v1.4. ruab_route_check

ruantiblock/files/usr/bin/ruantiblock

@@ -3,11 +3,12 @@
 ########################################################################
 #
 # Ruantiblock
-# (с) 2020 gSpot (https://github.com/gSpotx2f/ruantiblock_openwrt)
+# (с) 2023 gSpot (https://github.com/gSpotx2f/ruantiblock_openwrt)
 #
 ########################################################################
 
 export NAME="ruantiblock"
+export APP_EXEC="$0"
 export LANG="en_US.UTF-8"
 export LANGUAGE="en"
 
@@ -38,16 +39,20 @@ export NFTSET_CLEAR_SETS=0
 export ALLOWED_HOSTS_MODE=0
 ### Список IP адресов хостов для фильтра, через пробел (прим.: 192.168.0.10 192.168.0.15)
 export ALLOWED_HOSTS_LIST=""
-### VPN интерфейс для правил маршрутизации
-export IF_VPN="tun0"
 ### Порт прозрачного прокси Tor (параметр TransPort в torrc)
 export TOR_TRANS_PORT=9040
 ### DNS-сервер для резолвинга в домене .onion (Tor)
 export ONION_DNS_ADDR="127.0.0.1#9053"
-### метка для отбора пакетов в VPN туннель
+### VPN интерфейс для правил маршрутизации
+export IF_VPN="tun0"
+### Метка для отбора пакетов в VPN туннель
 export VPN_PKTS_MARK=8
+### Таблица маршрутизации для отправки пакетов в VPN туннель
+export VPN_ROUTE_TABLE_ID=99
 ### Приоритет правила отбора пакетов при маршрутизации в VPN-интерфейс
 export VPN_RULE_PRIO=1000
+### Способ добавления в таблицу маршрутизации правила для отправки пакетов в VPN туннель (0 - hotplug.d, 1 - скрипт ruab_route_check)
+export VPN_ROUTE_CHECK=0
 ### TCP порт прокси в режиме прозрачного прокси
 export T_PROXY_PORT_TCP=1100
 ### UDP порт прокси в режиме прозрачного прокси
@@ -208,6 +213,12 @@ if [ $? -ne 0 ]; then
     echo " Error! Nslookup doesn't exists" >&2
     exit 1
 fi
+export IP_CMD="ip"
+if [ $? -ne 0 ]; then
+    echo " Error! Iproute2 doesn't exists" >&2
+    exit 1
+fi
+ROUTE_CHECK_EXEC="${MODULES_DIR}/ruab_route_check"
 export IP_DATA_FILE="${DATA_DIR}/${NAME}.ip"
 export NFT_TABLE="ip r"
 export NFT_TABLE_DNSMASQ="4#ip#r"
@@ -574,7 +585,7 @@ GetDataFiles() {
             ### STDOUT
             echo " Module run attempt ${_attempt}: failed [${BLLIST_MODULE}]" >&2
             MakeLogRecord "err" "Module run attempt ${_attempt}: failed [${BLLIST_MODULE}]"
-            _attempt=`expr $_attempt + 1`
+            _attempt=$(($_attempt + 1))
             [ $_attempt -gt $MODULE_RUN_ATTEMPTS ] && break
             sleep $MODULE_RUN_TIMEOUT
         done
@@ -687,6 +698,9 @@ Start() {
         PreStartCheck
         UpdateBllistSets
         _return_code=$?
+        if [ "$PROXY_MODE" = "2" -a "$VPN_ROUTE_CHECK" = "1" -a -x "$ROUTE_CHECK_EXEC" ]; then
+            $ROUTE_CHECK_EXEC start &> /dev/null &
+        fi
         ### Start-script
         [ -x "$START_SCRIPT" ] && $START_SCRIPT > /dev/null 2>&1 &
     fi
@@ -703,6 +717,9 @@ Stop() {
         MakeLogRecord "info" "${1}..."
         DropNetConfig &> /dev/null
         _return_code=$?
+        if [ -x "$ROUTE_CHECK_EXEC" ]; then
+            $ROUTE_CHECK_EXEC stop &> /dev/null
+        fi
         ### Stop-script
         [ -x "$STOP_SCRIPT" ] && $STOP_SCRIPT > /dev/null 2>&1 &
         MakeToken
@@ -720,7 +737,7 @@ Reload() {
         if [ $_i -ge $_attempts ]; then
             return 1
         fi
-        _i=`expr $_i + 1`
+        _i=$(($_i + 1))
         sleep 1
     done
     echo " ${NAME} reload..."

