too hard to remake

ansible/bird.conf.bak

@@ -95,7 +95,7 @@ protocol ospf v2 {
 {% endif %}
 {% endfor %}
 
-{% for interface in lan_interfaces %}
+{% for interface in lanInterfaces %}
     interface "{{interface}}" {
       type broadcast;
       cost 1;

ansible/bird.conf.j2

@@ -9,7 +9,7 @@ protocol device {
 #  ipv6;
 #}
 
-{% for interface in lan_interfaces %}
+{% for interface in lanInterfaces %}
 protocol direct {
   ipv4;
   ipv6;
@@ -42,7 +42,7 @@ protocol kernel {
     table {{connection.name.replace("-", "_")}};
     export all;
   };
-  kernel table {{connection.remoteMark}};
+  kernel table {{connection.remoteDestMark}};
 }
 {% endif %}
 {% endfor %}
@@ -75,7 +75,7 @@ protocol ospf v2 {
 {% endif %}
 {% endfor %}
 
-{% for interface in lan_interfaces %}
+{% for interface in lanInterfaces %}
     interface "{{interface}}" {
       type broadcast;
       cost 1;

ansible/protocols/wg/wg.conf.j2

@@ -8,8 +8,8 @@ FwMark = {{conn.localGatewayMark}}
 
 MTU = {{conn.mtu|int - 80}}
 Table = off
-PostUp = dev=%i localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} remoteMark={{conn.remoteMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 80}} /etc/wireguard/postup.sh
-PreDown = dev=%i localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} remoteMark={{conn.remoteMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 80}} /etc/wireguard/predown.sh
+PostUp = dev=%i localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} remoteNextMark={{conn.remoteNextMark}} remoteDestMark={{conn.remoteDestMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 80}} /etc/wireguard/postup.sh
+PreDown = dev=%i localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} remoteNextMark={{conn.remoteNextMark}} remoteDestMark={{conn.remoteDestMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 80}} /etc/wireguard/predown.sh
 
 [Peer]
 PublicKey = {{conn.wgPublicKey}}

ansible/protocols/wgfrp/wgfrp.conf.j2

@@ -9,8 +9,8 @@ FwMark = {{conn.localGatewayMark}}
 {% endif %}
 MTU = {{conn.mtu|int - 80}}
 Table = off
-PostUp = dev=%i localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} remoteMark={{conn.remoteMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 80}} /etc/wireguard/postup.sh
-PreDown = dev=%i localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} remoteMark={{conn.remoteMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 80}} /etc/wireguard/predown.sh
+PostUp = dev=%i localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} remoteNextMark={{conn.remoteNextMark}} remoteDestMark={{conn.remoteDestMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 80}} /etc/wireguard/postup.sh
+PreDown = dev=%i localPeerAddress={{conn.localPeerAddress}} remotePeerAddress={{conn.remotePeerAddress}} remoteNextMark={{conn.remoteNextMark}} remoteDestMark={{conn.remoteDestMark}} inbound={{conn.inbound}} outbound={{conn.outbound}} mtu={{conn.mtu|int - 80}} /etc/wireguard/predown.sh
 [Peer]
 PublicKey = {{conn.wgPublicKey}}
 AllowedIPs = 0.0.0.0/0, ::/0

ansible/scripts/global-postup.sh.j2

@@ -6,7 +6,7 @@ ipset restore -f /etc/wireguard/{{list}}.ipset || true
 {% endfor %}
 
 # 临时梯子
-iptables -t mangle -A PREROUTING -m set --match-set ladder_needed src -m set --match-set gfwiplist dst -j MARK --set-xmark 812/0xffffffff
+# iptables -t mangle -A PREROUTING -m set --match-set ladder_needed src -m set --match-set gfwiplist dst -j MARK --set-xmark 812/0xffffffff
 
 echo 1 > /tmp/mycard_global_postup_done
 

ansible/scripts/postup.sh.j2

@@ -4,8 +4,9 @@
 ip addr add "$localPeerAddress" peer "$remotePeerAddress" dev "$dev" scope link
 
 if [ "$outbound" == True ] ; then
-  #ip route add default dev "$dev" table "$remoteMark"
-  ip rule add fwmark "$remoteMark" table "$remoteMark" pref 300
+  ip route add default dev "$dev" table "$remoteNextMark"
+  ip rule add fwmark "$remoteNextMark" table "$remoteNextMark" pref 300
+  ip rule add fwmark "$remoteDestMark" table "$remoteDestMark" pref 300
 fi
 
 #if [ -z "${mtu}" ]; then
@@ -17,8 +18,10 @@ mss=$((mtu - 40))
 iptables -t mangle -A FORWARD -i "$dev" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $mss:1460 -j TCPMSS --set-mss $mss
 iptables -t mangle -A FORWARD -o "$dev" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $mss:1460 -j TCPMSS --set-mss $mss
 
-iptables -t mangle -A PREROUTING ! -p ospf -i "$dev" -m set ! --match-set mycard src -j CONNMARK --set-xmark "$remoteMark"
-iptables -t mangle -A PREROUTING -m connmark --mark "$remoteMark" -j CONNMARK --restore-mark
-iptables -t mangle -A OUTPUT -m connmark --mark "$remoteMark" -j CONNMARK --restore-mark
+if [ "$inbound" == True ] ; then
+  iptables -t mangle -A PREROUTING ! -p ospf -i "$dev" -m set ! --match-set mycard src -j CONNMARK --set-xmark "$remoteNextMark"
+  iptables -t mangle -A PREROUTING -m connmark --mark "$remoteNextMark" -j CONNMARK --restore-mark
+  iptables -t mangle -A OUTPUT -m connmark --mark "$remoteNextMark" -j CONNMARK --restore-mark
+fi
 
 true

ansible/scripts/predown.sh.j2

 #!/usr/bin/env bash
 
 if [ "$outbound" == True ] ; then
-  ip rule del fwmark "$remoteMark" table "$remoteMark" pref 300
+  ip rule del fwmark "$remoteNextMark" table "$remoteNextMark" pref 300
+  ip rule del fwmark "$remoteDestMark" table "$remoteDestMark" pref 300
 fi
 
