diff --git a/luci-app-omr-bypass/Makefile b/luci-app-omr-bypass/Makefile index 60e9d6f7b..e02498895 100644 --- a/luci-app-omr-bypass/Makefile +++ b/luci-app-omr-bypass/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk LUCI_TITLE:=LuCI Interface to bypass domains -LUCI_DEPENDS:=+dnsmasq-full +shadowsocks-libev-ss-rules +LUCI_DEPENDS:=+dnsmasq-full +shadowsocks-libev-ss-rules +iptables-mod-ndpi +iptables-mod-extra PKG_LICENSE:=GPLv3 diff --git a/luci-app-omr-bypass/luasrc/controller/omr-bypass.lua b/luci-app-omr-bypass/luasrc/controller/omr-bypass.lua index 7bb049a4a..95272f27c 100644 --- a/luci-app-omr-bypass/luasrc/controller/omr-bypass.lua +++ b/luci-app-omr-bypass/luasrc/controller/omr-bypass.lua @@ -24,18 +24,21 @@ function bypass_add() end end end - ucic:delete("omr-bypass","ips","ip") - if table.getn(ip_ipset) > 0 then - for _, i in pairs(ip_ipset) do - ucic:set_list("omr-bypass","ips","ip",ip_ipset) - end + ucic:set_list("omr-bypass","ips","ip",ip_ipset) + + local dpi = luci.http.formvalue("cbid.omr-bypass.dpi") + if (type(dpi) ~= "table") then + dpi = {dpi} end + ucic:set_list("omr-bypass","dpi","proto",dpi) + ucic:save("omr-bypass") ucic:commit("omr-bypass") ucic:set_list("dhcp",ucic:get_first("dhcp","dnsmasq"),"ipset",domains_ipset .. "/ss_rules_dst_bypass") ucic:save("dhcp") ucic:commit("dhcp") --luci.sys.exec("/etc/init.d/dnsmasq restart") + luci.sys.exec("/etc/init.d/omr-bypass restart") luci.http.redirect(luci.dispatcher.build_url("admin/services/omr-bypass")) return end \ No newline at end of file diff --git a/luci-app-omr-bypass/luasrc/view/omr-bypass/bypass.htm b/luci-app-omr-bypass/luasrc/view/omr-bypass/bypass.htm index ab8442f04..756720fa1 100644 --- a/luci-app-omr-bypass/luasrc/view/omr-bypass/bypass.htm +++ b/luci-app-omr-bypass/luasrc/view/omr-bypass/bypass.htm @@ -1,11 +1,14 @@ <%+header%> - + <% local uci = require("luci.model.uci").cursor() local hosts = uci:get_list("dhcp", uci:get_first("dhcp","dnsmasq"), "ipset") local ips = uci:get_list("omr-bypass", "ips", "ip") + local dpi = uci:get_list("omr-bypass", "dpi", "proto") + local tmpfile = os.tmpname() + local dpi_available_proto = luci.util.execi("cat /proc/net/xt_ndpi/proto | awk '{print $3}' | sort -u | head -n -1") %> <% if stderr and #stderr > 0 then %>
<%=pcdata(stderr)%>
<% end %> @@ -25,7 +28,12 @@ for hst in string.gmatch(host,"([^/]*)/") do if hst ~= "" then %> -
+ +
+
+ help + <%:You need to use OpenMPTCProuter as DNS server when you want to bypass a domain%> +
<% end end @@ -38,7 +46,12 @@ end if j == 1 then %> -
+ +
+
+ help + <%:You need to use OpenMPTCProuter as DNS server when you want to bypass a domain%> +
<% end %> @@ -46,6 +59,38 @@ +
+
<%:Set protocols you want to bypass.%>
+
+ +
+ <% + local allprt="""" + for prt in dpi_available_proto do + allprt=allprt .. ","" .. prt .. """ + end + %> + +
+<% + local k = 1 + for _ , proto in pairs(dpi) do + k = k+1 +%> +
