mirror of
https://github.com/Ysurac/openmptcprouter-feeds.git
synced 2025-03-09 15:40:03 +00:00
Add DPI support to OMR-Bypass
This commit is contained in:
Ycarus
parent
dfbba31e1d
commit
d90d5ea374
11 changed files with 181 additions and 16 deletions
|
|
@ -6,7 +6,7 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
LUCI_TITLE:=LuCI Interface to bypass domains
|
||||
LUCI_DEPENDS:=+dnsmasq-full +shadowsocks-libev-ss-rules
|
||||
LUCI_DEPENDS:=+dnsmasq-full +shadowsocks-libev-ss-rules +iptables-mod-ndpi +iptables-mod-extra
|
||||
|
||||
PKG_LICENSE:=GPLv3
|
||||
|
||||
|
|
|
|||
|
|
@ -24,18 +24,21 @@ function bypass_add()
|
|||
end
|
||||
end
|
||||
end
|
||||
ucic:delete("omr-bypass","ips","ip")
|
||||
if table.getn(ip_ipset) > 0 then
|
||||
for _, i in pairs(ip_ipset) do
|
||||
ucic:set_list("omr-bypass","ips","ip",ip_ipset)
|
||||
end
|
||||
ucic:set_list("omr-bypass","ips","ip",ip_ipset)
|
||||
|
||||
local dpi = luci.http.formvalue("cbid.omr-bypass.dpi")
|
||||
if (type(dpi) ~= "table") then
|
||||
dpi = {dpi}
|
||||
end
|
||||
ucic:set_list("omr-bypass","dpi","proto",dpi)
|
||||
|
||||
ucic:save("omr-bypass")
|
||||
ucic:commit("omr-bypass")
|
||||
ucic:set_list("dhcp",ucic:get_first("dhcp","dnsmasq"),"ipset",domains_ipset .. "/ss_rules_dst_bypass")
|
||||
ucic:save("dhcp")
|
||||
ucic:commit("dhcp")
|
||||
--luci.sys.exec("/etc/init.d/dnsmasq restart")
|
||||
luci.sys.exec("/etc/init.d/omr-bypass restart")
|
||||
luci.http.redirect(luci.dispatcher.build_url("admin/services/omr-bypass"))
|
||||
return
|
||||
end
|
||||
|
|
@ -1,11 +1,14 @@
|
|||
<%+header%>
|
||||
|
||||
<script type="text/javascript" src="<%=resource%>/cbi.js" data-strings="{"path":{"resource":"\/luci-static\/resources","browser":"\/cgi-bin\/luci\/admin\/filebrowser"},"label":{"choose":"-- Choisir --","custom":"-- autre --"}}"></script>
|
||||
<script type="text/javascript" src="<%=resource%>/cbi.js?v=git-18.170.32705-0f524f1" data-strings="{"path":{"resource":"\/luci-static\/resources","browser":"\/cgi-bin\/luci\/admin\/filebrowser"},"label":{"choose":"-- Choisir --","custom":"-- autre --"}}"></script>
|
||||
|
||||
<%
|
||||
local uci = require("luci.model.uci").cursor()
|
||||
local hosts = uci:get_list("dhcp", uci:get_first("dhcp","dnsmasq"), "ipset")
|
||||
local ips = uci:get_list("omr-bypass", "ips", "ip")
|
||||
local dpi = uci:get_list("omr-bypass", "dpi", "proto")
