OpenWrt
/
small-package
mirror of https://github.com/kenzok8/small-package
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

update 2023-09-15 09:11:25

This commit is contained in:
github-actions[bot] 2023-09-15 09:11:25 +08:00
parent 2009ac8d00
commit cb69ed763a
16 changed files with 409 additions and 490 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
filebrowser/Makefile
View File

@ -5,13 +5,13 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=filebrowser
PKG_VERSION:=2.24.2
PKG_VERSION:=2.25.0
PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=02db83c72ef3e14bac8df085a49f873261c6fb69
PKG_SOURCE_URL:=https://github.com/filebrowser/filebrowser
PKG_HASH:=4889c0efd1abfdb3a717c5c906db4fa36dd6a2b01754e4124c9d870147df2682
PKG_HASH:=e6d83a869454a1b90768917809f76673acc9752999faf2d6ba50766d7d8a7d38
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE

2
luci-app-passwall2/Makefile
View File

@ -5,7 +5,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-passwall2
PKG_VERSION:=1.20-10
PKG_VERSION:=1.20-11
PKG_RELEASE:=
PKG_CONFIG_DEPENDS:= \

38
luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/hysteria.lua → luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/hysteria2.lua
View File

@ -6,22 +6,20 @@ if not api.finded_com("hysteria") then
return
end
local type_name = "Hysteria"
local type_name = "Hysteria2"
local option_prefix = "hysteria_"
local option_prefix = "hysteria2_"
local function option_name(name)
return option_prefix .. name
end
-- [[ Hysteria ]]
-- [[ Hysteria2 ]]
s.fields["type"]:value(type_name, translate("Hysteria"))
s.fields["type"]:value(type_name, "Hysteria2")
o = s:option(ListValue, option_name("protocol"), translate("Protocol"))
o:value("udp", "UDP")
o:value("faketcp", "faketcp")
o:value("wechat-video", "wechat-video")
o = s:option(Value, option_name("address"), translate("Address (Support Domain Name)"))
@ -34,19 +32,8 @@ o.rewrite_option = o.option
o = s:option(Value, option_name("obfs"), translate("Obfs Password"))
o.rewrite_option = o.option
o = s:option(ListValue, option_name("auth_type"), translate("Auth Type"))
o:value("disable", translate("Disable"))
o:value("string", translate("STRING"))
o:value("base64", translate("BASE64"))
o.rewrite_option = o.option
o = s:option(Value, option_name("auth_password"), translate("Auth Password"))
o.password = true
o:depends({ [option_name("auth_type")] = "string"})
o:depends({ [option_name("auth_type")] = "base64"})
o.rewrite_option = o.option
o = s:option(Value, option_name("alpn"), translate("QUIC TLS ALPN"))
o.rewrite_option = o.option
o = s:option(Flag, option_name("fast_open"), translate("Fast Open"))
@ -58,11 +45,14 @@ o = s:option(Flag, option_name("tls_allowInsecure"), translate("allowInsecure"),
o.default = "0"
o = s:option(Value, option_name("up_mbps"), translate("Max upload Mbps"))
o.default = "10"
o.default = "100"
o.rewrite_option = o.option
o = s:option(Value, option_name("down_mbps"), translate("Max download Mbps"))
o.default = "50"
o.default = "100"
o.rewrite_option = o.option
o = s:option(Value, option_name("hop_interval"), translate("Hop Interval"))
o.rewrite_option = o.option
o = s:option(Value, option_name("recv_window_conn"), translate("QUIC stream receive window"))
@ -71,19 +61,11 @@ o.rewrite_option = o.option
o = s:option(Value, option_name("recv_window"), translate("QUIC connection receive window"))
o.rewrite_option = o.option
o = s:option(Value, option_name("handshake_timeout"), translate("Handshake Timeout"))
o.rewrite_option = o.option
o = s:option(Value, option_name("idle_timeout"), translate("Idle Timeout"))
o.rewrite_option = o.option
o = s:option(Value, option_name("hop_interval"), translate("Hop Interval"))
o.rewrite_option = o.option
o = s:option(Flag, option_name("disable_mtu_discovery"), translate("Disable MTU detection"))
o.rewrite_option = o.option
o = s:option(Flag, option_name("lazy_start"), translate("Lazy Start"))
o.default = "0"
o.rewrite_option = o.option
api.luci_types(arg[1], m, s, type_name, option_prefix)

52
luci-app-passwall2/luasrc/model/cbi/passwall2/server/type/hysteria.lua → luci-app-passwall2/luasrc/model/cbi/passwall2/server/type/hysteria2.lua
View File

@ -6,40 +6,26 @@ if not api.finded_com("hysteria") then
return
end
local type_name = "Hysteria"
local type_name = "Hysteria2"
local option_prefix = "hysteria_"
local option_prefix = "hysteria2_"
local function option_name(name)
return option_prefix .. name
end
-- [[ Hysteria ]]
-- [[ Hysteria2 ]]
s.fields["type"]:value(type_name, translate("Hysteria"))
s.fields["type"]:value(type_name, "Hysteria2")
o = s:option(Value, option_name("port"), translate("Listen Port"))
o.datatype = "port"
o = s:option(ListValue, option_name("protocol"), translate("Protocol"))
o:value("udp", "UDP")
o:value("faketcp", "faketcp")
o:value("wechat-video", "wechat-video")
o = s:option(Value, option_name("obfs"), translate("Obfs Password"))
o.rewrite_option = o.option
o = s:option(ListValue, option_name("auth_type"), translate("Auth Type"))
o:value("disable", translate("Disable"))
o:value("string", translate("STRING"))
o.rewrite_option = o.option
o = s:option(Value, option_name("auth_password"), translate("Auth Password"))
o.password = true
o:depends({ [option_name("auth_type")] = "string" })
o.rewrite_option = o.option
o = s:option(Value, option_name("alpn"), translate("QUIC TLS ALPN"))
o.rewrite_option = o.option
o = s:option(Flag, option_name("udp"), translate("UDP"))
@ -47,40 +33,19 @@ o.default = "1"
o.rewrite_option = o.option
o = s:option(Value, option_name("up_mbps"), translate("Max upload Mbps"))
o.default = "10"
o.default = "100"
o.rewrite_option = o.option
o = s:option(Value, option_name("down_mbps"), translate("Max download Mbps"))
o.default = "50"
o.default = "100"
o.rewrite_option = o.option
o = s:option(Value, option_name("recv_window_conn"), translate("QUIC stream receive window"))
o = s:option(Flag, option_name("ignoreClientBandwidth"), translate("ignoreClientBandwidth"))
o.default = "0"
o.rewrite_option = o.option
o = s:option(Value, option_name("recv_window"), translate("QUIC connection receive window"))
o.rewrite_option = o.option
o = s:option(Flag, option_name("disable_mtu_discovery"), translate("Disable MTU detection"))
o.rewrite_option = o.option
o = s:option(Flag, option_name("tls"), translate("TLS"))
o.default = 0
o.validate = function(self, value, t)
if value then
if value == "1" then
local ca = s.fields[option_name("tls_certificateFile")]:formvalue(t) or ""
local key = s.fields[option_name("tls_keyFile")]:formvalue(t) or ""
if ca == "" or key == "" then
return nil, translate("Public key and Private key path can not be empty!")
end
end
return value
end
end
o = s:option(FileUpload, option_name("tls_certificateFile"), translate("Public key absolute path"), translate("as:") .. "/etc/ssl/fullchain.pem")
o.default = m:get(s.section, "tls_certificateFile") or "/etc/config/ssl/" .. arg[1] .. ".pem"
o:depends({ [option_name("tls")] = true })
o.validate = function(self, value, t)
if value and value ~= "" then
if not nixio.fs.access(value) then
@ -94,7 +59,6 @@ end
o = s:option(FileUpload, option_name("tls_keyFile"), translate("Private key absolute path"), translate("as:") .. "/etc/ssl/private.key")
o.default = m:get(s.section, "tls_keyFile") or "/etc/config/ssl/" .. arg[1] .. ".key"
o:depends({ [option_name("tls")] = true })
o.validate = function(self, value, t)
if value and value ~= "" then
if not nixio.fs.access(value) then

