OpenWrt
/
small-package
mirror of https://github.com/kenzok8/small-package
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

update 2023-10-20 16:08:06

This commit is contained in:
github-actions[bot] 2023-10-20 16:08:07 +08:00
parent 772bd8a9c4
commit b526a54cd6
6 changed files with 294 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
adguardhome/patches/010-go-mod-tidy.patch Normal file
View File

@ -0,0 +1,119 @@
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,8 @@
module github.com/AdguardTeam/AdGuardHome
-go 1.20
+go 1.21
+
+toolchain go1.21.3
require (
github.com/AdguardTeam/dnsproxy v0.56.2
@@ -10,7 +12,6 @@ require (
github.com/ameshkov/dnscrypt/v2 v2.2.7
github.com/bluele/gcache v0.0.2
github.com/digineo/go-ipset/v2 v2.2.1
- github.com/dimfeld/httptreemux/v5 v5.5.0
github.com/fsnotify/fsnotify v1.6.0
github.com/go-ping/ping v1.1.0
github.com/google/go-cmp v0.6.0
--- a/go.sum
+++ b/go.sum
@@ -23,17 +23,18 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/digineo/go-ipset/v2 v2.2.1 h1:k6skY+0fMqeUjjeWO/m5OuWPSZUAn7AucHMnQ1MX77g=
github.com/digineo/go-ipset/v2 v2.2.1/go.mod h1:wBsNzJlZlABHUITkesrggFnZQtgW5wkqw1uo8Qxe0VU=
-github.com/dimfeld/httptreemux/v5 v5.5.0 h1:p8jkiMrCuZ0CmhwYLcbNbl7DDo21fozhKHQ2PccwOFQ=
-github.com/dimfeld/httptreemux/v5 v5.5.0/go.mod h1:QeEylH57C0v3VO0tkKraVz9oD3Uu93CKPnTLbsidvSw=
github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
+github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
+github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
github.com/go-ping/ping v1.1.0 h1:3MCGhVX4fyEUuhsfwPrsEdQw6xspHkv5zHsiSoDFZYw=
github.com/go-ping/ping v1.1.0/go.mod h1:xIFjORFzTxqIV/tDVGO4eDy/bLuSyawEeojSm3GfRGk=
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
@@ -49,6 +50,7 @@ github.com/google/uuid v1.2.0/go.mod h1:
github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4=
github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714 h1:/jC7qQFrv8CrSJVmaolDVOxTfS9kc36uB6H40kdbQq8=
+github.com/hugelgupf/socketpair v0.0.0-20190730060125-05d35a94e714/go.mod h1:2Goc3h8EklBH5mspfHFxBnEoURQCGzQQH1ga9Myjvis=
github.com/insomniacslk/dhcp v0.0.0-20230908212754-65c27093e38a h1:S33o3djA1nPRd+d/bf7jbbXytXuK/EoXow7+aa76grQ=
github.com/insomniacslk/dhcp v0.0.0-20230908212754-65c27093e38a/go.mod h1:zmdm3sTSDP3vOOX3CEWRkkRHtKr1DxBx+J1OQFoDQQs=
github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
@@ -59,7 +61,9 @@ github.com/josharian/native v1.1.1-0.202
github.com/kardianos/service v1.2.2 h1:ZvePhAHfvo0A7Mftk/tEzqEZ7Q4lgnR8sGz4xu1YX60=
github.com/kardianos/service v1.2.2/go.mod h1:CIMRFEJVL+0DS1a3Nx06NaMn4Dz63Ng6O7dl0qH0zVM=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 h1:6E+4a0GO5zZEnZ81pIr0yLvtUWk2if982qA3F3QD6H4=
+github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0/go.mod h1:zJYVVT2jmtg6P3p1VtQj7WsuWi/y4VnjVBn7F8KPB3I=
github.com/mdlayher/ethernet v0.0.0-20220221185849-529eae5b6118 h1:2oDp6OOhLxQ9JBoUuysVz9UZ9uI6oLUbvAZu0x8o+vE=
github.com/mdlayher/ethernet v0.0.0-20220221185849-529eae5b6118/go.mod h1:ZFUnHIVchZ9lJoWoEGUg8Q3M4U8aNNWA3CVSUTkW4og=
github.com/mdlayher/netlink v0.0.0-20190313131330-258ea9dff42c/go.mod h1:eQB3mZE4aiYnlUsyGGCOpPETfdQq4Jhsgf1fk3cwQaA=
