diff --git a/README.md b/README.md index 641d86e..28a2695 100644 --- a/README.md +++ b/README.md @@ -55,6 +55,14 @@ You can download the release installer zip file and install it via the Magisk Ma +#### Share transparent proxy to WiFi guest + +- Transparent proxy is share to WiFi guest by default. +- If you don't want to share proxy to WiFi guest, delete the file `/data/v2ray/softap.list` or empty it. +- For most situation, Android WiFi hotspot interface is `softap0` . If your device is not conform to it , please write down the name of your WiFi hotspot name in `/data/v2ray/softap.list`. ( You can run command `ip addr` to search the name of WiFi hotspot interface ) + + + ### Advanced usage ( for Debug and Develop only ) #### Enter manual mode diff --git a/common/service.sh b/common/service.sh index 89e93f1..3084414 100644 --- a/common/service.sh +++ b/common/service.sh @@ -8,5 +8,11 @@ MODDIR=${0%/*} # This script will be executed in late_start service mode -if [ ! -f /data/v2ray/manual ] ; then $MODDIR/scripts/v2ray.service start && [ -f /data/v2ray/appid.list ] && $MODDIR/scripts/v2ray.tproxy enable ; fi -inotifyd $MODDIR/scripts/v2ray.inotify $MODDIR & +if [ ! -f /data/v2ray/manual ] ; then + $MODDIR/scripts/v2ray.service start &> /data/v2ray/run/service.log && \ + if [ -f /data/v2ray/appid.list ] || [ -f /data/v2ray/softap.list ] ; then + $MODDIR/scripts/v2ray.tproxy enable &>> /data/v2ray/run/service.log + fi +fi + +inotifyd $MODDIR/scripts/v2ray.inotify $MODDIR &>> /data/v2ray/run/service.log & diff --git a/install.sh b/install.sh index 058ee7c..ccb49e9 100644 --- a/install.sh +++ b/install.sh @@ -147,6 +147,8 @@ on_install() { ui_print "- Copy V2Ray config and data files" mkdir -p /data/v2ray mkdir -p /data/v2ray/run + [ -f /data/v2ray/softap.list ] || \ + echo "softap0" > /data/v2ray/softap.list [ -f /data/v2ray/config.json ] || \ unzip -j -o "$ZIPFILE" "v2ray/etc/config.json" -d /data/v2ray >&2 [ -f /data/v2ray/resolv.conf ] || \ diff --git a/module.prop b/module.prop index db69813..bdab9f3 100644 --- a/module.prop +++ b/module.prop @@ -1,6 +1,6 @@ id=v2ray name=V2ray for Android version=v4.18 -versionCode=20190330 +versionCode=20190406 author=chendefine description=V2ray core with service scripts for Android diff --git a/v2ray/etc/config.json b/v2ray/etc/config.json index 9ffc5c5..fd4936a 100644 --- a/v2ray/etc/config.json +++ b/v2ray/etc/config.json @@ -19,7 +19,7 @@ "port": 65535, // IP address to listen on. Change to "0.0.0.0" to listen on all network interfaces. - "listen": "127.0.0.1", + "listen": "0.0.0.0", // Tag of the inbound proxy. May be used for routing. "tag": "proxy-inbound", diff --git a/v2ray/scripts/v2ray.inotify b/v2ray/scripts/v2ray.inotify index cb82d11..6cc99a2 100644 --- a/v2ray/scripts/v2ray.inotify +++ b/v2ray/scripts/v2ray.inotify @@ -11,7 +11,9 @@ monitor_file=$3 start_v2ray() { ${service} start && \ - [ -f /data/v2ray/appid.list ] && ${tproxy} enable + if [ -f /data/v2ray/appid.list ] || [ -f /data/v2ray/softap.list ] ; then + ${tproxy} enable + fi } stop_v2ray() { diff --git a/v2ray/scripts/v2ray.service b/v2ray/scripts/v2ray.service index 5ffb412..47c3186 100644 --- a/v2ray/scripts/v2ray.service +++ b/v2ray/scripts/v2ray.service @@ -1,22 +1,61 @@ #!