From c68fbe132a8d878852d742edebd6bf343b4ecf64 Mon Sep 17 00:00:00 2001
From: SunBK201 <sunbk201gm@gmail.com>
Date: Wed, 3 Dec 2025 01:10:12 +0800
Subject: [PATCH] feat: add OpenWrt detection

---
 src/internal/netfilter/firewall.go | 38 ++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/src/internal/netfilter/firewall.go b/src/internal/netfilter/firewall.go
index 61d9e59..5843c4d 100644
--- a/src/internal/netfilter/firewall.go
+++ b/src/internal/netfilter/firewall.go
@@ -7,6 +7,7 @@ import (
 	"log"
 	"log/slog"
 	"net"
+	"os"
 	"os/exec"
 	"os/user"
 	"strings"
@@ -297,6 +298,10 @@ func (f *Firewall) DeleteTproxyRoute(fwmark, routeTable string) error {
 }
 
 func detectFirewallBackend(cfg *config.Config) string {
+	isOpenwrt := isOpenWrt()
+	if isOpenwrt {
+		slog.Info("Detected OpenWrt environment")
+	}
 	nftAvailable := IsCommandAvailable("nft")
 	iptAvailable := IsCommandAvailable("iptables")
 	nftTproxyAvailable := isOpkgPackageInstalled("kmod-nft-tproxy") && nftAvailable
@@ -308,6 +313,9 @@ func detectFirewallBackend(cfg *config.Config) string {
 		if !nftAvailable {
 			return false
 		}
+		if !isOpenwrt {
+			return true
+		}
 		if nfqueueNeeded && !nftNfqueueAvailable {
 			return false
 		}
@@ -376,6 +384,36 @@ func getLocalIPv4CIDRs() ([]string, error) {
 	return cidrs, nil
 }
 
+func isOpenWrt() bool {
+	checkFiles := []string{
+		"/etc/openwrt_release",
+	}
+	for _, f := range checkFiles {
+		if _, err := os.Stat(f); err == nil {
+			return true
+		}
+	}
+
+	data, err := os.ReadFile("/etc/os-release")
+	if err == nil && strings.Contains(string(data), "OpenWrt") {
+		return true
+	}
+
+	if _, err := user.Lookup("uci"); err == nil {
+		return true
+	}
+
+	if _, err := exec.LookPath("opkg"); err == nil {
+		return true
+	}
+
+	if _, err := user.Lookup("apk"); err == nil {
+		return true
+	}
+
+	return false
+}
+
 func IsCommandAvailable(cmd string) bool {
 	_, err := exec.LookPath(cmd)
 	return err == nil