 #if [ -z "${mtu}" ]; then
@@ -13,9 +14,11 @@ mss=$((mtu - 40))
 iptables -t mangle -D FORWARD -i "$dev" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $mss:1460 -j TCPMSS --set-mss $mss
 iptables -t mangle -D FORWARD -o "$dev" -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $mss:1460 -j TCPMSS --set-mss $mss
 
-iptables -t mangle -D PREROUTING ! -p ospf -i "$dev" -m set ! --match-set mycard src -j CONNMARK --set-xmark "$remoteMark"
-iptables -t mangle -D PREROUTING -m connmark --mark "$remoteMark" -j CONNMARK --restore-mark
-iptables -t mangle -D OUTPUT -m connmark --mark "$remoteMark" -j CONNMARK --restore-mark
+if [ "$inbound" == True ] ; then
+  iptables -t mangle -D PREROUTING ! -p ospf -i "$dev" -m set ! --match-set mycard src -j CONNMARK --set-xmark "$remoteNextMark"
+  iptables -t mangle -D PREROUTING -m connmark --mark "$remoteNextMark" -j CONNMARK --restore-mark
+  iptables -t mangle -D OUTPUT -m connmark --mark "$remoteNextMark" -j CONNMARK --restore-mark
+fi
 
 # predown 始终返回成功。
 true

src/inventory.ts

@@ -20,12 +20,12 @@ class InventoryBuilder {
   }
 
   async loadGateways() {
-    const gateways = await this.load('gateways');
+    const gateways = await this.load('gateways2');
     return gateways;
   }
 
   async main() {
-    this.hosts = _.keyBy(await this.load('nextgen links'), 'name');
+    this.hosts = _.keyBy(await this.load('nextgen2'), 'name');
     this.gateways = _.mapValues(_.groupBy(await this.loadGateways(), 'name'), g => _.keyBy(g, 'isp'));
     //console.log(this.gateways);
     this.connections = _.intersection(Object.keys(this.hosts), Object.keys(_.find(this.hosts)));
@@ -43,13 +43,13 @@ class InventoryBuilder {
 
   async loadUtilities(hosts) {
     const raw_utility = _.keyBy(await this.load('configurations'), 'key');
-    let route_plans = await this.load('route tables');
+    //let route_plans = await this.load('route tables');
     this.route_lists = YAML.parse(fs.readFileSync(path.join('lists', 'result.yaml'), "utf8"));
-    for (let plan of route_plans) {
+    /*for (let plan of route_plans) {
       plan.name = plan.list + "_" + plan.gateway.replace(/-/g, "_").split(".")[0]
       //plan.list = JSON.parse(JSON.stringify(this.route_lists[plan.list]));
       plan.gatewayAddress = hosts[plan.gateway].address;
-    }
+    }*/
     // 所有内网网段
     this.route_lists.mycard = ["10.198.0.0/16", "10.200.0.0/15", "172.16.0.0/12"];
     for (const h in this.hosts) {
@@ -66,7 +66,7 @@ class InventoryBuilder {
     const vars = {
       route_lists: this.route_lists,
       route_list_names: Object.keys(this.route_lists),
-      route_plans
+      //route_plans
     };
     for (let col in raw_utility) {
       vars[col] = raw_utility[col].value;
@@ -77,7 +77,7 @@ class InventoryBuilder {
   host_vars(host) {
     const connections = [];
     const null_connection = "10000,null";
-    const lan_interfaces = host.lan_interfaces.length > 0 ? host.lan_interfaces.split(",") : [];
+    const lanInterfaces = host.lanInterfaces.length > 0 ? host.lanInterfaces.split(",") : [];
     const dns = host.dns;
     for (const h of this.connections) {
       if (h != host.name) {
@@ -110,7 +110,7 @@ class InventoryBuilder {
       //gateways: _.mapValues(this.gateways[host.name], gw => _.pick(gw, ['mark_gateway'])),
       gateways: _.values(this.gateways[host.name]),
       connections,
-      lan_interfaces,
+      lanInterfaces,
       dns
     };
   }
@@ -133,7 +133,8 @@ class InventoryBuilder {
     //console.log(remoteGateway.name);
     const remoteAddress = remoteGateway.address;
     const remoteLocalAddress = remote.address;
-    const remoteMark = remote.mark;
+    const remoteNextMark = remote.nextMark;
+    const remoteDestMark = remote.destMark;
     const localPort = (primary ? remote.port : remote.port2) + local.offset;
     const remotePort = (primary ? local.port : local.port2) + remote.offset;
     const remoteFrpsPort = remote.frpsPort;
@@ -153,7 +154,8 @@ class InventoryBuilder {
       params,
       localGatewayMark,
       //remoteGatewayMark,
-      remoteMark,
+      remoteNextMark,
+      remoteDestMark,
       remoteAddress,
       remoteLocalAddress,
       localPort,
@@ -180,7 +182,7 @@ class InventoryBuilder {
     const ipv4NatScore = ({
       "ports": 0,
       "dmz": 1
-    })[gateway.ipv4_nat] || 2;
+    })[gateway.ipv4Nat] || 2;
     score |= ipv4NatScore << 10;
     const globalSSHScore = ({
       "globalssh": 1