Mirror/podkop
1
0
Fork 0
mirror of https://github.com/itdoginfo/podkop.git synced 2025-12-06 11:36:50 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix tproxy for second

Browse Source
This commit is contained in:
itdoginfo
2024-10-28 20:56:56 +03:00
parent 5fca5840dd
commit 00305a0762
2 changed files with 22 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@@ -75,7 +75,8 @@ opkg update && opkg install sing-box
- [x] Зависимость от dnsmasq-full - [x] Зависимость от dnsmasq-full
Приоритет 1 Приоритет 1
- [ ] В nft разделить правило tproxy на маркировку и tproxy - [x] В nft разделить правило tproxy на маркировку и tproxy
- [ ] Restart ucitrack в отдельный скрипт postinst, не отрабатывает
- [ ] Весь трафик для устойства пускать в туннель\прокси - [ ] Весь трафик для устойства пускать в туннель\прокси
- [ ] Исключение для IP, не ходить в туннель\прокси совсем 0x0 - [ ] Исключение для IP, не ходить в туннель\прокси совсем 0x0
- [ ] Врубать галочкой yacd в sing-box - [ ] Врубать галочкой yacd в sing-box

35
podkop/files/etc/init.d/podkop
View File

@@ -46,6 +46,10 @@ start() {
exit 1 exit 1
fi fi
add_route_tproxy podkop2 add_route_tproxy podkop2
sing_box_config_check
sing_box_uci
/etc/init.d/sing-box restart
/etc/init.d/sing-box enable
fi fi
if [ "$second_enable" -eq "1" ] && [ "$mode" = "vpn" ]; then if [ "$second_enable" -eq "1" ] && [ "$mode" = "vpn" ]; then
@@ -338,36 +342,37 @@ add_set() {
nft add table inet PodkopTable nft add table inet PodkopTable
log "Create set $set_name" log "Create set $set_name"
nft add chain inet PodkopTable mangle_podkop { type filter hook prerouting priority mangle \; policy accept \;} nft add chain inet PodkopTable mangle { type filter hook prerouting priority mangle \; policy accept \;}
nft add set inet PodkopTable "$set_name" { type ipv4_addr\; flags interval\; auto-merge\; } nft add set inet PodkopTable "$set_name" { type ipv4_addr\; flags interval\; auto-merge\; }
config_get mode "$connect" "mode" config_get mode "$connect" "mode"
case "$mode" in case "$mode" in
"vpn") "vpn")
# if nft list table inet PodkopTable | grep -q "chain prerouting"; then if ! nft list chain inet PodkopTable mangle | grep -q "ip daddr @"$set_name" meta mark set"; then
# nft delete chain inet PodkopTable prerouting
# fi
if ! nft list chain inet PodkopTable mangle_podkop | grep -q "ip daddr @"$set_name" meta mark set"; then
if [ "$connect" = "main" ]; then if [ "$connect" = "main" ]; then
nft add rule inet PodkopTable mangle_podkop ip daddr @"$set_name" meta mark set 0x105 counter nft add rule inet PodkopTable mangle ip daddr @"$set_name" meta mark set 0x105 counter
elif [ "$connect" = "second" ]; then elif [ "$connect" = "second" ]; then
nft add rule inet PodkopTable mangle_podkop ip daddr @"$set_name" meta mark set 0x106 counter nft add rule inet PodkopTable mangle ip daddr @"$set_name" meta mark set 0x106 counter
fi fi
fi fi
;; ;;
"proxy") "proxy")
nft add chain inet PodkopTable prerouting { type filter hook prerouting priority mangle \; } #nft add chain inet PodkopTable mangle { type filter hook prerouting priority mangle \; }
#nft add chain inet PodkopTable proxy { type filter hook prerouting priority mangle \; }
if nft list table inet PodkopTable | grep -q "ip daddr @"$set_name" meta l4proto"; then if nft list table inet PodkopTable | grep -q "ip daddr @"$set_name" meta l4proto"; then
log "Nft rule tproxy exists" log "Nft rule tproxy exists"
else else
log "Added nft rule tproxy" log "Added nft rule tproxy"
if [ "$connect" = "main" ]; then if [ "$connect" = "main" ]; then
nft add rule inet PodkopTable prerouting iifname "br-lan" ip daddr @"$set_name" meta l4proto tcp meta mark set 0x105 tproxy ip to :1602 counter nft add rule inet PodkopTable mangle ip daddr @"$set_name" meta l4proto tcp meta mark set 0x105 counter
nft add rule inet PodkopTable prerouting iifname "br-lan" ip daddr @"$set_name" meta l4proto udp meta mark set 0x105 tproxy ip to :1602 counter nft add rule inet PodkopTable mangle ip daddr @"$set_name" meta l4proto udp meta mark set 0x105 counter
nft add rule inet PodkopTable mangle iifname "br-lan" meta mark 0x105 meta l4proto tcp tproxy ip to :1602 counter
nft add rule inet PodkopTable mangle iifname "br-lan" meta mark 0x105 meta l4proto udp tproxy ip to :1602 counter
elif [ "$connect" = "second" ]; then elif [ "$connect" = "second" ]; then
nft add rule inet PodkopTable prerouting iifname "br-lan" ip daddr @"$set_name" meta l4proto tcp meta mark set 0x106 tproxy ip to :1603 counter nft add rule inet PodkopTable mangle ip daddr @"$set_name" meta l4proto tcp meta mark set 0x106 counter
nft add rule inet PodkopTable prerouting iifname "br-lan" ip daddr @"$set_name" meta l4proto udp meta mark set 0x106 tproxy ip to :1603 counter nft add rule inet PodkopTable mangle ip daddr @"$set_name" meta l4proto udp meta mark set 0x106 counter
nft add rule inet PodkopTable mangle iifname "br-lan" meta mark 0x106 meta l4proto tcp tproxy ip to :1603 counter
nft add rule inet PodkopTable mangle iifname "br-lan" meta mark 0x106 meta l4proto udp tproxy ip to :1603 counter
fi fi
fi fi
;; ;;
@@ -573,8 +578,8 @@ list_custom_subnets_create() {
list_all_traffic_from_ip() { list_all_traffic_from_ip() {
local ip="$1" local ip="$1"
if ! nft list chain inet PodkopTable mangle_podkop | grep -q "ip saddr $ip"; then if ! nft list chain inet PodkopTable mangle | grep -q "ip saddr $ip"; then
nft add rule inet PodkopTable mangle_podkop ip saddr $ip meta mark set 0x105 nft add rule inet PodkopTable mangle ip saddr $ip meta mark set 0x105
fi fi
} }