OpenWrt
/
small-package
mirror of https://github.com/kenzok8/small-package
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

update 2023-03-07 16:25:55

This commit is contained in:
github-actions[bot] 2023-03-07 16:25:55 +08:00
parent 28e92c8f18
commit 3e166f08c4
29 changed files with 1340 additions and 1210 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
haproxy/Makefile
View File

@ -10,12 +10,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=haproxy
PKG_VERSION:=2.6.8
PKG_VERSION:=2.6.9
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.haproxy.org/download/2.6/src
PKG_HASH:=a02ad64550dd30a94b25fd0e225ba699649d0c4037bca3b36b20e8e3235bb86f
PKG_HASH:=f01a1c5f465dc1b5cd175d0b28b98beb4dfe82b5b5b63ddcc68d1df433641701
PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>, \
Christian Lachner <gladiac@gmail.com>

2
haproxy/get-latest-patches.sh
View File

@ -1,7 +1,7 @@
#!/bin/sh
CLONEURL=https://git.haproxy.org/git/haproxy-2.6.git
BASE_TAG=v2.6.8
BASE_TAG=v2.6.9
TMP_REPODIR=tmprepo
PATCHESDIR=patches

4
luci-app-passwall/Makefile
View File

@ -6,8 +6,8 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-passwall
PKG_VERSION:=4.59
PKG_RELEASE:=8
PKG_VERSION:=4.60
PKG_RELEASE:=1
PKG_CONFIG_DEPENDS:= \
CONFIG_PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy \

9
luci-app-passwall/luasrc/model/cbi/passwall/client/acl.lua
View File

@ -5,10 +5,17 @@ local has_chnlist = api.fs.access("/usr/share/passwall/rules/chnlist")
m = Map(appname)
s = m:section(TypedSection, "global", translate("ACLs"), "<font color='red'>" .. translate("ACLs is a tools which used to designate specific IP proxy mode.") .. "</font>")
s.anonymous = true
o = s:option(Flag, "acl_enable", translate("Main switch"))
o.rmempty = false
o.default = false
local global_proxy_mode = (m:get("@global[0]", "tcp_proxy_mode") or "") .. (m:get("@global[0]", "udp_proxy_mode") or "")
-- [[ ACLs Settings ]]--
s = m:section(TypedSection, "acl_rule", translate("ACLs"), "<font color='red'>" .. translate("ACLs is a tools which used to designate specific IP proxy mode.") .. "</font>")
s = m:section(TypedSection, "acl_rule")
s.template = "cbi/tblsection"
s.sortable = true
s.anonymous = true

1
luci-app-passwall/root/usr/share/passwall/0_default_config
View File

@ -12,6 +12,7 @@ config global
option udp_proxy_mode 'chnroute'
option localhost_tcp_proxy_mode 'default'
option localhost_udp_proxy_mode 'default'
option acl_enable '0'
option close_log_tcp '0'
option close_log_udp '0'
option loglevel 'error'

48
luci-app-passwall/root/usr/share/passwall/app.sh
View File

@ -25,7 +25,7 @@ TUN_DNS="127.0.0.1#${DNS_PORT}"
LOCAL_DNS=119.29.29.29
DEFAULT_DNS=
IFACES=
NO_PROXY=0
ENABLED_DEFAULT_ACL=0
PROXY_IPV6=0
PROXY_IPV6_UDP=0
resolve_dns=0
@ -1023,7 +1023,7 @@ start_crontab() {
rm -rf $TMP_SUB_PATH
}
if [ "$NO_PROXY" == 0 ]; then
if [ "$ENABLED_DEFAULT_ACL" == 1 ] || [ "$ENABLED_ACLS" == 1 ]; then
start_daemon=$(config_t_get global_delay start_daemon 0)
[ "$start_daemon" = "1" ] && $APP_PATH/monitor.sh > /dev/null 2>&1 &
@ -1563,28 +1563,26 @@ start() {
start_socks
nftflag=0
local use_nft=$(config_t_get global_forwarding use_nft 0)
[ "$NO_PROXY" == 1 ] || {
local USE_TABLES
if [ "$use_nft" == 1 ] && [ -z "$(dnsmasq --version | grep 'Compile time options:.* nftset')" ]; then
echolog "Dnsmasq软件包不满足nftables透明代理要求如需使用请确保dnsmasq版本在2.87以上并开启nftset支持。"
elif [ "$use_nft" == 1 ] && [ -n "$(dnsmasq --version | grep 'Compile time options:.* nftset')" ]; then
echolog "使用nftables进行透明代理一些不支持nftables的组件如chinadns-ng等可能不会正常工作。"
USE_TABLES="nftables"
nftflag=1
start_redir TCP
start_redir UDP
start_dns
source $APP_PATH/nftables.sh start
source $APP_PATH/helper_${DNS_N}.sh logic_restart
elif [ -z "$(command -v iptables-legacy || command -v iptables)" ] || [ -z "$(command -v ipset)" ]; then
echolog "系统未安装iptables或ipset无法透明代理"
else
USE_TABLES="iptables"
fi
[ "$ENABLED_DEFAULT_ACL" == 1 ] && {
start_redir TCP
start_redir UDP
start_dns
source $APP_PATH/iptables.sh start
source $APP_PATH/helper_${DNS_N}.sh logic_restart
fi
}
[ -n "$USE_TABLES" ] && source $APP_PATH/${USE_TABLES}.sh start
[ "$ENABLED_DEFAULT_ACL" == 1 ] && source $APP_PATH/helper_${DNS_N}.sh logic_restart
start_crontab
echolog "运行完成!\n"
}
@ -1621,14 +1619,16 @@ TCP_UDP=0
UDP_NODE=$TCP_NODE
TCP_UDP=1
}
[ "$ENABLED" != 1 ] && NO_PROXY=1
[ "$TCP_NODE" == "nil" -a "$UDP_NODE" == "nil" ] && NO_PROXY=1
[ "$(config_get_type $TCP_NODE nil)" == "nil" -a "$(config_get_type $UDP_NODE nil)" == "nil" ] && NO_PROXY=1
[ "$ENABLED" == 1 ] && {
[ "$TCP_NODE" != "nil" ] && [ "$(config_get_type $TCP_NODE nil)" != "nil" ] && ENABLED_DEFAULT_ACL=1
[ "$UDP_NODE" != "nil" ] && [ "$(config_get_type $UDP_NODE nil)" != "nil" ] && ENABLED_DEFAULT_ACL=1
}
ENABLED_ACLS=$(config_t_get global acl_enable 0)
[ "$ENABLED_ACLS" == 1 ] && {
[ "$(uci show ${CONFIG} | grep "@acl_rule" | grep "enabled='1'" | wc -l)" == 0 ] && ENABLED_ACLS=0
}
tcp_proxy_way=$(config_t_get global_forwarding tcp_proxy_way redirect)
REDIRECT_LIST="socks ss ss-rust ssr v2ray xray trojan-go trojan-plus naiveproxy hysteria"
TPROXY_LIST="brook socks ss ss-rust ssr v2ray xray trojan-go trojan-plus hysteria"
RESOLVFILE=/tmp/resolv.conf.d/resolv.conf.auto
[ -f "${RESOLVFILE}" ] && [ -s "${RESOLVFILE}" ] || RESOLVFILE=/tmp/resolv.conf.auto
TCP_REDIR_PORTS=$(config_t_get global_forwarding tcp_redir_ports '80,443')
UDP_REDIR_PORTS=$(config_t_get global_forwarding udp_redir_ports '1:65535')
TCP_NO_REDIR_PORTS=$(config_t_get global_forwarding tcp_no_redir_ports 'disable')
@ -1653,8 +1653,16 @@ CHINADNS_NG=$(config_t_get global chinadns_ng 0)
FILTER_PROXY_IPV6=$(config_t_get global filter_proxy_ipv6 0)
dns_listen_port=${DNS_PORT}
REDIRECT_LIST="socks ss ss-rust ssr v2ray xray trojan-go trojan-plus naiveproxy hysteria"
TPROXY_LIST="brook socks ss ss-rust ssr v2ray xray trojan-go trojan-plus hysteria"
RESOLVFILE=/tmp/resolv.conf.d/resolv.conf.auto
[ -f "${RESOLVFILE}" ] && [ -s "${RESOLVFILE}" ] || RESOLVFILE=/tmp/resolv.conf.auto
ISP_DNS=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort -u | grep -v 0.0.0.0 | grep -v 127.0.0.1)
ISP_DNS6=$(cat $RESOLVFILE 2>/dev/null | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | awk -F % '{print $1}' | awk -F " " '{print $2}'| sort -u | grep -v -Fx ::1 | grep -v -Fx ::)
DEFAULT_DNS=$(uci show dhcp | grep "@dnsmasq" | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' '\n' | grep -v "\/" | head -2 | sed ':label;N;s/\n/,/;b label')
[ -z "${DEFAULT_DNS}" ] && DEFAULT_DNS=$(echo -n $(sed -n 's/^nameserver[ \t]*\([^ ]*\)$/\1/p' "${RESOLVFILE}" | grep -v -E "0.0.0.0|127.0.0.1|::" | head -2) | tr ' ' ',')
[ -z "${DEFAULT_DNS}" ] && DEFAULT_DNS=$(echo -n $ISP_DNS | tr ' ' '\n' | head -2 | tr '\n' ',')
LOCAL_DNS="${DEFAULT_DNS:-119.29.29.29}"
PROXY_IPV6=$(config_t_get global_forwarding ipv6_tproxy 0)

