_TRACKER_DEVICE" ] && [ -n "$(ip r show table 991337 | grep "$OMR_TRACKER_DEVICE ")" ]; then
+				config_load network
+				config_foreach set_route interface $OMR_TRACKER_INTERFACE "no"
+				config_foreach set_route6 interface $OMR_TRACKER_INTERFACE "no"
 			fi
 		fi
 		if [ "$(uci -q get openmptcprouter.settings.master)" = "balancing" ]; then
@@ -1077,6 +1081,7 @@ if [ "$multipath_config" = "master" ]; then
 			config_foreach set_server_default_route server
 			#config_foreach set_server_default_route6 server
 		fi
+		ip route flush cache 2>&1 >/dev/null
 	fi
 	if ([ "$default_gw6" != "$OMR_TRACKER_DEVICE_GATEWAY6" ] || [ "$default_gw6" = "" ]) && [ "$OMR_TRACKER_DEVICE_GATEWAY6" != "" ] && [ "$(uci -q get openmptcprouter.settings.master)" != "balancing" ]; then
 		omrvpn_intf=$(uci -q get "network.omrvpn.device" || echo "tun0")
@@ -1092,6 +1097,7 @@ if [ "$multipath_config" = "master" ]; then
 			#config_foreach set_server_default_route server
 			config_foreach set_server_default_route6 server
 		fi
+		ip -6 route flush cache 2>&1 >/dev/null
 	fi
 	#if [ "$(uci -q get openmptcprouter.settings.master)" = "balancing" ] && [ "$(ip route show default | grep weight)" = "" ] && [ "$(uci -q get openmptcprouter.settings.defaultgw)" != "0" ] && [ "$(uci -q get openmptcprouter.settings.vpn)" != "mlvpn" ]; then
 	if [ "$(uci -q get openmptcprouter.settings.master)" = "balancing" ] && ([ "$(ip route show default | grep weight)" = "" ] || [ "$(ip -6 route show default | grep weight)" = "" ]) && [ "$(uci -q get openmptcprouter.settings.defaultgw)" != "0" ]; then
@@ -1153,12 +1159,16 @@ if [ "$multipath_config" = "master" ]; then
 				}
 			}
 		fi
+		ip route flush cache 2>&1 >/dev/null
+		ip -6 route flush cache 2>&1 >/dev/null
 	fi
 	if [ -n "$OMR_TRACKER_DEVICE_GATEWAY" ] && [ -n "$OMR_TRACKER_DEVICE" ] && [ "$(ip r show table 991337)" != "default via $OMR_TRACKER_DEVICE_GATEWAY dev $OMR_TRACKER_DEVICE " ]; then
 		ip route replace default via $OMR_TRACKER_DEVICE_GATEWAY dev $OMR_TRACKER_DEVICE table 991337 $initcwrwnd 2>&1 >/dev/null
+		ip route flush cache 2>&1 >/dev/null
 	fi
 	if [ -n "$OMR_TRACKER_DEVICE_GATEWAY6" ] && [ -n "$OMR_TRACKER_DEVICE" ] && [ "$(ip -6 r show table 991337)" != "default via $OMR_TRACKER_DEVICE_GATEWAY6 dev $OMR_TRACKER_DEVICE " ]; then
 		ip -6 route replace default via $OMR_TRACKER_DEVICE_GATEWAY6 dev $OMR_TRACKER_DEVICE table 991337 $initcwrwnd 2>&1 >/dev/null
+		ip -6 route flush cache 2>&1 >/dev/null
 	fi
 	if ([ -n "$OMR_TRACKER_INTERFACE" ] && [ "$(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.lc)" = "" ]) || [ $(($(date +"%s") + $((10 + RANDOM % 31)) - $(uci -q get openmptcprouter.$OMR_TRACKER_INTERFACE.lc))) -gt 3600 ] || [ "$(uci -q show openmptcprouter | grep get_config=\'1\')" != "" ] || [ "$(uci -q show openmptcprouter | grep admin_error=\'1\')" != "" ]; then
 		[ "$(pgrep -f openmptcprouter-vps)" = "" ] && /etc/init.d/openmptcprouter-vps restart >/dev/null 2>&1 &
@@ -1177,6 +1187,7 @@ if [ -n "$OMR_TRACKER_DEVICE_IP" ] && [ -n "$OMR_TRACKER_DEVICE_GATEWAY" ]; then
 	if [ "$(uci -q get openmptcprouter.settings.defaultgw)" != "0" ] && [ -n "$OMR_TRACKER_DEVICE_GATEWAY" ] && [ -n "$OMR_TRACKER_DEVICE" ] && [ "$(ip r show dev $OMR_TRACKER_DEVICE | grep default)" = "" ] && [ -n "$OMR_TRACKER_INTERFACE" ] && [ "$(uci -q get network.$OMR_TRACKER_INTERFACE.metric)" != "" ]; then
 		_log "Interface route not yet set, set route ip r add default via $OMR_TRACKER_DEVICE_GATEWAY dev $OMR_TRACKER_DEVICE metric $(uci -q get network.$OMR_TRACKER_INTERFACE.metric)"
 		ip r add default via $OMR_TRACKER_DEVICE_GATEWAY dev $OMR_TRACKER_DEVICE metric $(uci -q get network.$OMR_TRACKER_INTERFACE.metric) >/dev/null 2>&1
+		ip route flush cache 2>&1 >/dev/null
 	fi
 fi
 if [ -n "$OMR_TRACKER_DEVICE_IP6" ] && [ -n "$OMR_TRACKER_DEVICE_GATEWAY6" ]; then
@@ -1189,6 +1200,7 @@ if [ -n "$OMR_TRACKER_DEVICE_IP6" ] && [ -n "$OMR_TRACKER_DEVICE_GATEWAY6" ]; th
 	fi
 	if [ "$(uci -q get openmptcprouter.settings.defaultgw)" != "0" ] && [ -n "$OMR_TRACKER_DEVICE_GATEWAY6" ] && [ -n "$OMR_TRACKER_DEVICE" ] && [ "$(ip -6 r show dev $OMR_TRACKER_DEVICE | grep default)" = "" ] && [ -n "$OMR_TRACKER_INTERFACE" ] && [ "$(uci -q get network.$OMR_TRACKER_INTERFACE.metric)" != "" ]; then
 		ip -6 r replace default via $OMR_TRACKER_DEVICE_GATEWAY6 dev $OMR_TRACKER_DEVICE metric $(uci -q get network.$OMR_TRACKER_INTERFACE.metric) >/dev/null 2>&1
+		ip -6 route flush cache 2>&1 >/dev/null
 	fi
 fi
 

mptcp/files/usr/share/omr/post-tracking.d/021-latencies

@@ -42,6 +42,7 @@ interface_up=$(ifstatus "$OMR_TRACKER_INTERFACE" 2>/dev/null | jsonfilter -q -e
 			fi
 		fi
 	fi
+	[ -n "$(uci -q changes openmptcprouter)" ] && uci -q commit openmptcprouter
 }
 
 if [ -n "$OMR_TRACKER_INTERFACE" ] && [ -n "$OMR_TRACKER_DEVICE" ]; then

omr-bypass/files/etc/init.d/omr-bypass

@@ -1,5 +1,5 @@
 #!/bin/sh /etc/rc.common
-# Copyright (C) 2018-2023 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
+# Copyright (C) 2018-2020 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
 
 START=98
 STOP=10
@@ -8,14 +8,13 @@ EXTRA_COMMANDS="reload_rules bypass_asn"
 
 . /usr/lib/unbound/iptools.sh
 
-# Still used by ndpi
+if [ -f /usr/sbin/iptables-legacy ]; then
-if [ -e /usr/sbin/iptables-nft ]; then
+	IPTABLES="/usr/sbin/iptables-legacy"
-	IPTABLES="/usr/sbin/iptables-nft"
+	IPTABLESRESTORE="/usr/sbin/iptables-legacy-restore"
-	IPTABLESRESTORE="/usr/sbin/iptables-nft-restore"
+	IPTABLESSAVE="/usr/sbin/iptables-legacy-save"
-	IPTABLESSAVE="/usr/sbin/iptables-nft-save"
+	IP6TABLES="/usr/sbin/ip6tables-legacy"
-	IP6TABLES="/usr/sbin/ip6tables-nft"
+	IP6TABLESRESTORE="/usr/sbin/ip6tables-legacy-restore"
-	IP6TABLESRESTORE="/usr/sbin/ip6tables-nft-restore"
+	IP6TABLESSAVE="/usr/sbin/ip6tables-legacy-save"
-	IP6TABLESSAVE="/usr/sbin/ip6tables-nft-save"
 else
 	IPTABLES="/usr/sbin/iptables"
 	IPTABLESRESTORE="/usr/sbin/iptables-restore"
@@ -59,13 +58,9 @@ _bypass_ip() {
 	valid_ip4=$( valid_subnet4 $ip)
 	valid_ip6=$( valid_subnet6 $ip)
 	if [ "$valid_ip4" = "ok" ]; then
-		uci -q add_list firewall.omr_dst_bypass_${type}_4.entry=$ip
+		ipset -q add omr_dst_bypass_$type $ip
-		uci -q set firewall.omr_dst_bypass_${type}_4.enabled='1'
-		uci -q set firewall.omr_dst_bypass_${type}_dstip_4.enabled='1'
 	elif [ "$valid_ip6" = "ok" ]; then
-		uci -q add_list firewall.omr_dst_bypass_${type}_6.entry=$ip
+		ipset -q add omr6_dst_bypass_$type $ip
-		uci -q set firewall.omr_dst_bypass_${type}_6.enabled='1'
-		uci -q set firewall.omr_dst_bypass_${type}_dstip_6.enabled='1'
 	fi
 }
 
@@ -81,7 +76,6 @@ _bypass_domains() {
 	[ -z "$intf" ] && intf="all"
 	config_get vpn $1 vpn
 	[ "$vpn" = "1" ] && intf="srv_vpn1"
-	#echo "bypass $domain $enabled $family $intf $vpn"
 	[ "$enabled" = "0" ] && return
 	[ -z "$domain" ] && return
 	[ -z "$family" ] && family="ipv4ipv6"
@@ -113,7 +107,6 @@ _bypass_domains() {
 			_bypass_domain $validdomain $intf $family $noipv6
 		done
 	else
-		#echo "_bypass_domain $domain $intf $family $noipv6"
 		_bypass_domain $domain $intf $family $noipv6
 	fi
 }
@@ -124,6 +117,7 @@ _bypass_domain() {
 	local family=$3
 	local noipv6=$4
 	intf=$(echo $intf | sed -e 's/\./_/')
+	[ -n "$intf" ] && [ -z "$(ipset --list | grep omr_dst_bypass_$intf)" ] && return
 	[ -z "$intf" ] && intf="all"
 	if [ -n "$domain" ]; then
 		domain=$(echo $domain | sed 's:^\.::')
@@ -140,13 +134,35 @@ _bypass_domain() {
 				done
 			fi
 		fi
-		if [ "$(uci -q get dhcp.omr_dst_bypass_$intf | grep /$domain/)" = "" ]; then
+		if [ "$(uci -q get dhcp.@dnsmasq[0].ipset | grep /$domain/)" = "" ]; then
-			uci -q add_list dhcp.omr_dst_bypass_$intf.domain=$domain
+			if [ "$family" = "ipv4ipv6" ]; then
+				uci -q add_list dhcp.@dnsmasq[0].ipset="/$domain/omr_dst_bypass_$intf,omr6_dst_bypass_$intf"
+			elif [ "$family" = "ipv4" ]; then
+				uci -q add_list dhcp.@dnsmasq[0].ipset="/$domain/omr_dst_bypass_$intf"
+			elif [ "$family" = "ipv6" ]; then
+				uci -q add_list dhcp.@dnsmasq[0].ipset="/$domain/omr6_dst_bypass_$intf"
+			fi
 			add_domains="true"
+		else
+			dnsmasqipset=$(uci -q get dhcp.@dnsmasq[0].ipset | sed 's/ /\n/g')
+			for dnsipset in $dnsmasqipset; do
+				if [ "$(echo $dnsipset | cut -d/ -f2)" = "$domain" ]; then
+					uci -q del_list dhcp.@dnsmasq[0].ipset=$dnsipset
+					if [ "$family" = "ipv4ipv6" ]; then
+						uci -q add_list dhcp.@dnsmasq[0].ipset="$dnsipset,omr_dst_bypass_$intf,omr6_dst_bypass_$intf"
+					elif [ "$family" = "ipv4" ]; then
+						uci -q add_list dhcp.@dnsmasq[0].ipset="$dnsipset,omr_dst_bypass_$intf"
+					elif [ "$family" = "ipv6" ]; then
+						uci -q add_list dhcp.@dnsmasq[0].ipset="$dnsipset,omr6_dst_bypass_$intf"
+					fi
+					add_domains="true"
+				fi
+			done
 		fi
 		if [ "$(uci -q get dhcp.@dnsmasq[0].noipv6 | grep /$domain/)" = "" ] && [ "$noipv6" = "1" ]; then
 			uci -q add_list dhcp.@dnsmasq[0].noipv6="$domain"
 		fi
+		
 		#logger -t "omr-bypass" "Get IPs of $domain... Done"
 	fi
 }
@@ -160,13 +176,38 @@ _bypass_mac() {
 	config_get enabled $1 enabled
 	[ "$enabled" = "0" ] && return
 	intf=$(echo $intf | sed -e 's/\./_/')
+	[ -n "$intf" ] && [ -z "$(ipset --list | grep omr_dst_bypass_$intf)" ] && return
 	local intfid="$(uci -q get omr-bypass.$intf.id)"
 
