mptcp/openmptcprouter-feeds
1
0
Fork 0
mirror of https://github.com/Ysurac/openmptcprouter-feeds.git synced 2025-03-09 15:40:03 +00:00
Code Issues Releases Wiki Activity

fix ipq60xx

Browse source
This commit is contained in:
suyuan168 2022-04-27 22:01:44 +08:00
parent 83959cc69d
commit cfc4f067ab
123 changed files with 33585 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

149
v2ray-core/Config.in Executable file
View file

@ -0,0 +1,149 @@
menu "V2Ray Configuration"
depends on PACKAGE_v2ray-core
choice
prompt "JSON Config Support"
default V2RAY_JSON_V2CTL
config V2RAY_JSON_V2CTL
bool "Load JSON from V2Ctl"
config V2RAY_JSON_INTERNAL
bool "Load JSON Internally"
config V2RAY_JSON_NONE
bool "None"
endchoice
config V2RAY_EXCLUDE_V2CTL
bool "Exclude V2Ctl"
depends on V2RAY_JSON_INTERNAL || V2RAY_JSON_NONE
default n
config V2RAY_EXCLUDE_ASSETS
bool "Exclude geoip.dat & geosite.dat"
default n
config V2RAY_COMPRESS_UPX
bool "Compress executable files with UPX"
default n
choice
prompt "Disable Features"
default V2RAY_DISABLE_NONE
config V2RAY_DISABLE_NONE
bool "None"
config V2RAY_DISABLE_CUSTOM
bool "Custom"
endchoice
config V2RAY_DISABLE_DNS
bool "Disable Internal DNS Support"
depends on V2RAY_DISABLE_CUSTOM
default n
config V2RAY_DISABLE_LOG
bool "Disable Log Support"
depends on V2RAY_DISABLE_CUSTOM
default n
config V2RAY_DISABLE_POLICY
bool "Disable Local Policy Support"
depends on V2RAY_DISABLE_CUSTOM
default n
config V2RAY_DISABLE_REVERSE
bool "Disable Reverse Proxy Support"
depends on V2RAY_DISABLE_CUSTOM
default n
config V2RAY_DISABLE_ROUTING
bool "Disable Internal Routing Support"
depends on V2RAY_DISABLE_CUSTOM
default n
config V2RAY_DISABLE_STATISTICS
bool "Disable Statistics Support"
depends on V2RAY_DISABLE_CUSTOM
default n
config V2RAY_DISABLE_BLACKHOLE_PROTO
bool "Disable Blackhole Protocol"
depends on V2RAY_DISABLE_CUSTOM
default n
config V2RAY_DISABLE_DNS_PROXY
bool "Disable DNS Proxy"
depends on V2RAY_DISABLE_CUSTOM
default n
config V2RAY_DISABLE_DOKODEMO_PROTO
bool "Disable Dokodemo-door Protocol"
depends on V2RAY_DISABLE_CUSTOM
default n
config V2RAY_DISABLE_FREEDOM_PROTO
bool "Disable Freedom Protocol"
depends on V2RAY_DISABLE_CUSTOM
default n
config V2RAY_DISABLE_MTPROTO_PROXY
bool "Disable MTProto Proxy"
depends on V2RAY_DISABLE_CUSTOM
default n
config V2RAY_DISABLE_HTTP_PROTO
bool "Disable HTTP Protocol"
depends on V2RAY_DISABLE_CUSTOM
default n
config V2RAY_DISABLE_SHADOWSOCKS_PROTO
bool "Disable Shadowsocks Protocol"
depends on V2RAY_DISABLE_CUSTOM
default n
config V2RAY_DISABLE_SOCKS_PROTO
bool "Disable Socks Protocol"
depends on V2RAY_DISABLE_CUSTOM
default n
config V2RAY_DISABLE_VMESS_PROTO
bool "Disable VMess Protocol"
depends on V2RAY_DISABLE_CUSTOM
default n
config V2RAY_DISABLE_TCP_TRANS
bool "Disable TCP Transport"
depends on V2RAY_DISABLE_CUSTOM
default n
config V2RAY_DISABLE_MKCP_TRANS
bool "Disable mKCP Transport"
depends on V2RAY_DISABLE_CUSTOM
default n
config V2RAY_DISABLE_WEBSOCKET_TRANS
bool "Disable WebSocket Transport"
depends on V2RAY_DISABLE_CUSTOM
default n
config V2RAY_DISABLE_HTTP2_TRANS
bool "Disable HTTP/2 Transport"
depends on V2RAY_DISABLE_CUSTOM
default n
config V2RAY_DISABLE_DOMAIN_SOCKET_TRANS
bool "Disable Domain Socket Transport"
depends on V2RAY_DISABLE_CUSTOM
default n
config V2RAY_DISABLE_QUIC_TRANS
bool "Disable QUIC Transport"
depends on V2RAY_DISABLE_CUSTOM
default n
endmenu

21
v2ray-core/LICENSE Executable file
View file

@ -0,0 +1,21 @@
MIT License
Copyright (c) 2019 Xingwang Liao
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

