OpenWrt/kenzok8-package
1
0
Fork 0
mirror of https://github.com/kenzok8/small-package synced 2025-01-07 07:06:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

update-02.12

Browse Source
This commit is contained in:
github-actions[bot] 2022-02-12 15:40:06 +08:00
parent aadc891199
commit 5c9854494e
97 changed files with 3616 additions and 812 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
adguardhome/patches/version.patch
View File

@ -5,5 +5,5 @@
const leftVersion = left.replace(/^v/, '');
const rightVersion = right.replace(/^v/, '');
- return leftVersion === rightVersion;
+ return leftVersion < rightVersion;
+ return leftVersion >= rightVersion;
};

43
ikoolproxy/Makefile Normal file
View File

@ -0,0 +1,43 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=ikoolproxy
PKG_VERSION:=3.8.5
PKG_RELEASE:=$(AUTORELEASE)
include $(INCLUDE_DIR)/package.mk
define Package/ikoolproxy
SECTION:=multimedia
CATEGORY:=Multimedia
DEPENDS:=@(aarch64||arm||i386||mips||mipsel||x86_64)
TITLE:=ikoolproxy bin is from koolshare
URL:=https://github.com/houzi-/CDN
endef
define Build/Compile
endef
define Package/ikoolproxy/install
$(INSTALL_DIR) $(1)/usr/share/koolproxy
ifeq ($(ARCH),aarch64)
$(INSTALL_BIN) ./files/aarch64 $(1)/usr/share/koolproxy/koolproxy
else ifeq ($(ARCH),arm)
$(INSTALL_BIN) ./files/arm $(1)/usr/share/koolproxy/koolproxy
else ifeq ($(ARCH),i386)
$(INSTALL_BIN) ./files/i386 $(1)/usr/share/koolproxy/koolproxy
else ifeq ($(ARCH),mips)
$(INSTALL_BIN) ./files/mips $(1)/usr/share/koolproxy/koolproxy
else ifeq ($(ARCH),mipsel)
$(INSTALL_BIN) ./files/mipsel $(1)/usr/share/koolproxy/koolproxy
else ifeq ($(ARCH),x86_64)
$(INSTALL_BIN) ./files/x86_64 $(1)/usr/share/koolproxy/koolproxy
endif
endef
$(eval $(call BuildPackage,ikoolproxy))

BIN
ikoolproxy/files/aarch64 Executable file
View File

Binary file not shown.

BIN
ikoolproxy/files/arm Executable file
View File

Binary file not shown.

BIN
ikoolproxy/files/i386 Executable file
View File

Binary file not shown.

BIN
ikoolproxy/files/mips Executable file
View File

Binary file not shown.

BIN
ikoolproxy/files/mipsel Executable file
View File

Binary file not shown.

BIN
ikoolproxy/files/x86_64 Executable file
View File

Binary file not shown.

2
luci-app-godproxy/Makefile
View File

@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-ikoolproxy
PKG_VERSION:=3.8.5
PKG_RELEASE:=20220113
PKG_RELEASE:=20220212
PKG_MAINTAINER:=panda-mute <wxuzju@gmail.com>

1
luci-app-godproxy/luasrc/model/cbi/koolproxy/add_rule.lua
View File

@ -17,7 +17,6 @@ t.create = function(...)
end
e = t:option(Flag, "load", translate("启用"))
e.rmempty = false
e.default = 0
e = t:option(DummyValue, "name", translate("规则名称"))

24
luci-app-godproxy/luasrc/model/cbi/koolproxy/basic.lua
View File

@ -1,13 +1,3 @@
-- Copyright 2018 Nick Peng (pymumu@gmail.com)
require ("nixio.fs")
require ("luci.http")
require ("luci.dispatcher")
require ("nixio.fs")
local fs = require "nixio.fs"
local sys = require "luci.sys"
local http = require "luci.http"
local o,t,e
local a = luci.sys.exec("head -3 /usr/share/koolproxy/data/rules/koolproxy.txt | grep rules | awk -F' ' '{print $3,$4}'")
@ -33,7 +23,6 @@ t = o:section(TypedSection, "global")
t.anonymous = true
e = t:option(Flag, "enabled", translate("启用"))
e.rmempty = false
e.default = 0
e = t:option(Value, "startup_delay", translate("启动延迟"))
@ -42,48 +31,41 @@ for _, v in ipairs({5, 10, 15, 25, 40, 60}) do
e:value(v, translate("%u 秒") %{v})
end
e.datatype = "uinteger"
e.rmempty = false
e.default = 0
e = t:option(ListValue, "koolproxy_mode", translate("过滤模式"))
e.rmempty = false
e:value(1, translate("全局模式"))
e:value(2, translate("IPSET模式"))
e:value(3, translate("视频模式"))
e.default = 1
e = t:option(MultiValue, "koolproxy_rules", translate("内置规则"))
e.optional = false
e.rmempty = true
e:value("koolproxy.txt", translate("静态规则"))
e:value("daily.txt", translate("每日规则"))
e:value("kp.dat", translate("视频规则"))
e:value("user.txt", translate("自定义规则"))
e.optional = false
e = t:option(MultiValue, "thirdparty_rules", translate("第三方规则"))
e.optional = false
e.rmempty = true
e:value("adg.txt", translate("AdGuard规则"))
e:value("steven.txt", translate("Steven规则"))
e:value("yhosts.txt", translate("Yhosts规则"))
e:value("antiad.txt", translate("AntiAD规则"))
e:value("adgk.txt", translate("Banben规则"))
e.optional = false
e = t:option(ListValue, "koolproxy_port", translate("端口控制"))
e.rmempty = false
e:value(0, translate("关闭"))
e:value(1, translate("开启"))
e.default = 0
--e = t:option(ListValue, "koolproxy_ipv6", translate("IPv6支持"))
--e.rmempty = false
--e:value(0, translate("关闭"))
--e:value(1, translate("开启"))
--e.default = 0
e = t:option(Value, "koolproxy_bp_port", translate("例外端口"))
e.description = translate("单端口:80&nbsp;&nbsp;多端口:80,443")
e.rmempty = false
e:depends("koolproxy_port", "1")
e = t:option(Flag, "koolproxy_host", translate("开启Adblock Plus Hosts"))
@ -92,7 +74,6 @@ e.default = 0
e = t:option(ListValue, "koolproxy_acl_default", translate("默认访问控制"))
e.description = translate("访问控制设置中其他主机的默认规则")
e.rmempty = false
e:value(0, translate("不过滤"))
e:value(1, translate("过滤HTTP协议"))
e:value(2, translate("过滤HTTP(S)协议"))
@ -101,7 +82,6 @@ e.default = 1
e = t:option(ListValue, "time_update", translate("定时更新"))
e.description = translate("定时更新规则")
e.rmempty = false
for t = 0,23 do
e:value(t,translate("每天"..t..""))
end

1
luci-app-godproxy/luasrc/model/cbi/koolproxy/black_list.lua
View File

@ -5,7 +5,6 @@ t.anonymous = true
e = t:option(TextValue, "adblock_domain")
e.description = translate("加入的网址将走广告过滤端口。只针对黑名单模式。只能输入WEB地址google.com每个地址一行。")
e.rmempty = false
e.rows = 28
e.wrap = "off"

3
luci-app-godproxy/luasrc/model/cbi/koolproxy/control.lua
View File

@ -9,7 +9,6 @@ t.sortable = true
t.addremove = true
e = t:option(Value, "remarks", translate("客户端备注"))
e.rmempty = true
e.width = "30%"
e = t:option(Value, "ipaddr", translate("内部 IP 地址"))
@ -23,7 +22,6 @@ end)
e = t:option(Value,"mac",translate("MAC 地址"))
e.width = "20%"
e.rmempty = true
e.datatype = "macaddr"
luci.ip.neighbors({family = 4}, function(neighbor)
if neighbor.reachable then
@ -32,7 +30,6 @@ luci.ip.neighbors({family = 4}, function(neighbor)
end)
e = t:option(ListValue, "proxy_mode", translate("访问控制"))
e.rmempty = false
e.width = "20%"
e:value(0,translate("不过滤"))
e:value(1,translate("过滤HTTP协议"))

1
luci-app-godproxy/luasrc/model/cbi/koolproxy/custom_rule.lua
View File

@ -5,7 +5,6 @@ t.anonymous = true
e = t:option(TextValue, "user_rule")
e.description = translate("输入你的自定义规则,每条规则一行。")
e.rmempty = false
e.rows = 28
e.wrap = "off"

1
luci-app-godproxy/luasrc/model/cbi/koolproxy/ip_black_list.lua
View File

@ -7,7 +7,6 @@ e = t:option(TextValue, "adblock_ip")
e.description = translate("这些已经加入的ip地址不会使用过滤器.请输入ip地址或ip地址段每行只能输入一个ip地址。例如112.123.134.145 / 24或112.123.134.145。")
e.rows = 28
e.wrap = "off"
e.rmempty = false
local fs = require "nixio.fs"
local i = "/etc/adblocklist/adblockip"

1
luci-app-godproxy/luasrc/model/cbi/koolproxy/ip_white_list.lua
View File

@ -7,7 +7,6 @@ e = t:option(TextValue, "adbypass_ip")
e.description = translate("这些已加入的ip地址将使用代理但只有GFW型号。请输入ip地址或ip地址段每行只能输入一个ip地址。例如112.123.134.145 / 24或112.123.134.145。")
e.rows = 28
e.wrap = "off"
e.rmempty = false
local fs = require "nixio.fs"
local i = "/etc/adblocklist/adbypassip"

3
luci-app-godproxy/luasrc/model/cbi/koolproxy/rss_rule.lua
View File

@ -17,14 +17,11 @@ s.anonymous = true
s.addremove = true
o = s:option(Flag, "load", translate("启用"))
o.rmempty = false
o.default = 0
o = s:option(Value, "name", translate("规则描述"))
o.rmempty = true
o = s:option(Value, "url", translate("规则地址"))
o.rmempty = false
o.placeholder="[https|http|ftp]://[Hostname]/[File]"
function o.validate(self, value)
if not value then

1
luci-app-godproxy/luasrc/model/cbi/koolproxy/update_log.lua
View File

@ -8,7 +8,6 @@ local i = "/var/log/koolproxy.log"
e = t:option(TextValue, "kpupdate_log")
e.description = translate("查看最近的更新日志")
e.rmempty = false
e.rows = 28
e.wrap = "off"

1
luci-app-godproxy/luasrc/model/cbi/koolproxy/white_list.lua
View File

@ -5,7 +5,6 @@ t.anonymous = true
e = t:option(TextValue, "adbypass_domain")
e.description = translate("这些已经加入的网站将不会使用过滤器。请输入网站的域名每行只能输入一个网站域名。例如google.com。")
e.rmempty = false
e.rows = 28
e.wrap = "off"

22
luci-app-gpsysupgrade/luasrc/model/cbi/gpsysupgrade/sysupgrade.lua
View File

@ -3,7 +3,6 @@ local fs = require "nixio.fs"
local sys = require "luci.sys"
local util = require "luci.util"
local i18n = require "luci.i18n"
local ipkg = require("luci.model.ipkg")
local api = require "luci.model.cbi.gpsysupgrade.api"
function get_system_version()
@ -13,8 +12,8 @@ end
function check_update()
needs_update, notice, md5 = false, false, false
remote_version = luci.sys.exec("curl -skfL https://op.dllkids.xyz/firmware/" ..model.. "/version.txt")
updatelogs = luci.sys.exec("curl -skfL https://op.dllkids.xyz/firmware/" ..model.. "/updatelogs.txt")
remote_version = luci.sys.exec("curl -skfL https://op.supes.top/firmware/" ..model.. "/version.txt")
updatelogs = luci.sys.exec("curl -skfL https://op.supes.top/firmware/" ..model.. "/updatelogs.txt")
remoteformat = luci.sys.exec("date -d $(echo \"" ..remote_version.. "\" | tr '\r\n' ',' | awk -F, '{printf $1}' | awk -F. '{printf $3\"-\"$1\"-\"$2}') +%s")
fnotice = luci.sys.exec("echo \"" ..remote_version.. "\" | tr '\r\n' ',' | awk -F, '{printf $(NF-1)}'")
dateyr = luci.sys.exec("echo \"" ..remote_version.. "\" | tr '\r\n' ',' | awk -F. '{printf $1\".\"$2}'")
@ -35,27 +34,27 @@ function to_check()
if model == "x86_64" then
check_update()
if fs.access("/sys/firmware/efi") then
download_url = "https://op.dllkids.xyz/firmware/" ..model.. "/" ..dateyr.. "-openwrt-x86-64-generic-squashfs-combined-efi.img.gz"
download_url = "https://op.supes.top/firmware/" ..model.. "/" ..dateyr.. "-openwrt-x86-64-generic-squashfs-combined-efi.img.gz"
else
download_url = "https://op.dllkids.xyz/firmware/" ..model.. "/" ..dateyr.. "-openwrt-x86-64-generic-squashfs-combined.img.gz"
download_url = "https://op.supes.top/firmware/" ..model.. "/" ..dateyr.. "-openwrt-x86-64-generic-squashfs-combined.img.gz"
md5 = ""
end
elseif model:match(".*R2S.*") then
model = "nanopi-r2s"
check_update()
download_url = "https://op.dllkids.xyz/firmware/" ..model.. "/" ..dateyr.. "-openwrt-rockchip-armv8-nanopi-r2s-squashfs-sysupgrade.img.gz"
download_url = "https://op.supes.top/firmware/" ..model.. "/" ..dateyr.. "-openwrt-rockchip-armv8-nanopi-r2s-squashfs-sysupgrade.img.gz"
elseif model:match(".*R4S.*") then
model = "nanopi-r4s"
check_update()
download_url = "https://op.dllkids.xyz/firmware/" ..model.. "/" ..dateyr.. "-openwrt-rockchip-armv8-nanopi-r4s-squashfs-sysupgrade.img.gz"
download_url = "https://op.supes.top/firmware/" ..model.. "/" ..dateyr.. "-openwrt-rockchip-armv8-nanopi-r4s-squashfs-sysupgrade.img.gz"
elseif model:match(".*R2C.*") then
model = "nanopi-r2c"
check_update()
download_url = "https://op.dllkids.xyz/firmware/" ..model.. "/" ..dateyr.. "-openwrt-rockchip-armv8-nanopi-r2c-squashfs-sysupgrade.img.gz"
download_url = "https://op.supes.top/firmware/" ..model.. "/" ..dateyr.. "-openwrt-rockchip-armv8-nanopi-r2c-squashfs-sysupgrade.img.gz"
elseif model:match(".*Pi 4 Model B.*") then
model = "Rpi-4B"
check_update()
download_url = "https://op.dllkids.xyz/firmware/" ..model.. "/" ..dateyr.. "-openwrt-bcm27xx-bcm2711-rpi-4-squashfs-sysupgrade.img.gz"
download_url = "https://op.supes.top/firmware/" ..model.. "/" ..dateyr.. "-openwrt-bcm27xx-bcm2711-rpi-4-squashfs-sysupgrade.img.gz"
else
local needs_update = false
return {
@ -123,13 +122,14 @@ function to_flash(file,retain)
if not file or file == "" or not fs.access(file) then
return {code = 1, error = i18n.translate("Firmware file is required.")}
end
sys.call("uci -q del opkg.auto;uci commit opkg")
if not retain or retain == "" then
local result = api.exec("/sbin/sysupgrade", {file}, nil, api.command_timeout) == 0
else
if retain:match(".*-q .*") then
luci.sys.exec("echo -e /etc/backup/user_installed.opkg>/lib/upgrade/keep.d/luci-app-gpsysupgrade")
sys.call(". /etc/profile.d/opkg.sh;opkg save;")
end
sys.exec("/sbin/sysupgrade " ..retain.. " " ..file.. "")
sys.call("/sbin/sysupgrade " ..retain.. " " ..file.. "")
end
return {code = 0}