 	[ -z "$intf" ] && intf="all"
 	[ -z "$mac" ] && return
-	uci -q batch <<-EOF
+	if [ "$intf" = "all" ]; then
-		add_list firewall.omr_dst_bypass_$intf_mac.src_mac="$mac"
+		$IPTABLESRESTORE -w --wait=60  --noflush <<-EOF
-	EOF
+		*mangle
+		-A omr-bypass -m mac --mac-source $mac -j MARK --set-mark 0x539
+		COMMIT
+		EOF
+		if [ "$disableipv6" = "0" ]; then
+			$IP6TABLESRESTORE -w --wait=60  --noflush <<-EOF
+			*mangle
+			-A omr-bypass6 -m mac --mac-source $mac -j MARK --set-mark 0x6539
+			COMMIT
+			EOF
+		fi
+	else
+		$IPTABLESRESTORE -w --wait=60  --noflush <<-EOF
+		*mangle
+		-A omr-bypass -m mac --mac-source $mac -j MARK --set-mark 0x539$intfid
+		COMMIT
+		EOF
+		if [ "$disableipv6" = "0" ]; then
+			$IP6TABLESRESTORE -w --wait=60  --noflush <<-EOF
+			*mangle
+			-A omr-bypass6 -m mac --mac-source $mac -j MARK --set-mark 0x6539$intfid
+			COMMIT
+			EOF
+		fi
+	fi
 }
 
 _bypass_lan_ip() {
@@ -185,16 +226,44 @@ _bypass_lan_ip() {
 	[ -z "$ip" ] && return
 	valid_ip4=$(valid_subnet4 $ip)
 	valid_ip6=$(valid_subnet6 $ip)
-	if [ "$valid_ip4" = "ok" ]; then
+	if [ "$intf" = "all" ]; then
-		uci -q batch <<-EOF
+		if [ "$valid_ip4" = "ok" ]; then
-			add_list firewall.omr_dst_bypass_${intf}_srcip_4.src_ip="$ip"
+			$IPTABLESRESTORE -w --wait=60  --noflush <<-EOF
-			set firewall.omr_dst_bypass_${intf}_srcip_4.enabled='1'
+			*mangle
-		EOF
+			-A omr-bypass -s $ip -j MARK --set-mark 0x539
-	elif [ "$valid_ip6" = "ok" ] && [ "$disableipv6" = "0" ]; then
+			COMMIT
-		uci -q batch <<-EOF
+			EOF
-			add_list firewall.omr_dst_bypass_${intf}_srcip_6.src_ip="$ip"
+			$IPTABLESRESTORE -w --wait=60  --noflush <<-EOF
-			set firewall.omr_dst_bypass_${intf}_srcip_6.enabled='1'
+			*mangle
-		EOF
+			-A omr-bypass-local -s $ip -j MARK --set-mark 0x539
+			COMMIT
+			EOF
+		elif [ "$valid_ip6" = "ok" ] && [ "$disableipv6" = "0" ]; then
+			$IP6TABLESRESTORE -w --wait=60  --noflush <<-EOF
+			*mangle
+			-A omr-bypass6 -s $ip -j MARK --set-mark 0x6539
+			COMMIT
+			EOF
+		fi
+	else
+		if [ "$valid_ip4" = "ok" ]; then
+			$IPTABLESRESTORE -w --wait=60  --noflush <<-EOF
+			*mangle
+			-A omr-bypass -s $ip -j MARK --set-mark 0x539$intfid
+			COMMIT
+			EOF
+			$IPTABLESRESTORE -w --wait=60  --noflush <<-EOF
+			*mangle
+			-A omr-bypass-local -s $ip -j MARK --set-mark 0x539$intfid
+			COMMIT
+			EOF
+		elif [ "$valid_ip6" = "ok" ] && [ "$disableipv6" = "0" ]; then
+			$IP6TABLESRESTORE -w --wait=60  --noflush <<-EOF
+			*mangle
+			-A omr-bypass6 -s $ip -j MARK --set-mark 0x6539$intfid
+			COMMIT
+			EOF
+		fi
 	fi
 }
 
@@ -209,24 +278,49 @@ _bypass_dest_port() {
 	config_get enabled $1 enabled
 	[ "$enabled" = "0" ] && return
 	intf=$(echo $intf | sed -e 's/\./_/')
-	#[ -n "$intf" ] && [ -z "$(ipset --list | grep omr_dst_bypass_$intf)" ] && return
+	[ -n "$intf" ] && [ -z "$(ipset --list | grep omr_dst_bypass_$intf)" ] && return
 	local intfid="$(uci -q get omr-bypass.$intf.id)"
 
 	[ -z "$intf" ] && intf="all"
 	[ -z "$dport" ] && return
 	dport="$(echo $dport | sed 's/-/:/')"
 	[ -z "$proto" ] && return
-	if [ "$proto" = "tcp" ] || [ "$proto" = "tcp udp" ]; then
+	if [ "$intf" = "all" ]; then
-		uci -q batch <<-EOF
+		$IPTABLESRESTORE -w --wait=60  --noflush <<-EOF
-			add_list firewall.omr_dst_bypass_${intf}_dstport_tcp.dst_port="$dport"
+		*mangle
-			set firewall.omr_dst_bypass_${intf}_dstport_tcp.enabled='1'
+		-A omr-bypass --protocol $proto --destination-port $dport -j MARK --set-mark 0x539
+		COMMIT
 		EOF
-	fi
+		$IPTABLESRESTORE -w --wait=60  --noflush <<-EOF
-	if [ "$proto" = "udp" ] || [ "$proto" = "tcp udp" ]; then
+		*mangle
-		uci -q batch <<-EOF
+		-A omr-bypass-local --protocol $proto --destination-port $dport -j MARK --set-mark 0x539
-			add_list firewall.omr_dst_bypass_${intf}_dstport_udp.dst_port="$dport"
+		COMMIT
-			set firewall.omr_dst_bypass_${intf}_dstport_udp.enabled='1'
 		EOF
+		if [ "$disableipv6" = "0" ]; then
+			$IP6TABLESRESTORE -w --wait=60  --noflush <<-EOF
+			*mangle
+			-A omr-bypass6 --protocol $proto --destination-port $dport -j MARK --set-mark 0x6539
+			COMMIT
+			EOF
+		fi
+	else
+		$IPTABLESRESTORE -w --wait=60  --noflush <<-EOF
+		*mangle
+		-A omr-bypass --protocol $proto --destination-port $dport -j MARK --set-mark 0x539$intfid
+		COMMIT
+		EOF
+		$IPTABLESRESTORE -w --wait=60  --noflush <<-EOF
+		*mangle
+		-A omr-bypass-local --protocol $proto --destination-port $dport -j MARK --set-mark 0x539$intfid
+		COMMIT
+		EOF
+		if [ "$disableipv6" = "0" ]; then
+			$IP6TABLESRESTORE -w --wait=60  --noflush <<-EOF
+			*mangle
+			-A omr-bypass6 --protocol $proto --destination-port $dport -j MARK --set-mark 0x6539$intfid
+			COMMIT
+			EOF
+		fi
 	fi
 }
 
@@ -241,24 +335,49 @@ _bypass_src_port() {
 	config_get enabled $1 enabled
 	[ "$enabled" = "0" ] && return
 	intf=$(echo $intf | sed -e 's/\./_/')
-	#[ -n "$intf" ] && [ -z "$(ipset --list | grep omr_dst_bypass_$intf)" ] && return
+	[ -n "$intf" ] && [ -z "$(ipset --list | grep omr_dst_bypass_$intf)" ] && return
 	local intfid="$(uci -q get omr-bypass.$intf.id)"
 
 	[ -z "$intf" ] && intf="all"
 	[ -z "$sport" ] && return
 	sport="$(echo $sport | sed 's/-/:/')"
 	[ -z "$proto" ] && return
-	if [ "$proto" = "tcp" ] || [ "$proto" = "tcp udp" ]; then
+	if [ "$intf" = "all" ]; then
-		uci -q batch <<-EOF
+		$IPTABLESRESTORE -w --wait=60  --noflush <<-EOF
-			add_list firewall.omr_dst_bypass_${intf}_dstport_tcp.dst_port="$dport"
+		*mangle
-			set firewall.omr_dst_bypass_${intf}_dstport_tcp.enabled='1'
+		-A omr-bypass --protocol $proto --source-port $sport -j MARK --set-mark 0x539
+		COMMIT
 		EOF
-	fi
+		$IPTABLESRESTORE -w --wait=60  --noflush <<-EOF
-	if [ "$proto" = "udp" ] || [ "$proto" = "tcp udp" ]; then
+		*mangle
-		uci -q batch <<-EOF
+		-A omr-bypass-local --protocol $proto --source-port $sport -j MARK --set-mark 0x539
-			add_list firewall.omr_dst_bypass_${intf}_dstport_udp.dst_port="$dport"
+		COMMIT
-			set firewall.omr_dst_bypass_${intf}_dstport_udp.enabled='1'
 		EOF
+		if [ "$disableipv6" = "0" ]; then
+			$IP6TABLESRESTORE -w --wait=60  --noflush <<-EOF
+			*mangle
+			-A omr-bypass6 --protocol $proto --source-port $sport -j MARK --set-mark 0x6539
+			COMMIT
+			EOF
+		fi
+	else
+		$IPTABLESRESTORE -w --wait=60  --noflush <<-EOF
+		*mangle
+		-A omr-bypass --protocol $proto --source-port $sport -j MARK --set-mark 0x539$intfid
+		COMMIT
+		EOF
+		$IPTABLESRESTORE -w --wait=60  --noflush <<-EOF
+		*mangle
+		-A omr-bypass-local --protocol $proto --source-port $sport -j MARK --set-mark 0x539$intfid
+		COMMIT
+		EOF
+		if [ "$disableipv6" = "0" ]; then
+			$IP6TABLESRESTORE -w --wait=60  --noflush <<-EOF
+			*mangle
+			-A omr-bypass6 --protocol $proto --source-port $sport -j MARK --set-mark 0x6539$intfid
+			COMMIT
+			EOF
+		fi
 	fi
 }
 
@@ -279,7 +398,7 @@ _bypass_proto() {
 	[ -z "$noipv6" ] && noipv6="0"
 	[ -z "$family" ] && family="ipv4ipv6"
 	intf=$(echo $intf | sed -e 's/\./_/')
-	#[ -n "$intf" ] && [ -z "$(ipset --list | grep omr_dst_bypass_$intf)" ] && return
+	[ -n "$intf" ] && [ -z "$(ipset --list | grep omr_dst_bypass_$intf)" ] && return
 	local intfid="$(uci -q get omr-bypass.$intf.id)"
 
 	[ -z "$intf" ] && intf="all"
@@ -289,8 +408,8 @@ _bypass_proto() {
 			if [ "$family" = "ipv4" ] || [ "$family" = "ipv4ipv6" ]; then
 				$IPTABLESRESTORE -w --wait=60  --noflush <<-EOF
 				*mangle
-				-A omr-bypass-dpi -m ndpi --proto $proto -j MARK --set-mark 0x4539
+				-A omr-bypass-dpi -m ndpi --proto $proto -j MARK --set-mark 0x539
-				-A omr-bypass-dpi -m mark --mark 0x4539 -j RETURN
+				-A omr-bypass-dpi -m mark --mark 0x539 -j RETURN
 				COMMIT
 				EOF
 			fi
@@ -306,8 +425,8 @@ _bypass_proto() {
 			if [ "$family" = "ipv4" ] || [ "$family" = "ipv4ipv6" ]; then
 				$IPTABLESRESTORE -w --wait=60  --noflush <<-EOF
 				*mangle
-				-A omr-bypass-dpi -m ndpi --proto $proto -j MARK --set-mark 0x4539$intfid
+				-A omr-bypass-dpi -m ndpi --proto $proto -j MARK --set-mark 0x539$intfid
-				-A omr-bypass-dpi -m mark --mark 0x4539$intfid -j RETURN
+				-A omr-bypass-dpi -m mark --mark 0x539$intfid -j RETURN
 				COMMIT
 				EOF
 			fi
@@ -378,84 +497,74 @@ _bypass_proto_without_ndpi() {
 	[ -z "$noipv6" ] && noipv6="0"
 	[ -z "$family" ] && family="ipv4ipv6"
 	intf=$(echo $intf | sed -e 's/\./_/')
-	#[ -n "$intf" ] && [ -z "$(ipset --list | grep omr_dst_bypass_$intf)" ] && return
+	[ -n "$intf" ] && [ -z "$(ipset --list | grep omr_dst_bypass_$intf)" ] && return
 	local intfid="$(uci -q get omr-bypass.$intf.id)"
 