3
luci-app-passwall2/luasrc/passwall2/api.lua
View File

@ -719,6 +719,9 @@ function to_check(arch, app_name)
end
local remote_version = json.tag_name
if com[app_name].remote_version_str_replace then
remote_version = remote_version:gsub(com[app_name].remote_version_str_replace, "")
end
local has_update = compare_versions(local_version:match("[^v]+"), "<", remote_version:match("[^v]+"))
if not has_update then

3
luci-app-passwall2/luasrc/passwall2/com.lua
View File

@ -23,7 +23,8 @@ _M.hysteria = {
name = "Hysteria",
repo = "HyNetwork/hysteria",
get_url = gh_release_url,
cmd_version = "-v | awk '{print $3}'",
cmd_version = "version | awk '/^Version:/ {print $2}'",
remote_version_str_replace = "app/",
zipped = false,
default_path = "/usr/bin/hysteria",
match_fmt_str = "linux%%-%s$",

4
luci-app-passwall2/luasrc/passwall2/server_app.lua
View File

@ -159,8 +159,8 @@ local function start()
brook_path_arg = " --path " .. brook_path
end
bin = ln_run(api.get_app_path("brook"), "brook_" .. id, string.format("--debug %s -l :%s -p %s%s", brook_protocol, port, brook_password, brook_path_arg), log_path)
elseif type == "Hysteria" then
config = require(require_dir .. "util_hysteria").gen_config_server(user)
elseif type == "Hysteria2" then
config = require(require_dir .. "util_hysteria2").gen_config_server(user)
bin = ln_run(api.get_app_path("hysteria"), "hysteria", "-c " .. config_file .. " server", log_path)
end

104
luci-app-passwall2/luasrc/passwall2/util_hysteria.lua
View File

@ -1,104 +0,0 @@
module("luci.passwall2.util_hysteria", package.seeall)
local api = require "luci.passwall2.api"
local uci = api.uci
local jsonc = api.jsonc
function gen_config_server(node)
local config = {
listen = ":" .. node.port,
protocol = node.protocol or "udp",
obfs = node.hysteria_obfs,
cert = node.tls_certificateFile,
key = node.tls_keyFile,
auth = (node.hysteria_auth_type == "string") and {
mode = "password",
config = {
password = node.hysteria_auth_password
}
} or nil,
disable_udp = (node.hysteria_udp == "0") and true or false,
alpn = node.hysteria_alpn or nil,
up_mbps = tonumber(node.hysteria_up_mbps) or 10,
down_mbps = tonumber(node.hysteria_down_mbps) or 50,
recv_window_conn = (node.hysteria_recv_window_conn) and tonumber(node.hysteria_recv_window_conn) or nil,
recv_window = (node.hysteria_recv_window) and tonumber(node.hysteria_recv_window) or nil,
disable_mtu_discovery = (node.hysteria_disable_mtu_discovery) and true or false
}
return config
end
function gen_config(var)
local node_id = var["-node"]
if not node_id then
print("-node 不能为空")
return
end
local node = uci:get_all("passwall2", node_id)
local local_socks_address = var["-local_socks_address"] or "0.0.0.0"
local local_socks_port = var["-local_socks_port"]
local local_socks_username = var["-local_socks_username"]
local local_socks_password = var["-local_socks_password"]
local local_http_address = var["-local_http_address"] or "0.0.0.0"
local local_http_port = var["-local_http_port"]
local local_http_username = var["-local_http_username"]
local local_http_password = var["-local_http_password"]
local server_host = var["-server_host"] or node.address
local server_port = var["-server_port"] or node.port
if api.is_ipv6(server_host) then
server_host = api.get_ipv6_full(server_host)
end
local server = server_host .. ":" .. server_port
if (node.hysteria_hop) then
server = server .. "," .. node.hysteria_hop
end
local config = {
server = server,
protocol = node.protocol or "udp",
obfs = node.hysteria_obfs,
auth = (node.hysteria_auth_type == "base64") and node.hysteria_auth_password or nil,
auth_str = (node.hysteria_auth_type == "string") and node.hysteria_auth_password or nil,
alpn = node.hysteria_alpn or nil,
server_name = node.tls_serverName,
insecure = (node.tls_allowInsecure == "1") and true or false,
up_mbps = tonumber(node.hysteria_up_mbps) or 10,
down_mbps = tonumber(node.hysteria_down_mbps) or 50,
retry = -1,
retry_interval = 5,
recv_window_conn = (node.hysteria_recv_window_conn) and tonumber(node.hysteria_recv_window_conn) or nil,
recv_window = (node.hysteria_recv_window) and tonumber(node.hysteria_recv_window) or nil,
handshake_timeout = (node.hysteria_handshake_timeout) and tonumber(node.hysteria_handshake_timeout) or nil,
idle_timeout = (node.hysteria_idle_timeout) and tonumber(node.hysteria_idle_timeout) or nil,
hop_interval = (node.hysteria_hop_interval) and tonumber(node.hysteria_hop_interval) or nil,
disable_mtu_discovery = (node.hysteria_disable_mtu_discovery) and true or false,
fast_open = (node.fast_open == "1") and true or false,
lazy_start = (node.hysteria_lazy_start) and true or false,
socks5 = (local_socks_address and local_socks_port) and {
listen = local_socks_address .. ":" .. local_socks_port,
timeout = 300,
disable_udp = false,
user = (local_socks_username and local_socks_password) and local_socks_username,
password = (local_socks_username and local_socks_password) and local_socks_password,
} or nil,
http = (local_http_address and local_http_port) and {
listen = local_http_address .. ":" .. local_http_port,
timeout = 300,
disable_udp = false,
user = (local_http_username and local_http_password) and local_http_username,
password = (local_http_username and local_http_password) and local_http_password,
} or nil
}
return jsonc.stringify(config, 1)
end
_G.gen_config = gen_config
if arg[1] then
local func =_G[arg[1]]
if func then
print(func(api.get_function_args(arg)))
end
end

115
luci-app-passwall2/luasrc/passwall2/util_hysteria2.lua Normal file
View File

@ -0,0 +1,115 @@
module("luci.passwall2.util_hysteria2", package.seeall)
local api = require "luci.passwall2.api"
local uci = api.uci
local jsonc = api.jsonc
function gen_config_server(node)
local config = {
listen = ":" .. node.port,
tls = {
cert = node.tls_certificateFile,
key = node.tls_keyFile,
},
obfs = {
type = "salamander",
salamander = {
password = node.hysteria2_obfs
}
},
auth = {
type = "password",
password = node.hysteria2_auth_password
},
bandwidth = {
up = node.hysteria2_up_mbps and node.hysteria2_up_mbps .. " mbps" or "1 gbps",
down = node.hysteria2_down_mbps and node.hysteria2_down_mbps .. " mbps" or "1 gbps",
},
ignoreClientBandwidth = (node.hysteria2_ignoreClientBandwidth == "1") and true or false,
disable_udp = (node.hysteria2_udp == "0") and true or false,
}
return config
end
function gen_config(var)
local node_id = var["-node"]
if not node_id then
print("-node 不能为空")
return
end
local node = uci:get_all("passwall2", node_id)
local local_socks_address = var["-local_socks_address"] or "0.0.0.0"
local local_socks_port = var["-local_socks_port"]
local local_socks_username = var["-local_socks_username"]
local local_socks_password = var["-local_socks_password"]
local local_http_address = var["-local_http_address"] or "0.0.0.0"
local local_http_port = var["-local_http_port"]
local local_http_username = var["-local_http_username"]
local local_http_password = var["-local_http_password"]
local server_host = var["-server_host"] or node.address
local server_port = var["-server_port"] or node.port
if api.is_ipv6(server_host) then
server_host = api.get_ipv6_full(server_host)
end
local server = server_host .. ":" .. server_port
if (node.hysteria2_hop) then
server = server .. "," .. node.hysteria2_hop
end
local config = {
server = server,
transport = {
type = node.protocol or "udp",
udp = {
hopInterval = node.hysteria2_hop_interval and node.hysteria2_hop_interval .. "s" or "30s"
}
},
obfs = {
type = "salamander",
salamander = {
password = node.hysteria2_obfs
}
},
auth = node.hysteria2_auth_password,
tls = {
sni = node.tls_serverName,
insecure = (node.tls_allowInsecure == "1") and true or false
},
quic = {
initStreamReceiveWindow = (node.hysteria2_recv_window) and tonumber(node.hysteria2_recv_window) or nil,
initConnReceiveWindow = (node.hysteria2_recv_window_conn) and tonumber(node.hysteria2_recv_window_conn) or nil,
maxIdleTimeout = (node.hysteria2_idle_timeout) and tonumber(node.hysteria2_idle_timeout) or nil,
disablePathMTUDiscovery = (node.hysteria2_disable_mtu_discovery) and true or false,
},
bandwidth = {
up = node.hysteria2_up_mbps and node.hysteria2_up_mbps .. " mbps" or "100 mbps",
down = node.hysteria2_down_mbps and node.hysteria2_down_mbps .. " mbps" or "100 mbps"
},
fast_open = (node.fast_open == "1") and true or false,
lazy = true,
socks5 = (local_socks_address and local_socks_port) and {
listen = local_socks_address .. ":" .. local_socks_port,
username = (local_socks_username and local_socks_password) and local_socks_username or nil,
password = (local_socks_username and local_socks_password) and local_socks_password or nil,
disable_udp = false,
} or nil,
http = (local_http_address and local_http_port) and {
listen = local_http_address .. ":" .. local_http_port,
username = (local_http_username and local_http_password) and local_http_username or nil,
password = (local_http_username and local_http_password) and local_http_password or nil,
disable_udp = false,
} or nil
}
return jsonc.stringify(config, 1)
end
_G.gen_config = gen_config
if arg[1] then
local func =_G[arg[1]]
if func then
print(func(api.get_function_args(arg)))
end
end