/system/bin/sh -NAME=v2ray -V2RAY=/system/bin/${NAME} -DATAPATH=/data/${NAME} -RUNPATH=${DATAPATH}/run -PIDFILE=${RUNPATH}/${NAME}.pid -EXECLOG=${RUNPATH}/error.log -CONFFILE=${DATAPATH}/config.json +bin_name="v2ray" +bin_path="/system/bin/${bin_name}" +data_path="/data/${bin_name}" +run_path="${data_path}/run" +pid_file="${run_path}/${bin_name}.pid" +error_log="${run_path}/error.log" +conf_file="${data_path}/config.json" +bin_opts="-config ${conf_file}" +iptables_wait="iptables" -V2RAY_OPTS="-config ${CONFFILE}" -export V2RAY_LOCATION_ASSET=${DATAPATH} +suit_iptables_version() { + iptables_version=`iptables -V | grep -o "v1\.[0-9]"` + if [ "${iptables_version}" = "v1.4" ] ; then + ## fix options for lower version iptables + export ANDROID_DATA=/data + export ANDROID_ROOT=/system + iptables_wait="iptables -w" + elif [ "${iptables_version}" = "v1.6" ] || [ "${iptables_version}" = "v1.8" ] ; then + iptables_wait="iptables -w 100" + else + iptables_wait="echo iptables" + fi +} -probe_service() { - PID=`cat ${PIDFILE} 2>/dev/null` - CMDFILE="/proc/${PID}/cmdline" - if [ -f ${PIDFILE} ] && [ -f ${CMDFILE} ] && [ `grep -c ${NAME} ${CMDFILE}` -gt 0 ] ; then - echo "${NAME} service is running. ( PID: ${PID} )" +probe_v2ray_alive() { + [ -f ${pid_file} ] && cmd_file="/proc/`cat ${pid_file}`/cmdline" || return 1 + [ -f ${cmd_file} ] && grep -q ${bin_path} ${cmd_file} && return 0 || return 1 +} + +display_v2ray_pid() { + if probe_v2ray_alive ; then + echo "[Info]: ${bin_name} service is running. ( PID: `cat ${pid_file}` )" + return 0 + else + echo "[Info]: ${bin_name} service is stopped." + return 1 + fi +} + +find_netstat_path() { + [ -f /system/bin/netstat ] && alias netstat="/system/bin/netstat" && return 0 + [ -f /system/xbin/netstat ] && alias netstat="/system/xbin/netstat" && return 0 + return 1 +} + +wait_v2ray_listen() { + wait_count=0 + v2ray_pid=`cat ${pid_file}` + find_netstat_path && \ + check_v2ray_cmd="netstat -tnlp | grep v2ray | grep -q LISTEN" || \ + check_v2ray_cmd="ls -lh /proc/${v2ray_pid}/fd | grep -q socket" + while probe_v2ray_alive && ! eval "${check_v2ray_cmd}" && [ ${wait_count} -lt 100 ] ; do + sleep 1 ; wait_count=$((${wait_count} + 1)) + done + if probe_v2ray_alive && eval "${check_v2ray_cmd}" ; then return 0 else return 1 @@ -24,58 +63,70 @@ probe_service() { } simple_clean_iptables() { - echo "Clean relevant iptables simply." - iptables -w 10 -t nat -D OUTPUT -p tcp -j TCP_PRE_PROXY 2>/dev/null - iptables -w 10 -t mangle -D PREROUTING -p udp -j V2RAY 2>/dev/null - iptables -w 10 -t mangle -D OUTPUT -p udp -j UDP_PRE_PROXY 2>/dev/null + suit_iptables_version + echo "[Info]: Clean relevant iptables simply." + ${iptables_wait} -t filter -D INPUT -j PROTECT_V2RAY 2>/dev/null + ${iptables_wait} -t nat -D PREROUTING -p tcp -j GUEST_TCP_PROXY 2>/dev/null + ${iptables_wait} -t nat -D OUTPUT -p tcp -j APP_TCP_PROXY 2>/dev/null + ${iptables_wait} -t mangle -D OUTPUT -p udp -j APP_UDP_PROXY 2>/dev/null + ${iptables_wait} -t mangle -D PREROUTING -p udp -j V2RAY 2>/dev/null } -do_start() { - if ! probe_service && [ -f ${CONFFILE} ] && ${V2RAY} ${V2RAY_OPTS} -test ; then - echo "Starting ${NAME} service." - mkdir -p ${RUNPATH} - chown -R inet:inet ${DATAPATH} - chown inet:inet ${V2RAY} - chmod 6755 ${V2RAY} - nohup ${V2RAY} ${V2RAY_OPTS} &>${EXECLOG} & - echo -n $! > ${PIDFILE} - sleep 5 - if probe_service ; then - echo "Start ${NAME} service Done." +start_service() { + export V2RAY_LOCATION_ASSET=${data_path} + if probe_v2ray_alive ; then + echo "[Info]: ${bin_name} service is running. ( PID: `cat ${pid_file}` )" + return 0 + elif [ -f ${conf_file} ] && ${bin_path} ${bin_opts} -test ; then + echo "[Info]: Starting ${bin_name} service." + mkdir -p ${run_path} + chown -R inet:inet ${data_path} + chown inet:inet ${bin_path} + chmod 6755 ${bin_path} + nohup ${bin_path} ${bin_opts} &>${error_log} & + echo -n $! > ${pid_file} + if wait_v2ray_listen ; then + echo "[Info]: ${bin_name} service is running. ( PID: `cat ${pid_file}` )" + return 0 else - rm -f ${PIDFILE} - echo "Start ${NAME} service Failed." - return 1 + if probe_v2ray_alive ; then + echo "[Warning]: ${bin_name} service is running but may not listening. ( PID: `cat ${pid_file}` )" + return 0 + else + echo "[Error]: Start ${bin_name} service Failed." + rm -f ${pid_file} + return 1 + fi fi else return 2 fi } -do_stop() { - if probe_service ; then - echo "Stopping ${NAME} service." - kill ${PID} +stop_service() { + if display_v2ray_pid ; then + echo "[Info]: Stopping ${bin_name} service." + kill `cat ${pid_file}` + display_v2ray_pid fi - rm -f ${PIDFILE} + rm -f ${pid_file} } case "$1" in start) - do_start + start_service ;; stop) simple_clean_iptables - do_stop + stop_service ;; restart) - do_stop - do_start || \ + stop_service + start_service || \ simple_clean_iptables ;; status) - probe_service || \ - echo "${NAME} service is stopped." + display_v2ray_pid ;; *) echo "$0: usage: $0 {start|stop|restart|status}" diff --git a/v2ray/scripts/v2ray.tproxy b/v2ray/scripts/v2ray.tproxy index 85842ba..491632a 100644 --- a/v2ray/scripts/v2ray.tproxy +++ b/v2ray/scripts/v2ray.tproxy @@ -5,21 +5,65 @@ inet_uid="3003" route_name="v2ray" proxy_port="65535" proxy_mark="0x20151130" -appid_file="/data/v2ray/appid.list" table_file="/data/misc/net/rt_tables" -iptables_wait="iptables -w 10" - -appid_list=`[ -f ${appid_file} ] && cat ${appid_file}` - +appid_file="/data/v2ray/appid.list" +softap_file="/data/v2ray/softap.list" +iptables_wait="iptables" +appid_list=() +softap_list=() +v2ray_share=false +proxy_for_app=false +proxy_for_guest=false intranet=(0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16 224.0.0.0/4 240.0.0.0/4) suit_iptables_version() { iptables_version=`iptables -V | grep -o "v1\.