 	[ -z "$intf" ] && intf="all"
-	[ "$intf" = "all" ] && intfid=""
 	[ -z "$proto" ] && return
 	if [ "$(uci -q get openmptcprouter.settings.ndpi)" == "0" ] || [ "$ndpi" == "0" ] || [ "$vpn" = "1" ]; then
 		ALLIPS=$(sqlite3 /usr/share/omr-bypass/omr-bypass.db "select ip from ipproto where proto=\"$proto\";" ".exit")
 		if [ -n "$ALLIPS" ]; then
 			if [ "$vpn" != "1" ]; then
-				uci -q batch <<-EOF >/dev/null
+				ipset -q flush bypass_$proto > /dev/null 2>&1
-					set firewall.bypass_$proto=ipset
+				ipset -q flush bypass6_$proto > /dev/null 2>&1
-					set firewall.bypass_$proto.name="bypass_$proto"
+				ipset -q --exist restore <<-EOF
-					set firewall.bypass_$proto.match='dest_ip'
+				create bypass_$proto hash:net hashsize 64
-					set firewall.bypass_$proto_rule=rule
+				create bypass6_$proto hash:net family inet6 hashsize 64
-					set firewall.bypass_$proto_rule.name="bypass_$proto"
-					set firewall.bypass_$proto_rule.src='lan'
-					set firewall.bypass_$proto_rule.dest='*'
-					set firewall.bypass_$proto_rule.target='MARK'
-					set firewall.bypass_$proto_rule.set_xmark="4539${intfid}"
-					commit firewall
 				EOF
-				uci -q batch <<-EOF >/dev/null
-					set firewall.bypass6_$proto=ipset
-					set firewall.bypass6_$proto.name="bypas6s_$proto"
-					set firewall.bypass6_$proto.match='dest_ip'
-					set firewall.bypass6_$proto_rule=rule
-					set firewall.bypass6_$proto_rule.name="bypass6_$proto"
-					set firewall.bypass6_$proto_rule.src='lan'
-					set firewall.bypass6_$proto_rule.dest='*'
-					set firewall.bypass6_$proto_rule.target='MARK'
-					set firewall.bypass6_$proto_rule.set_xmark="6539${intfid}"
-					commit firewall
-				EOF
-				#if [ "$intfid" != "" ]; then
-				#	uci -q batch <<-EOF >/dev/null
-				#		delete network.${1}_fw_rule=rule
-				#		set network.${1}_fw_rule=rule
-				#		set network.${1}_fw_rule.priority=1
-				#		set network.${1}_fw_rule.mark=0x539${intfid}
-				#		set network.${1}_fw_rule.lookup=${intfid}
-				#		delete network.${1}_fw_rule6=rule6
-				#		set network.${1}_fw_rule6=rule6
-				#		set network.${1}_fw_rule6.priority=1
-				#		set network.${1}_fw_rule6.mark=0x6539${intfid}
-				#		set network.${1}_fw_rule6.lookup=${intfid}
-				#		commit network
-				#	EOF
-				#fi
-
-				#ipset -q flush bypass_$proto > /dev/null 2>&1
-				#ipset -q flush bypass6_$proto > /dev/null 2>&1
-				#ipset -q --exist restore <<-EOF
-				#create bypass_$proto hash:net hashsize 64
-				#create bypass6_$proto hash:net family inet6 hashsize 64
-				#EOF
 			fi
 			for ip in $ALLIPS; do
 				valid_ip4=$( valid_subnet4 $ip)
 				valid_ip6=$( valid_subnet6 $ip)
 				if [ "$valid_ip4" = "ok" ]; then
 					if [ "$vpn" != "1" ]; then
-						#ipset -q add bypass_$proto $ip
+						ipset -q add bypass_$proto $ip
-						uci -q add_list firewall.bypass_$proto.entry=$ip
 					else
-						#ipset -q add omr_dst_bypass_$intf $ip
+						ipset -q add omr_dst_bypass_$intf $ip
-						uci -q add_list firewall.omr_dst_bypass_$intf_4.entry=$ip
 					fi
 				elif [ "$valid_ip6" = "ok" ]; then
 					if [ "$vpn" != "1" ]; then
-						#ipset -q add bypass6_$proto $ip
+						ipset -q add bypass6_$proto $ip
-						uci -q add_list firewall.bypass6_$proto.entry=$ip
 					else
-						#ipset -q add omr6_dst_bypass_$intf $ip
+						ipset -q add omr6_dst_bypass_$intf $ip
-						uci -q add_list firewall.omr6_dst_bypass_$intf_4.entry=$ip
 					fi
 				fi
 			done
+			if [ "$intf" = "all" ]; then
+				if [ "$family" = "ipv4" ] || [ "$family" = "ipv4ipv6" ]; then
+					$IPTABLESRESTORE -w --wait=60  --noflush <<-EOF
+					*mangle
+					-A omr-bypass-dpi -m set --match-set bypass_$proto dst -j MARK --set-mark 0x539
+					-A omr-bypass-dpi -m mark --mark 0x539 -j RETURN
+					COMMIT
+					EOF
+				fi
+				if [ "$disableipv6" = "0" ] && ([ "$family" = "ipv6" ] || [ "$family" = "ipv4ipv6" ]); then
+					$IP6TABLESRESTORE -w --wait=60  --noflush <<-EOF
+					*mangle
+					-A omr-bypass6-dpi -m set --match-set bypass6_$proto dst -j MARK --set-mark 0x6539
+					-A omr-bypass6-dpi -m mark --mark 0x6539 -j RETURN
+					COMMIT
+					EOF
+				fi
+			elif [ "$vpn" != "1" ]; then
+				if [ "$family" = "ipv4" ] || [ "$family" = "ipv4ipv6" ]; then
+					$IPTABLESRESTORE -w --wait=60  --noflush <<-EOF
+					*mangle
+					-A omr-bypass-dpi -m set --match-set bypass_$proto dst -j MARK --set-mark 0x539$intfid
+					-A omr-bypass-dpi -m mark --mark 0x539$intfid -j RETURN
+					COMMIT
+					EOF
+				fi
+				if [ "$disableipv6" = "0" ] && ([ "$family" = "ipv6" ] || [ "$family" = "ipv4ipv6" ]); then
+					$IP6TABLESRESTORE -w --wait=60  --noflush <<-EOF
+					*mangle
+					-A omr-bypass6-dpi -m set --match-set bypass6_$proto dst -j MARK --set-mark 0x6539$intfid
+					-A omr-bypass6-dpi -m mark --mark 0x6539$intfid -j RETURN
+					COMMIT
+					EOF
+				fi
+			fi
 		fi
 	fi
 	# Use dnsmasq ipset to bypass domains of the proto
@@ -500,16 +609,53 @@ _bypass_proto_without_ndpi() {
 }
 
 _intf_rule_ss_rules() {
-	cat >> /etc/firewall.omr-bypass <<-EOF
+	rule_name=$1
-		nft insert rule inet fw4 ss_rules_dst_tcp ip daddr @omr_dst_bypass_${intf}_4 accept
+	[ "$rule_name" = "ss_rules" ] && rule_name="def"
-		nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_${intf}_4 accept
+	if [ "$($IPTABLES --wait=40 -t nat -L -n | grep ssr_${rule_name}_dst)" != "" ] && [ "$($IPTABLESSAVE 2>/dev/null | grep ssr_${rule_name}_dst | grep omr_dst_bypass_$intf)" = "" ]; then
-	EOF
+		$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
-	if [ "$disableipv6" = "0" ]; then
+		*nat
-		cat >> /etc/firewall.omr-bypass <<-EOF
+		-I ssr_${rule_name}_dst 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
-			nft insert rule inet fw4 ss_rules_dst_tcp ip6 daddr @omr_dst_bypass_${intf}_6 accept
+		-I ssr_${rule_name}_dst 2 -m mark --mark 0x539$count -j RETURN
-			nft insert rule inet fw4 ss_rules_local_out ip6 daddr @omr_dst_bypass_${intf}_6 accept
+		COMMIT
 		EOF
 	fi
+	if [ "$($IPTABLES --wait=40 -t nat -L -n | grep ssr_${rule_name}_local_out)" != "" ] && [ "$($IPTABLESSAVE 2>/dev/null | grep ssr_${rule_name}_local_out | grep omr_dst_bypass_$intf)" = "" ]; then
+		$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
+		*nat
+		-I ssr_${rule_name}_local_out 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
+		-I ssr_${rule_name}_local_out 2 -m mark --mark 0x539$count -j RETURN
+		COMMIT
+		EOF
+	fi
+	if [ "$($IPTABLES --wait=40 -t nat -L -n | grep ssr_${rule_name}_pre_src)" != "" ] && [ "$($IPTABLESSAVE 2>/dev/null | grep ssr_${rule_name}_pre_src | grep omr_dst_bypass_$intf)" = "" ]; then
+		$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
+		*nat
+		-I ssr_${rule_name}_pre_src 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
+		-I ssr_${rule_name}_pre_src 2 -m mark --mark 0x539$count -j RETURN
+		COMMIT
+		EOF
+	fi
+	if [ "$disableipv6" = "0" ]; then
+		if [ "$($IP6TABLES --wait=40 -t mangle -L -n | grep omr6_dst_bypass_$intf)" = "" ]; then
+			$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
+			*mangle
+			-I omr-bypass6 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
+			COMMIT
+			EOF
+		fi
+		if [ "$($IP6TABLES --wait=40 -t nat -L -n | grep ssr6_${rule_name}_pre_src)" != "" ] && [ "$($IP6TABLESSAVE 2>/dev/null | grep ssr6 | grep omr6_dst_bypass_$intf)" = "" ]; then
+			$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
+			*nat
+			-I ssr6_${rule_name}_dst 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
+			-I ssr6_${rule_name}_dst 2 -m mark --mark 0x6539$count -j RETURN
+			-I ssr6_${rule_name}_local_out 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
+			-I ssr6_${rule_name}_local_out 2 -m mark --mark 0x6539$count -j RETURN
+			-I ssr6_${rule_name}_pre_src 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
+			-I ssr6_${rule_name}_pre_src 2 -m mark --mark 0x6539$count -j RETURN
+			COMMIT
+			EOF
+		fi
+	fi
 }
 