308
v2ray-core/Makefile Executable file
View file

@ -0,0 +1,308 @@
#
# Copyright (C) 2019 Xingwang Liao
# Copyright (C) 2020 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=v2ray-core
PKG_VERSION:=4.43.0
PKG_RELEASE:=1
#PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE:=v$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/v2fly/v2ray-core/archive/refs/tags/
PKG_HASH:=f27b8fe8e1e102b0297339ee368c8b650fde0f949e0d90e1229ff6744f99ba0f
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
PKG_MAINTAINER:=Yannick Chabanois <ycarus@zugaina.org>
PKG_CONFIG_DEPENDS := \
CONFIG_V2RAY_JSON_V2CTL \
CONFIG_V2RAY_JSON_INTERNAL \
CONFIG_V2RAY_JSON_NONE \
CONFIG_V2RAY_EXCLUDE_V2CTL \
CONFIG_V2RAY_EXCLUDE_ASSETS \
CONFIG_V2RAY_COMPRESS_UPX \
CONFIG_V2RAY_DISABLE_NONE \
CONFIG_V2RAY_DISABLE_CUSTOM \
CONFIG_V2RAY_DISABLE_DNS \
CONFIG_V2RAY_DISABLE_LOG \
CONFIG_V2RAY_DISABLE_POLICY \
CONFIG_V2RAY_DISABLE_REVERSE \
CONFIG_V2RAY_DISABLE_ROUTING \
CONFIG_V2RAY_DISABLE_STATISTICS \
CONFIG_V2RAY_DISABLE_BLACKHOLE_PROTO \
CONFIG_V2RAY_DISABLE_DNS_PROXY \
CONFIG_V2RAY_DISABLE_DOKODEMO_PROTO \
CONFIG_V2RAY_DISABLE_FREEDOM_PROTO \
CONFIG_V2RAY_DISABLE_MTPROTO_PROXY \
CONFIG_V2RAY_DISABLE_HTTP_PROTO \
CONFIG_V2RAY_DISABLE_SHADOWSOCKS_PROTO \
CONFIG_V2RAY_DISABLE_SOCKS_PROTO \
CONFIG_V2RAY_DISABLE_VMESS_PROTO \
CONFIG_V2RAY_DISABLE_TCP_TRANS \
CONFIG_V2RAY_DISABLE_MKCP_TRANS \
CONFIG_V2RAY_DISABLE_WEBSOCKET_TRANS \
CONFIG_V2RAY_DISABLE_HTTP2_TRANS \
CONFIG_V2RAY_DISABLE_DOMAIN_SOCKET_TRANS \
CONFIG_V2RAY_DISABLE_QUIC_TRANS
PKG_BUILD_DEPENDS:=golang/host
PKG_BUILD_PARALLEL:=1
PKG_USE_MIPS16:=0
GO_PKG:=github.com/v2fly/v2ray-core/v4
GO_PKG_LDFLAGS:=-s -w
include $(INCLUDE_DIR)/package.mk
include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk
define Package/v2ray-core
TITLE:=A platform for building proxies
URL:=https://www.v2fly.org
SECTION:=net
CATEGORY:=Network
SUBMENU:=Project V
DEPENDS:=$(GO_ARCH_DEPENDS) +ca-bundle +protobuf
endef
define Package/v2ray-core/config
source "$(SOURCE)/Config.in"
endef
define Package/v2ray-core/description
Project V is a set of network tools that help you to build your own computer network.
It secures your network connections and thus protects your privacy.
This package contains v2ray, v2ctl and v2ray-assets.
endef
V2RAY_SED_ARGS:=
ifeq ($(CONFIG_V2RAY_JSON_INTERNAL),y)
V2RAY_SED_ARGS += \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/main\/json"/\/\/ &/; \
/\/\/ _ "github.com\/v2fly\/v2ray-core\/v4\/main\/jsonem"/s/\/\/ //;
else ifeq ($(CONFIG_V2RAY_JSON_NONE),y)
V2RAY_SED_ARGS += \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/main\/json"/\/\/ &/;
endif
ifeq ($(CONFIG_V2RAY_DISABLE_CUSTOM),y)
ifeq ($(CONFIG_V2RAY_DISABLE_DNS),y)
V2RAY_SED_ARGS += \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/app\/dns"/\/\/ &/;
endif
ifeq ($(CONFIG_V2RAY_DISABLE_LOG),y)
V2RAY_SED_ARGS += \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/app\/log"/\/\/ &/; \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/app\/log\/command"/\/\/ &/;
endif
ifeq ($(CONFIG_V2RAY_DISABLE_POLICY),y)
V2RAY_SED_ARGS += \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/app\/policy"/\/\/ &/;
endif
ifeq ($(CONFIG_V2RAY_DISABLE_REVERSE),y)
V2RAY_SED_ARGS += \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/app\/reverse"/\/\/ &/;
endif
ifeq ($(CONFIG_V2RAY_DISABLE_ROUTING),y)
V2RAY_SED_ARGS += \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/app\/router"/\/\/ &/;
endif
ifeq ($(CONFIG_V2RAY_DISABLE_STATISTICS),y)
V2RAY_SED_ARGS += \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/app\/stats"/\/\/ &/; \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/app\/stats\/command"/\/\/ &/;
endif
ifeq ($(CONFIG_V2RAY_DISABLE_BLACKHOLE_PROTO),y)
V2RAY_SED_ARGS += \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/proxy\/blackhole"/\/\/ &/;
endif
ifeq ($(CONFIG_V2RAY_DISABLE_DNS_PROXY),y)
V2RAY_SED_ARGS += \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/proxy\/dns"/\/\/ &/;
endif
ifeq ($(CONFIG_V2RAY_DISABLE_DOKODEMO_PROTO),y)
V2RAY_SED_ARGS += \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/proxy\/dokodemo"/\/\/ &/;
endif
ifeq ($(CONFIG_V2RAY_DISABLE_FREEDOM_PROTO),y)
V2RAY_SED_ARGS += \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/proxy\/freedom"/\/\/ &/;
endif
ifeq ($(CONFIG_V2RAY_DISABLE_MTPROTO_PROXY),y)
V2RAY_SED_ARGS += \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/proxy\/mtproto"/\/\/ &/;
endif
ifeq ($(CONFIG_V2RAY_DISABLE_HTTP_PROTO),y)
V2RAY_SED_ARGS += \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/proxy\/http"/\/\/ &/;
