From 2a0663be9d415f43624c182488984da998634290 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Sun, 6 Feb 2022 20:28:43 +0800
Subject: [PATCH] update-02.06

---
 aliyundrive-webdav/Makefile                   |  2 +-
 luci-app-aliyundrive-webdav/Makefile          |  2 +-
 luci-app-bypass/root/usr/share/bypass/update  |  2 +-
 luci-app-passwall/Makefile                    | 10 ++++--
 .../model/cbi/passwall/client/other.lua       | 10 ++++--
 luci-app-passwall/po/zh-cn/passwall.po        |  3 ++
 .../root/usr/share/passwall/iptables.sh       | 31 +++++++++++++++++--
 7 files changed, 50 insertions(+), 10 deletions(-)

diff --git a/aliyundrive-webdav/Makefile b/aliyundrive-webdav/Makefile
index 0b65a0fa2..680d6e331 100644
--- a/aliyundrive-webdav/Makefile
+++ b/aliyundrive-webdav/Makefile
@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=aliyundrive-webdav
-PKG_VERSION:=1.2.1
+PKG_VERSION:=1.2.2
 PKG_RELEASE:=$(AUTORELESE)
 
 PKG_LICENSE:=MIT
diff --git a/luci-app-aliyundrive-webdav/Makefile b/luci-app-aliyundrive-webdav/Makefile
index f8e1e0662..32100ca71 100644
--- a/luci-app-aliyundrive-webdav/Makefile
+++ b/luci-app-aliyundrive-webdav/Makefile
@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-aliyundrive-webdav
-PKG_VERSION:=1.2.1
+PKG_VERSION:=1.2.2
 PKG_RELEASE:=1
 PKG_PO_VERSION:=$(PKG_VERSION)-$(PKG_RELEASE)
 
diff --git a/luci-app-bypass/root/usr/share/bypass/update b/luci-app-bypass/root/usr/share/bypass/update
index 08380b2f2..904166725 100755
--- a/luci-app-bypass/root/usr/share/bypass/update
+++ b/luci-app-bypass/root/usr/share/bypass/update
@@ -19,7 +19,7 @@ if [ $A = Y ];then
 fi
 if [ "$C" = router ];then
 	if [ $A = Y ];then
-		while ! B=$(curl -kLfsm 5 https://ispip.clang.cn/all_cn.txt || curl -kLfsm 5 https://op.supes.top/all_cn.txt);do
+		while ! B=$(curl -kLfsm 5 https://cdn.jsdelivr.net/gh/17mon/china_ip_list@master/china_ip_list.txt || curl -kLfsm 5 https://op.supes.top/all_cn.txt);do
 			sleep 2
 		done
 	fi
diff --git a/luci-app-passwall/Makefile b/luci-app-passwall/Makefile
index 0a96d1518..5470e8efd 100644
--- a/luci-app-passwall/Makefile
+++ b/luci-app-passwall/Makefile
@@ -30,7 +30,8 @@ PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_V2ray \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_V2ray_Plugin \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Xray \
-	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Xray_Plugin
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Xray_Plugin \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_IPv6_Nat
 
 LUCI_TITLE:=LuCI support for PassWall
 LUCI_PKGARCH:=all
@@ -58,7 +59,8 @@ LUCI_DEPENDS:=+coreutils +coreutils-base64 +coreutils-nohup +curl \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_V2ray:v2ray-core \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_V2ray_Plugin:v2ray-plugin \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_Xray:xray-core \
-	+PACKAGE_$(PKG_NAME)_INCLUDE_Xray_Plugin:xray-plugin
+	+PACKAGE_$(PKG_NAME)_INCLUDE_Xray_Plugin:xray-plugin \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_IPv6_Nat:ip6tables-mod-nat
 
 define Package/$(PKG_NAME)/config
 menu "Configuration"
@@ -141,6 +143,10 @@ config PACKAGE_$(PKG_NAME)_INCLUDE_Xray_Plugin
 	bool "Include Xray-Plugin (Shadowsocks Plugin)"
 	default n
 
+config PACKAGE_$(PKG_NAME)_INCLUDE_IPv6_Nat
+	bool "Include IPv6 Nat"
+	default n
+
 endmenu
 endef
 
diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua
index 5a817fbe6..a8793bbac 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua
@@ -83,9 +83,6 @@ o.default = "1:65535"
 o:value("1:65535", translate("All"))
 o:value("53", "DNS")
 
