update 04-25 23:45:26

luci-app-control-weburl/Makefile

@@ -9,7 +9,7 @@ LUCI_TITLE:=LuCI support for Weburl From Koolshare
 LUCI_DEPENDS:=+iptables-mod-filter +kmod-ipt-filter
 LUCI_PKGARCH:=all
 PKG_VERSION:=1.0
-PKG_RELEASE:=3-20220406
+PKG_RELEASE:=3-20220422
 
 include $(TOPDIR)/feeds/luci/luci.mk
 

luci-app-control-weburl/root/etc/init.d/weburl

@@ -9,16 +9,8 @@
 
 START=99
 
-CONFIG=weburl
-
-uci_get_by_type() {
-	local index=0
-	if [ -n $4 ]; then
-		index=$4
-	fi
-	local ret=$(uci get $CONFIG.@$1[$index].$2 2>/dev/null)
-	echo ${ret:=$3}
-}
+WEBURL_ENABLE=0
+WEBURL_ALGOS=
 
 is_true() {
 	case $1 in
@@ -27,63 +19,90 @@ is_true() {
 	esac
 }
 
-load_config() {
-	ENABLED=$(uci_get_by_type basic enable)
-	return $(is_true $ENABLED)
+get_algo_mode(){
+	if [ "x$1" = "x1" ]; then
+		echo "kmp"
+	else
+		echo "bm"
+	fi
 }
 
-get_algo_mode(){
-	case "$1" in
-		0)
-			echo "bm"
-		;;
-		1)
-			echo "kmp"
-		;;
-	esac
+iptables_w(){
+	iptables -w 1 "$@"
 }
 
 add_rule(){
-	algos=$(uci_get_by_type basic algos)
-	for i in $(seq 0 100)
-	do
-		enable=$(uci_get_by_type macbind enable '' $i)
-		macaddr=$(uci_get_by_type macbind macaddr '' $i)
-		timeon=$(uci_get_by_type macbind timeon '' $i)
-		timeoff=$(uci_get_by_type macbind timeoff '' $i)
-		keyword=$(uci_get_by_type macbind keyword '' $i)
-		if [ -z $enable ] || [ -z $keyword ]; then
-			break
-		fi
-		
-		if [ -z $timeon ] || [ -z $timeoff ]; then
-			settime=""
-		else
-			settime="-m time --kerneltz --timestart $timeon --timestop $timeoff"
-		fi
-		
-		if [ "$enable" == "1" ]; then
-			if [ -z $macaddr ]; then
-				iptables -t filter -I WEBURL $settime -m string --string "$keyword" --algo $(get_algo_mode $algos) -j DROP
-			else
-				iptables -t filter -I WEBURL $settime -m mac --mac-source $macaddr -m string --string "$keyword" --algo $(get_algo_mode $algos) -j DROP
-				unset macaddr
-			fi
-		fi
-	done
+	local settime
+	local macaddr
+	local enable
+	local timeon
+	local timeoff
+	local keyword
+	config_get enable "$1" enable "0"
+	config_get macaddr "$1" macaddr
+	config_get timeon "$1" timeon
+	config_get timeoff "$1" timeoff
+	config_get keyword "$1" keyword
+
+	if [ -z "$enable" ] || [ $enable = 0 ] || [ -z "$keyword" ]; then
+		return
+	fi
+
+	if [ -z "$timeon" ] || [ -z "$timeoff" ]; then
+		settime=""
+	else
+		settime="-m time --kerneltz --timestart $timeon --timestop $timeoff"
+	fi
+
+	if [ -z $macaddr ]; then
+		iptables_w -t filter -I WEBURL_RULES $settime -m string --string "$keyword" --algo $WEBURL_ALGOS -j WEBURL_REJECT
+	else
+		iptables_w -t filter -I WEBURL_RULES $settime -m mac --mac-source $macaddr -m string --string "$keyword" --algo $WEBURL_ALGOS -j WEBURL_REJECT
+	fi
+
+}
+
+weburl_header() {
+	local algos
+	config_get WEBURL_ENABLE "$1" enable "0"
+	config_get algos "$1" algos "0"
+	WEBURL_ALGOS=$(get_algo_mode $algos)
 }
 
 start(){
-	! load_config && exit 0
-	iptables -L FORWARD | grep -c WEBURL 2>/dev/null && [ $? -eq 0 ] && exit 0;
-	iptables -t filter -N WEBURL
-	iptables -t filter -I FORWARD -m comment --comment "Rule For Control" -j WEBURL
-	add_rule
-	iptables -t filter -I WEBURL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-}
-stop(){
-	iptables -t filter -D FORWARD -m comment --comment "Rule For Control" -j WEBURL
-	iptables -t filter -F WEBURL
-	iptables -t filter -X WEBURL
+	config_load weburl
+	config_foreach weburl_header basic
+	[ "x`is_true $WEBURL_ENABLE`" = "x0" ] || return 0
+	iptables_w -L FORWARD | grep -c WEBURL 2>/dev/null && [ $? -eq 0 ] && return 0;
+	# resolve interface
+	local interface=$(
+		. /lib/functions/network.sh
+
+		network_is_up "lan" && network_get_device device "lan"
+		echo "${device:-br-lan}"
+	)
+	iptables_w -t filter -N WEBURL_REJECT
+	iptables_w -t filter -F WEBURL_REJECT
+	iptables_w -t filter -I WEBURL_REJECT -j DROP
+	iptables_w -t filter -I WEBURL_REJECT -p tcp -j REJECT --reject-with tcp-reset
+	iptables_w -t filter -N WEBURL_RULES
+	iptables_w -t filter -F WEBURL_RULES
+	config_foreach add_rule macbind
+	iptables_w -t filter -N WEBURL
+	iptables_w -t filter -F WEBURL
+	iptables_w -t filter -I WEBURL -i $interface -m length --length 53:768 -j WEBURL_RULES
+	# iptables_w -t filter -I WEBURL -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+	iptables_w -t filter -I FORWARD -m comment --comment "Rule For Control" -j WEBURL
+	logger -t weburl "weburl filter on $interface"
+}
+
+stop(){
+	iptables_w -t filter -D FORWARD -m comment --comment "Rule For Control" -j WEBURL
+	iptables_w -t filter -F WEBURL
+	iptables_w -t filter -X WEBURL
+	iptables_w -t filter -F WEBURL_RULES
+	iptables_w -t filter -X WEBURL_RULES
+	iptables_w -t filter -F WEBURL_REJECT
+	iptables_w -t filter -X WEBURL_REJECT
 }
 