2
luci-app-gpsysupgrade/luasrc/view/admin_status/index/links.htm
View File

@ -1,7 +1,7 @@
<script>
setTimeout(function(){
var links = document.createElement('div');
links.innerHTML ='<div class="table"><div class="tr"><div class="td left" width="33%"><a href="https://t.me/joinchat/JjxmyRZZXJWb74I-sCrryA" target="_blank">TG交流</a></div><div class="td left" width="33%"><a href="https://github.com/kenzok78/Bulid_Wrt" target="_blank">GitHub仓库</a></div><div class="td left"><a href="http://op.dllkids.xyz/" target="_blank">固件下载</a></div></div></div>';
links.innerHTML ='<div class="table"><div class="tr"><div class="td left" width="33%"><a href="https://t.me/opwrts" target="_blank">TG交流(小粉红勿扰)</a></div><div class="td left" width="33%"><a href="https://github.com/kiddin9/OpenWrt_x86-r2s-r4s" target="_blank">GitHub仓库</a></div><div class="td left"><a href="http://op.supes.top/" target="_blank">固件下载</a></div></div></div>';
var telegram = document.querySelectorAll(".cbi-section")[0];
telegram.appendChild(links);
}, 2000);

2
luci-app-gpsysupgrade/luasrc/view/admin_status/index/sysupgrade.htm
View File

@ -2,6 +2,8 @@
local fs = require "nixio.fs"
local uci = require 'luci.model.uci'.cursor()
luci.sys.exec("opkg update >/dev/null &")
if fs.access('/etc/config/wizard') then
autoupgrade_fm = uci:get('wizard', 'default', 'autoupgrade_fm')
end

18
luci-app-gpsysupgrade/root/etc/hotplug.d/iface/90-online Normal file
View File

@ -0,0 +1,18 @@
. /lib/functions/network.sh
network_flush_cache
network_find_wan NET_IF
network_find_wan6 NET_IF6
if [ "${INTERFACE}" != "${NET_IF}" ] \
&& [ "${INTERFACE}" != "${NET_IF6}" ]
then exit 0
fi
if [ "${ACTION}" != "ifup" ] \
&& [ "${ACTION}" != "ifupdate" ]
then exit 0
fi
if [ "${ACTION}" = "ifupdate" ] \
&& [ -z "${IFUPDATE_ADDRESSES}" ] \
&& [ -z "${IFUPDATE_DATA}" ]
then exit 0
fi
hotplug-call online

1
luci-app-gpsysupgrade/root/etc/hotplug.d/online/3-sleep Normal file
View File

@ -0,0 +1 @@
sleep 3

39
luci-app-gpsysupgrade/root/etc/hotplug.d/online/50-opkg-restore Normal file
View File

@ -0,0 +1,39 @@
. /etc/profile.d/opkg.sh
OPKG_PI="$(opkg export pi)"
if [ ! -e /etc/opkg-restore-auto ] \
&& lock -n /var/lock/opkg-restore && [ -s "${OPKG_PI}" ]; then
c=0
while ! curl https://op.supes.top >/dev/null || ! opkg update >/dev/null; do
echo "Network error." | logger -t opkg
[[ "$(uci -q get dhcp.@dnsmasq[0].noresolv)" == 1 && c == 0 ]] && {
uci -q del dhcp.@dnsmasq[0].noresolv
uci commit dhcp
uci -q get network.lan.dns || {
uci -q set network.lan.dns='223.5.5.5'
uci commit network
/etc/init.d/network reload
}
/etc/init.d/dnsmasq reload
}
[ $c -eq 200 ] && {
lock -u /var/lock/opkg-restore
exit 0
} || let c++
sleep 3
done
c1=0
logs="1"
while [ "$logs" != "" ]; do
logs="$(opkg restore)"
echo "${logs}" | logger -t opkg
[ $c1 -eq 5 ] && {
lock -u /var/lock/opkg-restore
exit 0
} || let c1++
sleep 2
done
touch /etc/opkg-restore-auto
fi
lock -u /var/lock/opkg-restore

7
luci-app-gpsysupgrade/root/etc/hotplug.d/online/51-opkg-upgrade Normal file
View File

@ -0,0 +1,7 @@
if [ "$(uci -q get wizard.default.autoupgrade_pkg)" != '0' ] \
&& lock -n /var/lock/opkg-upgrade && opkg update; then
. /etc/profile.d/opkg.sh
opkg upgr 2>&1 \
| logger -t opkg
fi
lock -u /var/lock/opkg-upgrade

104
luci-app-gpsysupgrade/root/etc/init.d/packages
View File

@ -1,104 +0,0 @@
#!/bin/sh
START=99
LOCK=/var/lock/opkgupgrade.lock
BKOPKG="/etc/backup"
# 防止重复启动
[ -f $LOCK ] && exit 1
touch $LOCK
if [ ! -f "$BKOPKG/user_installed.opkg" ]; then
touch /etc/inited
fi
function opkgupgrade() {
mkdir -p $BKOPKG
if [ ! -f /etc/inited ]; then
[ "$(uci -q get dhcp.@dnsmasq[0].noresolv)" ] && {
uci -q del dhcp.@dnsmasq[0].noresolv
uci commit dhcp
/etc/init.d/dnsmasq reload
}
# sh -c "cat '/usr/share/patch/adblock.patch' | patch -d '/' -p1 --forward" >/dev/null 2>&1
fi
c1=0
c2=0
c3=0
c4=0
while ! curl --retry 3 -m 5 https://op.supes.top >/dev/null 2>&1;do
echo "无法连接仓库服务器,请检查网络. $c1" | sed -e "s/^/$(date +%Y-%m-%d" "%H:%M:%S) /" >>/tmp/opkgupdate.log
[ $c1 -eq 120 ] && return || let c1++
sleep 5
done
while :; do
opkg update | sed -e "s/^/$(date +%Y-%m-%d" "%H:%M:%S) /" >>/tmp/opkgupdate.log 2>&1
if [ "$?" == "0" ]; then
def="$(opkg list-upgradable | cut -f 1 -d ' ' | grep -vE 'opkg|luci-lib-fs|firewall|base-files|luci-base|busybox|^?nginx($|-)|dnsmasq-full|coremark|miniupnpd|luci-mod-network|luci-mod-status|luci-mod-system')"
if [ ! -f /etc/inited ]; then
insed="$(cat $BKOPKG/user_installed.opkg)"
fi
upopkg="$insed $def"
if [ "$upopkg" != " " ]; then
for ipk in $upopkg; do
while :; do
opkg install --force-overwrite --force-checksum --force-depends $ipk 2>&1 | sed -e "s/^/$(date +%Y-%m-%d" "%H:%M:%S) /" >>/tmp/opkgupdate.log 2>&1 || true
[[ "$(opkg list-installed | cut -f 1 -d ' ' | grep -w $ipk)" ]] && {
break
}
[ $c2 -eq 3 ] && {
echo $ipk >> $BKOPKG/failed.txt
sed -i "/^$ipk$/d" $BKOPKG/user_installed.opkg
break
} || let c2++
sleep 1
rm -f /var/lock/opkg.lock
done
if [[ $ipk == luci-app-* ]]; then
opkg install --force-overwrite --force-checksum luci-i18n-"$(echo $ipk | cut -d - -f 3-)"-zh-cn 2>&1 | sed -e "s/^/$(date +%Y-%m-%d" "%H:%M:%S) /" >>/tmp/opkgupdate.log 2>&1 || true
fi
done
rm -f /etc/config/*-opkg
fi
while [[ -f $BKOPKG/failed.txt && -f /etc/inited && $c4 -le 5 ]]; do
for ipk in $(cat $BKOPKG/failed.txt); do
opkg install --force-overwrite --force-checksum --force-depends $ipk 2>&1 | sed -e "s/^/$(date +%Y-%m-%d" "%H:%M:%S) /" >>/tmp/opkgupdate.log 2>&1 || true
[[ "$(opkg list-installed | cut -f 1 -d ' ' | grep -w $ipk)" ]] && {
sed -i "/^$ipk$/d" $BKOPKG/failed.txt
[ -n "$(cat $BKOPKG/failed.txt)" ] || rm -f $BKOPKG/failed.txt
}
done
let c4++
sleep 1
rm -f /var/lock/opkg.lock
done
if [[ $ipk == luci-app-* ]]; then
opkg install --force-overwrite --force-checksum luci-i18n-"$(echo $ipk | cut -d - -f 3-)"-zh-cn 2>&1 | sed -e "s/^/$(date +%Y-%m-%d" "%H:%M:%S) /" >>/tmp/opkgupdate.log 2>&1 || true
fi
mv $BKOPKG/failed.txt $BKOPKG/failed_.txt >/dev/null 2>&1
touch /etc/inited
rm -f /var/lock/opkg.lock
break
fi
[ $c3 -eq 10 ] && break || let c3++
done
rm -f /var/lock/opkg.lock
}
(
if [[ ! -f /etc/inited || -f $BKOPKG/failed.txt ]]; then
opkgupgrade || true
elif [[ -f /etc/inited && "$(uci -q get wizard.default.autoupgrade_pkg)" != '0' ]]; then
opkgupgrade || true
fi
rm -f /var/lock/opkg.lock
[[ -f "/bin/coremark" && ! -f "/etc/bench.log" && "$(uci -q get wizard.default.coremark)" == '1' ]] && {
sleep 5
/bin/coremark >/tmp/coremark.log
cat /tmp/coremark.log | grep "CoreMark 1.0" | cut -d "/" -f 1 | cut -d "." -f -2 >/etc/bench.log
sed -i 's/CoreMark 1.0/(CpuMark/g' /etc/bench.log
echo " Scores)" >>/etc/bench.log
}
rm -f $LOCK
) &

198
luci-app-gpsysupgrade/root/etc/profile.d/opkg.sh Normal file
View File

@ -0,0 +1,198 @@
opkg() {
local OPKG_CMD="${1}"
local OPKG_UCI="$(uci -q get opkg.defaults."${OPKG_CMD}")"
case "${OPKG_CMD}" in
(init|uci|import|save|restore|rollback\
|upgr|export|newconf|proc|reinstall) opkg_"${@}" ;;
(*) command opkg "${@}" ;;
esac
}
opkg_init() {
uci import opkg < /dev/null
uci -q batch << EOI
set opkg.defaults='opkg'
set opkg.defaults.import='/etc/backup/installed_packages.txt'
set opkg.defaults.save='auto'
set opkg.defaults.restore='auto'
set opkg.defaults.rollback='auto'
set opkg.defaults.upgr='ai'
set opkg.defaults.export='ai'
set opkg.defaults.proc='--force-overwrite --force-checksum --force-depends'
set opkg.defaults.reinstall='--force-reinstall --force-overwrite --force-checksum --force-depends'
set opkg.defaults.newconf='/etc'
EOI
echo "kmod busybox base-files luci-app-openclash " \
| sed -e "s/\s/ ipkg\n/g" | opkg uci ignore
}
opkg_uci() {
local OPKG_OPT="${1:-${OPKG_UCI}}"
local OPKG_OPT="${OPKG_OPT:-auto}"
if ! uci -q get opkg > /dev/null
then opkg init
fi
uci -q batch << EOI
delete opkg.'${OPKG_OPT}'
set opkg.'${OPKG_OPT}'='opkg'
$(sed -r -e "s/^(.*)\s(.*)$/\
del_list opkg.'${OPKG_OPT}'.'\2'='\1'\n\
add_list opkg.'${OPKG_OPT}'.'\2'='\1'/")
commit opkg
EOI
}
opkg_import() {
local OPKG_OPT="${1:-${OPKG_UCI}}"
if [ -e "${OPKG_OPT}" ]
then sed -n -r -e "s/\s(overlay|unknown)$/\
\tipkg/p" "${OPKG_OPT}" \
| opkg uci auto
fi
}
opkg_save() {
local OPKG_OPT="${1:-${OPKG_UCI}}"
local OPKG_WR="$(opkg export wr)"
local OPKG_WI="$(opkg export wi)"
local OPKG_UR="$(opkg export ur)"
local OPKG_UI="$(opkg export ui)"
if uci -q get fstab.rwm > /dev/null \
&& grep -q -e "\s/rwm\s" /etc/mtab
then {
sed -e "s/$/\trpkg/" "${OPKG_WR}"
sed -e "s/$/\tipkg/" "${OPKG_WI}"
} | opkg uci init
fi
{
sed -e "s/$/\trpkg/" "${OPKG_UR}"
sed -e "s/$/\tipkg/" "${OPKG_UI}"
} | opkg uci "${OPKG_OPT}"
rm -f "${OPKG_WR}" "${OPKG_WI}" "${OPKG_UR}" "${OPKG_UI}"
}
opkg_restore() {
local OPKG_OPT="${1:-${OPKG_UCI}}"
local OPKG_CONF="${OPKG_OPT}"
local OPKG_AI="$(opkg export ai)"
local OPKG_PR="$(opkg export pr)"
local OPKG_PI="$(opkg export pi)"
grep -x -f "${OPKG_AI}" "${OPKG_PR}" \
| opkg proc remove
grep -v -x -f "${OPKG_AI}" "${OPKG_PI}" \
| opkg proc install
rm -f "${OPKG_AI}" "${OPKG_PR}" "${OPKG_PI}"
}
opkg_rollback() {
local OPKG_OPT="${1:-${OPKG_UCI}}"
local OPKG_CONF="${OPKG_OPT}"
local OPKG_UR="$(opkg export ur)"
local OPKG_UI="$(opkg export ui)"
local OPKG_PR="$(opkg export pr)"
local OPKG_PI="$(opkg export pi)"
if uci -q get opkg."${OPKG_CONF}" > /dev/null
then opkg restore "${OPKG_CONF}"
grep -v -x -f "${OPKG_PI}" "${OPKG_UI}" \
| opkg proc remove
grep -v -x -f "${OPKG_PR}" "${OPKG_UR}" \
| opkg proc install
fi
rm -f "${OPKG_UR}" "${OPKG_UI}" "${OPKG_PR}" "${OPKG_PI}"
}
opkg_upgr() {
local OPKG_OPT="${1:-${OPKG_UCI}}"
case "${OPKG_OPT}" in
(ai|oi) opkg_"${OPKG_CMD}"_type ;;
esac | opkg proc upgrade
}
opkg_upgr_type() {
local OPKG_AI="$(opkg export ai)"
local OPKG_OI="$(opkg export oi)"
local OPKG_AU="$(opkg export au)"
case "${OPKG_OPT::1}" in
(a) grep -x -f "${OPKG_AI}" "${OPKG_AU}" ;;
(o) grep -x -f "${OPKG_OI}" "${OPKG_AU}" ;;
esac
rm -f "${OPKG_AI}" "${OPKG_OI}" "${OPKG_AU}"
}
opkg_export() {
local OPKG_OPT="${1:-${OPKG_UCI}}"
local OPKG_TEMP="$(mktemp -t opkg.XXXXXX)"
case "${OPKG_OPT}" in
(ai|au) opkg_"${OPKG_CMD}"_cmd ;;
(ri|wr|wi|or|oi) opkg_"${OPKG_CMD}"_type ;;
(ur|ui) opkg_"${OPKG_CMD}"_run ;;
(pr|pi|ig) opkg_"${OPKG_CMD}"_uci ;;
esac > "${OPKG_TEMP}"
echo "${OPKG_TEMP}"
}
opkg_export_cmd() {
local OPKG_TYPE
local OPKG_IG="$(opkg export ig)"
case "${OPKG_OPT:1}" in
(i) OPKG_TYPE="installed";opkg list-"${OPKG_TYPE}" | sed -e "s/\s.*$//" ;;
(u) OPKG_TYPE="upgradable";opkg list-"${OPKG_TYPE}" | sed -e "s/\s.*$//" | grep -v -f "${OPKG_IG}" ;;
esac
}
opkg_export_type() {
local OPKG_INFO="/usr/lib/opkg/info"
local OPKG_TYPE
case "${OPKG_OPT::1}" in
(r) OPKG_INFO="/rom${OPKG_INFO}" ;;
(w) OPKG_INFO="/rwm/upper${OPKG_INFO}" ;;
(o) OPKG_INFO="/overlay/upper${OPKG_INFO}" ;;
esac
case "${OPKG_OPT:1}" in
(r) OPKG_TYPE="c" ;;
(i) OPKG_TYPE="f" ;;
esac
find "${OPKG_INFO}" -name "*.control" \
-type "${OPKG_TYPE}" 2> /dev/null \
| sed -e "s/^.*\///;s/\.control$//"
}
opkg_export_run() {
local OPKG_AI="$(opkg export ai)"
local OPKG_RI="$(opkg export ri)"
case "${OPKG_OPT:1}" in
(r) grep -v -x -f "${OPKG_AI}" "${OPKG_RI}" ;;
(i) grep -v -x -f "${OPKG_RI}" "${OPKG_AI}" ;;
esac
rm -f "${OPKG_AI}" "${OPKG_RI}"
}
opkg_export_uci() {
local OPKG_TYPE
case "${OPKG_OPT:1}" in
(r) OPKG_TYPE="rpkg"; OPKG_CONF="auto" ;;
(i) OPKG_TYPE="ipkg"; OPKG_CONF="auto" ;;
(g) OPKG_TYPE="ipkg"; OPKG_CONF="ignore" ;;
esac
uci -q get opkg."${OPKG_CONF}"."${OPKG_TYPE}" \
| sed -e "s/\s/\n/g"
}
opkg_proc() {
local OPKG_OPT="${OPKG_UCI}"
local OPKG_CMD="${1:?}"
local OPKG_PKG
while read -r OPKG_PKG
do opkg "${OPKG_CMD}" "${OPKG_PKG}" ${OPKG_OPT}
done
}
opkg_reinstall() {
local OPKG_OPT="${OPKG_UCI}"
opkg install "${@}" ${OPKG_OPT}
}
opkg_newconf() {
local OPKG_OPT="${1:-${OPKG_UCI}}"
find "${OPKG_OPT}" -name "*-opkg"
}

