OpenWrt/small-package
1
0
Fork 0
mirror of https://github.com/kenzok8/small-package synced 2025-09-20 19:11:30 +08:00
Code Issues Projects Releases Wiki Activity

update 03-13 13:54

Browse Source
This commit is contained in:
github-actions[bot]
2022-03-13 13:54:42 +08:00
parent 046a3b66dd
commit ab61277ea9
5 changed files with 242 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
luci-app-unblockneteasemusic/Makefile
View File

@ -6,12 +6,13 @@ include $(TOPDIR)/rules.mk
LUCI_TITLE:=LuCI support for UnblockNeteaseMusic LUCI_TITLE:=LuCI support for UnblockNeteaseMusic
LUCI_DEPENDS:=+busybox +dnsmasq-full +ipset +jsonfilter +node +uclient-fetch \ LUCI_DEPENDS:=+busybox +dnsmasq-full +ipset +jsonfilter +node +uclient-fetch \
+PACKAGE_firewall4:ucode \
@(PACKAGE_libustream-mbedtls||PACKAGE_libustream-openssl||PACKAGE_libustream-wolfssl) @(PACKAGE_libustream-mbedtls||PACKAGE_libustream-openssl||PACKAGE_libustream-wolfssl)
LUCI_PKGARCH:=all LUCI_PKGARCH:=all
PKG_NAME:=luci-app-unblockneteasemusic PKG_NAME:=luci-app-unblockneteasemusic
PKG_VERSION:=2.12 PKG_VERSION:=2.12
PKG_RELEASE:=2 PKG_RELEASE:=3
PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org> PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>

