update 2023-06-14 23:15:20
This commit is contained in:
github-actions[bot]
parent
b7b9be719c
commit
cb903c5813
|
|
@ -5,17 +5,17 @@ function index()
|
|||
return
|
||||
end
|
||||
|
||||
local page = entry({"admin", "services", "alist"}, alias("admin", "services", "alist", "basic"), _("Alist"), 20)
|
||||
local page = entry({"admin", "nas", "alist"}, alias("admin", "nas", "alist", "basic"), _("Alist"), 20)
|
||||
page.dependent = true
|
||||
page.acl_depends = { "luci-app-alist" }
|
||||
|
||||
entry({"admin", "services"}, firstchild(), "Services", 44).dependent = false
|
||||
entry({"admin", "services", "alist", "basic"}, cbi("alist/basic"), _("Basic Setting"), 1).leaf = true
|
||||
entry({"admin", "services", "alist", "log"}, cbi("alist/log"), _("Logs"), 2).leaf = true
|
||||
entry({"admin", "services", "alist", "alist_status"}, call("alist_status")).leaf = true
|
||||
entry({"admin", "services", "alist", "get_log"}, call("get_log")).leaf = true
|
||||
entry({"admin", "services", "alist", "clear_log"}, call("clear_log")).leaf = true
|
||||
entry({"admin", "services", "alist", "admin_info"}, call("admin_info")).leaf = true
|
||||
entry({"admin", "nas"}, firstchild(), "NAS", 44).dependent = false
|
||||
entry({"admin", "nas", "alist", "basic"}, cbi("alist/basic"), _("Basic Setting"), 1).leaf = true
|
||||
entry({"admin", "nas", "alist", "log"}, cbi("alist/log"), _("Logs"), 2).leaf = true
|
||||
entry({"admin", "nas", "alist", "alist_status"}, call("alist_status")).leaf = true
|
||||
entry({"admin", "nas", "alist", "get_log"}, call("get_log")).leaf = true
|
||||
entry({"admin", "nas", "alist", "clear_log"}, call("clear_log")).leaf = true
|
||||
entry({"admin", "nas", "alist", "admin_info"}, call("admin_info")).leaf = true
|
||||
end
|
||||
|
||||
function alist_status()
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
{
|
||||
btn.disabled = true;
|
||||
btn.value = '<%:Reading...%>';
|
||||
XHR.get('<%=luci.dispatcher.build_url("admin", "services", "alist", "admin_info")%>',
|
||||
XHR.get('<%=luci.dispatcher.build_url("admin", "nas", "alist", "admin_info")%>',
|
||||
null,
|
||||
function(x,rv)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
<script type="text/javascript">
|
||||
//<![CDATA[
|
||||
function clear_log(btn) {
|
||||
XHR.get('<%=url([[admin]], [[services]], [[alist]], [[clear_log]])%>', null,
|
||||
XHR.get('<%=url([[admin]], [[nas]], [[alist]], [[clear_log]])%>', null,
|
||||
function(x, data) {
|
||||
if(x && x.status == 200) {
|
||||
var log_textarea = document.getElementById('log_textarea');
|
||||
|
|
@ -13,7 +13,7 @@
|
|||
);
|
||||
}
|
||||
var scrolled = false;
|
||||
XHR.poll(2, '<%=url([[admin]], [[services]], [[alist]], [[get_log]])%>', null,
|
||||
XHR.poll(2, '<%=url([[admin]], [[nas]], [[alist]], [[get_log]])%>', null,
|
||||
function(x, data) {
|
||||
if(x && x.status == 200) {
|
||||
var log_textarea = document.getElementById('log_textarea');
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
%>
|
||||
|
||||
<script type="text/javascript">//<![CDATA[
|
||||
XHR.poll(5, '<%=url("admin/services/alist/alist_status")%>', null,
|
||||
XHR.poll(5, '<%=url("admin/nas/alist/alist_status")%>', null,
|
||||
function(x, st)
|
||||
{
|
||||
var tb = document.getElementById('alist_status');
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ msgstr "未运行"
|
|||
msgid "Collecting data..."
|
||||
msgstr "收集数据..."
|
||||
|
||||
msgid "Services"
|
||||
msgid "NAS"
|
||||
msgstr "网络存储"
|
||||
|
||||
msgid "User Manual"
|
||||
|
|
|
|||
|
|
@ -0,0 +1,18 @@
|
|||
|
||||
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_VERSION:=1.0.0-20230614
|
||||
PKG_RELEASE:=
|
||||
|
||||
LUCI_TITLE:=LuCI support for bmtedge
|
||||
LUCI_PKGARCH:=all
|
||||
LUCI_DEPENDS:=+lsblk +docker +dockerd +luci-lib-taskd
|
||||
|
||||
define Package/luci-app-bmtedge/conffiles
|
||||
/etc/config/bmtedge
|
||||
endef
|
||||
|
||||
include $(TOPDIR)/feeds/luci/luci.mk
|
||||
|
||||
# call BuildPackage - OpenWrt buildroot signature
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
|
||||
module("luci.controller.bmtedge", package.seeall)
|
||||
|
||||
function index()
|
||||
entry({"admin", "services", "bmtedge"}, alias("admin", "services", "bmtedge", "config"), _("BlueMountain Edge"), 30).dependent = true
|
||||
entry({"admin", "services", "bmtedge", "config"}, cbi("bmtedge"))
|
||||
end
|
||||
|
|
@ -0,0 +1,58 @@
|
|||
local util = require "luci.util"
|
||||
local jsonc = require "luci.jsonc"
|
||||
local nixio = require "nixio"
|
||||
|
||||
local bmtedge = {}
|
||||
|
||||
bmtedge.blocks = function()
|
||||
local f = io.popen("lsblk -s -f -b -o NAME,FSSIZE,MOUNTPOINT --json", "r")
|
||||
local vals = {}
|
||||
if f then
|
||||
local ret = f:read("*all")
|
||||
f:close()
|
||||
local obj = jsonc.parse(ret)
|
||||
for _, val in pairs(obj["blockdevices"]) do
|
||||
local fsize = val["fssize"]
|
||||
if fsize ~= nil and string.len(fsize) > 10 and val["mountpoint"] then
|
||||
-- fsize > 1G
|
||||
vals[#vals+1] = val["mountpoint"]
|
||||
end
|
||||
end
|
||||
end
|
||||
return vals
|
||||
end
|
||||
|
||||
bmtedge.default_image = function()
|
||||
if string.find(nixio.uname().machine, "x86_64") then
|
||||
return "jinshanyun/jinshan-x86_64"
|
||||
else
|
||||
return "jinshanyun/jinshan-arm64"
|
||||
end
|
||||
end
|
||||
|
||||
local random_str = function(t)
|
||||
math.randomseed(os.time())
|
||||
local s = "0123456789abcdefghijklmnopqrstuvwsyz"
|
||||
local value = ""
|
||||
for x = 1,t do
|
||||
local rand = math.random(#s)
|
||||
value = value .. string.sub(s, rand, rand)
|
||||
end
|
||||
return value
|
||||
end
|
||||
|
||||
bmtedge.default_uid = function()
|
||||
local f = io.open("/sys/class/net/eth0/address", "r")
|
||||
if not f then
|
||||
f = io.open("/sys/class/net/br-lan/address", "r")
|
||||
end
|
||||
if not f then
|
||||
return random_str(16)
|
||||
end
|
||||
local ret = f:read("*all")
|
||||
f:close()
|
||||
return string.gsub(ret, "[ \r\n:]+", "") .. random_str(8)
|
||||
end
|
||||
|
||||
return bmtedge
|
||||
|
||||
|
|
@ -0,0 +1,48 @@
|
|||
--[[
|
||||
LuCI - Lua Configuration Interface
|
||||
]]--
|
||||
|
||||
local taskd = require "luci.model.tasks"
|
||||
local bmtedge_model = require "luci.model.bmtedge"
|
||||
local m, s, o
|
||||
|
||||
m = taskd.docker_map("bmtedge", "bmtedge", "/usr/libexec/istorec/bmtedge.sh",
|
||||
translate("BlueMountain Edge"),
|
||||
"蓝山云-流量宝由蓝山联合金山云推出的一款镜像软件,通过简单安装后可快速加入蓝山的边缘计算生态,在线共享带宽即可赚钱,每月可获取一定的现金汇报!了解更多,请登录「<a href=\"www.bmtcloud.com.cn\" target=\"_blank\" >蓝山云官网</a>」")
|
||||
|
||||
s = m:section(SimpleSection, translate("Service Status"), translate("BlueMountain Edge status:"), "注意网心云会以超级权限运行!")
