1 #!/bin/sh /etc/rc.common
8 TID
="200"; FW_MARK
="0x010000"; IPSET
="vpnbypass";
11 [ -n "$2" ] && [ ! $
(($verbosity & $2)) -gt 0 ] && return 0;
12 [ -t 1 ] && echo -e -n "$1"
13 [ $
(echo -e -n "$1" |
wc -l) -gt 0 ] && logger
-t "${PKG_NAME:-service} [$$]" "$(echo -e -n ${logmsg}${1//$p_name /service })" && logmsg='' || logmsg=${logmsg}${1//p_name /service }
18 config_get_bool enabled 'config' 'enabled' 0
19 config_get verbosity 'config' 'verbosity' '2'
20 [ -n "$PKG_NAME" -a -n "$PKG_VERSION" ] && p_name="$PKG_NAME $PKG_VERSION" || p_name='vpnbypass'
21 [ "$enabled" -ne "0" ] && return 0
22 output "$p_name is not enabled
in the config
file!\n"
23 output "To
enable, run
'uci set vpnbypass.config.enabled=1; uci commit vpnbypass'\n"
27 boot() { ubus -t 30 wait_for network.interface.wan && { rc_procd start_service; rc_procd service_triggers; } || output "ERROR
: $p_name failed to settle network interface
!\n"; }
32 vpnbypass_enabled || return 1
33 config_get lports 'config' 'localport'
34 config_get rports 'config' 'remoteport'
35 config_get routes 'config' 'remotesubnet'
36 config_get ranges 'config' 'localsubnet'
37 config_get domains 'config' 'domain'
40 procd_set_param stdout 1
41 procd_set_param stderr 1
44 source /lib/functions/network.sh
45 while : ; do network_get_ipaddr wanip wan; network_get_gateway gwip wan; [ $c -ge 15 ] && break || let "c
+=1"; [ -n "$wanip" -a -n "$gwip" ] && break || output "$p_name waiting
for wan gateway...
\n"; sleep 2; network_flush_cache; done
46 [ -z "$wanip" -o -z "$gwip" ] && output "ERROR
: $p_name could not get wan interface IP
: $wanip or gateway
: $gwip!\n" && exit 0
48 for ll in ${routes}; do { [ "$ll" = "${ll#*\/*}" ] && ll="${ll}/32"; ip route del $ll; ip route add $ll via $gwip; } >/dev/null 2>&1; done
49 { ip rule del fwmark $FW_MARK table $TID; iptables -t mangle -F; ipset -F $IPSET; ipset -X $IPSET; } >/dev/null 2>&1
50 { ip route flush table $TID; ip route flush cache; } >/dev/null 2>&1
51 { ip route add default via $gwip table $TID; ip route flush cache; } >/dev/null 2>&1
52 { modprobe xt_set || modprobe ip_set; insmod ip_set_hash_ip; } >/dev/null 2>&1
53 { ipset -N $IPSET iphash -q; ipset -F $IPSET; } >/dev/null 2>&1
54 for ll in ${lports}; do iptables -t mangle -A PREROUTING -p tcp -m multiport --sport $ll -j MARK --set-mark $FW_MARK/$FW_MARK -m comment --comment "vpnbypass
"; done
55 for ll in ${rports}; do iptables -t mangle -A PREROUTING -p tcp -m multiport --dport $ll -j MARK --set-mark $FW_MARK/$FW_MARK -m comment --comment "vpnbypass
"; done
56 for ll in ${ranges}; do [ "$ll" = "${ll#*\/*}" ] && ll="${ll}/32"; iptables
-t mangle
-I PREROUTING
-s $ll -j MARK
--set-mark $FW_MARK/$FW_MARK -m comment
--comment "vpnbypass"; done
57 iptables
-t mangle
-A PREROUTING
-m set --match-set $IPSET dst
-j MARK
--set-mark $FW_MARK/$FW_MARK -m comment
--comment "vpnbypass"
58 ip rule add fwmark
$FW_MARK table
$TID
59 output
"$p_name started with TID: $TID; FW_MARK: $FW_MARK\n"
64 vpnbypass_enabled ||
return 1
65 config_get routes
'config' 'remotesubnet'
67 for ll
in ${routes}; do [ "$ll" = "${ll#*\/*}" ] && ll="${ll}/32"; ip route del $ll >/dev/null 2>&1; done
68 # iptables-save | grep -Fv -- "vpnbypass
" | iptables-restore
69 { ip rule del fwmark $FW_MARK table $TID; iptables -t mangle -F; ipset -F $IPSET; ipset -X $IPSET; } >/dev/null 2>&1
70 { ip route flush table $TID; ip route flush cache; } >/dev/null 2>&1
71 output "$p_name stopped
\n"
74 reload_service(){ start_service; }
77 procd_add_reload_trigger 'vpnbypass'
79 procd_add_config_trigger "config.change
" "vpnbypass
" /etc/init.d/vpnbypass reload
80 procd_add_interface_trigger "interface.
*" "wan
" /etc/init.d/vpnbypass reload