@@ -76,9 +80,11 @@ github.com/mdlayher/socket v0.5.0/go.mod
github.com/miekg/dns v1.1.56 h1:5imZaSeoRNvpM9SzWNhEcP9QliKiz20/dA2QabIGVnE=
github.com/miekg/dns v1.1.56/go.mod h1:cRm6Oo2C8TY9ZS/TqsSrseAcncm74lfK5G+ikN2SWWY=
github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4=
github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o=
github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
+github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M=
github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
github.com/pierrec/lz4/v4 v4.1.14/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
@@ -90,6 +96,7 @@ github.com/pkg/errors v0.9.1/go.mod h1:b
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c h1:ncq/mPwQF4JjgDlrVEn3C11VoGHZN7m8qihwgMEtzYw=
+github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo=
github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A=
github.com/quic-go/qtls-go1-20 v0.3.4 h1:MfFAPULvst4yoMgY9QmtpYmfij/em7O8UUi+bNVm7Cg=
@@ -97,9 +104,12 @@ github.com/quic-go/qtls-go1-20 v0.3.4/go
github.com/quic-go/quic-go v0.39.1 h1:d/m3oaN/SD2c+f7/yEjZxe2zEVotXprnrCCJ2y/ZZFE=
github.com/quic-go/quic-go v0.39.1/go.mod h1:T09QsDQWjLiQ74ZmacDfqZmhY/NLnw5BC40MANNNZ1Q=
github.com/shirou/gopsutil/v3 v3.23.7 h1:C+fHO8hfIppoJ1WdsVm1RoI0RwXoNdfTK7yWXV0wVj4=
+github.com/shirou/gopsutil/v3 v3.23.7/go.mod h1:c4gnmoRC0hQuaLqvxnx1//VXQ0Ms/X9UnJF8pddY5z4=
github.com/shoenig/go-m1cpu v0.1.6 h1:nxdKQNcEB6vzgA2E2bvzKIYRuNj7XNJ4S/aRSwKzFtM=
+github.com/shoenig/go-m1cpu v0.1.6/go.mod h1:1JJMcUBvfNwpq05QDQVAnx3gUHr9IYF7GNg9SUEw2VQ=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
@@ -108,10 +118,13 @@ github.com/ti-mo/netfilter v0.2.0/go.mod
github.com/ti-mo/netfilter v0.5.0 h1:MZmsUw5bFRecOb0AeyjOPxTHg4UxYzyEs0Ek/6Lxoy8=
github.com/ti-mo/netfilter v0.5.0/go.mod h1:nt+8B9hx/QpqHr7Hazq+2qMCCA8u2OTkyc/7+U9ARz8=
github.com/tklauser/go-sysconf v0.3.11 h1:89WgdJhk5SNwJfu+GKyYveZ4IaJ7xAkecBo+KdJV0CM=
+github.com/tklauser/go-sysconf v0.3.11/go.mod h1:GqXfhXY3kiPa0nAXPDIQIWzJbMCB7AmcWpGR8lSZfqI=
github.com/tklauser/numcpus v0.6.0 h1:kebhY2Qt+3U6RNK7UqpYNA+tJ23IBEGKkB7JQBfDYms=
+github.com/tklauser/numcpus v0.6.0/go.mod h1:FEZLMke0lhOUG6w2JadTzp0a+Nl8PF/GFkQ5UVIcaL4=
github.com/u-root/uio v0.0.0-20230305220412-3e8cd9d6bf63 h1:YcojQL98T/OO+rybuzn2+5KrD5dBwXIvYBvQ2cD3Avg=
github.com/u-root/uio v0.0.0-20230305220412-3e8cd9d6bf63/go.mod h1:eLL9Nub3yfAho7qB0MzZizFhTU2QkLeoVsWdHtDW264=
github.com/yusufpapurcu/wmi v1.2.3 h1:E1ctvB7uKFMOJw3fdOW32DwGE9I7t++CRUEMKvFoFiw=
+github.com/yusufpapurcu/wmi v1.2.3/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ=
go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw=
go.uber.org/mock v0.3.0 h1:3mUxI1No2/60yUYax92Pt8eNOEecx2D3lcXZh2NEZJo=
@@ -164,8 +177,10 @@ golang.org/x/tools v0.14.0/go.mod h1:uYB
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
+google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
+gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=
gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc=
gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0/go.mod h1:WDnlLJ4WF5VGsH/HVa3CI79GS0ol3YnhVnKP89i0kNg=

2
luci-app-xray/README.md
View File

@ -40,6 +40,8 @@ Then find `luci-app-xray` under `Extra Packages`.