endif
ifeq ($(CONFIG_V2RAY_DISABLE_SHADOWSOCKS_PROTO),y)
V2RAY_SED_ARGS += \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/proxy\/shadowsocks"/\/\/ &/;
endif
ifeq ($(CONFIG_V2RAY_DISABLE_SOCKS_PROTO),y)
V2RAY_SED_ARGS += \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/proxy\/socks"/\/\/ &/;
endif
ifeq ($(CONFIG_V2RAY_DISABLE_VMESS_PROTO),y)
V2RAY_SED_ARGS += \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/proxy\/vmess\/inbound"/\/\/ &/; \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/proxy\/vmess\/outbound"/\/\/ &/;
endif
ifeq ($(CONFIG_V2RAY_DISABLE_TCP_TRANS),y)
V2RAY_SED_ARGS += \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/transport\/internet\/tcp"/\/\/ &/;
endif
ifeq ($(CONFIG_V2RAY_DISABLE_MKCP_TRANS),y)
V2RAY_SED_ARGS += \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/transport\/internet\/kcp"/\/\/ &/;
endif
ifeq ($(CONFIG_V2RAY_DISABLE_WEBSOCKET_TRANS),y)
V2RAY_SED_ARGS += \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/transport\/internet\/websocket"/\/\/ &/;
endif
ifeq ($(CONFIG_V2RAY_DISABLE_HTTP2_TRANS),y)
V2RAY_SED_ARGS += \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/transport\/internet\/http"/\/\/ &/; \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/transport\/internet\/headers\/http"/\/\/ &/;
endif
ifeq ($(CONFIG_V2RAY_DISABLE_DOMAIN_SOCKET_TRANS),y)
V2RAY_SED_ARGS += \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/transport\/internet\/domainsocket"/\/\/ &/;
endif
ifeq ($(CONFIG_V2RAY_DISABLE_QUIC_TRANS),y)
V2RAY_SED_ARGS += \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/transport\/internet\/quic"/\/\/ &/;
endif
ifeq ($(CONFIG_V2RAY_DISABLE_MKCP_TRANS)$(CONFIG_V2RAY_DISABLE_QUIC_TRANS),yy)
V2RAY_SED_ARGS += \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/transport\/internet\/headers\/noop"/\/\/ &/; \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/transport\/internet\/headers\/srtp"/\/\/ &/; \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/transport\/internet\/headers\/tls"/\/\/ &/; \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/transport\/internet\/headers\/utp"/\/\/ &/; \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/transport\/internet\/headers\/wechat"/\/\/ &/; \
s/_ "github.com\/v2fly\/v2ray-core\/v4\/transport\/internet\/headers\/wireguard"/\/\/ &/;
endif
endif
GEOIP_VER:=latest
GEOIP_FILE:=geoip-$(GEOIP_VER).dat
define Download/geoip.dat
URL:=https://github.com/v2ray/geoip/releases/$(GEOIP_VER)/download
URL_FILE:=geoip.dat
FILE:=$(GEOIP_FILE)
HASH:=skip
endef
GEOSITE_VER:=latest
GEOSITE_FILE:=geosite-$(GEOSITE_VER).dat
define Download/geosite.dat
URL:=https://github.com/v2ray/domain-list-community/releases/$(GEOSITE_VER)/download
URL_FILE:=dlc.dat
FILE:=$(GEOSITE_FILE)
HASH:=skip
endef
define Build/Prepare
$(Build/Prepare/Default)
ifneq ($(CONFIG_V2RAY_EXCLUDE_ASSETS),y)
# move file to make sure download new file every build
mv -f $(DL_DIR)/$(GEOIP_FILE) $(PKG_BUILD_DIR)/release/config/geoip.dat
mv -f $(DL_DIR)/$(GEOSITE_FILE) $(PKG_BUILD_DIR)/release/config/geosite.dat
endif
( \
sed -i \
's/\(version[[:space:]]*=[[:space:]]*"\).*\("\)/\1$(PKG_VERSION)\2/; \
s/\(build[[:space:]]*=[[:space:]]*"\).*\("\)/\1OpenWrt R$(PKG_RELEASE)\2/' \
$(PKG_BUILD_DIR)/core.go ; \
)
ifneq ($(V2RAY_SED_ARGS),)
( \
sed -i \
'$(V2RAY_SED_ARGS)' \
$(PKG_BUILD_DIR)/main/distro/all/all.go ; \
)
endif
endef
define Build/Compile
$(eval GO_PKG_BUILD_PKG:=$(GO_PKG)/main)
$(call GoPackage/Build/Compile)
mv -f $(GO_PKG_BUILD_BIN_DIR)/main $(GO_PKG_BUILD_BIN_DIR)/v2ray
ifeq ($(CONFIG_V2RAY_COMPRESS_UPX),y)
upx --ultra-brute $(GO_PKG_BUILD_BIN_DIR)/v2ray
endif
ifneq ($(CONFIG_V2RAY_EXCLUDE_V2CTL),y)
$(eval GO_PKG_BUILD_PKG:=$(GO_PKG)/infra/control/main)
$(call GoPackage/Build/Compile)
mv -f $(GO_PKG_BUILD_BIN_DIR)/main $(GO_PKG_BUILD_BIN_DIR)/v2ctl
ifeq ($(CONFIG_V2RAY_COMPRESS_UPX),y)
upx --ultra-brute $(GO_PKG_BUILD_BIN_DIR)/v2ctl
endif
endif
endef
define Package/v2ray-core/install
$(call GoPackage/Package/Install/Bin,$(PKG_INSTALL_DIR))
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/v2ray $(1)/usr/bin
$(CP) ./files/* $(1)/
ifneq ($(CONFIG_V2RAY_EXCLUDE_V2CTL),y)
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/v2ctl $(1)/usr/bin
endif
ifneq ($(CONFIG_V2RAY_EXCLUDE_ASSETS),y)
$(INSTALL_DATA) \
$(PKG_BUILD_DIR)/release/config/{geoip,geosite}.dat \
$(1)/usr/bin
endif
endef
ifneq ($(CONFIG_V2RAY_EXCLUDE_ASSETS),y)
$(eval $(call Download,geoip.dat))
$(eval $(call Download,geosite.dat))
endif
$(eval $(call GoBinPackage,v2ray-core))
$(eval $(call BuildPackage,v2ray-core))