 _intf_rule_v2ray_rules() {
@@ -620,133 +766,56 @@ _intf_rule_xray_rules() {
 
 _intf_rule() {
 	local intf
-	[ "$1" = "all" ] && intf="all"
+	intf=$(ifstatus "$1" | jsonfilter -q -e '@["l3_device"]')
-	[ -z "$intf" ] && intf=$(ifstatus "$1" | jsonfilter -q -e '@["l3_device"]')
 	[ -n "$(echo $intf | grep '@')" ] && intf=$(ifstatus "$1" | jsonfilter -q -e '@["device"]')
 	[ -z "$intf" ] && config_get intf $1 device
 	[ -n "$(echo $intf | grep '/')" ] && return
 	#count=$((count+1))
-	[ "$intf" != "all" ] && config_get count $1 metric
+	config_get count $1 metric
-	[ "$intf" = "all" ] && count=""
 	local mode
 	#config_get mode $1 multipath "off"
 	#[ "$mode" = "off" ] && return
-	[ "$intf" != "all" ] && [ -z "$count" ] && return
+	[ -z "$count" ] && return
 	[ -z "$intf" ] && return
 	intf=$(echo $intf | sed -e 's/\./_/')
-	intf=$(echo $intf | sed -e 's/-/_/')
 	[ "$(echo $1 | grep _dev)" != "" ] && return
-	[ "$intf" = "lo" ] && return
+	[ -z "$RELOAD" ] || [ "$(ipset --list | grep omr_dst_bypass_$intf)" = "" ] && {
-	[ -z "$intf" ] && return
+		unset RELOAD
-#	[ -z "$RELOAD" ] || [ "$(uci show firewall.omr_dst_bypass_$intf_4)" = "" ] && {
+		ipset -q flush omr_dst_bypass_$intf > /dev/null 2>&1
-		#unset RELOAD
+		ipset -q flush omr6_dst_bypass_$intf > /dev/null 2>&1
-		#echo "$intf ip set dhcp"
+		ipset -q --exist restore <<-EOF
-		uci batch <<-EOF
+		create omr_dst_bypass_$intf hash:net hashsize 64
-			set dhcp.omr_dst_bypass_$intf=ipset
+		create omr6_dst_bypass_$intf hash:net family inet6 hashsize 64
-			set dhcp.omr_dst_bypass_$intf.name="omr_dst_bypass_${intf}_4,omr_dst_bypass_${intf}_6"
-			commit dhcp
 		EOF
-		#echo "firewall omr_dst_bypass ipset"
+		if [ "$(uci -q get openmptcprouter.settings.uci_rules)" = "1" ]; then
-		uci -q batch <<-EOF
-			set firewall.omr_dst_bypass_${intf}_4=ipset
-			set firewall.omr_dst_bypass_${intf}_4.name="omr_dst_bypass_${intf}_4"
-			set firewall.omr_dst_bypass_${intf}_4.match='dest_ip'
-		EOF
-		#echo "firewall omr_dst_bypass rules"
-		if [ "$disableipv6" = "0" ]; then
-			protocol="4 6"
-		else
-			protocol="4"
-		fi
-		for ipv46 in $protocol; do
-			echo "ipv46: $ipv46 for $intf"
-			uci batch <<-EOF
-				set firewall.omr_dst_bypass_${intf}_dstip_${ipv46}=rule
-				set firewall.omr_dst_bypass_${intf}_dstip_${ipv46}.name="omr_dst_bypass_${intf}_rule"
-				set firewall.omr_dst_bypass_${intf}_dstip_${ipv46}.ipset="omr_dst_bypass_${intf}_4"
-				set firewall.omr_dst_bypass_${intf}_dstip_${ipv46}.src='lan'
-				set firewall.omr_dst_bypass_${intf}_dstip_${ipv46}.dest='*'
-				set firewall.omr_dst_bypass_${intf}_dstip_${ipv46}.target='MARK'
-				set firewall.omr_dst_bypass_${intf}_dstip_${ipv46}.enabled='0'
-				set firewall.omr_dst_bypass_${intf}_dstip_${ipv46}.set_xmark="${ipv46}539${count}"
-				set firewall.omr_dst_bypass_${intf}_srcip_${ipv46}=rule
-				set firewall.omr_dst_bypass_${intf}_srcip_${ipv46}.name="omr_dst_bypass_${intf}_srcip"
-				set firewall.omr_dst_bypass_${intf}_srcip_${ipv46}.ipset="omr_dst_bypass_${intf}_4"
-				set firewall.omr_dst_bypass_${intf}_srcip_${ipv46}.src='lan'
-				set firewall.omr_dst_bypass_${intf}_srcip_${ipv46}.dest='*'
-				set firewall.omr_dst_bypass_${intf}_srcip_${ipv46}.target='MARK'
-				set firewall.omr_dst_bypass_${intf}_srcip_${ipv46}.enabled='0'
-				set firewall.omr_dst_bypass_${intf}_srcip_${ipv46}.set_xmark="${ipv46}539${count}"
-				set firewall.omr_dst_bypass_${intf}_mac_${ipv46}=rule
-				set firewall.omr_dst_bypass_${intf}_mac_${ipv46}.name='omr_dst_bypass_${intf}_mac'
-				set firewall.omr_dst_bypass_${intf}_mac_${ipv46}.src='lan'
-				set firewall.omr_dst_bypass_${intf}_mac_${ipv46}.dest='*'
-				set firewall.omr_dst_bypass_${intf}_mac_${ipv46}.target='MARK'
-				set firewall.omr_dst_bypass_${intf}_mac_${ipv46}.enabled='0'
-				set firewall.omr_dst_bypass_${intf}_mac_${ipv46}.set_xmark="${ipv46}539${count}"
-				set firewall.omr_dst_bypass_${intf}_srcport_tcp_${ipv46}=rule
-				set firewall.omr_dst_bypass_${intf}_srcport_tcp_${ipv46}.name="omr_dst_bypass_${intf}_srcport"
-				set firewall.omr_dst_bypass_${intf}_srcport_tcp_${ipv46}.proto='tcp'
-				set firewall.omr_dst_bypass_${intf}_srcport_tcp_${ipv46}.src='lan'
-				set firewall.omr_dst_bypass_${intf}_srcport_tcp_${ipv46}.dest='*'
-				set firewall.omr_dst_bypass_${intf}_srcport_tcp_${ipv46}.target='MARK'
-				set firewall.omr_dst_bypass_${intf}_srcport_tcp_${ipv46}.enabled='0'
-				set firewall.omr_dst_bypass_${intf}_srcport_tcp_${ipv46}.set_xmark="${ipv46}539${count}"
-				set firewall.omr_dst_bypass_${intf}_srcport_udp_${ipv46}=rule
-				set firewall.omr_dst_bypass_${intf}_srcport_udp_${ipv46}.name="omr_dst_bypass_${intf}_srcport"
-				set firewall.omr_dst_bypass_${intf}_srcport_udp_${ipv46}.proto='udp'
-				set firewall.omr_dst_bypass_${intf}_srcport_udp_${ipv46}.src='lan'
-				set firewall.omr_dst_bypass_${intf}_srcport_udp_${ipv46}.dest='*'
-				set firewall.omr_dst_bypass_${intf}_srcport_udp_${ipv46}.target='MARK'
-				set firewall.omr_dst_bypass_${intf}_srcport_udp_${ipv46}.enabled='0'
-				set firewall.omr_dst_bypass_${intf}_srcport_udp_${ipv46}.set_xmark="${ipv46}539${count}"
-				set firewall.omr_dst_bypass_${intf}_dstport_tcp_${ipv46}=rule
-				set firewall.omr_dst_bypass_${intf}_dstport_tcp_${ipv46}.name="omr_dst_bypass_${intf}_dstport"
-				set firewall.omr_dst_bypass_${intf}_dstport_tcp_${ipv46}.src='lan'
-				set firewall.omr_dst_bypass_${intf}_dstport_tcp_${ipv46}.dest='*'
-				set firewall.omr_dst_bypass_${intf}_dstport_tcp_${ipv46}.target='MARK'
-				set firewall.omr_dst_bypass_${intf}_dstport_tcp_${ipv46}.enabled='0'
-				set firewall.omr_dst_bypass_${intf}_dstport_tcp_${ipv46}.set_xmark="${ipv46}539${count}"
-				set firewall.omr_dst_bypass_${intf}_dstport_udp_${ipv46}=rule
-				set firewall.omr_dst_bypass_${intf}_dstport_udp_${ipv46}.name="omr_dst_bypass_${intf}_dstport"
-				set firewall.omr_dst_bypass_${intf}_dstport_udp_${ipv46}.src='lan'
-				set firewall.omr_dst_bypass_${intf}_dstport_udp_${ipv46}.dest='*'
-				set firewall.omr_dst_bypass_${intf}_dstport_udp_${ipv46}.target='MARK'
-				set firewall.omr_dst_bypass_${intf}_dstport_udp_${ipv46}.enabled='0'
-				set firewall.omr_dst_bypass_${intf}_dstport_udp_${ipv46}.set_xmark="${ipv46}539${count}"
-				commit firewall
-			EOF
-		done
-		if [ "$intf" = "all" ]; then
 			uci -q batch <<-EOF >/dev/null
-				delete network.${intf}_fw_rule=rule
+				delete network.${1}_fw_rule=rule
-				set network.${intf}_fw_rule=rule
+				set network.${1}_fw_rule=rule
-				set network.${intf}_fw_rule.priority=1
+				set network.${1}_fw_rule.priority=1
-				set network.${intf}_fw_rule.mark=0x4539
+				set network.${1}_fw_rule.mark=0x539${count}
-				set network.${intf}_fw_rule.lookup=991337
+				set network.${1}_fw_rule.lookup=${count}
-				delete network.${intf}_fw_rule6=rule6
+				delete network.${1}_fw_rule6=rule6
-				set network.${intf}_fw_rule6=rule6
+				set network.${1}_fw_rule6=rule6
-				set network.${intf}_fw_rule6.priority=1
+				set network.${1}_fw_rule6.priority=1
-				set network.${intf}_fw_rule6.mark=0x6539
+				set network.${1}_fw_rule6.mark=0x6539${count}
-				set network.${intf}_fw_rule6.lookup=6991337
+				set network.${1}_fw_rule6.lookup=${count}
 				commit network
 			EOF
 		else
-			uci -q batch <<-EOF >/dev/null
+			ip rule add prio 1 fwmark 0x539$count lookup $count pref 1 > /dev/null 2>&1
-				delete network.${intf}_fw_rule=rule
+			ip -6 rule add prio 1 fwmark 0x6539$count lookup 6$count pref 1 > /dev/null 2>&1
-				set network.${intf}_fw_rule=rule
-				set network.${intf}_fw_rule.priority=1
-				set network.${intf}_fw_rule.mark=0x4539${count}
-				set network.${intf}_fw_rule.lookup=${count}
-				delete network.${intf}_fw_rule6=rule6
-				set network.${intf}_fw_rule6=rule6
-				set network.${intf}_fw_rule6.priority=1
-				set network.${intf}_fw_rule6.mark=0x6539${count}
-				set network.${intf}_fw_rule6.lookup=${count}
-				commit network
-			EOF
 		fi
-
+	}
+	if [ "$($IPTABLESSAVE 2>/dev/null | grep omr-bypass | grep omr_dst_bypass_$intf)" = "" ]; then
+		$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
+		*mangle
+		-I omr-bypass 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
+		-I omr-bypass 2 -m mark --mark 0x539$count -j RETURN
+		-I omr-bypass-local 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
+		-I omr-bypass-local 2 -m mark --mark 0x539$count -j RETURN
+		COMMIT
+		EOF
+	fi
 	if [ "$(uci -q get openmptcprouter.settings.proxy)" = "shadowsocks" ]; then
 		config_load shadowsocks-libev
 		config_foreach _intf_rule_ss_rules ss_rules
@@ -787,6 +856,7 @@ _bypass_asn() {
 	for ip in $asnips; do
 		_bypass_ip $ip $interface
 	done
+
 }
 
 bypass_asn() {
@@ -802,16 +872,41 @@ _bypass_omr_server() {
 
 
 _ss_rules_config() {
-	cat >> /etc/firewall.omr-bypass <<-EOF
+	rule_name=$1
-		nft insert rule inet fw4 ss_rules_dst_tcp ip daddr @omr_dst_bypass_all_4 accept
+	[ "$rule_name" = "ss_rules" ] && rule_name="def"
-		nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_all_4 accept
+	if [ "$($IPTABLES --wait=40 -t nat -L -n | grep ssr_${rule_name}_pre_src)" != "" ] && [ "$($IPTABLES --wait=40 -t nat -L -n | grep omr_dst_bypass_all)" = "" ]; then
-	EOF
+		$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
-	if [ "$disableipv6" = "0" ]; then
+		*nat
-		cat >> /etc/firewall.omr-bypass <<-EOF
+		-I ssr_${rule_name}_dst 1 -m set --match-set omr_dst_bypass_all dst -j  MARK --set-mark 0x539
-			nft insert rule inet fw4 ss_rules_dst_tcp ip6 daddr @omr_dst_bypass_all_6 accept
+		-I ssr_${rule_name}_dst 2 -m mark --mark 0x539 -j RETURN
-			nft insert rule inet fw4 ss_rules_local_out ip6 daddr @omr_dst_bypass_all_6 accept
+		-I ssr_${rule_name}_local_out 1 -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539
+		-I ssr_${rule_name}_local_out 2 -m mark --mark 0x539 -j RETURN
+		-I ssr_${rule_name}_pre_src 1 -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539
+		-I ssr_${rule_name}_pre_src 2 -m mark --mark 0x539 -j RETURN
+		COMMIT
 		EOF
 	fi
+	if [ "$disableipv6" = "0" ]; then
+		if [ "$($IP6TABLES --wait=40 -t mangle -L -n | grep 'match-set omr6_dst_bypass_all dst MARK set')" = "" ]; then
+			$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
+			*mangle
+			-A omr-bypass6 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
+			COMMIT
+			EOF
+		fi
+		if [ "$($IP6TABLES --wait=40 -t nat -L -n | grep ssr6_${rule_name}_pre_src)" != "" ] && [ "$($IP6TABLES --wait=40 -t nat -L -n | grep omr6_dst_bypass_all)" = "" ]; then
+			$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
+			*nat
+			-I ssr6_${rule_name}_dst 1 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
+			-I ssr6_${rule_name}_dst 1 -m mark --mark 0x6539 -j RETURN
+			-I ssr6_${rule_name}_local_out 1 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
+			-I ssr6_${rule_name}_local_out 2 -m mark --mark 0x6539 -j RETURN
+			-I ssr6_${rule_name}_pre_src 1 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x6539
+			-I ssr6_${rule_name}_pre_src 2 -m mark --mark 0x6539 -j RETURN
+			COMMIT
+			EOF
+		fi
+	fi
 }
 
 _v2ray_rules_config() {
@@ -892,18 +987,6 @@ _xray_rules_config() {
 	fi
 }
 
-_delete_dhcp_ipset() {
-	[ -n "$(echo $1 | grep omr_dst_bypass)" ] && {
-		uci -q delete dhcp.$1
-	}
-}
-
-_delete_firewall_rules() {
-	[ -n "$(echo $1 | grep omr_dst_bypass)" ] && {
-		uci -q delete firewall.$1
-	}
-}
-
 boot() {
 	BOOT=1
 	start "$@"
@@ -912,16 +995,6 @@ boot() {
 start_service() {
 	#local count
 	logger -t "omr-bypass" "Starting OMR-ByPass..."
-
-	config_load dhcp
-	config_foreach _delete_dhcp_ipset ipset
-	#uci -q commit dhcp
-	config_load firewall
-	config_foreach _delete_firewall_rules rule
-	config_foreach _delete_firewall_rules ipset
-	#uci -q commit firewall
-
-
 	add_domains="false"
 	[ -d /proc/net/xt_ndpi ] && {
 		config_load omr-bypass
@@ -930,58 +1003,128 @@ start_service() {
 	disableipv6="$(uci -q get openmptcprouter.settings.disable_ipv6)"
 	#noipv6="$(uci -q get omr-bypass.global.noipv6)"
 