* 2023-09-27 fix: sniffing inboundTag; fix: upstream_domain_names
* 2023-10-01 fix: default configuration
* 2023-10-06 chore: code cleanup
* 2023-10-19 feat: detailed status page via metrics
* 2023-10-20 feat: better network interface control. **Requires reselection of LAN interfaces in** `Xray (preview)` -> `LAN Hosts Access Control`
## Star History

3
luci-app-xray/core/root/etc/config/xray_core
View File

@ -4,6 +4,7 @@ config general
list forwarded_domain_rules 'geosite:geolocation-!cn'
list geoip_direct_code_list 'cn'
list geoip_direct_code_list_v6 'cn'
list lan_ifaces 'br-lan'
list tproxy_ifaces_v4 'br-lan'
list tproxy_ifaces_v6 'br-lan'
option transparent_proxy_enable '1'
option xray_bin '/usr/bin/xray'

183
luci-app-xray/core/root/usr/share/xray/firewall_include.ut
View File

@ -45,6 +45,8 @@
const manual_tproxy = filter(keys(config), k => config[k][".type"] == "manual_tproxy") || [];
const manual_tproxy_source_ips = map(manual_tproxy, k => config[k]["source_addr"]) || [];
const tp_spec_sm4_tp = uniq(map(filter(keys(config), k => config[k][".type"] == "lan_hosts" && config[k].access_control_strategy_v4 == "tproxy"), k => config[k].macaddr) || []);
const tp_spec_sm6_tp = uniq(map(filter(keys(config), k => config[k][".type"] == "lan_hosts" && config[k].access_control_strategy_v6 == "tproxy"), k => config[k].macaddr) || []);
const tp_spec_sm4_bp = uniq(map(filter(keys(config), k => config[k][".type"] == "lan_hosts" && config[k].access_control_strategy_v4 == "bypass"), k => config[k].macaddr) || []);
const tp_spec_sm6_bp = uniq(map(filter(keys(config), k => config[k][".type"] == "lan_hosts" && config[k].access_control_strategy_v6 == "bypass"), k => config[k].macaddr) || []);
const tp_spec_sm4_fw = map(filter(keys(config), k => config[k][".type"] == "lan_hosts" && config[k].access_control_strategy_v4 == "forward"), k => config[k]);
@ -123,21 +125,65 @@
}();
%}
set tp_spec_dv4_sp {
type ipv4_addr
flags constant,interval
elements = { 0.0.0.0/8, 10.0.0.0/8,
100.64.0.0/10, 127.0.0.0/8,
169.254.0.0/16, 172.16.0.0/12,
192.0.0.0/24, 192.52.193.0/24,
192.168.0.0/16, 224.0.0.0/3 }
}
set tp_spec_dv6_sp {
type ipv6_addr
flags constant,interval
elements = { ::,
::1,
::ffff:0.0.0.0/96,
::ffff:0:0:0/96,
64:ff9b::/96,
100::/64,
2001::/32,
2001:20::/28,
2001:db8::/32,
2002::/16,
fc00::/7,
fe80::/10,
ff00::/8 }
}
{% if (length(tp_spec_sm4_bp) > 0): %}
set tp_spec_sm4_bp {
type ether_addr
flags constant
{% if (length(tp_spec_sm4_bp) > 0): %}
elements = { {{ join(", ", tp_spec_sm4_bp) }} }
{% endif %}
}
{% endif %}
{% if (length(tp_spec_sm6_bp) > 0): %}
set tp_spec_sm6_bp {
type ether_addr
flags constant
{% if (length(tp_spec_sm6_bp) > 0): %}
elements = { {{ join(", ", tp_spec_sm6_bp) }} }
{% endif %}
}
{% endif %}
{% if (length(tp_spec_sm4_tp) > 0): %}
set tp_spec_sm4_tp {
type ether_addr
flags constant
elements = { {{ join(", ", tp_spec_sm4_tp) }} }
}
{% endif %}
{% if (length(tp_spec_sm6_tp) > 0): %}
set tp_spec_sm6_tp {
type ether_addr
flags constant
elements = { {{ join(", ", tp_spec_sm6_tp) }} }
}
{% endif %}
{% for (let i in extra_inbound_tcp_v4_map): %}
set tp_spec_sm4_ft_{{ i }} {
@ -179,69 +225,41 @@
}
{% endif %}
set tp_spec_dv4_sp {
type ipv4_addr
flags constant,interval
elements = { 0.0.0.0/8, 10.0.0.0/8,
100.64.0.0/10, 127.0.0.0/8,
169.254.0.0/16, 172.16.0.0/12,
192.0.0.0/24, 192.52.193.0/24,
192.168.0.0/16, 224.0.0.0/3 }
}
set tp_spec_dv6_sp {
type ipv6_addr
flags constant,interval
elements = { ::,
::1,
::ffff:0.0.0.0/96,
::ffff:0:0:0/96,