+<% + end + if k == 1 then +%> +
+<% + end +%> +
+
+
+
+
diff --git a/luci-app-omr-bypass/root/etc/config/omr-bypass b/luci-app-omr-bypass/root/etc/config/omr-bypass index dd5fe7665..867b37e8b 100644 --- a/luci-app-omr-bypass/root/etc/config/omr-bypass +++ b/luci-app-omr-bypass/root/etc/config/omr-bypass @@ -1 +1,3 @@ -config bypass 'ips' \ No newline at end of file +config bypass 'ips' + +config bypass 'dpi' diff --git a/luci-app-omr-bypass/root/etc/init.d/omr-bypass b/luci-app-omr-bypass/root/etc/init.d/omr-bypass index afa4c6b98..2fccdb113 100755 --- a/luci-app-omr-bypass/root/etc/init.d/omr-bypass +++ b/luci-app-omr-bypass/root/etc/init.d/omr-bypass @@ -1,13 +1,25 @@ #!/bin/sh /etc/rc.common # Copyright (C) 2018 Ycarus (Yannick Chabanois) -START=90 +START=99 STOP=10 USE_PROCD=1 _bypass_ip() { local ip="$1" - ipset add ss_rules_dst_bypass $ip + valid_ip4=$( valid_subnet4 $ip) + valid_ip6=$( valid_subnet6 $ip) + if [ "$valid_ip4" = "ok" ]; then + ipset add ss_rules_dst_bypass $ip + elif [ "$valid_ip6" = "ok" ]; then + ipset add ss_rules6_dst_bypass $ip + fi +} + +_bypass_proto() { + local proto="$1" + ndpi_rules="-A omr-bypass-dpi -m ndpi --$proto -j MARK --set-mark 0x539 + $ndpi_rules" } start_service() { @@ -20,13 +32,28 @@ start_service() { config_list_foreach ips "ip" _bypass_ip ip rule add prio 1 fwmark 0x539 lookup 991337 > /dev/null 2>&1 - if [ "$(iptables -t mangle -L | grep 'mark 0x539')" = "" ]; then + + if [ "$(iptables -t mangle -L | grep 'MARK set 0x539')" = "" ]; then iptables-restore --noflush <<-EOF *mangle -A PREROUTING -m set --match-set ss_rules_dst_bypass dst -j MARK --set-mark 0x539 COMMIT EOF fi + + iptables-save --counters | grep -v omr-bypass-dpi | iptables-restore --counters + local ndpi_rules="" + config_list_foreach dpi "proto" _bypass_proto + ndpi_rules=$(echo $ndpi_rules | awk 'NF') + if [ "$ndpi_rules" != "" ]; then + iptables-restore --noflush <<-EOF + *mangle + :omr-bypass-dpi - + -A PREROUTING -m addrtype ! --dst-type LOCAL -j omr-bypass-dpi + $ndpi_rules + COMMIT + EOF + fi } service_triggers() { diff --git a/luci-app-omr-bypass/root/etc/uci-defaults/41_omr-bypass b/luci-app-omr-bypass/root/etc/uci-defaults/41_omr-bypass index bd9381dc5..cf69f5e6e 100644 --- a/luci-app-omr-bypass/root/etc/uci-defaults/41_omr-bypass +++ b/luci-app-omr-bypass/root/etc/uci-defaults/41_omr-bypass @@ -7,5 +7,16 @@ uci -q batch <<-EOF >/dev/null commit ucitrack EOF +if [ "$(uci -q get omr-bypass.dpi)" = "" ]; then + uci -q batch <<-EOF >/dev/null + set omr-bypass.dpi=bypass + EOF +fi + +if [ "$(uci -q get ucitrack.@shadowsocks-libev[-1].affects)" = "" ]; then + uci -q batch <<-EOF >/dev/null + set ucitrack.