-	cat > /etc/firewall.omr-bypass <<-EOF
+	[ -n "$RELOAD" ] && [ "$(ipset --list | grep omr_dst_bypass_all)" = "" ] && {
-	#!/bin/sh
+		unset RELOAD
-	#nft insert rule inet fw4 ss_rules_dst_tcp ip daddr @omr_dst_bypass_all accept
+	}
-	#nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_all accept
+	[ -z "$RELOAD" ] && {
+		ipset -q flush omr_dst_bypass_all > /dev/null 2>&1
+		ipset -q flush omr6_dst_bypass_all > /dev/null 2>&1
+		ipset -q --exist restore <<-EOF
+		create omr_dst_bypass_all hash:net hashsize 64
+		create omr6_dst_bypass_all hash:net family inet6 hashsize 64
+		EOF
+		ipset -q flush omr_dst_bypass_srv_vpn1 > /dev/null 2>&1
+		ipset -q flush omr6_dst_bypass_srv_vpn1 > /dev/null 2>&1
+		ipset -q --exist restore <<-EOF
+		create omr_dst_bypass_srv_vpn1 hash:net hashsize 64
+		create omr6_dst_bypass_srv_vpn1 hash:net family inet6 hashsize 64
+		EOF
+	}
+	$IPTABLESSAVE --counters 2>/dev/null | grep -v omr-bypass | $IPTABLESRESTORE -w --counters 2>/dev/null
+	$IPTABLESRESTORE -w --wait=60  --noflush <<-EOF
+	*mangle
+	:omr-bypass -
+	-A PREROUTING -j omr-bypass
+	COMMIT
 	EOF
-	uci batch <<-EOF
+	$IPTABLESRESTORE -w --wait=60  --noflush <<-EOF
-		set firewall.omr_bypass=include
+	*mangle
-		set firewall.omr_bypass.enabled='1'
+	:omr-bypass-local -
-		set firewall.omr_bypass.type='script'
+	-A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass-local
-		set firewall.omr_bypass.path='/etc/firewall.omr-bypass'
+	COMMIT
-		set firewall.omr_bypass.fw4_compatible='1'
-		commit firewall
 	EOF
-	echo "intf_rule"
+	if [ "$disableipv6" = "0" ]; then
+		$IP6TABLESSAVE --counters 2>/dev/null | grep -v omr-bypass6 | $IP6TABLESRESTORE -w --counters 2>/dev/null
+		$IP6TABLESRESTORE -w --wait=60  --noflush <<-EOF
+		*mangle
+		:omr-bypass6 -
+		-A PREROUTING -j omr-bypass6
+		COMMIT
+		EOF
+		$IP6TABLESRESTORE -w --wait=60  --noflush <<-EOF
+		*mangle
+		:omr-bypass6-local -
+		-A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass6-local
+		COMMIT
+		EOF
+	fi
+	
 	config_load network
 	config_foreach _intf_rule interface
-	_intf_rule all
 	local ndpi_rules=""
-	echo "bypass server"
 	if [ "$(uci -q get openmptcprouter.settings.bypass_servers)" = "1" ]; then
 		config_load openmptcprouter
 		config_foreach _bypass_omr_server server
 	fi
 	config_load omr-bypass
-	echo "bypass ip"
 	config_foreach _bypass_ip_set ips
-	echo "bypass mac"
 	config_foreach _bypass_mac macs
-	echo "bypass lan ip"
 	config_foreach _bypass_lan_ip lan_ip
-	echo "bypass dest port"
 	config_foreach _bypass_dest_port dest_port
-	echo "bypass src port"
 	config_foreach _bypass_src_port src_port
-	echo "bypass asn"
 	config_foreach _bypass_asn asns
-	echo "bypass domains"
+	dnsmasqipset=$(uci -q get dhcp.@dnsmasq[0].ipset | sed 's/ /\n/g' | grep -v dst_bypass)
+	uci -q delete dhcp.@dnsmasq[0].ipset
+	uci -q delete dhcp.@dnsmasq[0].noipv6
+	if [ -n "$dnsmasqipset" ]; then
+		for dnsipset in $dnsmasqipset; do
+			ipsets=""
+			allipsets=$(echo $dnsipset | cut -d/ -f3 | sed 's/,/\n/g')
+			for ipset in $allipsets; do
+				[ "$(echo $ipset | grep -v dst_bypass)" != "" ] && {
+					[ "$ipsets" != "" ] && ipsets="$ipsets,$ipset"
+					[ "$ipsets" = "" ] && ipsets="$ipset"
+				}
+			done
+			if [ "$ipsets" != "" ]; then
+				resultipset="/$(echo $dnsipset | cut -d/ -f2)/$ipsets"
+				[ -n "$resultipset" ] && uci -q add_list dhcp.@dnsmasq[0].ipset=$resultipset
+			fi
+		done
+	fi
 	config_foreach _bypass_domains domains
 	uci -q commit dhcp
 
-#	ip rule add prio 1 fwmark 0x4539 lookup 991337 > /dev/null 2>&1
+	ip rule add prio 1 fwmark 0x539 lookup 991337 > /dev/null 2>&1
-#	ip -6 rule add prio 1 fwmark 0x6539 lookup 6991337 > /dev/null 2>&1
+	ip -6 rule add prio 1 fwmark 0x6539 lookup 6991337 > /dev/null 2>&1
 
-	#config_load shadowsocks-libev
+	if [ "$($IPTABLES --wait=40 -t mangle -L -n | grep 'match-set omr_dst_bypass_all dst MARK set')" = "" ]; then
-	#config_foreach _ss_rules_config ss_rules
+		$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
-	([ "$(uci -q get shadowsocks-libev.sss0.disabled)" != "1" ] || [ "$(uci -q get shadowsocks-rust.sss0.disabled)" != "1" ]) && _ss_rules_config
+		*mangle
-	#config_load shadowsocks-rust
+		-A omr-bypass -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539
-	#config_foreach _ss_rules_config ss_rules
+		-A omr-bypass -m mark --mark 0x539 -j RETURN
+		COMMIT
+		EOF
+		$IPTABLESRESTORE -w --wait=60 --noflush <<-EOF
+		*mangle
+		-A omr-bypass-local -m set --match-set omr_dst_bypass_all dst -j MARK --set-mark 0x539
+		-A omr-bypass-local -m mark --mark 0x539 -j RETURN
+		COMMIT
+		EOF
+	fi
+	if [ "$disableipv6" = "0" ]; then
+		if [ "$($IP6TABLES --wait=40 -t mangle -L -n | grep 'match-set omr6_dst_bypass_all dst MARK set')" = "" ]; then
+			$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
+			*mangle
+			-A omr-bypass6 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x539
+			-A omr-bypass6 -m mark --mark 0x539 -j RETURN
+			COMMIT
+			EOF
+			$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
+			*mangle
+			-A omr-bypass6-local -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x539
+			-A omr-bypass6-local -m mark --mark 0x539 -j RETURN
+			COMMIT
+			EOF
+		fi
+	fi
+	config_load shadowsocks-libev
+	config_foreach _ss_rules_config
+	config_load shadowsocks-rust
+	config_foreach _ss_rules_config
 	_v2ray_rules_config
 	_xray_rules_config
 
-	# NDPI Netfilter is not available for nftables
 	$IPTABLESSAVE --counters 2>/dev/null | grep -v omr-bypass-dpi | $IPTABLESRESTORE -w --counters 2>/dev/null
 	$IPTABLESRESTORE -w --wait=60  --noflush <<-EOF
 	*mangle
@@ -1013,7 +1156,7 @@ start_service() {
 		logger -t "omr-bypass" "Reload dnsmasq..."
 		/etc/init.d/dnsmasq reload
 	}
-	fw4 restart
+
 	# Create a protocol list for UI from a sqlite DB when NDPI is not available
 	sqlite3 /usr/share/omr-bypass/omr-bypass.db "select distinct(proto) from (select proto from hostproto union all select proto from ipproto) a order by proto;" ".exit" > /usr/share/omr-bypass/omr-bypass-proto.lst
 	config_load omr-bypass
@@ -1025,25 +1168,15 @@ start_service() {
 
 stop_service() {
 	$IPTABLESSAVE --counters 2>/dev/null | grep -v omr-bypass | $IPTABLESRESTORE -w --counters 2>/dev/null
-#	$IPTABLESSAVE --counters 2>/dev/null | grep -v omr_dst | $IPTABLESRESTORE -w --counters 2>/dev/null
+	$IPTABLESSAVE --counters 2>/dev/null | grep -v omr_dst | $IPTABLESRESTORE -w --counters 2>/dev/null
 	$IP6TABLESSAVE --counters 2>/dev/null | grep -v omr-bypass6 | $IP6TABLESRESTORE -w --counters 2>/dev/null
-#	$IP6TABLESSAVE --counters 2>/dev/null | grep -v omr6_dst | $IP6TABLESRESTORE -w --counters 2>/dev/null
+	$IP6TABLESSAVE --counters 2>/dev/null | grep -v omr6_dst | $IP6TABLESRESTORE -w --counters 2>/dev/null
-	#for setname in $(ipset -n list | grep "omr_"); do
+	for setname in $(ipset -n list | grep "omr_"); do
-	#	ipset -q destroy "$setname" 2>/dev/null || true
+		ipset -q destroy "$setname" 2>/dev/null || true
-	#done
+	done
-	#for setname in $(ipset list | awk '/Name: bypass_/ {print $2}'); do
+	for setname in $(ipset list | awk '/Name: bypass_/ {print $2}'); do
-	#	ipset -q destroy "$setname" 2>/dev/null || true
+		ipset -q destroy "$setname" 2>/dev/null || true
-	#done
+	done
-	# disable all rules ?
-	uci -q set firewall.omr-bypass.enabled='0'
-	config_load dhcp
-	config_foreach _delete_dhcp_ipset ipset
-	uci -q commit dhcp
-	config_load firewall
-	config_foreach _delete_firewall_rules rule
-	config_foreach _delete_firewall_rules ipset
-	uci -q commit firewall
-	exit 0
 }
 
 service_triggers() {

omr-bypass/files/etc/init.d/omr-bypass-nft

@@ -580,7 +580,7 @@ _intf_rule() {
 			protocol="4"
 		fi
 		for ipv46 in $protocol; do
-			echo "ipv46: $ipv46 for $intf"
+			#echo "ipv46: $ipv46 for $intf"
 			uci batch <<-EOF
 				set firewall.omr_dst_bypass_${intf}_dstip_${ipv46}=rule
 				set firewall.omr_dst_bypass_${intf}_dstip_${ipv46}.name="omr_dst_bypass_${intf}_rule"
@@ -724,6 +724,7 @@ _bypass_omr_server() {
 
 _ss_rules_config() {
 	cat >> /etc/firewall.omr-bypass <<-EOF
+		[ -z "\$(nft list ruleset | grep ss_rules)" ] && exit 0
 		nft insert rule inet fw4 ss_rules_dst_tcp ip daddr @omr_dst_bypass_all_4 accept
 		nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_all_4 accept
 	EOF
@@ -737,6 +738,7 @@ _ss_rules_config() {
 
 _v2ray_rules_config() {
 	cat >> /etc/firewall.omr-bypass <<-EOF
+		[ -z "\$(nft list ruleset | grep v2r_rules)" ] && exit 0
 		nft insert rule inet fw4 v2r_rules_dst_tcp ip daddr @omr_dst_bypass_all_4 accept
 		nft insert rule inet fw4 v2r_rules_local_out ip daddr @omr_dst_bypass_all_4 accept
 	EOF
@@ -750,6 +752,7 @@ _v2ray_rules_config() {
 
 _xray_rules_config() {
 	cat >> /etc/firewall.omr-bypass <<-EOF
+		[ -z "\$(nft list ruleset | grep xr_rules)" ] && exit 0
 		nft insert rule inet fw4 xr_rules_dst_tcp ip daddr @omr_dst_bypass_all_4 accept
 		nft insert rule inet fw4 xr_rules_local_out ip daddr @omr_dst_bypass_all_4 accept
 	EOF
@@ -798,7 +801,7 @@ start_service() {
 	}
 	disableipv6="$(uci -q get openmptcprouter.settings.disable_ipv6)"
 	#noipv6="$(uci -q get omr-bypass.global.noipv6)"
-
+	rm -f /etc/firewall.omr-bypass
 	cat > /etc/firewall.omr-bypass <<-EOF
 	#!/bin/sh
 	#nft insert rule inet fw4 ss_rules_dst_tcp ip daddr @omr_dst_bypass_all accept
@@ -812,31 +815,31 @@ start_service() {
 		set firewall.omr_bypass.fw4_compatible='1'
 		commit firewall
 	EOF
-	echo "intf_rule"
+	#echo "intf_rule"
 	config_load network
 	config_foreach _intf_rule interface
 	_intf_rule all
 	_intf_rule srv_vpn1
 	local ndpi_rules=""
-	echo "bypass server"
+	#echo "bypass server"
 	if [ "$(uci -q get openmptcprouter.settings.bypass_servers)" = "1" ]; then
 		config_load openmptcprouter
 		config_foreach _bypass_omr_server server
 	fi
 	config_load omr-bypass
-	echo "bypass ip"
+	#echo "bypass ip"
 	config_foreach _bypass_ip_set ips
-	echo "bypass mac"
+	#echo "bypass mac"
 	config_foreach _bypass_mac macs
-	echo "bypass lan ip"
+	#echo "bypass lan ip"
 	config_foreach _bypass_lan_ip lan_ip
-	echo "bypass dest port"
+	#echo "bypass dest port"
 	config_foreach _bypass_dest_port dest_port
-	echo "bypass src port"
+	#echo "bypass src port"
 	config_foreach _bypass_src_port src_port
-	echo "bypass asn"
+	#echo "bypass asn"
 	config_foreach _bypass_asn asns
-	echo "bypass domains"
+	#echo "bypass domains"
 	config_foreach _bypass_domains domains
 	uci -q commit dhcp
 
@@ -883,7 +886,7 @@ start_service() {
 		logger -t "omr-bypass" "Reload dnsmasq..."
 		/etc/init.d/dnsmasq reload
 	}
-	fw4 restart
+	fw4 -q restart
 	# Create a protocol list for UI from a sqlite DB when NDPI is not available
 	sqlite3 /usr/share/omr-bypass/omr-bypass.db "select distinct(proto) from (select proto from hostproto union all select proto from ipproto) a order by proto;" ".exit" > /usr/share/omr-bypass/omr-bypass-proto.lst
 	config_load omr-bypass
@@ -906,7 +909,7 @@ stop_service() {
 	config_foreach _delete_firewall_rules rule
 	config_foreach _delete_firewall_rules ipset
 	uci -q commit firewall
-	fw4 restart
+	fw4 -q restart
 	exit 0
 }
 