277
luci-app-passwall2/luasrc/passwall2/util_sing-box.lua
View File

@ -150,7 +150,7 @@ function gen_outbound(flag, node, tag, proxy_table)
if node.transport == "grpc" then
v2ray_transport = {
type = "grpc",
serviceName = node.grpc_serviceName,
service_name = node.grpc_serviceName,
idle_timeout = tonumber(node.grpc_idle_timeout) or nil,
ping_timeout = tonumber(node.grpc_health_check_timeout) or nil,
permit_without_stream = (node.grpc_permit_without_stream == "1") and true or nil,
@ -676,14 +676,17 @@ function gen_config(var)
local local_http_username = var["-local_http_username"]
local local_http_password = var["-local_http_password"]
local dns_listen_port = var["-dns_listen_port"]
local direct_dns_port = var["-direct_dns_port"]
local direct_dns_udp_server = var["-direct_dns_udp_server"]
local direct_dns_udp_port = var["-direct_dns_udp_port"]
local direct_dns_query_strategy = var["-direct_dns_query_strategy"]
local remote_dns_port = var["-remote_dns_port"]
local remote_dns_udp_server = var["-remote_dns_udp_server"]
local remote_dns_udp_port = var["-remote_dns_udp_port"]
local remote_dns_tcp_server = var["-remote_dns_tcp_server"]
local remote_dns_tcp_port = var["-remote_dns_tcp_port"]
local remote_dns_doh_url = var["-remote_dns_doh_url"]
local remote_dns_doh_host = var["-remote_dns_doh_host"]
local remote_dns_doh_ip = var["-remote_dns_doh_ip"]
local remote_dns_doh_port = var["-remote_dns_doh_port"]
local remote_dns_query_strategy = var["-remote_dns_query_strategy"]
local remote_dns_fake = var["-remote_dns_fake"]
local dns_cache = var["-dns_cache"]
@ -1088,109 +1091,105 @@ function gen_config(var)
reverse_mapping = true, --在响应 DNS 查询后存储 IP 地址的反向映射以为路由目的提供域名。
fakeip = nil,
}
if true then
local dns_tag = "remote"
local domain = {}
local domain_suffix = {}
local domain_keyword = {}
local domain_regex = {}
local geosite = {}
for index, value in ipairs(dns_remote_domains) do
if value:find("geosite:") == 1 then
table.insert(geosite, value:sub(1 + #"geosite:"))
elseif value:find("regexp:") == 1 then
table.insert(domain_regex, value:sub(1 + #"regexp:"))
elseif value:find("full:") == 1 then
table.insert(domain, value:sub(1 + #"full:"))
elseif value:find("domain:") == 1 then
table.insert(domain_keyword, value:sub(1 + #"domain:"))
else
table.insert(domain, value)
end
local dns_tag = "remote"
local domain = {}
local domain_suffix = {}
local domain_keyword = {}
local domain_regex = {}
local geosite = {}
for index, value in ipairs(dns_remote_domains) do
if value:find("geosite:") == 1 then
table.insert(geosite, value:sub(1 + #"geosite:"))
elseif value:find("regexp:") == 1 then
table.insert(domain_regex, value:sub(1 + #"regexp:"))
elseif value:find("full:") == 1 then
table.insert(domain, value:sub(1 + #"full:"))
elseif value:find("domain:") == 1 then
table.insert(domain_keyword, value:sub(1 + #"domain:"))
else
table.insert(domain, value)
end
local remote_rule = {
server = dns_tag,
domain = #domain > 0 and domain or nil,
domain_suffix = #domain_suffix > 0 and domain_suffix or nil,
domain_keyword = #domain_keyword > 0 and domain_keyword or nil,
domain_regex = #domain_regex > 0 and domain_regex or nil,
geosite = #geosite > 0 and geosite or nil,
disable_cache = true,
end
local remote_rule = {
server = dns_tag,
domain = #domain > 0 and domain or nil,
domain_suffix = #domain_suffix > 0 and domain_suffix or nil,
domain_keyword = #domain_keyword > 0 and domain_keyword or nil,
domain_regex = #domain_regex > 0 and domain_regex or nil,
geosite = #geosite > 0 and geosite or nil,
disable_cache = true,
}
local remote_strategy = "prefer_ipv6"
if remote_dns_query_strategy == "UseIPv4" then
remote_strategy = "ipv4_only"
elseif remote_dns_query_strategy == "UseIPv6" then
remote_strategy = "ipv6_only"
end
local server = {
tag = dns_tag,
address_strategy = "prefer_ipv4",
strategy = remote_strategy,
address_resolver = "direct",
detour = dns_outTag,
}
if remote_dns_udp_server then
local server_port = tonumber(remote_dns_udp_port) or 53
server.address = "udp://" .. remote_dns_udp_server .. ":" .. server_port
end
if remote_dns_tcp_server then
local server_port = tonumber(remote_dns_tcp_port) or 53
server.address = "tcp://" .. remote_dns_tcp_server .. ":" .. server_port
end
if remote_dns_doh_url then
server.address = remote_dns_doh_url
end
if server.address then
table.insert(dns.servers, server)
end
local fakedns_tag = dns_tag .. "_fakeip"
if remote_dns_fake then
dns.fakeip = {
enabled = true,
inet4_range = "198.18.0.0/16",
inet6_range = "fc00::/18",
}
local remote_strategy = "prefer_ipv6"
if remote_dns_query_strategy == "UseIPv4" then
remote_strategy = "ipv4_only"
elseif remote_dns_query_strategy == "UseIPv6" then
remote_strategy = "ipv6_only"
end
local server = {
tag = dns_tag,
address_strategy = "prefer_ipv4",
table.insert(dns.servers, {
tag = fakedns_tag,
address = "fakeip",
strategy = remote_strategy,
address_resolver = "direct",
detour = dns_outTag,
}
local rule_server = dns_tag
if remote_dns_udp_server then
local server_port = tonumber(remote_dns_port) or 53
server.address = "udp://" .. remote_dns_udp_server .. ":" .. server_port
end
if remote_dns_tcp_server then
server.address = remote_dns_tcp_server
end
if remote_dns_doh_url and remote_dns_doh_host then
server.address = remote_dns_doh_url
end
if server.address then
table.insert(dns.servers, server)
end
if remote_dns_fake then
dns.fakeip = {
enabled = true,
inet4_range = "198.18.0.0/16",
inet6_range = "fc00::/18",
})
if tags and tags:find("with_clash_api") then
if not experimental then
experimental = {}
end
experimental.clash_api = {
store_fakeip = true,
cache_file = "/tmp/singbox_passwall2_" .. flag .. ".db"
}
local fakedns_tag = dns_tag .. "_fakeip"
if not server.address then
fakedns_tag = dns_tag
end
table.insert(dns.servers, {
tag = fakedns_tag,
address = "fakeip",
strategy = remote_strategy,
})
rule_server = fakedns_tag
if tags and tags:find("with_clash_api") then
if not experimental then
experimental = {}
end
experimental.clash_api = {
store_fakeip = true,
cache_file = "/tmp/singbox_passwall2_" .. flag .. ".db"
}
end
end