9
luci-app-gpsysupgrade/root/etc/uci-defaults/luci-gpsysupgrade
View File

@ -1,2 +1,9 @@
chmod +x /etc/init.d/packages >/dev/null 2>&1
rm -rf /tmp/luci-modulecache /tmp/luci-indexcache*
grep -q "opkg-upgrade" /etc/crontabs/root || {
hour="$(grep -m1 -ao '[4-6]' /dev/urandom | head -n1)"
min="$(grep -m1 -ao '[0-5][0-9]' /dev/urandom | head -n1)"
echo "$min $hour * * * . /etc/hotplug.d/online/51-opkg-upgrade" >> /etc/crontabs/root
}
exit 0

20
luci-app-ikoolproxy/Makefile Normal file
View File

@ -0,0 +1,20 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-ikoolproxy
PKG_VERSION:=3.8.5
PKG_RELEASE:=20220212
PKG_MAINTAINER:=panda-mute <wxuzju@gmail.com>
LUCI_TITLE:=LuCI support for koolproxy
LUCI_PKGARCH:=all
LUCI_DEPENDS:=+ikoolproxy +openssl-util +ipset +dnsmasq-full +@BUSYBOX_CONFIG_DIFF +iptables-mod-nat-extra +wget
define Package/$(PKG_NAME)/conffiles
/etc/config/koolproxy
/usr/share/koolproxy/data/rules/
endef
include $(TOPDIR)/feeds/luci/luci.mk
# call BuildPackage - OpenWrt buildroot signature

125
luci-app-ikoolproxy/README.md Normal file
View File

@ -0,0 +1,125 @@
## 整理声明:
iKoolProxy是 [Beginner-Go](https://github.com/Beginner-Go) 大神基于koolproxyR重新整理而来的。主要参考
1、以前Ameykyl大神的 [KoolProxyR](https://github.com/Ameykyl/luci-app-koolproxyR) (源码已经2020年4月删除。源码来源于 [project-openwrt](https://github.com/project-openwrt/luci-app-koolproxyR) 收录的ameykyl的2020年3月最后一次更新。
2、感谢koolproxy官方组、shaoxia、Ameykyl、immortalwrt组、Beginner-Go等的无私奉献
3、规则来源于 [KoolProxy](https://github.com/iwrt/koolproxy) 。在此特别鸣谢 [houzi-](https://github.com/houzi-) 。
## 本来是完全没有必要再造一个的因为浪费时间。但各位大神都好久没有更新了有些规则更新需要翻墙有些名字是KP有些是KPRKPR PlusKPR Plus+。既然在koolproxy上整理而来就暂且叫iKoolProxy。望理解
## 免责声明:
KoolProxy 是一个免费软件,著作权归属 KoolProxy.com用户可以非商业性地复制和使用 KoolProxy但禁止将 KoolProxy 用于商业用途。
KoolProxy 可以对 https 网络数据进行识别代理,使用 https 功能的用户需要自己提供相关证书,本程序提供的证书生成脚本仅供用户参考,证书的保密工作由用户自行负责。
使用本软件的风险由用户自行承担在适用法律允许的最大范围内对因使用本产品所产生的损害及风险包括但不限于直接或间接的个人损害、商业赢利的丧失、贸易中断、商业信息的丢失或任何其它经济损失KoolProxy.com 不承担任何责任。
## 1、前言
感謝 koolshare.cn 提供 KoolProxy, 使用风险由用户自行承担
本程序运行需要联网下载最新的 KoolProxy 到内存中运行, 也正因此本程序大小可以忽略不计.
## 2、简介
本软件包是 KoolProxy 的 LuCI 控制界面,
## 3、软件包文件结构:
## 4、依赖
软件包的正常使用需要依赖 curl, dnsmasq-full, iptables, ipset 和 dnsmasq-extra, openssl-util, diffutils, iptables-mod-nat-extra, wget, ca-bundle, ca-certificates, libustream-openssl
手动安装:在终端运行:
opkg install openssl-util ipset dnsmasq-full diffutils iptables-mod-nat-extra wget ca-bundle ca-certificates libustream-openssl
如果没有 openssl 就不能正常生成证书导致https过滤失败
如果没有 ipset, dnsmasq-full, diffutils黑名单模式也会出现问题ipset 需要版本6,如果你的固件的busybox带有支持diff支持那么diffutils包可以不安装
如果没有 iptables-mod-nat-extra 会导致mac过滤失效
如果没有 wget, ca-bundle, ca-certificates, libustream-openssllua-openssl会导致规则文件更新失败host规则条数变为0,如果你的固件的busybox带有支持https的wget那么这几个包可以不安装。
懒人版本,在.config文件里添加如下代码
#koolproxy支持
CONFIG_PACKAGE_iptables-mod-nat-extra=y
CONFIG_PACKAGE_kmod-ipt-extra=y
CONFIG_PACKAGE_diffutils=y
CONFIG_PACKAGE_openssl-util=y
CONFIG_PACKAGE_dnsmasq-full=y
CONFIG_PACKAGE_ca-bundle=y
CONFIG_PACKAGE_ca-certificates=y
CONFIG_PACKAGE_libustream-openssl=n
CONFIG_PACKAGE_lua-openssl=y
## 5、配置,
软件包的配置文件路径: /etc/config/koolproxy
此文件为 UCI 配置文件, 配置方式可参考 Wiki -> Use-UCI-system 和 OpenWrt Wiki
## 6、编译
git clone https://github.com/1wrt/luci-app-ikoolproxy.git package/luci-app-ikoolproxy
make && sudo make install
选择要编译的包 LuCI -> 3. Applications
make menuconfig
开始编译
make package/feeds/luci-app-ikoolproxy/compile V=s
# 7、关于IPv6支持(基于透明代理一刀切)
需要在防火墙添加一条规则:
ip6tables -t nat -I PREROUTING -p tcp -j REDIRECT --to-ports 3000
```
#已知副作用:
#一刀切劫持内网所以设备的IPv6 TCP流量.
#无法使用IPv6建立主动传入连接.
#如果未安装证书,打开启用HTTPS的网站会报错.
```
**NOTE:**
如果出现国外流量无法去广告(IPv4),请修改所使用代理的防火墙规则,必须让KP的规则在代理规则之上,检测命令:
``` bash
iptables -t nat -L PREROUTING
```
观察**KOOLPROXY**规则是否在所使用的代理的规则之上.
### 8、内置规则列表
[静态规则] [每日规则] [视频规则] [ipse] [adblock]
### 9、第三方规则已做了转换koolproxy能识别不要用乘风大神的通用规则会导致koolproxy停止运行
[AdGuard规则]
[Yhosts规则]
[Steven规则]
[AntiAD规则]
[坂本规则]
### 10、订阅规则user1121114685大神和某位大神忘记名字了整合而成能过滤youtube等
[订阅规则]
### 首次运行koolproxy的时候保存并提交速度较慢因为会生成证书。

194
luci-app-ikoolproxy/development.doc Normal file
View File

@ -0,0 +1,194 @@
koolproxy插件/固件开发文档1.3
更新日期2017年7月7日koolproxy 3.6.1
================================================================================================
声明:
KoolProxy 是一个免费软件,著作权归属 KoolProxy.com用户可以非商业性地复制和使用 KoolProxy但禁止将 KoolProxy 用于商业用途。
KoolProxy 可以对 https 网络数据进行识别代理,使用 https 功能的用户需要自己提供相关证书,本程序提供的证书生成脚本仅供用户参考,证书的保密工作由用户自行负责。
使用本软件的风险由用户自行承担在适用法律允许的最大范围内对因使用本产品所产生的损害及风险包括但不限于直接或间接的个人损害、商业赢利的丧失、贸易中断、商业信息的丢失或任何其它经济损失KoolProxy.com 不承担任何责任。
================================================================================================
KoolProxy By Xiaobao & Crwnet v3.6.1
USAGE:
koolproxy [options] [arguments...]
OPTIONS:
-p value listen port, default value is 3000
-l value log level (0:DEBUG, 1:INFO, 2:AD, 3:WARNING, 4:ERROR), default value is ERROR
-c value thread count, default value is the number of cpus
-b value data path, default value is './data'
-d run as daemon mode
-v show version
-h show help
ADVANCED:
--cert generate ssl cert
--ipv6 enable ipv6, works for ipv6 nat mode
--video | -e video mode, load video rules only
--mark mark mode, set the socket mark(src ip) when connect to remote host. requires the CAP_NET_ADMIN capability
--ttl value ttl mode, set the socket ttl when connect to remote host. default value is 0 (disable)
================================================================================================
交流地址:
1 QQ群1 595300867
2 QQ群2 203726739
3 TG群 https://t.me/joinchat/AAAAAD-tO7GPvfOU131_vg
4 更新日志http://koolshare.cn/thread-64086-1-1.html
================================================================================================
#koolproxy部署文件目录参考1使用openssl生成证书
.
├── data
│   ├── gen_ca.sh #证书生成脚本
│   ├── koolproxy_ipset.conf #ipset名单
│   ├── openssl.cnf #证书生成所用配置文件
│   ├── rules #规则存放文件夹
│   │   ├── kp.dat #视频规则
│   │   ├── koolproxy.txt #静态规则
│   │   ├── daily.txt #每日规则
│   │   └── user.txt #自定义规则
│   └── version #插件版本号(merlin)
└── koolproxy #koolproxy二进制(为了保证二进制顺利更新,请保证目录可写)
1 证书生成使用命令 sh gen_ca.sh该脚本会调用系统内的openssl来生成证书运行成功后会自动创建data/private data/cert目录
私钥和公钥会分别存在data/private data/cert目录下使用http://110.110.110.110会下载路由器内的证书
------------------------------------------------------------------------------------------------
#koolproxy部署文件目录参考2使用koolproxy生成证书
.
└── koolproxy #koolproxy二进制(为了保证二进制顺利更新,请保证目录可写)
1 因为规则文件会由koolproxy自动下载,下载后会自动创建data/rules目录
2 使用koolproxy --cert命令可以生成证书运行成功后会自动创建data/private data/cert目录
私钥和公钥会分别存在data/private data/cert目录下使用http://110.110.110.110会下载路由器内的证书
因为mbedtls性能原因在非软路由机器上用koolproxy --cert生成证书需要时间较长请耐心等待
================================================================================================
说明:
1 koolproxy启动会自动检测规则更新如果没有./data/rules文件夹会自己创建并下载规则到此处
2 koolproxy启动后会检测二进制文件更新如果有更新会替换./koolproxy并且由父进程重启koolproxy以后每20分钟检测一次更新
3 现在不支持规则订阅了只能识别kp.dat, koolproxy.txt, user.txt,daily.txt需要自定义规则的可以修改user.txt
# 二进制下载固定地址
https://koolproxy.com/downloads/i386
https://koolproxy.com/downloads/x86_64
https://koolproxy.com/downloads/arm
https://koolproxy.com/downloads/mips
https://koolproxy.com/downloads/mipsel
# 规则下载固定地址
https://kprule.com/koolproxy.txt
https://kprule.com/daily.txt
https://kprule.com/kp.dat
https://kprule.com/user.txt
# 规则下载对应的CDN地址
https://kprules.b0.upaiyun.com/koolproxy.txt
https://kprules.b0.upaiyun.com/daily.txt
https://kprules.b0.upaiyun.com/kp.dat
https://kprules.b0.upaiyun.com/user.txt
# 二进制文件和规则 github备份地址
二进制https://github.com/koolproxy/koolproxy-bin (已作废)
规则https://github.com/koolproxy/koolproxy_rules (已作废)
1 建议从上面的链接获取最新的二进制和基本的规则文件,然后按照上面的目录结构来部署
2 如果不需要https过滤只需要一个koolproxy程序就足够了data文件夹和rules文件夹都会自己创建。
3 koolproxy.txt内有视频规则、静态规则、每日规则的更新日期可以用于提取并显示到界面
================================================================================================
koolproxy运行
1 在koolproxy主程序目录运行例如merlin固件下运行cd /koolshare/koolproxy && koolproxy -d
2 不在koolproxy主程序目录运行例如将koolproxy放在环境变量中例如merlin固件下运行koolproxy -b /koolshare/koolproxy -d -b为data路径
其它运行方式可能会造成koolproxy识别不到data目录而无法加载规则
koolproxy运行后默认会使用端口3000作为透明代理端口需要利用iptables将数据导到端口3000才能发挥作用。
视频模式:
1 使用命令koolproxy -e 即可开启
2 开启后只会加载视频规则kp.dat和user.txt
调试模式:
1 使用命令koolproxy -l0 即可开启l后面的数字代表不同的日志详细程度
2 需要检查规则命中行数可以需要使用-l2
ttl功能
1 使用命令koolproxy --ttl 160 即可开启ttl功能后面的数值代表ttl大小
2 ttl功能开启后koolproxy会对经过它的所有数据ttl进行调整可以利用iptables的match ttl功能数据进行匹配
mark功能
1 使用命令koolproxy --mark 即可开启mark功能
2 mark功能开启后koolproxy会对经过它的所有数据打上标记mark值等于该数据的源ip转换为十六进制的值
3 例如局域网内192.168.1.100的数据将会被打上0xc0a80164的mark192 = c0, 168 = a8, 1 = 01, 100 = 64
4 开发者可以用此功和SS配合达到既科学上网又能过滤这些科学上网的流量还不影响科学上网访问控制的功能
5 ip转换为mark值参考命令echo 192.168.1.100 | awk -F "." '{printf ("0x%02x", $1)} {printf ("%02x", $2)} {printf ("%02x", $3)} {printf ("%02x\n", $4)}'
================================================================================================
ss + kp过滤方案2017年7月7日
方案1优先SS其次KP不推荐
1 在NAT PREROUTING链内SS在前KP在后流量将先走SS经过SS分流后国外流量走ss-redir实现翻墙
2 而剩下国内流量在PREROUTING链内继续往下匹配到koolrpxy规则流量最终走koolproxy实现过滤。
结果koolproxy只能过滤国内流量SS剩下的
方案2优先KP其次SS不推荐;
1 在NAT PREROUTING链内KP在前SS在后流量将先走KP实现过滤
2 为了SS能拿到KP过滤后的数据使用match ttl匹配在OUTPUT链内将流量全部给SS实现翻墙
结果因为在OUTPUT链内没有源ip信息流量给SS后无法匹配到源ip因此SS失去了acl访问控制功能。
方案3 (优先kp其次SS推荐)
为便于理解以下iptables配置只展示流量经过顺序不是iptables的创建顺序PREROUTING内规则的创建实际上应该在最后
0 koolproxy默认开启ttl和mark功能 KoolProxy --ttl 160 --mark -d固件不支持ttl的仅开启mark也行: KoolProxy --mark -d
1 在NAT PREROUTING链内KP在前SS在后KP开启--mark流量将先走KP80,443实现过滤过滤后每个主机会被打上不同的mark
#KP在前所有tcp流量全部交给KOOLPROXY链
-A PREROUTING -p tcp -j KOOLPROXY
#SS在后在kp开启的时候只能拿到非80,443的流量在kp关闭后可以拿到所有端口的流量
-A PREROUTING -p tcp -j SHADOWSOCKS
2 例如局域网内192.168.1.100主机的数据经过kp过滤后将会被打上0xc0a80164的mark192 = c0, 168 = a8, 1 = 01, 100 = 64
#创建KOOLPROXY链用于白名单和访问控制
-N KOOLPROXY
#创建KOOLPROXY_HTTP链用于过滤http流量
-N KOOLPROXY_HTTP
#创建KOOLPROXY_HTTPS链用于过滤https流量
-N KOOLPROXY_HTTPS
#局域网和保留地址不走kp
-A KOOLPROXY -m set --match-set white_kp_list dst -j RETURN
#主机192.168.1.100需要https过滤
-A KOOLPROXY -s 192.168.1.100/32 -p tcp -g KOOLPROXY_HTTPS
#其它主机过滤http流量
-A KOOLPROXY -p tcp -j KOOLPROXY_HTTP
3 为了SS能拿到数据在NAT OUTPUT链中使用match ttl匹配在OUTPUT链内将流量全部给SHADOWSOCKS_EXT链
#创建SHADOWSOCKS_EXT链用于开启kp情况下ss的访问控制实现
-N SHADOWSOCKS_EXT
#使用ttl匹配将KP过滤后的数据转到SHADOWSOCKS_EXT链如果固件不支持ttl匹配使用下面的命令
-A OUTPUT -p tcp -m ttl --ttl-eq 160 -j SHADOWSOCKS_EXT
#如果固件不支持ttl match可以用mark匹配ip地址的前三位用0xffffff00作为掩码的形式来将KP过滤后的数据转到SHADOWSOCKS_EXT链
# echo 192.168.1 | awk -F "." '{printf ("0x%02x", $1)} {printf ("%02x", $2)} {printf ("%02x", $3)} {printf ("00/0xffffff00\n")}' = 0xc0a80100/0xffffff00
-A OUTPUT -p tcp -m mark --mark 0xc0a80100/0xffffff00 -j SHADOWSOCKS_EXT
4 如果开启了acl比如需要192.168.1.75不走SS全端口192.168.1.246走gfwlist模式80,443端口192.168.1.214走大陆白名单模式22,80,443端口剩余主机全部走大陆白名单模式全端口
#主机192.168.1.750xc0a8014b流量经过KP过滤后并打上mark后通过OUTPUT链进入SHADOWSOCKS_EXT链而未能翻墙RETURN
-A SHADOWSOCKS_EXT -p tcp -m mark --mark 0xc0a8014b -j RETURN
#主机192.168.1.2460xc0a801f6流量经过KP过滤后并打上mark后通过OUTPUT链进入SHADOWSOCKS_EXT链在此流量被导向了SHADOWSOCKS_GFW链实现gfwlist模式翻墙80,443端口
-A SHADOWSOCKS_EXT -p tcp -m multiport --dports 80,443 -m mark --mark 0xc0a801f6 -g SHADOWSOCKS_GFW
#主机192.168.1.2140xc0a801f6流量经过KP过滤后并打上mark后通过OUTPUT链进入SHADOWSOCKS_EXT链在此流量被导向了SHADOWSOCKS_CHN链实现大陆白名单模式翻墙22,80,443端口
-A SHADOWSOCKS_EXT -p tcp -m multiport --dports 22,,80,443 -m mark --mark 0xc0a801d6 -g SHADOWSOCKS_CHN
#剩余的主机流量经过KP过滤后并打上mark后通过OUTPUT链进入SHADOWSOCKS_EXT链在此流量被导向了SHADOWSOCKS_CHN链实现大陆白名单模式翻墙全端口
-A SHADOWSOCKS_EXT -p tcp -j SHADOWSOCKS_CHN
情形:
1 当SS开启kp未开启所有流量走ss PREROUTING过经过分流后国内的流量在经过OUTPUT的时候因为KP没开数据不会匹配到ttl值或者没匹配到mark值所以不会过滤广告翻墙正常
2 当KP开启SS未开启所有流量走kp PREROUTING过广告过滤正常
3 当SS开启翻墙和acl工作正常的时候开启KPKP在PREROUTING内插入到SS前面会先得到流量广告过滤正常
4 当KP开启过滤广告正常的时候开启SSSS从原来的从PREROUTING拿流量变成从OUTPUT内拿流量翻墙和acl会同样正常
5 当KP和SS都开启此时关闭SSkp过滤广告正常
6 当KP和SS都开启此时关闭KPss翻墙和acl正常
总结:
使用 ttl + mark 或者纯mark的方式可以实现原先很难实现的过滤经过SS流量的广告
主要的改动在于给SS预置好OUTPUT和SHADOWSOCKS_EXT规则链当kp启用时它们就会工作kp关闭时不会影响正常数据
次要的改动就是给koolproxy默认开启ttl + mark或者纯mark功能
================================================================================================

