update-02.06

2022-02-06 20:28:43 +08:00 · 2022-02-06 20:28:43 +08:00 · 2a0663be9d
parent 14e25b4f51
commit 2a0663be9d
7 changed files with 50 additions and 10 deletions
--- a/aliyundrive-webdav/Makefile
+++ b/aliyundrive-webdav/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=aliyundrive-webdav
-PKG_VERSION:=1.2.1
+PKG_VERSION:=1.2.2
 PKG_RELEASE:=$(AUTORELESE)

 PKG_LICENSE:=MIT
--- a/luci-app-aliyundrive-webdav/Makefile
+++ b/luci-app-aliyundrive-webdav/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=luci-app-aliyundrive-webdav
-PKG_VERSION:=1.2.1
+PKG_VERSION:=1.2.2
 PKG_RELEASE:=1
 PKG_PO_VERSION:=$(PKG_VERSION)-$(PKG_RELEASE)

--- a/luci-app-bypass/root/usr/share/bypass/update
+++ b/luci-app-bypass/root/usr/share/bypass/update
@ -19,7 +19,7 @@ if [ $A = Y ];then
 fi
 if [ "$C" = router ];then
 	if [ $A = Y ];then
-		while ! B=$(curl -kLfsm 5 https://ispip.clang.cn/all_cn.txt || curl -kLfsm 5 https://op.supes.top/all_cn.txt);do
+		while ! B=$(curl -kLfsm 5 https://cdn.jsdelivr.net/gh/17mon/china_ip_list@master/china_ip_list.txt || curl -kLfsm 5 https://op.supes.top/all_cn.txt);do
 			sleep 2
 		done
 	fi
--- a/luci-app-passwall/Makefile
+++ b/luci-app-passwall/Makefile
@ -30,7 +30,8 @@ PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_V2ray \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_V2ray_Plugin \
 	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Xray \
-	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Xray_Plugin
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Xray_Plugin \
+	CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_IPv6_Nat

 LUCI_TITLE:=LuCI support for PassWall
 LUCI_PKGARCH:=all
@ -58,7 +59,8 @@ LUCI_DEPENDS:=+coreutils +coreutils-base64 +coreutils-nohup +curl \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_V2ray:v2ray-core \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_V2ray_Plugin:v2ray-plugin \
 	+PACKAGE_$(PKG_NAME)_INCLUDE_Xray:xray-core \
-	+PACKAGE_$(PKG_NAME)_INCLUDE_Xray_Plugin:xray-plugin
+	+PACKAGE_$(PKG_NAME)_INCLUDE_Xray_Plugin:xray-plugin \
+	+PACKAGE_$(PKG_NAME)_INCLUDE_IPv6_Nat:ip6tables-mod-nat

 define Package/$(PKG_NAME)/config
 menu "Configuration"
@ -141,6 +143,10 @@ config PACKAGE_$(PKG_NAME)_INCLUDE_Xray_Plugin
 	bool "Include Xray-Plugin (Shadowsocks Plugin)"
 	default n

+config PACKAGE_$(PKG_NAME)_INCLUDE_IPv6_Nat
+	bool "Include IPv6 Nat"
+	default n
+
 endmenu
 endef

--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua
@ -83,9 +83,6 @@ o.default = "1:65535"
 o:value("1:65535", translate("All"))
 o:value("53", "DNS")

-o = s:option(Flag, "accept_icmp", translate("Hijacking ICMP (PING)"))
-o.default = 0
-
 if os.execute("lsmod | grep -i REDIRECT >/dev/null") == 0 and os.execute("lsmod | grep -i TPROXY >/dev/null") == 0 then
    o = s:option(ListValue, "tcp_proxy_way", translate("TCP Proxy Way"))
    o.default = "redirect"
@ -110,6 +107,13 @@ if os.execute("lsmod | grep -i REDIRECT >/dev/null") == 0 and os.execute("lsmod
    o.rmempty = false
 end

+o = s:option(Flag, "accept_icmp", translate("Hijacking ICMP (PING)"))
+o.default = 0
+
+o = s:option(Flag, "accept_icmpv6", translate("Hijacking ICMPv6 (IPv6 PING)"))
+o:depends("ipv6_tproxy", true)
+o.default = 0
+
 --[[
 ---- TCP Redir Port
 o = s:option(Value, "tcp_redir_port", translate("TCP Redir Port"))
--- a/luci-app-passwall/po/zh-cn/passwall.po
+++ b/luci-app-passwall/po/zh-cn/passwall.po
@ -655,6 +655,9 @@ msgstr "关闭"
 msgid "Hijacking ICMP (PING)"
 msgstr "劫持ICMP (PING)"

+msgid "Hijacking ICMPv6 (IPv6 PING)"
+msgstr "劫持ICMPv6 (IPv6 PING)"
+
 msgid "TCP Proxy Way"
 msgstr "TCP代理方式"

--- a/luci-app-passwall/root/usr/share/passwall/iptables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/iptables.sh
@ -22,6 +22,7 @@ FORCE_INDEX=2

 ipt_n="iptables -t nat -w"
 ipt_m="iptables -t mangle -w"
+ip6t_n="ip6tables -t nat -w"
 ip6t_m="ip6tables -t mangle -w"
 FWI=$(uci -q get firewall.passwall.path 2>/dev/null)
 FAKE_IP=198.18.0.0/16
@ -69,6 +70,7 @@ REDIRECT() {
 	local redirect="-j REDIRECT --to-ports $1"
 	[ "$2" == "TPROXY" ] && redirect="-j TPROXY --tproxy-mark 0x1/0x1 --on-port $1"
 	[ "$2" == "MARK" ] && redirect="-j MARK --set-mark $1"
+	[ "$2" == "ICMP" ] && redirect="-j REDIRECT"
 	echo $redirect
 }