if remote_rule.domain or remote_rule.domain_suffix or remote_rule.domain_keyword or remote_rule.domain_regex or remote_rule.geosite then
local rule = api.clone(remote_rule)
rule.server = rule_server
table.insert(dns.rules, rule)
end
if remote_rule.domain or remote_rule.domain_suffix or remote_rule.domain_keyword or remote_rule.domain_regex or remote_rule.geosite then
local rule = api.clone(remote_rule)
rule.server = dns_tag
if remote_dns_fake then
rule.query_type = {
"A", "AAAA"
}
rule.server = fakedns_tag
end
table.insert(dns.rules, rule)
end
if direct_dns_udp_server then
@ -1221,14 +1220,16 @@ function gen_config(var)
end
local direct_rule = {
server = dns_tag,
domain = domain,
domain = #domain > 0 and domain or nil,
domain_suffix = #domain_suffix > 0 and domain_suffix or nil,
domain_keyword = #domain_keyword > 0 and domain_keyword or nil,
domain_regex = #domain_regex > 0 and domain_regex or nil,
geosite = #geosite > 0 and geosite or nil,
disable_cache = false,
}
table.insert(dns.rules, direct_rule)
if direct_rule.domain or direct_rule.domain_suffix or direct_rule.domain_keyword or direct_rule.domain_regex or direct_rule.geosite then
table.insert(dns.rules, direct_rule)
end
local direct_strategy = "prefer_ipv6"
if direct_dns_query_strategy == "UseIPv4" then
@ -1237,7 +1238,7 @@ function gen_config(var)
direct_strategy = "ipv6_only"
end
local port = tonumber(direct_dns_port) or 53
local port = tonumber(direct_dns_udp_port) or 53
table.insert(dns.servers, {
tag = dns_tag,
@ -1252,6 +1253,18 @@ function gen_config(var)
tag = "block",
address = "rcode://refused",
})
local default_dns_flag = "remote"
if node_id and redir_port then
local node = uci:get_all(appname, node_id)
if node.protocol == "_shunt" then
if node.default_node == "_direct" then
default_dns_flag = "direct"
end
end
else default_dns_flag = "direct"
end
dns.final = default_dns_flag
table.insert(inbounds, {
type = "direct",
@ -1271,18 +1284,6 @@ function gen_config(var)
},
outbound = "dns-out"
})
local default_dns_flag = "remote"
if node_id and redir_port then
local node = uci:get_all(appname, node_id)
if node.protocol == "_shunt" then
if node.default_node == "_direct" then
default_dns_flag = "direct"
end
end
else default_dns_flag = "direct"
end
dns.final = default_dns_flag
end
if inbounds or outbounds then
@ -1408,22 +1409,24 @@ function gen_dns_config(var)
local dns_listen_port = var["-dns_listen_port"]
local dns_query_strategy = var["-dns_query_strategy"]
local dns_out_tag = var["-dns_out_tag"]
local dns_client_ip = var["-dns_client_ip"]
local direct_dns_server = var["-direct_dns_server"]
local direct_dns_port = var["-direct_dns_port"]
local direct_dns_udp_server = var["-direct_dns_udp_server"]
local direct_dns_udp_port = var["-direct_dns_udp_port"]
local direct_dns_tcp_server = var["-direct_dns_tcp_server"]
local direct_dns_tcp_port = var["-direct_dns_tcp_port"]
local direct_dns_doh_url = var["-direct_dns_doh_url"]
local direct_dns_doh_host = var["-direct_dns_doh_host"]
local remote_dns_server = var["-remote_dns_server"]
local remote_dns_port = var["-remote_dns_port"]
local direct_dns_doh_ip = var["-direct_dns_doh_ip"]
local direct_dns_doh_port = var["-direct_dns_doh_port"]
local remote_dns_udp_server = var["-remote_dns_udp_server"]
local remote_dns_udp_port = var["-remote_dns_udp_port"]
local remote_dns_tcp_server = var["-remote_dns_tcp_server"]
local remote_dns_tcp_port = var["-remote_dns_tcp_port"]
local remote_dns_doh_url = var["-remote_dns_doh_url"]
local remote_dns_doh_host = var["-remote_dns_doh_host"]
local remote_dns_doh_ip = var["-remote_dns_doh_ip"]
local remote_dns_doh_port = var["-remote_dns_doh_port"]
local remote_dns_outbound_socks_address = var["-remote_dns_outbound_socks_address"]
local remote_dns_outbound_socks_port = var["-remote_dns_outbound_socks_port"]
local remote_dns_fake = var["-remote_dns_fake"]
local dns_cache = var["-dns_cache"]
local log = var["-log"] or "0"
local loglevel = var["-loglevel"] or "warn"
@ -1446,7 +1449,6 @@ function gen_dns_config(var)
disable_expire = false, --禁用 DNS 缓存过期。
independent_cache = false, --使每个 DNS 服务器的缓存独立,以满足特殊目的。如果启用,将轻微降低性能。
reverse_mapping = true, --在响应 DNS 查询后存储 IP 地址的反向映射以为路由目的提供域名。
fakeip = nil,
}
if dns_out_tag == "remote" then
@ -1456,26 +1458,18 @@ function gen_dns_config(var)
strategy = (dns_query_strategy and dns_query_strategy ~= "UseIP") and "ipv4_only" or "prefer_ipv6",
detour = "remote-out",
}
if remote_dns_fake then
server.address = "fakeip"
dns.fakeip = {
enabled = true,
inet4_range = "198.18.0.0/16",
inet6_range = "fc00::/18",
}
end
if remote_dns_udp_server then
local server_port = tonumber(remote_dns_port) or 53
local server_port = tonumber(remote_dns_udp_port) or 53
server.address = "udp://" .. remote_dns_udp_server .. ":" .. server_port
end
if remote_dns_tcp_server then
server.address = remote_dns_tcp_server
local server_port = tonumber(remote_dns_tcp_port) or 53
server.address = "tcp://" .. remote_dns_tcp_server .. ":" .. server_port
end
if remote_dns_doh_url and remote_dns_doh_host then
if remote_dns_doh_url then
server.address = remote_dns_doh_url
end
@ -1488,10 +1482,8 @@ function gen_dns_config(var)
server_port = tonumber(remote_dns_outbound_socks_port),
})
table.insert(route.rules, {
network = {"tcp", "udp"},
outbound = "remote-out"
})
route.final = "remote-out"
elseif dns_out_tag == "direct" then
local server = {
tag = dns_out_tag,
@ -1501,17 +1493,16 @@ function gen_dns_config(var)
}
if direct_dns_udp_server then
local server_port = tonumber(direct_dns_port) or 53
local server_port = tonumber(direct_dns_udp_port) or 53
server.address = "udp://" .. direct_dns_udp_server .. ":" .. server_port
end
if direct_dns_tcp_server then
local server_port = tonumber(direct_dns_port) or 53
server.address = direct_dns_tcp_server .. ":" .. server_port
local server_port = tonumber(direct_dns_tcp_port) or 53
server.address = "tcp://" .. direct_dns_tcp_server .. ":" .. server_port
end
if direct_dns_doh_url and direct_dns_doh_host then
local server_port = tonumber(direct_dns_port) or 443
if direct_dns_doh_url then
server.address = direct_dns_doh_url
end

