Home Explore Help
Register Sign In
OpenWrt
/
helloworld
mirror of https://github.com/fw876/helloworld.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: e13872f607
Branches Tags
helloworld
/
shadowsocks-libev
/
files
/
ss-rules
/
chain.uc

chain.uc 3.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122 
  1. {%
    2. 

  2. function get_local_verdict() {
    3. 

  3. 	let v = o_local_default;
    4. 

  4. 	if (v == "checkdst") {
    5. 

  5. 		return "goto ss_rules_dst_" + proto;
    6. 

  6. 	} else if (v == "forward") {
    7. 

  7. 		return "goto ss_rules_forward_" + proto;
    8. 

  8. 	} else {
    9. 

  9. 		return null;
    10. 

  10. 	}
    11. 

  11. }
    12. 

  12. 

  13. function get_src_default_verdict() {
    14. 

  14. 	let v = o_src_default;
    15. 

  15. 	if (v == "checkdst") {
    16. 

  16. 		return "goto ss_rules_dst_" + proto;
    17. 

  17. 	} else if (v == "forward") {
    18. 

  18. 		return "goto ss_rules_forward_" + proto;
    19. 

  19. 	} else {
    20. 

  20. 		return "accept";
    21. 

  21. 	}
    22. 

  22. }
    23. 

  23. 

  24. function get_dst_default_verdict() {
    25. 

  25. 	let v = o_dst_default;
    26. 

  26. 	if (v == "forward") {
    27. 

  27. 		return "goto ss_rules_forward_" + proto;
    28. 

  28. 	} else {
    29. 

  29. 		return "accept";
    30. 

  30. 	}
    31. 

  31. }
    32. 

  32. 

  33. function get_ifnames() {
    34. 

  34. 	let res = [];
    35. 

  35. 	for (let ifname in split(o_ifnames, /[ \t\n]/)) {
    36. 

  36. 		ifname = trim(ifname);
    37. 

  37. 		if (ifname) push(res, ifname);
    38. 

  38. 	}
    39. 

  39. 	return res;
    40. 

  40. }
    41. 

  41. 

  42. let type, hook, priority, redir_port;
    43. 

  43. if (proto == "tcp") {
    44. 

  44. 	type = "nat";
    45. 

  45. 	hook = "prerouting";
    46. 

  46. 	priority = -1;
    47. 

  47. 	redir_port = o_redir_tcp_port;
    48. 

  48. } else if (proto == "udp") {
    49. 

  49. 	type = "filter";
    50. 

  50. 	hook = "prerouting";
    51. 

  51. 	priority = "mangle";
    52. 

  52. 	redir_port = o_redir_udp_port;
    53. 

  53. 	if (system("
    54. 

  54. 		set -o errexit
    55. 

  55. 		iprr() {
    56. 

  56. 			while ip $1 rule del fwmark 1 lookup 100 2>/dev/null; do true; done
    57. 

  57. 			      ip $1 rule add fwmark 1 lookup 100
    58. 

  58. 			ip $1 route flush table 100 2>/dev/null || true
    59. 

  59. 			ip $1 route add local default dev lo table 100
    60. 

  60. 		}
    61. 

  61. 		iprr -4
    62. 

  62. 		iprr -6
    63. 

  63. 	") != 0) {
    64. 

  64. 		return ;
    65. 

  65. 	}
    66. 

  66. } else {
    67. 

  67. 	return;
    68. 

  68. }
    69. 

  69. 

  70. %}
    71. 

  71. {% if (redir_port): %}
    72. 

  72. 

  73. chain ss_rules_pre_{{ proto }} {
    74. 

  74. 	type {{ type }} hook {{ hook }} priority {{ priority }};
    75. 

  75. 	meta l4proto {{ proto }}{%- let ifnames=get_ifnames(); if (length(ifnames)): %} iifname { {{join(", ", ifnames)}} }{% endif %} goto ss_rules_pre_src_{{ proto }};
    76. 

  76. }
    77. 

  77. 

  78. chain ss_rules_pre_src_{{ proto }} {
    79. 

  79. 	ip daddr @ss_rules_dst_bypass_ accept;
    80. 

  80. 	ip6 daddr @ss_rules6_dst_bypass_ accept;
    81. 

  81. 	goto ss_rules_src_{{ proto }};
    82. 

  82. }
    83. 

  83. 

  84. chain ss_rules_src_{{ proto }} {
    85. 

  85. 	ip saddr @ss_rules_src_bypass accept;
    86. 

  86. 	ip saddr @ss_rules_src_forward goto ss_rules_forward_{{ proto }};
    87. 

  87. 	ip saddr @ss_rules_src_checkdst goto ss_rules_dst_{{ proto }};
    88. 

  88. 	ip6 saddr @ss_rules6_src_bypass accept;
    89. 

  89. 	ip6 saddr @ss_rules6_src_forward goto ss_rules_forward_{{ proto }};
    90. 

  90. 	ip6 saddr @ss_rules6_src_checkdst goto ss_rules_dst_{{ proto }};
    91. 

  91. 	{{ get_src_default_verdict() }};
    92. 

  92. }
    93. 

  93. 

  94. chain ss_rules_dst_{{ proto }} {
    95. 

  95. 	ip daddr @ss_rules_dst_bypass accept;
    96. 

  96. 	ip daddr @ss_rules_dst_forward goto ss_rules_forward_{{ proto }};
    97. 

  97. 	ip6 daddr @ss_rules6_dst_bypass accept;
    98. 

  98. 	ip6 daddr @ss_rules6_dst_forward goto ss_rules_forward_{{ proto }};
    99. 

  99. 	{{ get_dst_default_verdict() }};
    100. 

  100. }
    101. 

  101. 

  102. {%   if (proto == "tcp"): %}
    103. 

  103. chain ss_rules_forward_{{ proto }} {
    104. 

  104. 	meta l4proto tcp {{ o_nft_tcp_extra }} redirect to :{{ redir_port }};
    105. 

  105. }
    106. 

  106. {%   let local_verdict = get_local_verdict(); if (local_verdict): %}
    107. 

  107. chain ss_rules_local_out {
    108. 

  108. 	type {{ type }} hook output priority -1;
    109. 

  109. 	meta l4proto != tcp accept;
    110. 

  110. 	ip daddr @ss_rules_dst_bypass_ accept;
    111. 

  111. 	ip daddr @ss_rules_dst_bypass accept;
    112. 

  112. 	ip6 daddr @ss_rules6_dst_bypass_ accept;
    113. 

  113. 	ip6 daddr @ss_rules6_dst_bypass accept;
    114. 

  114. 	{{ local_verdict }};
    115. 

  115. }
    116. 

  116. {%     endif %}
    117. 

  117. {%   elif (proto == "udp"): %}
    118. 

  118. chain ss_rules_forward_{{ proto }} {
    119. 

  119. 	meta l4proto udp {{ o_nft_udp_extra }} meta mark set 1 tproxy to :{{ redir_port }};
    120. 

  120. }
    121. 

  121. {%   endif %}
    122. 

  122. {% endif %}
    123.