ohnoku/v2ray
1
0
Fork 0
Code Issues Releases 1 Activity

[v1.0.3] Share transparent proxy to WiFi guest and disable UDP proxy.

Browse Source
This commit is contained in:
chendefine 2019-04-07 16:57:40 +08:00
parent b867eb72aa
commit 75824f0b5a
8 changed files with 346 additions and 159 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -55,6 +55,14 @@ You can download the release installer zip file and install it via the Magisk Ma
#### Share transparent proxy to WiFi guest
- Transparent proxy is share to WiFi guest by default.
- If you don't want to share proxy to WiFi guest, delete the file `/data/v2ray/softap.list` or empty it.
- For most situation, Android WiFi hotspot interface is `softap0` . If your device is not conform to it , please write down the name of your WiFi hotspot name in `/data/v2ray/softap.list`. ( You can run command `ip addr` to search the name of WiFi hotspot interface )
### Advanced usage ( for Debug and Develop only ) ### Advanced usage ( for Debug and Develop only )
#### Enter manual mode #### Enter manual mode

10
common/service.sh
View File

@ -8,5 +8,11 @@ MODDIR=${0%/*}
# This script will be executed in late_start service mode # This script will be executed in late_start service mode
if [ ! -f /data/v2ray/manual ] ; then $MODDIR/scripts/v2ray.service start && [ -f /data/v2ray/appid.list ] && $MODDIR/scripts/v2ray.tproxy enable ; fi if [ ! -f /data/v2ray/manual ] ; then
inotifyd $MODDIR/scripts/v2ray.inotify $MODDIR & $MODDIR/scripts/v2ray.service start &> /data/v2ray/run/service.log && \
if [ -f /data/v2ray/appid.list ] || [ -f /data/v2ray/softap.list ] ; then
$MODDIR/scripts/v2ray.tproxy enable &>> /data/v2ray/run/service.log
fi
fi
inotifyd $MODDIR/scripts/v2ray.inotify $MODDIR &>> /data/v2ray/run/service.log &

2
install.sh
View File

@ -147,6 +147,8 @@ on_install() {
ui_print "- Copy V2Ray config and data files" ui_print "- Copy V2Ray config and data files"
mkdir -p /data/v2ray mkdir -p /data/v2ray
mkdir -p /data/v2ray/run mkdir -p /data/v2ray/run
[ -f /data/v2ray/softap.list ] || \
echo "softap0" > /data/v2ray/softap.list
[ -f /data/v2ray/config.json ] || \ [ -f /data/v2ray/config.json ] || \
unzip -j -o "$ZIPFILE" "v2ray/etc/config.json" -d /data/v2ray >&2 unzip -j -o "$ZIPFILE" "v2ray/etc/config.json" -d /data/v2ray >&2
[ -f /data/v2ray/resolv.conf ] || \ [ -f /data/v2ray/resolv.conf ] || \

2
module.prop
View File

@ -1,6 +1,6 @@
id=v2ray id=v2ray
name=V2ray for Android name=V2ray for Android
version=v4.18 version=v4.18
versionCode=20190330 versionCode=20190406
author=chendefine author=chendefine
description=V2ray core with service scripts for Android description=V2ray core with service scripts for Android

2
v2ray/etc/config.json
View File

@ -19,7 +19,7 @@
"port": 65535, "port": 65535,
// IP address to listen on. Change to "0.0.0.0" to listen on all network interfaces. // IP address to listen on. Change to "0.0.0.0" to listen on all network interfaces.
"listen": "127.0.0.1", "listen": "0.0.0.0",
// Tag of the inbound proxy. May be used for routing. // Tag of the inbound proxy. May be used for routing.
"tag": "proxy-inbound", "tag": "proxy-inbound",

4
v2ray/scripts/v2ray.inotify
View File

@ -11,7 +11,9 @@ monitor_file=$3
start_v2ray() { start_v2ray() {
${service} start && \ ${service} start && \
[ -f /data/v2ray/appid.list ] && ${tproxy} enable if [ -f /data/v2ray/appid.list ] || [ -f /data/v2ray/softap.list ] ; then
${tproxy} enable
fi
} }
stop_v2ray() { stop_v2ray() {

139
v2ray/scripts/v2ray.service
View File

@ -1,22 +1,61 @@
#!/system/bin/sh #!/system/bin/sh
NAME=v2ray bin_name="v2ray"
V2RAY=/system/bin/${NAME} bin_path="/system/bin/${bin_name}"
DATAPATH=/data/${NAME} data_path="/data/${bin_name}"
RUNPATH=${DATAPATH}/run run_path="${data_path}/run"
PIDFILE=${RUNPATH}/${NAME}.pid pid_file="${run_path}/${bin_name}.pid"
EXECLOG=${RUNPATH}/error.log error_log="${run_path}/error.log"
CONFFILE=${DATAPATH}/config.json conf_file="${data_path}/config.json"
bin_opts="-config ${conf_file}"
iptables_wait="iptables"
V2RAY_OPTS="-config ${CONFFILE}"
export V2RAY_LOCATION_ASSET=${DATAPATH} suit_iptables_version() {
iptables_version=`iptables -V | grep -o "v1\.[0-9]"`
if [ "${iptables_version}" = "v1.4" ] ; then
## fix options for lower version iptables
export ANDROID_DATA=/data
export ANDROID_ROOT=/system
iptables_wait="iptables -w"
elif [ "${iptables_version}" = "v1.6" ] || [ "${iptables_version}" = "v1.8" ] ; then
iptables_wait="iptables -w 100"
else
iptables_wait="echo iptables"
fi
}
probe_service() { probe_v2ray_alive() {
PID=`cat ${PIDFILE} 2>/dev/null` [ -f ${pid_file} ] && cmd_file="/proc/`cat ${pid_file}`/cmdline" || return 1
CMDFILE="/proc/${PID}/cmdline" [ -f ${cmd_file} ] && grep -q ${bin_path} ${cmd_file} && return 0 || return 1
if [ -f ${PIDFILE} ] && [ -f ${CMDFILE} ] && [ `grep -c ${NAME} ${CMDFILE}` -gt 0 ] ; then }
echo "${NAME} service is running. ( PID: ${PID} )"
display_v2ray_pid() {
if probe_v2ray_alive ; then
echo "[Info]: ${bin_name} service is running. ( PID: `cat ${pid_file}` )"
return 0
else
echo "[Info]: ${bin_name} service is stopped."
return 1
fi
}
find_netstat_path() {
[ -f /system/bin/netstat ] && alias netstat="/system/bin/netstat" && return 0
[ -f /system/xbin/netstat ] && alias netstat="/system/xbin/netstat" && return 0
return 1
}
wait_v2ray_listen() {
wait_count=0
v2ray_pid=`cat ${pid_file}`
find_netstat_path && \
check_v2ray_cmd="netstat -tnlp | grep v2ray | grep -q LISTEN" || \
check_v2ray_cmd="ls -lh /proc/${v2ray_pid}/fd | grep -q socket"
while probe_v2ray_alive && ! eval "${check_v2ray_cmd}" && [ ${wait_count} -lt 100 ] ; do
sleep 1 ; wait_count=$((${wait_count} + 1))
done
if probe_v2ray_alive && eval "${check_v2ray_cmd}" ; then
return 0 return 0
else else
return 1 return 1
@ -24,58 +63,70 @@ probe_service() {
} }
simple_clean_iptables() { simple_clean_iptables() {
echo "Clean relevant iptables simply." suit_iptables_version
iptables -w 10 -t nat -D OUTPUT -p tcp -j TCP_PRE_PROXY 2>/dev/null echo "[Info]: Clean relevant iptables simply."