202
luci-app-passwall2/luasrc/passwall2/util_xray.lua
View File

@ -521,10 +521,10 @@ function gen_config(var)
local local_http_password = var["-local_http_password"]
local dns_listen_port = var["-dns_listen_port"]
local dns_query_strategy = var["-dns_query_strategy"]
local direct_dns_port = var["-direct_dns_port"]
local direct_dns_udp_server = var["-direct_dns_udp_server"]
local remote_dns_port = var["-remote_dns_port"]
local direct_dns_udp_port = var["-direct_dns_udp_port"]
local remote_dns_udp_server = var["-remote_dns_udp_server"]
local remote_dns_udp_port = var["-remote_dns_udp_port"]
local remote_dns_fake = var["-remote_dns_fake"]
local remote_dns_fake_strategy = var["-remote_dns_fake_strategy"]
local dns_cache = var["-dns_cache"]
@ -1034,56 +1034,54 @@ function gen_config(var)
end)
end
if true then
if remote_dns_udp_server then
local _remote_dns = {
_flag = "remote",
address = remote_dns_udp_server,
port = tonumber(remote_dns_port) or 53
}
if not remote_dns_fake then
_remote_dns.domains = #dns_remote_domains > 0 and dns_remote_domains or nil
--_remote_dns.expectIPs = #dns_remote_expectIPs > 0 and dns_remote_expectIPs or nil
end
_remote_dns_proto = "udp"
table.insert(dns.servers, _remote_dns)
table.insert(routing.rules, 1, {
type = "field",
ip = {
remote_dns_udp_server
},
port = tonumber(remote_dns_port) or 53,
network = "udp",
outboundTag = "direct"
})
if remote_dns_udp_server then
local _remote_dns = {
_flag = "remote",
address = remote_dns_udp_server,
port = tonumber(remote_dns_udp_port) or 53
}
if not remote_dns_fake then
_remote_dns.domains = #dns_remote_domains > 0 and dns_remote_domains or nil
--_remote_dns.expectIPs = #dns_remote_expectIPs > 0 and dns_remote_expectIPs or nil
end
if remote_dns_fake then
fakedns = {}
local fakedns4 = {
ipPool = "198.18.0.0/16",
poolSize = 65535
}
local fakedns6 = {
ipPool = "fc00::/18",
poolSize = 65535
}
if remote_dns_fake_strategy == "UseIP" then
table.insert(fakedns, fakedns4)
table.insert(fakedns, fakedns6)
elseif remote_dns_fake_strategy == "UseIPv4" then
table.insert(fakedns, fakedns4)
elseif remote_dns_fake_strategy == "UseIPv6" then
table.insert(fakedns, fakedns6)
end
local _remote_dns = {
_flag = "remote_fakedns",
address = "fakedns",
domains = #dns_remote_domains > 0 and dns_remote_domains or nil
--expectIPs = #dns_remote_expectIPs > 0 and dns_remote_expectIPs or nil
}
table.insert(dns.servers, _remote_dns)
_remote_dns_proto = "udp"
table.insert(dns.servers, _remote_dns)
table.insert(routing.rules, 1, {
type = "field",
ip = {
remote_dns_udp_server
},
port = tonumber(remote_dns_udp_port) or 53,
network = "udp",
outboundTag = "direct"
})
end
if remote_dns_fake then
fakedns = {}
local fakedns4 = {
ipPool = "198.18.0.0/16",
poolSize = 65535
}
local fakedns6 = {
ipPool = "fc00::/18",
poolSize = 65535
}
if remote_dns_fake_strategy == "UseIP" then
table.insert(fakedns, fakedns4)
table.insert(fakedns, fakedns6)
elseif remote_dns_fake_strategy == "UseIPv4" then
table.insert(fakedns, fakedns4)
elseif remote_dns_fake_strategy == "UseIPv6" then
table.insert(fakedns, fakedns6)
end
local _remote_dns = {
_flag = "remote_fakedns",
address = "fakedns",
domains = #dns_remote_domains > 0 and dns_remote_domains or nil
--expectIPs = #dns_remote_expectIPs > 0 and dns_remote_expectIPs or nil
}
table.insert(dns.servers, _remote_dns)
end
if true then
@ -1100,13 +1098,13 @@ function gen_config(var)
if direct_dns_udp_server then
_direct_dns.address = direct_dns_udp_server
_direct_dns.port = tonumber(direct_dns_port) or 53
_direct_dns.port = tonumber(direct_dns_udp_port) or 53
table.insert(routing.rules, 1, {
type = "field",
ip = {
direct_dns_udp_server
},
port = tonumber(direct_dns_port) or 53,
port = tonumber(direct_dns_udp_port) or 53,
network = "udp",
outboundTag = "direct"
})
@ -1130,8 +1128,9 @@ function gen_config(var)
local direct_type_dns = {
settings = {
address = direct_dns_udp_server,
port = tonumber(direct_dns_port) or 53,
network = "udp"
port = tonumber(direct_dns_udp_port) or 53,
network = "udp",
nonIPQuery = "skip"
},
proxySettings = {
tag = "direct"
@ -1140,20 +1139,14 @@ function gen_config(var)
local remote_type_dns = {
settings = {
address = remote_dns_udp_server,
port = tonumber(remote_dns_port) or 53,
network = _remote_dns_proto or "tcp"
port = tonumber(remote_dns_udp_port) or 53,
network = _remote_dns_proto or "tcp",
nonIPQuery = "skip"
},
proxySettings = {
tag = "direct"
}
}
local custom_type_dns = {
settings = {
address = "1.1.1.1",
port = 53,
network = "tcp",
}
}
local type_dns = remote_type_dns
table.insert(outbounds, {
tag = "dns-out",
@ -1400,28 +1393,30 @@ function gen_dns_config(var)
local dns_query_strategy = var["-dns_query_strategy"]
local dns_out_tag = var["-dns_out_tag"]
local dns_client_ip = var["-dns_client_ip"]
local direct_dns_server = var["-direct_dns_server"]
local direct_dns_port = var["-direct_dns_port"]
local direct_dns_udp_server = var["-direct_dns_udp_server"]
local direct_dns_udp_port = var["-direct_dns_udp_port"]
local direct_dns_tcp_server = var["-direct_dns_tcp_server"]
local direct_dns_tcp_port = var["-direct_dns_tcp_port"]
local direct_dns_doh_url = var["-direct_dns_doh_url"]
local direct_dns_doh_host = var["-direct_dns_doh_host"]
local remote_dns_server = var["-remote_dns_server"]
local remote_dns_port = var["-remote_dns_port"]
local direct_dns_doh_ip = var["-direct_dns_doh_ip"]
local direct_dns_doh_port = var["-direct_dns_doh_port"]
local remote_dns_udp_server = var["-remote_dns_udp_server"]
local remote_dns_udp_port = var["-remote_dns_udp_port"]
local remote_dns_tcp_server = var["-remote_dns_tcp_server"]
local remote_dns_tcp_port = var["-remote_dns_tcp_port"]
local remote_dns_doh_url = var["-remote_dns_doh_url"]
local remote_dns_doh_host = var["-remote_dns_doh_host"]
local remote_dns_doh_ip = var["-remote_dns_doh_ip"]
local remote_dns_doh_port = var["-remote_dns_doh_port"]
local remote_dns_outbound_socks_address = var["-remote_dns_outbound_socks_address"]
local remote_dns_outbound_socks_port = var["-remote_dns_outbound_socks_port"]
local remote_dns_fake = var["-remote_dns_fake"]
local dns_cache = var["-dns_cache"]
local loglevel = var["-loglevel"] or "warning"
local inbounds = {}
local outbounds = {}
local dns = nil
local fakedns = nil
local routing = nil
if dns_listen_port then
@ -1447,46 +1442,31 @@ function gen_dns_config(var)
local _remote_dns = {
_flag = "remote"
}
if remote_dns_fake then
remote_dns_server = "1.1.1.1"
fakedns = {}
fakedns[#fakedns + 1] = {
ipPool = "198.18.0.0/16",
poolSize = 65535
}
if dns_query_strategy == "UseIP" then
fakedns[#fakedns + 1] = {
ipPool = "fc00::/18",
poolSize = 65535
}
end
_remote_dns.address = "fakedns"
end
other_type_dns_port = tonumber(remote_dns_port) or 53
other_type_dns_server = remote_dns_server
if remote_dns_udp_server then
_remote_dns.address = remote_dns_udp_server
_remote_dns.port = tonumber(remote_dns_port) or 53
_remote_dns.port = tonumber(remote_dns_udp_port) or 53
other_type_dns_proto = "udp"
other_type_dns_server = remote_dns_udp_server
other_type_dns_port = _remote_dns.port
end
if remote_dns_tcp_server then
_remote_dns.address = remote_dns_tcp_server
_remote_dns.port = tonumber(remote_dns_port) or 53
_remote_dns.address = "tcp://" .. remote_dns_tcp_server
_remote_dns.port = tonumber(remote_dns_tcp_port) or 53
other_type_dns_proto = "tcp"
other_type_dns_server = remote_dns_tcp_server
other_type_dns_port = _remote_dns.port
end
if remote_dns_doh_url and remote_dns_doh_host then
if remote_dns_server and remote_dns_doh_host ~= remote_dns_server and not api.is_ip(remote_dns_doh_host) then
dns.hosts[remote_dns_doh_host] = remote_dns_server
if remote_dns_doh_ip and remote_dns_doh_host ~= remote_dns_doh_ip and not api.is_ip(remote_dns_doh_host) then
dns.hosts[remote_dns_doh_host] = remote_dns_doh_ip
end
_remote_dns.address = remote_dns_doh_url
_remote_dns.port = tonumber(remote_dns_port) or 443
other_type_dns_proto = "tcp"
other_type_dns_port = 53
_remote_dns.port = tonumber(remote_dns_doh_port) or 443
end
table.insert(dns.servers, _remote_dns)
@ -1510,44 +1490,40 @@ function gen_dns_config(var)
local _direct_dns = {
_flag = "direct"
}
other_type_dns_proto = tonumber(direct_dns_port) or 53
other_type_dns_server = direct_dns_server
if direct_dns_udp_server then
_direct_dns.address = direct_dns_udp_server
_direct_dns.port = tonumber(direct_dns_port) or 53
_direct_dns.port = tonumber(direct_dns_udp_port) or 53
table.insert(routing.rules, 1, {
type = "field",
ip = {
direct_dns_udp_server
},
port = tonumber(direct_dns_port) or 53,
port = tonumber(direct_dns_udp_port) or 53,
network = "udp",
outboundTag = "direct"
})
end
if direct_dns_udp_server then
_direct_dns.address = direct_dns_udp_server
_direct_dns.port = tonumber(direct_dns_port) or 53
other_type_dns_proto = "udp"
other_type_dns_server = direct_dns_udp_server
other_type_dns_port = _direct_dns.port
end
if direct_dns_tcp_server then
_direct_dns.address = direct_dns_tcp_server:gsub("tcp://", "tcp+local://")
_direct_dns.port = tonumber(direct_dns_port) or 53
_direct_dns.address = "tcp+local://" .. direct_dns_tcp_server
_direct_dns.port = tonumber(direct_dns_tcp_port) or 53
other_type_dns_proto = "tcp"
other_type_dns_server = direct_dns_tcp_server
other_type_dns_port = _direct_dns.port
end
if direct_dns_doh_url and direct_dns_doh_host then
if direct_dns_server and direct_dns_doh_host ~= direct_dns_server and not api.is_ip(direct_dns_doh_host) then
dns.hosts[direct_dns_doh_host] = direct_dns_server
if direct_dns_doh_ip and direct_dns_doh_host ~= direct_dns_doh_ip and not api.is_ip(direct_dns_doh_host) then
dns.hosts[direct_dns_doh_host] = direct_dns_doh_ip
end
_direct_dns.address = direct_dns_doh_url:gsub("https://", "https+local://")
_direct_dns.port = tonumber(direct_dns_port) or 443
other_type_dns_proto = "tcp"
other_type_dns_port = 53
_direct_dns.port = tonumber(direct_dns_doh_port) or 443
end
table.insert(dns.servers, _direct_dns)
@ -1597,6 +1573,7 @@ function gen_dns_config(var)
address = other_type_dns_server or "1.1.1.1",
port = other_type_dns_port or 53,
network = other_type_dns_proto or "tcp",
nonIPQuery = "skip"
}
})
@ -1625,7 +1602,6 @@ function gen_dns_config(var)
},
-- DNS
dns = dns,
fakedns = fakedns,
-- 传入连接
inbounds = inbounds,
-- 传出连接