88
luci-app-passwall/root/usr/share/passwall/iptables.sh
View File

@ -260,6 +260,7 @@ get_wan6_ip() {
}
load_acl() {
[ "$ENABLED_ACLS" == 1 ] && {
acl_app
echolog "访问控制:"
for sid in $(ls -F ${TMP_ACL_PATH} | grep '/$' | awk -F '/' '{print $1}'); do
@ -436,7 +437,9 @@ load_acl() {
unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark
unset ipt_tmp msg msg2
done
}
[ "$ENABLED_DEFAULT_ACL" == 1 ] && {
# 加载TCP默认代理模式
[ "$TCP_PROXY_DROP_PORTS" != "disable" ] && {
[ "$PROXY_IPV6" == "1" ] && {
@ -553,6 +556,7 @@ load_acl() {
$ipt_m -A PSW $(comment "默认") -p udp -j RETURN
$ip6t_m -A PSW $(comment "默认") -p udp -j RETURN
}
}
filter_haproxy() {
for item in ${haproxy_items}; do
@ -743,7 +747,6 @@ add_firewall_rule() {
EOF
}
local ISP_DNS=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort -u | grep -v 0.0.0.0 | grep -v 127.0.0.1)
[ -n "$ISP_DNS" ] && {
#echolog "处理 ISP DNS 例外..."
for ispip in $ISP_DNS; do
@ -752,10 +755,9 @@ add_firewall_rule() {
done
}
local ISP_DNS6=$(cat $RESOLVFILE 2>/dev/null | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | awk -F % '{print $1}' | awk -F " " '{print $2}'| sort -u | grep -v -Fx ::1 | grep -v -Fx ::)
[ -n "$ISP_DNS" ] && {
[ -n "$ISP_DNS6" ] && {
#echolog "处理 ISP IPv6 DNS 例外..."
for ispip6 in $ISP_DNS; do
for ispip6 in $ISP_DNS6; do
ipset -! add $IPSET_WHITELIST6 $ispip6 >/dev/null 2>&1 &
#echolog " - 追加到白名单:${ispip6}"
done
@ -876,6 +878,43 @@ add_firewall_rule() {
ip -6 rule add fwmark 1 table 100
ip -6 route add local ::/0 dev lo table 100
# 过滤Socks节点
[ "$SOCKS_ENABLED" = "1" ] && {
local ids=$(uci show $CONFIG | grep "=socks" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
#echolog "分析 Socks 服务所使用节点..."
local id enabled node port msg num
for id in $ids; do
enabled=$(config_n_get $id enabled 0)
[ "$enabled" == "1" ] || continue
node=$(config_n_get $id node nil)
port=$(config_n_get $id port 0)
msg="Socks 服务 [:${port}]"
if [ "$node" == "nil" ] || [ "$port" == "0" ]; then
msg="${msg} 未配置完全,略过"
else
filter_node $node TCP > /dev/null 2>&1 &
filter_node $node UDP > /dev/null 2>&1 &
fi
#echolog " - ${msg}"
done
}
[ "$ENABLED_DEFAULT_ACL" == 1 ] && {
# 处理轮换节点的分流或套娃
local node port stream switch
for stream in TCP UDP; do
eval "node=\${${stream}_NODE}"
eval "port=\${${stream}_REDIR_PORT}"
#echolog "分析 $stream 代理自动切换..."
[ "$stream" == "UDP" ] && [ "$node" == "tcp" ] && {
eval "node=\${TCP_NODE}"
eval "port=\${TCP_REDIR_PORT}"
}
if [ "$node" != "nil" ] && [ "$(config_get_type $node nil)" != "nil" ]; then
filter_node $node $stream $port > /dev/null 2>&1 &
fi
done
# 加载路由器自身代理 TCP
if [ "$TCP_NODE" != "nil" ]; then
echolog "加载路由器自身 TCP 代理..."
@ -957,42 +996,6 @@ add_firewall_rule() {
}
fi
# 过滤Socks节点
[ "$SOCKS_ENABLED" = "1" ] && {
local ids=$(uci show $CONFIG | grep "=socks" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
#echolog "分析 Socks 服务所使用节点..."
local id enabled node port msg num
for id in $ids; do
enabled=$(config_n_get $id enabled 0)
[ "$enabled" == "1" ] || continue
node=$(config_n_get $id node nil)
port=$(config_n_get $id port 0)
msg="Socks 服务 [:${port}]"
if [ "$node" == "nil" ] || [ "$port" == "0" ]; then
msg="${msg} 未配置完全,略过"
else
filter_node $node TCP > /dev/null 2>&1 &
filter_node $node UDP > /dev/null 2>&1 &
fi
#echolog " - ${msg}"
done
}
# 处理轮换节点的分流或套娃
local node port stream switch
for stream in TCP UDP; do
eval "node=\${${stream}_NODE}"
eval "port=\${${stream}_REDIR_PORT}"
#echolog "分析 $stream 代理自动切换..."
[ "$stream" == "UDP" ] && [ "$node" == "tcp" ] && {
eval "node=\${TCP_NODE}"
eval "port=\${TCP_REDIR_PORT}"
}
if [ "$node" != "nil" ]; then
filter_node $node $stream $port > /dev/null 2>&1 &
fi
done
# 加载路由器自身代理 UDP
[ "$UDP_PROXY_DROP_PORTS" != "disable" ] && {
$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") -d $FAKE_IP -j DROP
@ -1047,11 +1050,11 @@ add_firewall_rule() {
$ipt_m -A PSW -p udp --dport 53 -j RETURN
$ip6t_m -A PSW -p udp --dport 53 -j RETURN
}
# 加载ACLS
load_acl
# dns_hijack "force"
for iface in $IFACES; do
$ipt_n -I PSW_OUTPUT -o $iface -j RETURN
$ipt_m -I PSW_OUTPUT -o $iface -j RETURN
@ -1212,6 +1215,7 @@ get_ip6t_bin() {
}
start() {
[ "$ENABLED_DEFAULT_ACL" == 0 -a "$ENABLED_ACLS" == 0 ] && return
add_firewall_rule
gen_include
}