2
v2ray-core/files/etc/firewall.v2ray-rules Executable file
View file

@ -0,0 +1,2 @@
#!/bin/sh
/etc/init.d/v2ray rules_up

2162
v2ray-core/files/etc/init.d/v2ray Executable file
View file

File diff suppressed because it is too large Load diff

158
v2ray-core/files/etc/uci-defaults/3010-omr-v2ray Executable file
View file

@ -0,0 +1,158 @@
#!/bin/sh
if [ -z "$(uci -q get v2ray.main)" ]; then
touch /etc/config/v2ray
uci batch <<-EOF
set v2ray.main=v2ray
set v2ray.main.v2ray_file='/usr/bin/v2ray'
set v2ray.main.mem_percentage='0'
set v2ray.main.loglevel='debug'
set v2ray.main.access_log='/dev/null'
set v2ray.main.error_log='/dev/null'
set v2ray.main.enabled='0'
set v2ray.main.outbounds='omrout'
set v2ray.main.inbounds='omr'
add_list v2ray.main.inbounds='omrtest'
set v2ray.main_dns=dns
set v2ray.main_dns.hosts='example.com|127.0.0.1'
set v2ray.main_dns.enabled='0'
set v2ray.main_policy=policy
set v2ray.main_policy.enabled='1'
set v2ray.main_policy.levels='policy_level_0'
set v2ray.policy_level_0=policy_level
set v2ray.policy_level_0.level='0'
set v2ray.policy_level_0.handshake='4'
set v2ray.policy_level_0.conn_idle='1200'
set v2ray.policy_level_0.uplink_only='0'
set v2ray.policy_level_0.downlink_only='0'
set v2ray.policy_level_0.buffer_size='512'
set v2ray.main_transparent_proxy=transparent_proxy
set v2ray.main_transparent_proxy.proxy_mode='default'
set v2ray.main_transparent_proxy.apnic_delegated_mirror='apnic'
set v2ray.main_transparent_proxy.gfwlist_mirror='github'
set v2ray.main_transparent_proxy.redirect_udp='1'
set v2ray.main_transparent_proxy.redirect_port='1897'
set v2ray.omrout=outbound
set v2ray.omrout.tag='omrout_tunnel'
set v2ray.omrout.protocol='vless'
set v2ray.omrout.s_vmess_address=''
set v2ray.omrout.s_vmess_port='65228'
set v2ray.omrout.s_vmess_user_id=''
set v2ray.omrout.s_vmess_user_security='none'
set v2ray.omrout.s_vmess_user_alter_id='0'
set v2ray.omrout.s_vless_address=''
set v2ray.omrout.s_vless_port='65228'
set v2ray.omrout.s_vless_user_id=''
set v2ray.omrout.s_vless_user_security='none'
set v2ray.omrout.s_vless_user_encryption='none'
set v2ray.omrout.s_vless_user_alter_id='0'
set v2ray.omrout.ss_network='tcp'
set v2ray.omrout.ss_security='tls'
set v2ray.omrout.ss_tls_allow_insecure='1'
set v2ray.omrout.ss_tls_disable_system_root='1'
set v2ray.omrout.ss_tls_cert_usage='verify'
set v2ray.omrout.ss_tls_cert_file='/etc/luci-uploads/client.crt'
set v2ray.omrout.ss_tls_key_file='/etc/luci-uploads/client.key'
set v2ray.omrout.mux_concurrency='8'
set v2ray.omr=inbound
set v2ray.omr.tag='omrtunnel'
set v2ray.omr.listen='0.0.0.0'
set v2ray.omr.port='1897'
set v2ray.omr.protocol='dokodemo-door'
set v2ray.omr.s_dokodemo_door_network='tcp'
add_list v2ray.omr.s_dokodemo_door_network='udp'
set v2ray.omr.ss_sockopt_tproxy='redirect'
set v2ray.omr.ss_sockopt_tcp_fast_open='1'
set v2ray.omr.s_dokodemo_door_follow_redirect='1'
set v2ray.omr6=inbound
set v2ray.omr6.tag='omrtunnel6'
set v2ray.omr6.listen='::'
set v2ray.omr6.port='1898'
set v2ray.omr6.protocol='dokodemo-door'
set v2ray.omr6.s_dokodemo_door_network='tcp'
add_list v2ray.omr6.s_dokodemo_door_network='udp'
set v2ray.omr6.ss_sockopt_tproxy='tproxy'
set v2ray.omr6.ss_sockopt_tcp_fast_open='1'
set v2ray.omr6.s_dokodemo_door_follow_redirect='1'
set v2ray.omrtest=inbound
set v2ray.omrtest.port='1111'
set v2ray.omrtest.protocol='socks'
set v2ray.omrtest.listen='127.0.0.1'
set v2ray.omrtest.s_socks_auth='noauth'
set v2ray.omrtest.s_socks_udp='1'
set v2ray.omrtest.s_socks_ip='127.0.0.1'
set v2ray.omrtest.s_socks_userlevel='0'
commit v2ray
EOF
fi
uci -q batch <<-EOF >/dev/null
set v2ray.omr.listen='0.0.0.0'
commit v2ray
EOF
if [ "$(uci -q get firewall.v2ray)" = "" ]; then
uci -q batch <<-EOF >/dev/null
set firewall.v2ray=include
set firewall.v2ray.path=/etc/firewall.v2ray-rules
set firewall.v2ray.reload=0
commit firewall
EOF
fi
if [ "$(uci -q get firewall.v2ray.path)" != "/etc/firewall.v2ray-rules" ]; then
uci -q batch <<-EOF >/dev/null
set firewall.v2ray.path=/etc/firewall.v2ray-rules
commit firewall
EOF
fi
if [ "$(uci -q get v2ray.main_reverse.bridges | grep omrbridge)" = "" ]; then
uci -q batch <<-EOF >/dev/null
set v2ray.main_reverse=reverse
set v2ray.main_reverse.enabled=1
set v2ray.main_reverse.bridges='omrbridge|omr.lan'
commit v2ray
EOF
fi
if [ "$(uci -q get v2ray.omrrouting)" = "" ]; then
uci -q batch <<-EOF >/dev/null
set v2ray.omrexit=outbound
set v2ray.omrexit.protocol='freedom'
set v2ray.omrexit.tag='out'
add_list v2ray.main.outbounds=omrexit
set v2ray.omrrouting=routing_rule
set v2ray.omrrouting.type='field'
set v2ray.omrrouting.inbound_tag='omrbridge'
set v2ray.omrrouting.outbound_tag='omrout_tunnel'
set v2ray.omrrouting.domain='full:omr.lan'
set v2ray.omrroutingo=routing_rule
set v2ray.omrroutingo.type='field'
set v2ray.omrroutingo.inbound_tag='omrbridge'
set v2ray.omrroutingo.outbound_tag='out'
set v2ray.main_routing=routing
set v2ray.main_routing.enabled=1
set v2ray.main_routing.rules='omrrouting'
add_list v2ray.main_routing.rules='omrroutingo'
commit v2ray
EOF
fi
if [ "$(uci -q get v2ray.main.error_log)" != "/dev/null" ]; then
uci -q batch <<-EOF >/dev/null
set v2ray.main.error_log='/dev/null'
commit v2ray
EOF
fi
#if [ "$(uci -q get v2ray.main.mem_percentage)" = "0" ]; then
# uci -q batch <<-EOF >/dev/null
# set v2ray.main.mem_percentage='80'
# commit v2ray
# EOF
#fi
if [ "$(uci -q get v2ray.policy_level_0.conn_idle)" = "2400" ]; then
uci -q batch <<-EOF >/dev/null
set v2ray.policy_level_0.conn_idle='1200'
commit v2ray
EOF
fi
exit 0