64:ff9b::/96,
100::/64,
2001::/32,
2001:20::/28,
2001:db8::/32,
2002::/16,
fc00::/7,
fe80::/10,
ff00::/8 }
}
{% if (length(wan_bp_ips_v4) > 0): %}
set tp_spec_dv4_bp {
type ipv4_addr
size {{ length(wan_bp_ips_v4) }}
{% if (length(wan_bp_ips_v4) > 0): %}
flags constant, interval
elements = { {{ join(", ", wan_bp_ips_v4)}} }
{% endif %}
}
{% endif %}
{% if (length(wan_bp_ips_v6) > 0): %}
set tp_spec_dv6_bp {
type ipv6_addr
size {{ length(wan_bp_ips_v6) }}
{% if (length(wan_bp_ips_v6) > 0): %}
flags constant, interval
elements = { {{ join(", ", wan_bp_ips_v6)}} }
{% endif %}
}
{% endif %}
{% if (length(wan_fw_ips_v4) > 0): %}
set tp_spec_dv4_fw {
type ipv4_addr
size {{ length(wan_fw_ips_v4) }}
{% if (length(wan_fw_ips_v4) > 0): %}
flags constant, interval
elements = { {{ join(", ", wan_fw_ips_v4)}} }
{% endif %}
}
{% endif %}
{% if (length(wan_fw_ips_v6) > 0): %}
set tp_spec_dv6_fw {
type ipv6_addr
size {{ length(wan_fw_ips_v6) }}
{% if (length(wan_fw_ips_v6) > 0): %}
flags constant, interval
elements = { {{ join(", ", wan_fw_ips_v6)}} }
{% endif %}
}
{% endif %}
{% if (ignore_tp_spec_def_gw == null): %}
set tp_spec_dv4_dg {
@ -300,16 +318,16 @@
}
chain tp_spec_wan_fw {
{% if (length(manual_tproxy_source_ips) > 0): %}
ip protocol tcp ip daddr @tp_spec_dv4_mt {{ counter }} tproxy ip to :{{ general.tproxy_port_tcp_v4 || 1082 }} accept
ip protocol udp ip daddr @tp_spec_dv4_mt {{ counter }} tproxy ip to :{{ general.tproxy_port_udp_v4 || 1084 }} accept
{% endif %}
{% if (length(fakedns) > 0): %}
ip protocol tcp ip daddr {{ general.pool_v4 || "198.18.0.0/15" }} {{ counter }} tproxy ip to :{{ general.tproxy_port_tcp_f4 || 1086 }} accept
ip protocol udp ip daddr {{ general.pool_v4 || "198.18.0.0/15" }} {{ counter }} tproxy ip to :{{ general.tproxy_port_udp_f4 || 1088 }} accept
ip6 nexthdr tcp ip6 daddr {{ general.pool_v6 || "fc00::/18" }} {{ counter }} tproxy ip6 to :{{ general.tproxy_port_tcp_f6 || 1087 }} accept
ip6 nexthdr udp ip6 daddr {{ general.pool_v6 || "fc00::/18" }} {{ counter }} tproxy ip6 to :{{ general.tproxy_port_udp_f6 || 1089 }} accept
{% endif %}
{% if (length(manual_tproxy_source_ips) > 0): %}
ip protocol tcp ip daddr @tp_spec_dv4_mt {{ counter }} tproxy ip to :{{ general.tproxy_port_tcp_v4 || 1082 }} accept
ip protocol udp ip daddr @tp_spec_dv4_mt {{ counter }} tproxy ip to :{{ general.tproxy_port_udp_v4 || 1084 }} accept
{% endif %}
{% for (let i in extra_inbound_tcp_v4_map): %}
ip protocol tcp ether saddr @tp_spec_sm4_ft_{{ i }} {{ counter }} tproxy ip to :{{ config[i].inbound_port }} accept
{% endfor %}
@ -353,10 +371,6 @@
{% if (hop_limit_override > 0): %}
ip6 hoplimit {{ ttl_hop_limit_match }} {{ counter }} ip6 hoplimit set {{ hop_limit_override }}
{% endif %}
ip protocol tcp ether saddr @tp_spec_sm4_bp {{ counter }} accept
ip protocol udp ether saddr @tp_spec_sm4_bp {{ counter }} accept
ip6 nexthdr tcp ether saddr @tp_spec_sm6_bp {{ counter }} accept
ip6 nexthdr udp ether saddr @tp_spec_sm6_bp {{ counter }} accept
{{ counter }} mark set ct mark
{% if (general.dynamic_direct_tcp4 == "1"): %}
ip protocol tcp meta mark 0x000000fa {{ counter }} accept comment "Xray dynamic direct TCP4"
@ -371,10 +385,51 @@
ip6 nexthdr udp meta mark 0x000000fa {{ counter }} accept comment "Xray dynamic direct UDP6"
{% endif %}
mark 0x000000fb {{ counter }} accept comment "Xray remarked from output"
ip protocol tcp iifname { "{{ join('", "', general.lan_ifaces) }}" } {{ counter }} goto tp_spec_lan_ac
