OpenWrt/kenzok8-package
1
0
Fork 0
mirror of https://github.com/kenzok8/small-package synced 2025-01-08 13:27:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

update 2024-12-17 00:28:32

Browse Source
This commit is contained in:
kenzok8 2024-12-17 00:28:32 +08:00
parent 0d905cf140
commit 141ca86d8e
26 changed files with 379 additions and 424 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
luci-app-internet-detector/README.md
View File

@ -21,16 +21,16 @@ Internet-detector is an application for checking the availability of the Interne
/etc/init.d/internet-detector start /etc/init.d/internet-detector start
/etc/init.d/internet-detector enable /etc/init.d/internet-detector enable
wget --no-check-certificate -O /tmp/luci-app-internet-detector_1.3.1-1_all.ipk https://github.com/gSpotx2f/packages-openwrt/raw/master/current/luci-app-internet-detector_1.3.1-1_all.ipk wget --no-check-certificate -O /tmp/luci-app-internet-detector_1.3.1-r2_all.ipk https://github.com/gSpotx2f/packages-openwrt/raw/master/current/luci-app-internet-detector_1.3.1-r2_all.ipk
opkg install /tmp/luci-app-internet-detector_1.3.1-1_all.ipk opkg install /tmp/luci-app-internet-detector_1.3.1-r2_all.ipk
rm /tmp/luci-app-internet-detector_1.3.1-1_all.ipk rm /tmp/luci-app-internet-detector_1.3.1-r2_all.ipk
/etc/init.d/rpcd restart /etc/init.d/rpcd restart
i18n-ru: i18n-ru:
wget --no-check-certificate -O /tmp/luci-i18n-internet-detector-ru_1.3.1-1_all.ipk https://github.com/gSpotx2f/packages-openwrt/raw/master/current/luci-i18n-internet-detector-ru_1.3.1-1_all.ipk wget --no-check-certificate -O /tmp/luci-i18n-internet-detector-ru_1.3.1-r2_all.ipk https://github.com/gSpotx2f/packages-openwrt/raw/master/current/luci-i18n-internet-detector-ru_1.3.1-r2_all.ipk
opkg install /tmp/luci-i18n-internet-detector-ru_1.3.1-1_all.ipk opkg install /tmp/luci-i18n-internet-detector-ru_1.3.1-r2_all.ipk
rm /tmp/luci-i18n-internet-detector-ru_1.3.1-1_all.ipk rm /tmp/luci-i18n-internet-detector-ru_1.3.1-r2_all.ipk
## Screenshots: ## Screenshots:

1
luci-app-internet-detector/internet-detector-mod-email/Makefile
View File

@ -17,6 +17,7 @@ define Package/$(PKG_NAME)
TITLE:=Email module for internet-detector TITLE:=Email module for internet-detector
URL:=https://github.com/gSpotx2f/luci-app-internet-detector URL:=https://github.com/gSpotx2f/luci-app-internet-detector
PKGARCH:=all PKGARCH:=all
#PKGARCH:=noarch
DEPENDS:=+internet-detector +mailsend DEPENDS:=+internet-detector +mailsend
endef endef

1
luci-app-internet-detector/internet-detector-mod-modem-restart/Makefile
View File

@ -17,6 +17,7 @@ define Package/$(PKG_NAME)
TITLE:=Modem restart module for internet-detector TITLE:=Modem restart module for internet-detector
URL:=https://github.com/gSpotx2f/luci-app-internet-detector URL:=https://github.com/gSpotx2f/luci-app-internet-detector
PKGARCH:=all PKGARCH:=all
#PKGARCH:=noarch
DEPENDS:=+internet-detector +modemmanager DEPENDS:=+internet-detector +modemmanager
endef endef

1
luci-app-internet-detector/internet-detector/Makefile
View File

@ -17,6 +17,7 @@ define Package/$(PKG_NAME)
TITLE:=Internet detector TITLE:=Internet detector
URL:=https://github.com/gSpotx2f/luci-app-internet-detector URL:=https://github.com/gSpotx2f/luci-app-internet-detector
PKGARCH:=all PKGARCH:=all
#PKGARCH:=noarch
DEPENDS:=+lua +luaposix +libuci-lua DEPENDS:=+lua +luaposix +libuci-lua
endef endef

3
luci-app-internet-detector/luci-app-internet-detector/Makefile
View File

@ -6,10 +6,11 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-internet-detector PKG_NAME:=luci-app-internet-detector
PKG_VERSION:=1.3.1 PKG_VERSION:=1.3.1
PKG_RELEASE:=1 PKG_RELEASE:=2
LUCI_TITLE:=LuCI support for internet-detector LUCI_TITLE:=LuCI support for internet-detector
LUCI_DEPENDS:=+internet-detector LUCI_DEPENDS:=+internet-detector
LUCI_PKGARCH:=all LUCI_PKGARCH:=all
#LUCI_PKGARCH:=noarch
#include ../../luci.mk #include ../../luci.mk
include $(TOPDIR)/feeds/luci/luci.mk include $(TOPDIR)/feeds/luci/luci.mk

23
luci-app-internet-detector/luci-app-internet-detector/htdocs/luci-static/resources/view/internet-detector.js
View File

@ -560,16 +560,11 @@ return view.extend({
/* Main settings */ /* Main settings */
// mode // mode
let mode = s.option(form.ListValue, 'mode', let mode = s.option(form.RichListValue, 'mode',
_('Internet detector mode')); _('Internet detector mode'));
mode.value('0', _('Disabled')); mode.value('0', _('Disabled'), _('Detector is completely off.'));
mode.value('1', _('Service')); mode.value('1', _('Service'), _('Detector always runs as a system service.'));
mode.value('2', _('Web UI only (UI detector)')); mode.value('2', _('Web UI only (UI detector)'), _('Detector works only when the Web UI is open.'));
mode.description = '%s<br />%s<br />%s'.format(
_('Disabled: detector is completely off.'),
_('Service: detector always runs as a system service.'),
_('Web UI only: detector works only when the Web UI is open (UI detector).')
);
mode.default = '0'; mode.default = '0';
@ -1125,14 +1120,10 @@ return view.extend({
o.modalonly = true; o.modalonly = true;
// mail_security // mail_security
o = s.taboption('email', form.ListValue, o = s.taboption('email', form.RichListValue,
'mod_email_mail_security', _('Security')); 'mod_email_mail_security', _('Security'));
o.description = '%s<br />%s'.format( o.value('tls', 'TLS', _('Use STARTTLS if the server supports it.'));
_('TLS: use STARTTLS if the server supports it.'), o.value('ssl', 'SSL', _('SMTP over SSL.'));
_('SSL: SMTP over SSL.'),
);
o.value('tls', 'TLS');
o.value('ssl', 'SSL');
o.default = 'tls'; o.default = 'tls';
o.modalonly = true; o.modalonly = true;
} else { } else {

22
luci-app-internet-detector/luci-app-internet-detector/po/ru/internet-detector.po
View File

@ -92,8 +92,8 @@ msgstr "Отключить принудительную перезагрузку
msgid "Disabled" msgid "Disabled"
msgstr "Отключен" msgstr "Отключен"
msgid "Disabled: detector is completely off." msgid "Detector is completely off."
msgstr "Отключен: детектор полностью выключен." msgstr "Детектор полностью выключен."
msgid "Disconnected" msgid "Disconnected"
msgstr "Отключен" msgstr "Отключен"
@ -353,8 +353,8 @@ msgstr "SMTP-сервер"
msgid "SMTP server port" msgid "SMTP server port"
msgstr "Порт SMTP-сервера" msgstr "Порт SMTP-сервера"
msgid "SSL: SMTP over SSL." msgid "SMTP over SSL."
msgstr "SSL: SMTP поверх SSL." msgstr "SMTP поверх SSL."
msgid "Save" msgid "Save"
msgstr "Сохранить" msgstr "Сохранить"
@ -380,8 +380,8 @@ msgstr "Конфигурация службы"
msgid "Service for determining the public IP address through DNS." msgid "Service for determining the public IP address through DNS."
msgstr "Сервис для определения публичного IP адреса через DNS." msgstr "Сервис для определения публичного IP адреса через DNS."
msgid "Service: detector always runs as a system service." msgid "Detector always runs as a system service."
msgstr "Служба: детектор работает постоянно, как системная служба." msgstr "Детектор работает постоянно, как системная служба."
msgid "Service instances" msgid "Service instances"
msgstr "Экземпляры службы" msgstr "Экземпляры службы"
@ -419,8 +419,8 @@ msgstr "Подключение к TCP-порту"
msgid "The type of record requested in the DNS query (if the service supports it)." msgid "The type of record requested in the DNS query (if the service supports it)."
msgstr "Тип записи запрашиваемой в DNS-запросе (если сервис поддерживает)." msgstr "Тип записи запрашиваемой в DNS-запросе (если сервис поддерживает)."
msgid "TLS: use STARTTLS if the server supports it." msgid "Use STARTTLS if the server supports it."
msgstr "TLS: использовать STARTTLS если сервер поддерживает." msgstr "Использовать STARTTLS если сервер поддерживает."
msgid "Timeout between stopping and starting the interface." msgid "Timeout between stopping and starting the interface."
msgstr "Таймаут между остановкой и запуском интерфейса." msgstr "Таймаут между остановкой и запуском интерфейса."
@ -457,10 +457,8 @@ msgstr ""
msgid "Web UI only (UI detector)" msgid "Web UI only (UI detector)"
msgstr "Только web-интерфейс (UI детектор)" msgstr "Только web-интерфейс (UI детектор)"
msgid "Web UI only: detector works only when the Web UI is open (UI detector)." msgid "Detector works only when the Web UI is open."
msgstr "" msgstr "Детектор работает только в web-интерфейсе."
"Только web-интерфейс: детектор работает только в web-интерфейсе (UI "
"детектор)."
msgid "When email will be sent" msgid "When email will be sent"
msgstr "Когда будет отправлено сообщение" msgstr "Когда будет отправлено сообщение"

10
luci-app-internet-detector/luci-app-internet-detector/po/templates/internet-detector.pot
View File

@ -80,7 +80,7 @@ msgstr ""
msgid "Disabled" msgid "Disabled"
msgstr "" msgstr ""
msgid "Disabled: detector is completely off." msgid "Detector is completely off."
msgstr "" msgstr ""
msgid "Disconnected" msgid "Disconnected"
@ -328,7 +328,7 @@ msgstr ""
msgid "SMTP server port" msgid "SMTP server port"
msgstr "" msgstr ""
msgid "SSL: SMTP over SSL." msgid "SMTP over SSL."
msgstr "" msgstr ""
msgid "Save" msgid "Save"
@ -355,7 +355,7 @@ msgstr ""
msgid "Service for determining the public IP address through DNS." msgid "Service for determining the public IP address through DNS."
msgstr "" msgstr ""
msgid "Service: detector always runs as a system service." msgid "Detector always runs as a system service."
msgstr "" msgstr ""
msgid "Service instances" msgid "Service instances"
@ -394,7 +394,7 @@ msgstr ""
msgid "The type of record requested in the DNS query (if the service supports it)." msgid "The type of record requested in the DNS query (if the service supports it)."
msgstr "" msgstr ""
msgid "TLS: use STARTTLS if the server supports it." msgid "Use STARTTLS if the server supports it."
msgstr "" msgstr ""
msgid "Timeout between stopping and starting the interface." msgid "Timeout between stopping and starting the interface."
@ -430,7 +430,7 @@ msgstr ""
msgid "Web UI only (UI detector)" msgid "Web UI only (UI detector)"
msgstr "" msgstr ""
msgid "Web UI only: detector works only when the Web UI is open (UI detector)." msgid "Detector works only when the Web UI is open."
msgstr "" msgstr ""
msgid "When email will be sent" msgid "When email will be sent"