307
v2ray-core/files/usr/bin/v2ray-rules Executable file
View file

@ -0,0 +1,307 @@
#!/bin/sh -e
#
# Copyright (C) 2017 Yousong Zhou <yszhou4tech@gmail.com>
# Copyright (C) 2018-2021 Ycarus (Yannick Chabanois) <ycarus@zugaina.org> for OpenMPTCProuter
#
# The design idea was derived from ss-rules by Jian Chang <aa65535@live.com>
#
# This is free software, licensed under the GNU General Public License v3.
# See /LICENSE for more information.
#
v2r_rules_usage() {
cat >&2 <<EOF
Usage: v2ray-rules [options]
-h, --help Show this help message then exit
-f, --flush Flush rules, ipset then exit
-l <port> Local port number of ss-redir with TCP mode
-L <port> Local port number of ss-redir with UDP mode
-s <ips> List of ip addresses of remote shadowsocks server
--ifnames Only apply rules on packets from these ifnames
--src-bypass <ips|cidr>
--src-forward <ips|cidr>
--src-checkdst <ips|cidr>
--src-default <bypass|forward|checkdst>
Packets will have their src ip checked in order against
bypass, forward, checkdst list and will bypass, forward
through, or continue to have their dst ip checked
respectively on the first match. Otherwise, --src-default
decide the default action
--dst-bypass <ips|cidr>
--dst-forward <ips|cidr>
--dst-bypass-file <file>
--dst-forward-file <file>
--dst-default <bypass|forward>
Same as with their --src-xx equivalent
--dst-forward-recentrst
Forward those packets whose destinations have recently
sent to us multiple tcp-rst packets
--local-default <bypass|forward|checkdst>
Default action for local out TCP traffic
The following ipsets will be created by ss-rules. They are also intended to be
populated by other programs like dnsmasq with ipset support
ss_rules_src_bypass
ss_rules_src_forward
ss_rules_src_checkdst
ss_rules_dst_bypass
ss_rules_dst_bypass_all
ss_rules_dst_forward
EOF
}
o_dst_bypass_="
0.0.0.0/8
10.0.0.0/8
100.64.0.0/10
127.0.0.0/8
169.254.0.0/16
172.16.0.0/12
192.0.0.0/24
192.0.2.0/24
192.31.196.0/24
192.52.193.0/24
192.88.99.0/24
192.168.0.0/16
192.175.48.0/24
198.18.0.0/15
198.51.100.0/24
203.0.113.0/24
224.0.0.0/4
240.0.0.0/4
255.255.255.255
"
o_src_default=bypass
o_dst_default=bypass
o_local_default=bypass
__errmsg() {
echo "v2ray-rules: $*" >&2
}
v2r_rules_parse_args() {
while [ "$#" -gt 0 ]; do
case "$1" in
-h|--help) v2r_rules_usage; exit 0;;
-f|--flush) v2r_rules_flush; exit 0;;
-l) o_redir_tcp_port="$2"; shift 2;;
-L) o_redir_udp_port="$2"; shift 2;;
-s) o_remote_servers="$2"; shift 2;;
--ifnames) o_ifnames="$2"; shift 2;;
--ipt-extra) o_ipt_extra="$2"; shift 2;;
--src-default) o_src_default="$2"; shift 2;;
--dst-default) o_dst_default="$2"; shift 2;;
--local-default) o_local_default="$2"; shift 2;;
--src-bypass) o_src_bypass="$2"; shift 2;;
--src-forward) o_src_forward="$2"; shift 2;;
--src-checkdst) o_src_checkdst="$2"; shift 2;;
--dst-bypass) o_dst_bypass="$2"; shift 2;;
--dst-bypass_all) o_dst_bypass_all="$2"; shift 2;;
--dst-forward) o_dst_forward="$2"; shift 2;;
--dst-forward-recentrst) o_dst_forward_recentrst=1; shift 1;;
--dst-bypass-file) o_dst_bypass_file="$2"; shift 2;;
--dst-forward-file) o_dst_forward_file="$2"; shift 2;;
--rule-name) rule="$2"; shift 2;;
*) __errmsg "unknown option $1"; return 1;;
esac
done
if [ -z "$o_redir_tcp_port" -a -z "$o_redir_udp_port" ]; then
__errmsg "Requires at least -l or -L option"
return 1
fi
if [ -n "$o_dst_forward_recentrst" ] && ! iptables -w -m recent -h >/dev/null; then
__errmsg "Please install iptables-mod-conntrack-extra with opkg"
return 1
fi
o_remote_servers="$(for s in $o_remote_servers; do resolveip -4 "$s"; done)"
}
v2r_rules_flush() {
local setname
iptables-save --counters | grep -v v2r_ | iptables-restore -w --counters
while ip rule del fwmark 1 lookup 100 2>/dev/null; do true; done
ip route flush table 100 || true
for setname in $(ipset -n list | grep "ssr_${rule}"); do
ipset destroy "$setname" 2>/dev/null || true
done
}
v2r_rules_ipset_init() {
ipset --exist restore <<-EOF
create ssr_${rule}_src_bypass hash:net hashsize 64
create ssr_${rule}_src_forward hash:net hashsize 64
create ssr_${rule}_src_checkdst hash:net hashsize 64
create ss_rules_dst_bypass_all hash:net hashsize 64
create ssr_${rule}_dst_bypass hash:net hashsize 64
create ssr_${rule}_dst_bypass_ hash:net hashsize 64
create ssr_${rule}_dst_forward hash:net hashsize 64
create ss_rules_dst_forward_recentrst_ hash:ip hashsize 64 timeout 3600
$(v2r_rules_ipset_mkadd ssr_${rule}_dst_bypass_ "$o_dst_bypass_ $o_remote_servers")
$(v2r_rules_ipset_mkadd ss_rules_dst_bypass_all "$o_dst_bypass_all")
$(v2r_rules_ipset_mkadd ssr_${rule}_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')")
$(v2r_rules_ipset_mkadd ssr_${rule}_src_bypass "$o_src_bypass")
$(v2r_rules_ipset_mkadd ssr_${rule}_src_forward "$o_src_forward")
$(v2r_rules_ipset_mkadd ssr_${rule}_src_checkdst "$o_src_checkdst")