ip protocol udp iifname { "{{ join('", "', general.lan_ifaces) }}" } {{ counter }} goto tp_spec_lan_ac
ip6 nexthdr tcp iifname { "{{ join('", "', general.lan_ifaces) }}" } {{ counter }} goto tp_spec_lan_ac
ip6 nexthdr udp iifname { "{{ join('", "', general.lan_ifaces) }}" } {{ counter }} goto tp_spec_lan_ac
{{ counter }} jump tp_spec_lan_mf comment "Xray FakeDNS / manual transparent proxy"
{% if (length(general.bypass_ifaces_v4 || []) > 0): %}
ip protocol tcp iifname { "{{ join('", "', general.bypass_ifaces_v4) }}" } {{ counter }} accept
ip protocol udp iifname { "{{ join('", "', general.bypass_ifaces_v4) }}" } {{ counter }} accept
{% endif %}
{% if (length(general.bypass_ifaces_v6 || []) > 0): %}
ip6 nexthdr tcp iifname { "{{ join('", "', general.bypass_ifaces_v6) }}" } {{ counter }} accept
ip6 nexthdr udp iifname { "{{ join('", "', general.bypass_ifaces_v6) }}" } {{ counter }} accept
{% endif %}
{% if (length(tp_spec_sm4_bp) > 0): %}
ip protocol tcp ether saddr @tp_spec_sm4_bp {{ counter }} accept
ip protocol udp ether saddr @tp_spec_sm4_bp {{ counter }} accept
{% endif %}
{% if (length(tp_spec_sm6_bp) > 0): %}
ip6 nexthdr tcp ether saddr @tp_spec_sm6_bp {{ counter }} accept
ip6 nexthdr udp ether saddr @tp_spec_sm6_bp {{ counter }} accept
{% endif %}
{% for (let i in extra_inbound_tcp_v4_map): %}
ip protocol tcp ether saddr @tp_spec_sm4_ft_{{ i }} {{ counter }} goto tp_spec_lan_ac
{% endfor %}
{% for (let i in extra_inbound_udp_v4_map): %}
ip protocol udp ether saddr @tp_spec_sm4_fu_{{ i }} {{ counter }} goto tp_spec_lan_ac
{% endfor %}
{% for (let i in extra_inbound_tcp_v6_map): %}
ip6 nexthdr tcp ether saddr @tp_spec_sm6_ft_{{ i }} {{ counter }} goto tp_spec_lan_ac
{% endfor %}
{% for (let i in extra_inbound_udp_v6_map): %}
ip6 nexthdr udp ether saddr @tp_spec_sm6_fu_{{ i }} {{ counter }} goto tp_spec_lan_ac
{% endfor %}
{% if (length(tp_spec_sm4_tp) > 0): %}
ip protocol tcp ether saddr @tp_spec_sm4_tp {{ counter }} goto tp_spec_lan_ac
ip protocol udp ether saddr @tp_spec_sm4_tp {{ counter }} goto tp_spec_lan_ac
{% endif %}
{% if (length(tp_spec_sm6_tp) > 0): %}
ip6 nexthdr tcp ether saddr @tp_spec_sm6_tp {{ counter }} goto tp_spec_lan_ac
ip6 nexthdr udp ether saddr @tp_spec_sm6_tp {{ counter }} goto tp_spec_lan_ac
{% endif %}
{% if (length(general.tproxy_ifaces_v4 || []) > 0): %}
ip protocol tcp iifname { "{{ join('", "', general.tproxy_ifaces_v4) }}" } {{ counter }} goto tp_spec_lan_ac
ip protocol udp iifname { "{{ join('", "', general.tproxy_ifaces_v4) }}" } {{ counter }} goto tp_spec_lan_ac
{% endif %}
{% if (length(general.tproxy_ifaces_v6 || []) > 0): %}
ip6 nexthdr tcp iifname { "{{ join('", "', general.tproxy_ifaces_v6) }}" } {{ counter }} goto tp_spec_lan_ac
ip6 nexthdr udp iifname { "{{ join('", "', general.tproxy_ifaces_v6) }}" } {{ counter }} goto tp_spec_lan_ac
{% endif %}
ip protocol tcp {{ counter }} accept
ip protocol udp {{ counter }} accept
ip6 nexthdr tcp {{ counter }} accept
@ -405,25 +460,41 @@
meta mark 0x000000fd {{ counter }} accept comment "Xray transparent proxy outbound"
meta mark 0x000000fe {{ counter }} accept comment "Xray non-IP DNS query outbound"
meta mark {{ sprintf("0x%08x", general_mark) }} {{ counter }} accept comment "Xray specified mark {{ general_mark }} outbound"
{{ counter }} jump tp_spec_lan_mf
{{ counter }} goto tp_spec_lan_ac
}
chain tp_spec_lan_ac {
chain tp_spec_lan_mf {
{% if (length(fakedns) > 0): %}
ip daddr {{ general.pool_v4 || "198.18.0.0/15" }} {{ counter }} goto tp_spec_lan_fw