91
luci-app-passwall/root/usr/share/passwall/nftables.sh
View File

@ -271,6 +271,7 @@ get_wan6_ip() {
}
load_acl() {
[ "$ENABLED_ACLS" == 1 ] && {
acl_app
echolog "访问控制:"
for sid in $(ls -F ${TMP_ACL_PATH} | grep '/$' | awk -F '/' '{print $1}'); do
@ -444,7 +445,9 @@ load_acl() {
unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark
unset ipt_tmp msg msg2
done
}
[ "$ENABLED_DEFAULT_ACL" == 1 ] && {
# 加载TCP默认代理模式
[ "$TCP_PROXY_DROP_PORTS" != "disable" ] && {
[ "$PROXY_IPV6" == "1" ] && {
@ -560,6 +563,7 @@ load_acl() {
}
fi
}
}
filter_haproxy() {
for item in ${haproxy_items}; do
@ -735,7 +739,6 @@ add_firewall_rule() {
[ -n "$lan_ip6" ] && insert_nftset $NFTSET_LANIPLIST6 $(echo $lan_ip6 | sed -e "s/ /\n/g" | sed -e 's/$/,/' )
}
local ISP_DNS=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort -u | grep -v 0.0.0.0 | grep -v 127.0.0.1)
[ -n "$ISP_DNS" ] && {
#echolog "处理 ISP DNS 例外..."
for ispip in $ISP_DNS; do
@ -744,10 +747,9 @@ add_firewall_rule() {
done
}
local ISP_DNS6=$(cat $RESOLVFILE 2>/dev/null | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | awk -F % '{print $1}' | awk -F " " '{print $2}'| sort -u | grep -v -Fx ::1 | grep -v -Fx ::)
[ -n "$ISP_DNS" ] && {
[ -n "$ISP_DNS6" ] && {
#echolog "处理 ISP IPv6 DNS 例外..."
for ispip6 in $ISP_DNS; do
for ispip6 in $ISP_DNS6; do
insert_nftset $NFTSET_WHITELIST6 $ispip6 >/dev/null 2>&1 &
#echolog " - 追加到白名单:${ispip6}"
done
@ -887,6 +889,43 @@ add_firewall_rule() {
ip -6 route add local ::/0 dev lo table 100
}
# 过滤Socks节点
[ "$SOCKS_ENABLED" = "1" ] && {
local ids=$(uci show $CONFIG | grep "=socks" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
#echolog "分析 Socks 服务所使用节点..."
local id enabled node port msg num
for id in $ids; do
enabled=$(config_n_get $id enabled 0)
[ "$enabled" == "1" ] || continue
node=$(config_n_get $id node nil)
port=$(config_n_get $id port 0)
msg="Socks 服务 [:${port}]"
if [ "$node" == "nil" ] || [ "$port" == "0" ]; then
msg="${msg} 未配置完全,略过"
else
filter_node $node TCP > /dev/null 2>&1 &
filter_node $node UDP > /dev/null 2>&1 &
fi
#echolog " - ${msg}"
done
}
[ "$ENABLED_DEFAULT_ACL" == 1 ] && {
# 处理轮换节点的分流或套娃
local node port stream switch
for stream in TCP UDP; do
eval "node=\${${stream}_NODE}"
eval "port=\${${stream}_REDIR_PORT}"
#echolog "分析 $stream 代理自动切换..."
[ "$stream" == "UDP" ] && [ "$node" == "tcp" ] && {
eval "node=\${TCP_NODE}"
eval "port=\${TCP_REDIR_PORT}"
}
if [ "$node" != "nil" ] && [ "$(config_get_type $node nil)" != "nil" ]; then
filter_node $node $stream $port > /dev/null 2>&1 &
fi
done
# 加载路由器自身代理 TCP
if [ "$TCP_NODE" != "nil" ]; then
echolog "加载路由器自身 TCP 代理..."
@ -963,42 +1002,6 @@ add_firewall_rule() {
}
fi
# 过滤Socks节点
[ "$SOCKS_ENABLED" = "1" ] && {
local ids=$(uci show $CONFIG | grep "=socks" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
#echolog "分析 Socks 服务所使用节点..."
local id enabled node port msg num
for id in $ids; do
enabled=$(config_n_get $id enabled 0)
[ "$enabled" == "1" ] || continue
node=$(config_n_get $id node nil)
port=$(config_n_get $id port 0)
msg="Socks 服务 [:${port}]"
if [ "$node" == "nil" ] || [ "$port" == "0" ]; then
msg="${msg} 未配置完全,略过"
else
filter_node $node TCP > /dev/null 2>&1 &
filter_node $node UDP > /dev/null 2>&1 &
fi
#echolog " - ${msg}"
done
}
# 处理轮换节点的分流或套娃
local node port stream switch
for stream in TCP UDP; do
eval "node=\${${stream}_NODE}"
eval "port=\${${stream}_REDIR_PORT}"
#echolog "分析 $stream 代理自动切换..."
[ "$stream" == "UDP" ] && [ "$node" == "tcp" ] && {
eval "node=\${TCP_NODE}"
eval "port=\${TCP_REDIR_PORT}"
}
if [ "$node" != "nil" ]; then
filter_node $node $stream $port > /dev/null 2>&1 &
fi
done
# 加载路由器自身代理 UDP
[ "$UDP_PROXY_DROP_PORTS" != "disable" ] && {
nft add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol udp ip daddr $FAKE_IP $(factor $UDP_PROXY_DROP_PORTS "udp dport") counter drop
@ -1049,10 +1052,15 @@ add_firewall_rule() {
nft "add rule inet fw4 PSW_MANGLE ip protocol udp udp dport 53 counter return"
nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp udp dport 53 counter return"
}
# 加载ACLS
load_acl
# dns_hijack "force"
for iface in $IFACES; do
nft "insert rule inet fw4 $nft_output_chain oif $iface counter return"
nft "insert rule inet fw4 PSW_OUTPUT_MANGLE_V6 oif $iface counter return"
done
[ -n "${is_tproxy}" -o -n "${udp_flag}" ] && {
bridge_nf_ipt=$(sysctl -e -n net.bridge.bridge-nf-call-iptables)
@ -1170,6 +1178,7 @@ gen_include() {
}
start() {
[ "$ENABLED_DEFAULT_ACL" == 0 -a "$ENABLED_ACLS" == 0 ] && return
add_firewall_rule
gen_include
}

4
luci-app-passwall2/Makefile
View File

@ -5,8 +5,8 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-passwall2
PKG_VERSION:=1.9
PKG_RELEASE:=3
PKG_VERSION:=1.10
PKG_RELEASE:=1
PKG_CONFIG_DEPENDS:= \
CONFIG_PACKAGE_$(PKG_NAME)_Transparent_Proxy \

28
luci-app-passwall2/luasrc/controller/passwall2.lua
View File

@ -110,11 +110,19 @@ end
function autoswitch_add_node()
local key = luci.http.formvalue("key")
if key and key ~= "" then
local new_list = ucic:get(appname, "@auto_switch[0]", "node") or {}
for i = #new_list, 1, -1 do
if (ucic:get(appname, new_list[i], "remarks") or ""):find(key) then
table.remove(new_list, i)
end
end
for k, e in ipairs(api.get_valid_nodes()) do
if e.node_type == "normal" and e["remark"]:find(key) then
luci.sys.call(string.format("uci -q del_list passwall2.@auto_switch[0].node='%s' && uci -q add_list passwall2.@auto_switch[0].node='%s'", e.id, e.id))
table.insert(new_list, e.id)
end
end
ucic:set_list(appname, "@auto_switch[0]", "node", new_list)
ucic:commit(appname)
end
luci.http.redirect(api.url("auto_switch"))
end
@ -122,11 +130,14 @@ end
function autoswitch_remove_node()
local key = luci.http.formvalue("key")
if key and key ~= "" then
for k, e in ipairs(ucic:get(appname, "@auto_switch[0]", "node") or {}) do
if e and (ucic:get(appname, e, "remarks") or ""):find(key) then
luci.sys.call(string.format("uci -q del_list passwall2.@auto_switch[0].node='%s'", e))
local new_list = ucic:get(appname, "@auto_switch[0]", "node") or {}
for i = #new_list, 1, -1 do
if (ucic:get(appname, new_list[i], "remarks") or ""):find(key) then
table.remove(new_list, i)
end
end
ucic:set_list(appname, "@auto_switch[0]", "node", new_list)
ucic:commit(appname)
end
luci.http.redirect(api.url("auto_switch"))
end
@ -188,7 +199,7 @@ function connect_status()
local e = {}
e.use_time = ""
local url = luci.http.formvalue("url")
local result = luci.sys.exec('curl --connect-timeout 3 -o /dev/null -I -skL -w "%{http_code}:%{time_starttransfer}" ' .. url)
local result = luci.sys.exec('curl --connect-timeout 3 -o /dev/null -I -sk -w "%{http_code}:%{time_starttransfer}" ' .. url)
local code = tonumber(luci.sys.exec("echo -n '" .. result .. "' | awk -F ':' '{print $1}'") or "0")
if code ~= 0 then
local use_time = luci.sys.exec("echo -n '" .. result .. "' | awk -F ':' '{print $2}'")
@ -294,11 +305,12 @@ function delete_select_nodes()
local ids = luci.http.formvalue("ids")
local auto_switch_node_list = ucic:get(appname, "@auto_switch[0]", "node") or {}
string.gsub(ids, '[^' .. "," .. ']+', function(w)
for k, v in ipairs(auto_switch_node_list) do
if v == w then
luci.sys.call(string.format("uci -q del_list passwall2.@auto_switch[0].node='%s'", w))
for i = #auto_switch_node_list, 1, -1 do
if w == auto_switch_node_list[i] then
table.remove(auto_switch_node_list, i)
end
end
ucic:set_list(appname, "@auto_switch[0]", "node", auto_switch_node_list)
if (ucic:get(appname, "@global[0]", "node") or "nil") == w then
ucic:set(appname, '@global[0]', "node", "nil")
end