19
luci-app-passwall/root/usr/share/passwall/app.sh
View File

@ -1908,7 +1908,6 @@ acl_app() {
} }
fi fi
set_cache_var "ACL_${sid}_udp_port" "${udp_port}" set_cache_var "ACL_${sid}_udp_port" "${udp_port}"
udp_flag=1
} }
unset enabled sid remarks sources interface use_global_config tcp_node udp_node use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode filter_proxy_ipv6 dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip unset enabled sid remarks sources interface use_global_config tcp_node udp_node use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode filter_proxy_ipv6 dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip
unset _ip _mac _iprange _ipset _ip_or_mac source_list tcp_port udp_port config_file _extra_param unset _ip _mac _iprange _ipset _ip_or_mac source_list tcp_port udp_port config_file _extra_param
@ -1971,6 +1970,16 @@ start() {
[ -n "$USE_TABLES" ] && source $APP_PATH/${USE_TABLES}.sh start [ -n "$USE_TABLES" ] && source $APP_PATH/${USE_TABLES}.sh start
set_cache_var "USE_TABLES" "$USE_TABLES" set_cache_var "USE_TABLES" "$USE_TABLES"
[ -z $(get_cache_var "ACL_default_dns_port") ] && lua $APP_PATH/helper_dnsmasq.lua logic_restart -LOG 1 [ -z $(get_cache_var "ACL_default_dns_port") ] && lua $APP_PATH/helper_dnsmasq.lua logic_restart -LOG 1
if [ "$ENABLED_DEFAULT_ACL" == 1 ] || [ "$ENABLED_ACLS" == 1 ]; then
bridge_nf_ipt=$(sysctl -e -n net.bridge.bridge-nf-call-iptables)
set_cache_var "bak_bridge_nf_ipt" "$bridge_nf_ipt"
sysctl -w net.bridge.bridge-nf-call-iptables=0 >/dev/null 2>&1
[ "$PROXY_IPV6" == "1" ] && {
bridge_nf_ip6t=$(sysctl -e -n net.bridge.bridge-nf-call-ip6tables)
set_cache_var "bak_bridge_nf_ip6t" "$bridge_nf_ip6t"
sysctl -w net.bridge.bridge-nf-call-ip6tables=0 >/dev/null 2>&1
}
fi
start_crontab start_crontab
echolog "运行完成!\n" echolog "运行完成!\n"
@ -1991,10 +2000,10 @@ stop() {
rm -rf $GLOBAL_DNSMASQ_CONF rm -rf $GLOBAL_DNSMASQ_CONF
rm -rf $GLOBAL_DNSMASQ_CONF_PATH rm -rf $GLOBAL_DNSMASQ_CONF_PATH
[ -z $(get_cache_var "ACL_default_dns_port") ] && lua $APP_PATH/helper_dnsmasq.lua restart -LOG 0 [ -z $(get_cache_var "ACL_default_dns_port") ] && lua $APP_PATH/helper_dnsmasq.lua restart -LOG 0
origin_bridge_nf_ipt=$(get_cache_var "origin_bridge_nf_ipt") bak_bridge_nf_ipt=$(get_cache_var "bak_bridge_nf_ipt")
[ -n "${origin_bridge_nf_ipt}" ] && sysctl -w net.bridge.bridge-nf-call-iptables=${origin_bridge_nf_ipt} >/dev/null 2>&1 [ -n "${bak_bridge_nf_ipt}" ] && sysctl -w net.bridge.bridge-nf-call-iptables=${bak_bridge_nf_ipt} >/dev/null 2>&1
origin_bridge_nf_ip6t=$(get_cache_var "origin_bridge_nf_ip6t") bak_bridge_nf_ip6t=$(get_cache_var "bak_bridge_nf_ip6t")
[ -n "${origin_bridge_nf_ip6t}" ] && sysctl -w net.bridge.bridge-nf-call-ip6tables=${origin_bridge_nf_ip6t} >/dev/null 2>&1 [ -n "${bak_bridge_nf_ip6t}" ] && sysctl -w net.bridge.bridge-nf-call-ip6tables=${bak_bridge_nf_ip6t} >/dev/null 2>&1
rm -rf $TMP_PATH rm -rf $TMP_PATH
rm -rf /tmp/lock/${CONFIG}_socks_auto_switch* rm -rf /tmp/lock/${CONFIG}_socks_auto_switch*
echolog "清空并关闭相关程序和缓存完成。" echolog "清空并关闭相关程序和缓存完成。"

15
luci-app-passwall/root/usr/share/passwall/iptables.sh
View File

@ -640,7 +640,6 @@ load_acl() {
} }
echolog " - ${msg2}" echolog " - ${msg2}"
udp_flag=1
} }
fi fi
$ipt_m -A PSW $(comment "默认") -p udp -j RETURN $ipt_m -A PSW $(comment "默认") -p udp -j RETURN
@ -1015,8 +1014,6 @@ add_firewall_rule() {
[ "$TCP_UDP" = "1" ] && [ "$UDP_NODE" = "nil" ] && UDP_NODE=$TCP_NODE [ "$TCP_UDP" = "1" ] && [ "$UDP_NODE" = "nil" ] && UDP_NODE=$TCP_NODE
filter_direct_node_list
[ "$ENABLED_DEFAULT_ACL" == 1 ] && { [ "$ENABLED_DEFAULT_ACL" == 1 ] && {
local ipt_tmp=$ipt_n local ipt_tmp=$ipt_n
if [ -n "${is_tproxy}" ]; then if [ -n "${is_tproxy}" ]; then
@ -1220,6 +1217,8 @@ add_firewall_rule() {
# 加载ACLS # 加载ACLS
load_acl load_acl
filter_direct_node_list
[ -d "${TMP_IFACE_PATH}" ] && { [ -d "${TMP_IFACE_PATH}" ] && {
for iface in $(ls ${TMP_IFACE_PATH}); do for iface in $(ls ${TMP_IFACE_PATH}); do
$ipt_n -I PSW_OUTPUT -o $iface -j RETURN $ipt_n -I PSW_OUTPUT -o $iface -j RETURN
@ -1230,16 +1229,6 @@ add_firewall_rule() {
$ipt_n -I PREROUTING $(comment "PSW") -m mark --mark 1 -j RETURN $ipt_n -I PREROUTING $(comment "PSW") -m mark --mark 1 -j RETURN
$ip6t_n -I PREROUTING $(comment "PSW") -m mark --mark 1 -j RETURN $ip6t_n -I PREROUTING $(comment "PSW") -m mark --mark 1 -j RETURN
[ -n "${is_tproxy}" -o -n "${udp_flag}" ] && {
bridge_nf_ipt=$(sysctl -e -n net.bridge.bridge-nf-call-iptables)
set_cache_var "origin_bridge_nf_ipt" "$bridge_nf_ipt"
sysctl -w net.bridge.bridge-nf-call-iptables=0 >/dev/null 2>&1
[ "$PROXY_IPV6" == "1" ] && {
bridge_nf_ip6t=$(sysctl -e -n net.bridge.bridge-nf-call-ip6tables)
set_cache_var "origin_bridge_nf_ip6t" "$bridge_nf_ip6t"
sysctl -w net.bridge.bridge-nf-call-ip6tables=0 >/dev/null 2>&1
}
}
echolog "防火墙规则加载完成!" echolog "防火墙规则加载完成!"
} }

15
luci-app-passwall/root/usr/share/passwall/nftables.sh
View File

@ -702,7 +702,6 @@ load_acl() {
} }
echolog " - ${msg2}" echolog " - ${msg2}"
udp_flag=1
} }
fi fi
} }
@ -1080,8 +1079,6 @@ add_firewall_rule() {
[ "$TCP_UDP" = "1" ] && [ "$UDP_NODE" = "nil" ] && UDP_NODE=$TCP_NODE [ "$TCP_UDP" = "1" ] && [ "$UDP_NODE" = "nil" ] && UDP_NODE=$TCP_NODE
filter_direct_node_list
[ "$ENABLED_DEFAULT_ACL" == 1 ] && { [ "$ENABLED_DEFAULT_ACL" == 1 ] && {
msg="【路由器本机】," msg="【路由器本机】,"
@ -1278,6 +1275,8 @@ add_firewall_rule() {
# 加载ACLS # 加载ACLS
load_acl load_acl
filter_direct_node_list
[ -d "${TMP_IFACE_PATH}" ] && { [ -d "${TMP_IFACE_PATH}" ] && {
for iface in $(ls ${TMP_IFACE_PATH}); do for iface in $(ls ${TMP_IFACE_PATH}); do
nft "insert rule $NFTABLE_NAME $nft_output_chain oif $iface counter return" nft "insert rule $NFTABLE_NAME $nft_output_chain oif $iface counter return"
@ -1285,16 +1284,6 @@ add_firewall_rule() {
done done
} }
[ -n "${is_tproxy}" -o -n "${udp_flag}" ] && {
bridge_nf_ipt=$(sysctl -e -n net.bridge.bridge-nf-call-iptables)
set_cache_var "origin_bridge_nf_ipt" "$bridge_nf_ipt"
sysctl -w net.bridge.bridge-nf-call-iptables=0 >/dev/null 2>&1
[ "$PROXY_IPV6" == "1" ] && {
bridge_nf_ip6t=$(sysctl -e -n net.bridge.bridge-nf-call-ip6tables)
set_cache_var "origin_bridge_nf_ip6t" "$bridge_nf_ip6t"
sysctl -w net.bridge.bridge-nf-call-ip6tables=0 >/dev/null 2>&1
}
}
echolog "防火墙规则加载完成!" echolog "防火墙规则加载完成!"
} }

2
luci-app-passwall2/Makefile
View File

@ -5,7 +5,7 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-passwall2 PKG_NAME:=luci-app-passwall2
PKG_VERSION:=24.12.14 PKG_VERSION:=24.12.16
PKG_RELEASE:=1 PKG_RELEASE:=1
PKG_CONFIG_DEPENDS:= \ PKG_CONFIG_DEPENDS:= \

20
luci-app-passwall2/luasrc/controller/passwall2.lua
View File

@ -158,9 +158,9 @@ end
function get_now_use_node() function get_now_use_node()
local e = {} local e = {}
local data, code, msg = nixio.fs.readfile("/tmp/etc/passwall2/acl/default/global.id") local node = api.get_cache_var("GLOBAL_node")
if data then if node then
e["global"] = util.trim(data) e["global"] = node
end end
luci.http.prepare_content("application/json") luci.http.prepare_content("application/json")
luci.http.write_json(e) luci.http.write_json(e)
@ -328,7 +328,7 @@ function clear_all_nodes()
uci:delete(appname, t[".name"]) uci:delete(appname, t[".name"])
end) end)
uci:foreach(appname, "acl_rule", function(t) uci:foreach(appname, "acl_rule", function(t)
uci:set(appname, t[".name"], "node", "default") uci:set(appname, t[".name"], "node", "nil")
end) end)
uci:foreach(appname, "nodes", function(node) uci:foreach(appname, "nodes", function(node)
uci:delete(appname, node['.name']) uci:delete(appname, node['.name'])
@ -363,7 +363,17 @@ function delete_select_nodes()
end) end)
uci:foreach(appname, "acl_rule", function(t) uci:foreach(appname, "acl_rule", function(t)
if t["node"] == w then if t["node"] == w then
uci:set(appname, t[".name"], "node", "default") uci:set(appname, t[".name"], "node", "nil")
end
end)
uci:foreach(appname, "nodes", function(t)
if t["preproxy_node"] == w then
uci:delete(appname, t[".name"], "preproxy_node")
uci:delete(appname, t[".name"], "chain_proxy")
end
if t["to_node"] == w then
uci:delete(appname, t[".name"], "to_node")
uci:delete(appname, t[".name"], "chain_proxy")
end end
end) end)
uci:delete(appname, w) uci:delete(appname, w)

5
luci-app-passwall2/luasrc/model/cbi/passwall2/client/socks_config.lua
View File

@ -22,9 +22,8 @@ o.default = 1
o.rmempty = false o.rmempty = false
local auto_switch_tip local auto_switch_tip
local current_node_file = string.format("/tmp/etc/%s/id/socks_%s", appname, arg[1]) local current_node = api.get_cache_var("socks_" .. arg[1])
local current_node = luci.sys.exec(string.format("[ -f '%s' ] && echo -n $(cat %s)", current_node_file, current_node_file)) if current_node then
if current_node and current_node ~= "" and current_node ~= "nil" then
local n = uci:get_all(appname, current_node) local n = uci:get_all(appname, current_node)
if n then if n then
if tonumber(m:get(arg[1], "enable_autoswitch") or 0) == 1 then if tonumber(m:get(arg[1], "enable_autoswitch") or 0) == 1 then

24
luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/ray.lua
View File

@ -647,12 +647,26 @@ o.default = 0
o = s:option(Flag, option_name("tcpNoDelay"), "tcpNoDelay") o = s:option(Flag, option_name("tcpNoDelay"), "tcpNoDelay")
o.default = 0 o.default = 0
o = s:option(ListValue, option_name("to_node"), translate("Landing node"), translate("Only support a layer of proxy.")) o = s:option(ListValue, option_name("chain_proxy"), translate("Chain Proxy"))
o.default = ""
o:value("", translate("Close(Not use)")) o:value("", translate("Close(Not use)"))
o:value("1", translate("Preproxy Node"))
o:value("2", translate("Landing Node"))
for i, v in ipairs(s.fields[option_name("protocol")].keylist) do
if not v:find("_") then
o:depends({ [option_name("protocol")] = v })
end
end
o = s:option(ListValue, option_name("preproxy_node"), translate("Preproxy Node"), translate("Only support a layer of proxy."))
o:depends({ [option_name("chain_proxy")] = "1" })
o = s:option(ListValue, option_name("to_node"), translate("Landing Node"), translate("Only support a layer of proxy."))
o:depends({ [option_name("chain_proxy")] = "2" })
for k, v in pairs(nodes_table) do for k, v in pairs(nodes_table) do
if v.type == "Xray" then if v.type == "Xray" and v.id ~= arg[1] then
o:value(v.id, v.remark) s.fields[option_name("preproxy_node")]:value(v.id, v.remark)
s.fields[option_name("to_node")]:value(v.id, v.remark)
end end
end end
@ -660,7 +674,7 @@ for i, v in ipairs(s.fields[option_name("protocol")].keylist) do
if not v:find("_") then if not v:find("_") then
s.fields[option_name("tcpMptcp")]:depends({ [option_name("protocol")] = v }) s.fields[option_name("tcpMptcp")]:depends({ [option_name("protocol")] = v })
s.fields[option_name("tcpNoDelay")]:depends({ [option_name("protocol")] = v }) s.fields[option_name("tcpNoDelay")]:depends({ [option_name("protocol")] = v })
s.fields[option_name("to_node")]:depends({ [option_name("protocol")] = v }) s.fields[option_name("chain_proxy")]:depends({ [option_name("protocol")] = v })
end end
end end

23
luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/sing-box.lua
View File

@ -684,18 +684,27 @@ o:depends({ [option_name("protocol")] = "vless" })
o:depends({ [option_name("protocol")] = "tuic" }) o:depends({ [option_name("protocol")] = "tuic" })
o:depends({ [option_name("protocol")] = "hysteria2" }) o:depends({ [option_name("protocol")] = "hysteria2" })
o = s:option(ListValue, option_name("to_node"), translate("Landing node"), translate("Only support a layer of proxy.")) o = s:option(ListValue, option_name("chain_proxy"), translate("Chain Proxy"))
o.default = ""
o:value("", translate("Close(Not use)")) o:value("", translate("Close(Not use)"))
for k, v in pairs(nodes_table) do o:value("1", translate("Preproxy Node"))
if v.type == "sing-box" then o:value("2", translate("Landing Node"))
o:value(v.id, v.remark)
end
end
for i, v in ipairs(s.fields[option_name("protocol")].keylist) do for i, v in ipairs(s.fields[option_name("protocol")].keylist) do
if not v:find("_") then if not v:find("_") then
o:depends({ [option_name("protocol")] = v }) o:depends({ [option_name("protocol")] = v })
end end
end end
o = s:option(ListValue, option_name("preproxy_node"), translate("Preproxy Node"), translate("Only support a layer of proxy."))
o:depends({ [option_name("chain_proxy")] = "1" })
o = s:option(ListValue, option_name("to_node"), translate("Landing Node"), translate("Only support a layer of proxy."))
o:depends({ [option_name("chain_proxy")] = "2" })
for k, v in pairs(nodes_table) do
if v.type == "sing-box" and v.id ~= arg[1] then
s.fields[option_name("preproxy_node")]:value(v.id, v.remark)
s.fields[option_name("to_node")]:value(v.id, v.remark)
end
end
api.luci_types(arg[1], m, s, type_name, option_prefix) api.luci_types(arg[1], m, s, type_name, option_prefix)

15
luci-app-passwall2/luasrc/passwall2/api.lua
View File

@ -17,6 +17,8 @@ DISTRIB_ARCH = nil
LOG_FILE = "/tmp/log/passwall2.log" LOG_FILE = "/tmp/log/passwall2.log"
CACHE_PATH = "/tmp/etc/passwall2_tmp" CACHE_PATH = "/tmp/etc/passwall2_tmp"
TMP_PATH = "/tmp/etc/" .. appname
TMP_IFACE_PATH = TMP_PATH .. "/iface"
function log(...) function log(...)
local result = os.date("%Y-%m-%d %H:%M:%S: ") .. table.concat({...}, " ") local result = os.date("%Y-%m-%d %H:%M:%S: ") .. table.concat({...}, " ")
@ -27,6 +29,15 @@ function log(...)
end end
end end
function set_cache_var(key, val)
sys.call(string.format('/usr/share/passwall2/app.sh set_cache_var %s "%s"', key, val))
end
function get_cache_var(key)
local val = sys.exec(string.format('echo -n $(/usr/share/passwall2/app.sh get_cache_var %s)', key))
if val == "" then val = nil end
return val
end
function exec_call(cmd) function exec_call(cmd)
local process = io.popen(cmd .. '; echo -e "\n$?"') local process = io.popen(cmd .. '; echo -e "\n$?"')
local lines = {} local lines = {}
@ -96,8 +107,8 @@ end
function curl_proxy(url, file, args) function curl_proxy(url, file, args)
--使用代理 --使用代理
local socks_server = luci.sys.exec("[ -f /tmp/etc/passwall2/acl/default/SOCKS_server ] && echo -n $(cat /tmp/etc/passwall2/acl/default/SOCKS_server) || echo -n ''") local socks_server = get_cache_var("GLOBAL_SOCKS_server")
if socks_server ~= "" then if socks_server and socks_server ~= "" then
if not args then args = {} end if not args then args = {} end
local tmp_args = clone(args) local tmp_args = clone(args)
tmp_args[#tmp_args + 1] = "-x socks5h://" .. socks_server tmp_args[#tmp_args + 1] = "-x socks5h://" .. socks_server

43
luci-app-passwall2/luasrc/passwall2/util_sing-box.lua
View File

@ -685,7 +685,7 @@ function gen_config_server(node)
bind_interface = node.outbound_node_iface, bind_interface = node.outbound_node_iface,
routing_mark = 255, routing_mark = 255,
} }
sys.call("mkdir -p /tmp/etc/passwall2/iface && touch /tmp/etc/passwall2/iface/" .. node.outbound_node_iface) sys.call(string.format("mkdir -p %s && touch %s/%s", api.TMP_IFACE_PATH, api.TMP_IFACE_PATH, node.outbound_node_iface))
else else
local outbound_node_t = uci:get_all("passwall2", node.outbound_node) local outbound_node_t = uci:get_all("passwall2", node.outbound_node)
if node.outbound_node == "_socks" or node.outbound_node == "_http" then if node.outbound_node == "_socks" or node.outbound_node == "_http" then
@ -871,6 +871,7 @@ function gen_config(var)
local function set_outbound_detour(node, outbound, outbounds_table, shunt_rule_name) local function set_outbound_detour(node, outbound, outbounds_table, shunt_rule_name)
if not node or not outbound or not outbounds_table then return nil end if not node or not outbound or not outbounds_table then return nil end
local default_outTag = outbound.tag local default_outTag = outbound.tag
local last_insert_outbound
if node.shadowtls == "1" then if node.shadowtls == "1" then
local _node = { local _node = {
@ -887,14 +888,31 @@ function gen_config(var)
} }
local shadowtls_outbound = gen_outbound(nil, _node, outbound.tag .. "_shadowtls") local shadowtls_outbound = gen_outbound(nil, _node, outbound.tag .. "_shadowtls")
if shadowtls_outbound then if shadowtls_outbound then
table.insert(outbounds_table, shadowtls_outbound) last_insert_outbound = shadowtls_outbound
outbound.detour = outbound.tag .. "_shadowtls" outbound.detour = outbound.tag .. "_shadowtls"
outbound.server = nil outbound.server = nil
outbound.server_port = nil outbound.server_port = nil
end end
end end
if node.to_node then if node.chain_proxy == "1" and node.preproxy_node then
if outbound["_flag_proxy_tag"] and outbound["_flag_proxy_tag"] ~= "nil" then
--Ignore
else
local preproxy_node = uci:get_all(appname, node.preproxy_node)
if preproxy_node then
local preproxy_outbound = gen_outbound(nil, preproxy_node)
if preproxy_outbound then
preproxy_outbound.tag = preproxy_node[".name"] .. ":" .. preproxy_node.remarks
outbound.tag = preproxy_outbound.tag .. " -> " .. outbound.tag
outbound.detour = preproxy_outbound.tag
last_insert_outbound = preproxy_outbound
default_outTag = outbound.tag
end
end
end
end
if node.chain_proxy == "2" and node.to_node then
local to_node = uci:get_all(appname, node.to_node) local to_node = uci:get_all(appname, node.to_node)
if to_node then if to_node then
local to_outbound = gen_outbound(nil, to_node) local to_outbound = gen_outbound(nil, to_node)
@ -912,7 +930,7 @@ function gen_config(var)
end end
end end
end end
return default_outTag return default_outTag, last_insert_outbound
end end
if node.protocol == "_shunt" then if node.protocol == "_shunt" then
@ -997,8 +1015,11 @@ function gen_config(var)
local _outbound = gen_outbound(flag, _node, rule_name, { tag = use_proxy and preproxy_tag or nil }) local _outbound = gen_outbound(flag, _node, rule_name, { tag = use_proxy and preproxy_tag or nil })
if _outbound then if _outbound then
_outbound.tag = _outbound.tag .. ":" .. _node.remarks _outbound.tag = _outbound.tag .. ":" .. _node.remarks
rule_outboundTag = set_outbound_detour(_node, _outbound, outbounds, rule_name) rule_outboundTag, last_insert_outbound = set_outbound_detour(_node, _outbound, outbounds, rule_name)
table.insert(outbounds, _outbound) table.insert(outbounds, _outbound)
if last_insert_outbound then
table.insert(outbounds, last_insert_outbound)
end
end end
end end
elseif _node.protocol == "_iface" then elseif _node.protocol == "_iface" then
@ -1011,7 +1032,7 @@ function gen_config(var)
} }
table.insert(outbounds, _outbound) table.insert(outbounds, _outbound)
rule_outboundTag = _outbound.tag rule_outboundTag = _outbound.tag
sys.call("touch /tmp/etc/passwall2/iface/" .. _node.iface) sys.call(string.format("mkdir -p %s && touch %s/%s", api.TMP_IFACE_PATH, api.TMP_IFACE_PATH, _node.iface))
end end
end end
end end
@ -1186,14 +1207,17 @@ function gen_config(var)
} }
table.insert(outbounds, outbound) table.insert(outbounds, outbound)
COMMON.default_outbound_tag = outbound.tag COMMON.default_outbound_tag = outbound.tag
sys.call("touch /tmp/etc/passwall2/iface/" .. node.iface) sys.call(string.format("mkdir -p %s && touch %s/%s", api.TMP_IFACE_PATH, api.TMP_IFACE_PATH, node.iface))
end end
else else
local outbound = gen_outbound(flag, node) local outbound = gen_outbound(flag, node)
if outbound then if outbound then
outbound.tag = outbound.tag .. ":" .. node.remarks outbound.tag = outbound.tag .. ":" .. node.remarks
COMMON.default_outbound_tag = set_outbound_detour(node, outbound, outbounds) COMMON.default_outbound_tag, last_insert_outbound = set_outbound_detour(node, outbound, outbounds)
table.insert(outbounds, outbound) table.insert(outbounds, outbound)
if last_insert_outbound then
table.insert(outbounds, last_insert_outbound)
end
end end
end end
end end
@ -1444,6 +1468,9 @@ function gen_config(var)
tag = "block" tag = "block"
}) })
for index, value in ipairs(config.outbounds) do for index, value in ipairs(config.outbounds) do
if (not value["_flag_proxy_tag"] or value["_flag_proxy_tag"] == "nil") and not value.detour and value["_id"] and value.server and value.server_port then
sys.call(string.format("echo '%s' >> %s", value["_id"], api.TMP_PATH .. "/direct_node_list"))
end
for k, v in pairs(config.outbounds[index]) do for k, v in pairs(config.outbounds[index]) do
if k:find("_") == 1 then if k:find("_") == 1 then
config.outbounds[index][k] = nil config.outbounds[index][k] = nil

49
luci-app-passwall2/luasrc/passwall2/util_xray.lua
View File

@ -183,8 +183,7 @@ function gen_outbound(flag, node, tag, proxy_table)
} or nil, } or nil,
wsSettings = (node.transport == "ws") and { wsSettings = (node.transport == "ws") and {
path = node.ws_path or "/", path = node.ws_path or "/",
headers = (node.ws_host ~= nil) and host = node.ws_host or nil,
{Host = node.ws_host} or nil,
maxEarlyData = tonumber(node.ws_maxEarlyData) or nil, maxEarlyData = tonumber(node.ws_maxEarlyData) or nil,
earlyDataHeaderName = (node.ws_earlyDataHeaderName) and node.ws_earlyDataHeaderName or nil, earlyDataHeaderName = (node.ws_earlyDataHeaderName) and node.ws_earlyDataHeaderName or nil,
heartbeatPeriod = tonumber(node.ws_heartbeatPeriod) or nil heartbeatPeriod = tonumber(node.ws_heartbeatPeriod) or nil
@ -416,7 +415,7 @@ function gen_config_server(node)
} }
} }
} }
sys.call("mkdir -p /tmp/etc/passwall2/iface && touch /tmp/etc/passwall2/iface/" .. node.outbound_node_iface) sys.call(string.format("mkdir -p %s && touch %s/%s", api.TMP_IFACE_PATH, api.TMP_IFACE_PATH, node.outbound_node_iface))
else else
local outbound_node_t = uci:get_all("passwall2", node.outbound_node) local outbound_node_t = uci:get_all("passwall2", node.outbound_node)
if node.outbound_node == "_socks" or node.outbound_node == "_http" then if node.outbound_node == "_socks" or node.outbound_node == "_http" then
@ -483,7 +482,7 @@ function gen_config_server(node)
header = {type = node.mkcp_guise} header = {type = node.mkcp_guise}
} or nil, } or nil,
wsSettings = (node.transport == "ws") and { wsSettings = (node.transport == "ws") and {
headers = (node.ws_host) and {Host = node.ws_host} or nil, host = node.ws_host or nil,
path = node.ws_path path = node.ws_path
} or nil, } or nil,
httpSettings = (node.transport == "h2") and { httpSettings = (node.transport == "h2") and {
@ -782,8 +781,29 @@ function gen_config(var)
local function set_outbound_detour(node, outbound, outbounds_table, shunt_rule_name) local function set_outbound_detour(node, outbound, outbounds_table, shunt_rule_name)
if not node or not outbound or not outbounds_table then return nil end if not node or not outbound or not outbounds_table then return nil end
local default_outTag = outbound.tag local default_outTag = outbound.tag
local last_insert_outbound
if node.to_node then if node.chain_proxy == "1" and node.preproxy_node then
if outbound["_flag_proxy_tag"] and outbound["_flag_proxy_tag"] ~= "nil" then
--Ignore
else
local preproxy_node = uci:get_all(appname, node.preproxy_node)
if preproxy_node then
local preproxy_outbound = gen_outbound(nil, preproxy_node)
if preproxy_outbound then
preproxy_outbound.tag = preproxy_node[".name"] .. ":" .. preproxy_node.remarks
outbound.tag = preproxy_outbound.tag .. " -> " .. outbound.tag
outbound.proxySettings = {
tag = preproxy_outbound.tag,
transportLayer = true
}
last_insert_outbound = preproxy_outbound
default_outTag = outbound.tag
end
end
end
end
if node.chain_proxy == "2" and node.to_node then
local to_node = uci:get_all(appname, node.to_node) local to_node = uci:get_all(appname, node.to_node)
if to_node then if to_node then
local to_outbound = gen_outbound(nil, to_node) local to_outbound = gen_outbound(nil, to_node)
@ -804,7 +824,7 @@ function gen_config(var)
end end
end end
end end
return default_outTag return default_outTag, last_insert_outbound
end end
if node then if node then
@ -906,12 +926,15 @@ function gen_config(var)
local outbound_tag local outbound_tag
if outbound then if outbound then
outbound.tag = outbound.tag .. ":" .. _node.remarks outbound.tag = outbound.tag .. ":" .. _node.remarks
outbound_tag = set_outbound_detour(_node, outbound, outbounds, rule_name) outbound_tag, last_insert_outbound = set_outbound_detour(_node, outbound, outbounds, rule_name)
if rule_name == "default" then if rule_name == "default" then
table.insert(outbounds, 1, outbound) table.insert(outbounds, 1, outbound)
else else
table.insert(outbounds, outbound) table.insert(outbounds, outbound)
end end
if last_insert_outbound then
table.insert(outbounds, last_insert_outbound)
end
end end
return outbound_tag, nil return outbound_tag, nil
end end
@ -932,7 +955,7 @@ function gen_config(var)
} }
outbound_tag = outbound.tag outbound_tag = outbound.tag
table.insert(outbounds, outbound) table.insert(outbounds, outbound)
sys.call("touch /tmp/etc/passwall2/iface/" .. _node.iface) sys.call(string.format("mkdir -p %s && touch %s/%s", api.TMP_IFACE_PATH, api.TMP_IFACE_PATH, _node.iface))
end end
return outbound_tag, nil return outbound_tag, nil
end end
@ -1098,14 +1121,17 @@ function gen_config(var)
} }
table.insert(outbounds, outbound) table.insert(outbounds, outbound)
COMMON.default_outbound_tag = outbound.tag COMMON.default_outbound_tag = outbound.tag
sys.call("touch /tmp/etc/passwall2/iface/" .. node.iface) sys.call(string.format("mkdir -p %s && touch %s/%s", api.TMP_IFACE_PATH, api.TMP_IFACE_PATH, node.iface))
end end
else else
local outbound = gen_outbound(flag, node, nil, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.fragment == "1" or nil }) local outbound = gen_outbound(flag, node, nil, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.fragment == "1" or nil })
if outbound then if outbound then
outbound.tag = outbound.tag .. ":" .. node.remarks outbound.tag = outbound.tag .. ":" .. node.remarks
COMMON.default_outbound_tag = set_outbound_detour(node, outbound, outbounds) COMMON.default_outbound_tag, last_insert_outbound = set_outbound_detour(node, outbound, outbounds)
table.insert(outbounds, outbound) table.insert(outbounds, outbound)
if last_insert_outbound then
table.insert(outbounds, last_insert_outbound)
end
routing = { routing = {
domainStrategy = "AsIs", domainStrategy = "AsIs",
domainMatcher = "hybrid", domainMatcher = "hybrid",
@ -1523,6 +1549,9 @@ function gen_config(var)
end end
for index, value in ipairs(config.outbounds) do for index, value in ipairs(config.outbounds) do
if (not value["_flag_proxy_tag"] or value["_flag_proxy_tag"] == "nil") and value["_id"] and value.server and value.server_port then
sys.call(string.format("echo '%s' >> %s", value["_id"], api.TMP_PATH .. "/direct_node_list"))
end
for k, v in pairs(config.outbounds[index]) do for k, v in pairs(config.outbounds[index]) do
if k:find("_") == 1 then if k:find("_") == 1 then
config.outbounds[index][k] = nil config.outbounds[index][k] = nil