ip6 daddr {{ general.pool_v6 || "fc00::/18" }} {{ counter }} goto tp_spec_lan_fw
ip protocol tcp ip daddr {{ general.pool_v4 || "198.18.0.0/15" }} {{ counter }} goto tp_spec_lan_fw comment "Xray FakeDNS IPv4 Pool TCP"
ip protocol udp ip daddr {{ general.pool_v4 || "198.18.0.0/15" }} {{ counter }} goto tp_spec_lan_fw comment "Xray FakeDNS IPv4 Pool UDP"
ip6 nexthdr tcp ip6 daddr {{ general.pool_v6 || "fc00::/18" }} {{ counter }} goto tp_spec_lan_fw comment "Xray FakeDNS IPv6 Pool TCP"
ip6 nexthdr udp ip6 daddr {{ general.pool_v6 || "fc00::/18" }} {{ counter }} goto tp_spec_lan_fw comment "Xray FakeDNS IPv6 Pool UDP"
{% endif %}
{% if (length(manual_tproxy_source_ips) > 0): %}
ip daddr @tp_spec_dv4_mt {{ counter }} goto tp_spec_lan_fw
ip protocol tcp ip daddr @tp_spec_dv4_mt {{ counter }} goto tp_spec_lan_fw comment "Xray manual transparent proxy TCP"
ip protocol udp ip daddr @tp_spec_dv4_mt {{ counter }} goto tp_spec_lan_fw comment "Xray manual transparent proxy UDP"
{% endif %}
{{ counter }} return
}
chain tp_spec_lan_ac {
{% if (length(wan_fw_ips_v4) > 0): %}
ip daddr @tp_spec_dv4_fw {{ counter }} goto tp_spec_lan_fw
{% endif %}
{% if (length(wan_fw_ips_v6) > 0): %}
ip6 daddr @tp_spec_dv6_fw {{ counter }} goto tp_spec_lan_fw
{% endif %}
{% if (ignore_tp_spec_def_gw == null): %}
ip daddr @tp_spec_dv4_dg {{ counter }} accept
{% endif %}
ip6 daddr @tp_spec_dv6_dg {{ counter }} accept
{% if (length(wan_bp_ips_v4) > 0): %}
ip daddr @tp_spec_dv4_bp {{ counter }} accept
{% endif %}
{% if (length(wan_bp_ips_v6) > 0): %}
ip6 daddr @tp_spec_dv6_bp {{ counter }} accept
{% endif %}
ip daddr @tp_spec_dv4_sp {{ counter }} accept
ip6 daddr @tp_spec_dv6_sp {{ counter }} accept
{{ counter }} goto tp_spec_lan_re

11
luci-app-xray/core/root/www/luci-static/resources/view/xray/core.js
View File

@ -1,7 +1,6 @@
'use strict';
'require form';
'require fs';
'require tools.widgets as widgets';
'require uci';
'require view';
@ -265,19 +264,15 @@ return view.extend({
let tcp_balancer_v4 = s.taboption('general', form.MultiValue, 'tcp_balancer_v4', _('TCP Server (IPv4)'), _("Select multiple outbound servers to enable load balancing. Select none to disable TCP Outbound."));
tcp_balancer_v4.datatype = "uciname";
tcp_balancer_v4.rmempty = true;
let udp_balancer_v4 = s.taboption('general', form.MultiValue, 'udp_balancer_v4', _('UDP Server (IPv4)'), _("Select multiple outbound servers to enable load balancing. Select none to disable UDP Outbound."));
udp_balancer_v4.datatype = "uciname";
udp_balancer_v4.rmempty = true;
let tcp_balancer_v6 = s.taboption('general', form.MultiValue, 'tcp_balancer_v6', _('TCP Server (IPv6)'), _("Select multiple outbound servers to enable load balancing. Select none to disable TCP Outbound."));
tcp_balancer_v6.datatype = "uciname";
tcp_balancer_v6.rmempty = true;
let udp_balancer_v6 = s.taboption('general', form.MultiValue, 'udp_balancer_v6', _('UDP Server (IPv6)'), _("Select multiple outbound servers to enable load balancing. Select none to disable UDP Outbound."));
udp_balancer_v6.datatype = "uciname";
udp_balancer_v6.rmempty = true;
const servers = uci.sections(config_data, "servers");
if (servers.length == 0) {
@ -618,12 +613,6 @@ return view.extend({
o.datatype = 'range(-49, 49)';
o.placeholder = 10;
o = s.taboption('proxy', widgets.DeviceSelect, 'lan_ifaces', _("Interfaces for tproxy"), _("Enable transparent proxy on these interfaces."));
o.noaliases = true;
o.rmempty = false;
o.nocreate = true;
o.multiple = true;
s.tab('dns', _('DNS Settings'));