@shadowsocks-libev[-1].affects=omr-bypass + EOF +fi rm -f /tmp/luci-indexcache exit 0 diff --git a/ndpi-netfilter2/Makefile b/ndpi-netfilter2/Makefile new file mode 100644 index 000000000..1fc8cf7c0 --- /dev/null +++ b/ndpi-netfilter2/Makefile @@ -0,0 +1,73 @@ +# +# Based on package from https://github.com/openwrt-develop/ndpi-netfilter/ +# Copyright (C) 2018 Ycarus (Yannick Chabanois) +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk +include $(INCLUDE_DIR)/kernel.mk + +PKG_NAME:=ndpi-netfilter2 +PKG_VERSION:=5bcfd49 +PKG_RELEASE:=1 +PKG_REV:=5bcfd49 + +PKG_SOURCE_PROTO:=git +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 +PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) +PKG_SOURCE_URL:=https://github.com/vel21ripn/nDPI.git +PKG_SOURCE_VERSION:=$(PKG_REV) + +PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) + +include $(INCLUDE_DIR)/package.mk + +define Package/iptables-mod-ndpi + SUBMENU:=Firewall + SECTION:=net + CATEGORY:=Network + TITLE:=ndpi successor of OpenDPI + URL:=http://www.ntop.org/products/ndpi/ + DEPENDS:=+iptables +iptables-mod-conntrack-extra +kmod-ipt-ndpi + MAINTAINER:=Thomas Heil +endef + +define Package/iptables-mod-ndpi/description + nDPI is a ntop-maintained superset of the popular OpenDPI library +endef + +CONFIGURE_CMD=./autogen.sh +CONFIGURE_ARGS += --with-pic +MAKE_PATH := ndpi-netfilter + +MAKE_FLAGS += \ + KERNEL_DIR="$(LINUX_DIR)" \ + MODULES_DIR="$(TARGET_MODULES_DIR)" \ + NDPI_PATH=$(PKG_BUILD_DIR)/ndpi-netfilter + +define Build/Compile + (cd $(PKG_BUILD_DIR)/src/lib &&\ + gcc -I../../src/include/ -I../../src/lib/third_party/include/ ndpi_network_list_compile.c -o ndpi_network_list_compile &&\ + ./ndpi_network_list_compile -o ndpi_network_list.c.inc ndpi_network_list_std.yaml ndpi_network_list_tor.yaml) + make $(MAKE_FLAGS) -C $(PKG_BUILD_DIR)/ndpi-netfilter +endef + +define Package/iptables-mod-ndpi/install + $(INSTALL_DIR) $(1)/usr/lib/iptables + $(INSTALL_BIN) $(PKG_BUILD_DIR)/ndpi-netfilter/ipt/libxt_ndpi.so $(1)/usr/lib/iptables +endef + +define KernelPackage/ipt-ndpi + SUBMENU:=Netfilter Extensions + TITLE:= nDPI net netfilter module + DEPENDS:=+kmod-nf-conntrack +kmod-nf-conntrack-netlink +kmod-ipt-compat-xtables + KCONFIG:=CONFIG_NF_CONNTRACK_LABELS=y \ + CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y + FILES:= $(PKG_BUILD_DIR)/ndpi-netfilter/src/xt_ndpi.ko + AUTOLOAD:=$(call AutoProbe,xt_ndpi) +endef + +$(eval $(call BuildPackage,iptables-mod-ndpi)) +$(eval $(call KernelPackage,ipt-ndpi)) diff --git a/openmptcprouter-full/Makefile b/openmptcprouter-full/Makefile index 845af485c..26ccb7885 100644 --- a/openmptcprouter-full/Makefile +++ b/openmptcprouter-full/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openmptcprouter-full -PKG_VERSION:=0.8 +PKG_VERSION:=0.9 PKG_RELEASE:=1 include $(INCLUDE_DIR)/package.mk @@ -42,7 +42,7 @@ MY_DEPENDS := \ omr-update \ openvpn-openssl \ kmod-rt2800-usb libimobiledevice \ - rng-tools \ + wpad \ kmod-rtl8xxxu kmod-rtl8192cu kmod-net-rtl8192su comgt kmod-usb-serial kmod-usb-serial-option kmod-usb-serial-wwan