@@ -916,11 +919,13 @@ service_triggers() {
 
 reload_service() {
 	RELOAD=1
+	stop
 	start
 }
 
 reload_rules() {
 	#[ "$( ipset -n list | grep omr_ )" = "" ] && return 0
 	RELOAD=1
+	stop
 	start
 }

omr-dscp/files/etc/init.d/omr-dscp-nft

@@ -152,7 +152,7 @@ _cleanup() {
 	config_foreach _remove_rules
 	uci -q commit dhcp
 	uci -q commit firewall
-	fw4 restart
+	fw4 -q restart
 }
 
 start_service() {
@@ -171,7 +171,7 @@ start_service() {
 	config_foreach _add_dscp_rules classify
 	config_foreach _add_dscp_domain domains
 	uci -q commit dhcp
-	fw4 restart
+	fw4 -q restart
 }
 
 stop_service() {

omr-schedule/Makefile

@@ -15,7 +15,7 @@ include $(INCLUDE_DIR)/package.mk
 
 define Package/$(PKG_NAME)
 SECTION:=OMR
-CATEGORY:=OMR-Schedule
+CATEGORY:=OpenMPTCProuter
 DEPENDS:=$(foreach p,$(MY_DEPENDS),+$(p))
 TITLE:=OpenMPTCProuter schedule scripts
 endef

omr-tracker/Makefile

@@ -1,6 +1,6 @@
 #
 # OpenMPTCProuter tracker is a modified version of OverTheBox tracker from OVH
-# Copyright (C) 2017-2019 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
+# Copyright (C) 2017-2023 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
 #
 # This is free software, licensed under the GNU General Public License v3.
 # See /LICENSE for more information.
@@ -9,7 +9,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=omr-tracker
-PKG_VERSION:=1.7
+PKG_VERSION:=2.0
 PKG_RELEASE:=1
 
 include $(INCLUDE_DIR)/package.mk

omr-tracker/files/bin/omr-tracker

@@ -17,6 +17,9 @@ export OMR_TRACKER_INTERFACE
 export OMR_TRACKER_HOST
 export OMR_TRACKER_HOST6
 export OMR_TRACKER_TIMEOUT
+export OMR_TRACKER_SIZE
+export OMR_TRACKER_MAX_TTL
+export OMR_TRACKER_LOSS
 export OMR_TRACKER_STATUS
 export OMR_TRACKER_STATUS_MSG
 export OMR_TRACKER_PREV_STATUS
@@ -150,6 +153,8 @@ _ping() {
 		ret=$(ping -I "${device}" \
 			-w "$OMR_TRACKER_TIMEOUT" \
 			-c "$OMR_TRACKER_COUNT" \
+			-s "$OMR_TRACKER_SIZE" \
+			-t "$OMR_TRACKER_MAX_TTL" \
 			-Q 184 \
 			"${host}" 2>&1
 		) && echo "$ret" | grep -sq " 0% packet loss" && {
@@ -163,15 +168,23 @@ _ping() {
 		ret=$(ping -B -I "${device}" \
 			-w "$OMR_TRACKER_TIMEOUT" \
 			-c "$OMR_TRACKER_COUNT" \
+			-s "$OMR_TRACKER_SIZE" \
+			-t "$OMR_TRACKER_MAX_TTL" \
 			-Q 184 \
 			"${host}" 2>&1
-		) && echo "$ret" | grep -sq " 0% packet loss" && {
+		)
+		loss=$(echo "$ret" | grep 'packet loss' | sed -ne 's/.*\([0-9]\+\)% packet loss.*/\1/p')
+		if [ -n "$loss" ] && [ "$loss" -ne 100 ]; then
 			if [ "$localip" = "yes" ]; then
-				OMR_TRACKER_LATENCY=$(echo "$ret" | cut -d "/" -s -f5 | cut -d "." -f1 | tr -d '\n')
+				latency=$(echo "$ret" | cut -d "/" -s -f5 | cut -d "." -f1 | tr -d '\n')
-				_update_rto "$OMR_TRACKER_LATENCY"
+				[ -n "$latency" ] && {
+					OMR_TRACKER_LATENCY="$latency"
+					_update_rto "$OMR_TRACKER_LATENCY"
+				}
+				OMR_TRACKER_LOSS="$loss"
 			fi
 			return
-		}
+		fi
 		#) && echo "$ret" | grep -sq "bytes from" && {
 	fi
 	false
@@ -242,6 +255,7 @@ while true; do
 	OMR_TRACKER_STATUS="ERROR"
 	OMR_TRACKER_STATUS_MSG=""
 	OMR_TRACKER_LATENCY=
+	OMR_TRACKER_LOSS=
 	#OMR_TRACKER_TIMEOUT=$((rto / 1000 + (rto % 1000 ? 1 : 0)))
 	OMR_TRACKER_LIST_HOSTS=""
 	OMR_TRACKER_DEVICE_GATEWAY=
@@ -259,7 +273,7 @@ while true; do
 	if [ -n "$OMR_TRACKER_DEVICE" ] && [ -d "/sys/class/net/$OMR_TRACKER_DEVICE" ]; then
 		if [ -n "$(ip link show $OMR_TRACKER_DEVICE | grep UP)" ]; then
 			# retrieve iface ip and gateway
-			if [ "$OMR_TRACKER_INTERFACE_PROTO" != "dhcpv6" ]; then
+			if ([ "$OMR_TRACKER_FAMILY" = "ipv4" ] || [ "$OMR_TRACKER_FAMILY" = "ipv4ipv6" ]) && [ "$OMR_TRACKER_INTERFACE_PROTO" != "dhcpv6" ]; then
 				OMR_TRACKER_DEVICE_IP=$(ip -4 -br addr ls dev "$OMR_TRACKER_DEVICE" | awk -F'[ /]+' '{print $3}')
 				if [ -z "$OMR_TRACKER_DEVICE_IP" ]; then
 					OMR_TRACKER_DEVICE_IP=$(ip -4 addr show dev "$OMR_TRACKER_DEVICE" | grep -m 1 inet | awk '{print $2}' | cut -d'/' -s -f1)
@@ -305,7 +319,7 @@ while true; do
 					OMR_TRACKER_DEVICE_GATEWAY=$(ip -4 r list dev "$OMR_TRACKER_DEVICE" | awk '/via/ {print $3}' | tr -d "\n")
 				fi
 			fi
-			if [ "$OMR_TRACKER_IPV6" = "1" ] || [ "$OMR_TRACKER_IPV6" = "auto" ]; then
+			if ([ "$OMR_TRACKER_IPV6" = "1" ] || [ "$OMR_TRACKER_IPV6" = "auto" ] || [ -z "$OMR_TRACKER_IPV6" ]) && ([ "$OMR_TRACKER_FAMILY" = "ipv6" ] || [ "$OMR_TRACKER_FAMILY" = "ipv4ipv6" ]); then
 				#OMR_TRACKER_DEVICE_IP6=$(ip -6 -br addr ls dev "$OMR_TRACKER_DEVICE" | awk -F'[ /]+' '{print $3}')
 				#if [ -z "$OMR_TRACKER_DEVICE_IP6" ]; then
 					OMR_TRACKER_DEVICE_IP6=$(ip -6 addr show dev "$OMR_TRACKER_DEVICE" | sort -r | grep -m 1 inet6 | awk '{print $2}' | cut -d'/' -s -f1)
@@ -331,9 +345,13 @@ while true; do
 			fi
 
 			# execute specific tracker
-			if [ -n "$OMR_TRACKER_DEVICE_IP" ] && [ -n "$OMR_TRACKER_DEVICE_GATEWAY" ]; then
+			if ([ "$OMR_TRACKER_FAMILY" = "ipv4" ] || [ "$OMR_TRACKER_FAMILY" = "ipv4ipv6" ]) && [ -n "$OMR_TRACKER_DEVICE_IP" ] && [ -n "$OMR_TRACKER_DEVICE_GATEWAY" ]; then
 				# setup loop variable
-				tries="$OMR_TRACKER_TRIES"
+				if [ "$OMR_TRACKER_PREV_STATUS" = "ERROR" ]; then
+					tries="$OMR_TRACKER_TRIES"
+				else
+					tries="$OMR_TRACKER_TRIES_UP"
+				fi
 				# loop until tries attempts have been reached
 				while [ "$tries" -gt 0 ]; do
 					if [ -n "$OMR_TRACKER_DEVICE_ROUTE" ]; then
@@ -430,9 +448,14 @@ while true; do
 					sleep "$OMR_TRACKER_INTERVAL_TRIES"
 				done
 			fi
-			if [ "$(uci -q get openmptcprouter.settings.disable_ipv6)" = "0" ] && [ -n "$OMR_TRACKER_DEVICE_IP6" ] && [ -n "$OMR_TRACKER_DEVICE_GATEWAY6" ]; then
+			#if [ "$(uci -q get openmptcprouter.settings.disable_ipv6)" = "0" ] && [ -n "$OMR_TRACKER_DEVICE_IP6" ] && [ -n "$OMR_TRACKER_DEVICE_GATEWAY6" ]; then
+			if ([ "$OMR_TRACKER_FAMILY" = "ipv6" ] || [ "$OMR_TRACKER_FAMILY" = "ipv4ipv6" ]) && [ "$(uci -q get openmptcprouter.settings.disable_ipv6)" = "0" ] && [ -n "$OMR_TRACKER_DEVICE_IP6" ] && [ -n "$OMR_TRACKER_DEVICE_GATEWAY6" ]; then
 				# setup loop variable
-				tries="$OMR_TRACKER_TRIES"
+				if [ "$OMR_TRACKER_PREV_STATUS" = "ERROR" ]; then
+					tries="$OMR_TRACKER_TRIES"
+				else
+					tries="$OMR_TRACKER_TRIES_UP"
+				fi
 				# loop until tries attempts have been reached
 				while [ "$tries" -gt 0 ]; do
 					#if [ -n "$OMR_TRACKER_DEVICE_ROUTE" ]; then
@@ -534,7 +557,7 @@ while true; do
 				[ -z "$OMR_TRACKER_STATUS_MSG" ] && OMR_TRACKER_STATUS_MSG="$OMR_TRACKER_INTERFACE may have ip issues"
 				[ -z "$OMR_TRACKER_DEVICE_IP" ] && OMR_TRACKER_STATUS_MSG="$OMR_TRACKER_STATUS_MSG, interface have no IPv4"
 				[ -z "$OMR_TRACKER_DEVICE_GATEWAY" ] && OMR_TRACKER_STATUS_MSG="$OMR_TRACKER_STATUS_MSG, interface have no IPv4 gateway"
-				if [ "$(uci -q get openmptcprouter.settings.disable_ipv6)" = "0" ]; then
+				if ([ "$OMR_TRACKER_IPV6" = "1" ] || [ "$OMR_TRACKER_IPV6" = "auto" ] || [ -z "$OMR_TRACKER_IPV6" ]) && ([ "$OMR_TRACKER_FAMILY" = "ipv6" ] || [ "$OMR_TRACKER_FAMILY" = "ipv4ipv6" ]); then
 					[ -z "$OMR_TRACKER_DEVICE_IP6" ] && OMR_TRACKER_STATUS_MSG="$OMR_TRACKER_STATUS_MSG, interface have no IPv6"
 					[ -z "$OMR_TRACKER_DEVICE_GATEWAY6" ] && OMR_TRACKER_STATUS_MSG="$OMR_TRACKER_STATUS_MSG, interface have no IPv6 gateway"
 				fi
@@ -558,6 +581,26 @@ while true; do
 			OMR_TRACKER_STATUS_MSG="$OMR_TRACKER_STATUS_MSG and $OMR_TRACKER_TYPE from $OMR_TRACKER_DEVICE_IP error ($OMR_TRACKER_LIST_HOSTS6)"
 		fi
 	fi
+	if [ "$OMR_TRACKER_CHECK_QUALITY" = "1" ]; then
+		if [ "$OMR_TRACKER_PREV_STATUS" = "OK" ]; then
+			if [ -n "$OMR_TRACKER_LOSS" ] && [ "$OMR_TRACKER_LOSS" -ge "$OMR_TRACKER_LOSS_FAILURE" ] && [ "$OMR_TRACKER_STATUS" = "OK" ]; then
+				OMR_TRACKER_STATUS="ERROR"
+				OMR_TRACKER_STATUS_MSG="Packet loss is $OMR_TRACKER_LOSS this is more than limit defined at $OMR_TRACKER_LOSS_FAILURE"
+			fi
+			if [ -n "$OMR_TRACKER_LATENCY" ] && [ "$OMR_TRACKER_LATENCY" -ge "$OMR_TRACKER_LATENCY_FAILURE" ] && [ "$OMR_TRACKER_STATUS" = "OK" ]; then
+				OMR_TRACKER_STATUS="ERROR"
+				OMR_TRACKER_STATUS_MSG="Latency is $OMR_TRACKER_LATENCY this is more than limit defined at $OMR_TRACKER_LATENCY_FAILURE"
+			fi
+		elif [ "$OMR_TRACKER_PREV_STATUS" = "ERROR" ]; then
+			OMR_TRACKER_STATUS="ERROR"
+			if [ -n "$OMR_TRACKER_LOSS" ] && [ "$OMR_TRACKER_LOSS" -le "$OMR_TRACKER_LOSS_RECOVERY" ] && [ "$OMR_TRACKER_STATUS" = "OK" ]; then
+				OMR_TRACKER_STATUS="OK"
+			fi
+			if [ -n "$OMR_TRACKER_LATENCY" ] && [ "$OMR_TRACKER_LATENCY" -ge "$OMR_TRACKER_LATENCY_RECOVERY" ] && [ "$OMR_TRACKER_STATUS" = "OK" ]; then
+				OMR_TRACKER_STATUS="OK"
+			fi
+		fi
+	fi
 
