feat: Insert rules when the network changes

CHIZI-0618 · Aug 9, 2024 · a8a85e1 · a8a85e1
1 parent a50f179
commit a8a85e1
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 4 deletions.
diff --git a/box/scripts/box.tproxy b/box/scripts/box.tproxy
@@ -91,7 +91,7 @@ start_redirect() {
 
   if [ "${ignore_out_list}" != "" ] ; then
     for ignore in ${ignore_out_list[@]} ; do
-      ${iptables} -t nat -I BOX_LOCAL -o ${ignore} -j RETURN
+      ${iptables} -t nat -A BOX_LOCAL -o ${ignore} -j RETURN
     done
     log Info "${ignore_out_list[*]} ignore transparent proxy."
   fi
@@ -104,7 +104,7 @@ start_redirect() {
     else
       # Bypass apps
       for appid in ${uid_list[@]} ; do
-        ${iptables} -t nat -I BOX_LOCAL -m owner --uid-owner ${appid} -j RETURN
+        ${iptables} -t nat -A BOX_LOCAL -m owner --uid-owner ${appid} -j RETURN
       done
       # Allow !app
       ${iptables} -t nat -A BOX_LOCAL -p tcp -j REDIRECT --to-ports ${redir_port}
@@ -113,7 +113,7 @@ start_redirect() {
     if [ "${gid_list}" != "" ] ; then
       # Bypass gids
       for gid in ${gid_list[@]} ; do
-        ${iptables} -t nat -I BOX_LOCAL -m owner --gid-owner ${gid} -j RETURN
+        ${iptables} -t nat -A BOX_LOCAL -m owner --gid-owner ${gid} -j RETURN
       done
       log Info "proxy mode: ${proxy_mode}, GID ${gid_list[*]} no transparent proxy."
     fi

diff --git a/box/scripts/net.inotify b/box/scripts/net.inotify
@@ -0,0 +1,29 @@
+#!/system/bin/sh
+
+events=$1
+# monitor_dir=$2
+# monitor_file=$3
+
+rules_add() {
+  ip -4 a | awk '/inet/ {print $2}' | grep -vE "^127.0.0.1" | while read -r local_ipv4 ; do
+    if iptables -t mangle -nL BOX_LOCAL > /dev/null 2>&1 ; then
+      iptables -w 100 -t mangle -I BOX_EXTERNAL 3 -d $local_ipv4 -j RETURN
+      iptables -w 100 -t mangle -I BOX_LOCAL 4 -d $local_ipv4 -j RETURN
+    fi
+    if iptables -t nat -nL BOX_LOCAL > /dev/null 2>&1 ; then
+      iptables -w 100 -t nat -I BOX_EXTERNAL 3 -d $local_ipv4 -j RETURN
+      iptables -w 100 -t nat -I BOX_LOCAL 4 -d $local_ipv4 -j RETURN
+    fi
+  done
+
+  ip -6 a | awk '/inet6/ {print $2}' | grep -vE "^fe80|^::1" | while read -r local_ipv6 ; do
+    if ip6tables -t mangle -nL BOX_LOCAL > /dev/null 2>&1 ; then
+      ip6tables -w 100 -t mangle -I BOX_EXTERNAL 3 -d $local_ipv6 -j RETURN
+      ip6tables -w 100 -t mangle -I BOX_LOCAL 4 -d $local_ipv6 -j RETURN
+    fi
+  done
+}
+
+if [ $events = "w" ] ; then
+  rules_add
+fi
diff --git a/box4_service.sh b/box4_service.sh
@@ -13,4 +13,12 @@ done
 ${scripts_dir}/start.sh
 )&
 
-inotifyd ${scripts_dir}/box.inotify ${module_dir} > /dev/null 2>&1 &
+inotifyd ${scripts_dir}/box.inotify ${module_dir} > /dev/null 2>&1 &
+
+while [ ! -f /data/misc/net/rt_tables ] ; do
+  sleep 3
+done
+
+net_dir="/data/misc/net"
+#Use inotifyd to monitor write events in the /data/misc/net directory for network changes, perhaps we have a better choice of files to monitor (the /proc filesystem is unsupported) and cyclic polling is a bad solution
+inotifyd ${scripts_dir}/net.inotify ${net_dir} > /dev/null 2>&1 &