30
luci-app-ikoolproxy/luasrc/controller/koolproxy.lua Normal file
View File

@ -0,0 +1,30 @@
module("luci.controller.koolproxy",package.seeall)
function index()
if not nixio.fs.access("/etc/config/koolproxy") then
return
end
entry({"admin", "services", "koolproxy"}, alias("admin", "services", "koolproxy", "basic"), _("iKoolProxy 滤广告"), 1).dependent = true
entry({"admin", "services", "koolproxy", "basic"}, cbi("koolproxy/basic"), _("基本设置"), 1).leaf = true
entry({"admin", "services", "koolproxy", "control"}, cbi("koolproxy/control"), _("访问控制"), 2).leaf = true
entry({"admin", "services", "koolproxy", "add_rule"}, cbi("koolproxy/add_rule"), _("规则订阅"), 3).leaf = true
entry({"admin", "services", "koolproxy", "cert"}, cbi("koolproxy/cert"), _("证书管理"), 4).leaf = true
entry({"admin", "services", "koolproxy", "white_list"}, cbi("koolproxy/white_list"), _("网站白名单设置"), 5).leaf = true
entry({"admin", "services", "koolproxy", "black_list"}, cbi("koolproxy/black_list"), _("网站黑名单设置"), 6).leaf = true
entry({"admin", "services", "koolproxy", "ip_white_list"}, cbi("koolproxy/ip_white_list"), _("IP白名单设置"), 7).leaf = true
entry({"admin", "services", "koolproxy", "ip_black_list"}, cbi("koolproxy/ip_black_list"), _("IP黑名单设置"), 8).leaf = true
entry({"admin", "services", "koolproxy", "custom_rule"}, cbi("koolproxy/custom_rule"), _("自定义规则"), 9).leaf = true
entry({"admin", "services", "koolproxy", "update_log"}, cbi("koolproxy/update_log"), _("更新日志"), 10).leaf = true
entry({"admin", "services", "koolproxy", "tips"}, cbi("koolproxy/tips"), _("帮助支持"), 11).leaf = true
entry({"admin", "services", "koolproxy", "rss_rule"}, cbi("koolproxy/rss_rule"), nil).leaf = true
entry({"admin", "services", "koolproxy", "status"}, call("act_status")).leaf = true
end
function act_status()
local e = {}
e.running = luci.sys.call("pidof koolproxy >/dev/null") == 0
e.bin_version = luci.sys.exec("/usr/share/koolproxy/koolproxy -v")
luci.http.prepare_content("application/json")
luci.http.write_json(e)
end

34
luci-app-ikoolproxy/luasrc/model/cbi/koolproxy/add_rule.lua Normal file
View File

@ -0,0 +1,34 @@
o = Map("koolproxy")
t = o:section(TypedSection,"rss_rule", translate("iKoolProxy 规则订阅"))
t.description = translate("请确保订阅规则的兼容性")
t.anonymous = true
t.addremove = true
t.sortable = true
t.template = "cbi/tblsection"
t.extedit = luci.dispatcher.build_url("admin/services/koolproxy/rss_rule/%s")
t.create = function(...)
local sid = TypedSection.create(...)
if sid then
luci.http.redirect(t.extedit % sid)
return
end
end
e = t:option(Flag, "load", translate("启用"))
e.default = 0
e = t:option(DummyValue, "name", translate("规则名称"))
function e.cfgvalue(...)
return Value.cfgvalue(...) or translate("None")
end
e = t:option(DummyValue,"url", translate("规则地址"))
function e.cfgvalue(...)
return Value.cfgvalue(...) or translate("None")
end
e = t:option(DummyValue, "time", translate("更新时间"))
return o

100
luci-app-ikoolproxy/luasrc/model/cbi/koolproxy/basic.lua Normal file
View File

@ -0,0 +1,100 @@
local o,t,e
local a = luci.sys.exec("head -3 /usr/share/koolproxy/data/rules/koolproxy.txt | grep rules | awk -F' ' '{print $3,$4}'")
local b = luci.sys.exec("head -4 /usr/share/koolproxy/data/rules/koolproxy.txt | grep video | awk -F' ' '{print $3,$4}'")
local c = luci.sys.exec("head -3 /usr/share/koolproxy/data/rules/daily.txt | grep rules | awk -F' ' '{print $3,$4}'")
local s = luci.sys.exec("grep -v !x /usr/share/koolproxy/data/rules/adg.txt | wc -l")
local m = luci.sys.exec("grep -v !x /usr/share/koolproxy/data/rules/adgk.txt | wc -l")
local u = luci.sys.exec("grep -v !x /usr/share/koolproxy/data/rules/steven.txt | wc -l")
local p = luci.sys.exec("grep -v !x /usr/share/koolproxy/data/rules/yhosts.txt | wc -l")
local h = luci.sys.exec("grep -v '^!' /usr/share/koolproxy/data/rules/user.txt | wc -l")
local l = luci.sys.exec("grep -v !x /usr/share/koolproxy/data/rules/koolproxy.txt | wc -l")
local q = luci.sys.exec("grep -v !x /usr/share/koolproxy/data/rules/daily.txt | wc -l")
local f = luci.sys.exec("grep -v !x /usr/share/koolproxy/data/rules/antiad.txt | wc -l")
local i = luci.sys.exec("cat /usr/share/koolproxy/dnsmasq.adblock | wc -l")
o = Map("koolproxy")
o.title = translate("iKoolProxy滤广告")
o.description = translate("iKoolProxy是基于KoolProxyR重新整理的能识别adblock规则的免费开源软件,追求体验更快、更清洁的网络,屏蔽烦人的广告!")
o:section(SimpleSection).template = "koolproxy/koolproxy_status"
t = o:section(TypedSection, "global")
t.anonymous = true
e = t:option(Flag, "enabled", translate("启用"))
e.default = 0
e = t:option(Value, "startup_delay", translate("启动延迟"))
e:value(0, translate("不启用"))
for _, v in ipairs({5, 10, 15, 25, 40, 60}) do
e:value(v, translate("%u 秒") %{v})
end
e.datatype = "uinteger"
e.default = 0
e = t:option(ListValue, "koolproxy_mode", translate("过滤模式"))
e:value(1, translate("全局模式"))
e:value(2, translate("IPSET模式"))
e:value(3, translate("视频模式"))
e.default = 1
e = t:option(MultiValue, "koolproxy_rules", translate("内置规则"))
e:value("koolproxy.txt", translate("静态规则"))
e:value("daily.txt", translate("每日规则"))
e:value("kp.dat", translate("视频规则"))
e:value("user.txt", translate("自定义规则"))
e.optional = false
e = t:option(MultiValue, "thirdparty_rules", translate("第三方规则"))
e:value("adg.txt", translate("AdGuard规则"))
e:value("steven.txt", translate("Steven规则"))
e:value("yhosts.txt", translate("Yhosts规则"))
e:value("antiad.txt", translate("AntiAD规则"))
e:value("adgk.txt", translate("Banben规则"))
e.optional = false
e = t:option(ListValue, "koolproxy_port", translate("端口控制"))
e:value(0, translate("关闭"))
e:value(1, translate("开启"))
e.default = 0
--e = t:option(ListValue, "koolproxy_ipv6", translate("IPv6支持"))
--e:value(0, translate("关闭"))
--e:value(1, translate("开启"))
--e.default = 0
e = t:option(Value, "koolproxy_bp_port", translate("例外端口"))
e.description = translate("单端口:80&nbsp;&nbsp;多端口:80,443")
e:depends("koolproxy_port", "1")
e = t:option(Flag, "koolproxy_host", translate("开启Adblock Plus Hosts"))
e:depends("koolproxy_mode","2")
e.default = 0
e = t:option(ListValue, "koolproxy_acl_default", translate("默认访问控制"))
e.description = translate("访问控制设置中其他主机的默认规则")
e:value(0, translate("不过滤"))
e:value(1, translate("过滤HTTP协议"))
e:value(2, translate("过滤HTTP(S)协议"))
e:value(3, translate("过滤全端口"))
e.default = 1
e = t:option(ListValue, "time_update", translate("定时更新"))
e.description = translate("定时更新规则")
for t = 0,23 do
e:value(t,translate("每天"..t..""))
end
e:value(nil, translate("关闭"))
e.default = nil
e = t:option(Button, "restart", translate("规则状态"))
e.inputtitle = translate("更新规则")
e.inputstyle = "reload"
e.write = function()
luci.sys.call("/usr/share/koolproxy/kpupdate 2>&1 >/dev/null")
luci.http.redirect(luci.dispatcher.build_url("admin","services","koolproxy"))
end
e.description = translate(string.format("<font color=\"red\"><strong>更新订阅规则与Adblock Plus Hosts</strong></font><br /><font color=\"green\">AdGuard规则: %s条<br />Steven规则: %s条<br />Yhosts规则: %s条<br />AntiAD规则: %s条<br />Banben规则: %s条<br />静态规则: %s条<br />视频规则: %s<br />每日规则: %s条<br />自定义规则: %s条<br />Host: %s条</font><br />", s, u, p, f, m, l, b, q, h, i))
return o

31
luci-app-ikoolproxy/luasrc/model/cbi/koolproxy/black_list.lua Normal file
View File

@ -0,0 +1,31 @@
o = Map("koolproxy")
t = o:section(TypedSection, "global")
t.anonymous = true
e = t:option(TextValue, "adblock_domain")
e.description = translate("加入的网址将走广告过滤端口。只针对黑名单模式。只能输入WEB地址google.com每个地址一行。")
e.rows = 28
e.wrap = "off"
local fs = require "nixio.fs"
local i = "/etc/adblocklist/adblock"
function e.cfgvalue()
return fs.readfile(i) or ""
end
function e.write(self, section, value)
if value then
value = value:gsub("\r\n", "\n")
else
value = ""
end
fs.writefile("/tmp/adblock", value)
if (luci.sys.call("cmp -s /tmp/adblock /etc/adblocklist/adblock") == 1) then
fs.writefile(i, value)
end
fs.remove("/tmp/adblock")
end
return o

70
luci-app-ikoolproxy/luasrc/model/cbi/koolproxy/cert.lua Normal file
View File

@ -0,0 +1,70 @@
o = Map("koolproxy")
t = o:section(TypedSection, "global",translate("证书恢复"))
t.description = translate("上传恢复已备份的证书文件名必须为koolproxyCA.tar.gz")
t.anonymous = true
e = t:option(DummyValue, "c1status")
e = t:option(FileUpload, "")
e.template = "koolproxy/caupload"
e = t:option(DummyValue,"",nil)
e.template = "koolproxy/cadvalue"
if nixio.fs.access("/usr/share/koolproxy/data/certs/ca.crt") then
t = o:section(TypedSection, "global",translate("证书备份"))
t.description = translate("下载备份的证书")
t.anonymous = true
e = t:option(DummyValue,"c2status")
e = t:option(Button,"certificate")
e.inputtitle = translate("下载证书备份")
e.inputstyle = "reload"
e.write = function()
luci.sys.call("/usr/share/koolproxy/camanagement backup 2>&1 >/dev/null")
Download()
luci.http.redirect(luci.dispatcher.build_url("admin","services","koolproxy"))
end
end
function Download()
local t,e
t = nixio.open("/tmp/upload/koolproxyca.tar.gz","r")
luci.http.header('Content-Disposition', 'attachment; filename="koolproxyCA.tar.gz"')
luci.http.prepare_content("application/octet-stream")
while true do
e = t:read(nixio.const.buffersize)
if (not e) or (#e==0) then
break
else
luci.http.write(e)
end
end
t:close()
luci.http.close()
end
local t,e
t = "/tmp/upload/"
nixio.fs.mkdir(t)
luci.http.setfilehandler(
function(o,a,i)
if not e then
if not o then return end
e = nixio.open(t..o.file,"w")
if not e then
return
end
end
if a and e then
e:write(a)
end
if i and e then
e:close()
e = nil
luci.sys.call("/usr/share/koolproxy/camanagement restore 2>&1 >/dev/null")
end
end
)
return o

40
luci-app-ikoolproxy/luasrc/model/cbi/koolproxy/control.lua Normal file
View File

@ -0,0 +1,40 @@
o = Map("koolproxy")
t = o:section(TypedSection, "acl_rule", translate("iKoolProxy 访问控制"))
t.anonymous = true
t.description = translate("访问控制列表是用于指定特殊IP过滤模式的工具如为已安装证书的客户端开启https广告过滤等MAC或者IP必须填写其中一项。")
t.template = "cbi/tblsection"
t.sortable = true
t.addremove = true
e = t:option(Value, "remarks", translate("客户端备注"))
e.width = "30%"
e = t:option(Value, "ipaddr", translate("内部 IP 地址"))
e.width = "20%"
e.datatype = "ip4addr"
luci.ip.neighbors({family = 4}, function(neighbor)
if neighbor.reachable then
e:value(neighbor.dest:string(), "%s (%s)" %{neighbor.dest:string(), neighbor.mac})
end
end)
e = t:option(Value,"mac",translate("MAC 地址"))
e.width = "20%"
e.datatype = "macaddr"
luci.ip.neighbors({family = 4}, function(neighbor)
if neighbor.reachable then
e:value(neighbor.mac, "%s (%s)" %{neighbor.mac, neighbor.dest:string()})
end
end)
e = t:option(ListValue, "proxy_mode", translate("访问控制"))
e.width = "20%"
e:value(0,translate("不过滤"))
e:value(1,translate("过滤HTTP协议"))
e:value(2,translate("过滤HTTP(S)协议"))
e:value(3,translate("过滤全端口"))
e.default = 1
return o

31
luci-app-ikoolproxy/luasrc/model/cbi/koolproxy/custom_rule.lua Normal file
View File

@ -0,0 +1,31 @@
o = Map("koolproxy")
t = o:section(TypedSection, "global")
t.anonymous = true
e = t:option(TextValue, "user_rule")
e.description = translate("输入你的自定义规则,每条规则一行。")
e.rows = 28
e.wrap = "off"
local fs = require "nixio.fs"
local i = "/usr/share/koolproxy/data/user.txt"
function e.cfgvalue()
return fs.readfile(i) or ""
end
function e.write(self, section, value)
if value then
value = value:gsub("\r\n", "\n")
else
value = ""
end
fs.writefile("/tmp/user.txt", value)
if (luci.sys.call("cmp -s /tmp/user.txt /usr/share/koolproxy/data/user.txt") == 1) then
fs.writefile(i, value)
end
fs.remove("/tmp/user.txt")
end
return o

31
luci-app-ikoolproxy/luasrc/model/cbi/koolproxy/ip_black_list.lua Normal file
View File

@ -0,0 +1,31 @@
o = Map("koolproxy")
t = o:section(TypedSection, "global")
t.anonymous = true
e = t:option(TextValue, "adblock_ip")
e.description = translate("这些已经加入的ip地址不会使用过滤器.请输入ip地址或ip地址段每行只能输入一个ip地址。例如112.123.134.145 / 24或112.123.134.145。")
e.rows = 28
e.wrap = "off"
local fs = require "nixio.fs"
local i = "/etc/adblocklist/adblockip"
function e.cfgvalue()
return fs.readfile(i) or ""
end
function e.write(self, section, value)
if value then
value = value:gsub("\r\n", "\n")
else
value = ""
end
fs.writefile("/tmp/adblockip", value)
if (luci.sys.call("cmp -s /tmp/adblockip /etc/adblocklist/adblockip") == 1) then
fs.writefile(i, value)
end
fs.remove("/tmp/adblockip")
end
return o

31
luci-app-ikoolproxy/luasrc/model/cbi/koolproxy/ip_white_list.lua Normal file
View File

@ -0,0 +1,31 @@
o = Map("koolproxy")
t = o:section(TypedSection, "global")
t.anonymous = true
e = t:option(TextValue, "adbypass_ip")
e.description = translate("这些已加入的ip地址将使用代理但只有GFW型号。请输入ip地址或ip地址段每行只能输入一个ip地址。例如112.123.134.145 / 24或112.123.134.145。")
e.rows = 28
e.wrap = "off"
local fs = require "nixio.fs"
local i = "/etc/adblocklist/adbypassip"
function e.cfgvalue()
return fs.readfile(i) or ""
end
function e.write(self, section, value)
if value then
value = value:gsub("\r\n", "\n")
else
value = ""
end
fs.writefile("/tmp/adbypassip", value)
if (luci.sys.call("cmp -s /tmp/adbypassip /etc/adblocklist/adbypassip") == 1) then
fs.writefile(i, value)
end
fs.remove("/tmp/adbypassip")
end
return o

34
luci-app-ikoolproxy/luasrc/model/cbi/koolproxy/rss_rule.lua Normal file
View File

@ -0,0 +1,34 @@
local m, s, o
local koolproxy = "koolproxy"
local sid = arg[1]
m = Map(koolproxy)
m.title = translate("iKoolProxy滤广告 - 编辑规则")
m.redirect = luci.dispatcher.build_url("admin/services/koolproxy")
if not arg[1] or m.uci:get(koolproxy, sid) ~= "rss_rule" then
luci.http.redirect(m.redirect)
return
end
-- [[ Edit Rule ]]--
s = m:section(NamedSection, sid, "rss_rule")
s.anonymous = true
s.addremove = true
o = s:option(Flag, "load", translate("启用"))
o.default = 0
o = s:option(Value, "name", translate("规则描述"))
o = s:option(Value, "url", translate("规则地址"))
o.placeholder="[https|http|ftp]://[Hostname]/[File]"
function o.validate(self, value)
if not value then
return nil
else
return value
end
end
return m

8
luci-app-ikoolproxy/luasrc/model/cbi/koolproxy/tips.lua Normal file
View File

@ -0,0 +1,8 @@
o = Map("koolproxy")
t = o:section(TypedSection, "usetips")
t.title = translate("iKoolProxy 帮助支持")
t.anonymous = true
t:append(Template("koolproxy/tips"))
return o

21
luci-app-ikoolproxy/luasrc/model/cbi/koolproxy/update_log.lua Normal file
View File

@ -0,0 +1,21 @@
o = Map("koolproxy")
t = o:section(TypedSection, "global")
t.anonymous = true
local fs = require "nixio.fs"
local i = "/var/log/koolproxy.log"
e = t:option(TextValue, "kpupdate_log")
e.description = translate("查看最近的更新日志")
e.rows = 28
e.wrap = "off"
function e.cfgvalue()
return fs.readfile(i) or ""
end
function e.write(self, section, value)
end
return o

31
luci-app-ikoolproxy/luasrc/model/cbi/koolproxy/white_list.lua Normal file
View File

@ -0,0 +1,31 @@
o = Map("koolproxy")
t = o:section(TypedSection, "global")
t.anonymous = true
e = t:option(TextValue, "adbypass_domain")
e.description = translate("这些已经加入的网站将不会使用过滤器。请输入网站的域名每行只能输入一个网站域名。例如google.com。")
e.rows = 28
e.wrap = "off"
local fs = require "nixio.fs"
local i = "/etc/adblocklist/adbypass"
function e.cfgvalue()
return fs.readfile(i) or ""
end
function e.write(self, section, value)
if value then
value = value:gsub("\r\n", "\n")
else
value = ""
end
fs.writefile("/tmp/adbypass", value)
if (luci.sys.call("cmp -s /tmp/adbypass /etc/adblocklist/adbypass") == 1) then
fs.writefile(i, value)
end
fs.remove("/tmp/adbypass")
end
return o

8
luci-app-ikoolproxy/luasrc/view/koolproxy/cadvalue.htm Normal file
View File

@ -0,0 +1,8 @@
<%+cbi/valueheader%>
<span style="color: green">
<%
local val = self:cfgvalue(section) or self.default or ""
write(pcdata(val))
%>
</span>
<%+cbi/valuefooter%>

5
luci-app-ikoolproxy/luasrc/view/koolproxy/caupload.htm Normal file
View File

@ -0,0 +1,5 @@
<%+cbi/valueheader%>
<label class="cbi-value" style="display:inline-block; width: 400px" for="ulfile"></label><br />
<input class="cbi-input-file" style="width: 400px" type="file" id="ulfile" name="ulfile" />
<input type="submit" class="cbi-button cbi-input-apply" name="upload" value="<%:上传恢复证书%>" />
<%+cbi/valuefooter%>

21
luci-app-ikoolproxy/luasrc/view/koolproxy/koolproxy_status.htm Normal file
View File

@ -0,0 +1,21 @@
<script type="text/javascript">//<![CDATA[
XHR.poll(3, '<%=url([[admin]], [[services]], [[koolproxy]], [[status]])%>', null,
function(x, data) {
var tb = document.getElementById('koolproxy_status');
if (data && tb) {
if (data.running) {
tb.innerHTML = '<em><b style=color:green><%:iKoolProxy 滤广告%>' + data.bin_version + '<%:运行中%></b></em>';
} else {
tb.innerHTML = '<em><b style=color:red><%:iKoolProxy 滤广告%>' + data.bin_version + '<%:未运行%></b></em>';
}
}
}
);
//]]>
</script>
<style>.mar-10 {margin-left: 50px; margin-right: 10px;}</style>
<fieldset class="cbi-section">
<p id="koolproxy_status">
<em><%:收集数据...%></em>
</p>
</fieldset>

31
luci-app-ikoolproxy/luasrc/view/koolproxy/tips.htm Normal file
View File

@ -0,0 +1,31 @@
</style>
<div class="cbi-value">
<label class="cbi-value-title">iKoolProxy的使用Tips</label>
<div class="cbi-value-field">
<br />
1、 一般配置:过滤模式(全局模式)+ 默认访问控制过滤http协议达到一般的过滤效果。
<br />
2、 最佳配置在1的基础上再在 访问控制 + 增加需要过滤的客户端 + 过滤HTTP(S)协议 + 对应客服端安装证书。
<br />
3、 使用步骤A、更新规则B、恢复证书C、设置要过滤的https客户端ipD、清除浏览器或APP数据。
<br />
4、 Adblock Plus的Host列表 + KoolProxy黑名单模式运行更流畅上网体验。
<br />
5、 过滤HTTPS广告需要为相应客户端安装证书在“访问控制”里添加客户端ip或者mac地址并选择用<u><font color='#FF0000'>过滤HTTP(S)协议</font></u>
<br />
6、 在路由器下的设备,在浏览器中输入<u><font color='#FF0000'>110.110.110.110</font></u>来下载证书,导入证书目录请选择“受信任的根证书颁发机构”。
<br />
7、 安装完证书后请清除浏览器的缓存、视频APP的全部数据。如果访问网页弹出不安全提示请检查证书是否安装正确。
<br />
8、 如果想在多台路由器上使用一个证书,请先备份证书,然后再在另一个路由器上恢复证书即可。
<br />
</div>
<div class="cbi-value">
<label class="cbi-value-title">Shaoxia的KoolProxyR详细使用说明</label>
<div class="cbi-value-field">
<input type="button" class="cbi-button cbi-input-reload" value="点击前往" onclick="javascript:window.open('https://shaoxia.xyz/post/koolproxyr%E6%8C%87%E5%8D%97/','target');" />
</div>
</div>
</fieldset>
</fieldset>

0
luci-app-ikoolproxy/root/etc/adblocklist/adblock Normal file
View File

0
luci-app-ikoolproxy/root/etc/adblocklist/adblockip Normal file
View File

0
luci-app-ikoolproxy/root/etc/adblocklist/adbypass Normal file
View File

0
luci-app-ikoolproxy/root/etc/adblocklist/adbypassip Normal file
View File

20
luci-app-ikoolproxy/root/etc/config/koolproxy Normal file
View File

@ -0,0 +1,20 @@
config global
option enabled '0'
option koolproxy_port '0'
option startup_delay '0'
option koolproxy_acl_default '1'
option koolproxy_mode '1'
option koolproxy_host '1'
option koolproxy_rules 'koolproxy.txt daily.txt kp.dat'
option koolproxy_ipv6 '0'
option time_update 'nil'
config acl_rule
option proxy_mode '2'
option remarks '选要滤https的客户端'
option ipaddr '192.168.8.168'
config usetips
option load '0'
option name '1'
option url '1'

476
luci-app-ikoolproxy/root/etc/init.d/koolproxy Executable file
View File

@ -0,0 +1,476 @@
#!/bin/sh /etc/rc.common
#
# Copyright (C) 2015 OpenWrt-dist
# Copyright (C) 2016 fw867 <ffkykzs@gmail.com>
#
# This is free software, licensed under the GNU General Public License v3.
# See /LICENSE for more information.
#
START=99
USE_PROCD=1
CONFIG=koolproxy
KP_DIR=/usr/share/koolproxy
TMP_DIR=/tmp
alias echo_date='echo $(date +%Y年%m月%d日\ %X):'
config_n_get() {
local ret=$(uci get $CONFIG.$1.$2 2>/dev/null)
echo ${ret:=$3}
}
config_t_get() {
local index=0
[ -n "$4" ] && index=$4
local ret=$(uci get $CONFIG.@$1[$index].$2 2>/dev/null)
echo ${ret:=$3}
}
add_ipset_conf() {
if [ -s /etc/adblocklist/adbypass ]; then
echo_date 添加白名单软连接...
cat /etc/adblocklist/adbypass | sed "s/,/\n/g" | sed "s/^/ipset=&\/./g" | sed "s/$/\/white_kp_list/g" >> /tmp/adbypass.conf
rm -rf /tmp/dnsmasq.d/adbypass.conf
ln -sf /tmp/adbypass.conf /tmp/dnsmasq.d/adbypass.conf
dnsmasq_restart=1
fi
if [ "$koolproxy_mode" == "2" ]; then
if [ "$koolproxy_host" == "1" ];then
echo_date 添加Adblock Plus Host软连接...
ln -sf $KP_DIR/dnsmasq.adblock /tmp/dnsmasq.d/dnsmasq.adblock
fi
echo_date 添加黑名单软连接...
rm -rf /tmp/dnsmasq.d/koolproxy_ipset.conf
ln -sf $KP_DIR/koolproxy_ipset.conf /tmp/dnsmasq.d/koolproxy_ipset.conf
echo_date 添加自定义黑名单软连接...
if [ -s /etc/adblocklist/adblock ]; then
cat /etc/adblocklist/adblock | sed "s/,/\n/g" | sed "s/^/ipset=&\/./g" | sed "s/$/\/black_koolproxy/g" >> /tmp/adblock.conf
rm -rf /tmp/dnsmasq.d/adblock.conf
ln -sf /tmp/adblock.conf /tmp/dnsmasq.d/adblock.conf
fi
dnsmasq_restart=1
fi
}
remove_ipset_conf() {
if [ -L "/tmp/dnsmasq.d/adbypass.conf" ]; then
echo_date 移除白名单软连接...
rm -rf /tmp/adbypass.conf
rm -rf /tmp/dnsmasq.d/adbypass.conf
dnsmasq_restart=1
fi
if [ -L "/tmp/dnsmasq.d/koolproxy_ipset.conf" ]; then
echo_date 移除黑名单软连接...
rm -rf /tmp/dnsmasq.d/koolproxy_ipset.conf
dnsmasq_restart=1
fi
if [ -L "/tmp/dnsmasq.d/adblock.conf" ]; then
echo_date 移除自定义黑名单软连接...
rm -rf /tmp/dnsmasq.d/adblock.conf
rm -rf /tmp/adblock.conf
dnsmasq_restart=1
fi
if [ -L "/tmp/dnsmasq.d/dnsmasq.adblock" ]; then
echo_date 移除Adblock Plus Host软连接...
rm -rf /tmp/dnsmasq.d/dnsmasq.adblock
dnsmasq_restart=1
fi
}
restart_dnsmasq() {
if [ "$dnsmasq_restart" == "1" ]; then
echo_date 重启dnsmasq进程...
/etc/init.d/dnsmasq restart > /dev/null 2>&1
fi
}
creat_ipset() {
echo_date 创建ipset名单
# Load ipset netfilter kernel modules and kernel modules
ipset -! create white_kp_list nethash
ipset -! create black_koolproxy iphash
cat $KP_DIR/data/rules/yhosts.txt $KP_DIR/data/rules/adg.txt $KP_DIR/data/rules/steven.txt $KP_DIR/data/rules/antiad.txt $KP_DIR/data/rules/koolproxy.txt $KP_DIR/data/rules/adgk.txt $KP_DIR/data/rules/daily.txt $KP_DIR/data/rules/user.txt | grep -Eo "(.\w+\:[1-9][0-9]{1,4})/" | grep -Eo "([0-9]{1,5})" | sort -un | sed -e '$a\80' -e '$a\443' | sed -e "s/^/-A kp_full_port &/g" -e "1 i\-N kp_full_port bitmap:port range 0-65535 " | ipset -R -!
}
add_white_black_ip() {
echo_date 添加ipset名单
ip_lan="0.0.0.0/8 10.0.0.0/8 100.64.0.0/10 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 192.31.196.0/24 192.52.193.0/24 192.88.99.0/24 192.168.0.0/16 192.175.48.0/24 198.18.0.0/15 198.51.100.0/24 203.0.113.0/24 224.0.0.0/4 240.0.0.0/4 255.255.255.255"
for ip in $ip_lan
do
ipset -A white_kp_list $ip >/dev/null 2>&1
done
sed -e "s/^/add white_kp_list &/g" /etc/adblocklist/adbypassip | awk '{print $0} END{print "COMMIT"}' | ipset -R 2>/dev/null
ipset -A black_koolproxy 110.110.110.110 >/dev/null 2>&1
sed -e "s/^/add black_koolproxy &/g" /etc/adblocklist/adblockip | awk '{print $0} END{print "COMMIT"}' | ipset -R 2>/dev/null
}
load_config() {
ENABLED=$(config_t_get global enabled 0)
[ $ENABLED -ne 1 ] && return 0
koolproxy_mode=$(config_t_get global koolproxy_mode 1)
koolproxy_host=$(config_t_get global koolproxy_host 0)
koolproxy_acl_default=$(config_t_get global koolproxy_acl_default 1)
koolproxy_port=$(config_t_get global koolproxy_port 0)
koolproxy_bp_port=$(config_t_get global koolproxy_bp_port)
koolproxy_ipv6=$(config_t_get global koolproxy_ipv6 0)
config_load $CONFIG
return 1
}
__load_lan_acl() {
local mac
local ipaddr
local proxy_mode
config_get mac $1 mac
config_get ipaddr $1 ipaddr
config_get proxy_mode $1 proxy_mode
[ -n "$ipaddr" ] && [ -z "$mac" ] && echo_date 加载ACL规则【$ipaddr】模式为$(get_mode_name $proxy_mode)
[ -z "$ipaddr" ] && [ -n "$mac" ] && echo_date 加载ACL规则【$mac】模式为$(get_mode_name $proxy_mode)
[ -n "$ipaddr" ] && [ -n "$mac" ] && echo_date 加载ACL规则【$ipaddr】【$mac】模式为$(get_mode_name $proxy_mode)
#echo iptables -t nat -A KOOLPROXY $(factor $ipaddr "-s") $(factor $mac "-m mac --mac-source") -p tcp $(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode)
iptables -t nat -A KOOLPROXY $(factor $ipaddr "-s") $(factor $mac "-m mac --mac-source") -p tcp $(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode)
acl_nu=`expr $acl_nu + 1`
}
lan_acess_control() {
acl_nu=0
[ -z "$koolproxy_acl_default" ] && koolproxy_acl_default=1
config_foreach __load_lan_acl acl_rule
if [ $acl_nu -ne 0 ]; then
echo_date 加载ACL规则其余主机模式为$(get_mode_name $koolproxy_acl_default)
else
echo_date 加载ACL规则所有模式为$(get_mode_name $koolproxy_acl_default)
fi
}
__load_exrule() {
local file
local exrule
local enable
config_get file $1 file
config_get exrule $1 url
config_get enable $1 load
if [ -n "$exrule" ]; then
if [ $enable -ne 1 ]; then
[ -n "$file" ] && [ -f $KP_DIR/data/rules/$file ] && rm -f $KP_DIR/data/rules/$file
uci set koolproxy.$1.time=""
uci commit koolproxy
return
fi
if [ -z "$file" ]; then
file=$(echo $exrule |awk -F "/" '{print $NF}')
uci set koolproxy.$1.file="$file"
uci commit koolproxy
fi
if [ ! -f $KP_DIR/data/rules/$file ]; then
wget $exrule -q -O $TMP_DIR/$file
if [ "$?" == "0" ]; then
uci set koolproxy.$1.time="`date +%Y-%m-%d" "%H:%M`"
uci commit koolproxy
mv $TMP_DIR/$file $KP_DIR/data/rules/$file
else
echo "koolproxy download rule $file failed!"
[ -f $TMP_DIR/$file ] && rm -f $TMP_DIR/$file
fi
fi
cat $KP_DIR/data/rules/$file >>$KP_DIR/data/rules/user.txt
fi
}
load_user_rules() {
cp $KP_DIR/data/user.txt $KP_DIR/data/rules/user.txt
config_foreach __load_exrule rss_rule
}
load_rules() {
sed -i '1,9s/1/0/g' $KP_DIR/data/source.list
local rulelist="$(uci -q get koolproxy.@global[0].koolproxy_rules)"
for rule in $rulelist
do
case "$rule" in
koolproxy.txt)
sed -i '1s/0/1/g' $KP_DIR/data/source.list
;;
daily.txt)
sed -i '2s/0/1/g' $KP_DIR/data/source.list
;;
kp.dat)
sed -i '3s/0/1/g' $KP_DIR/data/source.list
;;
user.txt)
sed -i '4s/0/1/g' $KP_DIR/data/source.list
;;
esac
done
local rulelist="$(uci -q get koolproxy.@global[0].thirdparty_rules)"
for rule in $rulelist
do
case "$rule" in
yhosts.txt)
sed -i '5s/0/1/g' $KP_DIR/data/source.list
;;
adg.txt)
sed -i '6s/0/1/g' $KP_DIR/data/source.list
;;
steven.txt)
sed -i '7s/0/1/g' $KP_DIR/data/source.list
;;
antiad.txt)
sed -i '8s/0/1/g' $KP_DIR/data/source.list
;;
adgk.txt)
sed -i '9s/0/1/g' $KP_DIR/data/source.list
;;
esac
done
}
get_mode_name() {
case "$1" in
0)
echo "不过滤"
;;
1)
echo "过滤HTTP协议"
;;
2)
echo "过滤HTTP(S)协议"
;;
3)
echo "过滤全端口"
;;
esac
}
get_jump_mode() {
case "$1" in
0)
echo "-j"
;;
*)
echo "-g"
;;
esac
}
get_action_chain() {
case "$1" in
0)
echo "RETURN"
;;
1)
echo "KP_HTTP"
;;
2)
echo "KP_HTTPS"
;;
3)
echo "KP_ALL_PORT"
;;
esac
}
factor() {
if [ -z "$1" ] || [ -z "$2" ]; then
echo ""
else
echo "$2 $1"
fi
}
load_nat() {
echo_date 加载nat规则
#----------------------BASIC RULES---------------------
echo_date 写入iptables规则到nat表中...
# 创建KOOLPROXY nat rule
iptables -t nat -N KOOLPROXY
# 局域网地址不走KP
iptables -t nat -A KOOLPROXY -m set --match-set white_kp_list dst -j RETURN
# 生成对应CHAIN
iptables -t nat -N KP_HTTP
iptables -t nat -A KP_HTTP -p tcp -m multiport --dport 80 -j REDIRECT --to-ports 3000
iptables -t nat -N KP_HTTPS
iptables -t nat -A KP_HTTPS -p tcp -m multiport --dport 80,443 -j REDIRECT --to-ports 3000
iptables -t nat -N KP_ALL_PORT
#iptables -t nat -A KP_ALL_PORT -p tcp -j REDIRECT --to-ports 3000
# 端口控制
if [ "$koolproxy_port" == "1" ]; then
echo_date 开启端口控制:【$koolproxy_bp_port】
if [ -n "$koolproxy_bp_port" ]; then
iptables -t nat -A KP_ALL_PORT -p tcp -m multiport ! --dport $koolproxy_bp_port -m set --match-set kp_full_port dst -j REDIRECT --to-ports 3000
else
iptables -t nat -A KP_ALL_PORT -p tcp -m set --match-set kp_full_port dst -j REDIRECT --to-ports 3000
fi
else
iptables -t nat -A KP_ALL_PORT -p tcp -m set --match-set kp_full_port dst -j REDIRECT --to-ports 3000
fi
[ "$koolproxy_ipv6" == "1" ] && ip6tables -t nat -I PREROUTING -p tcp -j REDIRECT --to-ports 3000
# 局域网控制
lan_acess_control
# 剩余流量转发到缺省规则定义的链中
iptables -t nat -A KOOLPROXY -p tcp -j $(get_action_chain $koolproxy_acl_default)
# 重定所有流量到 KOOLPROXY
# 全局模式和视频模式
[ "$koolproxy_mode" == "1" ] || [ "$koolproxy_mode" == "3" ] && iptables -t nat -I PREROUTING 1 -p tcp -j KOOLPROXY
# ipset 黑名单模式
[ "$koolproxy_mode" == "2" ] && iptables -t nat -I PREROUTING 1 -p tcp -m set --match-set black_koolproxy dst -j KOOLPROXY
}
add_cru() {
time=$(config_t_get global time_update)
wirtecron=$(cat /etc/crontabs/root | grep "00 $time * * *" | grep kpupdate)
if [ -z "$wirtecron" ];then
sed -i '/kpupdate/d' /etc/crontabs/root >/dev/null 2>&1
echo "0 $time * * * /usr/share/koolproxy/kpupdate" >> /etc/crontabs/root
fi
}
del_cru() {
sed -i '/kpupdate/d' /etc/crontabs/root >/dev/null 2>&1
}
detect_cert(){
if [ ! -f $KP_DIR/data/private/ca.key.pem -o ! -f $KP_DIR/data/cert/ca.crt ]; then
echo_date 开始生成koolproxy证书用于https过滤
cd $KP_DIR/data && sh gen_ca.sh
fi
}
flush_nat() {
echo_date 移除nat规则...
cd $TMP_DIR
iptables -t nat -S | grep -E "KOOLPROXY|KP_HTTP|KP_HTTPS|KP_ALL_PORT" | sed 's/-A/iptables -t nat -D/g'|sed 1,4d > clean.sh && chmod 777 clean.sh && ./clean.sh
[ -f $TMP_DIR/clean.sh ] && rm -f $TMP_DIR/clean.sh
iptables -t nat -X KOOLPROXY > /dev/null 2>&1
iptables -t nat -X KP_HTTP > /dev/null 2>&1
iptables -t nat -X KP_HTTPS > /dev/null 2>&1
iptables -t nat -X KP_ALL_PORT > /dev/null 2>&1
ipset -F black_koolproxy > /dev/null 2>&1 && ipset -X black_koolproxy > /dev/null 2>&1
ipset -F white_kp_list > /dev/null 2>&1 && ipset -X white_kp_list > /dev/null 2>&1
ip6tables -t nat -D PREROUTING -p tcp -j REDIRECT --to-ports 3000 > /dev/null 2>&1
}
export_ipt_rules() {
FWI=$(uci get firewall.koolproxy.path 2>/dev/null)
[ -n "$FWI" ] || return 0
cat <<-CAT >>$FWI
iptables-save -c | grep -v -E "KOOLPROXY|KP" | iptables-restore -c
iptables-restore -n <<-EOF
$(iptables-save | grep -E "KOOLPROXY|KP|^\*|^COMMIT" |\
sed -e "s/^-A \(PREROUTING\)/-I \1 1/")
EOF
CAT
return $?
}
flush_ipt_rules() {
FWI=$(uci get firewall.koolproxy.path 2>/dev/null)
[ -n "$FWI" ] && echo '# firewall include file' >$FWI
return 0
}
pre_start() {
load_config
[ $? -ne 1 ] && return 0
iptables -t nat -C PREROUTING -p tcp -j KOOLPROXY 2>/dev/null && [ $? -eq 0 ] && return 0;
detect_cert
load_rules
load_user_rules
add_ipset_conf && restart_dnsmasq
creat_ipset
add_white_black_ip
load_nat
flush_ipt_rules && export_ipt_rules
add_cru
[ "$koolproxy_mode" == "1" ] && echo_date 选择【全局过滤模式】
[ "$koolproxy_mode" == "2" ] && echo_date 选择【IPSET过滤模式】
if [ "$koolproxy_mode" == "3" ]; then
echo_date 选择【视频过滤模式】
sed -i '1s/1/0/g;2s/1/0/g' $KP_DIR/data/source.list
fi
return 1
}
post_stop() {
load_config
[ $? -ne 1 ] && NO_RESTART_DNSMASQ=false
if [ $NO_RESTART_DNSMASQ ]; then
remove_ipset_conf
else
remove_ipset_conf && restart_dnsmasq
fi
flush_ipt_rules
flush_nat
del_cru
return 0
}
start_service() {
echo_date ================== koolproxy启用 ================
pre_start
[ $? -ne 1 ] && return 0
procd_open_instance
procd_set_param command /usr/share/koolproxy/koolproxy
procd_append_param command --mark
procd_append_param command --ttl 160
procd_set_param respawn
procd_set_param file /etc/adblocklist/adblock
procd_set_param file /etc/adblocklist/adblockip
procd_set_param file /usr/share/koolproxy/data/user.txt
procd_set_param stdout 1
procd_set_param stderr 1
procd_close_instance
logger "koolproxy has started."
echo_date =================================================
}
stop_service() {
echo_date ====================== 关闭 =====================
post_stop
logger "koolproxy has stopped."
echo_date =================================================
}
reload_service() {
logger "koolproxy reload service."
NO_RESTART_DNSMASQ=true
stop
start
}
service_triggers() {
procd_add_reload_trigger "koolproxy"
}
restart() {
logger "koolproxy restart service."
NO_RESTART_DNSMASQ=true
stop
start
}
boot() {
local delay=$(config_t_get global startup_delay 0)
(sleep $delay && start >/dev/null 2>&1) &
return 0
}

17
luci-app-ikoolproxy/root/etc/uci-defaults/luci-koolproxy Executable file
View File

@ -0,0 +1,17 @@
#!/bin/sh
uci -q batch <<-EOF >/dev/null
delete ucitrack.@koolproxy[-1]
add ucitrack koolproxy
set ucitrack.@koolproxy[-1].init=koolproxy
commit ucitrack
delete firewall.koolproxy
set firewall.koolproxy=include
set firewall.koolproxy.type=script
set firewall.koolproxy.path=/var/etc/koolproxy.include
set firewall.koolproxy.reload=1
commit firewall
EOF
rm -f /tmp/luci-indexcache
exit 0

3
luci-app-ikoolproxy/root/lib/upgrade/keep.d/koolproxy Normal file
View File

@ -0,0 +1,3 @@
/usr/share/koolproxy/data/certs/ca.crt
/usr/share/koolproxy/data/private/base.key.pem
/usr/share/koolproxy/data/private/ca.key.pem

23
luci-app-ikoolproxy/root/usr/sbin/adblockplus Executable file
View File

@ -0,0 +1,23 @@
#!/bin/sh
echo "$(date "+%F %T"): 正在下载adblockplus规则..."
wget-ssl --quiet --no-check-certificate https://easylist-downloads.adblockplus.org/easylistchina+easylist.txt -O /tmp/adlist.txt
if [ "$?" == "0" ]; then
grep ^\|\|[^\*]*\^$ /tmp/adlist.txt | sed -e 's:||:address\=\/:' -e 's:\^:/0\.0\.0\.0:' > /tmp/dnsmasq.adblock
rm -f /tmp/adlist.txt
diff /tmp/dnsmasq.adblock /usr/share/koolproxy/dnsmasq.adblock >/dev/null
[ $? = 0 ] && echo "$(date "+%F %T"): adblockplus本地规则和服务器规则相同无需更新!" && rm -f /tmp/dnsmasq.adblock && return 1
echo "$(date "+%F %T"): 检测到adblockplus规则有更新开始转换规则"
sed -i '/youku/d' /tmp/dnsmasq.adblock >/dev/null 2>&1
sed -i '/[1-9]\{1,3\}\.[1-9]\{1,3\}\.[1-9]\{1,3\}\.[1-9]\{1,3\}/d' /tmp/dnsmasq.adblock >/dev/null 2>&1
mv /tmp/dnsmasq.adblock /usr/share/koolproxy/dnsmasq.adblock
echo "$(date "+%F %T"): adblockplus规则转换完成应用新规则。"
echo ""
echo "$(date "+%F %T"): 重启dnsmasq进程"
/etc/init.d/dnsmasq restart > /dev/null 2>&1
return 0
else
echo "$(date "+%F %T"): 获取在线版本时出现错误! "
[ -f /tmp/adlist.txt ] && rm -f /tmp/adlist.txt
return 1
fi

0
luci-app-ikoolproxy/root/usr/share/koolproxy/adblock.conf Normal file
View File

66
luci-app-ikoolproxy/root/usr/share/koolproxy/camanagement Executable file
View File

@ -0,0 +1,66 @@
#!/bin/sh
kpfolder="/usr/share/koolproxy/data"
kplogfile="/var/log/koolproxy.log"
readyfolder="/tmp/upload/koolproxy"
backup() {
if [ ! -f $kpfolder/private/ca.key.pem ]; then
echo "未找到ca.key.pem请先运行Koolproxy一次" > $kplogfile
exit 1
fi
if [ ! -f $kpfolder/private/base.key.pem ]; then
echo "未找到base.key.pem请先运行Koolproxy一次" > $kplogfile
exit 1
fi
if [ ! -f $kpfolder/certs/ca.crt ]; then
echo "未找到ca.crt请先运行Koolproxy一次" > $kplogfile
exit 1
fi
mkdir -p /tmp/upload
cd $kpfolder
tar czf /tmp/upload/koolproxyca.tar.gz private/ca.key.pem private/base.key.pem certs/ca.crt
[ -f /tmp/upload/koolproxyca.tar.gz ] && echo "证书备份已成功生成。" > $kplogfile
}
restore() {
if [ ! -f /tmp/upload/koolproxyCA.tar.gz ]; then
echo "未找到备份文件文件名必须为koolproxyCA.tar.gz或已损坏请检查备份文件" >> $kplogfile
else
mkdir -p $readyfolder
cd $readyfolder
tar xzf /tmp/upload/koolproxyCA.tar.gz
fi
if [ ! -f $readyfolder/private/ca.key.pem ]; then
echo "未找到ca.key.pem,备份文件不正确或已损坏,请检查备份文件!" > $kplogfile
exit 1
fi
if [ ! -f $readyfolder/private/base.key.pem ]; then
echo "未找到base.key.pem备份文件不正确或已损坏请检查备份文件" > $kplogfile
exit 1
fi
if [ ! -f $readyfolder/certs/ca.crt ]; then
echo "未找到ca.crt备份文件不正确或已损坏请检查备份文件" > $kplogfile
exit 1
fi
mv -f $readyfolder/private/ca.key.pem $kpfolder/private/ca.key.pem
mv -f $readyfolder/private/base.key.pem $kpfolder/private/base.key.pem
mv -f $readyfolder/certs/ca.crt $kpfolder/certs/ca.crt
rm -rf $readyfolder
rm -f /tmp/upload/koolproxyCA.tar.gz
echo "证书成功还原重启Koolproxy。" > $kplogfile
/etc/init.d/koolproxy restart
}
case "$*" in
"backup")
backup
;;
"restore")
restore
;;
"help")
echo "use backup or restore"
;;
esac

29
luci-app-ikoolproxy/root/usr/share/koolproxy/data/gen_ca.sh Executable file
View File

@ -0,0 +1,29 @@
#!/bin/sh
alias echo_date='echo $(date +%Y年%m月%d日\ %X):'
if [ ! -f openssl.cnf ]; then
echo_date "Cannot found openssl.cnf"
exit 1
fi
if [ -f /usr/share/koolproxy/data/private/ca.key.pem ]; then
echo_date "已经有证书了!"
else
echo_date "生成证书中..."
#step 1, root ca
mkdir -p certs private
rm -f serial private/ca.key.pem
chmod 700 private
echo 1000 > serial
openssl genrsa -aes256 -passout pass:koolshare -out private/ca.key.pem 2048
chmod 400 private/ca.key.pem
openssl req -config openssl.cnf -passin pass:koolshare \
-subj "/C=CN/ST=Beijing/L=KP/O=KoolProxy inc/CN=koolproxy.com" \
-key private/ca.key.pem \
-new -x509 -days 7300 -sha256 -extensions v3_ca \
-out certs/ca.crt
#step 2, domain rsa key
openssl genrsa -aes256 -passout pass:koolshare -out private/base.key.pem 2048
echo_date "证书生成完毕..."
fi

132
luci-app-ikoolproxy/root/usr/share/koolproxy/data/openssl.cnf Normal file
View File

@ -0,0 +1,132 @@
# OpenSSL root CA configuration file.
# Copy to `/root/ca/openssl.cnf`.
[ ca ]
# `man ca`
default_ca = CA_default
[ CA_default ]
# Directory and file locations.
dir = ./ca
certs = $dir/certs
crl_dir = $dir/crl
new_certs_dir = $dir/newcerts
database = $dir/index.txt
serial = $dir/serial
RANDFILE = $dir/private/.rand
# The root key and root certificate.
private_key = $dir/private/ca.key.pem
certificate = $dir/certs/ca.cert.pem
# For certificate revocation lists.
crlnumber = $dir/crlnumber
crl = $dir/crl/ca.crl.pem
crl_extensions = crl_ext
default_crl_days = 30
# SHA-1 is deprecated, so use SHA-2 instead.
default_md = sha256
name_opt = ca_default
cert_opt = ca_default
default_days = 375
preserve = no
policy = policy_strict
[ policy_strict ]
# The root CA should only sign intermediate certificates that match.
# See the POLICY FORMAT section of `man ca`.
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ policy_loose ]
# Allow the intermediate CA to sign a more diverse range of certificates.
# See the POLICY FORMAT section of the `ca` man page.
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
# Options for the `req` tool (`man req`).
default_bits = 2048
distinguished_name = req_distinguished_name
string_mask = utf8only
# SHA-1 is deprecated, so use SHA-2 instead.
default_md = sha256
# Extension to add when the -x509 option is used.
x509_extensions = v3_ca
[ req_distinguished_name ]
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
countryName = Country Name (2 letter code)
stateOrProvinceName = State or Province Name
localityName = Locality Name
0.organizationName = Organization Name
organizationalUnitName = Organizational Unit Name
commonName = Common Name
emailAddress = Email Address
# Optionally, specify some defaults.
countryName_default = GB
stateOrProvinceName_default = England
localityName_default =
0.organizationName_default = Alice Ltd
organizationalUnitName_default =
emailAddress_default =
[ v3_ca ]
# Extensions for a typical CA (`man x509v3_config`).
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = critical, CA:true
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
[ v3_intermediate_ca ]
# Extensions for a typical intermediate CA (`man x509v3_config`).
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = critical, CA:true, pathlen:0
keyUsage = critical, digitalSignature, cRLSign, keyCertSign
[ usr_cert ]
# Extensions for client certificates (`man x509v3_config`).
basicConstraints = CA:FALSE
nsCertType = client, email
nsComment = "OpenSSL Generated Client Certificate"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth, emailProtection
[ server_cert ]
# Extensions for server certificates (`man x509v3_config`).
basicConstraints = CA:FALSE
nsCertType = server
nsComment = "OpenSSL Generated Server Certificate"
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer:always
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
[ crl_ext ]
# Extension for CRLs (`man x509v3_config`).
authorityKeyIdentifier=keyid:always
[ ocsp ]
# Extension for OCSP signing certificates (`man ocsp`).
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid,issuer
keyUsage = critical, digitalSignature
extendedKeyUsage = critical, OCSPSigning

49
luci-app-ikoolproxy/root/usr/share/koolproxy/data/rules/user.txt Normal file
View File

@ -0,0 +1,49 @@
! ******************************* KoolProxyR 自定义过滤语法简表 *******************************
! ------------------------ 规则基于adblock规则并进行了语法部分的扩展 ------------------------
! ABP规则请参考https://adblockplus.org/zh_CN/filters下面为大致摘要
! "!" 为行注释符,注释行以该符号起始作为一行注释语义,用于规则描述
! "@@" 为白名单符,白名单具有最高优先级,放行过滤的网站,例如:@@||taobao.com
! "@@@@" 超级白名单比白名单符拥有更高的优先级主要用于放行https网站例如:@@@@||https://taobao.com
! ------------------------------------------------------------------------------------------
! "*" 为字符通配符能够匹配0长度或任意长度的字符串该通配符不能与正则语法混用。
! "^" 为分隔符,可以是除了字母、数字或者 _ - . % 之外的任何字符。
! "~" 为排除标识符,通配符能过滤大多数广告,但同时存在误杀, 可以通过排除标识符修正误杀链接。
! 注:通配符仅在 url 规则中支持html 规则中不支持
! ------------------------------------------------------------------------------------------
! "|" 为管线符号,来表示地址的最前端或最末端
! "||" 为子域通配符,方便匹配主域名下的所有子域
! 用法及例子如下:(以下等号表示等价于)
! ||xx.com/ad = http://xx.com/ad* || http://*.xx.com/ad*
! ||http://xx.com/ad = http://xx.com/ad* || http://*.xx.com/ad*
! ||https://xx.com/ad = https://xx.com/ad* || https://*.xx.com/ad*
! |xx.com/ad = http://xx.com/ad*
! |http://xx.com/ad = http://xx.com/ad*
! |https://xx.com/ad = https://xx.com/ad*
! ad = http://*ad*
! http://ad = http://*ad*
! https://ad = 不支持,需要指定域名,如下例
! https://xx.com/ad = |https://xx.com/ad = https://xx.com/ad*
! [同时可以表示两个以及两个以上的域名]如下例子
! https://xx.ad.com 和 https://xxx.xx.ad.com = ||https://ad.com (注意! 由于https的原因使用要非常谨慎,不可以大范围使用)
! ------------------------------------------------------------------------------------------
! 兼容adblock规则的html规则语法例如
! fulldls.com,torrentzap.com##.tp_reccomend_banner
! 但是推荐写成以下标准写法:
! ||fulldls.com##.tp_reccomend_banner
! ||torrentzap.com##.tp_reccomend_banner
! 如果一个网站html规则有多条可以合并为这样
! ||torrentzap.com##.tp_reccomend_banner,.ad_top,[class="ad_right"]......
! ------------------------------------------------------------------------------------------
! 文本替换语法:$s@匹配内容@替换内容@
! 非标准端口过滤语法:||abc.com:8081/ad.html或者|http://adb.com:8081/
! 文本替换例子:|http://cdn.pcbeta.js.inimc.com/data/cache/common.js?$s@old@new@
! 重定向语法:$r@匹配内容@替换内容@
! 重定向例子:|http://koolshare.cn$r@http://koolshare.cn/*@http://www.qq.com@
! 注:文本替换语法及重定向语法中的匹配内容不仅支持通配符功能,而且额外支持以下功能
! 支持通配符 * 和 ? 表示单个字符
! 支持全正则匹配,/正则内容/ 表示应用正则匹配
! 正则替换:替换内容支持 $1 $2 这样的符号
! 普通替换:替换内容支持 * 这样的符号,表示把命中的内容复制到替换的内容。(类似 $1 $2但是 * 号会自动计算数字)
! ------------------------------------------------------------------------------------------
! 未来将逐步添加相关语法兼容adblock puls的更多语法敬请期待。
! ******************************************************************************************

9
luci-app-ikoolproxy/root/usr/share/koolproxy/data/source.list Normal file
View File

@ -0,0 +1,9 @@
1|koolproxy.txt||静态规则
1|daily.txt||每日规则
1|kp.dat||视频规则
1|user.txt||自定义规则
1|yhosts.txt||Yhosts规则
1|adg.txt||AdGuard规则
1|steven.txt||Steven规则
1|antiad.txt||AntiAD规则
1|adgk.txt||坂本规则

49
luci-app-ikoolproxy/root/usr/share/koolproxy/data/user.txt Normal file
View File

@ -0,0 +1,49 @@
! ******************************* KoolProxy 自定义过滤语法简表 *******************************
! ------------------------ 规则基于adblock规则并进行了语法部分的扩展 ------------------------
! ABP规则请参考https://adblockplus.org/zh_CN/filters下面为大致摘要
! "!" 为行注释符,注释行以该符号起始作为一行注释语义,用于规则描述
! "@@" 为白名单符,白名单具有最高优先级,放行过滤的网站,例如:@@||taobao.com
! "@@@@" 超级白名单比白名单符拥有更高的优先级主要用于放行https网站例如:@@@@||https://taobao.com
! ------------------------------------------------------------------------------------------
! "*" 为字符通配符能够匹配0长度或任意长度的字符串该通配符不能与正则语法混用。
! "^" 为分隔符,可以是除了字母、数字或者 _ - . % 之外的任何字符。
! "~" 为排除标识符,通配符能过滤大多数广告,但同时存在误杀, 可以通过排除标识符修正误杀链接。
! 注:通配符仅在 url 规则中支持html 规则中不支持
! ------------------------------------------------------------------------------------------
! "|" 为管线符号,来表示地址的最前端或最末端
! "||" 为子域通配符,方便匹配主域名下的所有子域
! 用法及例子如下:(以下等号表示等价于)
! ||xx.com/ad = http://xx.com/ad* || http://*.xx.com/ad*
! ||http://xx.com/ad = http://xx.com/ad* || http://*.xx.com/ad*
! ||https://xx.com/ad = https://xx.com/ad* || https://*.xx.com/ad*
! |xx.com/ad = http://xx.com/ad*
! |http://xx.com/ad = http://xx.com/ad*
! |https://xx.com/ad = https://xx.com/ad*
! ad = http://*ad*
! http://ad = http://*ad*
! https://ad = 不支持,需要指定域名,如下例
! https://xx.com/ad = |https://xx.com/ad = https://xx.com/ad*
! [同时可以表示两个以及两个以上的域名]如下例子
! https://xx.ad.com 和 https://xxx.xx.ad.com = ||https://ad.com (注意! 由于https的原因使用要非常谨慎,不可以大范围使用)
! ------------------------------------------------------------------------------------------
! 兼容adblock规则的html规则语法例如
! fulldls.com,torrentzap.com##.tp_reccomend_banner
! 但是推荐写成以下标准写法:
! ||fulldls.com##.tp_reccomend_banner
! ||torrentzap.com##.tp_reccomend_banner
! 如果一个网站html规则有多条可以合并为这样
! ||torrentzap.com##.tp_reccomend_banner,.ad_top,[class="ad_right"]......
! ------------------------------------------------------------------------------------------
! 文本替换语法:$s@匹配内容@替换内容@
! 非标准端口过滤语法:||abc.com:8081/ad.html或者|http://adb.com:8081/
! 文本替换例子:|http://cdn.pcbeta.js.inimc.com/data/cache/common.js?$s@old@new@
! 重定向语法:$r@匹配内容@替换内容@
! 重定向例子:|http://koolshare.cn$r@http://koolshare.cn/*@http://www.qq.com@
! 注:文本替换语法及重定向语法中的匹配内容不仅支持通配符功能,而且额外支持以下功能
! 支持通配符 * 和 ? 表示单个字符
! 支持全正则匹配,/正则内容/ 表示应用正则匹配
! 正则替换:替换内容支持 $1 $2 这样的符号
! 普通替换:替换内容支持 * 这样的符号,表示把命中的内容复制到替换的内容。(类似 $1 $2但是 * 号会自动计算数字)
! ------------------------------------------------------------------------------------------
! 未来将逐步添加相关语法兼容adblock puls的更多语法敬请期待。
! ******************************************************************************************

0
luci-app-ikoolproxy/root/usr/share/koolproxy/dnsmasq.adblock Normal file
View File

0
luci-app-ikoolproxy/root/usr/share/koolproxy/koolproxy_ipset.conf Normal file
View File

171
luci-app-ikoolproxy/root/usr/share/koolproxy/kpupdate Executable file
View File