luci-app-ssr-plus/root/usr/bin/ssr-rules

@@ -191,6 +191,7 @@ ac_rule() {
 	else
 		for name in $Interface; do
 			local IFNAME=$(uci -P /var/state get network.$name.ifname 2>/dev/null)
+			[ -z "$IFNAME" ] && IFNAME=$(uci -P /var/state get network.$name.device 2>/dev/null)
 			[ -n "$IFNAME" ] && $IPT -I PREROUTING 1 ${IFNAME:+-i $IFNAME} -p tcp $EXT_ARGS $MATCH_SET -m comment --comment "$TAG" -j SS_SPEC_WAN_AC
 		done
 	fi
@@ -262,6 +263,7 @@ tp_rule() {
 	else
 		for name in $Interface; do
 			local IFNAME=$(uci -P /var/state get network.$name.ifname 2>/dev/null)
+			[ -z "$IFNAME" ] && IFNAME=$(uci -P /var/state get network.$name.device 2>/dev/null)
 			[ -n "$IFNAME" ] && $ipt -I PREROUTING 1 ${IFNAME:+-i $IFNAME} -p udp $EXT_ARGS $MATCH_SET -m comment --comment "$TAG" -j SS_SPEC_TPROXY
 		done
 	fi

luci-app-store/Makefile

@@ -10,12 +10,12 @@ LUCI_DESCRIPTION:=luci-app-store is a ipk store developed by LinkEase team
 LUCI_DEPENDS:=+curl +opkg +luci-base +tar +coreutils +coreutils-stat +libuci-lua +mount-utils
 LUCI_PKGARCH:=all
 
-PKG_VERSION:=0.1.8-8
+PKG_VERSION:=0.1.9-1
 # PKG_RELEASE MUST be empty for luci.mk
 PKG_RELEASE:=
 
 ISTORE_UI_VERSION:=1.0
-ISTORE_UI_RELEASE:=12
+ISTORE_UI_RELEASE:=13
 PKG_HASH:=skip
 
 PKG_SOURCE_URL_FILE:=v$(ISTORE_UI_VERSION)-$(ISTORE_UI_RELEASE).tar.gz

luci-app-store/root/bin/is-opkg

@@ -219,6 +219,11 @@ backup() {
         exit 0
     fi
 
+    if [ ! -d "${BACKUP_PATH}" ] && ! mkdir -p "${BACKUP_PATH}" ; then
+        echo "invalid backup path, can not backup ipk"
+        exit 1
+    fi
+
     #write all installed package list to file
     opkg_list_installed_packages "allinstalled" 2>/dev/null | sort -u > ${IS_ROOT}/all_installed_package.list
 
@@ -249,12 +254,7 @@ backup() {
     [ -n "${IS_DEBUG}" ] && echo -e "appdep_list_all:\n""${appdep_list_all}"
     echo "${appdep_list_all}" > ${IS_ROOT}/appdep.list
 
-
     #3.rebuild all istore installed package to ipk and backup to userdata partation
-    if [ ! -d "${BACKUP_PATH}" ];then
-        echo "invalid backup path, can not backup ipk"
-        exit 1
-    fi
 
     # 4. create dir
     date=$(date +%Y-%m%d-%H%M)

luci-theme-argon/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 LUCI_TITLE:=Argon Theme
 LUCI_DEPENDS:=+curl +jsonfilter
 PKG_VERSION:=2.2.9.4
-PKG_RELEASE:=20220421
+PKG_RELEASE:=20220425
 
 include $(TOPDIR)/feeds/luci/luci.mk
 

luci-theme-argon/luasrc/view/themes/argon/header.htm

@@ -21,7 +21,7 @@
 	local util = require "luci.util"
 	local http = require "luci.http"
 	local disp = require "luci.dispatcher"
-    local ver = require "luci.version"
+	local ver = require "luci.version"
 
 	local boardinfo = util.ubus("system", "board")
 

luci-theme-argon/luasrc/view/themes/argon/header_login.htm

@@ -21,7 +21,7 @@
 	local util = require "luci.util"
 	local http = require "luci.http"
 	local disp = require "luci.dispatcher"
-    local ver = require "luci.version"
+	local ver = require "luci.version"
 
 	local boardinfo = util.ubus("system", "board")