9
luci-app-passwall2/luasrc/model/cbi/passwall2/client/acl.lua
View File

@ -5,8 +5,15 @@ local has_chnlist = api.fs.access("/usr/share/passwall2/rules/chnlist")
m = Map(appname)
s = m:section(TypedSection, "global", translate("ACLs"), "<font color='red'>" .. translate("ACLs is a tools which used to designate specific IP proxy mode.") .. "</font>")
s.anonymous = true
o = s:option(Flag, "acl_enable", translate("Main switch"))
o.rmempty = false
o.default = false
-- [[ ACLs Settings ]]--
s = m:section(TypedSection, "acl_rule", translate("ACLs"), "<font color='red'>" .. translate("ACLs is a tools which used to designate specific IP proxy mode.") .. "</font>")
s = m:section(TypedSection, "acl_rule")
s.template = "cbi/tblsection"
s.sortable = true
s.anonymous = true

13
luci-app-passwall2/luasrc/model/cbi/passwall2/client/node_config.lua
View File

@ -412,12 +412,17 @@ function x_ss_encrypt_method.write(self, section, value)
m:set(section, "method", value)
end
uot = s:option(Flag, "uot", translate("UDP over TCP"), translate("Need Xray server side with Shadowsocks-2022 protocol"))
uot:depends({ type = "Xray", protocol = "shadowsocks" })
iv_check = s:option(Flag, "iv_check", translate("IV Check"))
iv_check:depends({ type = "V2ray", protocol = "shadowsocks" })
iv_check:depends({ type = "Xray", protocol = "shadowsocks" })
iv_check:depends({ type = "Xray", protocol = "shadowsocks", x_ss_encrypt_method = "aes-128-gcm" })
iv_check:depends({ type = "Xray", protocol = "shadowsocks", x_ss_encrypt_method = "aes-256-gcm" })
iv_check:depends({ type = "Xray", protocol = "shadowsocks", x_ss_encrypt_method = "chacha20-poly1305" })
iv_check:depends({ type = "Xray", protocol = "shadowsocks", x_ss_encrypt_method = "xchacha20-poly1305" })
uot = s:option(Flag, "uot", translate("UDP over TCP"), translate("Need Xray-core or sing-box as server side."))
uot:depends({ type = "Xray", protocol = "shadowsocks", x_ss_encrypt_method = "2022-blake3-aes-128-gcm" })
uot:depends({ type = "Xray", protocol = "shadowsocks", x_ss_encrypt_method = "2022-blake3-aes-256-gcm" })
uot:depends({ type = "Xray", protocol = "shadowsocks", x_ss_encrypt_method = "2022-blake3-chacha20-poly1305" })
ssr_protocol = s:option(Value, "ssr_protocol", translate("Protocol"))
for a, t in ipairs(ssr_protocol_list) do ssr_protocol:value(t) end

2
luci-app-passwall2/luasrc/passwall2/util_xray.lua
View File

@ -966,7 +966,7 @@ function gen_config(var)
port = tonumber(remote_dns_port) or 53,
network = _remote_dns_proto or "tcp",
}
local type_dns = remote_type_dns
local type_dns = direct_type_dns
table.insert(outbounds, {
tag = "dns-out",
protocol = "dns",

6
luci-app-passwall2/luasrc/view/passwall2/global/status.htm
View File

@ -101,7 +101,7 @@ https://github.com/pure-css/pure/blob/master/LICENSE.md
</div>
</div>
</div>
<div class="pure-u-1-4 check" onclick="check_connect('baidu', 'https://www.baidu.com')">
<div class="pure-u-1-4 check" onclick="check_connect('baidu', 'http://www.baidu.com')">
<div class="block pure-g">
<div class="pure-u-1-3">
<div class="img-con">
@ -113,7 +113,7 @@ https://github.com/pure-css/pure/blob/master/LICENSE.md
</div>
</div>
</div>
<div class="pure-u-1-4 check" onclick="check_connect('google', 'https://www.google.com/generate_204')">
<div class="pure-u-1-4 check" onclick="check_connect('google', 'http://www.google.com/generate_204')">
<div class="block pure-g">
<div class="pure-u-1-3">
<div class="img-con">
@ -125,7 +125,7 @@ https://github.com/pure-css/pure/blob/master/LICENSE.md
</div>
</div>
</div>
<div class="pure-u-1-4 check" onclick="check_connect('github', 'https://github.com')">
<div class="pure-u-1-4 check" onclick="check_connect('github', 'http://github.com')">
<div class="block pure-g">
<div class="pure-u-1-3">
<div class="img-con">

4
luci-app-passwall2/po/zh-cn/passwall2.po
View File

@ -862,8 +862,8 @@ msgstr "IV 检查"
msgid "UDP over TCP"
msgstr "TCP 封装 UDP"
msgid "Need Xray server side with Shadowsocks-2022 protocol"
msgstr "需要 Xray 作服务器端的 Shadowsocks-2022 协议"
msgid "Need Xray-core or sing-box as server side."
msgstr "需要 Xray-core 或者 sing-box 作为服务器端。"
msgid "Connection Timeout"
msgstr "连接超时时间"

1
luci-app-passwall2/root/usr/share/passwall2/0_default_config
View File

@ -4,6 +4,7 @@ config global
option node_socks_port '1070'
option localhost_proxy '1'
option socks_enabled '0'
option acl_enable '0'
option node 'myshunt'
option direct_dns_protocol 'auto'
option direct_dns_query_strategy 'UseIP'

