update 2022-10-31 20:26:52

oaf/src/af_log.c

@@ -11,6 +11,7 @@ int af_test_mode = 0;
 // todo: rename af_log.c
 int g_oaf_enable __read_mostly = 0;
 int af_work_mode = AF_MODE_GATEWAY;
+int af_lan_ip = 0;
 /* 
 	cat /proc/sys/oaf/debug
 */
@@ -43,6 +44,13 @@ static struct ctl_table oaf_table[] = {
 		.mode		= 0666,
 		.proc_handler	= proc_dointvec,
 	},
+	{
+		.procname	= "lan_ip",
+		.data		= &af_lan_ip,
+		.maxlen 	= sizeof(int),
+		.mode		= 0666,
+		.proc_handler	= proc_dointvec,
+	},
 	{
 	}
 };

oaf/src/af_log.h

@@ -3,6 +3,7 @@
 extern int af_log_lvl;
 extern int af_test_mode;
 extern int af_work_mode;
+extern int af_lan_ip;
 #define LOG(level, fmt, ...) do { \
     if ((level) <= af_log_lvl) { \
         printk(fmt, ##__VA_ARGS__); \

oaf/src/app_filter.c

@@ -261,7 +261,6 @@ int add_app_feature(int appid, char *name, char *feature)
 	}
 	if (AF_DICT_PARAM_INDEX != param_num && strlen(feature) > MIN_FEATURE_STR_LEN)
 	{
-		AF_ERROR("invalid feature:%s\n", feature);
 		return -1;
 	}
 	strncpy(dict, begin, p - begin);
@@ -348,7 +347,6 @@ void load_feature_buf_from_file(char **config_buf)
 
 	if (IS_ERR(fp))
 	{
-		printk("open feature file failed\n");
 		return;
 	}
 
@@ -393,7 +391,6 @@ int load_feature_config(void)
 	load_feature_buf_from_file(&feature_buf);
 	if (!feature_buf)
 	{
-		AF_ERROR("error, feature buf is null\n");
 		return -1;
 	}
 	p = begin = feature_buf;
@@ -908,6 +905,10 @@ u_int32_t app_filter_hook_bypass_handle(struct sk_buff *skb, struct net_device *
 	if (af_match_bcast_packet(&flow) || af_match_local_packet(&flow))
 		return NF_ACCEPT;
 
+	if (af_lan_ip == flow.src || af_lan_ip == flow.dst){
+		return NF_ACCEPT;
+	}
+
 	af_get_smac(skb, smac);
 
 	AF_CLIENT_LOCK_W();

open-app-filter/src/appfilter_config.c

@@ -299,6 +299,18 @@ int config_get_appfilter_enable(void)
     return enable;
 }
 
+int config_get_lan_ip(char *lan_ip, int len)
+{
+    int ret = 0;
+    struct uci_context *ctx = uci_alloc_context();
+    if (!ctx)
+        return -1;
+    ret = uci_get_value(ctx, "network.lan.ipaddr", lan_ip, len);
+    uci_free_context(ctx);
+    return ret;
+}
+
+
 int appfilter_config_alloc(void)
 {
     char *err;

open-app-filter/src/appfilter_config.h

@@ -56,5 +56,6 @@ int appfilter_config_alloc(void);
 int appfilter_config_free(void);
 af_ctl_time_t *load_appfilter_ctl_time_config(void);
 int config_get_appfilter_enable(void);
+int config_get_lan_ip(char *lan_ip, int len);
 
 #endif

open-app-filter/src/main.c

@@ -30,6 +30,8 @@ THE SOFTWARE.
 #include "appfilter_ubus.h"
 #include "appfilter_config.h"
 #include <time.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
 void check_appfilter_enable(void)
 {
     int enable = 1;
@@ -88,14 +90,27 @@ EXIT:
    		free(af_t);
 }
 
+void update_lan_ip(void){
+    char ip_str[32] = {0};
+    struct in_addr addr;
+    char cmd_buf[128] = {0};
+    u_int32_t lan_ip = 0;
+
+    config_get_lan_ip(ip_str, sizeof(ip_str));
+    inet_aton(ip_str, &addr);
+    lan_ip =addr.s_addr;
+    sprintf(cmd_buf, "echo %d >/proc/sys/oaf/lan_ip", lan_ip);
+    system(cmd_buf);
+}
+
 void dev_list_timeout_handler(struct uloop_timeout *t)
 {
     dump_dev_list();
     check_dev_visit_info_expire();
     flush_expire_visit_info();
     //dump_dev_visit_list();
+    update_lan_ip();
     check_appfilter_enable();
-    //todo: dev list expire
     if (check_dev_expire()){
         flush_expire_visit_info();
         flush_dev_expire_node();

sing-box/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=sing-box
-PKG_VERSION:=1.1-beta11
+PKG_VERSION:=1.1-beta12
 PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/SagerNet/sing-box/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=8baf0424af76ba76a501cdd5611630bc10d3967873aa3516da70a2792ee3d526
+PKG_HASH:=7e0937c553499281292f4ecdc303670fd8d405590e6bc726b47ffb3526b138a3
 
 PKG_LICENSE:=GPL-3.0
 PKG_LICENSE_FILE:=LICENSE