update 2024-03-05 09:10:25
This commit is contained in:
github-actions[bot]
parent
15e1c5ae2c
commit
c25bae81b2
|
|
@ -6,7 +6,7 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=luci-app-passwall
|
||||
PKG_VERSION:=4.75-4
|
||||
PKG_VERSION:=4.75-5
|
||||
PKG_RELEASE:=
|
||||
|
||||
PKG_CONFIG_DEPENDS:= \
|
||||
|
|
|
|||
|
|
@ -142,7 +142,7 @@ o:depends({ [option_name("tls")] = true })
|
|||
o = s:option(Value, option_name("reality_private_key"), translate("Private Key"))
|
||||
o:depends({ [option_name("reality")] = true })
|
||||
|
||||
o = s:option(Value, option_name("reality_shortId"), translate("Short Id"))
|
||||
o = s:option(DynamicList, option_name("reality_shortId"), translate("Short Id"))
|
||||
o:depends({ [option_name("reality")] = true })
|
||||
|
||||
o = s:option(Value, option_name("reality_dest"), translate("Dest"))
|
||||
|
|
@ -300,8 +300,7 @@ o = s:option(Value, option_name("grpc_serviceName"), "ServiceName")
|
|||
o:depends({ [option_name("transport")] = "grpc" })
|
||||
|
||||
o = s:option(Flag, option_name("acceptProxyProtocol"), translate("acceptProxyProtocol"), translate("Whether to receive PROXY protocol, when this node want to be fallback or forwarded by proxy, it must be enable, otherwise it cannot be used."))
|
||||
o:depends({ [option_name("transport")] = "tcp" })
|
||||
o:depends({ [option_name("transport")] = "ws" })
|
||||
o.default = "0"
|
||||
|
||||
-- [[ Fallback部分 ]]--
|
||||
o = s:option(Flag, option_name("fallback"), translate("Fallback"))
|
||||
|
|
|
|||
|
|
@ -434,7 +434,6 @@ function gen_config_server(node)
|
|||
}
|
||||
} or nil,
|
||||
tcpSettings = (node.transport == "tcp") and {
|
||||
acceptProxyProtocol = (node.acceptProxyProtocol and node.acceptProxyProtocol == "1") and true or false,
|
||||
header = {
|
||||
type = node.tcp_guise,
|
||||
request = (node.tcp_guise == "http") and {
|
||||
|
|
@ -457,7 +456,6 @@ function gen_config_server(node)
|
|||
header = {type = node.mkcp_guise}
|
||||
} or nil,
|
||||
wsSettings = (node.transport == "ws") and {
|
||||
acceptProxyProtocol = (node.acceptProxyProtocol and node.acceptProxyProtocol == "1") and true or false,
|
||||
headers = (node.ws_host) and {Host = node.ws_host} or nil,
|
||||
path = node.ws_path
|
||||
} or nil,
|
||||
|
|
@ -474,7 +472,10 @@ function gen_config_server(node)
|
|||
} or nil,
|
||||
grpcSettings = (node.transport == "grpc") and {
|
||||
serviceName = node.grpc_serviceName
|
||||
} or nil
|
||||
} or nil,
|
||||
sockopt = {
|
||||
acceptProxyProtocol = (node.acceptProxyProtocol and node.acceptProxyProtocol == "1") and true or false
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
@ -507,9 +508,7 @@ function gen_config_server(node)
|
|||
node.reality_serverNames
|
||||
},
|
||||
privateKey = node.reality_private_key,
|
||||
shortIds = {
|
||||
node.reality_shortId
|
||||
}
|
||||
shortIds = node.reality_shortId or ""
|
||||
} or nil
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@
|
|||
fi
|
||||
echo $$ > ${LOCK_FILE}
|
||||
|