$(v2r_rules_ipset_mkadd ssr_${rule}_dst_forward "$o_dst_forward $(cat "$o_dst_forward_file" 2>/dev/null | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')")
EOF
}
v2r_rules_ipset_mkadd() {
local setname="$1"; shift
local i
for i in $*; do
echo "add $setname $i"
done
}
v2r_rules_iptchains_init() {
v2r_rules_iptchains_init_mark
v2r_rules_iptchains_init_tcp
v2r_rules_iptchains_init_udp
}
v2r_rules_iptchains_init_mark() {
if [ "$(iptables -w -t mangle -L PREROUTING | grep ss_rules_dst_bypass_all)" = "" ]; then
iptables-restore -w --noflush <<-EOF
*mangle
-A PREROUTING -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-mark 0x539
COMMIT
EOF
fi
}
v2r_rules_iptchains_init_tcp() {
local local_target
[ -n "$o_redir_tcp_port" ] || return 0
v2r_rules_iptchains_init_ nat tcp
case "$o_local_default" in
checkdst) local_target=v2r_${rule}_dst ;;
forward) local_target=v2r_${rule}_forward ;;
bypass|*) return 0;;
esac
iptables-restore -w --noflush <<-EOF
*nat
:v2r_${rule}_local_out -
-I OUTPUT 1 -p tcp -j v2r_${rule}_local_out
-A v2r_${rule}_local_out -m set --match-set ssr_${rule}_dst_bypass dst -j RETURN
-A v2r_${rule}_local_out -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
-A v2r_${rule}_local_out -m set --match-set ssr_${rule}_dst_bypass_ dst -j RETURN
-A v2r_${rule}_local_out -m mark --mark 0x539 -j RETURN
-A v2r_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
COMMIT
EOF
}
v2r_rules_iptchains_init_udp() {
[ -n "$o_redir_udp_port" ] || return 0
v2r_rules_iptchains_init_ mangle udp
}
v2r_rules_iptchains_init_() {
local table="$1"
local proto="$2"
local forward_rules
local src_default_target dst_default_target
local recentrst_mangle_rules recentrst_addset_rules
case "$proto" in
tcp)
forward_rules="-A v2r_${rule}_forward -p tcp -j REDIRECT --to-ports $o_redir_tcp_port"
if [ -n "$o_dst_forward_recentrst" ]; then
recentrst_mangle_rules="
*mangle
-I PREROUTING 1 -p tcp -m tcp --tcp-flags RST RST -m recent --name v2r_recentrst --set --rsource
COMMIT
"
recentrst_addset_rules="
-A v2r_${rule}_dst -m recent --name v2r_recentrst --rcheck --rdest --seconds 3 --hitcount 3 -j SET --add-set ss_rules_dst_forward_recentrst_ dst --exist
-A v2r_${rule}_dst -m set --match-set ss_rules_dst_forward_recentrst_ dst -j v2r_${rule}_forward
"
fi
;;
udp)
ip rule add fwmark 1 lookup 100 || true
ip route add local default dev lo table 100 || true
forward_rules="-A v2r_${rule}_forward -p udp -j TPROXY --on-port "$o_redir_udp_port" --tproxy-mark 0x01/0x01"
;;
esac
case "$o_src_default" in
forward) src_default_target=v2r_${rule}_forward ;;
checkdst) src_default_target=v2r_${rule}_dst ;;
bypass|*) src_default_target=RETURN ;;
esac
case "$o_dst_default" in
forward) dst_default_target=v2r_${rule}_forward ;;
bypass|*) dst_default_target=RETURN ;;
esac
sed -e '/^\s*$/d' -e 's/^\s\+//' <<-EOF | iptables-restore -w --noflush
*$table
:v2r_${rule}_pre_src -
:v2r_${rule}_src -
:v2r_${rule}_dst -
:v2r_${rule}_forward -
$(v2r_rules_iptchains_mkprerules "$proto")
-A v2r_${rule}_pre_src -m set --match-set ssr_${rule}_dst_bypass_ dst -j RETURN
-A v2r_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-mark 0x539
-A v2r_${rule}_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
-A v2r_${rule}_pre_src -m set --match-set ssr_${rule}_dst_bypass dst -j RETURN
-A v2r_${rule}_pre_src -m mark --mark 0x539 -j RETURN
-A v2r_${rule}_dst -m set --match-set ss_rules_dst_bypass_all dst -j RETURN
-A v2r_${rule}_dst -m set --match-set ssr_${rule}_dst_bypass dst -j RETURN
-A v2r_${rule}_pre_src -p $proto $o_ipt_extra -j v2r_${rule}_src
-A v2r_${rule}_src -m set --match-set ssr_${rule}_src_bypass src -j RETURN
-A v2r_${rule}_src -m set --match-set ssr_${rule}_src_forward src -j v2r_${rule}_forward
-A v2r_${rule}_src -m set --match-set ssr_${rule}_src_checkdst src -j v2r_${rule}_dst
-A v2r_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default"
-A v2r_${rule}_dst -m set --match-set ssr_${rule}_dst_forward dst -j v2r_${rule}_forward
$recentrst_addset_rules
-A v2r_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default"
$forward_rules
COMMIT
$recentrst_mangle_rules
EOF
}
v2r_rules_iptchains_mkprerules() {
local proto="$1"
if [ -z "$o_ifnames" ]; then
echo "-A PREROUTING -p $proto -j v2r_${rule}_pre_src"
else
echo $o_ifnames \
| tr ' ' '\n' \
| sed "s/.*/-I PREROUTING 1 -i \\0 -p $proto -j v2r_${rule}_pre_src/"
fi
}
v2r_rules_fw_drop() {
fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
eval "iptables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
fi
done
fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/drop/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
eval "iptables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
fi
done
}
v2r_rules_parse_args "$@"
#v2r_rules_flush
v2r_rules_ipset_init
v2r_rules_iptchains_init
v2r_rules_fw_drop