iptables -w 10 -t mangle -D PREROUTING -p udp -j V2RAY 2>/dev/null ${iptables_wait} -t filter -D INPUT -j PROTECT_V2RAY 2>/dev/null
iptables -w 10 -t mangle -D OUTPUT -p udp -j UDP_PRE_PROXY 2>/dev/null ${iptables_wait} -t nat -D PREROUTING -p tcp -j GUEST_TCP_PROXY 2>/dev/null
${iptables_wait} -t nat -D OUTPUT -p tcp -j APP_TCP_PROXY 2>/dev/null
${iptables_wait} -t mangle -D OUTPUT -p udp -j APP_UDP_PROXY 2>/dev/null
${iptables_wait} -t mangle -D PREROUTING -p udp -j V2RAY 2>/dev/null
} }
do_start() { start_service() {
if ! probe_service && [ -f ${CONFFILE} ] && ${V2RAY} ${V2RAY_OPTS} -test ; then export V2RAY_LOCATION_ASSET=${data_path}
echo "Starting ${NAME} service." if probe_v2ray_alive ; then
mkdir -p ${RUNPATH} echo "[Info]: ${bin_name} service is running. ( PID: `cat ${pid_file}` )"
chown -R inet:inet ${DATAPATH} return 0
chown inet:inet ${V2RAY} elif [ -f ${conf_file} ] && ${bin_path} ${bin_opts} -test ; then
chmod 6755 ${V2RAY} echo "[Info]: Starting ${bin_name} service."
nohup ${V2RAY} ${V2RAY_OPTS} &>${EXECLOG} & mkdir -p ${run_path}
echo -n $! > ${PIDFILE} chown -R inet:inet ${data_path}
sleep 5 chown inet:inet ${bin_path}
if probe_service ; then chmod 6755 ${bin_path}
echo "Start ${NAME} service Done." nohup ${bin_path} ${bin_opts} &>${error_log} &
echo -n $! > ${pid_file}
if wait_v2ray_listen ; then
echo "[Info]: ${bin_name} service is running. ( PID: `cat ${pid_file}` )"
return 0
else else
rm -f ${PIDFILE} if probe_v2ray_alive ; then
echo "Start ${NAME} service Failed." echo "[Warning]: ${bin_name} service is running but may not listening. ( PID: `cat ${pid_file}` )"
return 1 return 0
else
echo "[Error]: Start ${bin_name} service Failed."
rm -f ${pid_file}
return 1
fi
fi fi
else else
return 2 return 2
fi fi
} }
do_stop() { stop_service() {
if probe_service ; then if display_v2ray_pid ; then
echo "Stopping ${NAME} service." echo "[Info]: Stopping ${bin_name} service."
kill ${PID} kill `cat ${pid_file}`
display_v2ray_pid
fi fi
rm -f ${PIDFILE} rm -f ${pid_file}
} }
case "$1" in case "$1" in
start) start)
do_start start_service
;; ;;
stop) stop)
simple_clean_iptables simple_clean_iptables
do_stop stop_service
;; ;;
restart) restart)
do_stop stop_service
do_start || \ start_service || \
simple_clean_iptables simple_clean_iptables
;; ;;
status) status)
probe_service || \ display_v2ray_pid
echo "${NAME} service is stopped."
;; ;;
*) *)
echo "$0: usage: $0 {start|stop|restart|status}" echo "$0: usage: $0 {start|stop|restart|status}"