o = s.taboption('dns', form.Value, 'fast_dns', _('Fast DNS'), _("DNS for resolving outbound domains and following bypassed domains"));

93
luci-app-xray/core/root/www/luci-static/resources/view/xray/preview.js
View File

@ -1,6 +1,7 @@
'use strict';
'require form';
'require network';
'require tools.widgets as widgets';
'require uci';
'require view';
@ -25,6 +26,20 @@ function extra_outbound_format(config_data, s, with_desc) {
return `${inbound_addr}:${inbound_port}`;
}
function access_control_format(config_data, s, t) {
return function (v) {
switch (uci.get(config_data, v, s)) {
case "tproxy": {
return _("Enable tproxy");
}
case "bypass": {
return _("Disable tproxy");
}
}
return extra_outbound_format(config_data, uci.get(config_data, v, t));
};
}
return view.extend({
load: function () {
return Promise.all([
@ -145,7 +160,27 @@ return view.extend({
s.tab("lan_hosts_access_control", _("LAN Hosts Access Control"));
let lan_hosts = s.taboption('lan_hosts_access_control', form.SectionValue, "lan_hosts_section", form.GridSection, 'lan_hosts', _('LAN Hosts Access Control'), _("Override global transparent proxy settings here.")).subsection;
let tproxy_ifaces_v4 = s.taboption('lan_hosts_access_control', widgets.DeviceSelect, 'tproxy_ifaces_v4', _("Devices to enable IPv4 tproxy"), _("Enable IPv4 transparent proxy on these interfaces / network devices."));
tproxy_ifaces_v4.noaliases = true;
tproxy_ifaces_v4.nocreate = true;
tproxy_ifaces_v4.multiple = true;
let tproxy_ifaces_v6 = s.taboption('lan_hosts_access_control', widgets.DeviceSelect, 'tproxy_ifaces_v6', _("Devices to enable IPV6 tproxy"), _("Enable IPv6 transparent proxy on these interfaces / network devices."));
tproxy_ifaces_v6.noaliases = true;
tproxy_ifaces_v6.nocreate = true;
tproxy_ifaces_v6.multiple = true;
let bypass_ifaces_v4 = s.taboption('lan_hosts_access_control', widgets.DeviceSelect, 'bypass_ifaces_v4', _("Devices to disable IPv4 tproxy"), _("This overrides per-device settings below. FakeDNS and manual transparent proxy won't be affected by this option."));
bypass_ifaces_v4.noaliases = true;
bypass_ifaces_v4.nocreate = true;
bypass_ifaces_v4.multiple = true;
let bypass_ifaces_v6 = s.taboption('lan_hosts_access_control', widgets.DeviceSelect, 'bypass_ifaces_v6', _("Devices to disable IPv6 tproxy"), _("This overrides per-device settings below. FakeDNS and manual transparent proxy won't be affected by this option."));
bypass_ifaces_v6.noaliases = true;
bypass_ifaces_v6.nocreate = true;
bypass_ifaces_v6.multiple = true;
let lan_hosts = s.taboption('lan_hosts_access_control', form.SectionValue, "lan_hosts_section", form.GridSection, 'lan_hosts', _('LAN Hosts Access Control'), _("Per-device settings here override per-interface enabling settings above. FakeDNS and manual transparent proxy won't be affected by these options.")).subsection;
lan_hosts.sortable = false;
lan_hosts.anonymous = true;
lan_hosts.addremove = true;
@ -158,74 +193,34 @@ return view.extend({
});
let access_control_strategy_v4 = lan_hosts.option(form.ListValue, "access_control_strategy_v4", _("Access Control Strategy (IPv4)"));
access_control_strategy_v4.value("global", _("Use global settings"));
access_control_strategy_v4.value("bypass", _("Bypass Xray completely"));
access_control_strategy_v4.value("tproxy", _("Enable transparent proxy"));
access_control_strategy_v4.value("forward", _("Forward via extra inbound"));
access_control_strategy_v4.value("bypass", _("Disable transparent proxy"));
access_control_strategy_v4.modalonly = true;