148
luci-app-passwall2/root/usr/share/passwall2/app.sh
View File

@ -22,7 +22,8 @@ TUN_DNS_PORT=15353
TUN_DNS="127.0.0.1#${TUN_DNS_PORT}"
DEFAULT_DNS=
IFACES=
NO_PROXY=0
ENABLED_DEFAULT_ACL=0
ENABLED_ACLS=0
PROXY_IPV6=0
PROXY_IPV6_UDP=0
LUA_UTIL_PATH=/usr/lib/lua/luci/passwall2
@ -757,7 +758,7 @@ start_crontab() {
rm -rf $TMP_SUB_PATH
}
if [ "$NO_PROXY" == 0 ]; then
if [ "$ENABLED_DEFAULT_ACL" == 1 ] || [ "$ENABLED_ACLS" == 1 ]; then
start_daemon=$(config_t_get global_delay start_daemon 0)
[ "$start_daemon" = "1" ] && $APP_PATH/monitor.sh > /dev/null 2>&1 &
@ -790,6 +791,114 @@ boot() {
fi
}
acl_app() {
local items=$(uci show ${CONFIG} | grep "=acl_rule" | cut -d '.' -sf 2 | cut -d '=' -sf 1)
[ -n "$items" ] && {
local index=0
local item
local redir_port dns_port dnsmasq_port
local ipt_tmp msg msg2
redir_port=11200
dns_port=11300
dnsmasq_port=11400
echolog "访问控制:"
for item in $items; do
index=$(expr $index + 1)
local enabled sid remarks sources node direct_dns_protocol direct_dns direct_dns_doh direct_dns_client_ip direct_dns_query_strategy remote_dns_protocol only_proxy_fakedns remote_dns remote_dns_doh remote_dns_client_ip remote_dns_query_strategy
local _ip _mac _iprange _ipset _ip_or_mac rule_list config_file
sid=$(uci -q show "${CONFIG}.${item}" | grep "=acl_rule" | awk -F '=' '{print $1}' | awk -F '.' '{print $2}')
eval $(uci -q show "${CONFIG}.${item}" | cut -d'.' -sf 3-)
[ "$enabled" = "1" ] || continue
[ -z "${sources}" ] && continue
for s in $sources; do
is_iprange=$(lua_api "iprange(\"${s}\")")
if [ "${is_iprange}" = "true" ]; then
rule_list="${rule_list}\niprange:${s}"
elif [ -n "$(echo ${s} | grep '^ipset:')" ]; then
rule_list="${rule_list}\nipset:${s}"
else
_ip_or_mac=$(lua_api "ip_or_mac(\"${s}\")")
if [ "${_ip_or_mac}" = "ip" ]; then
rule_list="${rule_list}\nip:${s}"
elif [ "${_ip_or_mac}" = "mac" ]; then
rule_list="${rule_list}\nmac:${s}"
fi
fi
done
[ -z "${rule_list}" ] && continue
mkdir -p $TMP_ACL_PATH/$sid
echo -e "${rule_list}" | sed '/^$/d' > $TMP_ACL_PATH/$sid/rule_list
tcp_proxy_mode="global"
udp_proxy_mode="global"
node=${node:-default}
direct_dns_protocol=${direct_dns_protocol:-auto}
direct_dns=${direct_dns:-119.29.29.29}
[ "$direct_dns_protocol" = "doh" ] && direct_dns=${direct_dns_doh:-https://223.5.5.5/dns-query}
direct_dns_query_strategy=${direct_dns_query_strategy:-UseIP}
remote_dns_protocol=${remote_dns_protocol:-tcp}
remote_dns=${remote_dns:-1.1.1.1}
[ "$remote_dns_protocol" = "doh" ] && remote_dns=${remote_dns_doh:-https://1.1.1.1/dns-query}
remote_dns_query_strategy=${remote_dns_query_strategy:-UseIPv4}
[ "$node" != "nil" ] && {
if [ "$node" = "default" ]; then
node=$NODE
redir_port=$REDIR_PORT
else
[ "$(config_get_type $node nil)" = "nodes" ] && {
if [ "$node" = "$NODE" ]; then
redir_port=$REDIR_PORT
else
redir_port=$(get_new_port $(expr $redir_port + 1))
eval node_${node}_redir_port=$redir_port
local type=$(echo $(config_n_get $node type) | tr 'A-Z' 'a-z')
if [ -n "${type}" ]; then
config_file=$TMP_ACL_PATH/${node}_TCP_UDP_DNS_${redir_port}.json
dns_port=$(get_new_port $(expr $dns_port + 1))
local acl_socks_port=$(get_new_port $(expr $redir_port + $index))
run_v2ray flag=acl_$sid node=$node redir_port=$redir_port socks_address=127.0.0.1 socks_port=$acl_socks_port dns_listen_port=${dns_port} direct_dns_protocol=${direct_dns_protocol} direct_dns_udp_server=${direct_dns} direct_dns_tcp_server=${direct_dns} direct_dns_doh="${direct_dns}" direct_dns_client_ip=${direct_dns_client_ip} direct_dns_query_strategy=${direct_dns_query_strategy} remote_dns_protocol=${remote_dns_protocol} remote_dns_tcp_server=${remote_dns} remote_dns_udp_server=${remote_dns} remote_dns_doh="${remote_dns}" remote_dns_client_ip=${remote_dns_client_ip} remote_dns_query_strategy=${remote_dns_query_strategy} config_file=${config_file}
fi
dnsmasq_port=$(get_new_port $(expr $dnsmasq_port + 1))
redirect_dns_port=$dnsmasq_port
mkdir -p $TMP_ACL_PATH/$sid/dnsmasq.d
default_dnsmasq_cfgid=$(uci show dhcp.@dnsmasq[0] | awk -F '.' '{print $2}' | awk -F '=' '{print $1}'| head -1)
[ -s "/tmp/etc/dnsmasq.conf.${default_dnsmasq_cfgid}" ] && {
cp -r /tmp/etc/dnsmasq.conf.${default_dnsmasq_cfgid} $TMP_ACL_PATH/$sid/dnsmasq.conf
sed -i "/ubus/d" $TMP_ACL_PATH/$sid/dnsmasq.conf
sed -i "/dhcp/d" $TMP_ACL_PATH/$sid/dnsmasq.conf
sed -i "/port=/d" $TMP_ACL_PATH/$sid/dnsmasq.conf
sed -i "/conf-dir/d" $TMP_ACL_PATH/$sid/dnsmasq.conf
sed -i "/no-poll/d" $TMP_ACL_PATH/$sid/dnsmasq.conf
sed -i "/no-resolv/d" $TMP_ACL_PATH/$sid/dnsmasq.conf
}
echo "port=${dnsmasq_port}" >> $TMP_ACL_PATH/$sid/dnsmasq.conf
echo "conf-dir=${TMP_ACL_PATH}/${sid}/dnsmasq.d" >> $TMP_ACL_PATH/$sid/dnsmasq.conf
echo "server=127.0.0.1#${dns_port}" >> $TMP_ACL_PATH/$sid/dnsmasq.conf
echo "no-poll" >> $TMP_ACL_PATH/$sid/dnsmasq.conf
echo "no-resolv" >> $TMP_ACL_PATH/$sid/dnsmasq.conf
#source $APP_PATH/helper_dnsmasq.sh add TMP_DNSMASQ_PATH=$TMP_ACL_PATH/$sid/dnsmasq.d DNSMASQ_CONF_FILE=/dev/null DEFAULT_DNS=$AUTO_DNS TUN_DNS=127.0.0.1#${dns_port} NO_LOGIC_LOG=1
ln_run "$(first_type dnsmasq)" "dnsmasq_${sid}" "/dev/null" -C $TMP_ACL_PATH/$sid/dnsmasq.conf -x $TMP_ACL_PATH/$sid/dnsmasq.pid
eval node_${node}_$(echo -n "${tcp_proxy_mode}${remote_dns}" | md5sum | cut -d " " -f1)=${dnsmasq_port}
filter_node $node TCP > /dev/null 2>&1 &
filter_node $node UDP > /dev/null 2>&1 &
fi
echo "${node}" > $TMP_ACL_PATH/$sid/var_node
}
fi
echo "${redir_port}" > $TMP_ACL_PATH/$sid/var_port
}
[ -n "$redirect_dns_port" ] && echo "${redirect_dns_port}" > $TMP_ACL_PATH/$sid/var_redirect_dns_port
unset enabled sid remarks sources node direct_dns_protocol direct_dns direct_dns_doh direct_dns_client_ip direct_dns_query_strategy remote_dns_protocol remote_dns remote_dns_doh remote_dns_client_ip remote_dns_query_strategy
unset _ip _mac _iprange _ipset _ip_or_mac rule_list config_file
unset redirect_dns_port
done
unset redir_port dns_port dnsmasq_port
}
}
start() {
pgrep -f /tmp/etc/passwall2/bin > /dev/null 2>&1 && {
echolog "程序已启动,无需重复启动!"
@ -799,13 +908,15 @@ start() {
ulimit -n 65535
start_socks
[ "$NO_PROXY" == 1 ] || {
local USE_TABLES="iptables"
if [ -z "$(command -v iptables-legacy || command -v iptables)" ] || [ -z "$(command -v ipset)" ]; then
echolog "系统未安装iptables或ipset无法透明代理"
else
run_global
source $APP_PATH/iptables.sh start
source $APP_PATH/helper_dnsmasq.sh logic_restart
fi
[ "$ENABLED_DEFAULT_ACL" == 1 ] && run_global
source $APP_PATH/${USE_TABLES}.sh start
[ "$ENABLED_DEFAULT_ACL" == 1 ] && source $APP_PATH/helper_dnsmasq.sh logic_restart
if [ "$ENABLED_DEFAULT_ACL" == 1 ] || [ "$ENABLED_ACLS" == 1 ]; then
bridge_nf_ipt=$(sysctl -e -n net.bridge.bridge-nf-call-iptables)
echo -n $bridge_nf_ipt > $TMP_PATH/bridge_nf_ipt
sysctl -w net.bridge.bridge-nf-call-iptables=0 >/dev/null 2>&1
@ -815,7 +926,6 @@ start() {
sysctl -w net.bridge.bridge-nf-call-ip6tables=0 >/dev/null 2>&1
}
fi
}
start_crontab
echolog "运行完成!\n"
}
@ -840,15 +950,17 @@ stop() {
}
ENABLED=$(config_t_get global enabled 0)
NODE=$(config_t_get global node nil)
[ "$ENABLED" == 1 ] && {
[ "$NODE" != "nil" ] && [ "$(config_get_type $NODE nil)" != "nil" ] && ENABLED_DEFAULT_ACL=1
}
ENABLED_ACLS=$(config_t_get global acl_enable 0)
[ "$ENABLED_ACLS" == 1 ] && {
[ "$(uci show ${CONFIG} | grep "@acl_rule" | grep "enabled='1'" | wc -l)" == 0 ] && ENABLED_ACLS=0
}
SOCKS_ENABLED=$(config_t_get global socks_enabled 0)
REDIR_PORT=$(echo $(get_new_port 1041 tcp,udp))
[ "$ENABLED" != 1 ] && NO_PROXY=1
NODE=$(config_t_get global node nil)
[ "$NODE" == "nil" ] && NO_PROXY=1
[ "$(config_get_type $NODE nil)" == "nil" ] && NO_PROXY=1
tcp_proxy_way=$(config_t_get global_forwarding tcp_proxy_way redirect)
RESOLVFILE=/tmp/resolv.conf.d/resolv.conf.auto
[ -f "${RESOLVFILE}" ] && [ -s "${RESOLVFILE}" ] || RESOLVFILE=/tmp/resolv.conf.auto
TCP_NO_REDIR_PORTS=$(config_t_get global_forwarding tcp_no_redir_ports 'disable')
UDP_NO_REDIR_PORTS=$(config_t_get global_forwarding udp_no_redir_ports 'disable')
TCP_REDIR_PORTS=$(config_t_get global_forwarding tcp_redir_ports '22,25,53,143,465,587,853,993,995,80,443')
@ -864,8 +976,14 @@ REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E
REMOTE_DNS_QUERY_STRATEGY=$(config_t_get global remote_dns_query_strategy UseIPv4)
DNS_CACHE=$(config_t_get global dns_cache 1)
RESOLVFILE=/tmp/resolv.conf.d/resolv.conf.auto
[ -f "${RESOLVFILE}" ] && [ -s "${RESOLVFILE}" ] || RESOLVFILE=/tmp/resolv.conf.auto
ISP_DNS=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort -u | grep -v 0.0.0.0 | grep -v 127.0.0.1)
ISP_DNS6=$(cat $RESOLVFILE 2>/dev/null | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | awk -F % '{print $1}' | awk -F " " '{print $2}'| sort -u | grep -v -Fx ::1 | grep -v -Fx ::)
DEFAULT_DNS=$(uci show dhcp | grep "@dnsmasq" | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' '\n' | grep -v "\/" | head -2 | sed ':label;N;s/\n/,/;b label')
[ -z "${DEFAULT_DNS}" ] && DEFAULT_DNS=$(echo -n $(sed -n 's/^nameserver[ \t]*\([^ ]*\)$/\1/p' "${RESOLVFILE}" | grep -v -E "0.0.0.0|127.0.0.1|::" | head -2) | tr ' ' ',')
[ -z "${DEFAULT_DNS}" ] && DEFAULT_DNS=$(echo -n $ISP_DNS | tr ' ' '\n' | head -2 | tr '\n' ',')
AUTO_DNS=${DEFAULT_DNS:-119.29.29.29}
PROXY_IPV6=$(config_t_get global_forwarding ipv6_tproxy 0)