|
||||
s:append(Template("bmtedge/status"))
|
||||
|
||||
s = m:section(TypedSection, "bmtedge", translate("Setup"), translate("The following parameters will only take effect during installation or upgrade:"))
|
||||
s.addremove=false
|
||||
s.anonymous=true
|
||||
|
||||
local default_image = bmtedge_model.default_image()
|
||||
o = s:option(Value, "image_name", translate("Image").."<b>*</b>")
|
||||
o.rmempty = false
|
||||
o.datatype = "string"
|
||||
o:value("jinshanyun/jinshan-x86_64", "jinshanyun/jinshan-x86_64")
|
||||
o:value("jinshanyun/jinshan-arm64", "jinshanyun/jinshan-arm64")
|
||||
o.default = default_image
|
||||
|
||||
local default_uid = bmtedge_model.default_uid()
|
||||
o = s:option(Value, "uid", translate("UID").."<b>*</b>")
|
||||
o.rmempty = false
|
||||
o.datatype = "string"
|
||||
o:value(default_uid, default_uid)
|
||||
o.default = default_uid
|
||||
|
||||
local blks = bmtedge_model.blocks()
|
||||
local dir
|
||||
o = s:option(Value, "cache_path", translate("Cache path").."<b>*</b>", "请选择合适的存储位置进行安装,安装位置容量越大,收益越高。安装后请勿轻易改动")
|
||||
o.rmempty = false
|
||||
o.datatype = "string"
|
||||
for _, dir in pairs(blks) do
|
||||
dir = dir .. "/bmtedge1"
|
||||
o:value(dir, dir)
|
||||
end
|
||||
if #blks > 0 then
|
||||
o.default = blks[1] .. "/bmtedge1"
|
||||
end
|
||||
|
||||
return m
|
||||
|
|
@ -0,0 +1,61 @@
|
|||
<%
|
||||
local util = require "luci.util"
|
||||
local container_status = util.trim(util.exec("/usr/libexec/istorec/bmtedge.sh status"))
|
||||
local container_install = (string.len(container_status) > 0)
|
||||
local container_running = container_status == "running"
|
||||
local uci = require "luci.model.uci".cursor()
|
||||
local uid = uci:get_first("bmtedge", "bmtedge", "uid", ""),
|
||||
-%>
|
||||
<script src="/luci-static/bmtedge/qrcode.min.js"></script>
|
||||
<div class="cbi-value">
|
||||
<label class="cbi-value-title"><%:Status%></label>
|
||||
<div class="cbi-value-field">
|
||||
<% if container_running then %>
|
||||
<button class="cbi-button cbi-button-success" disabled="true"><%:BlueMountain Edge is running%></button>
|
||||
|
||||
<div class="cbi-value cbi-value-last">
|
||||
<label class="cbi-value-title"> </label>
|
||||
<div class="cbi-value-field">
|
||||
<input type="button" class="btn cbi-button cbi-button-apply" id="btnShowQr" name="start" value="显示二维码" />
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<% else %>
|
||||
<button class="cbi-button cbi-button-negative" disabled="true"><%:BlueMountain Edge is not running%></button>
|
||||
<% end %>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div id="winContainer" style="display: none">
|
||||
<div id="qrimage" style="
|
||||
width: 256px;
|
||||
height: 256px;
|
||||
">
|
||||
</div>
|
||||
<h6>用“蓝山云”小程序扫码,请查看:<a href="https://doc.linkease.com" target="_blank">教程</a></h6>
|
||||
</div>
|
||||
|
||||
<script>
|
||||
(function() {
|
||||
'use strict';
|
||||
var shown = false;
|
||||
var tryShowTips = function() {
|
||||
if (shown) {
|
||||
return;
|
||||
}
|
||||
shown = true;
|
||||
$("#winContainer").show();
|
||||
$("#winContainer").find(".button").click(function(){
|
||||
$("#winContainer").hide();
|
||||
show = false;
|
||||
});
|
||||
};
|
||||
|
||||
$('#btnShowQr').click(function(){
|
||||
new QRCode(document.getElementById("qrimage"), "lsyK17032_"+"<%=uid%>");
|
||||
tryShowTips();
|
||||
});
|
||||
|
||||
})();
|
||||
|
||||
</script>
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
msgid ""
|
||||
msgstr "Content-Type: text/plain; charset=UTF-8"
|
||||
|
||||
msgid "BlueMountain Edge"
|
||||
msgstr "蓝山云-流量宝"
|
||||
|
||||
msgid "Cache path"
|
||||
msgstr "缓存文件路径"
|
||||
|
||||
msgid "Service Status"
|
||||
msgstr "服务状态"
|
||||
|
||||
msgid "BlueMountain Edge status:"
|
||||
msgstr "蓝山云的状态信息如下:"
|
||||
|
||||
msgid "Setup"
|
||||
msgstr "安装配置"
|
||||
|
||||
msgid "The following parameters will only take effect during installation or upgrade:"
|
||||
msgstr "以下参数只在安装或者升级时才会生效:"
|
||||
|
||||
msgid "Status"
|
||||
msgstr "状态"
|
||||
|
||||
msgid "BlueMountain Edge is running"
|
||||
msgstr "蓝山云运行中"
|
||||
|
||||
msgid "BlueMountain Edge is not running"
|
||||
msgstr "蓝山云未运行"
|
||||
|
||||
msgid "Open the BlueMountain Edge"
|
||||
msgstr "打开蓝山云"
|
||||
|
||||
msgid "UID"
|
||||
msgstr "唯一标识"
|
||||
|
||||
|
|
@ -0,0 +1 @@
|
|||
zh-cn
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
config bmtedge
|
||||
option 'cache_path' ''
|
||||
option 'image_name' ''
|
||||
option 'uid' ''
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
#!/bin/sh
|
||||
|
||||
uci -q batch <<-EOF >/dev/null
|
||||
delete firewall.bmtedge
|
||||
set firewall.bmtedge=rule
|
||||
set firewall.bmtedge.name="bmtedge"
|
||||
set firewall.bmtedge.target="ACCEPT"
|
||||
set firewall.bmtedge.src="wan"
|
||||
set firewall.bmtedge.dest_port="1024-65535"
|
||||
set firewall.bmtedge.enabled="0"
|
||||
commit firewall
|
||||
EOF
|
||||
|
||||
exit 0
|
||||
|
|
@ -0,0 +1,97 @@
|
|||
#!/bin/sh
|
||||
|
||||
ACTION=${1}
|
||||
shift 1
|
||||
|
||||
do_install() {
|
||||
local path=`uci get bmtedge.@bmtedge[0].cache_path 2>/dev/null`
|
||||
local uid=`uci get bmtedge.@bmtedge[0].uid 2>/dev/null`
|
||||
local image_name=`uci get bmtedge.@bmtedge[0].image_name 2>/dev/null`
|
||||
|
||||
if [ -z "$path" ]; then
|
||||
echo "path is empty!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
[ -z "$image_name" ] && image_name="jinshanyun/jinshan-x86_64:latest"
|
||||
echo "docker pull ${image_name}"
|
||||
docker pull ${image_name}
|
||||
docker rm -f bmtedge
|
||||
|
||||
local cmd="docker run --restart=unless-stopped -d \
|
||||
--privileged \
|
||||
--network=host \
|
||||
--dns=127.0.0.1 \
|
||||
--tmpfs /run \
|
||||
--tmpfs /tmp \
|
||||
-v \"$path:/data/ksc1\" \
|
||||
-v \"$path/containerd:/var/lib/containerd\" \
|
||||
-e ksc_supplier_code=\"92101\" \
|
||||
-e ksc_datadir=\"/data/ksc1\" \
|
||||
-e ksc_machine_code=\"lsyK17032_$uid\" \
|
||||
-e ksc_refer=\"ruiyun_node\""
|
||||
|
||||
local tz="`uci get system.@system[0].zonename`"
|
||||
[ -z "$tz" ] || cmd="$cmd -e TZ=$tz"
|
||||
|
||||
cmd="$cmd --name bmtedge \"$image_name\""
|
||||
|
||||
echo "$cmd"
|
||||
eval "$cmd"
|
||||
|
||||
if [ "$?" = "0" ]; then
|
||||
if [ "`uci -q get firewall.bmtedge.enabled`" = 0 ]; then
|
||||
uci -q batch <<-EOF >/dev/null
|
||||
set firewall.bmtedge.enabled="1"
|
||||
commit firewall
|
||||
EOF
|
||||
/etc/init.d/firewall reload
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "Install OK!"