ruantiblock/files/usr/libexec/ruantiblock/ruab_route_check

@@ -0,0 +1,60 @@
+#!/bin/sh
+
+PID_FILE="/var/run/`basename $0`.pid"
+
+VpnRouteStatus() {
+    [ -n "`$IP_CMD route show table $VPN_ROUTE_TABLE_ID 2> /dev/null`" ] && return 0
+    return 1
+}
+
+Main() {
+    while [ -e "$PID_FILE" ]
+    do
+        if ! VpnRouteStatus; then
+            if $IP_CMD link show $IF_VPN &> /dev/null; then
+                $APP_EXEC reload
+            fi
+        fi
+        sleep 10
+    done
+}
+
+TrapFunc() {
+    rm -f "$PID_FILE"
+    exit 0
+}
+
+Start() {
+    echo $$ > "$PID_FILE"
+    trap "TrapFunc" 2 3 15
+    Main
+}
+
+Stop() {
+    kill -s SIGKILL `cat "$PID_FILE"` 2> /dev/null
+    rm -f "$PID_FILE"
+}
+
+case "$1" in
+    start)
+        if [ -e "$PID_FILE" ]; then
+            echo "${PID_FILE} exists. Already running?" >&2
+            Stop
+        fi
+        Start
+    ;;
+    stop)
+        if [ -e "$PID_FILE" ]; then
+            Stop
+        else
+            echo "${PID_FILE} does not exists. Not running?" >&2
+            exit 1
+        fi
+    ;;
+    *)
+        echo "Usage: `basename $0` start|stop"
+        exit 1
+    ;;
+esac
+
+exit 0

ruantiblock/files/usr/share/ruantiblock/config_script

@@ -1,8 +1,13 @@
-AWK_CMD="awk"
 UCI_SECTION="ruantiblock.config"
-UCI_VARS="proxy_mode proxy_local_clients nftset_clear_sets allowed_hosts_mode allowed_hosts_list bypass_mode bypass_entries_dns enable_fproxy fproxy_list enable_bllist_proxy if_vpn tor_trans_port onion_dns_addr t_proxy_port_tcp t_proxy_port_udp t_proxy_allow_udp add_user_entries user_entries_dns enable_logging bllist_min_entries bllist_module bllist_preset bllist_ip_limit bllist_gr_excluded_nets bllist_summarize_ip bllist_summarize_cidr bllist_ip_filter bllist_ip_filter_type bllist_sd_limit bllist_gr_excluded_sld bllist_fqdn_filter bllist_fqdn_filter_type bllist_enable_idn bllist_alt_nslookup bllist_alt_dns_addr update_at_startup"
+UCI_VARS="proxy_mode proxy_local_clients nftset_clear_sets allowed_hosts_mode allowed_hosts_list bypass_mode bypass_entries_dns enable_fproxy fproxy_list enable_bllist_proxy if_vpn vpn_route_check tor_trans_port onion_dns_addr t_proxy_port_tcp t_proxy_port_udp t_proxy_allow_udp add_user_entries user_entries_dns enable_logging bllist_min_entries bllist_module bllist_preset bllist_ip_limit bllist_gr_excluded_nets bllist_summarize_ip bllist_summarize_cidr bllist_ip_filter bllist_ip_filter_type bllist_sd_limit bllist_gr_excluded_sld bllist_fqdn_filter bllist_fqdn_filter_type bllist_enable_idn bllist_alt_nslookup bllist_alt_dns_addr update_at_startup"
+UCI_CMD=`which uci`
+if [ $? -ne 0 ]; then
+    echo " Error! UCI doesn't exists" >&2
+    exit 1
+fi
+AWK_CMD="awk"
 
-eval `uci show "$UCI_SECTION" | $AWK_CMD -F "=" -v UCI_VARS="$UCI_VARS" '
+eval `$UCI_CMD show "$UCI_SECTION" | $AWK_CMD -F "=" -v UCI_VARS="$UCI_VARS" '
     BEGIN {
         split(UCI_VARS, split_array, " ");
         for(i in split_array)

ruantiblock/files/usr/share/ruantiblock/nft_functions

@@ -1,11 +1,9 @@
-IP_CMD="ip"
 NFT_ALLOWED_HOSTS_CHAIN="allowed_hosts"
 NFT_BLLIST_CHAIN="blacklist"
 NFT_FPROXY_FILTER="fproxy_filter"
 NFT_DNSMASQ_TIMEOUT_UPDATE_CHAIN="dnsmasq_timeout_update"
 NFT_ACTION_CHAIN="action"
 NFT_LOCAL_CLIENTS_CHAIN="local_clients"
-VPN_ROUTE_TABLE_ID=99
 
 if [ "$PROXY_MODE" = "2" ]; then
     MAIN_CHAIN_TYPE="type filter hook prerouting priority ${NFT_PRIO_ROUTE}; policy accept;"
@@ -41,7 +39,7 @@ NftCmdWrapper() {
             _return_code=$?
             break
         fi
-        _i=`expr $_i + 1`
+        _i=$(($_i + 1))
     done
     return $_return_code
 }