34
luci-app-passwall2/luasrc/view/passwall2/node_list/link_share_man.htm
View File

@ -139,9 +139,9 @@ local api = require "luci.passwall2.api"
} else if (v_type === "Brook") {
dom_prefix = "brook_"
protocol = "brook"
} else if (v_type === "Hysteria") {
dom_prefix = "hysteria_"
protocol = "hysteria"
} else if (v_type === "Hysteria2") {
dom_prefix = "hysteria2_"
protocol = "hysteria2"
} else if (v_type === "Xray") {
dom_prefix = "xray_"
} else if (v_type === "sing-box") {
@ -390,17 +390,14 @@ local api = require "luci.passwall2.api"
}
url += url_protocol;
url += params;
} else if (v_type === "Hysteria") {
} else if (v_type === "Hysteria2") {
var v_port = opt.get(dom_prefix + "port");
var params = "";
params += opt.query("protocol", dom_prefix + "protocol");
params += opt.query("auth", dom_prefix + "auth_password");
params += opt.query("peer", dom_prefix + "tls_serverName");
params += opt.query("sni", dom_prefix + "tls_serverName");
params += opt.query("insecure", dom_prefix + "tls_allowInsecure");
params += opt.query("upmbps", dom_prefix + "up_mbps", 1000);
params += opt.query("downmbps", dom_prefix + "down_mbps", 1000);
params += opt.query("alpn", dom_prefix + "alpn");
params += opt.query("obfsParam", dom_prefix + "obfs");
params += opt.query("obfs", "salamander");
params += opt.query("obfs-password", dom_prefix + "obfs");
var url =
_address + ":" +
v_port.value + "?" +
@ -875,9 +872,9 @@ local api = require "luci.passwall2.api"
opt.set('remarks', decodeURI(m.hash.substr(1)));
}
}
if (ssu[0] === "hysteria") {
dom_prefix = "hysteria_"
var stype = "Hysteria";
if (ssu[0] === "hysteria2") {
dom_prefix = "hysteria2_"
var stype = "Hysteria2";
var m = parseNodeUrl(ssrurl);
var queryParam = {};
if (m.search.length > 1) {
@ -893,17 +890,12 @@ local api = require "luci.passwall2.api"
opt.set('type', stype);
opt.set(dom_prefix + 'address', m.hostname);
opt.set(dom_prefix + 'port', m.port || "443");
opt.set(dom_prefix + 'protocol', queryParam.protocol);
opt.set(dom_prefix + 'obfs', queryParam.obfsParam);
opt.set(dom_prefix + 'auth_type', "string");
opt.set(dom_prefix + 'auth_password', queryParam.auth);
opt.set(dom_prefix + 'tls_serverName', queryParam.peer);
opt.set(dom_prefix + 'obfs', queryParam["obfs-password"]);
opt.set(dom_prefix + 'auth', queryParam.auth);
opt.set(dom_prefix + 'tls_serverName', queryParam.sni);
if (queryParam.insecure && queryParam.insecure == "1") {
opt.set(dom_prefix + 'tls_allowInsecure', true);
}
opt.set(dom_prefix + 'alpn', queryParam.alpn);
opt.set(dom_prefix + 'up_mbps', queryParam.upmbps);
opt.set(dom_prefix + 'down_mbps', queryParam.downmbps);
if (m.hash) {
opt.set('remarks', decodeURI(m.hash.substr(1)));
}

3
luci-app-passwall2/po/zh-cn/passwall2.po
View File

@ -478,6 +478,9 @@ msgstr "QUIC 并发双向流的最大数量"
msgid "Disable MTU detection"
msgstr "禁用 MTU 检测"
msgid "ignoreClientBandwidth"
msgstr "忽略客户端带宽设置"
msgid "Lazy Start"
msgstr "延迟启动"