154
luci-app-unblockneteasemusic/root/etc/init.d/unblockneteasemusic
View File

@ -12,6 +12,8 @@ NAME="unblockneteasemusic"
UPGRADE_CONF="/lib/upgrade/keep.d/$NAME" UPGRADE_CONF="/lib/upgrade/keep.d/$NAME"
IPT_N="iptables -t nat" IPT_N="iptables -t nat"
RULES_UC="/usr/share/$NAME/rules/default.uc"
RULES_NFT="/etc/nftables.d/90-$NAME-rules.nft"
is_enabled() { is_enabled() {
local enabled local enabled
@ -72,12 +74,25 @@ start_service()
append_param "-p" "${http_port}":"${https_port}" append_param "-p" "${http_port}":"${https_port}"
if is_enabled "config" "pub_access"; then if is_enabled "config" "pub_access"; then
iptables -I "INPUT" -p "tcp" --dport "${http_port}" -j "ACCEPT" if [ -e "$(command -v fw4)" ]; then
iptables -I "INPUT" -p "tcp" --dport "${https_port}" -j "ACCEPT" uci -q batch <<-EOF
echo "${http_port}:${https_port}" > "/tmp/$NAME.ports" add firewall rule
set firewall.@rule[-1].name='unblockneteasemusic_pub_access'
set firewall.@rule[-1].proto='tcp'
set firewall.@rule[-1].src='wan'
set firewall.@rule[-1].dest_port='${http_port}-${https_port}'
set firewall.@rule[-1].target='ACCEPT'
commit firewall
EOF
fw4 reload
else
iptables -I "INPUT" -p "tcp" --dport "${http_port}" -j "ACCEPT"
iptables -I "INPUT" -p "tcp" --dport "${https_port}" -j "ACCEPT"
echo "${http_port}:${https_port}" > "/tmp/$NAME.ports"
mkdir -p "/var/etc/" mkdir -p "/var/etc/"
echo "/etc/init.d/$NAME restart" > "/var/etc/$NAME.include" echo "/etc/init.d/$NAME restart" > "/var/etc/$NAME.include"
fi
fi fi
local music_source local music_source
@ -113,9 +128,9 @@ start_service()
procd_set_param stderr 1 procd_set_param stderr 1
procd_set_param respawn procd_set_param respawn
local lan_addr local lan_addr="$(uci -q get network.lan.ipaddr)"
lan_addr="$(uci -q get network.lan.ipaddr)"
if [ "${hijack_ways}" = "use_ipset" ]; then if [ "${hijack_ways}" = "use_ipset" ]; then
# TODO: wating for dnsmasq support nftset
mkdir -p "/tmp/dnsmasq.d" mkdir -p "/tmp/dnsmasq.d"
rm -f "/tmp/dnsmasq.d/dnsmasq-$NAME.conf" rm -f "/tmp/dnsmasq.d/dnsmasq-$NAME.conf"
cat <<-EOF > "/tmp/dnsmasq.d/dnsmasq-$NAME.conf" cat <<-EOF > "/tmp/dnsmasq.d/dnsmasq-$NAME.conf"
@ -130,42 +145,85 @@ start_service()
EOF EOF
/etc/init.d/dnsmasq reload /etc/init.d/dnsmasq reload
ipset create "acl_neteasemusic_http" hash:ip [ -e "$(command -v fw4)" ] || {
ipset create "acl_neteasemusic_https" hash:ip ipset create "acl_neteasemusic_http" hash:ip
ip_addr_num="$(uci show "$NAME" | grep -c "filter_mode")" ipset create "acl_neteasemusic_https" hash:ip
ipset create "neteasemusic" hash:ip
}
local ip_addr_num="$(uci show "$NAME" | grep -c "filter_mode")"
let ip_addr_num="ip_addr_num-1" let ip_addr_num="ip_addr_num-1"
local acl_http_addr acl_https_addr
[ "${ip_addr_num}" -ge "0" ] && for i in $(seq 0 "${ip_addr_num}") [ "${ip_addr_num}" -ge "0" ] && for i in $(seq 0 "${ip_addr_num}")
do do
ip_addr="$(uci_get_by_name "acl_rule" "ip_addr" "" "$i")" ip_addr="$(uci_get_by_name "acl_rule" "ip_addr" "" "$i")"
filter_mode="$(uci_get_by_name "acl_rule" "filter_mode" "" "$i")" filter_mode="$(uci_get_by_name "acl_rule" "filter_mode" "" "$i")"
case "${filter_mode}" in case "${filter_mode}" in
"disable_http") "disable_http")
ipset -! add "acl_neteasemusic_http" "${ip_addr}" if [ -e "$(command -v fw4)" ];then
acl_http_addr="${acl_http_addr}${ip_addr}\n"
else
ipset -! add "acl_neteasemusic_http" "${ip_addr}"
fi
;; ;;