338
v2ray/scripts/v2ray.tproxy
View File

@ -5,21 +5,65 @@ inet_uid="3003"
route_name="v2ray" route_name="v2ray"
proxy_port="65535" proxy_port="65535"
proxy_mark="0x20151130" proxy_mark="0x20151130"
appid_file="/data/v2ray/appid.list"
table_file="/data/misc/net/rt_tables" table_file="/data/misc/net/rt_tables"
iptables_wait="iptables -w 10" appid_file="/data/v2ray/appid.list"
softap_file="/data/v2ray/softap.list"
appid_list=`[ -f ${appid_file} ] && cat ${appid_file}` iptables_wait="iptables"
appid_list=()
softap_list=()
v2ray_share=false
proxy_for_app=false
proxy_for_guest=false
intranet=(0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16 224.0.0.0/4 240.0.0.0/4) intranet=(0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16 224.0.0.0/4 240.0.0.0/4)
suit_iptables_version() { suit_iptables_version() {
iptables_version=`iptables -V | grep -o "v1\.[0-9]"` iptables_version=`iptables -V | grep -o "v1\.[0-9]"`
## just for lower version iptables
if [ "${iptables_version}" = "v1.4" ] ; then if [ "${iptables_version}" = "v1.4" ] ; then
## fix options for lower version iptables
export ANDROID_DATA=/data export ANDROID_DATA=/data
export ANDROID_ROOT=/system export ANDROID_ROOT=/system
iptables_wait="iptables -w" iptables_wait="iptables -w"
elif [ "${iptables_version}" = "v1.6" ] || [ "${iptables_version}" = "v1.8" ] ; then
iptables_wait="iptables -w 100"
else
iptables_wait="echo iptables"
fi
}
find_ip_path() {
[ -f /system/bin/ip ] && alias ip="/system/bin/ip" && return 0
[ -f /system/xbin/ip ] && alias ip="/system/xbin/ip" && return 0
return 1
}
find_netstat_path() {
[ -f /system/bin/netstat ] && alias netstat="/system/bin/netstat" && return 0
[ -f /system/xbin/netstat ] && alias netstat="/system/xbin/netstat" && return 0
return 1
}
probe_v2ray_listen() {
find_netstat_path || return
v2ray_listen=`netstat -tnlp | grep v2ray | grep LISTEN`
if eval "echo \"${v2ray_listen}\" | grep -q :::${proxy_port}" || eval "echo \"${v2ray_listen}\" | grep -q 0.0.0.0:${proxy_port}" ; then
v2ray_share=true
return
elif eval "echo \"${v2ray_listen}\" | grep -q :${proxy_port}" ; then
return
else
echo "[Error]: V2Ray service is not listening on port ${proxy_port} ."
exit 1
fi
}
probe_v2ray_target() {
[ -f ${appid_file} ] && appid_list=(`cat ${appid_file}`) || unset appid_list
${v2ray_share} && [ -f ${softap_file} ] && softap_list=(`cat ${softap_file}`) || unset softap_list
[ ${#appid_list[@]} -gt 0 ] && proxy_for_app=true
[ ${#softap_list[@]} -gt 0 ] && proxy_for_guest=true
if ! ( ${proxy_for_app} || ${proxy_for_guest} ) ; then
echo "[Error]: V2Ray service is not proxy for APP or WiFi guest."
exit 1
fi fi
} }
@ -27,135 +71,209 @@ probe_uid_app_name() {
app_name=`grep " $1 " /data/system/packages.list | cut -d ' ' -f 1` app_name=`grep " $1 " /data/system/packages.list | cut -d ' ' -f 1`
app_name=`echo ${app_name} | sed 's/ / \& /g'` app_name=`echo ${app_name} | sed 's/ / \& /g'`
if [ "${app_name}" != "" ] ; then if [ "${app_name}" != "" ] ; then
echo "Redirect ${app_name} APP's network." echo "[Info]: Proxy ${app_name} APP's network."
else else
echo "APP with uid=$1 is not found." echo "[Warning]: APP with uid=$1 is not found."
return 1 return 1
fi fi
} }
delete_route_table() { flush_nat_iptables() {
echo "[Info]: Clean nat proxy iptables rules."