|
||||
local tmpfile = os.tmpname()
|
||||
local dpi_available_proto = luci.util.execi("cat /proc/net/xt_ndpi/proto | awk '{print $3}' | sort -u | head -n -1")
|
||||
%>
|
||||
|
||||
<% if stderr and #stderr > 0 then %><pre class="error"><%=pcdata(stderr)%></pre><% end %>
|
||||
|
|
@ -25,7 +28,12 @@
|
|||
for hst in string.gmatch(host,"([^/]*)/") do
|
||||
if hst ~= "" then
|
||||
%>
|
||||
<input class="cbi-input-text" value="<%=hst%>" data-update="change" type="text" id="cbid.omr-bypass.hosts.<%=j%>" name="cbid.omr-bypass.hosts" placeholder="google.com" /><br />
|
||||
<input class="cbi-input-text" value="<%=hst%>" data-update="change" type="text" id="cbid.omr-bypass.hosts.<%=j%>" name="cbid.omr-bypass.hosts" placeholder="google.com" />
|
||||
<br />
|
||||
<div class="cbi-value-description">
|
||||
<span class="cbi-value-helpicon"><img src="/luci-static/resources/cbi/help.gif" alt="help" /></span>
|
||||
<%:You need to use OpenMPTCProuter as DNS server when you want to bypass a domain%>
|
||||
</div>
|
||||
<%
|
||||
end
|
||||
end
|
||||
|
|
@ -38,7 +46,12 @@
|
|||
end
|
||||
if j == 1 then
|
||||
%>
|
||||
<input class="cbi-input-text" value="" data-update="change" type="text" id="cbid.omr-bypass.hosts.1" name="cbid.omr-bypass.hosts" placeholder="google.com" /><br />
|
||||
<input class="cbi-input-text" value="" data-update="change" type="text" id="cbid.omr-bypass.hosts.1" name="cbid.omr-bypass.hosts" placeholder="google.com" />
|
||||
<br />
|
||||
<div class="cbi-value-description">
|
||||
<span class="cbi-value-helpicon"><img src="/luci-static/resources/cbi/help.gif" alt="help" /></span>
|
||||
<%:You need to use OpenMPTCProuter as DNS server when you want to bypass a domain%>
|
||||
</div>
|
||||
<%
|
||||
end
|
||||
%>
|
||||
|
|
@ -46,6 +59,38 @@
|
|||
</div>
|
||||
</div>
|
||||
</fieldset>
|
||||
<fieldset class="cbi-section" id="dpi">
|
||||
<div class="cbi-section-descr"><%:Set protocols you want to bypass.%></div>
|
||||
<div class="cbi-value cbi-value-last" id="cbi-omr-tracker-dpi" data-depends="[]" data-index="<%=table.getn(dpi)%>">
|
||||
<label class="cbi-value-title" for="cbid.omr-tracker.dpi"><%:Protocol%></label>
|
||||
<div class="cbi-value-field">
|
||||
<%
|
||||
local allprt=""""
|
||||
for prt in dpi_available_proto do
|
||||
allprt=allprt .. ","" .. prt .. """
|
||||
end
|
||||
%>
|
||||
|