[0-9]"` - ## just for lower version iptables if [ "${iptables_version}" = "v1.4" ] ; then + ## fix options for lower version iptables export ANDROID_DATA=/data export ANDROID_ROOT=/system iptables_wait="iptables -w" + elif [ "${iptables_version}" = "v1.6" ] || [ "${iptables_version}" = "v1.8" ] ; then + iptables_wait="iptables -w 100" + else + iptables_wait="echo iptables" + fi +} + +find_ip_path() { + [ -f /system/bin/ip ] && alias ip="/system/bin/ip" && return 0 + [ -f /system/xbin/ip ] && alias ip="/system/xbin/ip" && return 0 + return 1 +} + +find_netstat_path() { + [ -f /system/bin/netstat ] && alias netstat="/system/bin/netstat" && return 0 + [ -f /system/xbin/netstat ] && alias netstat="/system/xbin/netstat" && return 0 + return 1 +} + +probe_v2ray_listen() { + find_netstat_path || return + v2ray_listen=`netstat -tnlp | grep v2ray | grep LISTEN` + if eval "echo \"${v2ray_listen}\" | grep -q :::${proxy_port}" || eval "echo \"${v2ray_listen}\" | grep -q 0.0.0.0:${proxy_port}" ; then + v2ray_share=true + return + elif eval "echo \"${v2ray_listen}\" | grep -q :${proxy_port}" ; then + return + else + echo "[Error]: V2Ray service is not listening on port ${proxy_port} ." + exit 1 + fi +} + +probe_v2ray_target() { + [ -f ${appid_file} ] && appid_list=(`cat ${appid_file}`) || unset appid_list + ${v2ray_share} && [ -f ${softap_file} ] && softap_list=(`cat ${softap_file}`) || unset softap_list + [ ${#appid_list[@]} -gt 0 ] && proxy_for_app=true + [ ${#softap_list[@]} -gt 0 ] && proxy_for_guest=true + if ! ( ${proxy_for_app} || ${proxy_for_guest} ) ; then + echo "[Error]: V2Ray service is not proxy for APP or WiFi guest." + exit 1 fi } @@ -27,135 +71,209 @@ probe_uid_app_name() { app_name=`grep " $1 " /data/system/packages.list | cut -d ' ' -f 1` app_name=`echo ${app_name} | sed 's/ / \& /g'` if [ "${app_name}" != "" ] ; then - echo "Redirect ${app_name} APP's network." + echo "[Info]: Proxy ${app_name} APP's network." else - echo "APP with uid=$1 is not found." + echo "[Warning]: APP with uid=$1 is not found." return 1 fi } -delete_route_table() { +flush_nat_iptables() { + echo "[Info]: Clean nat proxy iptables rules." + iptables_chains=`iptables-save -t nat | cut -d ' ' -f 1 | tr "\n" " "` + ${iptables_wait} -t nat -D PREROUTING -p tcp -j GUEST_TCP_PROXY 2>/dev/null + ${iptables_wait} -t nat -D OUTPUT -p tcp -j APP_TCP_PROXY 2>/dev/null + if eval "echo \"${iptables_chains}\" | grep -q \":GUEST_TCP_PROXY \"" ; then + ${iptables_wait} -t nat -F GUEST_TCP_PROXY + ${iptables_wait} -t nat -X GUEST_TCP_PROXY + fi + if eval "echo \"${iptables_chains}\" | grep -q \":APP_TCP_PROXY \"" ; then + ${iptables_wait} -t nat -F APP_TCP_PROXY + ${iptables_wait} -t nat -X APP_TCP_PROXY + fi + if eval "echo \"${iptables_chains}\" | grep -q \":V2RAY \"" ; then + ${iptables_wait} -t nat -F V2RAY + ${iptables_wait} -t nat -X V2RAY + fi + unset iptables_chains +} + +flush_mangle_iptables() { + echo "[Info]: Clean mangle proxy iptables rules." + iptables_chains=`iptables-save -t mangle | cut -d ' ' -f 1 | tr "\n" " "` + ${iptables_wait} -t mangle -D PREROUTING -p udp -j V2RAY 2>/dev/null + ${iptables_wait} -t mangle -D OUTPUT -p udp -j APP_UDP_PROXY 2>/dev/null + if