iptables_chains=`iptables-save -t nat | cut -d ' ' -f 1 | tr "\n" " "`
${iptables_wait} -t nat -D PREROUTING -p tcp -j GUEST_TCP_PROXY 2>/dev/null
${iptables_wait} -t nat -D OUTPUT -p tcp -j APP_TCP_PROXY 2>/dev/null
if eval "echo \"${iptables_chains}\" | grep -q \":GUEST_TCP_PROXY \"" ; then
${iptables_wait} -t nat -F GUEST_TCP_PROXY
${iptables_wait} -t nat -X GUEST_TCP_PROXY
fi
if eval "echo \"${iptables_chains}\" | grep -q \":APP_TCP_PROXY \"" ; then
${iptables_wait} -t nat -F APP_TCP_PROXY
${iptables_wait} -t nat -X APP_TCP_PROXY
fi
if eval "echo \"${iptables_chains}\" | grep -q \":V2RAY \"" ; then
${iptables_wait} -t nat -F V2RAY
${iptables_wait} -t nat -X V2RAY
fi
unset iptables_chains
}
flush_mangle_iptables() {
echo "[Info]: Clean mangle proxy iptables rules."
iptables_chains=`iptables-save -t mangle | cut -d ' ' -f 1 | tr "\n" " "`
${iptables_wait} -t mangle -D PREROUTING -p udp -j V2RAY 2>/dev/null
${iptables_wait} -t mangle -D OUTPUT -p udp -j APP_UDP_PROXY 2>/dev/null
if eval "echo \"${iptables_chains}\" | grep -q \":APP_UDP_PROXY \"" ; then
${iptables_wait} -t mangle -F APP_UDP_PROXY
${iptables_wait} -t mangle -X APP_UDP_PROXY
fi
if eval "echo \"${iptables_chains}\" | grep -q \":V2RAY \"" ; then
${iptables_wait} -t mangle -F V2RAY
${iptables_wait} -t mangle -X V2RAY
fi
unset iptables_chains
}
flush_filter_iptables() {
iptables_chains=`iptables-save -t filter | cut -d ' ' -f 1 | tr "\n" " "`
if eval "echo \"${iptables_chains}\" | grep -q \":PROTECT_V2RAY \"" ; then
echo "[Info]: Clean filter proxy iptables rules."
${iptables_wait} -t filter -D INPUT -j PROTECT_V2RAY
${iptables_wait} -t filter -F PROTECT_V2RAY
${iptables_wait} -t filter -X PROTECT_V2RAY
fi
unset iptables_chains
}
proxy_app_tcp_iptables() {
## create iptables proxy chains for app tcp
${iptables_wait} -t nat -N APP_TCP_PROXY
## bypass v2ray program
${iptables_wait} -t nat -A APP_TCP_PROXY -m owner --uid-owner ${inet_uid} -j RETURN
##
if [ "${appid_list[*]}" = "0" ] ; then
## proxy all apps network
echo "[Info]: Proxy all APP's TCP network."
${iptables_wait} -t nat -A APP_TCP_PROXY -m owner ! --uid-owner ${inet_uid} -j V2RAY
else
## proxy assign app
for appid in ${appid_list[@]}; do
probe_uid_app_name ${appid} && \
${iptables_wait} -t nat -A APP_TCP_PROXY -m owner --uid-owner ${appid} -j V2RAY
done
fi
## apply proxy rules to iptables
${iptables_wait} -t nat -A OUTPUT -p tcp -j APP_TCP_PROXY
}
proxy_app_udp_iptables() {
## create iptables proxy chains for app udp
## and test iptables support TPROXY or not
${iptables_wait} -t mangle -N V2RAY
${iptables_wait} -t mangle -A V2RAY -p udp -m mark --mark ${proxy_mark} -j TPROXY --on-ip 127.0.0.1 --on-port ${proxy_port}
if [ "$?" != "0" ] ; then
## iptables not support TPROXY
${iptables_wait} -t mangle -X V2RAY
echo "[Warning]: iptables in this device is not support TPROXY, Abort proxy UDP network."
else
## iptables support TPROXY
${iptables_wait} -t mangle -N APP_UDP_PROXY
## set proxy chains bypass intranet
for subnet in ${intranet[@]}; do
${iptables_wait} -t mangle -A APP_UDP_PROXY -d ${subnet} -j RETURN
done
${iptables_wait} -t mangle -A APP_UDP_PROXY -m owner --uid-owner ${inet_uid} -j RETURN
if [ "${appid_list[*]}" = "0" ] ; then
## proxy all apps network
echo "[Info]: Proxy all APP's UDP network."
${iptables_wait} -t mangle -A APP_UDP_PROXY -m owner ! --uid-owner ${inet_uid} -j MARK --set-mark ${proxy_mark}