||||
<div data-prefix="cbid.omr-bypass.dpi" data-browser-path="" data-dynlist="[[<%=allprt%>],[<%=allprt%>],null,false]">
|
||||
<%
|
||||
local k = 1
|
||||
for _ , proto in pairs(dpi) do
|
||||
k = k+1
|
||||
%>
|
||||
<input class="cbi-input-text" id="cbid.omr-bypass.dpi.<%=k%>" name="cbid.omr-bypass.dpi" data-update="change" value="<%=proto%>" /><br />
|
||||
<%
|
||||
end
|
||||
if k == 1 then
|
||||
%>
|
||||
<input class="cbi-input-text" id="cbid.omr-bypass.dpi.<%=k%>" name="cbid.omr-bypass.dpi" data-update="change" /><br />
|
||||
<%
|
||||
end
|
||||
%>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</fieldset>
|
||||
|
||||
</div>
|
||||
<div class="cbi-page-actions">
|
||||
<input type="hidden" name="token" value="<%=token%>" />
|
||||
|
|
|
|||
|
|
@ -1 +1,3 @@
|
|||
config bypass 'ips'
|
||||
config bypass 'ips'
|
||||
|
||||
config bypass 'dpi'
|
||||
|
|
|
|||
|
|
@ -1,13 +1,25 @@
|
|||
#!/bin/sh /etc/rc.common
|
||||
# Copyright (C) 2018 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
|
||||
|
||||
START=90
|
||||
START=99
|
||||
STOP=10
|
||||
USE_PROCD=1
|
||||
|
||||
_bypass_ip() {
|
||||
local ip="$1"
|
||||
ipset add ss_rules_dst_bypass $ip
|
||||
valid_ip4=$( valid_subnet4 $ip)
|
||||
valid_ip6=$( valid_subnet6 $ip)
|
||||
if [ "$valid_ip4" = "ok" ]; then
|
||||
ipset add ss_rules_dst_bypass $ip
|
||||
elif [ "$valid_ip6" = "ok" ]; then
|
||||
ipset add ss_rules6_dst_bypass $ip
|
||||
fi
|
||||
}
|
||||
|
||||
_bypass_proto() {
|
||||
local proto="$1"
|
||||
ndpi_rules="-A omr-bypass-dpi -m ndpi --$proto -j MARK --set-mark 0x539
|
||||
$ndpi_rules"
|
||||
}
|
||||
|
||||
start_service() {
|
||||
|
|
@ -20,13 +32,28 @@ start_service() {
|
|||
config_list_foreach ips "ip" _bypass_ip
|
||||
|
||||
ip rule add prio 1 fwmark 0x539 lookup 991337 > /dev/null 2>&1
|
||||
if [ "$(iptables -t mangle -L | grep 'mark 0x539')" = "" ]; then
|
||||
|
||||
if [ "$(iptables -t mangle -L | grep 'MARK set 0x539')" = "" ]; then
|
||||
iptables-restore --noflush <<-EOF
|
||||
*mangle
|
||||
-A PREROUTING -m set --match-set ss_rules_dst_bypass dst -j MARK --set-mark 0x539
|
||||
COMMIT
|
||||
EOF
|
||||
fi
|
||||
|
||||
iptables-save --counters | grep -v omr-bypass-dpi | iptables-restore --counters
|
||||
local ndpi_rules=""
|
||||
config_list_foreach dpi "proto" _bypass_proto
|
||||
ndpi_rules=$(echo $ndpi_rules | awk 'NF')