usb-modeswitch uqmi adb-enablemodem umbim kmod-mii kmod-usb-net kmod-usb-wdm kmod-usb-net-qmi-wwan kmod-usb-net-cdc-mbim OMR_SUPPORTED_LANGS := ca zh-cn en fr de el he hu it ja ms no pl pt-br pt ro ru es sv uk vi diff --git a/shadowsocks-libev/files/shadowsocks-libev.init b/shadowsocks-libev/files/shadowsocks-libev.init index e03cb4cdf..12faf4a0e 100644 --- a/shadowsocks-libev/files/shadowsocks-libev.init +++ b/shadowsocks-libev/files/shadowsocks-libev.init @@ -9,7 +9,7 @@ USE_PROCD=1 EXTRA_COMMANDS="rules_up rules_down" -START=99 +START=98 ss_confdir=/var/etc/shadowsocks-libev ss_bindir=/usr/bin diff --git a/shadowsocks-libev/files/ss-rules b/shadowsocks-libev/files/ss-rules index 3608f2b26..31d1d6db8 100755 --- a/shadowsocks-libev/files/ss-rules +++ b/shadowsocks-libev/files/ss-rules @@ -186,6 +186,7 @@ ss_rules_iptchains_init_tcp() { -I OUTPUT 1 -p tcp -j ss_rules_local_out -A ss_rules_local_out -m set --match-set ss_rules_dst_bypass dst -j RETURN -A ss_rules_local_out -m set --match-set ss_rules_dst_bypass_ dst -j RETURN + -A ss_rules_local_out -m mark --mark 0x539 -j RETURN -A ss_rules_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default" COMMIT EOF @@ -243,6 +244,7 @@ ss_rules_iptchains_init_() { -A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass_ dst -j RETURN -A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass dst -j MARK --set-mark 0x539 -A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass dst -j RETURN + -A ss_rules_pre_src -m mark --mark 0x539 -j RETURN -A ss_rules_dst -m set --match-set ss_rules_dst_bypass dst -j RETURN -A ss_rules_pre_src -p $proto $o_ipt_extra -j ss_rules_src -A ss_rules_src -m set --match-set ss_rules_src_bypass src -j RETURN diff --git a/shadowsocks-libev/files/ss-rules6 b/shadowsocks-libev/files/ss-rules6 index c408276e2..33914950a 100755 --- a/shadowsocks-libev/files/ss-rules6 +++ b/shadowsocks-libev/files/ss-rules6 @@ -170,6 +170,7 @@ ss_rules6_iptchains_init_tcp() { -I OUTPUT 1 -p tcp -j ss_rules6_local_out -A ss_rules6_local_out -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN -A ss_rules6_local_out -m set --match-set ss_rules6_dst_bypass dst -j RETURN + -A ss_rules6_local_out -m mark --mark 0x539 -j RETURN -A ss_rules6_local_out -p tcp $o_ipt_extra -j $local_target -m comment --comment "local_default: $o_local_default" COMMIT EOF @@ -228,6 +229,7 @@ ss_rules6_iptchains_init_() { -A ss_rules6_pre_src -m set --match-set ss_rules6_dst_bypass_ dst -j RETURN -A ss_rules6_dst -m set --match-set ss_rules6_dst_bypass dst -j MARK --set-mark 0x539 -A ss_rules6_dst -m set --match-set ss_rules6_dst_bypass dst -j RETURN + -A ss_rules6_dst -m mark --mark 0x539 -j RETURN -A ss_rules6_pre_src -p $proto $o_ipt_extra -j ss_rules6_src -A ss_rules6_src -m set --match-set ss_rules6_src_bypass src -j RETURN -A ss_rules6_src -m set --match-set ss_rules6_src_forward src -j ss_rules6_forward