 	#[ "$OMR_TRACKER_HOSTS" = "$initial_hosts" ] || [ "$OMR_TRACKER_STATUS" = "OK" ] && _post_tracking
 	#[ "$OMR_TRACKER_STATUS" = "ERROR" ] && _restart
@@ -567,5 +610,9 @@ while true; do
 	OMR_TRACKER_PREV_STATUS="$OMR_TRACKER_STATUS"
 	_restart
 
-	sleep "$OMR_TRACKER_INTERVAL"
+	if [ "$OMR_TRACKER_STATUS" = "ERROR" ]; then
+		sleep "$OMR_TRACKER_FAILURE_INTERVAL"
+	else
+		sleep "$OMR_TRACKER_INTERVAL"
+	fi
 done

omr-tracker/files/etc/config/omr-tracker

@@ -1,32 +1,38 @@
 config defaults 'defaults'
 	option enabled '1'
-        list hosts '4.2.2.1'
+	list hosts '4.2.2.1'
-        list hosts '8.8.8.8'
+	list hosts '8.8.8.8'
-        list hosts '80.67.169.12'
+	list hosts '80.67.169.12'
-        list hosts '8.8.4.4'
+	list hosts '8.8.4.4'
-        list hosts '9.9.9.9'
+	list hosts '9.9.9.9'
-        list hosts '1.0.0.1'
+	list hosts '1.0.0.1'
-        list hosts '114.114.115.115'
+	list hosts '114.114.115.115'
-        list hosts '1.2.4.8'
+	list hosts '1.2.4.8'
-        list hosts '80.67.169.40'
+	list hosts '80.67.169.40'
-        list hosts '114.114.114.114'
+	list hosts '114.114.114.114'
-        list hosts '1.1.1.1'
+	list hosts '1.1.1.1'
-        list hosts6 '2606:4700:4700::1111'
+	list hosts6 '2606:4700:4700::1111'
-        list hosts6 '2606:4700:4700::1001'
+	list hosts6 '2606:4700:4700::1001'
-        list hosts6 '2620:fe::fe'
+	list hosts6 '2620:fe::fe'
-        list hosts6 '2620:fe::9'
+	list hosts6 '2620:fe::9'
-        list hosts6 '2001:4860:4860::8888'
+	list hosts6 '2001:4860:4860::8888'
-        list hosts6 '2001:4860:4860::8844'
+	list hosts6 '2001:4860:4860::8844'
-        option timeout '2'
+	option timeout '2'
-        option count '2'
+	option count '2'
-        option tries '3'
+	option tries '3'
-        option interval '2'
+	option interval '2'
-        option interval_tries '1'
+	option interval_tries '1'
-        option type 'ping'
+	option type 'ping'
-        option wait_test '0'
+	option wait_test '0'
-        option server_http_test '0'
+	option server_http_test '0'
-        option restart_down '0'
+	option restart_down '0'
-        option mail_alert '0'
+	option mail_alert '0'
+	option initial_state 'online'
+	option family 'ipv4'
+	option reliability '1'
+	option count '2'
+	option failure_interval '5'
+	option tries_up '5'
 
 config proxy 'proxy'
 	option enabled '1'
@@ -43,6 +49,8 @@ config proxy 'proxy'
 	option interval_tries '1'
 	option interval '10'
 	option mail_alert '0'
+	option initial_state 'online'
+	option family 'ipv4ipv6'
 
 config server 'server'
 	option enabled '1'
@@ -51,3 +59,4 @@ config server 'server'
 	option wait_test '0'
 	option interval '5'
 	option mail_alert '0'
+	option initial_state 'online'

omr-tracker/files/etc/init.d/omr-tracker

@@ -16,34 +16,54 @@
 . /lib/functions/network.sh
 
 _validate_section() {
-	local tmp_hosts=$hosts tmp_hosts6=$hosts6 tmp_timeout=$timeout tmp_count=$count tmp_tries=$tries
+	local tmp_hosts=$hosts tmp_hosts6=$hosts6 tmp_timeout=$timeout tmp_count=$count tmp_tries=$tries tmp_size=$size tmp_max_ttl=$max_ttl tmp_failure_loss=$failure_loss tmp_failure_latency=$failure_latency tmp_recovery_loss=$recovery_loss tmp_recovery_latency=$recovery_latency
-	local tmp_interval=$interval tmp_interval_tries=$interval_tries tmp_options=$options tmp_type=$type tmp_enabled=$enabled tmp_wait_test=$wait_test tmp_server_http_test=$server_http_test
+	local tmp_interval=$interval tmp_interval_tries=$interval_tries tmp_options=$options tmp_type=$type tmp_enabled=$enabled tmp_wait_test=$wait_test tmp_server_http_test=$server_http_test tmp_check_quality=$check_quality tmp_failure_interval=$failure_interval tmp_tries_up=$tries_up tmp_family=$family
 
 	uci_validate_section omr-tracker "$1" "$2" \
 		'hosts:list(host)'  \
 		'hosts6:list(host)'  \
 		'timeout:uinteger'  \
+		'size:uinteger'  \
+		'max_ttl:uinteger'  \
+		'failure_loss:uinteger'  \
+		'failure_latency:uinteger'  \
+		'recovery_loss:uinteger'  \
+		'recovery_latency:uinteger'  \
+		'check_quality:bool:0' \
 		'count:uinteger'  \
 		'tries:uinteger'    \
+		'tries_up:uinteger'    \
 		'interval:uinteger' \
 		'interval_tries:uinteger' \
+		'failure_interval:uinteger' \
 		'wait_test:uinteger' \
 		'type:string:undef'  \
 		'enabled:bool:1'    \
 		'server_http_test:bool:0'    \
+		'family:string'   \
 		'options:string'
 
 	[ -z "$hosts"    ] && hosts=$tmp_hosts
 	[ -z "$hosts6"    ] && hosts6=$tmp_hosts6
 	[ -z "$timeout"  ] && timeout=$tmp_timeout
 	[ -z "$count"  ] && count=$tmp_count
+	[ -z "$size"  ] && size=$tmp_size
+	[ -z "$failure_loss"  ] && failure_loss=$tmp_failure_loss
+	[ -z "$failure_latency"  ] && failure_latency=$tmp_failure_latency
+	[ -z "$failure_interval"  ] && failure_interval=$tmp_failure_interval
+	[ -z "$recovery_loss"  ] && recovery_loss=$tmp_recovery_loss
+	[ -z "$recovery_latency"  ] && recovery_latency=$tmp_recovery_latency
+	[ -z "$check_quality"  ] && check_quality=$tmp_check_quality
+	[ -z "$max_ttl"  ] && max_ttl=$tmp_max_ttl
 	[ -z "$tries"    ] && tries=$tmp_tries
+	[ -z "$tries_up"    ] && tries_up=$tmp_tries_up
 	[ -z "$interval" ] && interval=$tmp_interval
 	[ -z "$interval_tries" ] && interval_tries=$tmp_interval_tries
 	[ -z "$wait_test" ] && wait_test=$tmp_wait_test
 	[ -z "$options"  ] && options=$tmp_options
 	[ "$type" = "undef" ] && type=${tmp_type:-ping}
 	[ -z "$server_http_test"  ] && server_http_test=$tmp_server_http_test
+	[ -z "$family"  ] && family=$tmp_family
 	[ -z "$enabled"  ] && enabled=$tmp_enabled
 }
 
@@ -52,7 +72,7 @@ _launch_tracker() {
 		loopback|lan*|if0*) return;;
 	esac
 	[ -z "$1" ] && return
-	local hosts hosts6 timeout count tries interval interval_tries options type enabled wait_test ipv6 proto server_http_test
+	local hosts hosts6 timeout count tries tries_up interval interval_tries options type enabled wait_test ipv6 proto server_http_test size max_ttl failure_loss failure_interval failure_latency recovery_loss recovery_latency family
 	_validate_section "defaults" "defaults"
 	_validate_section "interface" "$1"
 
@@ -80,6 +100,11 @@ _launch_tracker() {
 	#[ "${ifstatus}" = "false" ] && [ -z "${ifdevice}" ] && return
 	[ -z "${interval_tries}" ] && interval_tries=1
 	[ -z "${count}" ] && count=2
+	[ -z "${max_ttl}" ] && max_ttl=60
+	[ -z "${size}" ] && size=56
+	[ -z "${check_quality}" ] && check_quality=0
+	[ -z "${tries}" ] && tries=5
+	[ -z "${tries_up}" ] && tries_up=${tries}
 
 	procd_open_instance
 	# shellcheck disable=SC2086
@@ -87,14 +112,24 @@ _launch_tracker() {
 	procd_append_param env "OMR_TRACKER_HOSTS=$hosts"
 	procd_append_param env "OMR_TRACKER_HOSTS6=$hosts6"
 	procd_append_param env "OMR_TRACKER_TIMEOUT=$timeout"
+	procd_append_param env "OMR_TRACKER_SIZE=$size"
+	procd_append_param env "OMR_TRACKER_CHECK_QUALITY=$check_quality"
+	procd_append_param env "OMR_TRACKER_MAX_TTL=$max_ttl"
+	procd_append_param env "OMR_TRACKER_FAILURE_LOSS=$failure_loss"
+	procd_append_param env "OMR_TRACKER_FAILURE_LATENCY=$failure_latency"
+	procd_append_param env "OMR_TRACKER_RECOVERY_LOSS=$recovery_loss"
+	procd_append_param env "OMR_TRACKER_RECOVERY_LATENCY=$recovery_latency"
 	procd_append_param env "OMR_TRACKER_COUNT=$count"
 	procd_append_param env "OMR_TRACKER_TRIES=$tries"
+	procd_append_param env "OMR_TRACKER_TRIES_UP=$tries_up"
 	procd_append_param env "OMR_TRACKER_INTERVAL=$interval"
+	procd_append_param env "OMR_TRACKER_FAILURE_INTERVAL=$failure_interval"
 	procd_append_param env "OMR_TRACKER_INTERVAL_TRIES=$interval_tries"
 	procd_append_param env "OMR_TRACKER_TABLE=$ip4table"
 	procd_append_param env "OMR_TRACKER_DEVICE=$ifname"
 	procd_append_param env "OMR_TRACKER_DEVICE_GATEWAY=$gateway"
 	procd_append_param env "OMR_TRACKER_TYPE=$type"
+	procd_append_param env "OMR_TRACKER_FAMILY=$family"
 	procd_append_param env "OMR_TRACKER_IPV6=$ipv6"
 	procd_append_param env "OMR_TRACKER_PROTO=$proto"
 	procd_append_param env "OMR_TRACKER_WAIT_TEST=$wait_test"

omr-tracker/files/etc/uci-defaults/omr-tracker

@@ -106,4 +106,26 @@ if [ "$(uci -q get omr-tracker.defaults.server_http_test)" = "" ]; then
 	EOF
 fi
 
+if [ "$(uci -q get omr-tracker.defaults.family)" = "" ]; then
+	uci -q batch <<-EOF >/dev/null
+		set omr-tracker.defaults.initial_state='online'
+		set omr-tracker.defaults.family='ipv4ipv6'
+		set omr-tracker.defaults.reliability='1'
+		set omr-tracker.defaults.interval='1'
+		set omr-tracker.defaults.failure_interval='5'
+		set omr-tracker.defaults.count='1'
+		set omr-tracker.defaults.tries_up='5'
+		set omr-tracker.omrvpn.initial_state='online'
+		set omr-tracker.omrvpn.family='ipv4'
+		set omr-tracker.omrvpn.reliability='1'
+		set omr-tracker.omrvpn.failure_interval='5'
+		set omr-tracker.omrvpn.tries_up='5'
+		set omr-tracker.omrvpn.count='1'
+		set omr-tracker.proxy.initial_state='online'
+		set omr-tracker.proxy.family='ipv4ipv6'
+		set omr-tracker.server.initial_state='online'
+		commit omr-tracker
+	EOF
+fi
+
 exit 0

openmptcprouter-api/files/usr/libexec/rpcd/openmptcprouter

@@ -1143,7 +1143,7 @@ function interfaces_status()
 	else
 		mArray.openmptcprouter["shadowsocks_service_key"] = true
 	end
-	local ssr_key = uci:get("shadowsocks-rust","sss0","key") or ""
+	local ssr_key = uci:get("shadowsocks-rust","sss0","password") or ""
 	mArray.openmptcprouter["shadowsocksrust_service_method"] = uci:get("shadowsocks-rust","sss0","method")
 	if ssr_key == "" then
 		mArray.openmptcprouter["shadowsocksrust_service_key"] = false

