ss-rules script in shadowsocks-libev currently is using TPROXY without mark
packet first this patch will fix it
Signed-off-by: Zhizhang Deng <a...@2011ysyb.com>
---
net/shadowsocks-libev/files/ss-rules | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/shadowsocks-libev/files/ss-rules
b/net/shadowsocks-libev/files/ss-rules
index 8ce1000..084f87e 100644
--- a/net/shadowsocks-libev/files/ss-rules
+++ b/net/shadowsocks-libev/files/ss-rules
@@ -120,6 +120,9 @@ tp_rule() {
$ipt_m -A SS_SPEC_TPROXY -p udp -m set ! --match-set ss_spec_wan_ac dst
\
-j TPROXY --on-port $LOCAL_PORT --tproxy-mark 0x01/0x01
$ipt_m -A PREROUTING -p udp $EXT_ARGS \
+ -m socket \
+ -m comment --comment "_SS_SPEC_RULE_" -j MARK --set-mark 1
+ $ipt_m -A PREROUTING -p udp $EXT_ARGS \
-m set ! --match-set ss_spec_lan_ac src \
-m comment --comment "_SS_SPEC_RULE_" -j SS_SPEC_TPROXY
return $?
_______________________________________________
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev
