OpenWrt
/
small-package
mirror of https://github.com/kenzok8/small-package
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

update 2024-02-04 23:34:26

This commit is contained in:
github-actions[bot] 2024-02-04 23:34:26 +08:00
parent eea5e9bf49
commit d80262d823
8 changed files with 381 additions and 355 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

322
luci-app-nginx-pingos/root/etc/pingos.template
View File

@ -1,29 +1,29 @@
user root; user root;
daemon on; daemon on;
master_process on; master_process on;
worker_processes 1; worker_processes 1;
#worker_rlimit 4g; #worker_rlimit 4g;
#error_log |TMP_PATH|/error.log; #error_log |TMP_PATH|/error.log;
#error_log |TMP_PATH|/error.log notice; #error_log |TMP_PATH|/error.log notice;
error_log |TMP_PATH|/error.log info; error_log |TMP_PATH|/error.log info;
worker_rlimit_nofile 102400; worker_rlimit_nofile 102400;
worker_rlimit_core 2G; worker_rlimit_core 2G;
working_directory |TMP_PATH|; working_directory |TMP_PATH|;
pid |TMP_PATH|/pingos.pid; pid |TMP_PATH|/pingos.pid;
events { events {
use epoll; use epoll;
worker_connections 4096; worker_connections 4096;
multi_listen unix:|TMP_PATH|/http |HTTP_PORT|; multi_listen unix:|TMP_PATH|/http |HTTP_PORT|;
multi_listen unix:|TMP_PATH|/rtmp |RTMP_PORT|; multi_listen unix:|TMP_PATH|/rtmp |RTMP_PORT|;
dynamic_refresh_interval 5s; dynamic_refresh_interval 5s;
dynamic_domain_buckets 1001; dynamic_domain_buckets 1001;
resolver 114.114.114.114 valid=1m; resolver 114.114.114.114 valid=1m;
resolver_timeout 30s; resolver_timeout 30s;
} }
#stream_zone buckets=1024 streams=4096; #stream_zone buckets=1024 streams=4096;
@ -32,178 +32,178 @@ events {
#dynamic_log |TMP_PATH|/dynamic.log info; #dynamic_log |TMP_PATH|/dynamic.log info;
rtmp { rtmp {
log_format log_bandwidth '{"app":"$app","name":"$name","bitrate":$bitrate,"args":"$args","timestamp":$ntp,"ts":"$time_local","type":"$command","remote_addr":"$remote_addr","domain":"$domain"}'; log_format log_bandwidth '{"app":"$app","name":"$name","bitrate":$bitrate,"args":"$args","timestamp":$ntp,"ts":"$time_local","type":"$command","remote_addr":"$remote_addr","domain":"$domain"}';
access_log |TMP_PATH|/bandwidth.log log_bandwidth trunc=60s; access_log |TMP_PATH|/bandwidth.log log_bandwidth trunc=60s;
server { server {
listen |RTMP_PORT|; listen |RTMP_PORT|;
listen [::]:|RTMP_PORT| ipv6only=on; listen [::]:|RTMP_PORT| ipv6only=on;
serverid 000; serverid 000;
out_queue 2048; out_queue 2048;
server_name localhost; server_name localhost;
rtmp_auto_pull on; rtmp_auto_pull on;
rtmp_auto_pull_port unix:|TMP_PATH|/rtmp; rtmp_auto_pull_port unix:|TMP_PATH|/rtmp;
application push {
live on;
push rtmp://127.0.0.1:|RTMP_PORT|/live app=live;
}
application live { application push {
live_record |TS_RECORD|; live on;
live_record_path |RECORD_PATH|; push rtmp://127.0.0.1:|RTMP_PORT|/live app=live;
}
recorder r1{ application live {
record |FLV_RECORD|; live_record |TS_RECORD|;
record_path |RECORD_PATH|; live_record_path |RECORD_PATH|;
}
live on; recorder r1{
hls |HLS|; record |FLV_RECORD|;
hls_path |TMP_PATH|/hls; record_path |RECORD_PATH|;
hls_fragment 4000ms; }
live on;
hls |HLS|;
hls_path |TMP_PATH|/hls;
hls_fragment 4000ms;
#hls_max_fragment 10000ms; #hls_max_fragment 10000ms;
hls_playlist_length 12000ms; hls_playlist_length 12000ms;
hls_type live; hls_type live;
hls2 |HLS2|; hls2 |HLS2|;
mpegts_cache_time 20s; mpegts_cache_time 20s;
hls2_fragment 2000ms; hls2_fragment 2000ms;
hls2_max_fragment 3000ms; hls2_max_fragment 3000ms;
hls2_playlist_length 6000ms; hls2_playlist_length 6000ms;
wait_key on; wait_key on;
wait_video on; wait_video on;
cache_time 1s; cache_time 1s;
send_all on; send_all on;
low_latency off; low_latency off;
fix_timestamp 2s; fix_timestamp 2s;
# h265 codecid, default 12 # h265 codecid, default 12
hevc_codecid 12; hevc_codecid 12;
} }
} }
} }
http { http {
include /usr/share/pingos/conf/mime.types; include /usr/share/pingos/conf/mime.types;
default_type application/octet-stream; default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" ' '$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_X-Forwarded-For" "$http_X-Real-IP" "$host"'; '"$http_user_agent" "$http_X-Forwarded-For" "$http_X-Real-IP" "$host"';
access_log |TMP_PATH|/access.log main; access_log |TMP_PATH|/access.log main;
sendfile on; sendfile on;
#tcp_nopush on; #tcp_nopush on;
#keepalive_timeout 0; #keepalive_timeout 0;
keepalive_timeout 65; keepalive_timeout 65;
#reset_server_name www.test1.com www.test2.com; #reset_server_name www.test1.com www.test2.com;
#gzip on; #gzip on;
upstream hlsm { upstream hlsm {
#hash $remote_addr consistent; #hash $remote_addr consistent;
hash $arg_session consistent; hash $arg_session consistent;
# 这里需要注意,你要开几个进程,就要按这个规则写几条记录 # 这里需要注意,你要开几个进程,就要按这个规则写几条记录
server unix:|TMP_PATH|/http.0; server unix:|TMP_PATH|/http.0;
#server unix:|TMP_PATH|/http.1; #server unix:|TMP_PATH|/http.1;
} }
server { server {
listen |HTTP_PORT|; listen |HTTP_PORT|;
listen [::]:|HTTP_PORT|; listen [::]:|HTTP_PORT|;
|ssl_certificate| |ssl_certificate|
|ssl_certificate_key| |ssl_certificate_key|
ssl_session_cache shared:SSL:1m; ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m; ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5; ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
location /rtmp_stat {
rtmp_stat all;
rtmp_stat_stylesheet /stat.xsl;
}
location /xstat { location /rtmp_stat {
rtmp_stat all; rtmp_stat all;
} rtmp_stat_stylesheet /stat.xsl;
}
location /sys_stat { location /xstat {
sys_stat; rtmp_stat all;
} }
location ~ .mp4$ {
root /usr/share/pingos/html;
#mp4;
}
location /control { location /sys_stat {
rtmp_control all; sys_stat;
} }
location /flv { location ~ .mp4$ {
flv_live |RTMP_PORT| app=live; root /usr/share/pingos/html;
add_header 'Access-Control-Allow-Origin' '*'; #mp4;
add_header "Access-Control-Allow-Credentials" "true"; }
add_header "Access-Control-Allow-Methods" "*";
add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token";
add_header "Access-Control-Expose-Headers" "*";
}
location /ts {
ts_live |RTMP_PORT| app=live;
expires -1;
add_header 'Access-Control-Allow-Origin' '*';
add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "*";
add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token";
add_header "Access-Control-Expose-Headers" "*";
}
location /hls {
# Serve HLS fragments
types {
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
}
root |TMP_PATH|;
expires -1;
add_header Cache-Control no-cache;
add_header 'Access-Control-Allow-Origin' '*';
add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "*";
add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token";
add_header "Access-Control-Expose-Headers" "*";
}
location /hlsm { location /control {
hls2_live |RTMP_PORT| app=live; rtmp_control all;
add_header 'Access-Control-Allow-Origin' '*'; }
add_header Cache-Control no-cache; location /flv {
add_header "Access-Control-Allow-Credentials" "true"; flv_live |RTMP_PORT| app=live;
add_header "Access-Control-Allow-Methods" "*"; add_header 'Access-Control-Allow-Origin' '*';
add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token"; add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Expose-Headers" "*"; add_header "Access-Control-Allow-Methods" "*";
} add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token";
add_header "Access-Control-Expose-Headers" "*";
}
location /ts {
ts_live |RTMP_PORT| app=live;
expires -1;
add_header 'Access-Control-Allow-Origin' '*';
add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "*";
add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token";
add_header "Access-Control-Expose-Headers" "*";
}
location /hls {
# Serve HLS fragments
types {
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
}
root |TMP_PATH|;
expires -1;
add_header Cache-Control no-cache;
add_header 'Access-Control-Allow-Origin' '*';
add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "*";
add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token";
add_header "Access-Control-Expose-Headers" "*";
}
location /hls2 { location /hlsm {
proxy_buffering on; hls2_live |RTMP_PORT| app=live;
proxy_buffer_size 4k; add_header 'Access-Control-Allow-Origin' '*';
proxy_buffers 8 1M; add_header Cache-Control no-cache;
proxy_busy_buffers_size 2M; add_header "Access-Control-Allow-Credentials" "true";
proxy_max_temp_file_size 0; add_header "Access-Control-Allow-Methods" "*";
set $hls_args location=/hls2&scheme=$scheme; add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token";
# if ($args) { add_header "Access-Control-Expose-Headers" "*";
# set $hls_args $args&location=/hls2&scheme=$scheme; }
# }
proxy_set_header Host $host:$server_port;
rewrite ^/(.*)/(.*)\.(.*)$ /hlsm/$2.$3?$hls_args break;
proxy_pass http://hlsm;
}
location / { location /hls2 {
chunked_transfer_encoding on; proxy_buffering on;
root /usr/share/pingos/html/; proxy_buffer_size 4k;
} proxy_buffers 8 1M;
} proxy_busy_buffers_size 2M;
proxy_max_temp_file_size 0;
set $hls_args location=/hls2&scheme=$scheme;
#if ($args) {
# set $hls_args $args&location=/hls2&scheme=$scheme;
#}
proxy_set_header Host $host:$server_port;
rewrite ^/(.*)/(.*)\.(.*)$ /hlsm/$2.$3?$hls_args break;
proxy_pass http://hlsm;
}
location / {
chunked_transfer_encoding on;
root /usr/share/pingos/html/;
}
}
} }

319
luci-app-nginx-pingos/root/resource/conf-template/nginx.conf
View File

@ -1,29 +1,29 @@
user root; user root;
daemon on; daemon on;
master_process on; master_process on;
worker_processes 1; worker_processes 1;
#worker_rlimit 4g; #worker_rlimit 4g;
#error_log logs/error.log; #error_log logs/error.log;
#error_log logs/error.log notice; #error_log logs/error.log notice;
error_log logs/error.log info; error_log logs/error.log info;
worker_rlimit_nofile 102400; worker_rlimit_nofile 102400;
worker_rlimit_core 2G; worker_rlimit_core 2G;
working_directory /tmp; working_directory /tmp;
pid logs/nginx.pid; pid logs/nginx.pid;
events { events {
use epoll; use epoll;
worker_connections 4096; worker_connections 4096;
multi_listen unix:/tmp/http 8080; multi_listen unix:/tmp/http 8080;
multi_listen unix:/tmp/rtmp 1935; multi_listen unix:/tmp/rtmp 1935;
dynamic_refresh_interval 5s; dynamic_refresh_interval 5s;
dynamic_domain_buckets 1001; dynamic_domain_buckets 1001;
resolver 114.114.114.114 valid=1m; resolver 114.114.114.114 valid=1m;
resolver_timeout 30s; resolver_timeout 30s;
} }
#stream_zone buckets=1024 streams=4096; #stream_zone buckets=1024 streams=4096;
@ -31,175 +31,176 @@ events {
#dynamic_conf conf/nginx_dynamic.conf 10; #dynamic_conf conf/nginx_dynamic.conf 10;
#dynamic_log logs/dynamic.log info; #dynamic_log logs/dynamic.log info;
rtmp { rtmp {
log_format log_bandwidth '{"app":"$app","name":"$name","bitrate":$bitrate,"args":"$args","timestamp":$ntp,"ts":"$time_local","type":"$command","remote_addr":"$remote_addr","domain":"$domain"}'; log_format log_bandwidth '{"app":"$app","name":"$name","bitrate":$bitrate,"args":"$args","timestamp":$ntp,"ts":"$time_local","type":"$command","remote_addr":"$remote_addr","domain":"$domain"}';
access_log logs/bandwidth.log log_bandwidth trunc=60s; access_log logs/bandwidth.log log_bandwidth trunc=60s;
server { server {
listen 1935; listen 1935;
serverid 000; serverid 000;
out_queue 2048; out_queue 2048;
server_name live.pingos.io; server_name live.pingos.io;
rtmp_auto_pull on; rtmp_auto_pull on;
rtmp_auto_pull_port unix:/tmp/rtmp; rtmp_auto_pull_port unix:/tmp/rtmp;
application push { application push {
live on; live on;
push rtmp://127.0.0.1/live app=live; push rtmp://127.0.0.1/live app=live;
} }
application live { application live {
live_record on; live_record on;
live_record_path /data/record; live_record_path /data/record;
recorder r1{ recorder r1{
record all; record all;
record_path /data/record; record_path /data/record;
} }
live on; live on;
hls on; hls on;
hls_path /tmp/hls; hls_path /tmp/hls;
hls_fragment 4000ms; hls_fragment 4000ms;
# hls_max_fragment 10000ms; #hls_max_fragment 10000ms;
hls_playlist_length 12000ms; hls_playlist_length 12000ms;
hls_type live; hls_type live;
hls2 on; hls2 on;
mpegts_cache_time 20s; mpegts_cache_time 20s;
hls2_fragment 2000ms; hls2_fragment 2000ms;
hls2_max_fragment 3000ms; hls2_max_fragment 3000ms;
hls2_playlist_length 6000ms; hls2_playlist_length 6000ms;
wait_key on; wait_key on;
wait_video on; wait_video on;
cache_time 1s; cache_time 1s;
send_all on; send_all on;
low_latency off; low_latency off;
fix_timestamp 2s; fix_timestamp 2s;
# h265 codecid, default 12 # h265 codecid, default 12
hevc_codecid 12; hevc_codecid 12;
} }
} }
} }
http { http {
include mime.types; include mime.types;
default_type application/octet-stream; default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" ' '$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_X-Forwarded-For" "$http_X-Real-IP" "$host"'; '"$http_user_agent" "$http_X-Forwarded-For" "$http_X-Real-IP" "$host"';
access_log logs/access.log main; access_log logs/access.log main;
sendfile on; sendfile on;
#tcp_nopush on; #tcp_nopush on;
#keepalive_timeout 0; #keepalive_timeout 0;
keepalive_timeout 65; keepalive_timeout 65;
#reset_server_name www.test1.com www.test2.com; #reset_server_name www.test1.com www.test2.com;
#gzip on; #gzip on;
upstream hlsm { upstream hlsm {
# hash $remote_addr consistent; # hash $remote_addr consistent;
hash $arg_session consistent; hash $arg_session consistent;
# 这里需要注意,你要开几个进程,就要按这个规则写几条记录 # 这里需要注意,你要开几个进程,就要按这个规则写几条记录
server unix:/tmp/http.0; server unix:/tmp/http.0;
# server unix:/tmp/http.1; # server unix:/tmp/http.1;
# server unix:/tmp/http.2; # server unix:/tmp/http.2;
# server unix:/tmp/http.3; # server unix:/tmp/http.3;
} }
server { server {
listen 8080; listen 8080;
# listen 443 ssl; # listen 443 ssl;
# ssl_certificate /usr/local/pingos/cert/full_chain.pem; # ssl_certificate /usr/local/pingos/cert/full_chain.pem;
# ssl_certificate_key /usr/local/pingos/cert/privkey.pem; # ssl_certificate_key /usr/local/pingos/cert/privkey.pem;
location /rtmp_stat { location /rtmp_stat {
rtmp_stat all; rtmp_stat all;
rtmp_stat_stylesheet /stat.xsl; rtmp_stat_stylesheet /stat.xsl;
} }
location /xstat { location /xstat {
rtmp_stat all; rtmp_stat all;
} }
location /sys_stat { location /sys_stat {
sys_stat; sys_stat;
} }
location ~ .mp4$ { location ~ .mp4$ {
root html; root html;
#mp4; #mp4;
} }
location /control { location /control {
rtmp_control all; rtmp_control all;
} }
location /flv { location /flv {
flv_live 1935 app=live; flv_live 1935 app=live;
add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Origin' '*';
add_header "Access-Control-Allow-Credentials" "true"; add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "*"; add_header "Access-Control-Allow-Methods" "*";
add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token"; add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token";
add_header "Access-Control-Expose-Headers" "*"; add_header "Access-Control-Expose-Headers" "*";
} }
location /ts { location /ts {
ts_live 1935 app=live; ts_live 1935 app=live;
expires -1; expires -1;
add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Origin' '*';
add_header "Access-Control-Allow-Credentials" "true"; add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "*"; add_header "Access-Control-Allow-Methods" "*";
add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token"; add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token";
add_header "Access-Control-Expose-Headers" "*"; add_header "Access-Control-Expose-Headers" "*";
} }
location /hls { location /hls {
# Serve HLS fragments # Serve HLS fragments
types { types {
application/vnd.apple.mpegurl m3u8; application/vnd.apple.mpegurl m3u8;
video/mp2t ts; video/mp2t ts;
} }
root /tmp; root /tmp;
expires -1; expires -1;
add_header Cache-Control no-cache; add_header Cache-Control no-cache;
add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Origin' '*';
add_header "Access-Control-Allow-Credentials" "true"; add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "*"; add_header "Access-Control-Allow-Methods" "*";
add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token"; add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token";
add_header "Access-Control-Expose-Headers" "*"; add_header "Access-Control-Expose-Headers" "*";
} }
location /hlsm { location /hlsm {
hls2_live 1935 app=live; hls2_live 1935 app=live;
add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Origin' '*';
add_header Cache-Control no-cache; add_header Cache-Control no-cache;
add_header "Access-Control-Allow-Credentials" "true"; add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "*"; add_header "Access-Control-Allow-Methods" "*";
add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token"; add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token";
add_header "Access-Control-Expose-Headers" "*"; add_header "Access-Control-Expose-Headers" "*";
} }
location /hls2 { location /hls2 {
proxy_buffering on; proxy_buffering on;
proxy_buffer_size 4k; proxy_buffer_size 4k;
proxy_buffers 8 1M; proxy_buffers 8 1M;
proxy_busy_buffers_size 2M; proxy_busy_buffers_size 2M;
proxy_max_temp_file_size 0; proxy_max_temp_file_size 0;
set $hls_args location=/hls2&scheme=$scheme; set $hls_args location=/hls2&scheme=$scheme;
# if ($args) { # if ($args) {
# set $hls_args $args&location=/hls2&scheme=$scheme; # set $hls_args $args&location=/hls2&scheme=$scheme;
# } # }
proxy_set_header Host $host:$server_port; proxy_set_header Host $host:$server_port;
rewrite ^/(.*)/(.*)\.(.*)$ /hlsm/$2.$3?$hls_args break; rewrite ^/(.*)/(.*)\.(.*)$ /hlsm/$2.$3?$hls_args break;
proxy_pass http://hlsm; proxy_pass http://hlsm;
} }
location / { location / {
chunked_transfer_encoding on; chunked_transfer_encoding on;
root html/; root html/;
} }
} }
} }

2
luci-app-xray/README.md
View File

@ -39,6 +39,8 @@ Fork this repository and:
## Changelog since 3.3.0 ## Changelog since 3.3.0
* 2024-01-19 chore: bump version * 2024-01-19 chore: bump version
* 2024-01-24 feat: add alias to LAN Hosts Access Control
* 2024-02-04 fix: avoid firewall restart failure & some minor adjustments
## Changelog since 3.2.0 ## Changelog since 3.2.0

2
luci-app-xray/core/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-xray PKG_NAME:=luci-app-xray
PKG_VERSION:=3.3.0 PKG_VERSION:=3.3.1
PKG_RELEASE:=1 PKG_RELEASE:=1
PKG_LICENSE:=MPLv2 PKG_LICENSE:=MPLv2

6
luci-app-xray/core/root/etc/init.d/xray_core
View File

@ -5,8 +5,6 @@ STOP=15
USE_PROCD=1 USE_PROCD=1
NAME=xray_core NAME=xray_core
FIREWALL_INCLUDE="/usr/share/xray/firewall_include.ut"
setup_firewall() { setup_firewall() {
ip rule add fwmark 251 lookup 251 ip rule add fwmark 251 lookup 251
ip route add local default dev lo table 251 ip route add local default dev lo table 251
@ -14,7 +12,7 @@ setup_firewall() {
ip -6 route add local default dev lo table 251 ip -6 route add local default dev lo table 251
logger -st xray[$$] -p4 "Generating firewall4 rules..." logger -st xray[$$] -p4 "Generating firewall4 rules..."
/usr/bin/utpl ${FIREWALL_INCLUDE} > /var/etc/xray/firewall_include.nft /usr/bin/utpl /usr/share/xray/firewall_include.ut > /var/etc/xray/01_firewall_include.nft
logger -st xray[$$] -p4 "Triggering firewall4 restart..." logger -st xray[$$] -p4 "Triggering firewall4 restart..."
/etc/init.d/firewall restart /etc/init.d/firewall restart
@ -27,7 +25,7 @@ flush_firewall() {
ip -6 route del local default dev lo table 251 ip -6 route del local default dev lo table 251
logger -st xray[$$] -p4 "Flushing firewall4 rules..." logger -st xray[$$] -p4 "Flushing firewall4 rules..."
rm -f /var/etc/xray/firewall_include.nft rm -f /var/etc/xray/*.nft
logger -st xray[$$] -p4 "Triggering firewall4 restart..." logger -st xray[$$] -p4 "Triggering firewall4 restart..."
/etc/init.d/firewall restart /etc/init.d/firewall restart

43
luci-app-xray/core/root/usr/share/xray/default_gateway.uc
View File

@ -1,7 +1,7 @@
#!/usr/bin/ucode #!/usr/bin/ucode
"use strict"; "use strict";
import { popen, stat } from "fs"; import { open, popen, stat } from "fs";
import { connect } from "ubus"; import { connect } from "ubus";
function network_dump() { function network_dump() {
@ -48,24 +48,44 @@ function gen_tp_spec_dv4_dg(dg) {
return ""; return "";
} }
if (length(dg) > 0) { if (length(dg) > 0) {
return `flush set inet fw4 tp_spec_dv4_dg\nadd element inet fw4 tp_spec_dv4_dg { ${join(", ", dg)} }\n`; return `set tp_spec_dv4_dg {
type ipv4_addr
size 16
flags interval
elements = { ${join(", ", dg)} }
}\n`;
} }
return ""; return "";
} }
function gen_tp_spec_dv6_dg(pd) { function gen_tp_spec_dv6_dg(pd) {
if (length(pd) > 0) { if (length(pd) > 0) {
return `flush set inet fw4 tp_spec_dv6_dg\nadd element inet fw4 tp_spec_dv6_dg { ${join(", ", pd)} }\n`; return `set tp_spec_dv6_dg {
type ipv6_addr
size 16
flags interval
elements = { ${join(", ", pd)} }
}\n`;
} }
return ""; return "";
} }
function update_nft(dg, pd) { function generate_include(rule_dg, rule_pd, file_path) {
const process = popen("nft -f -", "w"); const handle = open(file_path, "w");
process.write(gen_tp_spec_dv4_dg(dg)); handle.write(rule_dg);
process.write(gen_tp_spec_dv6_dg(pd)); handle.write(rule_pd);
process.flush(); handle.flush();
process.close(); handle.close();
}
function update_nft(rule_dg, rule_pd) {
const handle = popen("nft -f -", "w");
handle.write(`table inet fw4 {
${rule_dg}
${rule_pd}
}`);
handle.flush();
handle.close();
} }
function restart_dnsmasq_if_necessary() { function restart_dnsmasq_if_necessary() {
@ -82,6 +102,9 @@ if (log == "") {
print("default gateway not available, please wait for interface ready"); print("default gateway not available, please wait for interface ready");
} else { } else {
print(`default gateway available at ${log}\n`); print(`default gateway available at ${log}\n`);
update_nft(dg, pd); const rule_dg = gen_tp_spec_dv4_dg(dg);
const rule_pd = gen_tp_spec_dv6_dg(pd);
update_nft(rule_dg, rule_pd);
generate_include(rule_dg, rule_pd, "/var/etc/xray/02_default_gateway_include.nft");
} }
restart_dnsmasq_if_necessary(); restart_dnsmasq_if_necessary();

40
luci-app-xray/core/root/usr/share/xray/firewall_include.ut
View File

@ -127,7 +127,8 @@
set tp_spec_dv4_sp { set tp_spec_dv4_sp {
type ipv4_addr type ipv4_addr
flags constant,interval size 32
flags interval
elements = { 0.0.0.0/8, 10.0.0.0/8, elements = { 0.0.0.0/8, 10.0.0.0/8,
100.64.0.0/10, 127.0.0.0/8, 100.64.0.0/10, 127.0.0.0/8,
169.254.0.0/16, 172.16.0.0/12, 169.254.0.0/16, 172.16.0.0/12,
@ -137,7 +138,8 @@
set tp_spec_dv6_sp { set tp_spec_dv6_sp {
type ipv6_addr type ipv6_addr
flags constant,interval size 32
flags interval
elements = { ::, elements = { ::,
::1, ::1,
::ffff:0.0.0.0/96, ::ffff:0.0.0.0/96,
@ -156,7 +158,7 @@
{% if (length(tp_spec_sm4_bp) > 0): %} {% if (length(tp_spec_sm4_bp) > 0): %}
set tp_spec_sm4_bp { set tp_spec_sm4_bp {
type ether_addr type ether_addr
flags constant size {{ length(tp_spec_sm4_bp) * 2 + 1 }}
elements = { {{ join(", ", tp_spec_sm4_bp) }} } elements = { {{ join(", ", tp_spec_sm4_bp) }} }
} }
{% endif %} {% endif %}
@ -164,7 +166,7 @@
{% if (length(tp_spec_sm6_bp) > 0): %} {% if (length(tp_spec_sm6_bp) > 0): %}
set tp_spec_sm6_bp { set tp_spec_sm6_bp {
type ether_addr type ether_addr
flags constant size {{ length(tp_spec_sm6_bp) * 2 + 1 }}
elements = { {{ join(", ", tp_spec_sm6_bp) }} } elements = { {{ join(", ", tp_spec_sm6_bp) }} }
} }
{% endif %} {% endif %}
@ -172,7 +174,7 @@
{% if (length(tp_spec_sm4_tp) > 0): %} {% if (length(tp_spec_sm4_tp) > 0): %}
set tp_spec_sm4_tp { set tp_spec_sm4_tp {
type ether_addr type ether_addr
flags constant size {{ length(tp_spec_sm4_tp) * 2 + 1 }}
elements = { {{ join(", ", tp_spec_sm4_tp) }} } elements = { {{ join(", ", tp_spec_sm4_tp) }} }
} }
{% endif %} {% endif %}
@ -180,7 +182,7 @@
{% if (length(tp_spec_sm6_tp) > 0): %} {% if (length(tp_spec_sm6_tp) > 0): %}
set tp_spec_sm6_tp { set tp_spec_sm6_tp {
type ether_addr type ether_addr
flags constant size {{ length(tp_spec_sm6_tp) * 2 + 1 }}
elements = { {{ join(", ", tp_spec_sm6_tp) }} } elements = { {{ join(", ", tp_spec_sm6_tp) }} }
} }
{% endif %} {% endif %}
@ -188,7 +190,7 @@
{% for (let i in extra_inbound_tcp_v4_map): %} {% for (let i in extra_inbound_tcp_v4_map): %}
set tp_spec_sm4_ft_{{ i }} { set tp_spec_sm4_ft_{{ i }} {
type ether_addr type ether_addr
flags constant size {{ length(extra_inbound_tcp_v4_map) * 2 + 1 }}
elements = { {{ join(", ", extra_inbound_tcp_v4_map[i]) }} } elements = { {{ join(", ", extra_inbound_tcp_v4_map[i]) }} }
} }
{% endfor %} {% endfor %}
@ -196,7 +198,7 @@
{% for (let i in extra_inbound_udp_v4_map): %} {% for (let i in extra_inbound_udp_v4_map): %}
set tp_spec_sm4_fu_{{ i }} { set tp_spec_sm4_fu_{{ i }} {
type ether_addr type ether_addr
flags constant size {{ length(extra_inbound_udp_v4_map) * 2 + 1 }}
elements = { {{ join(", ", extra_inbound_udp_v4_map[i]) }} } elements = { {{ join(", ", extra_inbound_udp_v4_map[i]) }} }
} }
{% endfor %} {% endfor %}
@ -204,7 +206,7 @@
{% for (let i in extra_inbound_tcp_v6_map): %} {% for (let i in extra_inbound_tcp_v6_map): %}
set tp_spec_sm6_ft_{{ i }} { set tp_spec_sm6_ft_{{ i }} {
type ether_addr type ether_addr
flags constant size {{ length(extra_inbound_tcp_v6_map) * 2 + 1 }}
elements = { {{ join(", ", extra_inbound_tcp_v6_map[i]) }} } elements = { {{ join(", ", extra_inbound_tcp_v6_map[i]) }} }
} }
{% endfor %} {% endfor %}
@ -212,7 +214,7 @@
{% for (let i in extra_inbound_udp_v6_map): %} {% for (let i in extra_inbound_udp_v6_map): %}
set tp_spec_sm6_fu_{{ i }} { set tp_spec_sm6_fu_{{ i }} {
type ether_addr type ether_addr
flags constant size {{ length(extra_inbound_udp_v6_map) * 2 + 1 }}
elements = { {{ join(", ", extra_inbound_udp_v6_map[i]) }} } elements = { {{ join(", ", extra_inbound_udp_v6_map[i]) }} }
} }
{% endfor %} {% endfor %}
@ -220,7 +222,7 @@
{% if (length(manual_tproxy_source_ips) > 0): %} {% if (length(manual_tproxy_source_ips) > 0): %}
set tp_spec_dv4_mt { set tp_spec_dv4_mt {
type ipv4_addr type ipv4_addr
flags constant, interval size {{ length(manual_tproxy_source_ips) * 2 + 1 }}
elements = { {{ join(", ", manual_tproxy_source_ips) }} } elements = { {{ join(", ", manual_tproxy_source_ips) }} }
} }
{% endif %} {% endif %}
@ -228,8 +230,8 @@
{% if (length(wan_bp_ips_v4) > 0): %} {% if (length(wan_bp_ips_v4) > 0): %}
set tp_spec_dv4_bp { set tp_spec_dv4_bp {
type ipv4_addr type ipv4_addr
size {{ length(wan_bp_ips_v4) }} size {{ length(wan_bp_ips_v4) * 2 + 1 }}
flags constant, interval flags interval
elements = { {{ join(", ", wan_bp_ips_v4)}} } elements = { {{ join(", ", wan_bp_ips_v4)}} }
} }
{% endif %} {% endif %}
@ -237,8 +239,8 @@
{% if (length(wan_bp_ips_v6) > 0): %} {% if (length(wan_bp_ips_v6) > 0): %}
set tp_spec_dv6_bp { set tp_spec_dv6_bp {
type ipv6_addr type ipv6_addr
size {{ length(wan_bp_ips_v6) }} size {{ length(wan_bp_ips_v6) * 2 + 1 }}
flags constant, interval flags interval
elements = { {{ join(", ", wan_bp_ips_v6)}} } elements = { {{ join(", ", wan_bp_ips_v6)}} }
} }
{% endif %} {% endif %}
@ -246,8 +248,8 @@
{% if (length(wan_fw_ips_v4) > 0): %} {% if (length(wan_fw_ips_v4) > 0): %}
set tp_spec_dv4_fw { set tp_spec_dv4_fw {
type ipv4_addr type ipv4_addr
size {{ length(wan_fw_ips_v4) }} size {{ length(wan_fw_ips_v4) * 2 + 1 }}
flags constant, interval flags interval
elements = { {{ join(", ", wan_fw_ips_v4)}} } elements = { {{ join(", ", wan_fw_ips_v4)}} }
} }
{% endif %} {% endif %}
@ -255,8 +257,8 @@
{% if (length(wan_fw_ips_v6) > 0): %} {% if (length(wan_fw_ips_v6) > 0): %}
set tp_spec_dv6_fw { set tp_spec_dv6_fw {
type ipv6_addr type ipv6_addr
size {{ length(wan_fw_ips_v6) }} size {{ length(wan_fw_ips_v6) * 2 + 1 }}
flags constant, interval flags interval
elements = { {{ join(", ", wan_fw_ips_v6)}} } elements = { {{ join(", ", wan_fw_ips_v6)}} }
} }
{% endif %} {% endif %}

2
luci-app-xray/status/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-xray-status PKG_NAME:=luci-app-xray-status
PKG_VERSION:=3.3.0 PKG_VERSION:=3.3.1
PKG_RELEASE:=1 PKG_RELEASE:=1
PKG_LICENSE:=MPLv2 PKG_LICENSE:=MPLv2