||||
/etc/init.d/passwall restart
|
||||
/etc/init.d/passwall restart >/dev/null 2>&1 &
|
||||
echo "passwall: restart when $INTERFACE ifup" > /dev/kmsg
|
||||
|
||||
rm -rf ${LOCK_FILE}
|
||||
|
|
|
|||
|
|
@ -1441,9 +1441,8 @@ acl_app() {
|
|||
dnsmasq_port=$(get_new_port $(expr $dnsmasq_port + 1))
|
||||
redirect_dns_port=$dnsmasq_port
|
||||
mkdir -p $TMP_ACL_PATH/$sid/dnsmasq.d
|
||||
default_dnsmasq_cfgid=$(uci show dhcp.@dnsmasq[0] | awk -F '.' '{print $2}' | awk -F '=' '{print $1}'| head -1)
|
||||
[ -s "/tmp/etc/dnsmasq.conf.${default_dnsmasq_cfgid}" ] && {
|
||||
cp -r /tmp/etc/dnsmasq.conf.${default_dnsmasq_cfgid} $TMP_ACL_PATH/$sid/dnsmasq.conf
|
||||
[ -s "/tmp/etc/dnsmasq.conf.${DEFAULT_DNSMASQ_CFGID}" ] && {
|
||||
cp -r /tmp/etc/dnsmasq.conf.${DEFAULT_DNSMASQ_CFGID} $TMP_ACL_PATH/$sid/dnsmasq.conf
|
||||
sed -i "/ubus/d" $TMP_ACL_PATH/$sid/dnsmasq.conf
|
||||
sed -i "/dhcp/d" $TMP_ACL_PATH/$sid/dnsmasq.conf
|
||||
sed -i "/port=/d" $TMP_ACL_PATH/$sid/dnsmasq.conf
|
||||
|
|
@ -1704,7 +1703,8 @@ RESOLVFILE=/tmp/resolv.conf.d/resolv.conf.auto
|
|||
ISP_DNS=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort -u | grep -v 0.0.0.0 | grep -v 127.0.0.1)
|
||||
ISP_DNS6=$(cat $RESOLVFILE 2>/dev/null | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | awk -F % '{print $1}' | awk -F " " '{print $2}'| sort -u | grep -v -Fx ::1 | grep -v -Fx ::)
|
||||
|
||||
DEFAULT_DNS=$(uci show dhcp | grep "@dnsmasq" | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' '\n' | grep -v "\/" | head -2 | sed ':label;N;s/\n/,/;b label')
|
||||
DEFAULT_DNSMASQ_CFGID=$(uci show dhcp.@dnsmasq[0] | awk -F '.' '{print $2}' | awk -F '=' '{print $1}'| head -1)
|
||||
DEFAULT_DNS=$(uci show dhcp.@dnsmasq[0] | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' '\n' | grep -v "\/" | head -2 | sed ':label;N;s/\n/,/;b label')
|
||||
[ -z "${DEFAULT_DNS}" ] && [ "$(echo $ISP_DNS | tr ' ' '\n' | wc -l)" -le 2 ] && DEFAULT_DNS=$(echo -n $ISP_DNS | tr ' ' '\n' | head -2 | tr '\n' ',')
|
||||
LOCAL_DNS="${DEFAULT_DNS:-119.29.29.29,223.5.5.5}"
|
||||
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ stretch() {
|
|||
}
|
||||
|
||||
backup_servers() {
|
||||
DNSMASQ_DNS=$(uci show dhcp | grep "@dnsmasq" | grep ".server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' ',')
|
||||
DNSMASQ_DNS=$(uci show dhcp.@dnsmasq[0] | grep ".server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' ',')
|
||||
if [ -n "${DNSMASQ_DNS}" ]; then
|
||||
uci -q set $CONFIG.@global[0].dnsmasq_servers="${DNSMASQ_DNS}"
|
||||
uci commit $CONFIG
|
||||
|
|
|
|||
|
|
@ -742,16 +742,16 @@ add_firewall_rule() {
|
|||
[ -n "$ISP_DNS" ] && {
|
||||
#echolog "处理 ISP DNS 例外..."
|
||||
for ispip in $ISP_DNS; do
|
||||
ipset -! add $IPSET_WHITELIST $ispip >/dev/null 2>&1 &
|
||||
#echolog " - 追加到白名单:${ispip}"
|
||||
ipset -! add $IPSET_WHITELIST $ispip
|
||||
echolog " - [$?]追加ISP IPv4 DNS到白名单:${ispip}"
|
||||
done
|
||||
}
|
||||
|
||||
[ -n "$ISP_DNS6" ] && {
|
||||
#echolog "处理 ISP IPv6 DNS 例外..."
|
||||
for ispip6 in $ISP_DNS6; do
|
||||
ipset -! add $IPSET_WHITELIST6 $ispip6 >/dev/null 2>&1 &
|
||||
#echolog " - 追加到白名单:${ispip6}"
|
||||
ipset -! add $IPSET_WHITELIST6 $ispip6
|
||||
echolog " - [$?]追加ISP IPv6 DNS到白名单:${ispip6}"
|
||||
done
|
||||
}
|
||||
|
||||
|
|
@ -812,6 +812,14 @@ add_firewall_rule() {
|
|||
$ipt_m -N PSW_OUTPUT
|
||||
$ipt_m -A PSW_OUTPUT $(dst $IPSET_LANLIST) -j RETURN
|
||||
$ipt_m -A PSW_OUTPUT $(dst $IPSET_VPSLIST) -j RETURN
|
||||
[ -n "$LOCAL_DNS" ] && {
|
||||
for local_dns in $(echo $LOCAL_DNS | tr ',' ' '); do
|
||||
local dns_address=$(echo $local_dns | awk -F '#' '{print $1}')
|
||||
local dns_port=$(echo $local_dns | awk -F '#' '{print $2}')
|
||||
$ipt_m -A PSW_OUTPUT -p udp -d ${dns_address} --dport ${dns_port:-53} -j RETURN
|
||||
echolog " - [$?]追加直连DNS到iptables:${dns_address}:${dns_port:-53}"
|
||||
done
|
||||
}
|
||||
[ "${USE_DIRECT_LIST}" = "1" ] && $ipt_m -A PSW_OUTPUT $(dst $IPSET_WHITELIST) -j RETURN
|
||||
$ipt_m -A PSW_OUTPUT -m mark --mark 0xff -j RETURN
|
||||
[ "${USE_BLOCK_LIST}" = "1" ] && $ipt_m -A PSW_OUTPUT $(dst $IPSET_BLOCKLIST) -j DROP
|
||||
|
|
|
|||
|
|
@ -780,16 +780,16 @@ add_firewall_rule() {
|
|||
[ -n "$ISP_DNS" ] && {
|
||||
#echolog "处理 ISP DNS 例外..."
|
||||
for ispip in $ISP_DNS; do
|
||||
insert_nftset $NFTSET_WHITELIST "-1" $ispip >/dev/null 2>&1 &
|
||||
#echolog " - 追加到白名单:${ispip}"
|
||||
insert_nftset $NFTSET_WHITELIST "-1" $ispip
|
||||
echolog " - [$?]追加ISP IPv4 DNS到白名单:${ispip}"
|
||||
done
|
||||
}
|
||||
|
||||
[ -n "$ISP_DNS6" ] && {
|
||||
#echolog "处理 ISP IPv6 DNS 例外..."
|
||||
for ispip6 in $ISP_DNS6; do
|
||||
insert_nftset $NFTSET_WHITELIST6 "-1" $ispip6 >/dev/null 2>&1 &
|
||||
#echolog " - 追加到白名单:${ispip6}"
|
||||
insert_nftset $NFTSET_WHITELIST6 "-1" $ispip6
|
||||
echolog " - [$?]追加ISP IPv6 DNS到白名单:${ispip6}"
|
||||
done
|
||||
}
|
||||
|
||||
|
|
@ -842,6 +842,14 @@ add_firewall_rule() {
|
|||
nft "flush chain inet fw4 PSW_OUTPUT_MANGLE"
|
||||
nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_LANLIST counter return"
|
||||
nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_VPSLIST counter return"
|
||||
[ -n "$LOCAL_DNS" ] && {
|
||||
for local_dns in $(echo $LOCAL_DNS | tr ',' ' '); do
|
||||
local dns_address=$(echo $local_dns | awk -F '#' '{print $1}')
|
||||
local dns_port=$(echo $local_dns | awk -F '#' '{print $2}')
|
||||
nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip protocol udp ip daddr ${dns_address} $(factor ${dns_port:-53} "udp dport") counter return"
|
||||
echolog " - [$?]追加直连DNS到nftables:${dns_address}:${dns_port:-53}"
|
||||
done
|
||||
}
|
||||
[ "${USE_DIRECT_LIST}" = "1" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_WHITELIST counter return"
|
||||
nft "add rule inet fw4 PSW_OUTPUT_MANGLE meta mark 0xff counter return"
|
||||
[ "${USE_BLOCK_LIST}" = "1" ] && nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_BLOCKLIST counter drop"
|
||||
|
|
|
|||
|
|
@ -5,12 +5,12 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=v2ray-core
|
||||
PKG_VERSION:=5.13.0
|
||||
PKG_VERSION:=5.14.1
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE_URL:=https://codeload.github.com/v2fly/v2ray-core/tar.gz/v$(PKG_VERSION)?
|
||||
PKG_HASH:=6b2eb6286c99da010db5c5f629f950e753fc4addeed189d3d898c1ef56d5a785
|
||||
PKG_HASH:=51315ec10764a24e6acafa49763307c03eb916205c5d7eb778edb579b4f2e844
|
||||
|
||||
PKG_LICENSE:=MIT
|
||||
PKG_LICENSE_FILES:=LICENSE
|
||||
|
|
|
|||
Loading…
Reference in New Issue