298
v2ray-core/files/usr/bin/v2ray-rules6 Executable file
View file

@ -0,0 +1,298 @@
#!/bin/sh -e
#
# Copyright (C) 2017 Yousong Zhou <yszhou4tech@gmail.com>
# Copyright (C) 2018-2021 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
#
# The design idea was derived from ss-rules by Jian Chang <aa65535@live.com>
#
# This is free software, licensed under the GNU General Public License v3.
# See /LICENSE for more information.
#
v2ray_rules6_usage() {
cat >&2 <<EOF
Usage: v2ray-rules6 [options]
-h, --help Show this help message then exit
-f, --flush Flush rules, ipset then exit
-l <port> Local port number of ss-redir with TCP mode
-L <port> Local port number of ss-redir with UDP mode
-s <ips> List of ip addresses of remote shadowsocks server
--ifnames Only apply rules on packets from these ifnames
--src-bypass <ips|cidr>
--src-forward <ips|cidr>
--src-checkdst <ips|cidr>
--src-default <bypass|forward|checkdst>
Packets will have their src ip checked in order against
bypass, forward, checkdst list and will bypass, forward
through, or continue to have their dst ip checked
respectively on the first match. Otherwise, --src-default
decide the default action
--dst-bypass <ips|cidr>
--dst-forward <ips|cidr>
--dst-bypass-file <file>
--dst-forward-file <file>
--dst-default <bypass|forward>
Same as with their --src-xx equivalent
--dst-forward-recentrst
Forward those packets whose destinations have recently
sent to us multiple tcp-rst packets
--local-default <bypass|forward|checkdst>
Default action for local out TCP traffic
The following ipsets will be created by ss-rules. They are also intended to be
populated by other programs like dnsmasq with ipset support
v2ray_rules6_src_bypass
v2ray_rules6_src_forward
v2ray_rules6_src_checkdst
v2ray_rules6_dst_bypass
v2ray_rules6_dst_forward
EOF
}
o_dst_bypass_="
fe80::/10
fd00::/8
::1
"
o_src_default=bypass
o_dst_default=bypass
o_local_default=bypass
__errmsg() {
echo "ss-rules6: $*" >&2
}
v2ray_rules6_parse_args() {
while [ "$#" -gt 0 ]; do
case "$1" in
-h|--help) v2ray_rules6_usage; exit 0;;
-f|--flush) v2ray_rules6_flush; exit 0;;
-l) o_redir_tcp_port="$2"; shift 2;;
-L) o_redir_udp_port="$2"; shift 2;;
-s) o_remote_servers="$2"; shift 2;;
--ifnames) o_ifnames="$2"; shift 2;;
--ipt-extra) o_ipt_extra="$2"; shift 2;;
--src-default) o_src_default="$2"; shift 2;;
--dst-default) o_dst_default="$2"; shift 2;;
--local-default) o_local_default="$2"; shift 2;;
--src-bypass) o_src_bypass="$2"; shift 2;;
--src-forward) o_src_forward="$2"; shift 2;;
--src-checkdst) o_src_checkdst="$2"; shift 2;;
--dst-bypass) o_dst_bypass="$2"; shift 2;;
--dst-bypass_all) o_dst_bypass_all="$2"; shift 2;;
--dst-forward) o_dst_forward="$2"; shift 2;;
--dst-forward-recentrst) o_dst_forward_recentrst=1; shift 1;;
--dst-bypass-file) o_dst_bypass_file="$2"; shift 2;;
--dst-forward-file) o_dst_forward_file="$2"; shift 2;;
--rule-name) rule="$2"; shift 2;;
*) __errmsg "unknown option $1"; return 1;;
esac
done
if [ -z "$o_redir_tcp_port" -a -z "$o_redir_udp_port" ]; then
__errmsg "Requires at least -l or -L option"
return 1
fi
if [ -n "$o_dst_forward_recentrst" ] && ! ip6tables -w -m recent -h >/dev/null; then
__errmsg "Please install ip6tables-mod-conntrack-extra with opkg"
return 1
fi
o_remote_servers="$(for s in $o_remote_servers; do resolveip -6 "$s"; done)"
}
v2ray_rules6_flush() {
local setname
ip6tables-save --counters | grep -v v2r6_ | ip6tables-restore -w --counters
while ip -f inet6 rule del fwmark 1 lookup 100 2>/dev/null; do true; done
ip -f inet6 route flush table 100 || true
for setname in $(ipset -n list | grep "ssr6_${rule}"); do
ipset destroy "$setname" 2>/dev/null || true
done
}
v2ray_rules6_ipset_init() {
ipset --exist restore <<-EOF
create ssr6_${rule}_src_bypass hash:net family inet6 hashsize 64
create ssr6_${rule}_src_forward hash:net family inet6 hashsize 64
create ssr6_${rule}_src_checkdst hash:net family inet6 hashsize 64
create ssr6_${rule}_dst_bypass hash:net family inet6 hashsize 64
create ss_rules6_dst_bypass_all hash:net family inet6 hashsize 64
create ssr6_${rule}_dst_bypass_ hash:net family inet6 hashsize 64
create ssr6_${rule}_dst_forward hash:net family inet6 hashsize 64
create ss_rules6_dst_forward_recrst_ hash:ip family inet6 hashsize 64 timeout 3600
$(v2ray_rules6_ipset_mkadd ssr6_${rule}_dst_bypass_ "$o_dst_bypass_ $o_remote_servers")
$(v2ray_rules6_ipset_mkadd ss_rules6_dst_bypass_all "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')")
$(v2ray_rules6_ipset_mkadd ssr6_${rule}_dst_bypass "$o_dst_bypass $(cat "$o_dst_bypass_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')")
$(v2ray_rules6_ipset_mkadd ssr6_${rule}_src_bypass "$o_src_bypass")
$(v2ray_rules6_ipset_mkadd ssr6_${rule}_src_forward "$o_src_forward")
$(v2ray_rules6_ipset_mkadd ssr6_${rule}_src_checkdst "$o_src_checkdst")
$(v2ray_rules6_ipset_mkadd ssr6_${rule}_dst_forward "$o_dst_forward $(cat "$o_dst_forward_file" 2>/dev/null | grep -o '\([0-9a-fA-F]\{0,4\}:\)\{1,7\}[0-9a-fA-F]\{0,4\}')")
EOF
}
v2ray_rules6_ipset_mkadd() {
local setname="$1"; shift
local i
for i in $*; do
echo "add $setname $i"
done
}