-o = s:option(Flag, "accept_icmp", translate("Hijacking ICMP (PING)"))
-o.default = 0
-
 if os.execute("lsmod | grep -i REDIRECT >/dev/null") == 0 and os.execute("lsmod | grep -i TPROXY >/dev/null") == 0 then
     o = s:option(ListValue, "tcp_proxy_way", translate("TCP Proxy Way"))
     o.default = "redirect"
@@ -110,6 +107,13 @@ if os.execute("lsmod | grep -i REDIRECT >/dev/null") == 0 and os.execute("lsmod
     o.rmempty = false
 end
 
+o = s:option(Flag, "accept_icmp", translate("Hijacking ICMP (PING)"))
+o.default = 0
+
+o = s:option(Flag, "accept_icmpv6", translate("Hijacking ICMPv6 (IPv6 PING)"))
+o:depends("ipv6_tproxy", true)
+o.default = 0
+
 --[[
 ---- TCP Redir Port
 o = s:option(Value, "tcp_redir_port", translate("TCP Redir Port"))
diff --git a/luci-app-passwall/po/zh-cn/passwall.po b/luci-app-passwall/po/zh-cn/passwall.po
index 3578eb385..83339763d 100644
--- a/luci-app-passwall/po/zh-cn/passwall.po
+++ b/luci-app-passwall/po/zh-cn/passwall.po
@@ -655,6 +655,9 @@ msgstr "关闭"
 msgid "Hijacking ICMP (PING)"
 msgstr "劫持ICMP (PING)"
 
+msgid "Hijacking ICMPv6 (IPv6 PING)"
+msgstr "劫持ICMPv6 (IPv6 PING)"
+
 msgid "TCP Proxy Way"
 msgstr "TCP代理方式"
 
diff --git a/luci-app-passwall/root/usr/share/passwall/iptables.sh b/luci-app-passwall/root/usr/share/passwall/iptables.sh
index 56292cd6a..a12bef0f0 100755
--- a/luci-app-passwall/root/usr/share/passwall/iptables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/iptables.sh
@@ -22,6 +22,7 @@ FORCE_INDEX=2
 
 ipt_n="iptables -t nat -w"
 ipt_m="iptables -t mangle -w"
+ip6t_n="ip6tables -t nat -w"
 ip6t_m="ip6tables -t mangle -w"
 FWI=$(uci -q get firewall.passwall.path 2>/dev/null)
 FAKE_IP=198.18.0.0/16
@@ -69,6 +70,7 @@ REDIRECT() {
 	local redirect="-j REDIRECT --to-ports $1"
 	[ "$2" == "TPROXY" ] && redirect="-j TPROXY --tproxy-mark 0x1/0x1 --on-port $1"
 	[ "$2" == "MARK" ] && redirect="-j MARK --set-mark $1"
+	[ "$2" == "ICMP" ] && redirect="-j REDIRECT"
 	echo $redirect
 }
 
@@ -378,6 +380,7 @@ load_acl() {
 							$ip6t_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST6) $(REDIRECT $tcp_port TPROXY) 2>/dev/null
 							$ip6t_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST6) $(REDIRECT $tcp_port TPROXY) 2>/dev/null
 							$ip6t_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(get_redirect_ip6t $tcp_proxy_mode $tcp_port TPROXY) 2>/dev/null
+							[ "$accept_icmpv6" = "1" ] && $ip6t_n -A PSW $(comment "$remarks") -p ipv6-icmp ${_ipt_source} $(get_redirect_ip6t $tcp_proxy_mode $tcp_port ICMP) 2>/dev/null
 						fi
 					else
 						msg2="${msg}不代理TCP"
@@ -460,6 +463,7 @@ load_acl() {
 				$ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST6) $(REDIRECT $TCP_REDIR_PORT TPROXY)
 				$ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST6) $(REDIRECT $TCP_REDIR_PORT TPROXY)
 				$ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ip6t $TCP_PROXY_MODE $TCP_REDIR_PORT TPROXY)
+				[ "$accept_icmpv6" = "1" ] && $ip6t_n -A PSW $(comment "默认") -p ipv6-icmp $(get_redirect_ip6t $TCP_PROXY_MODE $TCP_REDIR_PORT ICMP)
 			fi
 
 			echolog "${msg}"
@@ -710,7 +714,8 @@ add_firewall_rule() {
 	filter_vpsip > /dev/null 2>&1 &
 	filter_haproxy > /dev/null 2>&1 &
 