@ -378,6 +380,7 @@ load_acl() {
 							$ip6t_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST6) $(REDIRECT $tcp_port TPROXY) 2>/dev/null
 							$ip6t_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST6) $(REDIRECT $tcp_port TPROXY) 2>/dev/null
 							$ip6t_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(get_redirect_ip6t $tcp_proxy_mode $tcp_port TPROXY) 2>/dev/null
+							[ "$accept_icmpv6" = "1" ] && $ip6t_n -A PSW $(comment "$remarks") -p ipv6-icmp ${_ipt_source} $(get_redirect_ip6t $tcp_proxy_mode $tcp_port ICMP) 2>/dev/null
 						fi
 					else
 						msg2="${msg}不代理TCP"
@ -460,6 +463,7 @@ load_acl() {
 				$ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST6) $(REDIRECT $TCP_REDIR_PORT TPROXY)
 				$ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST6) $(REDIRECT $TCP_REDIR_PORT TPROXY)
 				$ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ip6t $TCP_PROXY_MODE $TCP_REDIR_PORT TPROXY)
+				[ "$accept_icmpv6" = "1" ] && $ip6t_n -A PSW $(comment "默认") -p ipv6-icmp $(get_redirect_ip6t $TCP_PROXY_MODE $TCP_REDIR_PORT ICMP)
 			fi

 			echolog "${msg}"
@ -710,7 +714,8 @@ add_firewall_rule() {
 	filter_vpsip > /dev/null 2>&1 &
 	filter_haproxy > /dev/null 2>&1 &

-	local accept_icmp=$(config_t_get global_forwarding accept_icmp 0)
+	accept_icmp=$(config_t_get global_forwarding accept_icmp 0)
+	accept_icmpv6=$(config_t_get global_forwarding accept_icmpv6 0)

 	local tcp_proxy_way=$(config_t_get global_forwarding tcp_proxy_way redirect)
 	if [ "$tcp_proxy_way" = "redirect" ]; then
@ -768,6 +773,21 @@ add_firewall_rule() {
 	ip rule add fwmark 1 lookup 100
 	ip route add local 0.0.0.0/0 dev lo table 100

+	[ "$accept_icmpv6" = "1" ] && {
+		$ip6t_n -N PSW
+		$ip6t_n -A PSW $(dst $IPSET_LANIPLIST6) -j RETURN
+		$ip6t_n -A PSW $(dst $IPSET_VPSIPLIST6) -j RETURN
+		$ip6t_n -A PSW $(dst $IPSET_WHITELIST6) -j RETURN
+		$ip6t_n -A PSW -m mark --mark 0xff -j RETURN
+		$ip6t_n -A PREROUTING -p ipv6-icmp -j PSW
+
+		$ip6t_n -N PSW_OUTPUT
+		$ip6t_n -A PSW_OUTPUT $(dst $IPSET_LANIPLIST6) -j RETURN
+		$ip6t_n -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST6) -j RETURN
+		$ip6t_n -A PSW_OUTPUT $(dst $IPSET_WHITELIST6) -j RETURN
+		$ip6t_n -A PSW_OUTPUT -m mark --mark 0xff -j RETURN
+	}
+
 	$ip6t_m -N PSW_DIVERT
 	$ip6t_m -A PSW_DIVERT -j MARK --set-mark 1
 	$ip6t_m -A PSW_DIVERT -j ACCEPT
@ -819,6 +839,11 @@ add_firewall_rule() {
 			$ipt_n -A PSW_OUTPUT -p icmp $(get_redirect_ipt $TCP_PROXY_MODE $TCP_REDIR_PORT)
 		}

+		[ "$accept_icmpv6" = "1" ] && {
+			$ip6t_n -A OUTPUT -p ipv6-icmp -j PSW_OUTPUT
+			$ip6t_n -A PSW_OUTPUT -p ipv6-icmp $(get_redirect_ip6t $TCP_PROXY_MODE $TCP_REDIR_PORT ICMP)
+		}
+
 		_proxy_tcp_access() {
 			[ -n "${2}" ] || return 0
 			ipset -q test $IPSET_LANIPLIST ${2}
@ -965,7 +990,7 @@ add_firewall_rule() {
 }

 del_firewall_rule() {
-	for ipt in "$ipt_n" "$ipt_m" "$ip6t_m"; do
+	for ipt in "$ipt_n" "$ipt_m" "$ip6t_n" "$ip6t_m"; do
 		for chain in "PREROUTING" "OUTPUT"; do
 			for i in $(seq 1 $($ipt -nL $chain | grep -c PSW)); do
 				local index=$($ipt --line-number -nL $chain | grep PSW | head -1 | awk '{print $1}')
@ -1049,6 +1074,8 @@ gen_include() {
 		PR_INDEX=\$((PR_INDEX + 1))
 		$ipt_m -I PREROUTING \$PR_INDEX -j PSW
 		
+		[ "$accept_icmpv6" = "1" ] && $ip6t_n -A PREROUTING -p ipv6-icmp -j PSW
+		
 		PR_INDEX=\$(/usr/share/passwall/iptables.sh RULE_LAST_INDEX "$ip6t_m" PREROUTING mwan3 1)
 		$ip6t_m -I PREROUTING \$PR_INDEX -p tcp -m socket -j PSW_DIVERT