26
luci-app-passwall2/luasrc/view/passwall2/node_list/node_list.htm
View File

@ -223,22 +223,18 @@ table td, .table .td {
function get_now_use_node() { function get_now_use_node() {
XHR.get('<%=api.url("get_now_use_node")%>', null, XHR.get('<%=api.url("get_now_use_node")%>', null,
function(x, result) { function(x, result) {
var id = result["TCP"]; var id = result["global"];
if (id) { if (id) {
var dom = document.getElementById("cbi-passwall2-" + id); var dom = document.getElementById("cbi-passwall2-" + id);
if (dom) { if (dom) {
dom.classList.add("_now_use"); dom.classList.add("_now_use");
dom.title = "当前TCP节点"; dom.title = "当前节点";
//var v = "<a style='color: red'>当前TCP节点:</a>" + document.getElementById("cbid.passwall2." + id + ".remarks").value; //var v = "<a style='color: red'>当前节点:</a>" + document.getElementById("cbid.passwall2." + id + ".remarks").value;
//document.getElementById("cbi-passwall2-" + id + "-remarks").innerHTML = v; //document.getElementById("cbi-passwall2-" + id + "-remarks").innerHTML = v;
} var tds = dom.getElementsByTagName("td")
} for (var j = 0; j < tds.length; j++) {
id = result["UDP"]; tds[j].classList.add("_now_use");
if (id) { }
var dom = document.getElementById("cbi-passwall2-" + id);
if (dom) {
dom.classList.add("_now_use");
dom.title = "当前UDP节点";
} }
} }
} }
@ -305,9 +301,7 @@ table td, .table .td {
); );
} }
} }
get_now_use_node();
/* 自动Ping */ /* 自动Ping */
if (auto_detection_time == "icmp" || auto_detection_time == "tcping") { if (auto_detection_time == "icmp" || auto_detection_time == "tcping") {
var nodes = []; var nodes = [];
@ -427,7 +421,9 @@ table td, .table .td {
console.error(err); console.error(err);
} }
} }
get_now_use_node();
if (true) { if (true) {
var str = ""; var str = "";
for (var add_from in node_list) { for (var add_from in node_list) {

5
luci-app-passwall2/po/zh-cn/passwall2.po
View File

@ -1570,7 +1570,10 @@ msgstr "延迟ms"
msgid "If is domain name, The requested domain name will be resolved to IP before connect." msgid "If is domain name, The requested domain name will be resolved to IP before connect."
msgstr "如果是域名,域名将在请求发出之前解析为 IP。" msgstr "如果是域名,域名将在请求发出之前解析为 IP。"
msgid "Landing node" msgid "Chain Proxy"
msgstr "链式代理"
msgid "Landing Node"
msgstr "落地节点" msgstr "落地节点"
msgid "Only support a layer of proxy." msgid "Only support a layer of proxy."

55
luci-app-passwall2/root/usr/share/passwall2/app.sh
View File

@ -8,7 +8,6 @@ CONFIG=passwall2
TMP_PATH=/tmp/etc/$CONFIG TMP_PATH=/tmp/etc/$CONFIG
TMP_BIN_PATH=$TMP_PATH/bin TMP_BIN_PATH=$TMP_PATH/bin
TMP_SCRIPT_FUNC_PATH=$TMP_PATH/script_func TMP_SCRIPT_FUNC_PATH=$TMP_PATH/script_func
TMP_ID_PATH=$TMP_PATH/id
TMP_ROUTE_PATH=$TMP_PATH/route TMP_ROUTE_PATH=$TMP_PATH/route
TMP_ACL_PATH=$TMP_PATH/acl TMP_ACL_PATH=$TMP_PATH/acl
TMP_IFACE_PATH=$TMP_PATH/iface TMP_IFACE_PATH=$TMP_PATH/iface
@ -324,6 +323,19 @@ get_singbox_geoip() {
fi fi
} }
set_cache_var() {
local key="${1}"
shift 1
local val="$@"
[ -n "${key}" ] && [ -n "${val}" ] && echo "${key}=\"${val}\"" >> $TMP_PATH/var
}
get_cache_var() {
local key="${1}"
[ -n "${key}" ] && [ -s "$TMP_PATH/var" ] && {
echo $(cat $TMP_PATH/var | grep "^${key}=" | awk -F '=' '{print $2}' | tail -n 1 | awk -F'"' '{print $2}')
}
}
run_xray() { run_xray() {
local flag node redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password local flag node redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password
local dns_listen_port direct_dns_query_strategy remote_dns_protocol remote_dns_udp_server remote_dns_tcp_server remote_dns_doh remote_dns_client_ip remote_dns_detour remote_fakedns remote_dns_query_strategy dns_cache write_ipset_direct local dns_listen_port direct_dns_query_strategy remote_dns_protocol remote_dns_udp_server remote_dns_tcp_server remote_dns_doh remote_dns_client_ip remote_dns_detour remote_fakedns remote_dns_query_strategy dns_cache write_ipset_direct
@ -654,6 +666,8 @@ run_socks() {
fi fi
} }
unset http_flag unset http_flag
[ "${server_host}" != "127.0.0.1" ] && [ "$type" != "sing-box" ] && [ "$type" != "xray" ] && echo "${node}" >> $TMP_PATH/direct_node_list
} }
socks_node_switch() { socks_node_switch() {
@ -680,7 +694,9 @@ socks_node_switch() {
local http_config_file="HTTP2SOCKS_${flag}.json" local http_config_file="HTTP2SOCKS_${flag}.json"
LOG_FILE="/dev/null" LOG_FILE="/dev/null"
run_socks flag=$flag node=$new_node bind=$bind socks_port=$port config_file=$config_file http_port=$http_port http_config_file=$http_config_file log_file=$log_file run_socks flag=$flag node=$new_node bind=$bind socks_port=$port config_file=$config_file http_port=$http_port http_config_file=$http_config_file log_file=$log_file
echo $new_node > $TMP_ID_PATH/socks_${flag} set_cache_var "socks_${flag}" "$new_node"
local USE_TABLES=$(get_cache_var "USE_TABLES")
[ -n "$USE_TABLES" ] && source $APP_PATH/${USE_TABLES}.sh filter_direct_node_list
} }
} }
@ -689,7 +705,7 @@ run_global() {
TYPE=$(echo $(config_n_get $NODE type nil) | tr 'A-Z' 'a-z') TYPE=$(echo $(config_n_get $NODE type nil) | tr 'A-Z' 'a-z')
[ "$TYPE" = "nil" ] && return 1 [ "$TYPE" = "nil" ] && return 1
mkdir -p $TMP_ACL_PATH/default mkdir -p $TMP_ACL_PATH/default
echo $NODE > $TMP_ACL_PATH/default/global.id set_cache_var "GLOBAL_node" "$NODE"
if [ $PROXY_IPV6 == "1" ]; then if [ $PROXY_IPV6 == "1" ]; then
echolog "开启实验性IPv6透明代理(TProxy)请确认您的节点及类型支持IPv6" echolog "开启实验性IPv6透明代理(TProxy)请确认您的节点及类型支持IPv6"
@ -737,7 +753,7 @@ run_global() {
node_socks_bind="127.0.0.1" node_socks_bind="127.0.0.1"
[ "${node_socks_bind_local}" != "1" ] && node_socks_bind="0.0.0.0" [ "${node_socks_bind_local}" != "1" ] && node_socks_bind="0.0.0.0"
V2RAY_ARGS="${V2RAY_ARGS} socks_address=${node_socks_bind} socks_port=${node_socks_port}" V2RAY_ARGS="${V2RAY_ARGS} socks_address=${node_socks_bind} socks_port=${node_socks_port}"
echo "127.0.0.1:$node_socks_port" > $TMP_ACL_PATH/default/SOCKS_server set_cache_var "GLOBAL_SOCKS_server" "127.0.0.1:$node_socks_port"
node_http_port=$(config_t_get global node_http_port 0) node_http_port=$(config_t_get global node_http_port 0)
[ "$node_http_port" != "0" ] && V2RAY_ARGS="${V2RAY_ARGS} http_port=${node_http_port}" [ "$node_http_port" != "0" ] && V2RAY_ARGS="${V2RAY_ARGS} http_port=${node_http_port}"
@ -781,7 +797,7 @@ start_socks() {
local http_port=$(config_n_get $id http_port 0) local http_port=$(config_n_get $id http_port 0)
local http_config_file="HTTP2SOCKS_${id}.json" local http_config_file="HTTP2SOCKS_${id}.json"
run_socks flag=$id node=$node bind=$bind socks_port=$port config_file=$config_file http_port=$http_port http_config_file=$http_config_file log_file=$log_file run_socks flag=$id node=$node bind=$bind socks_port=$port config_file=$config_file http_port=$http_port http_config_file=$http_config_file log_file=$log_file
echo $node > $TMP_ID_PATH/socks_${id} set_cache_var "socks_${id}" "$node"
#自动切换逻辑 #自动切换逻辑
local enable_autoswitch=$(config_n_get $id enable_autoswitch 0) local enable_autoswitch=$(config_n_get $id enable_autoswitch 0)
@ -947,7 +963,7 @@ delete_ip2route() {
start_haproxy() { start_haproxy() {
[ "$(config_t_get global_haproxy balancing_enable 0)" != "1" ] && return [ "$(config_t_get global_haproxy balancing_enable 0)" != "1" ] && return
haproxy_path=${TMP_PATH}/haproxy haproxy_path=$TMP_PATH/haproxy
haproxy_conf="config.cfg" haproxy_conf="config.cfg"
lua $APP_PATH/haproxy.lua -path ${haproxy_path} -conf ${haproxy_conf} -dns ${LOCAL_DNS} lua $APP_PATH/haproxy.lua -path ${haproxy_path} -conf ${haproxy_conf} -dns ${LOCAL_DNS}
ln_run "$(first_type haproxy)" haproxy "/dev/null" -f "${haproxy_path}/${haproxy_conf}" ln_run "$(first_type haproxy)" haproxy "/dev/null" -f "${haproxy_path}/${haproxy_conf}"
@ -1013,7 +1029,7 @@ run_copy_dnsmasq() {
node_servers=$(uci show "${CONFIG}" | grep -E "(.address=|.download_address=)" | cut -d "'" -f 2) node_servers=$(uci show "${CONFIG}" | grep -E "(.address=|.download_address=)" | cut -d "'" -f 2)
hosts_foreach "node_servers" host_from_url | grep '[a-zA-Z]$' | sort -u | grep -v "engage.cloudflareclient.com" | gen_dnsmasq_items settype="${set_type}" setnames="${setflag_4}passwall2_vpslist,${setflag_6}passwall2_vpslist6" dnss="${LOCAL_DNS:-${AUTO_DNS}}" outf="${dnsmasq_conf_path}/10-vpslist_host.conf" ipsetoutf="${dnsmasq_conf_path}/ipset.conf" hosts_foreach "node_servers" host_from_url | grep '[a-zA-Z]$' | sort -u | grep -v "engage.cloudflareclient.com" | gen_dnsmasq_items settype="${set_type}" setnames="${setflag_4}passwall2_vpslist,${setflag_6}passwall2_vpslist6" dnss="${LOCAL_DNS:-${AUTO_DNS}}" outf="${dnsmasq_conf_path}/10-vpslist_host.conf" ipsetoutf="${dnsmasq_conf_path}/ipset.conf"
ln_run "$(first_type dnsmasq)" "dnsmasq_${flag}" "/dev/null" -C $dnsmasq_conf -x $TMP_ACL_PATH/$flag/dnsmasq.pid ln_run "$(first_type dnsmasq)" "dnsmasq_${flag}" "/dev/null" -C $dnsmasq_conf -x $TMP_ACL_PATH/$flag/dnsmasq.pid
echo "${listen_port}" > $TMP_ACL_PATH/$flag/var_redirect_dns_port set_cache_var "ACL_${flag}_dns_port" "${listen_port}"
} }
run_ipset_chinadns_ng() { run_ipset_chinadns_ng() {
@ -1157,10 +1173,10 @@ acl_app() {
filter_node $node TCP > /dev/null 2>&1 & filter_node $node TCP > /dev/null 2>&1 &
filter_node $node UDP > /dev/null 2>&1 & filter_node $node UDP > /dev/null 2>&1 &
fi fi
echo "${node}" > $TMP_ACL_PATH/$sid/var_node set_cache_var "ACL_${sid}_node" "${node}"
} }
fi fi
echo "${redir_port}" > $TMP_ACL_PATH/$sid/var_port set_cache_var "ACL_${sid}_redir_port" "${redir_port}"
} }
unset enabled sid remarks sources interface node direct_dns_query_strategy remote_dns_protocol remote_dns remote_dns_doh remote_dns_client_ip remote_dns_detour remote_fakedns remote_dns_query_strategy unset enabled sid remarks sources interface node direct_dns_query_strategy remote_dns_protocol remote_dns remote_dns_doh remote_dns_client_ip remote_dns_detour remote_fakedns remote_dns_query_strategy
unset _ip _mac _iprange _ipset _ip_or_mac source_list config_file unset _ip _mac _iprange _ipset _ip_or_mac source_list config_file
@ -1219,13 +1235,14 @@ start() {
fi fi
[ "$ENABLED_DEFAULT_ACL" == 1 ] && run_global [ "$ENABLED_DEFAULT_ACL" == 1 ] && run_global
[ -n "$USE_TABLES" ] && source $APP_PATH/${USE_TABLES}.sh start [ -n "$USE_TABLES" ] && source $APP_PATH/${USE_TABLES}.sh start
set_cache_var "USE_TABLES" "$USE_TABLES"
if [ "$ENABLED_DEFAULT_ACL" == 1 ] || [ "$ENABLED_ACLS" == 1 ]; then if [ "$ENABLED_DEFAULT_ACL" == 1 ] || [ "$ENABLED_ACLS" == 1 ]; then
bridge_nf_ipt=$(sysctl -e -n net.bridge.bridge-nf-call-iptables) bridge_nf_ipt=$(sysctl -e -n net.bridge.bridge-nf-call-iptables)
echo -n $bridge_nf_ipt > $TMP_PATH/bridge_nf_ipt set_cache_var "origin_bridge_nf_ipt" "$bridge_nf_ipt"
sysctl -w net.bridge.bridge-nf-call-iptables=0 >/dev/null 2>&1 sysctl -w net.bridge.bridge-nf-call-iptables=0 >/dev/null 2>&1
[ "$PROXY_IPV6" == "1" ] && { [ "$PROXY_IPV6" == "1" ] && {
bridge_nf_ip6t=$(sysctl -e -n net.bridge.bridge-nf-call-ip6tables) bridge_nf_ip6t=$(sysctl -e -n net.bridge.bridge-nf-call-ip6tables)
echo -n $bridge_nf_ip6t > $TMP_PATH/bridge_nf_ip6t set_cache_var "origin_bridge_nf_ip6t" "$bridge_nf_ip6t"
sysctl -w net.bridge.bridge-nf-call-ip6tables=0 >/dev/null 2>&1 sysctl -w net.bridge.bridge-nf-call-ip6tables=0 >/dev/null 2>&1
} }
fi fi
@ -1244,9 +1261,11 @@ stop() {
unset V2RAY_LOCATION_ASSET unset V2RAY_LOCATION_ASSET
unset XRAY_LOCATION_ASSET unset XRAY_LOCATION_ASSET
stop_crontab stop_crontab
[ -s "$TMP_PATH/bridge_nf_ipt" ] && sysctl -w net.bridge.bridge-nf-call-iptables=$(cat $TMP_PATH/bridge_nf_ipt) >/dev/null 2>&1 origin_bridge_nf_ipt=$(get_cache_var "origin_bridge_nf_ipt")
[ -s "$TMP_PATH/bridge_nf_ip6t" ] && sysctl -w net.bridge.bridge-nf-call-ip6tables=$(cat $TMP_PATH/bridge_nf_ip6t) >/dev/null 2>&1 [ -n "${origin_bridge_nf_ipt}" ] && sysctl -w net.bridge.bridge-nf-call-iptables=${origin_bridge_nf_ipt} >/dev/null 2>&1
rm -rf ${TMP_PATH} origin_bridge_nf_ip6t=$(get_cache_var "origin_bridge_nf_ip6t")
[ -n "${origin_bridge_nf_ip6t}" ] && sysctl -w net.bridge.bridge-nf-call-ip6tables=${origin_bridge_nf_ip6t} >/dev/null 2>&1
rm -rf $TMP_PATH
rm -rf /tmp/lock/${CONFIG}_socks_auto_switch* rm -rf /tmp/lock/${CONFIG}_socks_auto_switch*
echolog "清空并关闭相关程序和缓存完成。" echolog "清空并关闭相关程序和缓存完成。"
exit 0 exit 0
@ -1299,7 +1318,7 @@ SINGBOX_BIN=$(first_type $(config_t_get global_app singbox_file) sing-box)
export V2RAY_LOCATION_ASSET=$(config_t_get global_rules v2ray_location_asset "/usr/share/v2ray/") export V2RAY_LOCATION_ASSET=$(config_t_get global_rules v2ray_location_asset "/usr/share/v2ray/")
export XRAY_LOCATION_ASSET=$V2RAY_LOCATION_ASSET export XRAY_LOCATION_ASSET=$V2RAY_LOCATION_ASSET
mkdir -p /tmp/etc $TMP_PATH $TMP_BIN_PATH $TMP_SCRIPT_FUNC_PATH $TMP_ID_PATH $TMP_ROUTE_PATH $TMP_ACL_PATH $TMP_IFACE_PATH $TMP_PATH2 mkdir -p /tmp/etc $TMP_PATH $TMP_BIN_PATH $TMP_SCRIPT_FUNC_PATH $TMP_ROUTE_PATH $TMP_ACL_PATH $TMP_PATH2
arg1=$1 arg1=$1
shift shift
@ -1319,6 +1338,12 @@ socks_node_switch)
echolog) echolog)
echolog $@ echolog $@
;; ;;
get_cache_var)
get_cache_var $@
;;
set_cache_var)
set_cache_var $@
;;
stop) stop)
stop stop
;; ;;

193
luci-app-passwall2/root/usr/share/passwall2/iptables.sh
View File

@ -292,9 +292,9 @@ load_acl() {
[ "$udp_redir_ports" = "default" ] && udp_redir_ports=$UDP_REDIR_PORTS [ "$udp_redir_ports" = "default" ] && udp_redir_ports=$UDP_REDIR_PORTS
node_remark=$(config_n_get $NODE remarks) node_remark=$(config_n_get $NODE remarks)
[ -s "${TMP_ACL_PATH}/${sid}/var_node" ] && node=$(cat ${TMP_ACL_PATH}/${sid}/var_node) [ -n $(get_cache_var "ACL_${sid}_node") ] && node=$(get_cache_var "ACL_${sid}_node")
[ -s "${TMP_ACL_PATH}/${sid}/var_port" ] && redir_port=$(cat ${TMP_ACL_PATH}/${sid}/var_port) [ -n $(get_cache_var "ACL_${sid}_redir_port") ] && redir_port=$(get_cache_var "ACL_${sid}_redir_port")
[ -s "${TMP_ACL_PATH}/${sid}/var_redirect_dns_port" ] && dns_redirect_port=$(cat ${TMP_ACL_PATH}/${sid}/var_redirect_dns_port) [ -n $(get_cache_var "ACL_${sid}_dns_port") ] && dns_redirect_port=$(get_cache_var "ACL_${sid}_dns_port")
[ "$node" = "default" ] && dns_redirect_port=${DNS_REDIRECT_PORT} [ "$node" = "default" ] && dns_redirect_port=${DNS_REDIRECT_PORT}
[ -n "$node" ] && [ "$node" != "default" ] && node_remark=$(config_n_get $node remarks) [ -n "$node" ] && [ "$node" != "default" ] && node_remark=$(config_n_get $node remarks)
@ -571,111 +571,50 @@ filter_vpsip() {
echolog " - [$?]加入所有IPv6节点到ipset[$IPSET_VPSLIST6]直连完成" echolog " - [$?]加入所有IPv6节点到ipset[$IPSET_VPSLIST6]直连完成"
} }
filter_server_port() {
local address=${1}
local port=${2}
local stream=${3}
stream=$(echo ${3} | tr 'A-Z' 'a-z')
local _is_tproxy ipt_tmp
ipt_tmp=$ipt_n
_is_tproxy=${is_tproxy}
[ "$stream" == "udp" ] && _is_tproxy="TPROXY"
[ -n "${_is_tproxy}" ] && ipt_tmp=$ipt_m
for _ipt in 4 6; do
[ "$_ipt" == "4" ] && _ipt=$ipt_tmp
[ "$_ipt" == "6" ] && _ipt=$ip6t_m
$_ipt -n -L PSW2_OUTPUT | grep -q "${address}:${port}"
if [ $? -ne 0 ]; then
$_ipt -I PSW2_OUTPUT $(comment "${address}:${port}") -p $stream -d $address --dport $port -j RETURN 2>/dev/null
fi
done
}
filter_node() { filter_node() {
local proxy_node=${1} local node=${1}
local stream=$(echo ${2} | tr 'A-Z' 'a-z') local stream=${2}
local proxy_port=${3} if [ -n "$node" ] && [ "$node" != "nil" ]; then
local address=$(config_n_get $node address)
filter_rules() { local port=$(config_n_get $node port)
local node=${1} [ -z "$address" ] && [ -z "$port" ] && {
local stream=${2}
local _proxy=${3}
local _port=${4}
local _is_tproxy ipt_tmp msg msg2
if [ -n "$node" ] && [ "$node" != "nil" ]; then
local type=$(echo $(config_n_get $node type) | tr 'A-Z' 'a-z')
local address=$(config_n_get $node address)
local port=$(config_n_get $node port)
[ -z "$address" ] && [ -z "$port" ] && {
echolog " - 节点配置不正常,略过"
return 1
}
ipt_tmp=$ipt_n
_is_tproxy=${is_tproxy}
[ "$stream" == "udp" ] && _is_tproxy="TPROXY"
if [ -n "${_is_tproxy}" ]; then
ipt_tmp=$ipt_m
msg="TPROXY"
else
msg="REDIRECT"
fi
else
echolog " - 节点配置不正常,略过"
return 1 return 1
fi
local ADD_INDEX=$FORCE_INDEX
for _ipt in 4 6; do
[ "$_ipt" == "4" ] && _ipt=$ipt_tmp
[ "$_ipt" == "6" ] && _ipt=$ip6t_m
$_ipt -n -L PSW2_OUTPUT | grep -q "${address}:${port}"
if [ $? -ne 0 ]; then
local dst_rule="-j PSW2_RULE"
msg2="按规则路由(${msg})"
[ "$_ipt" == "$ipt_m" -o "$_ipt" == "$ip6t_m" ] || {
dst_rule=$(REDIRECT $_port)
msg2="套娃使用(${msg}:${port} -> ${_port})"
}
[ -n "$_proxy" ] && [ "$_proxy" == "1" ] && [ -n "$_port" ] || {
ADD_INDEX=$(RULE_LAST_INDEX "$_ipt" PSW2_OUTPUT "$IPSET_VPSLIST" $FORCE_INDEX)
dst_rule=" -j RETURN"
msg2="直连代理"
}
$_ipt -I PSW2_OUTPUT $ADD_INDEX $(comment "${address}:${port}") -p $stream -d $address --dport $port $dst_rule 2>/dev/null
else
msg2="已配置过的节点,"
fi
done
msg="[$?]$(echo ${2} | tr 'a-z' 'A-Z')${msg2}使用链${ADD_INDEX},节点(${type}${address}:${port}"
#echolog " - ${msg}"
}
local proxy_protocol=$(config_n_get $proxy_node protocol)
local proxy_type=$(echo $(config_n_get $proxy_node type nil) | tr 'A-Z' 'a-z')
[ "$proxy_type" == "nil" ] && echolog " - 节点配置不正常,略过!:${proxy_node}" && return 1
if [ "$proxy_protocol" == "_balancing" ]; then
#echolog " - 多节点负载均衡(${proxy_type}..."
proxy_node=$(config_n_get $proxy_node balancing_node)
for _node in $proxy_node; do
filter_rules "$_node" "$stream"
done
elif [ "$proxy_protocol" == "_shunt" ]; then
#echolog " - 按请求目的地址分流(${proxy_type}..."
local preproxy_enabled=$(config_n_get $proxy_node preproxy_enabled 0)
[ "$preproxy_enabled" == "1" ] && {
local preproxy_node=$(config_n_get $proxy_node main_node nil)
[ "$preproxy_node" != "nil" ] && {
local preproxy_node_address=$(config_n_get $preproxy_node address)
if [ -n "$preproxy_node_address" ]; then
filter_rules $preproxy_node $stream
else
preproxy_enabled=0
fi
}
} }
local default_node=$(config_n_get $proxy_node default_node _direct) filter_server_port $address $port $stream
if [ "$default_node" != "_direct" ] && [ "$default_node" != "_blackhole" ]; then filter_server_port $address $port $stream
local default_proxy_tag=$(config_n_get $proxy_node default_proxy_tag nil)
[ "$default_proxy_tag" == "main" ] && [ "$preproxy_enabled" == "0" ] && default_proxy_tag="nil"
[ "$default_proxy_tag" == "nil" ] && filter_rules $default_node $stream
fi
local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
for shunt_id in $shunt_ids; do
local shunt_node=$(config_n_get $proxy_node "${shunt_id}" nil)
[ "$shunt_node" == "nil" -o "$shunt_node" == "_default" -o "$shunt_node" == "_direct" -o "$shunt_node" == "_blackhole" ] && continue
local shunt_node_address=$(config_n_get $shunt_node address)
[ -z "$shunt_node_address" ] && continue
local shunt_proxy_tag=$(config_n_get $proxy_node "${shunt_id}_proxy_tag" nil)
[ "$shunt_proxy_tag" == "main" ] && [ "$preproxy_enabled" == "0" ] && shunt_proxy_tag="nil"
[ "$shunt_proxy_tag" == "nil" ] && filter_rules $shunt_node $stream
done
else
#echolog " - 普通节点(${proxy_type}..."
filter_rules "$proxy_node" "$stream"
fi fi
} }
filter_direct_node_list() {
[ ! -s "$TMP_PATH/direct_node_list" ] && return
for _node_id in $(cat $TMP_PATH/direct_node_list | awk '!seen[$0]++'); do
filter_node "$_node_id" TCP
filter_node "$_node_id" UDP
unset _node_id
done
}
add_firewall_rule() { add_firewall_rule() {
echolog "开始加载防火墙规则..." echolog "开始加载防火墙规则..."
ipset -! create $IPSET_LOCALLIST nethash maxelem 1048576 ipset -! create $IPSET_LOCALLIST nethash maxelem 1048576
@ -866,36 +805,13 @@ add_firewall_rule() {
ip -6 rule add fwmark 1 table 100 ip -6 rule add fwmark 1 table 100
ip -6 route add local ::/0 dev lo table 100 ip -6 route add local ::/0 dev lo table 100
# 过滤Socks节点 filter_direct_node_list
[ "$SOCKS_ENABLED" = "1" ] && {
local ids=$(uci show $CONFIG | grep "=socks" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
#echolog "分析 Socks 服务所使用节点..."
local id enabled node port msg num
for id in $ids; do
enabled=$(config_n_get $id enabled 0)
[ "$enabled" == "1" ] || continue
node=$(config_n_get $id node nil)
port=$(config_n_get $id port 0)
msg="Socks 服务 [:${port}]"
if [ "$node" == "nil" ] || [ "$port" == "0" ]; then
msg="${msg} 未配置完全,略过"
else
filter_node $node TCP > /dev/null 2>&1 &
filter_node $node UDP > /dev/null 2>&1 &
fi
#echolog " - ${msg}"
done
}
[ "$ENABLED_DEFAULT_ACL" == 1 ] && { [ "$ENABLED_DEFAULT_ACL" == 1 ] && {
local ipt_tmp=$ipt_n local ipt_tmp=$ipt_n
[ -n "${is_tproxy}" ] && ipt_tmp=$ipt_m [ -n "${is_tproxy}" ] && ipt_tmp=$ipt_m
# 过滤节点
filter_node $NODE TCP > /dev/null 2>&1 &
filter_node $NODE UDP > /dev/null 2>&1 &
TCP_LOCALHOST_PROXY=$LOCALHOST_PROXY TCP_LOCALHOST_PROXY=$LOCALHOST_PROXY
UDP_LOCALHOST_PROXY=$LOCALHOST_PROXY UDP_LOCALHOST_PROXY=$LOCALHOST_PROXY
@ -972,10 +888,12 @@ add_firewall_rule() {
insert_rule_before "$ip6t_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW2) -p tcp -j PSW2_OUTPUT" insert_rule_before "$ip6t_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW2) -p tcp -j PSW2_OUTPUT"
fi fi
for iface in $(ls ${TMP_IFACE_PATH}); do [ -d "${TMP_IFACE_PATH}" ] && {
$ipt_n -I PSW2_OUTPUT -o $iface -p tcp -j RETURN for iface in $(ls ${TMP_IFACE_PATH}); do
$ipt_m -I PSW2_OUTPUT -o $iface -p tcp -j RETURN $ipt_n -I PSW2_OUTPUT -o $iface -p tcp -j RETURN
done $ipt_m -I PSW2_OUTPUT -o $iface -p tcp -j RETURN
done
}
fi fi
# 加载路由器自身代理 UDP # 加载路由器自身代理 UDP
@ -996,10 +914,12 @@ add_firewall_rule() {
insert_rule_before "$ip6t_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW2) -p udp -j PSW2_OUTPUT" insert_rule_before "$ip6t_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW2) -p udp -j PSW2_OUTPUT"
fi fi
for iface in $(ls ${TMP_IFACE_PATH}); do [ -d "${TMP_IFACE_PATH}" ] && {
$ipt_n -I PSW2_OUTPUT -o $iface -p udp -j RETURN for iface in $(ls ${TMP_IFACE_PATH}); do
$ipt_m -I PSW2_OUTPUT -o $iface -p udp -j RETURN $ipt_n -I PSW2_OUTPUT -o $iface -p udp -j RETURN
done $ipt_m -I PSW2_OUTPUT -o $iface -p udp -j RETURN
done
}
fi fi
$ipt_m -I OUTPUT $(comment "mangle-OUTPUT-PSW2") -o lo -j RETURN $ipt_m -I OUTPUT $(comment "mangle-OUTPUT-PSW2") -o lo -j RETURN
@ -1179,6 +1099,9 @@ get_wan_ip)
get_wan6_ip) get_wan6_ip)
get_wan6_ip get_wan6_ip
;; ;;
filter_direct_node_list)
filter_direct_node_list
;;
stop) stop)
stop stop
;; ;;

199
luci-app-passwall2/root/usr/share/passwall2/nftables.sh
View File

@ -347,9 +347,9 @@ load_acl() {
[ "$udp_redir_ports" = "default" ] && udp_redir_ports=$UDP_REDIR_PORTS [ "$udp_redir_ports" = "default" ] && udp_redir_ports=$UDP_REDIR_PORTS
node_remark=$(config_n_get $NODE remarks) node_remark=$(config_n_get $NODE remarks)
[ -s "${TMP_ACL_PATH}/${sid}/var_node" ] && node=$(cat ${TMP_ACL_PATH}/${sid}/var_node) [ -n $(get_cache_var "ACL_${sid}_node") ] && node=$(get_cache_var "ACL_${sid}_node")
[ -s "${TMP_ACL_PATH}/${sid}/var_port" ] && redir_port=$(cat ${TMP_ACL_PATH}/${sid}/var_port) [ -n $(get_cache_var "ACL_${sid}_redir_port") ] && redir_port=$(get_cache_var "ACL_${sid}_redir_port")
[ -s "${TMP_ACL_PATH}/${sid}/var_redirect_dns_port" ] && dns_redirect_port=$(cat ${TMP_ACL_PATH}/${sid}/var_redirect_dns_port) [ -n $(get_cache_var "ACL_${sid}_dns_port") ] && dns_redirect_port=$(get_cache_var "ACL_${sid}_dns_port")
[ "$node" = "default" ] && dns_redirect_port=${DNS_REDIRECT_PORT} [ "$node" = "default" ] && dns_redirect_port=${DNS_REDIRECT_PORT}
[ -n "$node" ] && [ "$node" != "default" ] && node_remark=$(config_n_get $node remarks) [ -n "$node" ] && [ "$node" != "default" ] && node_remark=$(config_n_get $node remarks)
@ -634,109 +634,48 @@ filter_vpsip() {
echolog " - [$?]加入所有IPv6节点到nftset[$NFTSET_VPSLIST6]直连完成" echolog " - [$?]加入所有IPv6节点到nftset[$NFTSET_VPSLIST6]直连完成"
} }
filter_server_port() {
local address=${1}
local port=${2}
local stream=${3}
stream=$(echo ${3} | tr 'A-Z' 'a-z')
local _is_tproxy
_is_tproxy=${is_tproxy}
[ "$stream" == "udp" ] && _is_tproxy="TPROXY"
for _ipt in 4 6; do
[ "$_ipt" == "4" ] && _ip_type=ip
[ "$_ipt" == "6" ] && _ip_type=ip6
nft "list chain $NFTABLE_NAME $nft_output_chain" 2>/dev/null | grep -q "${address}:${port}"
if [ $? -ne 0 ]; then
nft "insert rule $NFTABLE_NAME $nft_output_chain meta l4proto $stream $_ip_type daddr $address $stream dport $port return comment \"${address}:${port}\"" 2>/dev/null
fi
done
}
filter_node() { filter_node() {
local proxy_node=${1} local node=${1}
local stream=$(echo ${2} | tr 'A-Z' 'a-z') local stream=${2}
local proxy_port=${3} if [ -n "$node" ] && [ "$node" != "nil" ]; then
local address=$(config_n_get $node address)
filter_rules() { local port=$(config_n_get $node port)
local node=${1} [ -z "$address" ] && [ -z "$port" ] && {
local stream=${2}
local _proxy=${3}
local _port=${4}
local _is_tproxy msg msg2
if [ -n "$node" ] && [ "$node" != "nil" ]; then
local type=$(echo $(config_n_get $node type) | tr 'A-Z' 'a-z')
local address=$(config_n_get $node address)
local port=$(config_n_get $node port)
[ -z "$address" ] && [ -z "$port" ] && {
echolog " - 节点配置不正常,略过"
return 1
}
_is_tproxy=${is_tproxy}
[ "$stream" == "udp" ] && _is_tproxy="TPROXY"
if [ -n "${_is_tproxy}" ]; then
msg="TPROXY"
else
msg="REDIRECT"
fi
else
echolog " - 节点配置不正常,略过"
return 1 return 1
fi
local ADD_INDEX=$FORCE_INDEX
for _ipt in 4 6; do
[ "$_ipt" == "4" ] && _ip_type=ip && _set_name=$NFTSET_VPSLIST
[ "$_ipt" == "6" ] && _ip_type=ip6 && _set_name=$NFTSET_VPSLIST6
nft "list chain $NFTABLE_NAME $nft_output_chain" 2>/dev/null | grep -q "${address}:${port}"
if [ $? -ne 0 ]; then
local dst_rule="jump PSW2_RULE"
msg2="按规则路由(${msg})"
[ -n "${is_tproxy}" ] || {
dst_rule=$(REDIRECT $_port)
msg2="套娃使用(${msg}:${port} -> ${_port})"
}
[ -n "$_proxy" ] && [ "$_proxy" == "1" ] && [ -n "$_port" ] || {
ADD_INDEX=$(RULE_LAST_INDEX "$NFTABLE_NAME" $nft_output_chain $_set_name $FORCE_INDEX)
dst_rule="return"
msg2="直连代理"
}
nft "insert rule $NFTABLE_NAME $nft_output_chain position $ADD_INDEX meta l4proto $stream $_ip_type daddr $address $stream dport $port $dst_rule comment \"${address}:${port}\"" 2>/dev/null
else
msg2="已配置过的节点,"
fi
done
msg="[$?]$(echo ${2} | tr 'a-z' 'A-Z')${msg2}使用链${ADD_INDEX},节点(${type}${address}:${port}"
#echolog " - ${msg}"
}
local proxy_protocol=$(config_n_get $proxy_node protocol)
local proxy_type=$(echo $(config_n_get $proxy_node type nil) | tr 'A-Z' 'a-z')
[ "$proxy_type" == "nil" ] && echolog " - 节点配置不正常,略过!:${proxy_node}" && return 1
if [ "$proxy_protocol" == "_balancing" ]; then
#echolog " - 多节点负载均衡(${proxy_type}..."
proxy_node=$(config_n_get $proxy_node balancing_node)
for _node in $proxy_node; do
filter_rules "$_node" "$stream"
done
elif [ "$proxy_protocol" == "_shunt" ]; then
#echolog " - 按请求目的地址分流(${proxy_type}..."
local preproxy_enabled=$(config_n_get $proxy_node preproxy_enabled 0)
[ "$preproxy_enabled" == "1" ] && {
local preproxy_node=$(config_n_get $proxy_node main_node nil)
[ "$preproxy_node" != "nil" ] && {
local preproxy_node_address=$(config_n_get $preproxy_node address)
if [ -n "$preproxy_node_address" ]; then
filter_rules $preproxy_node $stream
else
preproxy_enabled=0
fi
}
} }
local default_node=$(config_n_get $proxy_node default_node _direct) filter_server_port $address $port $stream
if [ "$default_node" != "_direct" ] && [ "$default_node" != "_blackhole" ]; then filter_server_port $address $port $stream
local default_proxy_tag=$(config_n_get $proxy_node default_proxy_tag nil)
[ "$default_proxy_tag" == "main" ] && [ "$preproxy_enabled" == "0" ] && default_proxy_tag="nil"
[ "$default_proxy_tag" == "nil" ] && filter_rules $default_node $stream
fi
local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
for shunt_id in $shunt_ids; do
local shunt_node=$(config_n_get $proxy_node "${shunt_id}" nil)
[ "$shunt_node" == "nil" -o "$shunt_node" == "_default" -o "$shunt_node" == "_direct" -o "$shunt_node" == "_blackhole" ] && continue
local shunt_node_address=$(config_n_get $shunt_node address)
[ -z "$shunt_node_address" ] && continue
local shunt_proxy_tag=$(config_n_get $proxy_node "${shunt_id}_proxy_tag" nil)
[ "$shunt_proxy_tag" == "main" ] && [ "$preproxy_enabled" == "0" ] && shunt_proxy_tag="nil"
[ "$shunt_proxy_tag" == "nil" ] && filter_rules $shunt_node $stream
done
else
#echolog " - 普通节点(${proxy_type}..."
filter_rules "$proxy_node" "$stream"
fi fi
} }
filter_direct_node_list() {
[ ! -s "$TMP_PATH/direct_node_list" ] && return
for _node_id in $(cat $TMP_PATH/direct_node_list | awk '!seen[$0]++'); do
filter_node "$_node_id" TCP
filter_node "$_node_id" UDP
unset _node_id
done
}
add_firewall_rule() { add_firewall_rule() {
echolog "开始加载防火墙规则..." echolog "开始加载防火墙规则..."
gen_nft_tables gen_nft_tables
@ -922,33 +861,10 @@ add_firewall_rule() {
ip -6 rule add fwmark 1 table 100 ip -6 rule add fwmark 1 table 100
ip -6 route add local ::/0 dev lo table 100 ip -6 route add local ::/0 dev lo table 100
} }
# 过滤Socks节点 filter_direct_node_list
[ "$SOCKS_ENABLED" = "1" ] && {
local ids=$(uci show $CONFIG | grep "=socks" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
#echolog "分析 Socks 服务所使用节点..."
local id enabled node port msg num
for id in $ids; do
enabled=$(config_n_get $id enabled 0)
[ "$enabled" == "1" ] || continue
node=$(config_n_get $id node nil)
port=$(config_n_get $id port 0)
msg="Socks 服务 [:${port}]"
if [ "$node" == "nil" ] || [ "$port" == "0" ]; then
msg="${msg} 未配置完全,略过"
else
filter_node $node TCP > /dev/null 2>&1 &
filter_node $node UDP > /dev/null 2>&1 &
fi
#echolog " - ${msg}"
done
}
[ "$ENABLED_DEFAULT_ACL" == 1 ] && { [ "$ENABLED_DEFAULT_ACL" == 1 ] && {
# 过滤节点
filter_node $NODE TCP > /dev/null 2>&1 &
filter_node $NODE UDP > /dev/null 2>&1 &
TCP_LOCALHOST_PROXY=$LOCALHOST_PROXY TCP_LOCALHOST_PROXY=$LOCALHOST_PROXY
UDP_LOCALHOST_PROXY=$LOCALHOST_PROXY UDP_LOCALHOST_PROXY=$LOCALHOST_PROXY
@ -1026,10 +942,12 @@ add_firewall_rule() {
nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto tcp iif lo counter return comment \"本机\"" nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto tcp iif lo counter return comment \"本机\""
} }
for iface in $(ls ${TMP_IFACE_PATH}); do [ -d "${TMP_IFACE_PATH}" ] && {
nft "insert rule $NFTABLE_NAME $nft_output_chain ip protocol tcp oif $iface counter return" for iface in $(ls ${TMP_IFACE_PATH}); do
nft "insert rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE_V6 ip protocol tcp oif $iface counter return" nft "insert rule $NFTABLE_NAME $nft_output_chain ip protocol tcp oif $iface counter return"
done nft "insert rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE_V6 ip protocol tcp oif $iface counter return"
done
}
fi fi
# 加载路由器自身代理 UDP # 加载路由器自身代理 UDP
@ -1049,10 +967,12 @@ add_firewall_rule() {
nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp iif lo counter return comment \"本机\"" nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp iif lo counter return comment \"本机\""
fi fi
for iface in $(ls ${TMP_IFACE_PATH}); do [ -d "${TMP_IFACE_PATH}" ] && {
nft "insert rule $NFTABLE_NAME $nft_output_chain ip protocol udp oif $iface counter return" for iface in $(ls ${TMP_IFACE_PATH}); do
nft "insert rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE_V6 ip protocol udp oif $iface counter return" nft "insert rule $NFTABLE_NAME $nft_output_chain ip protocol udp oif $iface counter return"
done nft "insert rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE_V6 ip protocol udp oif $iface counter return"
done
}
fi fi
nft "add rule $NFTABLE_NAME mangle_output oif lo counter return comment \"PSW2_OUTPUT_MANGLE\"" nft "add rule $NFTABLE_NAME mangle_output oif lo counter return comment \"PSW2_OUTPUT_MANGLE\""
@ -1065,16 +985,6 @@ add_firewall_rule() {
# 加载ACLS # 加载ACLS
load_acl load_acl
[ -n "${is_tproxy}" -o -n "${udp_flag}" ] && {
bridge_nf_ipt=$(sysctl -e -n net.bridge.bridge-nf-call-iptables)
echo -n $bridge_nf_ipt > $TMP_PATH/bridge_nf_ipt
sysctl -w net.bridge.bridge-nf-call-iptables=0 >/dev/null 2>&1
[ "$PROXY_IPV6" == "1" ] && {
bridge_nf_ip6t=$(sysctl -e -n net.bridge.bridge-nf-call-ip6tables)
echo -n $bridge_nf_ip6t > $TMP_PATH/bridge_nf_ip6t
sysctl -w net.bridge.bridge-nf-call-ip6tables=0 >/dev/null 2>&1
}
}
echolog "防火墙规则加载完成!" echolog "防火墙规则加载完成!"
} }
@ -1208,6 +1118,9 @@ get_wan_ip)
get_wan6_ip) get_wan6_ip)
get_wan6_ip get_wan6_ip
;; ;;
filter_direct_node_list)
filter_direct_node_list
;;
stop) stop)
stop stop
;; ;;

5
luci-app-passwall2/root/usr/share/passwall2/socks_auto_switch.sh
View File

@ -78,9 +78,8 @@ test_auto_switch() {
local b_nodes=$1 local b_nodes=$1
local now_node=$2 local now_node=$2
[ -z "$now_node" ] && { [ -z "$now_node" ] && {
local f="/tmp/etc/$CONFIG/id/socks_${id}" if [ -n $(/usr/share/${CONFIG}/app.sh get_cache_var "socks_${id}") ]; then
if [ -f "${f}" ]; then now_node=$(/usr/share/${CONFIG}/app.sh get_cache_var "socks_${id}")
now_node=$(cat ${f})
else else
#echolog "自动切换检测:未知错误" #echolog "自动切换检测:未知错误"
return 1 return 1

17
luci-app-passwall2/root/usr/share/passwall2/subscribe.lua
View File

@ -312,6 +312,23 @@ do
} }
end end
else else
--前置代理节点
local currentNode = uci:get_all(appname, node_id) or nil
if currentNode and currentNode.preproxy_node then
CONFIG[#CONFIG + 1] = {
log = true,
id = node_id,
remarks = "节点[" .. node_id .. "]前置代理节点",
currentNode = uci:get_all(appname, currentNode.preproxy_node) or nil,
set = function(o, server)
uci:set(appname, node_id, "preproxy_node", server)
o.newNodeId = server
end,
delete = function(o)
uci:delete(appname, node_id, "preproxy_node")
end
}
end
--落地节点 --落地节点
local currentNode = uci:get_all(appname, node_id) or nil local currentNode = uci:get_all(appname, node_id) or nil
if currentNode and currentNode.to_node then if currentNode and currentNode.to_node then