42
luci-app-passwall2/root/usr/share/passwall2/app.sh
View File

@ -31,7 +31,7 @@ UTIL_SINGBOX=$LUA_UTIL_PATH/util_sing-box.lua
UTIL_SS=$LUA_UTIL_PATH/util_shadowsocks.lua
UTIL_XRAY=$LUA_UTIL_PATH/util_xray.lua
UTIL_NAIVE=$LUA_UTIL_PATH/util_naiveproxy.lua
UTIL_HYSTERIA=$LUA_UTIL_PATH/util_hysteria.lua
UTIL_HYSTERIA2=$LUA_UTIL_PATH/util_hysteria2.lua
UTIL_TUIC=$LUA_UTIL_PATH/util_tuic.lua
V2RAY_ARGS=""
V2RAY_CONFIG=""
@ -332,7 +332,7 @@ run_xray() {
local _dns=$(get_first_dns direct_dns_udp_server 53 | sed 's/#/:/g')
local _dns_address=$(echo ${_dns} | awk -F ':' '{print $1}')
local _dns_port=$(echo ${_dns} | awk -F ':' '{print $2}')
V2RAY_DNS_DIRECT_ARGS="${V2RAY_DNS_DIRECT_ARGS} -direct_dns_server ${_dns_address} -direct_dns_port ${_dns_port} -direct_dns_udp_server ${_dns_address}"
V2RAY_DNS_DIRECT_ARGS="${V2RAY_DNS_DIRECT_ARGS} -direct_dns_udp_port ${_dns_port} -direct_dns_udp_server ${_dns_address}"
;;
esac
[ -n "$direct_dns_query_strategy" ] && V2RAY_DNS_DIRECT_ARGS="${V2RAY_DNS_DIRECT_ARGS} -dns_query_strategy ${direct_dns_query_strategy}"
@ -366,13 +366,13 @@ run_xray() {
local _dns=$(get_first_dns remote_dns_udp_server 53 | sed 's/#/:/g')
local _dns_address=$(echo ${_dns} | awk -F ':' '{print $1}')
local _dns_port=$(echo ${_dns} | awk -F ':' '{print $2}')
V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_server ${_dns_address} -remote_dns_port ${_dns_port} -remote_dns_udp_server ${_dns_address}"
V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_udp_port ${_dns_port} -remote_dns_udp_server ${_dns_address}"
;;
tcp)
local _dns=$(get_first_dns remote_dns_tcp_server 53 | sed 's/#/:/g')
local _dns_address=$(echo ${_dns} | awk -F ':' '{print $1}')
local _dns_port=$(echo ${_dns} | awk -F ':' '{print $2}')
V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_server ${_dns_address} -remote_dns_port ${_dns_port} -remote_dns_tcp_server tcp://${_dns}"
V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_tcp_port ${_dns_port} -remote_dns_tcp_server ${_dns_address}"
;;
doh)
local _doh_url=$(echo $remote_dns_doh | awk -F ',' '{print $1}')
@ -384,8 +384,8 @@ run_xray() {
[ -z "${_doh_port}" ] && _doh_port=443
local _doh_bootstrap=$(echo $remote_dns_doh | cut -d ',' -sf 2-)
[ "${is_ip}" = "true" ] && _doh_bootstrap=${_doh_host}
[ -n "$_doh_bootstrap" ] && V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_server ${_doh_bootstrap}"
V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_port ${_doh_port} -remote_dns_doh_url ${_doh_url} -remote_dns_doh_host ${_doh_host}"
[ -n "$_doh_bootstrap" ] && V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_doh_ip ${_doh_bootstrap}"
V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_doh_port ${_doh_port} -remote_dns_doh_url ${_doh_url} -remote_dns_doh_host ${_doh_host}"
;;
esac
@ -399,8 +399,8 @@ run_xray() {
[ -n "$dns_listen_port" ] && _extra_param="${_extra_param} -dns_listen_port ${dns_listen_port}"
[ -n "$dns_cache" ] && _extra_param="${_extra_param} -dns_cache ${dns_cache}"
_extra_param="${_extra_param} -dns_query_strategy UseIP"
_extra_param="${_extra_param} -direct_dns_port ${direct_dnsmasq_listen_port} -direct_dns_udp_server 127.0.0.1"
_extra_param="${_extra_param} -remote_dns_port ${dns_remote_listen_port} -remote_dns_udp_server 127.0.0.1"
_extra_param="${_extra_param} -direct_dns_udp_port ${direct_dnsmasq_listen_port} -direct_dns_udp_server 127.0.0.1"
_extra_param="${_extra_param} -remote_dns_udp_port ${dns_remote_listen_port} -remote_dns_udp_server 127.0.0.1"
[ "$remote_fakedns" = "1" ] && _extra_param="${_extra_param} -remote_dns_fake 1 -remote_dns_fake_strategy ${remote_dns_query_strategy}"
}
@ -455,7 +455,7 @@ run_singbox() {
local _dns=$(get_first_dns direct_dns_udp_server 53 | sed 's/#/:/g')
local _dns_address=$(echo ${_dns} | awk -F ':' '{print $1}')
local _dns_port=$(echo ${_dns} | awk -F ':' '{print $2}')
V2RAY_DNS_DIRECT_ARGS="${V2RAY_DNS_DIRECT_ARGS} -direct_dns_server ${_dns_address} -direct_dns_port ${_dns_port} -direct_dns_udp_server ${_dns_address}"
V2RAY_DNS_DIRECT_ARGS="${V2RAY_DNS_DIRECT_ARGS} -direct_dns_udp_port ${_dns_port} -direct_dns_udp_server ${_dns_address}"
;;
esac
[ -n "$direct_dns_query_strategy" ] && V2RAY_DNS_DIRECT_ARGS="${V2RAY_DNS_DIRECT_ARGS} -dns_query_strategy ${direct_dns_query_strategy}"
@ -478,7 +478,7 @@ run_singbox() {
fi
run_ipset_dnsmasq listen_port=${direct_dnsmasq_listen_port} server_dns=127.0.0.1#${dns_direct_listen_port} ipset="${direct_ipset}" nftset="${direct_nftset}" config_file=${direct_ipset_conf}
_extra_param="${_extra_param} -direct_dns_port ${direct_dnsmasq_listen_port} -direct_dns_udp_server 127.0.0.1 -direct_dns_query_strategy ${direct_dns_query_strategy}"
_extra_param="${_extra_param} -direct_dns_udp_port ${direct_dnsmasq_listen_port} -direct_dns_udp_server 127.0.0.1 -direct_dns_query_strategy ${direct_dns_query_strategy}"
:<<eof
V2RAY_DNS_REMOTE_ARGS="-dns_out_tag remote"
@ -492,13 +492,13 @@ run_singbox() {
local _dns=$(get_first_dns remote_dns_udp_server 53 | sed 's/#/:/g')
local _dns_address=$(echo ${_dns} | awk -F ':' '{print $1}')
local _dns_port=$(echo ${_dns} | awk -F ':' '{print $2}')
V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_server ${_dns_address} -remote_dns_port ${_dns_port} -remote_dns_udp_server ${_dns_address}"
V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_udp_port ${_dns_port} -remote_dns_udp_server ${_dns_address}"
;;
tcp)
local _dns=$(get_first_dns remote_dns_tcp_server 53 | sed 's/#/:/g')
local _dns_address=$(echo ${_dns} | awk -F ':' '{print $1}')
local _dns_port=$(echo ${_dns} | awk -F ':' '{print $2}')
V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_server ${_dns_address} -remote_dns_port ${_dns_port} -remote_dns_tcp_server tcp://${_dns}"
V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_tcp_port ${_dns_port} -remote_dns_tcp_server ${_dns_address}"
;;
doh)
local _doh_url=$(echo $remote_dns_doh | awk -F ',' '{print $1}')
@ -510,8 +510,8 @@ run_singbox() {
[ -z "${_doh_port}" ] && _doh_port=443
local _doh_bootstrap=$(echo $remote_dns_doh | cut -d ',' -sf 2-)
[ "${is_ip}" = "true" ] && _doh_bootstrap=${_doh_host}
[ -n "$_doh_bootstrap" ] && V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_server ${_doh_bootstrap}"
V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_port ${_doh_port} -remote_dns_doh_url ${_doh_url} -remote_dns_doh_host ${_doh_host}"
[ -n "$_doh_bootstrap" ] && V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_doh_ip ${_doh_bootstrap}"
V2RAY_DNS_REMOTE_ARGS="${V2RAY_DNS_REMOTE_ARGS} -remote_dns_doh_port ${_doh_port} -remote_dns_doh_url ${_doh_url} -remote_dns_doh_host ${_doh_host}"
;;
esac
@ -522,7 +522,7 @@ run_singbox() {
lua $UTIL_SINGBOX gen_dns_config ${V2RAY_DNS_REMOTE_ARGS} > $V2RAY_DNS_REMOTE_CONFIG
ln_run "$(first_type $(config_t_get global_app singbox_file) sing-box)" "sing-box" "/dev/null" run -c "$V2RAY_DNS_REMOTE_CONFIG"
_extra_param="${_extra_param} -remote_dns_port ${dns_remote_listen_port} -remote_dns_udp_server 127.0.0.1"
_extra_param="${_extra_param} -remote_dns_udp_port ${dns_remote_listen_port} -remote_dns_udp_server 127.0.0.1"
eof
case "$remote_dns_protocol" in
@ -530,13 +530,13 @@ eof
local _dns=$(get_first_dns remote_dns_udp_server 53 | sed 's/#/:/g')
local _dns_address=$(echo ${_dns} | awk -F ':' '{print $1}')
local _dns_port=$(echo ${_dns} | awk -F ':' '{print $2}')
_extra_param="${_extra_param} -remote_dns_port ${_dns_port} -remote_dns_udp_server ${_dns_address}"
_extra_param="${_extra_param} -remote_dns_udp_port ${_dns_port} -remote_dns_udp_server ${_dns_address}"
;;
tcp)
local _dns=$(get_first_dns remote_dns_tcp_server 53 | sed 's/#/:/g')
local _dns_address=$(echo ${_dns} | awk -F ':' '{print $1}')
local _dns_port=$(echo ${_dns} | awk -F ':' '{print $2}')
_extra_param="${_extra_param} -remote_dns_server ${_dns_address} -remote_dns_port ${_dns_port} -remote_dns_tcp_server tcp://${_dns}"
_extra_param="${_extra_param} -remote_dns_tcp_port ${_dns_port} -remote_dns_tcp_server ${_dns_address}"
;;
doh)
local _doh_url=$(echo $remote_dns_doh | awk -F ',' '{print $1}')
@ -548,8 +548,8 @@ eof
[ -z "${_doh_port}" ] && _doh_port=443
local _doh_bootstrap=$(echo $remote_dns_doh | cut -d ',' -sf 2-)
[ "${is_ip}" = "true" ] && _doh_bootstrap=${_doh_host}
[ -n "$_doh_bootstrap" ] && _extra_param="${_extra_param} -remote_dns_server ${_doh_bootstrap}"
_extra_param="${_extra_param} -remote_dns_port ${_doh_port} -remote_dns_doh_url ${_doh_url} -remote_dns_doh_host ${_doh_host}"
[ -n "$_doh_bootstrap" ] && _extra_param="${_extra_param} -remote_dns_doh_ip ${_doh_bootstrap}"
_extra_param="${_extra_param} -remote_dns_doh_port ${_doh_port} -remote_dns_doh_url ${_doh_url} -remote_dns_doh_host ${_doh_host}"
;;
esac
@ -664,13 +664,13 @@ run_socks() {
lua $UTIL_SS gen_config -node $node -local_socks_port $socks_port -server_host $server_host -server_port $port ${_extra_param} > $config_file
ln_run "$(first_type sslocal)" "sslocal" $log_file -c "$config_file" -v
;;
hysteria)
hysteria2)
[ "$http_port" != "0" ] && {
http_flag=1
config_file=$(echo $config_file | sed "s/SOCKS/HTTP_SOCKS/g")
local _extra_param="-local_http_port $http_port"
}
lua $UTIL_HYSTERIA gen_config -node $node -local_socks_port $socks_port -server_host $server_host -server_port $port ${_extra_param} > $config_file
lua $UTIL_HYSTERIA2 gen_config -node $node -local_socks_port $socks_port -server_host $server_host -server_port $port ${_extra_param} > $config_file
ln_run "$(first_type $(config_t_get global_app hysteria_file))" "hysteria" $log_file -c "$config_file" client
;;
tuic)

