add outer oc redirect

ansible/scripts/utility.sh.j2

@@ -81,6 +81,9 @@ interface_switch_redirect() {
   REDIR_TARGET_PORTS=$4
   $IPTABLES_EXEC -t nat "$OPTION" NEXTGEN_SWITCH -m mark --mark $MARK -i mc+ -m set --match-set mycard src -m set ! --match-set mycard dst -p tcp -m multiport --dports $REDIR_TARGET_PORTS -m multiport ! --dports {{allRedirectServerPorts}} -j DNAT --to-destination {{address}}:$REDIR_SERVER_PORT
   $IPTABLES_EXEC -t nat "$OPTION" NEXTGEN_SWITCH -m mark --mark $MARK -i ocs+ -m set --match-set mycard src -m set ! --match-set mycard dst -p tcp -m multiport --dports $REDIR_TARGET_PORTS -m multiport ! --dports {{allRedirectServerPorts}} -j DNAT --to-destination {{address}}:$REDIR_SERVER_PORT
+{% for entry in relatedOcServers %}
+  $IPTABLES_EXEC -t nat "$OPTION" NEXTGEN_SWITCH -m mark --mark $MARK -s {{entry.source}} -m mac --mac-source {{entry.mac}} -m set ! --match-set mycard dst -p tcp -m multiport --dports $REDIR_TARGET_PORTS -m multiport ! --dports {{allRedirectServerPorts}} -j DNAT --to-destination {{address}}:$REDIR_SERVER_PORT
+{% endfor %}
 }
 
 _search_and_remove() {

src/inventory.ts

@@ -110,13 +110,13 @@ class InventoryBuilder {
     if (!domain || domain.match(/(\d{1,3}\.){3}\d{1,3}/)) {
       return domain;
     }
-    return new Promise<string>(async(resolve) => {
+    return new Promise<string>(async (resolve) => {
       const cacheKey = `${domain}-${ipv6 ? ':v6' : ':v4'}`;
       if (this.resolveCache.has(cacheKey)) {
         resolve(this.resolveCache.get(cacheKey));
       } else {
         let resolveFunctions = this.domainResolveFunctions.get(cacheKey);
-        if (!resolveFunctions) { 
+        if (!resolveFunctions) {
           resolveFunctions = [];
           this.domainResolveFunctions.set(cacheKey, resolveFunctions);
           const result = await this.resolveDomainProcess(domain, ipv6);
@@ -160,11 +160,13 @@ class InventoryBuilder {
     this.hosts = _.keyBy(await this.load('nextgen2'), 'name');
     const subnets = await this.load('subnets');
     for (const [name, router] of Object.entries(this.hosts)) {
-      router.lanInterfaces = subnets
-        .filter((subnet) => subnet.router === name)
+      const relatedSubnets = subnets
+        .filter((subnet) => subnet.router === name);
+      router.lanInterfaces = relatedSubnets
         .map((subnet) => subnet.interface)
         .filter((i) => i);
-      router.subnets = subnets.filter((subnet) => subnet.router === name).map((subnet) => subnet.subnet);
+      router.relatedOcServers = relatedSubnets.filter(subnet => subnet.ocServer).map(subnet => ({ mac: subnet.ocServer, source: subnet.subnet }));
+      router.subnets = relatedSubnets.map((subnet) => subnet.subnet);
     }
     this.vars = await this.loadUtilities();
     // @ts-ignore
@@ -183,7 +185,7 @@ class InventoryBuilder {
     if (process.env.LIMIT_LINKS) {
       this.linksLimit = process.env.LIMIT_LINKS.split(",");
     }
-    if (process.env.ONLY_PROTOS) { 
+    if (process.env.ONLY_PROTOS) {
       this.protosOnly = process.env.ONLY_PROTOS.split(",");
     }
     const inventoryValue = { wg: { hosts: Object.fromEntries(Object.values(this.hosts).map(host => [host.name, this.getHostConnectionInfo(host)])) } };
@@ -357,11 +359,11 @@ class InventoryBuilder {
     }
 
     const pccGateways = availableGateways.filter(gateway => gateway.pccWeight);
-    if (pccGateways.length) { 
+    if (pccGateways.length) {
       const gwPccRules = getRules(pccGateways.map(gw => gw.pccWeight));
       gwPccRules.forEach((rule, index) => pccGateways[index].pccRules = rule);
     }
-    
+
     host.frpcRestarts = [];
     host.ocRestarts = [];
     host.frpsNeeded = false;
@@ -437,6 +439,7 @@ class InventoryBuilder {
       gostConfig,
       installGost: !!gostConfig,
       allRedirectServerPorts,
+      relatedOcServers: host.relatedOcServers
     };
   }
 
@@ -648,7 +651,7 @@ class InventoryBuilder {
     assert(localGateway.ipv4 !== '' || remoteGateway.ipv4 !== '' || (localGateway.ipv6 !== '' && remoteGateway.ipv6 !== ''));
     // 两边不能都是只能入站的
     assert(!localGateway.noOut || !remoteGateway.noOut);
-    
+
     const localScore = this.gatewayCompareScore(localGateway);
     const remoteScore = this.gatewayCompareScore(remoteGateway);
     // 两边必须相反