else
## proxy assign app
for appid in ${appid_list[@]}; do
probe_uid_app_name ${appid} && \
${iptables_wait} -t mangle -A APP_UDP_PROXY -m owner --uid-owner ${appid} -j MARK --set-mark ${proxy_mark}
done
fi
${iptables_wait} -t mangle -A PREROUTING -p udp -j V2RAY
${iptables_wait} -t mangle -A OUTPUT -p udp -j APP_UDP_PROXY
fi
}
proxy_guest_tcp_iptables() {
## create iptables proxy chains for wifi guest (only tcp)
${iptables_wait} -t nat -N GUEST_TCP_PROXY
## proxy assign softap
for softap in ${softap_list[@]}; do
echo "[Info]: Proxy ${softap} WiFi guest's TCP network."
${iptables_wait} -t nat -A GUEST_TCP_PROXY -i ${softap} -j V2RAY
done
${iptables_wait} -t nat -A PREROUTING -p tcp -j GUEST_TCP_PROXY
}
create_proxy_iptables() {
echo "[Info]: Create proxy iptables chains."
## create basic iptables proxy chains
${iptables_wait} -t nat -N V2RAY
## set proxy chains bypass intranet
for subnet in ${intranet[@]}; do
${iptables_wait} -t nat -A V2RAY -d ${subnet} -j RETURN
done
## redirect to v2ray service port
${iptables_wait} -t nat -A V2RAY -p tcp -j REDIRECT --to-ports ${proxy_port}
## proxy app network
if ${proxy_for_app} ; then
proxy_app_tcp_iptables
fi
## proxy wifi guest network
if ${proxy_for_guest} ; then
proxy_guest_tcp_iptables
fi
}
filter_proxy_iptables() {
if ${v2ray_share} ; then
echo "[Info]: Block illegal visit."
## create iptables firewall chains
${iptables_wait} -t filter -N PROTECT_V2RAY
## permit localhost
${iptables_wait} -t filter -A PROTECT_V2RAY -i lo -j RETURN
## permit assign softap
for softap in ${softap_list[@]}; do
${iptables_wait} -t filter -A PROTECT_V2RAY -i ${softap} -j RETURN
done
## deny all other visit
${iptables_wait} -t filter -A PROTECT_V2RAY -p tcp --dport ${proxy_port} -j DROP
${iptables_wait} -t filter -A PROTECT_V2RAY -p udp --dport ${proxy_port} -j DROP
## apply to iptables
${iptables_wait} -t filter -A INPUT -j PROTECT_V2RAY
fi
}
delete_proxy_route() {
if eval "ip rule | grep -q \"from all fwmark ${proxy_mark} lookup\"" ; then if eval "ip rule | grep -q \"from all fwmark ${proxy_mark} lookup\"" ; then
echo "Clean UDP redirection route table." echo "[Info]: Clean proxy route table."
ip rule del fwmark ${proxy_mark} lookup ${route_id} eval "ip rule del fwmark ${proxy_mark} lookup ${route_id}"
ip route flush table ${route_id} eval "ip route flush table ${route_id}"
fi fi
sed -i "/${route_id} ${route_name}/d" ${table_file} sed -i "/${route_id} ${route_name}/d" ${table_file}
} }
create_route_table() { create_proxy_route() {
echo "Create UDP redirection route table." echo "[Info]: Create proxy route table."
echo "${route_id} ${route_name}" >> ${table_file} echo "${route_id} ${route_name}" >> ${table_file}
ip route add local default dev lo table ${route_id} eval "ip route add local default dev lo table ${route_id}"
ip rule add fwmark ${proxy_mark} lookup ${route_id} eval "ip rule add fwmark ${proxy_mark} lookup ${route_id}"
} }
flush_tcp_iptables() { disable_proxy() {
echo "Clean TCP redirection iptables rules." # delete_proxy_route
${iptables_wait} -t nat -D OUTPUT -p tcp -j TCP_PRE_PROXY 2>/dev/null flush_nat_iptables
if eval "iptables-save -t nat | grep -q ':TCP_PRE_PROXY '" ; then # flush_mangle_iptables
${iptables_wait} -t nat -F TCP_PRE_PROXY flush_filter_iptables
${iptables_wait} -t nat -X TCP_PRE_PROXY
fi
if eval "iptables-save -t nat | grep -q ':V2RAY '" ; then
${iptables_wait} -t nat -F V2RAY
${iptables_wait} -t nat -X V2RAY
fi
} }
flush_udp_iptables() { enable_proxy() {
echo "Clean UDP redirection iptables rules." probe_v2ray_listen
${iptables_wait} -t mangle -D PREROUTING -p udp -j V2RAY 2>/dev/null probe_v2ray_target
${iptables_wait} -t mangle -D OUTPUT -p udp -j UDP_PRE_PROXY 2>/dev/null create_proxy_iptables
if eval "iptables-save -t mangle | grep -q ':UDP_PRE_PROXY '" ; then filter_proxy_iptables
${iptables_wait} -t mangle -F UDP_PRE_PROXY # create_proxy_route
${iptables_wait} -t mangle -X UDP_PRE_PROXY
fi
if eval "iptables-save -t mangle | grep -q ':V2RAY '" ; then
${iptables_wait} -t mangle -F V2RAY
${iptables_wait} -t mangle -X V2RAY
fi
}
init_tcp_iptables() {
echo "Create TCP redirection iptables rules."
## create NAT iptables for TCP redirect
${iptables_wait} -t nat -N V2RAY
${iptables_wait} -t nat -N TCP_PRE_PROXY
## bypass intranet
for subnet in ${intranet[@]}; do
${iptables_wait} -t nat -A V2RAY -d ${subnet} -j RETURN
done
## bypass v2ray program
${iptables_wait} -t nat -A TCP_PRE_PROXY -m owner --uid-owner ${inet_uid} -j RETURN
## apply to NAT iptables OUTPUT
${iptables_wait} -t nat -A V2RAY -p tcp -j REDIRECT --to-ports ${proxy_port}
}
init_udp_iptables() {
echo "Create UDP redirection iptables rules."
## create Mangle iptables for UDP redirect
${iptables_wait} -t mangle -N V2RAY
${iptables_wait} -t mangle -N UDP_PRE_PROXY
## bypass intranet
for subnet in ${intranet[@]}; do
${iptables_wait} -t mangle -A UDP_PRE_PROXY -d ${subnet} -j RETURN
done
## bypass v2ray program
${iptables_wait} -t mangle -A UDP_PRE_PROXY -m owner --uid-owner ${inet_uid} -j RETURN
## apply to Mangle iptables OUTPUT & PREROUTING
${iptables_wait} -t mangle -A V2RAY -p udp -m mark --mark ${proxy_mark} -j TPROXY --on-ip 127.0.0.1 --on-port ${proxy_port}
}
redirect_iptables() {
if [ "${appid_list}" = "0" ] ; then
## redirect global network
echo "Redirect TCP & UDP with Global mode."
${iptables_wait} -t nat -A TCP_PRE_PROXY -m owner ! --uid-owner ${inet_uid} -j V2RAY
${iptables_wait} -t mangle -A UDP_PRE_PROXY -m owner ! --uid-owner ${inet_uid} -j MARK --set-mark ${proxy_mark}
else
## effect assign app
for appid in ${appid_list}; do
probe_uid_app_name ${appid} && \
${iptables_wait} -t nat -A TCP_PRE_PROXY -m owner --uid-owner ${appid} -j V2RAY && \
${iptables_wait} -t mangle -A UDP_PRE_PROXY -m owner --uid-owner ${appid} -j MARK --set-mark ${proxy_mark}
done
fi
}
apply_iptables_rules() {
${iptables_wait} -t nat -A OUTPUT -p tcp -j TCP_PRE_PROXY
${iptables_wait} -t mangle -A OUTPUT -p udp -j UDP_PRE_PROXY
${iptables_wait} -t mangle -A PREROUTING -p udp -j V2RAY
}
disable_redirect() {
delete_route_table
flush_tcp_iptables
flush_udp_iptables
}
enable_redirect() {
create_route_table
init_tcp_iptables
init_udp_iptables
redirect_iptables
apply_iptables_rules
} }
# find_ip_path
suit_iptables_version suit_iptables_version
case "$1" in case "$1" in
enable) enable)
disable_redirect disable_proxy
enable_redirect enable_proxy
;; ;;
disable) disable)
disable_redirect disable_proxy
;; ;;
renew) renew)
disable_redirect disable_proxy
enable_redirect enable_proxy
;; ;;
*) *)
echo "$0: usage: $0 {enable|disable|renew}" echo "$0: usage: $0 {enable|disable|renew}"