8
luci-app-passwall2/root/usr/share/passwall2/iptables.sh
View File

@ -249,8 +249,7 @@ load_acl() {
msg2="${msg2}(REDIRECT:${redir_port})代理"
fi
$ipt_n -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(dst $ipset_whitelist) ! -d $FAKE_IP -j RETURN
$ipt_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(dst $ipset_whitelist) ! -d $FAKE_IP -j RETURN
$ipt_tmp -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(dst $ipset_whitelist) ! -d $FAKE_IP -j RETURN
[ "$accept_icmp" = "1" ] && {
$ipt_n -A PSW2 $(comment "$remarks") -p icmp ${_ipt_source} -d $FAKE_IP $(REDIRECT)
@ -278,7 +277,6 @@ load_acl() {
$ipt_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(REDIRECT $redir_port TPROXY)
fi
[ "$PROXY_IPV6" == "1" ] && {
$ip6t_n -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(dst $ipset_whitelist6) ! -d $FAKE_IP_6 -j RETURN
$ip6t_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(dst $ipset_whitelist6) ! -d $FAKE_IP_6 -j RETURN
$ip6t_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} -d $FAKE_IP_6 -j PSW2_RULE 2>/dev/null
$ip6t_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_redir_ports "-m multiport --dport") -j PSW2_RULE 2>/dev/null
@ -350,8 +348,7 @@ load_acl() {
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && msg="${msg}${TCP_NO_REDIR_PORTS}外的"
msg="${msg}所有端口"
$ipt_n -A PSW2 $(comment "默认") -p tcp $(dst $ipset_global_whitelist) ! -d $FAKE_IP -j RETURN
$ipt_m -A PSW2 $(comment "默认") -p tcp $(dst $ipset_global_whitelist) ! -d $FAKE_IP -j RETURN
$ipt_tmp -A PSW2 $(comment "默认") -p tcp $(dst $ipset_global_whitelist) ! -d $FAKE_IP -j RETURN
[ "$accept_icmp" = "1" ] && {
$ipt_n -A PSW2 $(comment "默认") -p icmp -d $FAKE_IP $(REDIRECT)
@ -373,7 +370,6 @@ load_acl() {
fi
[ "$PROXY_IPV6" == "1" ] && {
$ip6t_n -A PSW2 $(comment "默认") -p tcp $(dst $ipset_global_whitelist6) ! -d $FAKE_IP_6 -j RETURN
$ip6t_m -A PSW2 $(comment "默认") -p tcp $(dst $ipset_global_whitelist6) ! -d $FAKE_IP_6 -j RETURN
$ip6t_m -A PSW2 $(comment "默认") -p tcp -d $FAKE_IP_6 -j PSW2_RULE
$ip6t_m -A PSW2 $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE

8
luci-app-passwall2/root/usr/share/passwall2/nftables.sh
View File

@ -271,8 +271,8 @@ load_acl() {
msg2="${msg2}(REDIRECT:${redir_port})代理"
fi
nft "add rule inet fw4 PSW2_NAT ip protocol tcp ${_ipt_source} ip daddr @$nftset_whitelist counter return comment \"$remarks\""
nft "add rule inet fw4 PSW2_MANGLE ip protocol tcp ${_ipt_source} ip daddr @$nftset_whitelist counter return comment \"$remarks\""
[ -z "${is_tproxy}" ] && nft "add rule inet fw4 PSW2_NAT ip protocol tcp ${_ipt_source} ip daddr @$nftset_whitelist counter return comment \"$remarks\""
[ -n "${is_tproxy}" ] && nft "add rule inet fw4 PSW2_MANGLE ip protocol tcp ${_ipt_source} ip daddr @$nftset_whitelist counter return comment \"$remarks\""
[ "$accept_icmp" = "1" ] && {
nft "add rule inet fw4 PSW2_ICMP_REDIRECT ip protocol icmp ${_ipt_source} ip daddr $FAKE_IP $(REDIRECT) comment \"$remarks\""
@ -371,8 +371,8 @@ load_acl() {
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && msg="${msg}${TCP_NO_REDIR_PORTS}外的"
msg="${msg}所有端口"
nft "add rule inet fw4 PSW2_NAT ip protocol tcp ip daddr @$nftset_global_whitelist counter return comment \"$remarks\""
nft "add rule inet fw4 PSW2_MANGLE ip protocol tcp ip daddr @$nftset_global_whitelist counter return comment \"$remarks\""
[ -z "${is_tproxy}" ] && nft "add rule inet fw4 PSW2_NAT ip protocol tcp ip daddr @$nftset_global_whitelist counter return comment \"$remarks\""
[ -n "${is_tproxy}" ] && nft "add rule inet fw4 PSW2_MANGLE ip protocol tcp ip daddr @$nftset_global_whitelist counter return comment \"$remarks\""
[ "$accept_icmp" = "1" ] && {
nft "add rule inet fw4 PSW2_ICMP_REDIRECT ip protocol icmp ip daddr $FAKE_IP $(REDIRECT) comment \"默认\""