-	local accept_icmp=$(config_t_get global_forwarding accept_icmp 0)
+	accept_icmp=$(config_t_get global_forwarding accept_icmp 0)
+	accept_icmpv6=$(config_t_get global_forwarding accept_icmpv6 0)
 
 	local tcp_proxy_way=$(config_t_get global_forwarding tcp_proxy_way redirect)
 	if [ "$tcp_proxy_way" = "redirect" ]; then
@@ -768,6 +773,21 @@ add_firewall_rule() {
 	ip rule add fwmark 1 lookup 100
 	ip route add local 0.0.0.0/0 dev lo table 100
 
+	[ "$accept_icmpv6" = "1" ] && {
+		$ip6t_n -N PSW
+		$ip6t_n -A PSW $(dst $IPSET_LANIPLIST6) -j RETURN
+		$ip6t_n -A PSW $(dst $IPSET_VPSIPLIST6) -j RETURN
+		$ip6t_n -A PSW $(dst $IPSET_WHITELIST6) -j RETURN
+		$ip6t_n -A PSW -m mark --mark 0xff -j RETURN
+		$ip6t_n -A PREROUTING -p ipv6-icmp -j PSW
+
+		$ip6t_n -N PSW_OUTPUT
+		$ip6t_n -A PSW_OUTPUT $(dst $IPSET_LANIPLIST6) -j RETURN
+		$ip6t_n -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST6) -j RETURN
+		$ip6t_n -A PSW_OUTPUT $(dst $IPSET_WHITELIST6) -j RETURN
+		$ip6t_n -A PSW_OUTPUT -m mark --mark 0xff -j RETURN
+	}
+
 	$ip6t_m -N PSW_DIVERT
 	$ip6t_m -A PSW_DIVERT -j MARK --set-mark 1
 	$ip6t_m -A PSW_DIVERT -j ACCEPT
@@ -819,6 +839,11 @@ add_firewall_rule() {
 			$ipt_n -A PSW_OUTPUT -p icmp $(get_redirect_ipt $TCP_PROXY_MODE $TCP_REDIR_PORT)
 		}
 
+		[ "$accept_icmpv6" = "1" ] && {
+			$ip6t_n -A OUTPUT -p ipv6-icmp -j PSW_OUTPUT
+			$ip6t_n -A PSW_OUTPUT -p ipv6-icmp $(get_redirect_ip6t $TCP_PROXY_MODE $TCP_REDIR_PORT ICMP)
+		}
+
 		_proxy_tcp_access() {
 			[ -n "${2}" ] || return 0
 			ipset -q test $IPSET_LANIPLIST ${2}
@@ -965,7 +990,7 @@ add_firewall_rule() {
 }
 
 del_firewall_rule() {
-	for ipt in "$ipt_n" "$ipt_m" "$ip6t_m"; do
+	for ipt in "$ipt_n" "$ipt_m" "$ip6t_n" "$ip6t_m"; do
 		for chain in "PREROUTING" "OUTPUT"; do
 			for i in $(seq 1 $($ipt -nL $chain | grep -c PSW)); do
 				local index=$($ipt --line-number -nL $chain | grep PSW | head -1 | awk '{print $1}')
@@ -1049,6 +1074,8 @@ gen_include() {
 		PR_INDEX=\$((PR_INDEX + 1))
 		$ipt_m -I PREROUTING \$PR_INDEX -j PSW
 		
+		[ "$accept_icmpv6" = "1" ] && $ip6t_n -A PREROUTING -p ipv6-icmp -j PSW
+		
 		PR_INDEX=\$(/usr/share/passwall/iptables.sh RULE_LAST_INDEX "$ip6t_m" PREROUTING mwan3 1)
 		$ip6t_m -I PREROUTING \$PR_INDEX -p tcp -m socket -j PSW_DIVERT