163
luci-app-passwall2/root/usr/share/passwall2/iptables.sh
View File

@ -170,108 +170,28 @@ get_wan6_ip() {
}
load_acl() {
local items=$(uci show ${CONFIG} | grep "=acl_rule" | cut -d '.' -sf 2 | cut -d '=' -sf 1)
[ -n "$items" ] && {
local index=0
local item
local redir_port dns_port dnsmasq_port
local ipt_tmp msg msg2
redir_port=11200
dns_port=11300
dnsmasq_port=11400
[ "$ENABLED_ACLS" == 1 ] && {
acl_app
echolog "访问控制:"
for item in $items; do
index=$(expr $index + 1)
local enabled sid remarks sources tcp_no_redir_ports udp_no_redir_ports tcp_redir_ports udp_redir_ports node direct_dns_protocol direct_dns direct_dns_doh direct_dns_client_ip direct_dns_query_strategy remote_dns_protocol only_proxy_fakedns remote_dns remote_dns_doh remote_dns_client_ip remote_dns_query_strategy
local _ip _mac _iprange _ipset _ip_or_mac rule_list node_remark config_file
sid=$(uci -q show "${CONFIG}.${item}" | grep "=acl_rule" | awk -F '=' '{print $1}' | awk -F '.' '{print $2}')
eval $(uci -q show "${CONFIG}.${item}" | cut -d'.' -sf 3-)
[ "$enabled" = "1" ] || continue
[ -z "${sources}" ] && continue
for s in $sources; do
is_iprange=$(lua_api "iprange(\"${s}\")")
if [ "${is_iprange}" = "true" ]; then
rule_list="${rule_list}\niprange:${s}"
elif [ -n "$(echo ${s} | grep '^ipset:')" ]; then
rule_list="${rule_list}\nipset:${s}"
else
_ip_or_mac=$(lua_api "ip_or_mac(\"${s}\")")
if [ "${_ip_or_mac}" = "ip" ]; then
rule_list="${rule_list}\nip:${s}"
elif [ "${_ip_or_mac}" = "mac" ]; then
rule_list="${rule_list}\nmac:${s}"
fi
fi
done
[ -z "${rule_list}" ] && continue
for sid in $(ls -F ${TMP_ACL_PATH} | grep '/$' | awk -F '/' '{print $1}'); do
eval $(uci -q show "${CONFIG}.${sid}" | cut -d'.' -sf 3-)
tcp_no_redir_ports=${tcp_no_redir_ports:-default}
udp_no_redir_ports=${udp_no_redir_ports:-default}
tcp_proxy_mode="global"
udp_proxy_mode="global"
node=${node:-default}
direct_dns_protocol=${direct_dns_protocol:-auto}
direct_dns=${direct_dns:-119.29.29.29}
[ "$direct_dns_protocol" = "doh" ] && direct_dns=${direct_dns_doh:-https://223.5.5.5/dns-query}
direct_dns_query_strategy=${direct_dns_query_strategy:-UseIP}
remote_dns_protocol=${remote_dns_protocol:-tcp}
remote_dns=${remote_dns:-1.1.1.1}
[ "$remote_dns_protocol" = "doh" ] && remote_dns=${remote_dns_doh:-https://1.1.1.1/dns-query}
remote_dns_query_strategy=${remote_dns_query_strategy:-UseIPv4}
[ "$tcp_no_redir_ports" = "default" ] && tcp_no_redir_ports=$TCP_NO_REDIR_PORTS
[ "$udp_no_redir_ports" = "default" ] && udp_no_redir_ports=$UDP_NO_REDIR_PORTS
[ "$tcp_redir_ports" = "default" ] && tcp_redir_ports=$TCP_REDIR_PORTS
[ "$udp_redir_ports" = "default" ] && udp_redir_ports=$UDP_REDIR_PORTS
[ "$node" != "nil" ] && {
if [ "$node" = "default" ]; then
node=$NODE
redir_port=$REDIR_PORT
else
[ "$(config_get_type $node nil)" = "nodes" ] && {
if [ "$node" = "$NODE" ]; then
redir_port=$REDIR_PORT
else
redir_port=$(get_new_port $(expr $redir_port + 1))
eval node_${node}_redir_port=$redir_port
local type=$(echo $(config_n_get $node type) | tr 'A-Z' 'a-z')
if [ -n "${type}" ]; then
config_file=$TMP_ACL_PATH/${node}_TCP_UDP_DNS_${redir_port}.json
dns_port=$(get_new_port $(expr $dns_port + 1))
local acl_socks_port=$(get_new_port $(expr $redir_port + $index))
run_v2ray flag=acl_$sid node=$node redir_port=$redir_port socks_address=127.0.0.1 socks_port=$acl_socks_port dns_listen_port=${dns_port} direct_dns_protocol=${direct_dns_protocol} direct_dns_udp_server=${direct_dns} direct_dns_tcp_server=${direct_dns} direct_dns_doh="${direct_dns}" direct_dns_client_ip=${direct_dns_client_ip} direct_dns_query_strategy=${direct_dns_query_strategy} remote_dns_protocol=${remote_dns_protocol} remote_dns_tcp_server=${remote_dns} remote_dns_udp_server=${remote_dns} remote_dns_doh="${remote_dns}" remote_dns_client_ip=${remote_dns_client_ip} remote_dns_query_strategy=${remote_dns_query_strategy} config_file=${config_file}
fi
dnsmasq_port=$(get_new_port $(expr $dnsmasq_port + 1))
redirect_dns_port=$dnsmasq_port
mkdir -p $TMP_ACL_PATH/$sid/dnsmasq.d
default_dnsmasq_cfgid=$(uci show dhcp.@dnsmasq[0] | awk -F '.' '{print $2}' | awk -F '=' '{print $1}'| head -1)
[ -s "/tmp/etc/dnsmasq.conf.${default_dnsmasq_cfgid}" ] && {
cp -r /tmp/etc/dnsmasq.conf.${default_dnsmasq_cfgid} $TMP_ACL_PATH/$sid/dnsmasq.conf
sed -i "/ubus/d" $TMP_ACL_PATH/$sid/dnsmasq.conf
sed -i "/dhcp/d" $TMP_ACL_PATH/$sid/dnsmasq.conf
sed -i "/port=/d" $TMP_ACL_PATH/$sid/dnsmasq.conf
sed -i "/conf-dir/d" $TMP_ACL_PATH/$sid/dnsmasq.conf
sed -i "/no-poll/d" $TMP_ACL_PATH/$sid/dnsmasq.conf
sed -i "/no-resolv/d" $TMP_ACL_PATH/$sid/dnsmasq.conf
}
echo "port=${dnsmasq_port}" >> $TMP_ACL_PATH/$sid/dnsmasq.conf
echo "conf-dir=${TMP_ACL_PATH}/${sid}/dnsmasq.d" >> $TMP_ACL_PATH/$sid/dnsmasq.conf
echo "server=127.0.0.1#${dns_port}" >> $TMP_ACL_PATH/$sid/dnsmasq.conf
echo "no-poll" >> $TMP_ACL_PATH/$sid/dnsmasq.conf
echo "no-resolv" >> $TMP_ACL_PATH/$sid/dnsmasq.conf
#source $APP_PATH/helper_dnsmasq.sh add TMP_DNSMASQ_PATH=$TMP_ACL_PATH/$sid/dnsmasq.d DNSMASQ_CONF_FILE=/dev/null DEFAULT_DNS=$AUTO_DNS TUN_DNS=127.0.0.1#${dns_port} NO_LOGIC_LOG=1
ln_run "$(first_type dnsmasq)" "dnsmasq_${sid}" "/dev/null" -C $TMP_ACL_PATH/$sid/dnsmasq.conf -x $TMP_ACL_PATH/$sid/dnsmasq.pid
eval node_${node}_$(echo -n "${tcp_proxy_mode}${remote_dns}" | md5sum | cut -d " " -f1)=${dnsmasq_port}
filter_node $node TCP > /dev/null 2>&1 &
filter_node $node UDP > /dev/null 2>&1 &
fi
}
fi
node_remark=$(config_n_get $node remarks)
}
node_remark=$(config_n_get $NODE remarks)
[ -s "${TMP_ACL_PATH}/${sid}/var_node" ] && node=$(cat ${TMP_ACL_PATH}/${sid}/var_node)
[ -s "${TMP_ACL_PATH}/${sid}/var_port" ] && redir_port=$(cat ${TMP_ACL_PATH}/${sid}/var_port)
[ -n "$node" ] && [ "$node" != "default" ] && node_remark=$(config_n_get $node remarks)
for i in $(echo -e ${rule_list}); do
for i in $(cat ${TMP_ACL_PATH}/${sid}/rule_list); do
if [ -n "$(echo ${i} | grep '^iprange:')" ]; then
_iprange=$(echo ${i} | sed 's#iprange:##g')
_ipt_source=$(factor ${_iprange} "-m iprange --src-range")
@ -297,7 +217,7 @@ load_acl() {
[ -n "$redir_port" ] && {
if [ "$tcp_proxy_mode" != "disable" ]; then
[ -n "$redirect_dns_port" ] && $ipt_n -A PSW2_REDIRECT $(comment "$remarks") -p udp ${_ipt_source} --dport 53 -j REDIRECT --to-ports $redirect_dns_port
[ -s "${TMP_ACL_PATH}/${sid}/var_redirect_dns_port" ] && $ipt_n -A PSW2_REDIRECT $(comment "$remarks") -p udp ${_ipt_source} --dport 53 -j REDIRECT --to-ports $(cat ${TMP_ACL_PATH}/${sid}/var_redirect_dns_port)
msg2="${msg}使用TCP节点[$node_remark] [$(get_action_chain_name $tcp_proxy_mode)]"
if [ -n "${is_tproxy}" ]; then
msg2="${msg2}(TPROXY:${redir_port})代理"
@ -373,15 +293,13 @@ load_acl() {
$ipt_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p udp -j RETURN
$ip6t_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p udp -j RETURN 2>/dev/null
done
unset enabled sid remarks sources tcp_no_redir_ports udp_no_redir_ports tcp_redir_ports udp_redir_ports node direct_dns_protocol direct_dns direct_dns_doh direct_dns_client_ip direct_dns_query_strategy remote_dns_protocol remote_dns remote_dns_doh remote_dns_client_ip remote_dns_query_strategy
unset _ip _mac _iprange _ipset _ip_or_mac rule_list node_remark config_file
unset enabled sid remarks sources tcp_no_redir_ports udp_no_redir_ports tcp_redir_ports udp_redir_ports node
unset _ip _mac _iprange _ipset _ip_or_mac rule_list node_remark
unset ipt_tmp msg msg2
unset redirect_dns_port
done
unset redir_port dns_port dnsmasq_port
unset ipt_tmp msg msg2
}
[ "$ENABLED_DEFAULT_ACL" == 1 ] && {
# 加载默认代理模式
if [ "$TCP_PROXY_MODE" != "disable" ]; then
local ipt_tmp=$ipt_n
@ -463,6 +381,7 @@ load_acl() {
$ipt_m -A PSW2 $(comment "默认") -p udp -j RETURN
$ip6t_m -A PSW2 $(comment "默认") -p udp -j RETURN
}
}
filter_vpsip() {
uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSIPLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
@ -613,7 +532,6 @@ add_firewall_rule() {
EOF
}
local ISP_DNS=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort -u | grep -v 0.0.0.0 | grep -v 127.0.0.1)
[ -n "$ISP_DNS" ] && {
#echolog "处理 ISP DNS 例外..."
for ispip in $ISP_DNS; do
@ -622,10 +540,9 @@ add_firewall_rule() {
done
}
local ISP_DNS6=$(cat $RESOLVFILE 2>/dev/null | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | awk -F % '{print $1}' | awk -F " " '{print $2}'| sort -u | grep -v -Fx ::1 | grep -v -Fx ::)
[ -n "$ISP_DNS" ] && {
[ -n "$ISP_DNS6" ] && {
#echolog "处理 ISP IPv6 DNS 例外..."
for ispip6 in $ISP_DNS; do
for ispip6 in $ISP_DNS6; do
ipset -! add $IPSET_LANIPLIST6 $ispip6 >/dev/null 2>&1 &
#echolog " - 追加到白名单:${ispip6}"
done
@ -735,6 +652,28 @@ add_firewall_rule() {
ip -6 rule add fwmark 1 table 100
ip -6 route add local ::/0 dev lo table 100
# 过滤Socks节点
[ "$SOCKS_ENABLED" = "1" ] && {
local ids=$(uci show $CONFIG | grep "=socks" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
#echolog "分析 Socks 服务所使用节点..."
local id enabled node port msg num
for id in $ids; do
enabled=$(config_n_get $id enabled 0)
[ "$enabled" == "1" ] || continue
node=$(config_n_get $id node nil)
port=$(config_n_get $id port 0)
msg="Socks 服务 [:${port}]"
if [ "$node" == "nil" ] || [ "$port" == "0" ]; then
msg="${msg} 未配置完全,略过"
else
filter_node $node TCP > /dev/null 2>&1 &
filter_node $node UDP > /dev/null 2>&1 &
fi
#echolog " - ${msg}"
done
}
[ "$ENABLED_DEFAULT_ACL" == 1 ] && {
# 加载路由器自身代理 TCP
if [ "$NODE" != "nil" ] && [ "$LOCALHOST_PROXY" = "1" ]; then
echolog "加载路由器自身 TCP 代理..."
@ -789,27 +728,6 @@ add_firewall_rule() {
done
fi
# 过滤Socks节点
[ "$SOCKS_ENABLED" = "1" ] && {
local ids=$(uci show $CONFIG | grep "=socks" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
#echolog "分析 Socks 服务所使用节点..."
local id enabled node port msg num
for id in $ids; do
enabled=$(config_n_get $id enabled 0)
[ "$enabled" == "1" ] || continue
node=$(config_n_get $id node nil)
port=$(config_n_get $id port 0)
msg="Socks 服务 [:${port}]"
if [ "$node" == "nil" ] || [ "$port" == "0" ]; then
msg="${msg} 未配置完全,略过"
else
filter_node $node TCP > /dev/null 2>&1 &
filter_node $node UDP > /dev/null 2>&1 &
fi
#echolog " - ${msg}"
done
}
# 处理轮换节点的分流或套娃
filter_node $NODE TCP > /dev/null 2>&1 &
filter_node $NODE UDP > /dev/null 2>&1 &
@ -846,11 +764,11 @@ add_firewall_rule() {
$ipt_m -A PSW2 -p udp --dport 53 -j RETURN
$ip6t_m -A PSW2 -p udp --dport 53 -j RETURN
}
# 加载ACLS
load_acl
# dns_hijack "force"
echolog "防火墙规则加载完成!"
}
@ -965,6 +883,7 @@ get_ip6t_bin() {
}
start() {
[ "$ENABLED_DEFAULT_ACL" == 0 -a "$ENABLED_ACLS" == 0 ] && return
add_firewall_rule
gen_include
}

44
luci-app-passwall2/root/usr/share/passwall2/subscribe.lua
View File

@ -772,12 +772,12 @@ local function select_node(nodes, config)
end
end
end
-- 第一优先级 类型 + IP + 端口
-- 第一优先级 类型 + 备注 + IP + 端口
if not server then
for index, node in pairs(nodes) do
if config.currentNode.type and config.currentNode.address and config.currentNode.port then
if node.type and node.address and node.port then
if node.type == config.currentNode.type and (node.address .. ':' .. node.port == config.currentNode.address .. ':' .. config.currentNode.port) then
if config.currentNode.type and config.currentNode.remarks and config.currentNode.address and config.currentNode.port then
if node.type and node.remarks and node.address and node.port then
if node.type == config.currentNode.type and node.remarks == config.currentNode.remarks and (node.address .. ':' .. node.port == config.currentNode.address .. ':' .. config.currentNode.port) then
if config.log == nil or config.log == true then
log('更新【' .. config.remarks .. '】第一匹配节点:' .. node.remarks)
end
@ -788,12 +788,12 @@ local function select_node(nodes, config)
end
end
end
-- 第二优先级 IP + 端口
-- 第二优先级 类型 + IP + 端口
if not server then
for index, node in pairs(nodes) do
if config.currentNode.address and config.currentNode.port then
if node.address and node.port then
if node.address .. ':' .. node.port == config.currentNode.address .. ':' .. config.currentNode.port then
if config.currentNode.type and config.currentNode.address and config.currentNode.port then
if node.type and node.address and node.port then
if node.type == config.currentNode.type and (node.address .. ':' .. node.port == config.currentNode.address .. ':' .. config.currentNode.port) then
if config.log == nil or config.log == true then
log('更新【' .. config.remarks .. '】第二匹配节点:' .. node.remarks)
end
@ -804,12 +804,12 @@ local function select_node(nodes, config)
end
end
end
-- 第三优先级 IP
-- 第三优先级 IP + 端口
if not server then
for index, node in pairs(nodes) do
if config.currentNode.address then
if node.address then
if node.address == config.currentNode.address then
if config.currentNode.address and config.currentNode.port then
if node.address and node.port then
if node.address .. ':' .. node.port == config.currentNode.address .. ':' .. config.currentNode.port then
if config.log == nil or config.log == true then
log('更新【' .. config.remarks .. '】第三匹配节点:' .. node.remarks)
end
@ -820,14 +820,30 @@ local function select_node(nodes, config)
end
end
end
-- 第四优先级备注
-- 第四优先级 IP
if not server then
for index, node in pairs(nodes) do
if config.currentNode.address then
if node.address then
if node.address == config.currentNode.address then
if config.log == nil or config.log == true then
log('更新【' .. config.remarks .. '】第四匹配节点:' .. node.remarks)
end
server = node[".name"]
break
end
end
end
end
end
-- 第五优先级备注
if not server then
for index, node in pairs(nodes) do
if config.currentNode.remarks then
if node.remarks then
if node.remarks == config.currentNode.remarks then
if config.log == nil or config.log == true then
log('更新【' .. config.remarks .. '】第四匹配节点:' .. node.remarks)
log('更新【' .. config.remarks .. '】第匹配节点:' .. node.remarks)
end
server = node[".name"]
break

2
luci-app-xray/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-xray
PKG_VERSION:=1.26.4
PKG_VERSION:=1.26.5
PKG_RELEASE:=1
PKG_LICENSE:=MPLv2

4
luci-app-xray/README.md
View File

@ -24,6 +24,10 @@ Focus on making the most of Xray (HTTP/HTTPS/Socks/TProxy inbounds, multiple pro
* For OpenWrt 19.07 releases, you need to prepare your own xray-core package (just download from [Releases · yichya/openwrt-xray](https://github.com/yichya/openwrt-xray/releases) and install that) because building Xray from source requires Go 1.17 which is currently only available in at least OpenWrt 21.02 releases.
* This project may change its code structure, configuration files format, user interface or dependencies quite frequently since it is still in its very early stage.
## Installation
Clone this repository under `package/extra` and find `luci-app-xray` under `Extra Packages`.
## Changelog 2023
* 2023-01-01 feat: optional restart of dnsmasq on interface change

3
luci-app-xray/root/www/luci-static/resources/view/xray.js
View File

@ -193,6 +193,7 @@ return view.extend({
const geoip_direct_code = uci.get_first(config_data, "general", "geoip_direct_code");
const { geoip_existence, geoip_size, geosite_existence, geosite_size, optional_features, firewall4, xray_bin_default, xray_running } = check_resource_files(load_result[1]);
const status_text = xray_running ? _("[Xray is running]") : _("[Xray is stopped]");
const fw_text = firewall4 ? _("[fw4]"): _("[fw3]");
let asset_file_status = _('WARNING: at least one of asset files (geoip.dat, geosite.dat) is not found under /usr/share/xray. Xray may not work properly. See <a href="https://github.com/yichya/luci-app-xray">here</a> for help.')
if (geoip_existence) {
@ -201,7 +202,7 @@ return view.extend({
}
}
const m = new form.Map('xray', _('Xray'), status_text + " " + asset_file_status);
const m = new form.Map('xray', _('Xray'), status_text + " " + fw_text + " " + asset_file_status);
var s, o, ss;

4
luci-theme-design/Makefile
View File

@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk
LUCI_TITLE:=Design Theme
LUCI_DEPENDS:=
PKG_VERSION:=5.4.0
PKG_RELEASE:=20230306
PKG_VERSION:=5.4.1
PKG_RELEASE:=20230307
include $(TOPDIR)/feeds/luci/luci.mk

3
luci-theme-design/README.md
View File

@ -26,6 +26,9 @@ luci-theme-design is an OpenWrt LuCI theme for immersive WebApp experience and o
> **luci-theme-design** based on luci-theme-neobird, suitable for [lede](https://github.com/coolsnowwolf/lede) / [OpenWrt](https://github.com/openwrt/openwrt ).
> The default branch only supports the lua version of the lede source code. If you use openwrt 21/22, please pull the [js](https://github.com/gngpp/luci-theme-design/tree/js) version(Development stage).
- Thanks for non-commercial open source development authorization by [JetBrains](https://www.jetbrains.com/)!
<a href="https://www.jetbrains.com/?from=gnet" target="_blank"><img src="https://raw.githubusercontent.com/panjf2000/illustrations/master/jetbrains/jetbrains-variant-4.png" width="250" align="middle"/></a>
### Release version
- Lua version select 5.x version

3
luci-theme-design/README_zh.md
View File

@ -26,6 +26,9 @@ luci-theme-design 是一个针对移动端和PC端的沉浸式WebApp体验和优
> **luci-theme-design**基于luci-theme-neobird, 适用于[lede](https://github.com/coolsnowwolf/lede) / [OpenWrt](https://github.com/openwrt/openwrt)
> 默认分支只支持lede源码的lua版本若使用openwrt 21/22请拉取[js](https://github.com/gngpp/luci-theme-design/tree/js)版本(开发阶段)。
- 感谢 [JetBrains](https://www.jetbrains.com/) 提供的非商业开源软件开发授权!
<a href="https://www.jetbrains.com/?from=gnet" target="_blank"><img src="https://raw.githubusercontent.com/panjf2000/illustrations/master/jetbrains/jetbrains-variant-4.png" width="250" align="middle"/></a>
### 发布版本
- Lua 版本选择5.x版本

12
luci-theme-design/dev/style.css
View File

@ -50,6 +50,8 @@
--ifaceboxBorderColor: #b8b8b8bd;
--ifaceboxFontColor: #1a1a1a;
--liSelectedColor: #c5c5c5;
--vssrStatusColor: #525f7f;
--vssrBoxShadow: 0 0 2rem 0 rgb(136 152 170 / 30%);
}
[data-theme='dark'] {
@ -92,6 +94,8 @@
--ifaceboxBorderColor: #636363bd;
--ifaceboxFontColor: #1a1a1a;
--liSelectedColor: #2f2f2f;
--vssrStatusColor: rgb(204, 204, 204);
--vssrBoxShadow: 0 0 1rem 0 rgb(0 0 0 / 30%);
}
@font-face {
@ -385,6 +389,8 @@ svg {
bottom:calc(var(--vssrBottom) + constant(safe-area-inset-bottom));
bottom:calc(var(--vssrBottom) + env(safe-area-inset-bottom));
background-color: var(--navbgColor);
box-shadow: var(--vssrBoxShadow) !important;
color: var(--vssrStatusColor) !important;
}
.node-services-vssr .container {
padding-bottom:calc(var(--vssrBottom) + constant(safe-area-inset-bottom));
@ -3312,3 +3318,9 @@ form[action="/cgi-bin/luci/admin/network/wireless_join"] input[class="cbi-button
.node-nas-qbittorrent p#qBittorrent_status input {
line-height: unset;
}
/* fix node-system-diskman dialog-format-active */
.node-system-diskman.dialog-format-active #dialog_format .dialog_box {
background: var(--alertBackground);
border-radius: 5px;
}

2
luci-theme-design/htdocs/luci-static/design/css/style.css
View File

File diff suppressed because one or more lines are too long