"disable_https") "disable_https")
ipset -! add "acl_neteasemusic_https" "${ip_addr}" if [ -e "$(command -v fw4)" ]; then
acl_https_addr="${acl_https_addr}${ip_addr}\n"
else
ipset -! add "acl_neteasemusic_https" "${ip_addr}"
fi
;; ;;
"disable_all") "disable_all")
ipset -! add "acl_neteasemusic_http" "${ip_addr}" if [ -e "$(command -v fw4)" ]; then
ipset -! add "acl_neteasemusic_https" "${ip_addr}" acl_http_addr="${acl_http_addr}${ip_addr}\n"
acl_https_addr="${acl_https_addr}${ip_addr}\n"
else
ipset -! add "acl_neteasemusic_http" "${ip_addr}"
ipset -! add "acl_neteasemusic_https" "${ip_addr}"
fi
;; ;;
esac esac
done done
ipset create "neteasemusic" hash:ip local netease_music_ips="$(uclient-fetch -qO- "http://httpdns.n.netease.com/httpdns/v2/d?domain=music.163.com,interface.music.163.com,interface3.music.163.com,apm.music.163.com,apm3.music.163.com,clientlog.music.163.com,clientlog3.music.163.com" |jsonfilter -e '@.data.*.ip.*')"
netease_music_ips="$(uclient-fetch -qO- "http://httpdns.n.netease.com/httpdns/v2/d?domain=music.163.com,interface.music.163.com,interface3.music.163.com,apm.music.163.com,apm3.music.163.com,clientlog.music.163.com,clientlog3.music.163.com" |jsonfilter -e '@.data.*.ip.*')" local netease_music_ips2="$(uclient-fetch -qO- "https://music.httpdns.c.163.com/d" --post-data="music.163.com,interface.music.163.com,interface3.music.163.com,apm.music.163.com,apm3.music.163.com,clientlog.music.163.com,clientlog3.music.163.com" |jsonfilter -e '@.dns.*["ips"].*')"
netease_music_ips2="$(uclient-fetch -qO- "https://music.httpdns.c.163.com/d" --post-data="music.163.com,interface.music.163.com,interface3.music.163.com,apm.music.163.com,apm3.music.163.com,clientlog.music.163.com,clientlog3.music.163.com" |jsonfilter -e '@.dns.*["ips"].*')" if [ -e "$(command -v fw4)" ]; then
echo -e "${netease_music_ips}\n${netease_music_ips2}" |sort -u |awk '{print "ipset add neteasemusic "$1}' |sh local tmp="/tmp/$NAME"
$IPT_N -N "netease_cloud_music" local neteasemusic_addr="$(echo -e "${netease_music_ips}\n${netease_music_ips2}" |sort -u |awk '{print $1}')"
for local_addr in "0.0.0.0/8" "10.0.0.0/8" "127.0.0.0/8" "169.254.0.0/16" "172.16.0.0/12" "192.168.0.0/16" "224.0.0.0/4" "240.0.0.0/4"; do json_init
$IPT_N -A "netease_cloud_music" -d "${local_addr}" -j "RETURN" json_add_int o_http_port "${http_port}"
done json_add_int o_https_port "${https_port}"
$IPT_N -A "netease_cloud_music" -p "tcp" -m "set" ! --match-set "acl_neteasemusic_http" "src" --dport "80" -j "REDIRECT" --to-ports "${http_port}" json_add_string o_acl_http_addr "$acl_http_addr"
$IPT_N -A "netease_cloud_music" -p "tcp" -m "set" ! --match-set "acl_neteasemusic_https" "src" --dport "443" -j "REDIRECT" --to-ports "${https_port}" json_add_string o_acl_https_addr "$acl_https_addr"
$IPT_N -I "PREROUTING" -p "tcp" -m "set" --match-set "neteasemusic" "dst" -j "netease_cloud_music" json_add_string o_neteasemusic_addr "$neteasemusic_addr"
json_dump -i >"$tmp.json"
mkdir -p "/var/etc/" if ucode -S -i "$RULES_UC" -E "$tmp.json" >"$tmp.nft" \
echo "/etc/init.d/$NAME restart" > "/var/etc/$NAME.include" && ! cmp -s "$tmp.nft" "$RULES_NFT"; then
echo "table inet chk {include \"$tmp.nft\";}" >"$tmp.nft.chk"
if nft -f "$tmp.nft.chk" -c; then
mv -f "$tmp.nft" "$RULES_NFT"
fw4 reload
fi
rm -f "$tmp.nft.chk"
fi
rm -f "$tmp.json" "$tmp.nft"
else