openmptcprouter-full/Makefile

@@ -32,7 +32,7 @@ MY_DEPENDS := \
     LINUX_5_4:iptables-mod-iface LINUX_5_4:iptables-mod-ipmark LINUX_5_4:iptables-mod-hashlimit LINUX_5_4:iptables-mod-condition LINUX_5_4:iptables-mod-trace LINUX_5_4:iptables-mod-conntrack-extra LINUX_5_4:iptables-mod-account \
     kmod-nf-nat kmod-nf-nathelper kmod-nf-nathelper-extra LINUX_5_4:iptables-mod-extra conntrack LINUX_5_4:kmod-ipt-offload \
     LINUX_5_4:iptables-mod-ipsec kmod-crypto-authenc kmod-ipsec kmod-ipsec4 kmod-ipsec6 LINUX_5_4:kmod-ipt-ipsec \
-    !LINUX_5_4:nftables-json !LINUX_5_4:iptables-nft !LINUX_5_4:kmod-nft-connlimit !LINUX_5_4:kmod-nft-offload
+    !LINUX_5_4:nftables-json !LINUX_5_4:iptables-nft !LINUX_5_4:kmod-nft-connlimit !LINUX_5_4:kmod-nft-offload \
     wireless-tools \
     libiwinfo-lua \
     ca-bundle ca-certificates \
@@ -86,7 +86,10 @@ MY_DEPENDS := \
     !(LINUX_5_4):mptcpd (TARGET_x86||TARGET_x86_64):kmod-igc !TARGET_mvebu:kmod-mmc-spi kmod-macsec usbutils v2ray-core LINUX_5_4:v2ray-config !LINUX_5_4:v2ray-config-nft syslogd \
     (TARGET_x86||TARGET_x86_64):kmod-mlx4-core \
     !(TARGET_ips40xx||TARGET_ramips):iptables-mod-ndpi !(TARGET_ips40xx||TARGET_ramips):kmod-ipt-ndpi libip4tc libip6tc \
-    xray-core LINUX_5_4:xray-config !LINUX_5_4:xray-config-nft shadowsocks-rust-sslocal shadowsocks-rust-ssservice LINUX_5_4:shadowsocks-rust-config !LINUX_5_4:shadowsocks-rust-config-nft luci-app-shadowsocks-rust (LINUX_5_4&&(TARGET_x86_64||aarch64)):kmod-tcp-bbr2 kmod-ovpn-dco-v2 keepalived
+    xray-core LINUX_5_4:xray-config !LINUX_5_4:xray-config-nft shadowsocks-rust-sslocal shadowsocks-rust-ssservice LINUX_5_4:shadowsocks-rust-config !LINUX_5_4:shadowsocks-rust-config-nft luci-app-shadowsocks-rust (LINUX_5_4&&(TARGET_x86_64||aarch64)):kmod-tcp-bbr2 kmod-ovpn-dco-v2 \
+    (TARGET_x86||TARGET_x86_64):luci-app-keepalived luci-proto-external omr-schedule
+
+
 #    !TARGET_mvebu:kmod-usb-net-smsc75xx
 #    libnetfilter-conntrack ebtables ebtables-utils ip-full nstat \
 

openmptcprouter/files/etc/init.d/openmptcprouter-vps

@@ -947,10 +947,15 @@ _set_lan_ip() {
 _set_bypass_ips() {
 	local settings
 	[ -z "$servername" ] && servername=$1
-	bypassipv4s=$(ipset -q -o save list omr_dst_bypass_srv_vpn1_4 | awk '/add/ NF {print "\""$3"\""}' | tr '\n' ',' | sed 's/,$//')
+	bypassipv4s=$(ipset -q -o save list omr_dst_bypass_srv_vpn1_4 2>/dev/null | awk '/add/ NF {print "\""$3"\""}' | tr '\n' ',' | sed 's/,$//')
-	[ -z "$bypassipvs4" ] && bypassipv4s=$(nft -j list set inet fw4 "omr_dst_bypass_srv_vpn1_4" | jsonfilter -e @.nftables[1].set.elem[*].prefix | awk '{gsub(/"/,"",$3);gsub(/,/,"/",$3); print $3 $5}')
+	[ -z "$bypassipvs4" ] && {
-	bypassipv6s=$(ipset -q -o save list omr6_dst_bypass_srv_vpn1_6 | awk '/add/ NF {print "\""$3"\""}' | tr '\n' ',' | sed 's/,$//')
+		bypassipv4slst=$(nft -j list set inet fw4 "omr_dst_bypass_srv_vpn1_4"  2>/dev/null)
-	[ -z "$bypassipvs6" ] && bypassipv4s=$(nft -j list set inet fw4 "omr_dst_bypass_srv_vpn1_6" | jsonfilter -e @.nftables[1].set.elem[*].prefix | awk '{gsub(/"/,"",$3);gsub(/,/,"/",$3); print $3 $5}')
+		[ -n "$bypassipv4slst" ] && bypassipv4s=$(echo "$bypassipv4slst" | jsonfilter -q -e @.nftables[1].set.elem[*].prefix | awk '{gsub(/"/,"",$3);gsub(/,/,"/",$3); print $3 $5}')
+	bypassipv6s=$(ipset -q -o save list omr6_dst_bypass_srv_vpn1_6  2>/dev/null | awk '/add/ NF {print "\""$3"\""}' | tr '\n' ',' | sed 's/,$//')
+	[ -z "$bypassipvs6" ] && {
+		bypassipv6slst=$(nft -j list set inet fw4 "omr_dst_bypass_srv_vpn1_6"  2>/dev/null)
+		[ -n "$bypassipv6slst" ] && bypassipv6s=$(echo "$bypassipv4slst" | jsonfilter -q -e @.nftables[1].set.elem[*].prefix | awk '{gsub(/"/,"",$3);gsub(/,/,"/",$3); print $3 $5}')
+	}
 	# "
 	if [ "$bypassipv4s" != "" ] || [ "$bypassipv6s" != "" ]; then
 		settings='{"ipv4s" : ['$bypassipv4s'],"ipv6s" : ['$bypassipv6s'],"intf" : "vpn1"}'
@@ -1704,7 +1709,7 @@ _set_config_from_vps() {
 			uci -q set xray.omrout.s_socks_address="$vpsip"
 			uci -q set xray.omrout.s_shadowsocks_address="$vpsip"
 		fi
-		uci -q commit v2ray
+		uci -q commit xray
 		logger -t "OMR-VPS" "Xray restart..."
 		/etc/init.d/xray restart >/dev/null 2>&1
 	fi

openmptcprouter/files/etc/uci-defaults/1990-omr-tracker

@@ -15,6 +15,12 @@ if [ "$(uci -q get omr-tracker.omrvpn)" = "" ]; then
 		set omr-tracker.omrvpn.restart_down=0
 		add_list omr-tracker.omrvpn.hosts='4.2.2.1'
 		add_list omr-tracker.omrvpn.hosts='8.8.8.8'
+		set omr-tracker.omrvpn.initial_state='online'
+		set omr-tracker.omrvpn.family='ipv4'
+		set omr-tracker.omrvpn.reliability='1'
+		set omr-tracker.omrvpn.count='1'
+		set omr-tracker.omrvpn.failure_interval='5'
+		set omr-tracker.omrvpn.tries_up='5
 		commit omr-tracker
 	EOF
 fi

shadowsocks-libev/files/shadowsocks-libev.init-nft

@@ -181,7 +181,7 @@ ss_rules_nft_gen() {
 		echo "table inet chk {include \"$tmp.nft\";}" >"$tmp.nft.chk"
 		if nft -f "$tmp.nft.chk" -c; then
 			mv "$tmp.nft" "$ssrules_nft"
-			fw4 restart
+			fw4 -q restart
 		fi
 		rm -f "$tmp.nft.chk"
 	fi
@@ -192,7 +192,7 @@ ss_rules_nft_gen() {
 ss_rules_nft_reset() {
 	if [ -f "$ssrules_nft" ]; then
 		rm -f "$ssrules_nft"
-		fw4 restart
+		fw4 -q restart
 	fi
 }
 
@@ -205,14 +205,14 @@ ss_rules() {
 rules_up() {
 	if [ -f "${ssrules_nft}.down" ]; then
 		mv -f "${ssrules_nft}.down" "$ssrules_nft"
-		fw4 restart
+		fw4 -q restart
 	fi
 }
 
 rules_down() {
 	if [ -f "${ssrules_nft}" ]; then
 		mv -f "$ssrules_nft" "${ssrules_nft}.down"
-		fw4 restart
+		fw4 -q restart
 	fi
 }
 
@@ -328,8 +328,8 @@ validate_ss_redir_section() {
 validate_ss_rules_section() {
 	"${2:-ss_validate}" ss_rules "$1" \
 		'disabled:bool:0' \
-		'redir_tcp:uci("shadowsocks-libev", "@ss_redir","all")' \
+		'redir_tcp:or(uci("shadowsocks-libev", "@ss_redir"),"all")' \
-		'redir_udp:uci("shadowsocks-libev", "@ss_redir","all")' \
+		'redir_udp:or(uci("shadowsocks-libev", "@ss_redir"),"all")' \
 		'src_ips_bypass:or(ipaddr,cidr)' \
 		'src_ips_forward:or(ipaddr,cidr)' \
 		'src_ips_checkdst:or(ipaddr,cidr)' \

shadowsocks-rust/files/shadowsocks-rust.init-nft

@@ -163,7 +163,7 @@ ss_rules_nft_gen() {
 		echo "table inet chk {include \"$tmp.nft\";}" >"$tmp.nft.chk"
 		if nft -f "$tmp.nft.chk" -c; then
 			mv "$tmp.nft" "$ssrules_nft"
-			fw4 restart
+			fw4 -q restart
 		fi
 		rm -f "$tmp.nft.chk"
 	fi
@@ -174,7 +174,7 @@ ss_rules_nft_gen() {
 ss_rules_nft_reset() {
 	if [ -f "$ssrules_nft" ]; then
 		rm -f "$ssrules_nft"
-		fw4 restart
+		fw4 -q restart
 	fi
 }
 
@@ -187,14 +187,14 @@ ss_rules() {
 rules_up() {
 	if [ -f "${ssrules_nft}.down" ]; then
 		mv -f "${ssrules_nft}.down" "$ssrules_nft"
-		fw4 restart
+		fw4 -q restart
 	fi
 }
 
 rules_down() {
 	if [ -f "${ssrules_nft}" ]; then
 		mv -f "$ssrules_nft" "${ssrules_nft}.down"
-		fw4 restart
+		fw4 -q restart
 	fi
 }
 

v2ray-core/files/etc/init.d/v2ray-nft

@@ -472,6 +472,7 @@ add_v2ray_redirect_rules() {
 		| sort -u)"
 
 	[ "$(uci -q get v2ray.main_transparent_proxy.redirect_udp)" = "1" ] && [ "$(uci -q get v2ray.omrout.protocol)" != "socks" ] && portudp="$port"
+	ifnames="$(uci -q get shadowsocks-libev.ss_rules.ifnames)"
 
 	local tmp="/tmp/v2rrules"
 	json_init
@@ -498,7 +499,7 @@ add_v2ray_redirect_rules() {
 		echo "table inet chk {include \"$tmp.nft\";}" >"$tmp.nft.chk"
 		if nft -f "$tmp.nft.chk" -c; then
 			mv "$tmp.nft" "$v2rrules_nft"
-			fw4 restart
+			fw4 -q restart
 		fi
 		rm -f "$tmp.nft.chk"
 	fi
@@ -2086,7 +2087,7 @@ clear_transparent_proxy() {
 	if [ -f "${v2rrules_nft}" ] || [ -f "${v2rrules_nft}.down" ]; then
 		rm -f "$v2rrules_nft"
 		rm -f "${v2rrules_nft}.down"
-		fw4 restart
+		fw4 -q restart
 	fi
 
 	v2ray-rules -f
@@ -2252,14 +2253,14 @@ rules_exist() {
 rules_up() {
 	if [ -f "${v2rrules_nft}.down" ]; then
 		mv -f "${v2rrules_nft}.down" "$v2rrules_nft"
-		fw4 restart
+		fw4 -q restart
 	fi
 }
 
 rules_down() {
 	if [ -f "${v2rrules_nft}" ]; then
 		mv -f "$v2rrules_nft" "${v2rrules_nft}.down"
-		fw4 restart
+		fw4 -q restart
 	fi
 }
 

xray-core/files/etc/init.d/xray-nft

@@ -481,6 +481,7 @@ add_xray_redirect_rules() {
 		| sort -u)"
 
 	[ "$(uci -q get xray.main_transparent_proxy.redirect_udp)" = "1" ] && [ "$(uci -q get xray.omrout.protocol)" != "socks" ] && portudp="$port"
+	ifnames="$(uci -q get shadowsocks-libev.ss_rules.ifnames)"
 
 	local tmp="/tmp/xrrules"
 	json_init
@@ -507,7 +508,7 @@ add_xray_redirect_rules() {
 		echo "table inet chk {include \"$tmp.nft\";}" >"$tmp.nft.chk"
 		if nft -f "$tmp.nft.chk" -c; then
 			mv "$tmp.nft" "$xrrules_nft"
-			fw4 restart
+			fw4 -q restart
 		fi
 		rm -f "$tmp.nft.chk"
 	fi
@@ -2142,7 +2143,7 @@ clear_transparent_proxy() {
 	if [ -f "${xrrules_nft}" ] || [ -f "${xrrules_nft}.down" ]; then
 		rm -f "$xrrules_nft"
 		rm -f "$xrrules_nft.down"
-		fw4 restart
+		fw4 -q restart
 	fi
 
 
@@ -2307,14 +2308,14 @@ rules_exist() {
 rules_up() {
 	if [ -f "${xrrules_nft}.down" ]; then
 		mv -f "${xrrules_nft}.down" "$xrrules_nft"
-		fw4 restart
+		fw4 -q restart
 	fi
 }
 
 rules_down() {
 	if [ -f "${xrrules_nft}" ]; then
 		mv -f "$xrrules_nft" "${xrrules_nft}.down"
-		fw4 restart
+		fw4 -q restart
 	fi
 }