access_control_strategy_v4.rmempty = false;
let access_control_forward_tcp_v4 = lan_hosts.option(form.ListValue, "access_control_forward_tcp_v4", _("Extra inbound (TCP4)"));
access_control_forward_tcp_v4.depends("access_control_strategy_v4", "forward");
access_control_forward_tcp_v4.textvalue = function (s) {
switch (uci.get(config_data, s, "access_control_strategy_v4")) {
case "global": {
return _("Use Global Settings");
}
case "bypass": {
return _("Bypass Xray completely");
}
}
return extra_outbound_format(config_data, uci.get(config_data, s, "access_control_forward_tcp_v4"));
};
access_control_forward_tcp_v4.textvalue = access_control_format(config_data, "access_control_strategy_v4", "access_control_forward_tcp_v4");
let access_control_forward_udp_v4 = lan_hosts.option(form.ListValue, "access_control_forward_udp_v4", _("Extra inbound (UDP4)"));
access_control_forward_udp_v4.depends("access_control_strategy_v4", "forward");
access_control_forward_udp_v4.textvalue = function (s) {
switch (uci.get(config_data, s, "access_control_strategy_v4")) {
case "global": {
return _("Use Global Settings");
}
case "bypass": {
return _("Bypass Xray completely");
}
}
return extra_outbound_format(config_data, uci.get(config_data, s, "access_control_forward_udp_v4"), false);
};
access_control_forward_udp_v4.textvalue = access_control_format(config_data, "access_control_strategy_v4", "access_control_forward_udp_v4");
let access_control_strategy_v6 = lan_hosts.option(form.ListValue, "access_control_strategy_v6", _("Access Control Strategy (IPv6)"));
access_control_strategy_v6.value("global", _("Use global settings"));
access_control_strategy_v6.value("bypass", _("Bypass Xray completely"));
access_control_strategy_v6.value("tproxy", _("Enable transparent proxy"));
access_control_strategy_v6.value("forward", _("Forward via extra inbound"));
access_control_strategy_v6.value("bypass", _("Disable transparent proxy"));
access_control_strategy_v6.modalonly = true;
access_control_strategy_v6.rmempty = false;
let access_control_forward_tcp_v6 = lan_hosts.option(form.ListValue, "access_control_forward_tcp_v6", _("Extra inbound (TCP6)"));
access_control_forward_tcp_v6.depends("access_control_strategy_v6", "forward");
access_control_forward_tcp_v6.textvalue = function (s) {
switch (uci.get(config_data, s, "access_control_strategy_v6")) {
case "global": {
return _("Use Global Settings");
}
case "bypass": {
return _("Bypass Xray completely");
}
}
return extra_outbound_format(config_data, uci.get(config_data, s, "access_control_forward_tcp_v6"));
};
access_control_forward_tcp_v6.textvalue = access_control_format(config_data, "access_control_strategy_v6", "access_control_forward_tcp_v6");
let access_control_forward_udp_v6 = lan_hosts.option(form.ListValue, "access_control_forward_udp_v6", _("Extra inbound (UDP6)"));
access_control_forward_udp_v6.depends("access_control_strategy_v6", "forward");
access_control_forward_udp_v6.textvalue = function (s) {
switch (uci.get(config_data, s, "access_control_strategy_v6")) {
case "global": {
return _("Use Global Settings");
}
case "bypass": {
return _("Bypass Xray completely");
}
}
return extra_outbound_format(config_data, uci.get(config_data, s, "access_control_forward_udp_v6"), false);
};
access_control_forward_udp_v6.textvalue = access_control_format(config_data, "access_control_strategy_v6", "access_control_forward_udp_v6");
for (const v of uci.sections(config_data, "extra_inbound")) {
switch (v["inbound_type"]) {