echo -e "${netease_music_ips}\n${netease_music_ips2}" |sort -u |awk '{print "ipset add neteasemusic "$1}' |sh
$IPT_N -N "netease_cloud_music"
for local_addr in "0.0.0.0/8" "10.0.0.0/8" "127.0.0.0/8" "169.254.0.0/16" "172.16.0.0/12" "192.168.0.0/16" "224.0.0.0/4" "240.0.0.0/4"; do
$IPT_N -A "netease_cloud_music" -d "${local_addr}" -j "RETURN"
done
$IPT_N -A "netease_cloud_music" -p "tcp" -m "set" ! --match-set "acl_neteasemusic_http" "src" --dport "80" -j "REDIRECT" --to-ports "${http_port}"
$IPT_N -A "netease_cloud_music" -p "tcp" -m "set" ! --match-set "acl_neteasemusic_https" "src" --dport "443" -j "REDIRECT" --to-ports "${https_port}"
$IPT_N -I "PREROUTING" -p "tcp" -m "set" --match-set "neteasemusic" "dst" -j "netease_cloud_music"
mkdir -p "/var/etc/"
echo "/etc/init.d/$NAME restart" > "/var/etc/$NAME.include"
fi
elif [ "${hijack_ways}" = "use_hosts" ]; then elif [ "${hijack_ways}" = "use_hosts" ]; then
mkdir -p "/tmp/dnsmasq.d" mkdir -p "/tmp/dnsmasq.d"
rm -f "/tmp/dnsmasq.d/dnsmasq-$NAME.conf" rm -f "/tmp/dnsmasq.d/dnsmasq-$NAME.conf"
@ -200,6 +258,7 @@ stop_service()
echo "/usr/share/$NAME/core/" >> "${UPGRADE_CONF}" echo "/usr/share/$NAME/core/" >> "${UPGRADE_CONF}"
echo "/usr/share/$NAME/local_ver" >> "${UPGRADE_CONF}" echo "/usr/share/$NAME/local_ver" >> "${UPGRADE_CONF}"
} }
local self_issue_cert_crt self_issue_cert_key local self_issue_cert_crt self_issue_cert_key
config_get "self_issue_cert_crt" "config" "self_issue_cert_crt" config_get "self_issue_cert_crt" "config" "self_issue_cert_crt"
config_get "self_issue_cert_key" "config" "self_issue_cert_key" config_get "self_issue_cert_key" "config" "self_issue_cert_key"
@ -208,22 +267,39 @@ stop_service()
echo "${self_issue_cert_key}" >> "${UPGRADE_CONF}" echo "${self_issue_cert_key}" >> "${UPGRADE_CONF}"
} }
[ -f "/tmp/$NAME.ports" ] && { if [ -e "$(command -v fw4)" ]; then
iptables -D "INPUT" -p "tcp" --dport "$(awk -F ':' 'print $1' "/tmp/$NAME.ports")" -j "ACCEPT" local rule="$(uci show firewall | grep "name='unblockneteasemusic_pub_access'" | awk -F '.' '{ print $2}')"
iptables -D "INPUT" -p "tcp" --dport "$(awk -F ':' 'print $2' "/tmp/$NAME.ports")" -j "ACCEPT" [ -n "${rule}" ] && {
rm -f "/tmp/$NAME.ports" uci -q batch <<-EOF
} delete firewall.${rule}
commit firewall
EOF
}
$IPT_N -D "PREROUTING" -p "tcp" -m set --match-set "neteasemusic" "dst" -j "netease_cloud_music" [ ! -e "$RULES_NFT" ] || rm -f "$RULES_NFT"
$IPT_N -F "netease_cloud_music"
$IPT_N -X "netease_cloud_music" fw4 reload
ipset destroy "neteasemusic" else
ipset destroy "acl_neteasemusic_http" [ ! -e "/tmp/$NAME.ports" ] || {
ipset destroy "acl_neteasemusic_https" iptables -D "INPUT" -p "tcp" --dport "$(awk -F ':' 'print $1' "/tmp/$NAME.ports")" -j "ACCEPT"
echo "" > "/var/etc/$NAME.include" iptables -D "INPUT" -p "tcp" --dport "$(awk -F ':' 'print $2' "/tmp/$NAME.ports")" -j "ACCEPT"
}
rm -f "/tmp/$NAME.ports"
$IPT_N -D "PREROUTING" -p "tcp" -m set --match-set "neteasemusic" "dst" -j "netease_cloud_music"
$IPT_N -F "netease_cloud_music"
$IPT_N -X "netease_cloud_music"
ipset destroy "neteasemusic"
ipset destroy "acl_neteasemusic_http"
ipset destroy "acl_neteasemusic_https"
echo "" > "/var/etc/$NAME.include"
fi
rm -f "/tmp/dnsmasq.d/dnsmasq-$NAME.conf" rm -f "/tmp/dnsmasq.d/dnsmasq-$NAME.conf"
/etc/init.d/dnsmasq reload /etc/init.d/dnsmasq reload
ip route del "223.252.199.10" ip route del "223.252.199.10"
rm -f "/tmp/$NAME.log" rm -f "/tmp/$NAME.log"

25
luci-app-unblockneteasemusic/root/usr/share/unblockneteasemusic/rules/chain.uc Normal file
View File

@ -0,0 +1,25 @@
{%
let http_port = o_http_port;
let https_port = o_https_port;
%}
chain netease_cloud_music {
type nat hook prerouting priority -1;
meta l4proto tcp ip daddr @neteasemusic_ipv4 jump netease_cloud_music_redir;
meta l4proto tcp ip6 daddr @neteasemusic_ipv6 jump netease_cloud_music_redir;
}
chain netease_cloud_music_redir {
ip daddr @local_addr_ipv4 return;
ip saddr @acl_neteasemusic_http_ipv4 accept;
ip saddr @acl_neteasemusic_https_ipv4 accept;
ip6 daddr @local_addr_ipv6 return;
ip6 saddr @acl_neteasemusic_http_ipv6 accept;
ip6 saddr @acl_neteasemusic_https_ipv6 accept;
tcp dport 80 counter redirect to :{{ http_port }};
tcp dport 443 counter redirect to :{{ https_port }};
}

6
luci-app-unblockneteasemusic/root/usr/share/unblockneteasemusic/rules/default.uc Normal file
View File

@ -0,0 +1,6 @@
{%
include("set.uc");
include("chain.uc");
%}

94
luci-app-unblockneteasemusic/root/usr/share/unblockneteasemusic/rules/set.uc Normal file
View File

@ -0,0 +1,94 @@
{%
let local_addr4 = "
0.0.0.0/8
10.0.0.0/8
100.64.0.0/10
127.0.0.0/8
169.254.0.0/16
172.16.0.0/12
192.0.0.0/24
192.0.2.0/24
192.31.196.0/24
192.52.193.0/24
192.88.99.0/24
192.168.0.0/16
192.175.48.0/24
198.18.0.0/15
198.51.100.0/24
203.0.113.0/24
224.0.0.0/4
240.0.0.0/4
";
let local_addr6 = "
::1/128
::/128
::ffff:0:0/96
64:ff9b:1::/48
100::/64
fe80::/10
2001::/23
fc00::/7
";
let o_local_bypass = local_addr4 + " " + local_addr6;
let set_suffix = {
"acl_neteasemusic_http": {
str: o_acl_http_addr,
},
"acl_neteasemusic_https": {
str: o_acl_https_addr,
},
"local_addr": {
str: o_local_bypass,
},
"neteasemusic": {
str: o_neteasemusic_addr,
},
};
function set_name(suf, af) {
if (af == 4) {
return suf+"_ipv4";
} else {
return suf+"_ipv6";
}
}
function set_elements_parse(res, str, af) {
for (let addr in split(str, /[ \t\n]/)) {
addr = trim(addr);
if (!addr) continue;
if (af == 4 && index(addr, ":") != -1) continue;
if (af == 6 && index(addr, ":") == -1) continue;
push(res, addr);
}
}
function set_elements(suf, af) {
let obj = set_suffix[suf];
let res = [];
let addr;
let str = obj["str"];
if (str) {
set_elements_parse(res, str, af);
}
return res;
}
%}
{% for (let suf in set_suffix): for (let af in [4, 6]): %}
set {{ set_name(suf, af) }} {
type ipv{{af}}_addr;
flags interval;
{% let elems = set_elements(suf, af); if (length(elems)): %}
elements = {
{% for (let i = 0; i < length(elems); i++): %}
{{ elems[i] }}{% if (i < length(elems) - 1): %},{% endif %}{% print("\n") %}
{% endfor %}
}
{% endif %}
}
{% endfor; endfor %}