eval "echo \"${iptables_chains}\" | grep -q \":APP_UDP_PROXY \"" ; then + ${iptables_wait} -t mangle -F APP_UDP_PROXY + ${iptables_wait} -t mangle -X APP_UDP_PROXY + fi + if eval "echo \"${iptables_chains}\" | grep -q \":V2RAY \"" ; then + ${iptables_wait} -t mangle -F V2RAY + ${iptables_wait} -t mangle -X V2RAY + fi + unset iptables_chains +} + +flush_filter_iptables() { + iptables_chains=`iptables-save -t filter | cut -d ' ' -f 1 | tr "\n" " "` + if eval "echo \"${iptables_chains}\" | grep -q \":PROTECT_V2RAY \"" ; then + echo "[Info]: Clean filter proxy iptables rules." + ${iptables_wait} -t filter -D INPUT -j PROTECT_V2RAY + ${iptables_wait} -t filter -F PROTECT_V2RAY + ${iptables_wait} -t filter -X PROTECT_V2RAY + fi + unset iptables_chains +} + +proxy_app_tcp_iptables() { + ## create iptables proxy chains for app tcp + ${iptables_wait} -t nat -N APP_TCP_PROXY + ## bypass v2ray program + ${iptables_wait} -t nat -A APP_TCP_PROXY -m owner --uid-owner ${inet_uid} -j RETURN + ## + if [ "${appid_list[*]}" = "0" ] ; then + ## proxy all apps network + echo "[Info]: Proxy all APP's TCP network." + ${iptables_wait} -t nat -A APP_TCP_PROXY -m owner ! --uid-owner ${inet_uid} -j V2RAY + else + ## proxy assign app + for appid in ${appid_list[@]}; do + probe_uid_app_name ${appid} && \ + ${iptables_wait} -t nat -A APP_TCP_PROXY -m owner --uid-owner ${appid} -j V2RAY + done + fi + ## apply proxy rules to iptables + ${iptables_wait} -t nat -A OUTPUT -p tcp -j APP_TCP_PROXY +} + +proxy_app_udp_iptables() { + ## create iptables proxy chains for app udp + ## and test iptables support TPROXY or not + ${iptables_wait} -t mangle -N V2RAY + ${iptables_wait} -t mangle -A V2RAY -p udp -m mark --mark ${proxy_mark} -j TPROXY --on-ip 127.0.0.1 --on-port ${proxy_port} + if [ "$?" != "0" ] ; then + ## iptables not support TPROXY + ${iptables_wait} -t mangle -X V2RAY + echo "[Warning]: iptables in this device is not support TPROXY, Abort proxy UDP network." + else + ## iptables support TPROXY + ${iptables_wait} -t mangle -N APP_UDP_PROXY + ## set proxy chains bypass intranet + for subnet in ${intranet[@]}; do + ${iptables_wait} -t mangle -A APP_UDP_PROXY -d ${subnet} -j RETURN + done + ${iptables_wait} -t mangle -A APP_UDP_PROXY -m owner --uid-owner ${inet_uid} -j RETURN + if [ "${appid_list[*]}" = "0" ] ; then + ## proxy all apps network + echo "[Info]: Proxy all APP's UDP network." + ${iptables_wait} -t mangle -A APP_UDP_PROXY -m owner ! --uid-owner ${inet_uid} -j MARK --set-mark ${proxy_mark} + else + ## proxy assign app + for appid in ${appid_list[@]}; do + probe_uid_app_name ${appid} && \ + ${iptables_wait} -t mangle -A APP_UDP_PROXY -m owner --uid-owner ${appid} -j MARK --set-mark ${proxy_mark} + done + fi + ${iptables_wait} -t mangle -A PREROUTING -p udp -j V2RAY + ${iptables_wait} -t mangle -A OUTPUT -p udp -j APP_UDP_PROXY + fi +} + +proxy_guest_tcp_iptables() { + ## create iptables proxy chains for wifi guest (only tcp) + ${iptables_wait} -t nat -N GUEST_TCP_PROXY + ## proxy assign softap + for softap in ${softap_list[@]}; do + echo "[Info]: Proxy ${softap} WiFi guest's TCP network." + ${iptables_wait} -t nat -A GUEST_TCP_PROXY -i ${softap} -j V2RAY + done + ${iptables_wait} -t nat -A PREROUTING -p tcp -j GUEST_TCP_PROXY +} + +create_proxy_iptables() { + echo "[Info]: Create proxy iptables chains." + ## create basic iptables proxy chains + ${iptables_wait} -t nat -N V2RAY + ## set proxy chains bypass intranet + for subnet in ${intranet[@]}; do + ${iptables_wait} -t nat -A V2RAY -d ${subnet} -j RETURN + done + ## redirect to v2ray service port + ${iptables_wait} -t nat -A V2RAY -p tcp -j REDIRECT --to-ports ${proxy_port} + ## proxy app network + if ${proxy_for_app} ; then + proxy_app_tcp_iptables + fi + ## proxy wifi guest network + if ${proxy_for_guest} ; then + proxy_guest_tcp_iptables + fi +} + +filter_proxy_iptables() { + if ${v2ray_share} ; then + echo "[Info]: Block illegal visit." + ## create iptables firewall chains + ${iptables_wait} -t filter -N PROTECT_V2RAY + ## permit localhost + ${iptables_wait} -t filter -A PROTECT_V2RAY -i lo -j RETURN + ## permit assign softap + for softap in ${softap_list[@]}; do + ${iptables_wait} -t filter -A PROTECT_V2RAY -i ${softap} -j RETURN + done + ## deny all other visit + ${iptables_wait} -t filter -A PROTECT_V2RAY -p tcp --dport ${proxy_port} -j DROP + ${iptables_wait} -t filter -A PROTECT_V2RAY -p udp --dport ${proxy_port} -j DROP + ## apply to iptables + ${iptables_wait} -t filter -A INPUT -j PROTECT_V2RAY + fi +} + +delete_proxy_route() { if eval "ip rule | grep -q \"from all fwmark ${proxy_mark} lookup\"" ; then - echo "Clean UDP redirection route table." - ip rule del fwmark ${proxy_mark} lookup ${route_id} - ip route flush table ${route_id} + echo "[Info]: Clean proxy route table." + eval "ip rule del fwmark ${proxy_mark} lookup ${route_id}" + eval "ip route flush table ${route_id}" fi sed -i "/${route_id} ${route_name}/d" ${table_file} } -create_route_table() { - echo "Create UDP redirection route table." +create_proxy_route() { + echo "[Info]: Create proxy route table." echo "${route_id} ${route_name}" >> ${table_file} - ip route add local default dev lo table ${route_id} - ip rule add fwmark ${proxy_mark} lookup ${route_id} + eval "ip route add local default dev lo table ${route_id}" + eval "ip rule add fwmark ${proxy_mark} lookup ${route_id}" } -flush_tcp_iptables() { - echo "Clean TCP redirection iptables rules." - ${iptables_wait} -t nat -D OUTPUT -p tcp -j TCP_PRE_PROXY 2>/dev/null - if eval "iptables-save -t nat | grep -q ':TCP_PRE_PROXY '" ; then - ${iptables_wait} -t nat -F TCP_PRE_PROXY - ${iptables_wait} -t nat -X TCP_PRE_PROXY - fi - if eval "iptables-save -t nat | grep -q ':V2RAY '" ; then - ${iptables_wait} -t nat -F V2RAY - ${iptables_wait} -t nat -X V2RAY - fi +disable_proxy() { + # delete_proxy_route + flush_nat_iptables + # flush_mangle_iptables + flush_filter_iptables } -flush_udp_iptables() { - echo "Clean UDP redirection iptables rules." - ${iptables_wait} -t mangle -D PREROUTING -p udp -j V2RAY 2>/dev/null - ${iptables_wait} -t