|
||||
if [ "$ndpi_rules" != "" ]; then
|
||||
iptables-restore --noflush <<-EOF
|
||||
*mangle
|
||||
:omr-bypass-dpi -
|
||||
-A PREROUTING -m addrtype ! --dst-type LOCAL -j omr-bypass-dpi
|
||||
$ndpi_rules
|
||||
COMMIT
|
||||
EOF
|
||||
fi
|
||||
}
|
||||
|
||||
service_triggers() {
|
||||
|
|
|
|||
|
|
@ -7,5 +7,16 @@ uci -q batch <<-EOF >/dev/null
|
|||
commit ucitrack
|
||||
EOF
|
||||
|
||||
if [ "$(uci -q get omr-bypass.dpi)" = "" ]; then
|
||||
uci -q batch <<-EOF >/dev/null
|
||||
set omr-bypass.dpi=bypass
|
||||
EOF
|
||||
fi
|
||||
|
||||
if [ "$(uci -q get ucitrack.@shadowsocks-libev[-1].affects)" = "" ]; then
|
||||
uci -q batch <<-EOF >/dev/null
|
||||
set ucitrack.@shadowsocks-libev[-1].affects=omr-bypass
|
||||
EOF
|
||||
fi
|
||||
rm -f /tmp/luci-indexcache
|
||||
exit 0
|
||||
|
|
|
|||
73
ndpi-netfilter2/Makefile
Normal file
73
ndpi-netfilter2/Makefile
Normal file
|
|
@ -0,0 +1,73 @@
|
|||
#
|
||||
# Based on package from https://github.com/openwrt-develop/ndpi-netfilter/
|
||||
# Copyright (C) 2018 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
|
||||
#
|
||||
# This is free software, licensed under the GNU General Public License v2.
|
||||
# See /LICENSE for more information.
|
||||
#
|
||||
|
||||
include $(TOPDIR)/rules.mk
|
||||
include $(INCLUDE_DIR)/kernel.mk
|
||||
|
||||
PKG_NAME:=ndpi-netfilter2
|
||||
PKG_VERSION:=5bcfd49
|
||||
PKG_RELEASE:=1
|
||||
PKG_REV:=5bcfd49
|
||||
|
||||
PKG_SOURCE_PROTO:=git
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
|
||||
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
|
||||
PKG_SOURCE_URL:=https://github.com/vel21ripn/nDPI.git
|
||||
PKG_SOURCE_VERSION:=$(PKG_REV)
|
||||
|
||||
PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
define Package/iptables-mod-ndpi
|
||||
SUBMENU:=Firewall
|
||||
SECTION:=net
|
||||
CATEGORY:=Network
|
||||
TITLE:=ndpi successor of OpenDPI
|
||||
URL:=http://www.ntop.org/products/ndpi/
|
||||
DEPENDS:=+iptables +iptables-mod-conntrack-extra +kmod-ipt-ndpi
|
||||
MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>
|
||||
endef
|
||||
|
||||
define Package/iptables-mod-ndpi/description
|
||||
nDPI is a ntop-maintained superset of the popular OpenDPI library
|
||||
endef
|
||||
|
||||
CONFIGURE_CMD=./autogen.sh
|
||||
CONFIGURE_ARGS += --with-pic
|
||||
MAKE_PATH := ndpi-netfilter
|
||||
|
||||
MAKE_FLAGS += \
|
||||
KERNEL_DIR="$(LINUX_DIR)" \
|
||||
MODULES_DIR="$(TARGET_MODULES_DIR)" \
|
||||
NDPI_PATH=$(PKG_BUILD_DIR)/ndpi-netfilter
|
||||
|
||||
define Build/Compile
|
||||
(cd $(PKG_BUILD_DIR)/src/lib &&\
|
||||
gcc -I../../src/include/ -I../../src/lib/third_party/include/ ndpi_network_list_compile.c -o ndpi_network_list_compile &&\
|
||||
./ndpi_network_list_compile -o ndpi_network_list.c.inc ndpi_network_list_std.yaml ndpi_network_list_tor.yaml)
|
||||
make $(MAKE_FLAGS) -C $(PKG_BUILD_DIR)/ndpi-netfilter
|
||||
endef
|
||||
|
||||
define Package/iptables-mod-ndpi/install
|
||||
$(INSTALL_DIR) $(1)/usr/lib/iptables
|
||||
$(INSTALL_BIN) $(PKG_BUILD_DIR)/ndpi-netfilter/ipt/libxt_ndpi.so $(1)/usr/lib/iptables
|
||||
endef
|
||||
|
||||
define KernelPackage/ipt-ndpi
|
||||
SUBMENU:=Netfilter Extensions
|
||||
TITLE:= nDPI net netfilter module
|
||||
DEPENDS:=+kmod-nf-conntrack +kmod-nf-conntrack-netlink +kmod-ipt-compat-xtables
|
||||
KCONFIG:=CONFIG_NF_CONNTRACK_LABELS=y \
|
||||
CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y
|
||||
FILES:= $(PKG_BUILD_DIR)/ndpi-netfilter/src/xt_ndpi.ko
|
||||
AUTOLOAD:=$(call AutoProbe,xt_ndpi)
|
||||
endef
|
||||
|
||||
$(eval $(call BuildPackage,iptables-mod-ndpi))
|
||||
$(eval $(call KernelPackage,ipt-ndpi))
|
||||
|
|
@ -8,7 +8,7 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=openmptcprouter-full
|
||||
PKG_VERSION:=0.8
|
||||
PKG_VERSION:=0.9
|
||||
PKG_RELEASE:=1
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
|
@ -42,7 +42,7 @@ MY_DEPENDS := \
|
|||
omr-update \
|
||||
openvpn-openssl \
|
||||
kmod-rt2800-usb libimobiledevice \
|
||||
rng-tools \
|
||||
wpad \
|
||||
kmod-rtl8xxxu kmod-rtl8192cu kmod-net-rtl8192su comgt kmod-usb-serial kmod-usb-serial-option kmod-usb-serial-wwan usb-modeswitch uqmi adb-enablemodem umbim kmod-mii kmod-usb-net kmod-usb-wdm kmod-usb-net-qmi-wwan kmod-usb-net-cdc-mbim
|
||||
|
||||
OMR_SUPPORTED_LANGS := ca zh-cn en fr de el he hu it ja ms no pl pt-br pt ro ru es sv uk vi
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
|
||||
USE_PROCD=1
|
||||
EXTRA_COMMANDS="rules_up rules_down"
|
||||
START=99
|
||||
START=98
|
||||
|
||||
ss_confdir=/var/etc/shadowsocks-libev
|
||||
ss_bindir=/usr/bin
|
||||
|
|
|
|||
|
|
@ -186,6 +186,7 @@ ss_rules_iptchains_init_tcp() {
|
|||
-I OUTPUT 1 -p tcp -j ss_rules_local_out
|
||||
-A ss_rules_local_out -m set --match-set ss_rules_dst_bypass dst -j RETURN
|
||||
-A ss_rules_local_out -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
|
||||
-A ss_rules_local_out -m mark --mark 0x539 -j RETURN
|
||||
-A ss_rules_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
|
||||
COMMIT
|
||||
EOF
|
||||
|
|
@ -243,6 +244,7 @@ ss_rules_iptchains_init_() {
|
|||
-A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass_ dst -j RETURN
|
||||
-A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass dst -j MARK --set-mark 0x539
|
||||
-A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass dst -j RETURN
|
||||
-A ss_rules_pre_src -m mark --mark 0x539 -j RETURN
|
||||
-A ss_rules_dst -m set --match-set ss_rules_dst_bypass dst -j RETURN
|
||||
-A ss_rules_pre_src -p $proto $o_ipt_extra -j ss_rules_src
|
||||
-A ss_rules_src -m set --match-set ss_rules_src_bypass src -j RETURN
|
||||
|
|
|
|||
|
|
@ -170,6 +170,7 @@ ss_rules6_iptchains_init_tcp() {
|
|||
-I OUTPUT 1 -p tcp -j ss_rules6_local_out
|
||||
-A ss_rules6_local_out -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN
|
||||
-A ss_rules6_local_out -m set --match-set ss_rules6_dst_bypass dst -j RETURN
|
||||
-A ss_rules6_local_out -m mark --mark 0x539 -j RETURN
|
||||
-A ss_rules6_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default"
|
||||
COMMIT
|
||||
EOF
|
||||
|
|
@ -228,6 +229,7 @@ ss_rules6_iptchains_init_() {
|
|||
-A ss_rules6_pre_src -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN
|
||||
-A ss_rules6_dst -m set --match-set ss_rules6_dst_bypass dst -j MARK --set-mark 0x539
|
||||
-A ss_rules6_dst -m set --match-set ss_rules6_dst_bypass dst -j RETURN
|
||||
-A ss_rules6_dst -m mark --mark 0x539 -j RETURN
|
||||
-A ss_rules6_pre_src -p $proto $o_ipt_extra -j ss_rules6_src
|
||||
-A ss_rules6_src -m set --match-set ss_rules6_src_bypass src -j RETURN
|
||||
-A ss_rules6_src -m set --match-set ss_rules6_src_forward src -j ss_rules6_forward
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue