diff --git a/luci-app-ddns-go/Makefile b/luci-app-ddns-go/Makefile index f174eb99c..e8332413d 100644 --- a/luci-app-ddns-go/Makefile +++ b/luci-app-ddns-go/Makefile @@ -7,13 +7,17 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-ddns-go -PKG_VERSION:=1.2.0 -PKG_RELEASE:=7 +PKG_VERSION:=1.2.1 +PKG_RELEASE:=8 LUCI_TITLE:=LuCI Support for Dynamic ddns-go Client LUCI_DEPENDS:=+ddnsgo LUCI_PKGARCH:=all -include $(TOPDIR)/feeds/luci/luci.mk +define Package/$PKG_NAME/conffiles +/etc/config/ddnsgo +/etc/ddns-go/ddnsgo-config.yaml +endef +include $(TOPDIR)/feeds/luci/luci.mk # call BuildPackage - OpenWrt buildroot signature diff --git a/luci-app-ddns-go/root/etc/ddns-go/ddnsgo-config.yaml b/luci-app-ddns-go/root/etc/ddns-go/ddnsgo-config.yaml new file mode 100644 index 000000000..74b2fd127 --- /dev/null +++ b/luci-app-ddns-go/root/etc/ddns-go/ddnsgo-config.yaml @@ -0,0 +1,27 @@ +ipv4: + enable: true + gettype: url + url: https://myip4.ipip.net, https://ddns.oray.com/checkip, https://ip.3322.net + netinterface: br-lan + domains: + - "" +ipv6: + enable: false + gettype: url + url: https://myip6.ipip.net, https://speed.neu6.edu.cn/getIP.php, https://v6.ident.me + netinterface: "" + ipv6reg: "" + domains: + - "" +dns: + name: alidns + id: "" + secret: "" +user: + username: "" + password: "" +webhook: + webhookurl: "" + webhookrequestbody: "" +notallowwanaccess: true +ttl: "" diff --git a/luci-app-passwall2/Makefile b/luci-app-passwall2/Makefile index ea04ad78c..6c88ee78b 100644 --- a/luci-app-passwall2/Makefile +++ b/luci-app-passwall2/Makefile @@ -5,8 +5,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-passwall2 -PKG_VERSION:=1.11 -PKG_RELEASE:=3 +PKG_VERSION:=1.12-1 +PKG_RELEASE:= PKG_CONFIG_DEPENDS:= \ CONFIG_PACKAGE_$(PKG_NAME)_Transparent_Proxy \ diff --git a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/acl_config.lua b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/acl_config.lua index ea3041e4e..371894705 100644 --- a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/acl_config.lua +++ b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/acl_config.lua @@ -233,10 +233,6 @@ o:value("udp", "UDP") o:value("fakedns", "FakeDNS") o:depends({ node = "default", ['!reverse'] = true }) -o = s:option(Flag, "only_proxy_fakedns", translate("Only Proxy FakeDNS"), translate("When selected, only FakeDNS domain to proxy.")) -o.default = "0" -o:depends("remote_dns_protocol", "fakedns") - ---- DNS Forward o = s:option(Value, "remote_dns", translate("Remote DNS")) o.datatype = "or(ipaddr,ipaddrport)" diff --git a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/global.lua b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/global.lua index f8b8df29b..8bf3e4ae0 100644 --- a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/global.lua +++ b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/global.lua @@ -217,10 +217,6 @@ o:value("doh", "DoH") o:value("udp", "UDP") o:value("fakedns", "FakeDNS") -o = s:taboption("DNS", Flag, "only_proxy_fakedns", translate("Only Proxy FakeDNS"), translate("When selected, only FakeDNS domain to proxy.")) -o.default = "0" -o:depends("remote_dns_protocol", "fakedns") - ---- DNS Forward o = s:taboption("DNS", Value, "remote_dns", translate("Remote DNS")) o.datatype = "or(ipaddr,ipaddrport)" diff --git a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/node_config.lua b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/node_config.lua index 7ab264dfb..33c3d0a13 100644 --- a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/node_config.lua +++ b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/node_config.lua @@ -648,7 +648,7 @@ wireguard_mtu.default = "1420" wireguard_mtu:depends({ type = "Xray", protocol = "wireguard" }) if api.compare_versions(api.get_xray_version(), ">=", "1.8.0") then - wireguard_reserved = s:option(Value, "wireguard_reserved", translate("Reserved")) + wireguard_reserved = s:option(Value, "wireguard_reserved", translate("Reserved"), translate("Decimal numbers separated by \",\" or Base64-encoded strings.")) wireguard_reserved:depends({ type = "Xray", protocol = "wireguard" }) end @@ -812,11 +812,21 @@ mux:depends({ type = "Xray", protocol = "socks" }) mux:depends({ type = "Xray", protocol = "shadowsocks" }) mux:depends({ type = "Xray", protocol = "trojan" }) +-- [[ XUDP Mux ]]-- +xmux = s:option(Flag, "xmux", translate("Mux")) +xmux.default = 1 +xmux:depends({ type = "Xray", protocol = "vless", tlsflow = "xtls-rprx-vision" }) +xmux:depends({ type = "Xray", protocol = "vless", tlsflow = "xtls-rprx-vision-udp443" }) + mux_concurrency = s:option(Value, "mux_concurrency", translate("Mux concurrency")) mux_concurrency.default = 8 mux_concurrency:depends("mux", true) mux_concurrency:depends("smux", true) +xudp_concurrency = s:option(Value, "xudp_concurrency", translate("XUDP Mux concurrency")) +xudp_concurrency.default = 8 +xudp_concurrency:depends("xmux", true) + smux_idle_timeout = s:option(Value, "smux_idle_timeout", translate("Mux idle timeout")) smux_idle_timeout.default = 60 smux_idle_timeout:depends("smux", true) diff --git a/luci-app-passwall2/luasrc/passwall2/api.lua b/luci-app-passwall2/luasrc/passwall2/api.lua index 4da7ae8b9..82212d5e7 100644 --- a/luci-app-passwall2/luasrc/passwall2/api.lua +++ b/luci-app-passwall2/luasrc/passwall2/api.lua @@ -1,4 +1,5 @@ module("luci.passwall2.api", package.seeall) +bin = require "nixio".bin fs = require "nixio.fs" sys = require "luci.sys" uci = require"luci.model.uci".cursor() diff --git a/luci-app-passwall2/luasrc/passwall2/util_xray.lua b/luci-app-passwall2/luasrc/passwall2/util_xray.lua index 7a0934f68..d43e20446 100644 --- a/luci-app-passwall2/luasrc/passwall2/util_xray.lua +++ b/luci-app-passwall2/luasrc/passwall2/util_xray.lua @@ -108,9 +108,16 @@ function gen_outbound(flag, node, tag, proxy_table) if node.protocol == "wireguard" and node.wireguard_reserved then local bytes = {} - node.wireguard_reserved:gsub("[^,]+", function(b) - bytes[#bytes+1] = tonumber(b) - end) + if not node.wireguard_reserved:match("[^%d,]+") then + node.wireguard_reserved:gsub("%d+", function(b) + bytes[#bytes + 1] = tonumber(b) + end) + else + local result = api.bin.b64decode(node.wireguard_reserved) + for i = 1, #result do + bytes[i] = result:byte(i) + end + end node.wireguard_reserved = #bytes > 0 and bytes or nil end @@ -122,8 +129,9 @@ function gen_outbound(flag, node, tag, proxy_table) proxySettings = node.proxySettings or nil, protocol = node.protocol, mux = { - enabled = (node.mux == "1") and true or false, - concurrency = (node.mux_concurrency) and tonumber(node.mux_concurrency) or 8 + enabled = (node.mux == "1" or node.xmux == "1") and true or false, + concurrency = (node.mux == "1" and ((node.mux_concurrency) and tonumber(node.mux_concurrency) or 8)) or ((node.xmux == "1") and -1) or nil, + xudpConcurrency = (node.xmux == "1" and ((node.xudp_concurrency) and tonumber(node.xudp_concurrency) or 8)) or nil } or nil, -- 底层传输配置 streamSettings = (node.streamSettings or node.protocol == "vmess" or node.protocol == "vless" or node.protocol == "socks" or node.protocol == "shadowsocks" or node.protocol == "trojan") and { diff --git a/luci-app-passwall2/po/zh-cn/passwall2.po b/luci-app-passwall2/po/zh-cn/passwall2.po index 3240692e6..b67fbe8dc 100644 --- a/luci-app-passwall2/po/zh-cn/passwall2.po +++ b/luci-app-passwall2/po/zh-cn/passwall2.po @@ -118,12 +118,6 @@ msgstr "直连 DNS EDNS Client Subnet" msgid "Remote DNS Protocol" msgstr "远程 DNS 协议" -msgid "Only Proxy FakeDNS" -msgstr "仅代理 FakeDNS" - -msgid "When selected, only FakeDNS domain to proxy." -msgstr "当勾选时,只会代理 FakeDNS 域名。" - msgid "Remote DNS" msgstr "远程 DNS" @@ -943,6 +937,9 @@ msgstr "额外的对称加密密钥" msgid "Local Address" msgstr "本地地址" +msgid "Decimal numbers separated by \",\" or Base64-encoded strings." +msgstr "用“,”隔开的十进制数字或 Base64 编码字符串。" + msgid "Camouflage Type" msgstr "伪装类型" @@ -1165,6 +1162,9 @@ msgstr "无法移动新文件到:%s" msgid "Mux concurrency" msgstr "最大并发连接数" +msgid "XUDP Mux concurrency" +msgstr "XUDP 最大并发连接数" + msgid "Mux idle timeout" msgstr "最大闲置时间" diff --git a/luci-app-passwall2/root/usr/share/passwall2/app.sh b/luci-app-passwall2/root/usr/share/passwall2/app.sh index ad00b570e..ad362530b 100755 --- a/luci-app-passwall2/root/usr/share/passwall2/app.sh +++ b/luci-app-passwall2/root/usr/share/passwall2/app.sh @@ -796,7 +796,7 @@ acl_app() { echolog "访问控制:" for item in $items; do index=$(expr $index + 1) - local enabled sid remarks sources node direct_dns_protocol direct_dns direct_dns_doh direct_dns_client_ip direct_dns_query_strategy remote_dns_protocol only_proxy_fakedns remote_dns remote_dns_doh remote_dns_client_ip remote_dns_query_strategy + local enabled sid remarks sources node direct_dns_protocol direct_dns direct_dns_doh direct_dns_client_ip direct_dns_query_strategy remote_dns_protocol remote_dns remote_dns_doh remote_dns_client_ip remote_dns_query_strategy local _ip _mac _iprange _ipset _ip_or_mac rule_list config_file sid=$(uci -q show "${CONFIG}.${item}" | grep "=acl_rule" | awk -F '=' '{print $1}' | awk -F '.' '{print $2}') eval $(uci -q show "${CONFIG}.${item}" | cut -d'.' -sf 3-) @@ -901,8 +901,8 @@ start() { start_socks local USE_TABLES="iptables" - if [ -z "$(command -v iptables-legacy || command -v iptables)" ] || [ -z "$(command -v ipset)" ]; then - echolog "系统未安装iptables或ipset,无法透明代理!" + if [ -z "$(command -v iptables-legacy || command -v iptables)" ] || [ -z "$(command -v ipset)" ] || [ -z "$(dnsmasq --version | grep 'Compile time options:.* ipset')" ]; then + echolog "系统未安装iptables或ipset或Dnsmasq没有开启ipset支持,无法透明代理!" fi [ "$ENABLED_DEFAULT_ACL" == 1 ] && run_global diff --git a/luci-app-passwall2/root/usr/share/passwall2/iptables.sh b/luci-app-passwall2/root/usr/share/passwall2/iptables.sh index ad2284b6b..a4e30746b 100755 --- a/luci-app-passwall2/root/usr/share/passwall2/iptables.sh +++ b/luci-app-passwall2/root/usr/share/passwall2/iptables.sh @@ -228,12 +228,12 @@ load_acl() { [ "$accept_icmp" = "1" ] && { $ipt_n -A PSW2 $(comment "$remarks") -p icmp ${_ipt_source} -d $FAKE_IP $(REDIRECT) - [ "$only_proxy_fakedns" != "1" ] && $ipt_n -A PSW2 $(comment "$remarks") -p icmp ${_ipt_source} $(REDIRECT) + $ipt_n -A PSW2 $(comment "$remarks") -p icmp ${_ipt_source} $(REDIRECT) } [ "$accept_icmpv6" = "1" ] && [ "$PROXY_IPV6" == "1" ] && { $ip6t_n -A PSW2 $(comment "$remarks") -p ipv6-icmp ${_ipt_source} -d $FAKE_IP_6 $(REDIRECT) 2>/dev/null - [ "$only_proxy_fakedns" != "1" ] && $ip6t_n -A PSW2 $(comment "$remarks") -p ipv6-icmp ${_ipt_source} $(REDIRECT) 2>/dev/null + $ip6t_n -A PSW2 $(comment "$remarks") -p ipv6-icmp ${_ipt_source} $(REDIRECT) 2>/dev/null } [ "$tcp_no_redir_ports" != "disable" ] && { @@ -245,16 +245,16 @@ load_acl() { if [ "${ipt_tmp}" = "${ipt_n}" ]; then $ipt_n -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} -d $FAKE_IP $(REDIRECT $redir_port) - [ "$only_proxy_fakedns" != "1" ] && $ipt_n -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(REDIRECT $redir_port) + $ipt_n -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") $(REDIRECT $redir_port) else $ipt_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} -d $FAKE_IP -j PSW2_RULE - [ "$only_proxy_fakedns" != "1" ] && $ipt_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") -j PSW2_RULE - [ "$only_proxy_fakedns" != "1" ] && $ipt_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(REDIRECT $redir_port TPROXY) + $ipt_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") -j PSW2_RULE + $ipt_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(REDIRECT $redir_port TPROXY) fi [ "$PROXY_IPV6" == "1" ] && { $ip6t_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} -d $FAKE_IP_6 -j PSW2_RULE 2>/dev/null - [ "$only_proxy_fakedns" != "1" ] && $ip6t_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") -j PSW2_RULE 2>/dev/null - [ "$only_proxy_fakedns" != "1" ] && $ip6t_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(REDIRECT $redir_port TPROXY) 2>/dev/null + $ip6t_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") -j PSW2_RULE 2>/dev/null + $ip6t_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(REDIRECT $redir_port TPROXY) 2>/dev/null } else msg2="${msg}不代理TCP" @@ -277,13 +277,13 @@ load_acl() { msg2="${msg2}所有端口" $ipt_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} -d $FAKE_IP -j PSW2_RULE - [ "$only_proxy_fakedns" != "1" ] && $ipt_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") -j PSW2_RULE - [ "$only_proxy_fakedns" != "1" ] && $ipt_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(REDIRECT $redir_port TPROXY) + $ipt_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") -j PSW2_RULE + $ipt_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(REDIRECT $redir_port TPROXY) [ "$PROXY_IPV6" == "1" ] && [ "$PROXY_IPV6_UDP" == "1" ] && { $ip6t_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} -d $FAKE_IP_6 -j PSW2_RULE 2>/dev/null - [ "$only_proxy_fakedns" != "1" ] && $ip6t_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") -j PSW2_RULE 2>/dev/null - [ "$only_proxy_fakedns" != "1" ] && $ip6t_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(REDIRECT $redir_port TPROXY) 2>/dev/null + $ip6t_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") -j PSW2_RULE 2>/dev/null + $ip6t_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(REDIRECT $redir_port TPROXY) 2>/dev/null } else msg2="${msg}不代理UDP" @@ -322,27 +322,27 @@ load_acl() { [ "$accept_icmp" = "1" ] && { $ipt_n -A PSW2 $(comment "默认") -p icmp -d $FAKE_IP $(REDIRECT) - [ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ipt_n -A PSW2 $(comment "默认") -p icmp $(REDIRECT) + $ipt_n -A PSW2 $(comment "默认") -p icmp $(REDIRECT) } [ "$accept_icmpv6" = "1" ] && [ "$PROXY_IPV6" == "1" ] && { $ip6t_n -A PSW2 $(comment "默认") -p ipv6-icmp -d $FAKE_IP_6 $(REDIRECT) - [ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ip6t_n -A PSW2 $(comment "默认") -p ipv6-icmp $(REDIRECT) + $ip6t_n -A PSW2 $(comment "默认") -p ipv6-icmp $(REDIRECT) } if [ "${ipt_tmp}" = "${ipt_n}" ]; then $ipt_n -A PSW2 $(comment "默认") -p tcp -d $FAKE_IP $(REDIRECT $REDIR_PORT) - [ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ipt_n -A PSW2 $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(REDIRECT $REDIR_PORT) + $ipt_n -A PSW2 $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(REDIRECT $REDIR_PORT) else $ipt_m -A PSW2 $(comment "默认") -p tcp -d $FAKE_IP -j PSW2_RULE - [ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ipt_m -A PSW2 $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE - [ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ipt_m -A PSW2 $(comment "默认") -p tcp $(REDIRECT $REDIR_PORT TPROXY) + $ipt_m -A PSW2 $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE + $ipt_m -A PSW2 $(comment "默认") -p tcp $(REDIRECT $REDIR_PORT TPROXY) fi [ "$PROXY_IPV6" == "1" ] && { $ip6t_m -A PSW2 $(comment "默认") -p tcp -d $FAKE_IP_6 -j PSW2_RULE - [ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ip6t_m -A PSW2 $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE - [ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ip6t_m -A PSW2 $(comment "默认") -p tcp $(REDIRECT $REDIR_PORT TPROXY) + $ip6t_m -A PSW2 $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE + $ip6t_m -A PSW2 $(comment "默认") -p tcp $(REDIRECT $REDIR_PORT TPROXY) } echolog "${msg}" @@ -366,13 +366,13 @@ load_acl() { msg="${msg}所有端口" $ipt_m -A PSW2 $(comment "默认") -p udp -d $FAKE_IP -j PSW2_RULE - [ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ipt_m -A PSW2 $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE - [ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ipt_m -A PSW2 $(comment "默认") -p udp $(REDIRECT $REDIR_PORT TPROXY) + $ipt_m -A PSW2 $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE + $ipt_m -A PSW2 $(comment "默认") -p udp $(REDIRECT $REDIR_PORT TPROXY) if [ "$PROXY_IPV6_UDP" == "1" ]; then $ip6t_m -A PSW2 $(comment "默认") -p udp -d $FAKE_IP_6 -j PSW2_RULE - [ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ip6t_m -A PSW2 $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE - [ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ip6t_m -A PSW2 $(comment "默认") -p udp $(REDIRECT $REDIR_PORT TPROXY) + $ip6t_m -A PSW2 $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE + $ip6t_m -A PSW2 $(comment "默认") -p udp $(REDIRECT $REDIR_PORT TPROXY) fi echolog "${msg}" @@ -560,8 +560,6 @@ add_firewall_rule() { elif [ "$tcp_proxy_way" = "tproxy" ]; then is_tproxy="TPROXY" fi - - ONLY_PROXY_FAKEDNS=$(config_t_get global only_proxy_fakedns 0) $ipt_n -N PSW2 $ipt_n -A PSW2 $(dst $IPSET_LANIPLIST) -j RETURN @@ -681,13 +679,13 @@ add_firewall_rule() { [ "$accept_icmp" = "1" ] && { $ipt_n -A OUTPUT -p icmp -j PSW2_OUTPUT $ipt_n -A PSW2_OUTPUT -p icmp -d $FAKE_IP $(REDIRECT) - [ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ipt_n -A PSW2_OUTPUT -p icmp $(REDIRECT) + $ipt_n -A PSW2_OUTPUT -p icmp $(REDIRECT) } [ "$accept_icmpv6" = "1" ] && { $ip6t_n -A OUTPUT -p ipv6-icmp -j PSW2_OUTPUT $ip6t_n -A PSW2_OUTPUT -p ipv6-icmp -d $FAKE_IP_6 $(REDIRECT) - [ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ip6t_n -A PSW2_OUTPUT -p ipv6-icmp $(REDIRECT) + $ip6t_n -A PSW2_OUTPUT -p ipv6-icmp $(REDIRECT) } local ipt_tmp=$ipt_n @@ -704,20 +702,20 @@ add_firewall_rule() { if [ "${ipt_tmp}" = "${ipt_n}" ]; then $ipt_n -A PSW2_OUTPUT -p tcp -d $FAKE_IP $(REDIRECT $REDIR_PORT) - [ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ipt_n -A PSW2_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(REDIRECT $REDIR_PORT) + $ipt_n -A PSW2_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(REDIRECT $REDIR_PORT) $ipt_n -A OUTPUT -p tcp -j PSW2_OUTPUT else $ipt_m -A PSW2_OUTPUT -p tcp -d $FAKE_IP -j PSW2_RULE - [ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ipt_m -A PSW2_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE - [ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ipt_m -A PSW2 $(comment "本机") -p tcp -i lo $(REDIRECT $REDIR_PORT TPROXY) + $ipt_m -A PSW2_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE + $ipt_m -A PSW2 $(comment "本机") -p tcp -i lo $(REDIRECT $REDIR_PORT TPROXY) $ipt_m -A PSW2 $(comment "本机") -p tcp -i lo -j RETURN $ipt_m -A OUTPUT -p tcp -j PSW2_OUTPUT fi if [ "$PROXY_IPV6" == "1" ]; then $ip6t_m -A PSW2_OUTPUT -p tcp -d $FAKE_IP_6 -j PSW2_RULE - [ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ip6t_m -A PSW2_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE - [ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ip6t_m -A PSW2 $(comment "本机") -p tcp -i lo $(REDIRECT $REDIR_PORT TPROXY) + $ip6t_m -A PSW2_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE + $ip6t_m -A PSW2 $(comment "本机") -p tcp -i lo $(REDIRECT $REDIR_PORT TPROXY) $ip6t_m -A PSW2 $(comment "本机") -p tcp -i lo -j RETURN $ip6t_m -A OUTPUT -p tcp -j PSW2_OUTPUT fi @@ -743,15 +741,15 @@ add_firewall_rule() { } $ipt_m -A PSW2_OUTPUT -p udp -d $FAKE_IP -j PSW2_RULE - [ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ipt_m -A PSW2_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE - [ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ipt_m -A PSW2 $(comment "本机") -p udp -i lo $(REDIRECT $REDIR_PORT TPROXY) + $ipt_m -A PSW2_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE + $ipt_m -A PSW2 $(comment "本机") -p udp -i lo $(REDIRECT $REDIR_PORT TPROXY) $ipt_m -A PSW2 $(comment "本机") -p udp -i lo -j RETURN $ipt_m -A OUTPUT -p udp -j PSW2_OUTPUT if [ "$PROXY_IPV6_UDP" == "1" ]; then $ip6t_m -A PSW2_OUTPUT -p udp -d $FAKE_IP_6 -j PSW2_RULE - [ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ip6t_m -A PSW2_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE - [ "$ONLY_PROXY_FAKEDNS" != "1" ] && $ip6t_m -A PSW2 $(comment "本机") -p udp -i lo $(REDIRECT $REDIR_PORT TPROXY) + $ip6t_m -A PSW2_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE + $ip6t_m -A PSW2 $(comment "本机") -p udp -i lo $(REDIRECT $REDIR_PORT TPROXY) $ip6t_m -A PSW2 $(comment "本机") -p udp -i lo -j RETURN $ip6t_m -A OUTPUT -p udp -j PSW2_OUTPUT fi diff --git a/luci-app-passwall2/root/usr/share/passwall2/subscribe.lua b/luci-app-passwall2/root/usr/share/passwall2/subscribe.lua index 13e103b4a..b174044de 100755 --- a/luci-app-passwall2/root/usr/share/passwall2/subscribe.lua +++ b/luci-app-passwall2/root/usr/share/passwall2/subscribe.lua @@ -894,12 +894,17 @@ local function select_node(nodes, config) end -- 还不行 随便找一个 if not server then - server = uci:get_all(appname, '@' .. "nodes" .. '[0]') - if server then - if config.log == nil or config.log == true then - log('【' .. config.remarks .. '】' .. '无法找到最匹配的节点,当前已更换为:' .. server.remarks) + local nodes_table = {} + for k, e in ipairs(api.get_valid_nodes()) do + if e.node_type == "normal" then + nodes_table[#nodes_table + 1] = e end - server = server[".name"] + end + if #nodes_table > 0 then + if config.log == nil or config.log == true then + log('【' .. config.remarks .. '】' .. '无法找到最匹配的节点,当前已更换为:' .. nodes_table[1].remarks) + end + server = nodes_table[1][".name"] end end if server then @@ -913,15 +918,15 @@ local function update_node(manual) return end - local group = "" + local group = {} for _, v in ipairs(nodeResult) do - group = group .. v["remark"] + group[v["remark"]] = true end - if manual == 0 and #group > 0 then + if manual == 0 and next(group) then uci:foreach(appname, "nodes", function(node) - -- 如果是未发现新节点或手动导入的节点就不要删除了... - if (node.add_from and group:find(node.add_from, 1, true)) and node.add_mode == "2" then + -- 如果未发现新节点或手动导入的节点就不要删除了... + if node.add_mode == "2" and (node.add_from and group[node.add_from] == true) then uci:delete(appname, node['.name']) end end) @@ -1117,7 +1122,7 @@ local execute = function() if #fail_list > 0 then for index, value in ipairs(fail_list) do - log(value.remark .. '订阅失败,可能是订阅地址失效,或是网络问题,请诊断!') + log(string.format('【%s】订阅失败,可能是订阅地址失效,或是网络问题,请诊断!', value.remark)) end end update_node(0) diff --git a/luci-app-ssr-plus/root/usr/bin/ssr-rules b/luci-app-ssr-plus/root/usr/bin/ssr-rules index 4a85173fa..547d910ae 100755 --- a/luci-app-ssr-plus/root/usr/bin/ssr-rules +++ b/luci-app-ssr-plus/root/usr/bin/ssr-rules @@ -237,14 +237,12 @@ tp_rule() { router) $ipt -A SS_SPEC_TPROXY -p udp -m set --match-set ss_spec_wan_ac dst -j RETURN $ipt -A SS_SPEC_TPROXY -p udp -m set --match-set china dst -j RETURN - $ipt -A SS_SPEC_TPROXY -p udp --dport 443 -j DROP $ipt -A SS_SPEC_TPROXY -p udp --dport 80 -j DROP $ipt -A SS_SPEC_TPROXY -p udp -m set --match-set gmlan src -m set ! --match-set china dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 $ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set ! --match-set ss_spec_wan_ac dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 ;; gfw) $ipt -A SS_SPEC_TPROXY -p udp -m set --match-set china dst -j RETURN - $ipt -A SS_SPEC_TPROXY -p udp --dport 443 -j DROP $ipt -A SS_SPEC_TPROXY -p udp --dport 80 -j DROP $ipt -A SS_SPEC_TPROXY -p udp $PROXY_PORTS -m set --match-set gfwlist dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 $ipt -A SS_SPEC_TPROXY -p udp -m set --match-set gmlan src -m set ! --match-set china dst -j TPROXY --on-port "$LOCAL_PORT" --tproxy-mark 0x01/0x01 diff --git a/shadowsocks-libev/Makefile b/shadowsocks-libev/Makefile index 3642746e9..0c4ce1bd6 100644 --- a/shadowsocks-libev/Makefile +++ b/shadowsocks-libev/Makefile @@ -14,7 +14,7 @@ include $(TOPDIR)/rules.mk # PKG_NAME:=shadowsocks-libev PKG_VERSION:=3.3.5 -PKG_RELEASE:=8 +PKG_RELEASE:=9 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev/releases/download/v$(PKG_VERSION) diff --git a/shadowsocks-libev/files/shadowsocks-libev.init b/shadowsocks-libev/files/shadowsocks-libev.init index f9aee76a7..5330b8735 100644 --- a/shadowsocks-libev/files/shadowsocks-libev.init +++ b/shadowsocks-libev/files/shadowsocks-libev.init @@ -81,6 +81,7 @@ ss_xxx() { [ -z "$mtu" ] || json_add_int mtu "$mtu" [ -z "$timeout" ] || json_add_int timeout "$timeout" [ -z "$user" ] || json_add_string user "$user" + [ -z "$acl" ] || json_add_string acl "$acl" json_dump -i >"$confjson" procd_open_instance "$cfgtype.$cfg" @@ -273,7 +274,8 @@ validate_server_section() { } validate_ss_local_section() { - validate_common_client_options_ ss_local "$1" "$2" + validate_common_client_options_ ss_local "$1" "$2" \ + 'acl:file' } validate_ss_redir_section() { @@ -307,7 +309,8 @@ validate_ss_server_section() { 'local_address:ipaddr' \ 'local_ipv4_address:ip4addr' \ 'local_ipv6_address:ip6addr' \ - 'bind_address:ipaddr' + 'bind_address:ipaddr' \ + 'acl:file' } validate_ss_tunnel_section() {