|
||||
|
||||
}
|
||||
|
||||
usage() {
|
||||
echo "usage: $0 sub-command"
|
||||
echo "where sub-command is one of:"
|
||||
echo " install Install the bmtedge"
|
||||
echo " upgrade Upgrade the bmtedge"
|
||||
echo " rm/start/stop/restart Remove/Start/Stop/Restart the bmtedge"
|
||||
echo " status Onething Edge status"
|
||||
echo " port Onething Edge port"
|
||||
}
|
||||
|
||||
case ${ACTION} in
|
||||
"install")
|
||||
do_install
|
||||
;;
|
||||
"upgrade")
|
||||
do_install
|
||||
;;
|
||||
"rm")
|
||||
docker rm -f bmtedge
|
||||
if [ "`uci -q get firewall.bmtedge.enabled`" = 1 ]; then
|
||||
uci -q batch <<-EOF >/dev/null
|
||||
set firewall.bmtedge.enabled="0"
|
||||
commit firewall
|
||||
EOF
|
||||
/etc/init.d/firewall reload
|
||||
fi
|
||||
;;
|
||||
"start" | "stop" | "restart")
|
||||
docker ${ACTION} bmtedge
|
||||
;;
|
||||
"status")
|
||||
docker ps --all -f 'name=bmtedge' --format '{{.State}}'
|
||||
;;
|
||||
"port")
|
||||
docker ps --all -f 'name=bmtedge' --format '{{.Ports}}' | grep -om1 '0.0.0.0:[0-9]*' | sed 's/0.0.0.0://'
|
||||
;;
|
||||
*)
|
||||
usage
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
{
|
||||
"luci-app-bmtedge": {
|
||||
"description": "Grant UCI access for luci-app-bmtedge",
|
||||
"read": {
|
||||
"uci": [ "bmtedge" ]
|
||||
},
|
||||
"write": {
|
||||
"uci": [ "bmtedge" ]
|
||||
}
|
||||
}
|
||||
}
|
||||
File diff suppressed because one or more lines are too long
|
|
@ -19,7 +19,7 @@ String.prototype.replaceAll = function(search, replacement) {
|
|||
function removePath(filename, isdir) {
|
||||
var c = confirm('你确定要删除 ' + filename + ' 吗?');
|
||||
if (c) {
|
||||
iwxhr.get('/cgi-bin/luci/admin/services/fileassistant/delete',
|
||||
iwxhr.get('/cgi-bin/luci/admin/nas/fileassistant/delete',
|
||||
{
|
||||
path: concatPath(currentPath, filename),
|
||||
isdir: isdir
|
||||
|
|
@ -44,7 +44,7 @@ String.prototype.replaceAll = function(search, replacement) {
|
|||
}
|
||||
var c = confirm('你确定要安装 ' + filename + ' 吗?');
|
||||
if (c) {
|
||||
iwxhr.get('/cgi-bin/luci/admin/services/fileassistant/install',
|
||||
iwxhr.get('/cgi-bin/luci/admin/nas/fileassistant/install',
|
||||
{
|
||||
filepath: concatPath(currentPath, filename),
|
||||
isdir: isdir
|
||||
|
|
@ -76,7 +76,7 @@ String.prototype.replaceAll = function(search, replacement) {
|
|||
newname = newname.trim();
|
||||
if (newname != filename) {
|
||||
var newpath = concatPath(currentPath, newname);
|
||||
iwxhr.get('/cgi-bin/luci/admin/services/fileassistant/rename',
|
||||
iwxhr.get('/cgi-bin/luci/admin/nas/fileassistant/rename',
|
||||
{
|
||||
filepath: concatPath(currentPath, filename),
|
||||
newpath: newpath
|
||||
|
|
@ -93,7 +93,7 @@ String.prototype.replaceAll = function(search, replacement) {
|
|||
|
||||
function openpath(filename, dirname) {
|
||||
dirname = dirname || currentPath;
|
||||
window.open('/cgi-bin/luci/admin/services/fileassistant/open?path='
|
||||
window.open('/cgi-bin/luci/admin/nas/fileassistant/open?path='
|
||||
+ encodeURIComponent(dirname) + '&filename='
|
||||
+ encodeURIComponent(filename));
|
||||
}
|
||||
|
|
@ -210,7 +210,7 @@ String.prototype.replaceAll = function(search, replacement) {
|
|||
opt = opt || {};
|
||||
path = concatPath(path, '');
|
||||
if (currentPath != path) {
|
||||
iwxhr.get('/cgi-bin/luci/admin/services/fileassistant/list',
|
||||
iwxhr.get('/cgi-bin/luci/admin/nas/fileassistant/list',
|
||||
{path: path},
|
||||
function (x, res) {
|
||||
if (res.ec === 0) {
|
||||
|
|
@ -255,7 +255,7 @@ String.prototype.replaceAll = function(search, replacement) {
|
|||
formData.append('upload-dir', concatPath(currentPath, ''));
|
||||
formData.append('upload-file', uploadinput.files[0]);
|
||||
var xhr = new XMLHttpRequest();
|
||||
xhr.open("POST", "/cgi-bin/luci/admin/services/fileassistant/upload", true);
|
||||
xhr.open("POST", "/cgi-bin/luci/admin/nas/fileassistant/upload", true);
|
||||
xhr.onload = function() {
|
||||
if (xhr.status == 200) {
|
||||
var res = JSON.parse(xhr.responseText);
|
||||
|
|
|
|||
|
|
@ -1,32 +1,32 @@
|
|||
module("luci.controller.fileassistant", package.seeall)
|
||||
|
||||
function index()
|
||||
entry({"admin", "services"}, firstchild(), _("Services") , 45).dependent = false
|
||||
entry({"admin", "nas"}, firstchild(), _("NAS") , 45).dependent = false
|
||||
|
||||
entry({"admin", "services"}, firstchild(), "Services", 44).dependent = false
|
||||
entry({"admin", "nas"}, firstchild(), "NAS", 44).dependent = false
|
||||
|
||||
local page
|
||||
page = entry({"admin", "services", "fileassistant"}, template("fileassistant"), _("文件助手"), 1)
|
||||
page = entry({"admin", "nas", "fileassistant"}, template("fileassistant"), _("文件助手"), 1)
|
||||
page.i18n = "base"
|
||||
page.dependent = true
|
||||
page.acl_depends = { "luci-app-fileassistant" }
|
||||
|
||||
page = entry({"admin", "services", "fileassistant", "list"}, call("fileassistant_list"), nil)
|
||||
page = entry({"admin", "nas", "fileassistant", "list"}, call("fileassistant_list"), nil)
|
||||
page.leaf = true
|
||||
|
||||
page = entry({"admin", "services", "fileassistant", "open"}, call("fileassistant_open"), nil)
|
||||
page = entry({"admin", "nas", "fileassistant", "open"}, call("fileassistant_open"), nil)
|
||||
page.leaf = true
|
||||
|
||||
page = entry({"admin", "services", "fileassistant", "delete"}, call("fileassistant_delete"), nil)
|
||||
page = entry({"admin", "nas", "fileassistant", "delete"}, call("fileassistant_delete"), nil)
|
||||
page.leaf = true
|
||||
|
||||
page = entry({"admin", "services", "fileassistant", "rename"}, call("fileassistant_rename"), nil)
|
||||
page = entry({"admin", "nas", "fileassistant", "rename"}, call("fileassistant_rename"), nil)
|
||||
page.leaf = true
|
||||
|
||||
page = entry({"admin", "services", "fileassistant", "upload"}, call("fileassistant_upload"), nil)
|
||||
page = entry({"admin", "nas", "fileassistant", "upload"}, call("fileassistant_upload"), nil)
|
||||
page.leaf = true
|
||||
|
||||
page = entry({"admin", "services", "fileassistant", "install"}, call("fileassistant_install"), nil)
|
||||
page = entry({"admin", "nas", "fileassistant", "install"}, call("fileassistant_install"), nil)
|
||||
page.leaf = true
|
||||
|
||||
end
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=luci-app-passwall2
|
||||
PKG_VERSION:=1.16-5
|
||||
PKG_VERSION:=1.16-6
|
||||
PKG_RELEASE:=
|
||||
|
||||
PKG_CONFIG_DEPENDS:= \
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ local jsonc = api.jsonc
|
|||
|
||||
local CONFIG = "passwall2_server"
|
||||
local CONFIG_PATH = "/tmp/etc/" .. CONFIG
|
||||
local NFT_INCLUDE_FILE = CONFIG_PATH .. "/" .. CONFIG .. ".nft"
|
||||
local LOG_APP_FILE = "/tmp/log/" .. CONFIG .. ".log"
|
||||
local TMP_BIN_PATH = CONFIG_PATH .. "/bin"
|
||||
local require_dir = "luci.passwall2."
|
||||
|
|
@ -53,11 +54,6 @@ end
|
|||
|
||||
local function gen_include()
|
||||
cmd(string.format("echo '#!/bin/sh' > /tmp/etc/%s.include", CONFIG))
|
||||
if nft_flag == "1" then
|
||||
cmd("echo \"\" > " .. CONFIG_PATH .. "/" .. CONFIG .. ".nft")
|
||||
local nft_cmd = "for chain in $(nft -a list chains |grep -E \"chain PSW2-SERVER\" |awk -F ' ' '{print$2}'); do\n nft list chain inet fw4 ${chain} >> " .. CONFIG_PATH .. "/" .. CONFIG .. ".nft\n done"
|
||||
cmd(nft_cmd)
|
||||
end
|
||||
local function extract_rules(n, a)
|
||||
local _ipt = ipt_bin
|
||||
if n == "6" then
|
||||
|
|
@ -81,8 +77,7 @@ local function gen_include()
|
|||
f:write("EOT" .. "\n")
|
||||
f:close()
|
||||
else
|
||||
f:write("nft -f " .. CONFIG_PATH .. "/" .. CONFIG .. ".nft\n")
|
||||
f:write("nft insert rule inet fw4 input position 0 counter jump PSW2-SERVER")
|
||||
f:write("nft -f " .. NFT_INCLUDE_FILE .. "\n")
|
||||
f:close()
|
||||
end
|
||||
end
|
||||
|
|
@ -101,8 +96,11 @@ local function start()
|
|||
ip6t("-N PSW2-SERVER")
|
||||
ip6t("-I INPUT -j PSW2-SERVER")
|
||||
else
|
||||
cmd("nft add chain inet fw4 PSW2-SERVER\n")
|
||||
cmd("nft insert rule inet fw4 input position 0 counter jump PSW2-SERVER")
|
||||
nft_file, err = io.open(NFT_INCLUDE_FILE, "w")
|
||||
nft_file:write('#!/usr/sbin/nft -f\n')
|
||||
nft_file:write('add chain inet fw4 PSW2-SERVER\n')
|
||||
nft_file:write('flush chain inet fw4 PSW2-SERVER\n')
|
||||
nft_file:write('insert rule inet fw4 input position 0 jump PSW2-SERVER comment "PSW2-SERVER"\n')
|
||||
end
|
||||
uci:foreach(CONFIG, "user", function(user)
|
||||
local id = user[".name"]
|
||||
|
|
@ -189,14 +187,19 @@ local function start()
|
|||
ip6t(string.format('-A PSW2-SERVER -p udp --dport %s -m comment --comment "%s" -j ACCEPT', port, remarks))
|
||||
end
|
||||
else
|
||||
cmd(string.format('nft add rule inet fw4 PSW2-SERVER meta l4proto tcp tcp dport {%s} accept', port))
|
||||
nft_file:write(string.format('add rule inet fw4 PSW2-SERVER meta l4proto tcp tcp dport {%s} counter accept comment "%s"\n', port, remarks))
|
||||
if udp_forward == 1 then
|
||||
cmd(string.format('nft add rule inet fw4 PSW2-SERVER meta l4proto udp udp dport {%s} accept', port))
|
||||
nft_file:write(string.format('add rule inet fw4 PSW2-SERVER meta l4proto udp udp dport {%s} counter accept comment "%s"\n', port, remarks))
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end)
|
||||
if nft_flag == "1" then
|
||||
nft_file:write("add rule inet fw4 PSW2-SERVER return\n")
|
||||
nft_file:close()
|
||||
cmd("nft -f " .. NFT_INCLUDE_FILE)
|
||||
end
|
||||
gen_include()
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ NFTSET_LANLIST6="passwall2_lanlist6"
|
|||
NFTSET_VPSLIST6="passwall2_vpslist6"
|
||||
NFTSET_WHITELIST6="passwall2_whitelist6"
|
||||
|
||||
FORCE_INDEX=2
|
||||
FORCE_INDEX=0
|
||||
|
||||
. /lib/functions/network.sh
|
||||
|
||||
|
|
@ -117,10 +117,8 @@ destroy_nftset() {
|
|||
insert_nftset() {
|
||||
local nftset_name="${1}"; shift
|
||||
local nftset_elements
|
||||
for element in $@
|
||||
do
|
||||
nftset_elements="$element,$nftset_elements"
|
||||
done
|
||||
|
||||
nftset_elements=$(echo -e $@ | sed 's/\s/, /g')
|
||||
[ -n "${nftset_elements}" ] && {
|
||||
mkdir -p $TMP_PATH2/nftset
|
||||
|
||||
|
|
@ -273,8 +271,8 @@ load_acl() {
|
|||
msg2="${msg2}所有端口"
|
||||
|
||||
if [ -z "${is_tproxy}" ]; then
|
||||
nft "add rule inet fw4 PSW2 ${_ipt_source} ip daddr $FAKE_IP $(REDIRECT $redir_port) comment \"$remarks\""
|
||||
nft "add rule inet fw4 PSW2 ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") $(REDIRECT $redir_port) comment \"$remarks\""
|
||||
nft "add rule inet fw4 PSW2_NAT ${_ipt_source} ip daddr $FAKE_IP $(REDIRECT $redir_port) comment \"$remarks\""
|
||||
nft "add rule inet fw4 PSW2_NAT ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") $(REDIRECT $redir_port) comment \"$remarks\""
|
||||
else
|
||||
nft "add rule inet fw4 PSW2_MANGLE ip protocol tcp ${_ipt_source} ip daddr $FAKE_IP counter jump PSW2_RULE comment \"$remarks\""
|
||||
nft "add rule inet fw4 PSW2_MANGLE ip protocol tcp ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") counter jump PSW2_RULE comment \"$remarks\""
|
||||
|
|
@ -358,8 +356,8 @@ load_acl() {
|
|||
}
|
||||
|
||||
if [ -z "${is_tproxy}" ]; then
|
||||
nft "add rule inet fw4 PSW2 ip protocol tcp ip daddr $FAKE_IP $(REDIRECT $REDIR_PORT) comment \"默认\""
|
||||
nft "add rule inet fw4 PSW2 ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") $(REDIRECT $REDIR_PORT) comment \"默认\""
|
||||
nft "add rule inet fw4 PSW2_NAT ip protocol tcp ip daddr $FAKE_IP $(REDIRECT $REDIR_PORT) comment \"默认\""
|
||||
nft "add rule inet fw4 PSW2_NAT ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") $(REDIRECT $REDIR_PORT) comment \"默认\""
|
||||
else
|
||||
nft "add rule inet fw4 PSW2_MANGLE ip protocol tcp ip daddr $FAKE_IP counter jump PSW2_RULE comment \"默认\""
|
||||
nft "add rule inet fw4 PSW2_MANGLE ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") jump PSW2_RULE comment \"默认\""
|
||||
|
|
@ -459,7 +457,7 @@ filter_node() {
|
|||
|
||||
local ADD_INDEX=$FORCE_INDEX
|
||||
for _ipt in 4 6; do
|
||||
[ "$_ipt" == "4" ] && _ip_type=ip4 && _set_name=$NFTSET_VPSLIST
|
||||
[ "$_ipt" == "4" ] && _ip_type=ip && _set_name=$NFTSET_VPSLIST
|
||||
[ "$_ipt" == "6" ] && _ip_type=ip6 && _set_name=$NFTSET_VPSLIST6
|
||||
nft "list chain inet fw4 $nft_output_chain" 2>/dev/null | grep -q "${address}:${port}"
|
||||
if [ $? -ne 0 ]; then
|
||||
|
|
@ -475,8 +473,7 @@ filter_node() {
|
|||
dst_rule="return"
|
||||
msg2="直连代理"
|
||||
}
|
||||
nft "insert rule inet fw4 $nft_output_chain position $ADD_INDEX comment \"${address}:${port}\" meta l4proto $stream $_ip_type daddr $address tcp dport $port $dst_rule" 2>/dev/null
|
||||
nft "insert rule inet fw4 $nft_output_chain position $ADD_INDEX comment \"${address}:${port}\" meta l4proto $stream $_ip_type daddr $address udp dport $port $dst_rule" 2>/dev/null
|
||||
nft "insert rule inet fw4 $nft_output_chain position $ADD_INDEX meta l4proto $stream $_ip_type daddr $address $stream dport $port $dst_rule comment \"${address}:${port}\"" 2>/dev/null
|
||||
else
|
||||
msg2="已配置过的节点,"
|
||||
fi
|
||||
|
|
@ -588,8 +585,8 @@ add_firewall_rule() {
|
|||
local tcp_proxy_way=$(config_t_get global_forwarding tcp_proxy_way redirect)
|
||||
if [ "$tcp_proxy_way" = "redirect" ]; then
|
||||
unset is_tproxy
|
||||
nft_prerouting_chain="PSW2"
|
||||
nft_output_chain="PSW2_OUTPUT"
|
||||
nft_prerouting_chain="PSW2_NAT"
|
||||
nft_output_chain="PSW2_OUTPUT_NAT"
|
||||
elif [ "$tcp_proxy_way" = "tproxy" ]; then
|
||||
is_tproxy="TPROXY"
|
||||
nft_prerouting_chain="PSW2_MANGLE"
|
||||
|
|
@ -635,19 +632,19 @@ add_firewall_rule() {
|
|||
|
||||
#ipv4 tcp redirect mode
|
||||
[ -z "${is_tproxy}" ] && {
|
||||
nft "add chain inet fw4 PSW2"
|
||||
nft "flush chain inet fw4 PSW2"
|
||||
nft "add rule inet fw4 PSW2 ip daddr @$NFTSET_LANLIST counter return"
|
||||
nft "add rule inet fw4 PSW2 ip daddr @$NFTSET_VPSLIST counter return"
|
||||
nft "add rule inet fw4 PSW2 ip daddr @$NFTSET_WHITELIST counter return"
|
||||
nft "add rule inet fw4 dstnat ip protocol tcp counter jump PSW2"
|
||||
nft "add chain inet fw4 PSW2_NAT"
|
||||
nft "flush chain inet fw4 PSW2_NAT"
|
||||
nft "add rule inet fw4 PSW2_NAT ip daddr @$NFTSET_LANLIST counter return"
|
||||
nft "add rule inet fw4 PSW2_NAT ip daddr @$NFTSET_VPSLIST counter return"
|
||||
nft "add rule inet fw4 PSW2_NAT ip daddr @$NFTSET_WHITELIST counter return"
|
||||
nft "add rule inet fw4 dstnat ip protocol tcp counter jump PSW2_NAT"
|
||||
|
||||
nft "add chain inet fw4 PSW2_OUTPUT"
|
||||
nft "flush chain inet fw4 PSW2_OUTPUT"
|
||||
nft "add rule inet fw4 PSW2_OUTPUT ip daddr @$NFTSET_LANLIST counter return"
|
||||
nft "add rule inet fw4 PSW2_OUTPUT ip daddr @$NFTSET_VPSLIST counter return"
|
||||
nft "add rule inet fw4 PSW2_OUTPUT ip daddr @$NFTSET_WHITELIST counter return"
|
||||
nft "add rule inet fw4 PSW2_OUTPUT meta mark 0xff counter return"
|
||||
nft "add chain inet fw4 PSW2_OUTPUT_NAT"
|
||||
nft "flush chain inet fw4 PSW2_OUTPUT_NAT"
|
||||
nft "add rule inet fw4 PSW2_OUTPUT_NAT ip daddr @$NFTSET_LANLIST counter return"
|
||||
nft "add rule inet fw4 PSW2_OUTPUT_NAT ip daddr @$NFTSET_VPSLIST counter return"
|
||||
nft "add rule inet fw4 PSW2_OUTPUT_NAT ip daddr @$NFTSET_WHITELIST counter return"
|
||||
nft "add rule inet fw4 PSW2_OUTPUT_NAT meta mark 0xff counter return"
|
||||
}
|
||||
|
||||
#icmp ipv6-icmp redirect
|
||||
|
|
@ -670,7 +667,7 @@ add_firewall_rule() {
|
|||
|
||||
WAN_IP=$(get_wan_ip)
|
||||
if [ -n "${WAN_IP}" ]; then
|
||||
[ -n "${is_tproxy}" ] && nft "add rule inet fw4 PSW2_MANGLE ip daddr ${WAN_IP} counter return comment \"WAN_IP_RETURN\"" || nft "add rule inet fw4 PSW2 ip daddr ${WAN_IP} counter return comment \"WAN_IP_RETURN\""
|
||||
[ -n "${is_tproxy}" ] && nft "add rule inet fw4 PSW2_MANGLE ip daddr ${WAN_IP} counter return comment \"WAN_IP_RETURN\"" || nft "add rule inet fw4 PSW2_NAT ip daddr ${WAN_IP} counter return comment \"WAN_IP_RETURN\""
|
||||
fi
|
||||
unset WAN_IP
|
||||
|
||||
|
|
@ -694,7 +691,7 @@ add_firewall_rule() {
|
|||
# jump chains
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
nft "add rule inet fw4 mangle_prerouting meta nfproto {ipv6} counter jump PSW2_MANGLE_V6"
|
||||
nft "add rule inet fw4 mangle_output meta nfproto {ipv6} counter jump PSW2_OUTPUT_MANGLE_V6 comment \"mangle-OUTPUT-PSW2\""
|
||||
nft "add rule inet fw4 mangle_output meta nfproto {ipv6} counter jump PSW2_OUTPUT_MANGLE_V6 comment \"PSW2_OUTPUT_MANGLE\""
|
||||
|
||||
WAN6_IP=$(get_wan6_ip)
|
||||
[ -n "${WAN6_IP}" ] && nft "add rule inet fw4 PSW2_MANGLE_V6 ip6 daddr ${WAN6_IP} counter return comment \"WAN6_IP_RETURN\""
|
||||
|
|
@ -751,15 +748,15 @@ add_firewall_rule() {
|
|||
}
|
||||
|
||||
if [ -z "${is_tproxy}" ]; then
|
||||
nft "add rule inet fw4 PSW2_OUTPUT ip protocol tcp ip daddr $FAKE_IP $(REDIRECT $REDIR_PORT)"
|
||||
nft "add rule inet fw4 PSW2_OUTPUT ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") $(REDIRECT $REDIR_PORT)"
|
||||
nft "add rule inet fw4 nat_output ip protocol tcp counter jump PSW2_OUTPUT"
|
||||
nft "add rule inet fw4 PSW2_OUTPUT_NAT ip protocol tcp ip daddr $FAKE_IP $(REDIRECT $REDIR_PORT)"
|
||||
nft "add rule inet fw4 PSW2_OUTPUT_NAT ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") $(REDIRECT $REDIR_PORT)"
|
||||
nft "add rule inet fw4 nat_output ip protocol tcp counter jump PSW2_OUTPUT_NAT"
|
||||
else
|
||||
nft "add rule inet fw4 PSW2_OUTPUT_MANGLE ip protocol tcp ip daddr $FAKE_IP counter jump PSW2_RULE"
|
||||
nft "add rule inet fw4 PSW2_OUTPUT_MANGLE ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") jump PSW2_RULE"
|
||||
nft "add rule inet fw4 PSW2_MANGLE meta l4proto tcp iif lo $(REDIRECT $REDIR_PORT TPROXY) comment \"本机\""
|
||||
nft "add rule inet fw4 PSW2_MANGLE ip protocol tcp iif lo counter return comment \"本机\""
|
||||
nft "add rule inet fw4 mangle_output meta nfproto {ipv4} meta l4proto tcp counter jump PSW2_OUTPUT_MANGLE comment \"mangle-OUTPUT-PSW2\""
|
||||
nft "add rule inet fw4 mangle_output meta nfproto {ipv4} meta l4proto tcp counter jump PSW2_OUTPUT_MANGLE comment \"PSW2_OUTPUT_MANGLE\""
|
||||
fi
|
||||
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
|
|
@ -793,7 +790,7 @@ add_firewall_rule() {
|
|||
nft "add rule inet fw4 PSW2_OUTPUT_MANGLE ip protocol udp $(factor $UDP_REDIR_PORTS "udp dport") jump PSW2_RULE"
|
||||
nft "add rule inet fw4 PSW2_MANGLE meta l4proto udp iif lo $(REDIRECT $REDIR_PORT TPROXY) comment \"本机\""
|
||||
nft "add rule inet fw4 PSW2_MANGLE ip protocol udp iif lo counter return comment \"本机\""
|
||||
nft "add rule inet fw4 mangle_output meta nfproto {ipv4} meta l4proto udp counter jump PSW2_OUTPUT_MANGLE comment \"mangle-OUTPUT-PSW2\""
|
||||
nft "add rule inet fw4 mangle_output meta nfproto {ipv4} meta l4proto udp counter jump PSW2_OUTPUT_MANGLE comment \"PSW2_OUTPUT_MANGLE\""
|
||||
|
||||
if [ "$PROXY_IPV6_UDP" == "1" ]; then
|
||||
nft "add rule inet fw4 PSW2_OUTPUT_MANGLE_V6 meta l4proto udp ip6 daddr $FAKE_IP_6 jump PSW2_RULE"
|
||||
|
|
@ -808,8 +805,8 @@ add_firewall_rule() {
|
|||
done
|
||||
fi
|
||||
|
||||
nft "add rule inet fw4 mangle_output oif lo counter return comment \"mangle-OUTPUT-PSW2\""
|
||||
nft "add rule inet fw4 mangle_output meta mark 1 counter return comment \"mangle-OUTPUT-PSW2\""
|
||||
nft "add rule inet fw4 mangle_output oif lo counter return comment \"PSW2_OUTPUT_MANGLE\""
|
||||
nft "add rule inet fw4 mangle_output meta mark 1 counter return comment \"PSW2_OUTPUT_MANGLE\""
|
||||
|
||||
nft "add rule inet fw4 PSW2_MANGLE ip protocol udp udp dport 53 counter return"
|
||||
nft "add rule inet fw4 PSW2_MANGLE_V6 meta l4proto udp udp dport 53 counter return"
|
||||
|
|
@ -832,14 +829,14 @@ add_firewall_rule() {
|
|||
}
|
||||
|
||||
del_firewall_rule() {
|
||||
for nft in "input" "forward" "dstnat" "srcnat" "nat_output" "mangle_prerouting" "mangle_output"; do
|
||||
local handles=$(nft -a list chain inet fw4 ${nft} 2>/dev/null | grep -E "PSW2" | awk -F '# handle ' '{print$2}')
|
||||
for nft in "forward" "dstnat" "srcnat" "nat_output" "mangle_prerouting" "mangle_output"; do
|
||||
local handles=$(nft -a list chain inet fw4 ${nft} 2>/dev/null | grep -E "PSW2_" | awk -F '# handle ' '{print$2}')
|
||||
for handle in $handles; do
|
||||
nft delete rule inet fw4 ${nft} handle ${handle} 2>/dev/null
|
||||
done
|
||||
done
|
||||
|
||||
for handle in $(nft -a list chains | grep -E "chain PSW2" | grep -v "PSW2_RULE" | awk -F '# handle ' '{print$2}'); do
|
||||
for handle in $(nft -a list chains | grep -E "chain PSW2_" | grep -v "PSW2_RULE" | awk -F '# handle ' '{print$2}'); do
|
||||
nft delete chain inet fw4 handle ${handle} 2>/dev/null
|
||||
done
|
||||
|
||||
|
|
@ -875,60 +872,70 @@ flush_include() {
|
|||
}
|
||||
|
||||
gen_include() {
|
||||
local nft_chain_file=$TMP_PATH/PSW2.nft
|
||||
echo "" > $nft_chain_file
|
||||
for chain in $(nft -a list chains | grep -E "chain PSW2" |awk -F ' ' '{print$2}'); do
|
||||
local nft_chain_file=$TMP_PATH/PSW2_RULE.nft
|
||||
local nft_set_file=$TMP_PATH/PSW2_SETS.nft
|
||||
echo "#!/usr/sbin/nft -f" > $nft_chain_file
|
||||
echo "#!/usr/sbin/nft -f" > $nft_set_file
|
||||
for chain in $(nft -a list chains | grep -E "chain PSW2_" | awk -F ' ' '{print$2}'); do
|
||||
nft list chain inet fw4 ${chain} >> $nft_chain_file
|
||||
done
|
||||
|
||||
for set_name in $(nft -a list sets | grep -E "set passwall2_" | awk -F ' ' '{print$2}'); do
|
||||
nft list set inet fw4 ${set_name} >> $nft_set_file
|
||||
done
|
||||
|
||||
local __nft=" "
|
||||
[ -z "${nft}" ] && {
|
||||
__nft=$(cat <<- EOF
|
||||
nft -f ${nft_chain_file}
|
||||
__nft=$(cat <<- EOF
|
||||
|
||||
nft "add rule inet fw4 dstnat jump PSW2_REDIRECT"
|
||||
[ -z "\$(nft list sets 2>/dev/null | grep "passwall2_")" ] && nft -f ${nft_set_file}
|
||||
[ -z "\$(nft list chain inet fw4 nat_output 2>/dev/null)" ] && nft "add chain inet fw4 nat_output { type nat hook output priority -1; }"
|
||||
nft -f ${nft_chain_file}
|
||||
|
||||
[ "$accept_icmp" == "1" ] && {
|
||||
nft "add rule inet fw4 dstnat meta l4proto {icmp,icmpv6} counter jump PSW2_ICMP_REDIRECT"
|
||||
nft "add rule inet fw4 nat_output meta l4proto {icmp,icmpv6} counter jump PSW2_ICMP_REDIRECT"
|
||||
}
|
||||
nft "add rule inet fw4 dstnat jump PSW2_REDIRECT"
|
||||
|
||||
[ -z "${is_tproxy}" ] && {
|
||||
PR_INDEX=\$(${MY_PATH} RULE_LAST_INDEX "inet fw4" PSW2 WAN_IP_RETURN -1)
|
||||
if [ \$PR_INDEX -ge 0 ]; then
|
||||
WAN_IP=\$(${MY_PATH} get_wan_ip)
|
||||
[ ! -z "\${WAN_IP}" ] && nft "replace rule inet fw4 PSW2 handle \$PR_INDEX ip daddr "\${WAN_IP}" counter return comment \"WAN_IP_RETURN\""
|
||||
fi
|
||||
nft "add rule inet fw4 dstnat ip protocol tcp counter jump PSW2"
|
||||
nft "add rule inet fw4 nat_output ip protocol tcp counter jump PSW2_OUTPUT"
|
||||
}
|
||||
[ "$accept_icmp" == "1" ] && {
|
||||
nft "add rule inet fw4 dstnat meta l4proto {icmp,icmpv6} counter jump PSW2_ICMP_REDIRECT"
|
||||
nft "add rule inet fw4 nat_output meta l4proto {icmp,icmpv6} counter jump PSW2_ICMP_REDIRECT"
|
||||
}
|
||||
|
||||
[ -n "${is_tproxy}" ] && {
|
||||
PR_INDEX=\$(${MY_PATH} RULE_LAST_INDEX "inet fw4" PSW2_MANGLE WAN_IP_RETURN -1)
|
||||
if [ \$PR_INDEX -ge 0 ]; then
|
||||
WAN_IP=\$(${MY_PATH} get_wan_ip)
|
||||
[ ! -z "\${WAN_IP}" ] && nft "replace rule inet fw4 PSW2_MANGLE handle \$PR_INDEX ip daddr "\${WAN_IP}" counter return comment \"WAN_IP_RETURN\""
|
||||
fi
|
||||
nft "add rule inet fw4 mangle_prerouting meta nfproto {ipv4} counter jump PSW2_MANGLE"
|
||||
nft "add rule inet fw4 mangle_output meta nfproto {ipv4} meta l4proto tcp counter jump PSW2_OUTPUT_MANGLE comment \"mangle-OUTPUT-PSW2\""
|
||||
}
|
||||
\$(${MY_PATH} insert_rule_before "inet fw4" "mangle_prerouting" "PSW2_MANGLE" "counter jump PSW2_DIVERT")
|
||||
[ -z "${is_tproxy}" ] && {
|
||||
PR_INDEX=\$(sh ${MY_PATH} RULE_LAST_INDEX "inet fw4" PSW2_NAT WAN_IP_RETURN -1)
|
||||
if [ \$PR_INDEX -ge 0 ]; then
|
||||
WAN_IP=\$(sh ${MY_PATH} get_wan_ip)
|
||||
[ ! -z "\${WAN_IP}" ] && nft "replace rule inet fw4 PSW2_NAT handle \$PR_INDEX ip daddr "\${WAN_IP}" counter return comment \"WAN_IP_RETURN\""
|
||||
fi
|
||||
nft "add rule inet fw4 dstnat ip protocol tcp counter jump PSW2_NAT"
|
||||
nft "add rule inet fw4 nat_output ip protocol tcp counter jump PSW2_OUTPUT_NAT"
|
||||
}
|
||||
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
PR_INDEX=\$(${MY_PATH} RULE_LAST_INDEX "inet fw4" PSW2_MANGLE_V6 WAN6_IP_RETURN -1)
|
||||
if [ \$PR_INDEX -ge 0 ]; then
|
||||
WAN6_IP=\$(${MY_PATH} get_wan6_ip)
|
||||
[ ! -z "\${WAN_IP}" ] && nft "replace rule inet fw4 PSW2_MANGLE_V6 handle \$PR_INDEX ip6 daddr "\${WAN6_IP}" counter return comment \"WAN6_IP_RETURN\""
|
||||
fi
|
||||
nft "add rule inet fw4 mangle_prerouting meta nfproto {ipv6} counter jump PSW2_MANGLE_V6"
|
||||
nft "add rule inet fw4 mangle_output meta nfproto {ipv6} counter jump PSW2_OUTPUT_MANGLE_V6 comment \"mangle-OUTPUT-PSW2\""
|
||||
}
|
||||
[ -n "${is_tproxy}" ] && {
|
||||
PR_INDEX=\$(sh ${MY_PATH} RULE_LAST_INDEX "inet fw4" PSW2_MANGLE WAN_IP_RETURN -1)
|
||||
if [ \$PR_INDEX -ge 0 ]; then
|
||||
WAN_IP=\$(sh ${MY_PATH} get_wan_ip)
|
||||
[ ! -z "\${WAN_IP}" ] && nft "replace rule inet fw4 PSW2_MANGLE handle \$PR_INDEX ip daddr "\${WAN_IP}" counter return comment \"WAN_IP_RETURN\""
|
||||
fi
|
||||
nft "add rule inet fw4 mangle_prerouting meta nfproto {ipv4} counter jump PSW2_MANGLE"
|
||||
nft "add rule inet fw4 mangle_output meta nfproto {ipv4} meta l4proto tcp counter jump PSW2_OUTPUT_MANGLE comment \"PSW2_OUTPUT_MANGLE\""
|
||||
}
|
||||
\$(sh ${MY_PATH} insert_rule_before "inet fw4" "mangle_prerouting" "PSW2_MANGLE" "counter jump PSW2_DIVERT")
|
||||
|
||||
[ "$UDP_NODE" != "nil" -o "$TCP_UDP" = "1" ] && nft "add rule inet fw4 mangle_output meta nfproto {ipv4} meta l4proto udp counter jump PSW2_OUTPUT_MANGLE comment \"PSW2_OUTPUT_MANGLE\""
|
||||
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
PR_INDEX=\$(sh ${MY_PATH} RULE_LAST_INDEX "inet fw4" PSW2_MANGLE_V6 WAN6_IP_RETURN -1)
|
||||
if [ \$PR_INDEX -ge 0 ]; then
|
||||
WAN6_IP=\$(sh ${MY_PATH} get_wan6_ip)
|
||||
[ ! -z "\${WAN_IP}" ] && nft "replace rule inet fw4 PSW2_MANGLE_V6 handle \$PR_INDEX ip6 daddr "\${WAN6_IP}" counter return comment \"WAN6_IP_RETURN\""
|
||||
fi
|
||||
nft "add rule inet fw4 mangle_prerouting meta nfproto {ipv6} counter jump PSW2_MANGLE_V6"
|
||||
nft "add rule inet fw4 mangle_output meta nfproto {ipv6} counter jump PSW2_OUTPUT_MANGLE_V6 comment \"PSW2_OUTPUT_MANGLE\""
|
||||
}
|
||||
|
||||
nft "add rule inet fw4 mangle_output oif lo counter return comment \"PSW2_OUTPUT_MANGLE\""
|
||||
nft "add rule inet fw4 mangle_output meta mark 1 counter return comment \"PSW2_OUTPUT_MANGLE\""
|
||||
EOF
|
||||
)
|
||||
|
||||
nft "add rule inet fw4 mangle_output oif lo counter return comment \"mangle-OUTPUT-PSW2\""
|
||||
nft "add rule inet fw4 mangle_output meta mark 1 counter return comment \"mangle-OUTPUT-PSW2\""
|
||||
EOF
|
||||
)
|
||||
}
|
||||
cat <<-EOF >> $FWI
|
||||
${__nft}
|
||||
EOF
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ local v2ray_asset_location = ucic:get_first(name, 'global_rules', "v2ray_locatio
|
|||
local geoip_api = ucic:get_first(name, 'global_rules', "geoip_url", "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases/latest")
|
||||
local geosite_api = ucic:get_first(name, 'global_rules', "geosite_url", "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases/latest")
|
||||
--
|
||||
local use_nft = ucic:get(name, "@global_forwarding[0]", "use_nft") or "0"
|
||||
|
||||
local log = function(...)
|
||||
if arg1 then
|
||||
|
|
@ -184,6 +185,10 @@ luci.sys.call("uci commit " .. name)
|
|||
|
||||
if reboot == 1 then
|
||||
log("重启服务,应用新的规则。")
|
||||
luci.sys.call("/usr/share/" .. name .. "/iptables.sh flush_ipset > /dev/null 2>&1 &")
|
||||
if use_nft == "1" then
|
||||
luci.sys.call("sh /usr/share/" .. name .. "/nftables.sh flush_nftset > /dev/null 2>&1 &")
|
||||
else
|
||||
luci.sys.call("sh /usr/share/" .. name .. "/iptables.sh flush_ipset > /dev/null 2>&1 &")
|
||||
end
|
||||
end
|
||||
log("规则更新完毕...")