v2ray_rules6_iptchains_init() {
v2ray_rules6_iptchains_init_mark
v2ray_rules6_iptchains_init_tcp
v2ray_rules6_iptchains_init_udp
}
v2ray_rules6_iptchains_init_mark() {
ip6tables-restore -w --noflush <<-EOF
*mangle
-A PREROUTING -m set --match-set ss_rules6_dst_bypass_all dst -j MARK --set-mark 0x6539
COMMIT
EOF
}
v2ray_rules6_iptchains_init_tcp() {
local local_target
[ -n "$o_redir_tcp_port" ] || return 0
#v2ray_rules6_iptchains_init_ nat tcp
v2ray_rules6_iptchains_init_ mangle tcp
case "$o_local_default" in
checkdst) local_target=v2r6_${rule}_dst ;;
forward) local_target=v2r6_${rule}_forward ;;
bypass|*) return 0;;
esac
# echo "tcp mangle"
# ip6tables-restore -w --noflush <<-EOF
# *mangle
# :v2r6_${rule}_local_out -
# -I OUTPUT 1 -p tcp -j v2r6_${rule}_local_out
# -A v2r6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass dst -j RETURN
# -A v2r6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
# -A v2r6_${rule}_local_out -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN
# -A v2r6_${rule}_local_out -m mark --mark 0x6539 -j RETURN
# -A v2r6_${rule}_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
# COMMIT
# EOF
# echo "done"
}
v2ray_rules6_iptchains_init_udp() {
[ -n "$o_redir_udp_port" ] || return 0
v2ray_rules6_iptchains_init_ mangle udp
}
v2ray_rules6_iptchains_init_() {
local table="$1"
local proto="$2"
local forward_rules
local src_default_target dst_default_target
local recentrst_mangle_rules recentrst_addset_rules
case "$proto" in
tcp)
#forward_rules="-A v2r6_${rule}_forward -p tcp -j REDIRECT --to-ports $o_redir_tcp_port"
forward_rules="-A v2r6_${rule}_forward -p tcp -j TPROXY --on-port $o_redir_tcp_port --tproxy-mark 0x01/0x01"
if [ -n "$o_dst_forward_recentrst" ]; then
recentrst_mangle_rules="
*mangle
-I PREROUTING 1 -p tcp -m tcp --tcp-flags RST RST -m recent --name ss_rules6_recentrst --set --rsource
COMMIT
"
recentrst_addset_rules="
-A v2r6_${rule}_dst -m recent --name ss_rules6_recentrst --rcheck --rdest --seconds 3 --hitcount 3 -j SET --add-set ss_rules6_dst_forward_recrst_ dst --exist
-A v2r6_${rule}_dst -m set --match-set ss_rules6_dst_forward_recrst_ dst -j v2r6_${rule}_forward
"
fi
;;
udp)
ip -f inet6 rule add fwmark 1 lookup 100 || true
ip -f inet6 route add local default dev lo table 100 || true
forward_rules="
-A v2r6_${rule}_forward -p udp -j TPROXY --on-port "$o_redir_udp_port" --tproxy-mark 0x01/0x01
-A v2r6_${rule}_forward -p tcp -j TPROXY --on-port "$o_redir_udp_port" --tproxy-mark 0x01/0x01
"
;;
esac
case "$o_src_default" in
forward) src_default_target=v2r6_${rule}_forward ;;
checkdst) src_default_target=v2r6_${rule}_dst ;;
bypass|*) src_default_target=RETURN ;;
esac
case "$o_dst_default" in
forward) dst_default_target=v2r6_${rule}_forward ;;
bypass|*) dst_default_target=RETURN ;;
esac
sed -e '/^\s*$/d' -e 's/^\s\+//' <<-EOF | ip6tables-restore -w --noflush
*$table
:v2r6_${rule}_pre_src -
:v2r6_${rule}_src -
:v2r6_${rule}_dst -
:v2r6_${rule}_forward -
$(v2ray_rules6_iptchains_mkprerules "udp")
$(v2ray_rules6_iptchains_mkprerules "tcp")
-A v2r6_${rule}_pre_src -m set --match-set ssr6_${rule}_dst_bypass_ dst -j RETURN
-A v2r6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j MARK --set-mark 0x6539
-A v2r6_${rule}_pre_src -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
-A v2r6_${rule}_pre_src -m set --match-set ssr6_${rule}_dst_bypass dst -j RETURN
-A v2r6_${rule}_pre_src -m mark --mark 0x6539 -j RETURN
-A v2r6_${rule}_dst -m set --match-set ss_rules6_dst_bypass_all dst -j RETURN
-A v2r6_${rule}_dst -m set --match-set ssr6_${rule}_dst_bypass dst -j RETURN
-A v2r6_${rule}_pre_src -p tcp $o_ipt_extra -j v2r6_${rule}_src
-A v2r6_${rule}_pre_src -p udp $o_ipt_extra -j v2r6_${rule}_src
-A v2r6_${rule}_src -m set --match-set ssr6_${rule}_src_bypass src -j RETURN
-A v2r6_${rule}_src -m set --match-set ssr6_${rule}_src_forward src -j v2r6_${rule}_forward
-A v2r6_${rule}_src -m set --match-set ssr6_${rule}_src_checkdst src -j v2r6_${rule}_dst
-A v2r6_${rule}_src -j $src_default_target -m comment --comment "src_default: $o_src_default"
-A v2r6_${rule}_dst -m set --match-set ssr6_${rule}_dst_forward dst -j v2r6_${rule}_forward
$recentrst_addset_rules
-A v2r6_${rule}_dst -j $dst_default_target -m comment --comment "dst_default: $o_dst_default"
$forward_rules
COMMIT
$recentrst_mangle_rules
EOF
}
v2ray_rules6_iptchains_mkprerules() {
local proto="$1"
if [ -z "$o_ifnames" ]; then
echo "-A PREROUTING -p $proto -j v2r6_${rule}_pre_src"
else
echo $o_ifnames \
| tr ' ' '\n' \
| sed "s/.*/-I PREROUTING 1 -i \\0 -p $proto -j v2r6_${rule}_pre_src/"
fi
}
v2ray_rules6_fw_drop() {
fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
eval "ip6tables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
fi
done
fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
while IFS=$"\n" read -r c; do
fwrule=$(echo "$c" | sed 's/drop/REDIRECT --to-ports 65535/')
if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
eval "ip6tables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
fi
done
}
v2ray_rules6_parse_args "$@"
v2ray_rules6_flush
v2ray_rules6_ipset_init
v2ray_rules6_iptchains_init
v2ray_rules6_fw_drop