mangle -D OUTPUT -p udp -j UDP_PRE_PROXY 2>/dev/null - if eval "iptables-save -t mangle | grep -q ':UDP_PRE_PROXY '" ; then - ${iptables_wait} -t mangle -F UDP_PRE_PROXY - ${iptables_wait} -t mangle -X UDP_PRE_PROXY - fi - if eval "iptables-save -t mangle | grep -q ':V2RAY '" ; then - ${iptables_wait} -t mangle -F V2RAY - ${iptables_wait} -t mangle -X V2RAY - fi -} - -init_tcp_iptables() { - echo "Create TCP redirection iptables rules." - ## create NAT iptables for TCP redirect - ${iptables_wait} -t nat -N V2RAY - ${iptables_wait} -t nat -N TCP_PRE_PROXY - ## bypass intranet - for subnet in ${intranet[@]}; do - ${iptables_wait} -t nat -A V2RAY -d ${subnet} -j RETURN - done - ## bypass v2ray program - ${iptables_wait} -t nat -A TCP_PRE_PROXY -m owner --uid-owner ${inet_uid} -j RETURN - ## apply to NAT iptables OUTPUT - ${iptables_wait} -t nat -A V2RAY -p tcp -j REDIRECT --to-ports ${proxy_port} -} - -init_udp_iptables() { - echo "Create UDP redirection iptables rules." - ## create Mangle iptables for UDP redirect - ${iptables_wait} -t mangle -N V2RAY - ${iptables_wait} -t mangle -N UDP_PRE_PROXY - ## bypass intranet - for subnet in ${intranet[@]}; do - ${iptables_wait} -t mangle -A UDP_PRE_PROXY -d ${subnet} -j RETURN - done - ## bypass v2ray program - ${iptables_wait} -t mangle -A UDP_PRE_PROXY -m owner --uid-owner ${inet_uid} -j RETURN - ## apply to Mangle iptables OUTPUT & PREROUTING - ${iptables_wait} -t mangle -A V2RAY -p udp -m mark --mark ${proxy_mark} -j TPROXY --on-ip 127.0.0.1 --on-port ${proxy_port} -} - -redirect_iptables() { - if [ "${appid_list}" = "0" ] ; then - ## redirect global network - echo "Redirect TCP & UDP with Global mode." - ${iptables_wait} -t nat -A TCP_PRE_PROXY -m owner ! --uid-owner ${inet_uid} -j V2RAY - ${iptables_wait} -t mangle -A UDP_PRE_PROXY -m owner ! --uid-owner ${inet_uid} -j MARK --set-mark ${proxy_mark} - else - ## effect assign app - for appid in ${appid_list}; do - probe_uid_app_name ${appid} && \ - ${iptables_wait} -t nat -A TCP_PRE_PROXY -m owner --uid-owner ${appid} -j V2RAY && \ - ${iptables_wait} -t mangle -A UDP_PRE_PROXY -m owner --uid-owner ${appid} -j MARK --set-mark ${proxy_mark} - done - fi -} - -apply_iptables_rules() { - ${iptables_wait} -t nat -A OUTPUT -p tcp -j TCP_PRE_PROXY - ${iptables_wait} -t mangle -A OUTPUT -p udp -j UDP_PRE_PROXY - ${iptables_wait} -t mangle -A PREROUTING -p udp -j V2RAY -} - -disable_redirect() { - delete_route_table - flush_tcp_iptables - flush_udp_iptables -} - -enable_redirect() { - create_route_table - init_tcp_iptables - init_udp_iptables - redirect_iptables - apply_iptables_rules +enable_proxy() { + probe_v2ray_listen + probe_v2ray_target + create_proxy_iptables + filter_proxy_iptables + # create_proxy_route } +# find_ip_path suit_iptables_version case "$1" in enable) - disable_redirect - enable_redirect + disable_proxy + enable_proxy ;; disable) - disable_redirect + disable_proxy ;; renew) - disable_redirect - enable_redirect + disable_proxy + enable_proxy ;; *) echo "$0: usage: $0 {enable|disable|renew}"