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_VERSION:=1.1.2-20230108
|
||||
PKG_VERSION:=1.1.3-20230614
|
||||
PKG_RELEASE:=
|
||||
|
||||
LUCI_TITLE:=LuCI support for wxedge
|
||||
|
|
|
|||
|
|
@ -3,26 +3,9 @@ LuCI - Lua Configuration Interface
|
|||
]]--
|
||||
|
||||
local taskd = require "luci.model.tasks"
|
||||
local wxedge_model = require "luci.model.wxedge"
|
||||
local m, s, o
|
||||
|
||||
local function blocks()
|
||||
local util = require "luci.util"
|
||||
local jsonc = require "luci.jsonc"
|
||||
local text = util.trim(util.exec("lsblk -s -f -b -o NAME,FSSIZE,MOUNTPOINT --json"))
|
||||
local vals = {}
|
||||
if text and text ~= "" then
|
||||
local obj = jsonc.parse(text)
|
||||
for _, val in pairs(obj["blockdevices"]) do
|
||||
local fsize = val["fssize"]
|
||||
if fsize ~= nil and string.len(fsize) > 10 and val["mountpoint"] then
|
||||
-- fsize > 1G
|
||||
vals[#vals+1] = val["mountpoint"]
|
||||
end
|
||||
end
|
||||
end
|
||||
return vals
|
||||
end
|
||||
|
||||
m = taskd.docker_map("wxedge", "wxedge", "/usr/libexec/istorec/wxedge.sh",
|
||||
translate("Onething Edge"),
|
||||
"「网心云-容器魔方」由网心云推出的一款 docker 容器镜像软件,通过在简单安装后即可快速加入网心云共享计算生态网络,用户可根据每日的贡献量获得相应的现金收益回报。了解更多,请登录「<a href=\"https://www.onethingcloud.com/\" target=\"_blank\" >网心云官网</a>」")
|
||||
|
|
@ -34,7 +17,17 @@ s = m:section(TypedSection, "wxedge", translate("Setup"), translate("The followi
|
|||
s.addremove=false
|
||||
s.anonymous=true
|
||||
|
||||
local blks = blocks()
|
||||
local default_image = wxedge_model.default_image()
|
||||
o = s:option(Value, "image_name", translate("Image").."<b>*</b>")
|
||||
o.rmempty = false
|
||||
o.datatype = "string"
|
||||
o:value("onething1/wxedge", "onething1/wxedge")
|
||||
o:value("onething1/wxedge:2.4.3", "onething1/wxedge:2.4.3")
|
||||
o:value("registry.hub.docker.com/onething1/wxedge", "registry.hub.docker.com/onething1/wxedge")
|
||||
o:value("registry.hub.docker.com/onething1/wxedge:2.4.3", "registry.hub.docker.com/onething1/wxedge:2.4.3")
|
||||
o.default = default_image
|
||||
|
||||
local blks = wxedge_model.blocks()
|
||||
local dir
|
||||
o = s:option(Value, "cache_path", translate("Cache path").."<b>*</b>", "请选择合适的存储位置进行安装,安装位置容量越大,收益越高。安装后请勿轻易改动")
|
||||
o.rmempty = false
|
||||
|
|
|
|||
|
|
@ -0,0 +1,34 @@
|
|||
local util = require "luci.util"
|
||||
local jsonc = require "luci.jsonc"
|
||||
local nixio = require "nixio"
|
||||
|
||||
local wxedge = {}
|
||||
|
||||
wxedge.blocks = function()
|
||||
local f = io.popen("lsblk -s -f -b -o NAME,FSSIZE,MOUNTPOINT --json", "r")
|
||||
local vals = {}
|
||||
if f then
|
||||
local ret = f:read("*all")
|
||||
f:close()
|
||||
local obj = jsonc.parse(ret)
|
||||
for _, val in pairs(obj["blockdevices"]) do
|
||||
local fsize = val["fssize"]
|
||||
if fsize ~= nil and string.len(fsize) > 10 and val["mountpoint"] then
|
||||
-- fsize > 1G
|
||||
vals[#vals+1] = val["mountpoint"]
|
||||
end
|
||||
end
|
||||
end
|
||||
return vals
|
||||
end
|
||||
|
||||
wxedge.default_image = function()
|
||||
if string.find(nixio.uname().machine, "x86_64") then
|
||||
return "onething1/wxedge"
|
||||
else
|
||||
return "onething1/wxedge:2.4.3"
|
||||
end
|
||||
end
|
||||
|
||||
return wxedge
|
||||
|
||||
|
|
@ -1,2 +1,3 @@
|
|||
config wxedge
|
||||
option 'cache_path' ''
|
||||
option 'image_name' ''
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ uci -q batch <<-EOF >/dev/null
|
|||
set firewall.wxedge.name="wxedge"
|
||||
set firewall.wxedge.target="ACCEPT"
|
||||
set firewall.wxedge.src="wan"
|
||||
set firewall.wxedge.dest_port="40000-65535"
|
||||
set firewall.wxedge.dest_port="1024-65535"
|
||||
set firewall.wxedge.enabled="0"
|
||||
commit firewall
|
||||
EOF
|
||||
|
|
|
|||
|
|
@ -3,27 +3,20 @@
|
|||
ACTION=${1}
|
||||
shift 1
|
||||
|
||||
get_image() {
|
||||
IMAGE_NAME="registry.hub.docker.com/onething1/wxedge"
|
||||
}
|
||||
|
||||
do_install() {
|
||||
get_image
|
||||
echo "docker pull ${IMAGE_NAME}"
|
||||
docker pull ${IMAGE_NAME}
|
||||
docker rm -f wxedge
|
||||
|
||||
do_install_detail
|
||||
}
|
||||
|
||||
do_install_detail() {
|
||||
local path=`uci get wxedge.@wxedge[0].cache_path 2>/dev/null`
|
||||
local image_name=`uci get wxedge.@wxedge[0].image_name 2>/dev/null`
|
||||
|
||||
if [ -z "$path" ]; then
|
||||
echo "path is empty!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
[ -z "$image_name" ] && image_name="onething1/wxedge"
|
||||
echo "docker pull ${image_name}"
|
||||
docker pull ${image_name}
|
||||
docker rm -f wxedge
|
||||
|
||||
local cmd="docker run --restart=unless-stopped -d \
|
||||
--privileged \
|
||||
--network=host \
|
||||
|
|
@ -37,7 +30,7 @@ do_install_detail() {
|
|||
local tz="`uci get system.@system[0].zonename`"
|
||||
[ -z "$tz" ] || cmd="$cmd -e TZ=$tz"
|
||||
|
||||
cmd="$cmd --name wxedge \"$IMAGE_NAME\""
|
||||
cmd="$cmd --name wxedge \"$image_name\""
|
||||
|
||||
echo "$cmd"
|
||||
eval "$cmd"
|
||||
|
|
|
|||
|
|
@ -21,13 +21,13 @@ define Download/geoip
|
|||
HASH:=a3c407051f1e2bbeef98c82372cec8de3ee6d44f645eeb07699bfcaec4ea3f1b
|
||||
endef
|
||||
|
||||
GEOSITE_VER:=20230613031206
|
||||
GEOSITE_VER:=20230614081211
|
||||
GEOSITE_FILE:=dlc.dat.$(GEOSITE_VER)
|
||||
define Download/geosite
|
||||
URL:=https://github.com/v2fly/domain-list-community/releases/download/$(GEOSITE_VER)/
|
||||
URL_FILE:=dlc.dat
|
||||
FILE:=$(GEOSITE_FILE)
|
||||
HASH:=1cd19fcedf30ff22df215c40e7797a36366e63e1e5cb9572c9b16789af1dde64
|
||||
HASH:=bc72217e378cf0c726cb1507126f0d5b563096c42832305523a6c4d1806c15a3
|
||||
endef
|
||||
|
||||
define Package/v2ray-geodata/template
|
||||
|
|
|
|||
Loading…
Reference in New Issue