@ -0,0 +1,171 @@
#!/bin/sh
# set -x
. /lib/functions.sh
CONFIG=koolproxy
KP_DIR=/usr/share/koolproxy
TMP_DIR=/tmp/koolproxy
LOGFILE="/var/log/koolproxy.log"
config_t_get() {
local index=0
[ -n "$4" ] && index=$4
local ret=$(uci get $CONFIG.@$1[$index].$2 2>/dev/null)
echo ${ret:=$3}
}
limit_log() {
local log=$1
[ ! -f "$log" ] && return
local sc=100
[ -n "$2" ] && sc=$2
local count=$(grep -c "" $log)
if [ $count -gt $sc ];then
let count=count-$sc
sed -i "1,$count d" $log
fi
}
init_env() {
rm -rf "$TMP_DIR"
mkdir -p "$TMP_DIR"
}
restart_koolproxy() {
/etc/init.d/koolproxy restart
}
__compare_file() {
local descript=$1
local localPath=$2
local remoteUrl=$3
echo $(date "+%F %T"): ------------------- $descript更新 ------------------- >>$LOGFILE
local filename=`basename $localPath`
local remotePath="$TMP_DIR/$filename"
wget "$remoteUrl" -q -O "$remotePath"
if [ "$?" == "0" ]; then
if [ -f "$localPath" ]; then
localMD5=`md5sum "$localPath" | awk '{print $1}'`
localNum=`cat "$localPath" | grep -v '^!' | wc -l`
else
localMD5="文件不存在"
localNum="0"
fi
remoteMD5=`md5sum "$remotePath" | awk '{print $1}'`
remoteNum=`cat "$remotePath" | grep -v '^!' | wc -l`
echo $(date "+%F %T"): 本地版本MD5$localMD5 >>$LOGFILE
echo $(date "+%F %T"): 本地版本条数:$localNum >>$LOGFILE
echo >>$LOGFILE
echo $(date "+%F %T"): 在线版本MD5$remoteMD5 >>$LOGFILE
echo $(date "+%F %T"): 在线版本条数:$remoteNum >>$LOGFILE
echo >>$LOGFILE
if [ "$localMD5" != "$remoteMD5" ];then
echo $(date "+%F %T"): 检测到更新,开始更新规则! >>$LOGFILE
mv -f "$remotePath" "$localPath"
echo $(date "+%F %T"): 更新成功! >>$LOGFILE
echo >>$LOGFILE
return 0
fi
else
echo "$(date "+%F %T"): 获取在线版本时出现错误! " >>$LOGFILE
echo >>$LOGFILE
fi
return 1
}
__update_rule() {
local name
local file
local exrule
local enable
config_get name $1 name
config_get file $1 file
config_get exrule $1 url
config_get enable $1 load
if [ -n "$file" ] && [ -n "$exrule" ]; then
if [ $enable -ne 1 ]; then
return
fi
__compare_file "$name" "$KP_DIR/data/rules/$file" "$exrule"
if [ "$?" == "0" ]; then
uci set koolproxy.$1.time="`date +%Y-%m-%d" "%H:%M`"
uci commit koolproxy
RESTART_KOOLPROXY=true
fi
cat $KP_DIR/data/rules/$file >>$KP_DIR/data/rules/user.txt
echo >>$LOGFILE
fi
}
update_rss_rules() {
cp $KP_DIR/data/user.txt $KP_DIR/data/rules/user.txt
config_load $CONFIG
config_foreach __update_rule rss_rule
}
update_rules() {
echo $(date "+%F %T"): ------------------- 内置规则更新 ------------------- >>$LOGFILE
wget 'https://onewrt.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/kp.dat' -q -O $KP_DIR/data/rules/kp.dat
wget 'https://onewrt.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/daily.txt' -q -O $KP_DIR/data/rules/daily.txt
wget 'https://onewrt.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/koolproxy.txt' -q -O $KP_DIR/data/rules/koolproxy.txt
wget 'https://onewrt.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/yhosts.txt' -q -O $KP_DIR/data/rules/yhosts.txt
wget 'https://onewrt.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/steven.txt' -q -O $KP_DIR/data/rules/steven.txt
wget 'https://onewrt.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/adg.txt' -q -O $KP_DIR/data/rules/adg.txt
wget 'https://onewrt.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/antiad.txt' -q -O $KP_DIR/data/rules/antiad.txt
wget 'https://onewrt.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/adgk.txt' -q -O $KP_DIR/data/rules/adgk.txt
wget 'https://onewrt.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/koolproxy_ipset.conf' -q -O $KP_DIR/koolproxy_ipset.conf
wget 'https://onewrt.coding.net/p/ikoolproxy/d/rules/git/raw/master/rules/dnsmasq.adblock' -q -O $KP_DIR/dnsmasq.adblock
adg_rules_local=`cat /usr/share/koolproxy/data/rules/adg.txt | sed -n '4p'|awk '{print $4}'`
steven_rules_local=`cat /usr/share/koolproxy/data/rules/steven.txt | sed -n '2p'|awk '{print $3,$4,$5,$6}'`
yhosts_rules_local=`cat /usr/share/koolproxy/data/rules/yhosts.txt | sed -n '1p' | cut -d ":" -f2`
antiad_rules_local=`cat /usr/share/koolproxy/data/rules/antiad.txt | sed -n '2p' | cut -d "=" -f2`
koolproxy_rules_local=`cat /usr/share/koolproxy/data/rules/koolproxy.txt | sed -n '3p'|awk '{print $3,$4}'`
adgk_rules_local=`cat /usr/share/koolproxy/data/rules/adgk.txt | sed -n '1p'|awk '{print $3}'`
echo $(date "+%F %T"): -------------------AdGuard规则 Version $adg_rules_local >>$LOGFILE
echo $(date "+%F %T"): -------------------Steven规则 Version $steven_rules_local >>$LOGFILE
echo $(date "+%F %T"): -------------------Yhosts规则 Version $yhosts_rules_local >>$LOGFILE
echo $(date "+%F %T"): -------------------AntiAD规则 Version $antiad_rules_local >>$LOGFILE
echo $(date "+%F %T"): -------------------坂本规则 Version $adgk_rules_local >>$LOGFILE
echo $(date "+%F %T"): -------------------静态规则 Version $koolproxy_rules_local >>$LOGFILE
echo $(date "+%F %T"): ------------------- 内置规则更新成功! ------------------- >>$LOGFILE
RESTART_KOOLPROXY=true
}
update_adb_host() {
/usr/sbin/adblockplus >>$LOGFILE 2>&1 &
if [ "$?" == "0" ]; then
RESTART_DNSMASQ=true
fi
}
# main process
init_env
limit_log $LOGFILE
# update rules
update_rules
# update user rules
update_rss_rules
koolproxy_mode=$(config_t_get global koolproxy_mode 1)
koolproxy_host=$(config_t_get global koolproxy_host 0)
# update ADB Plus Host
if [ "$koolproxy_mode" == "2" ] && [ "$koolproxy_host" == "1" ];then
update_adb_host
fi
if [ $RESTART_KOOLPROXY ]; then
restart_koolproxy
echo $(date "+%F %T"): 重启koolproxy进程 >>$LOGFILE
fi
init_env

11
luci-app-ikoolproxy/root/usr/share/rpcd/acl.d/luci-app-ikoolproxy.json Normal file
View File

@ -0,0 +1,11 @@
{
"luci-app-ikoolproxy": {
"description": "Grant UCI access for luci-app-ikoolproxy",
"read": {
"uci": [ "koolproxy" ]
},
"write": {
"uci": [ "koolproxy" ]
}
}
}

44
luci-app-ikoolproxy/rulesupdate.log Normal file
View File

@ -0,0 +1,44 @@
2022-02-07 01:07:34: ------------------- 规则更新 -----------------------
2022-02-07 01:07:34: ====================================================
2022-02-07 01:07:34: 开始更新koolproxy的规则请等待...
2022-02-07 01:07:34: kpr_our_rule规则文件下载失败
2022-02-07 01:07:34: dykpr规则文件下载失败
2022-02-07 01:07:34: ---------------------------------------------------------------------------------------
2022-02-07 01:07:34: Yhosts规则本地版本号 202111082343
2022-02-07 01:07:34: Yhosts规则在线版本号 202111082343
2022-02-07 01:07:34: 检测到Yhosts本地版本号和在线版本号相同那还更新个毛啊!
2022-02-07 01:07:34: ---------------------------------------------------------------------------------------
2022-02-07 01:07:35: Antiad规则本地版本号 20220201023931
2022-02-07 01:07:35: Antiad规则在线版本号 20220205023331
2022-02-07 01:07:35: 检测到新版本 Antiad规则 列表,开始更新...
2022-02-07 01:07:35: 将临时文件覆盖到原始 Antiad规则 文件
2022-02-07 01:07:35: ---------------------------------------------------------------------------------------
2022-02-07 01:07:35: StevenBlack规则本地版本号 31 January 2022 16:06:44
2022-02-07 01:07:35: StevenBlack规则在线版本号 01 February 2022 17:17:39
2022-02-07 01:07:35: 检测到新版本 StevenBlack规则 列表,开始更新...
2022-02-07 01:07:35: 将临时文件覆盖到原始 StevenBlack规则 文件
2022-02-07 01:07:35: ---------------------------------------------------------------------------------------
2022-02-07 01:07:35: AdGuard DNS规则本地版本号 2022-02-01T00:27:36.809Z
2022-02-07 01:07:35: AdGuard DNS规则在线版本号 2022-02-07T00:22:12.257Z
2022-02-07 01:07:35: 检测到新版本 AdGuard DNS规则 列表,开始更新...
2022-02-07 01:07:35: 将临时文件覆盖到原始 AdGuard DNS规则 文件
2022-02-07 01:07:35: ---------------------------------------------------------------------------------------
2022-02-07 01:07:36: ADgk规则本地版本号 20220201032941
2022-02-07 01:07:36: ADgk规则在线版本号 20220206232113
2022-02-07 01:07:36: 检测到新版本 ADgk规则 列表,开始更新...
2022-02-07 01:07:36: 将临时文件覆盖到原始 ADgk规则 文件
2022-02-07 01:07:36: 跳过优化 补充规则Yhosts。。。。。
2022-02-07 01:07:36: 正在优化 补充规则antiad。。。。。
2022-02-07 01:07:37: 正在优化 补充规则steven。。。。。
2022-02-07 01:07:37: 正在优化 补充规则AdGuard DNS。。。。。
2022-02-07 01:07:44: 正在优化 ADgk规则。。。。。
2022-02-07 01:07:56: 所有规则更新并优化完毕!
2022-02-07 01:07:56: ====================================================
2022-02-07 01:07:59: -------------------AdGuard规则 version 2022-02-07T00:22:12.257Z
2022-02-07 01:07:59: -------------------Antiad规则 version 20220205023331
2022-02-07 01:07:59: -------------------Banben规则 version 20220206232113
2022-02-07 01:07:59: -------------------Yhosts规则 version 202111082343
2022-02-07 01:07:59: -------------------Steven规则 version 01 February 2022 17:17:39
2022-02-07 01:07:59: -------------------静态规则 version 2022-02-06 14:00
2022-02-07 01:07:59: ------------------- 内置规则更新成功! -------------------
2022-02-07 01:07:59: ------------------- 规则更新成功! -------------------

40
luci-app-ikoolproxy/update.log Normal file
View File

@ -0,0 +1,40 @@
## 更新2022年1月13日
1、x86_64 bin update to 3.8.6。
2、删除默认的规则订阅。大部分和静态规则重复。
## 更新2021年11月30日
1、更名以及更换规则地址。强烈建议重新安装最新版本。
2、更新IPKR。
## 更新2021年11月21日
1、剔除ABP乘风视频和fanboy这三个无效规则替换AdGuardsteven坂本手机规则。
2、新增订阅规则为IKPR。
## 更新2021年11月19日
1、修改第三方规则默认采用Yhosts规则。
2、修复规则更新地址为国内coding。
## 更新2021年11月13日
1、整理 Luci 界面。
2、优化部分规则+规则地址变更。
A、升级koolrpxy规则视频规则kp.dat每日规则daily为2021年10月7日最新版。
B、升级ABP规则为EasyList+ Easylist China + CJX's Annoyance List + CJX's chinese。并默认采用。
C、升级kpr_our_rule并合并了某些规则为ikpr_our_rule。
D、为缓解服务器压力默认关闭自动更新上游规则每周更新一次。
## 更新2021年11月5日
1、已经修复开启视频规则导致软件无法运行问题。主要原因是猴子大佬的规则内容清空了。直接在后台重新更新规则即可。
2、修复anti-ad获取版本问题。
## 更新2021年3月23日
感谢 [maple's sky](https://github.com/maplesky) 大佬提供技术支持,修复状态栏不动态问题。
## 更新2021年3月4日
感谢 [xiaoqi2020](https://github.com/xiaoqi2020) 提供,选择规则托管国内。
## 更新2021年2月26日元宵
原来的码云以及coding规则已经无法获取被封了。现在托管在github上。

97
luci-app-smartdns/ReadMe.md Normal file
View File

@ -0,0 +1,97 @@
# luci-app-smartdns
此仓库为smartdns独立仓库为单独编译使用, 在安装此界面前需要先安装smartdns进程编译脚本。
请先安装[openwrt-smartdns](https://github.com/pymumu/openwrt-smartdns)
仓库分为两个分支
1. master分支为openwrt 19.07之后版本使用此版本基于javascript。
2. lede分支为lede分支使用 此版本基于lua。
使用时,请使用配套的版本。
## 使用方式
如下命令操作路径为openwrt源代码所在目录。
### 复制仓库中的文件到如下目录,并执行安装
```shell
feeds/luci/applications/luci-app-smartdns/
./scripts/feeds install luci -a
```
> lede请下载lede分支
### 执行openwrt配置, 选中luci-app-smartdns
* 选择路径:
LuCI > 3. Applications > luci-app-smartdns
```shell
make menuconfig
```
* 编译模式:
1. 若编译独立软件包,选择编译模式为`M`
1. 若编译到固件中,选择编译模式为`*`
### 执行openwrt编译
仅编译软件包:
```shell
make package/feeds/luci/applications/luci-app-smartdns/compile
```
编译固件以及软件包。
```shell
make -j8
```
## 懒人脚本
可执行如下命令一次性下载smartdns以及luci-app-smartdns。
下列命令可采用复制粘贴的方式执行。
注意事项:
1. 执行下列命令时需要确保当前路径为openwrt代码路径。
1. 确保执行过./scripts/feeds进行更新。
1. 若是LEDE请更换`LUCIBRANCH`变量为
```shell
LUCIBRANCH="lede"
```
批量命令:
```shell
WORKINGDIR="`pwd`/feeds/packages/net/smartdns"
mkdir $WORKINGDIR -p
rm $WORKINGDIR/* -fr
wget https://github.com/pymumu/openwrt-smartdns/archive/master.zip -O $WORKINGDIR/master.zip
unzip $WORKINGDIR/master.zip -d $WORKINGDIR
mv $WORKINGDIR/openwrt-smartdns-master/* $WORKINGDIR/
rmdir $WORKINGDIR/openwrt-smartdns-master
rm $WORKINGDIR/master.zip
LUCIBRANCH="master" #更换此变量
WORKINGDIR="`pwd`/feeds/luci/applications/luci-app-smartdns"
mkdir $WORKINGDIR -p
rm $WORKINGDIR/* -fr
wget https://github.com/pymumu/luci-app-smartdns/archive/${LUCIBRANCH}.zip -O $WORKINGDIR/${LUCIBRANCH}.zip
unzip $WORKINGDIR/${LUCIBRANCH}.zip -d $WORKINGDIR
mv $WORKINGDIR/luci-app-smartdns-${LUCIBRANCH}/* $WORKINGDIR/
rmdir $WORKINGDIR/luci-app-smartdns-${LUCIBRANCH}
rm $WORKINGDIR/${LUCIBRANCH}.zip
./scripts/feeds install -a
make menuconfig
```
下载完成后,执行配置编译。

492
luci-app-smartdns/htdocs/luci-static/resources/view/smartdns/smartdns.js Normal file
View File

@ -0,0 +1,492 @@
/*************************************************************************
*
* Copyright (C) 2018-2020 Ruilin Peng (Nick) <pymumu@gmail.com>.
*
* smartdns is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* smartdns is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
'use strict';
'require fs';
'require uci';
'require form';
'require rpc';
var conf = 'smartdns';
var callServiceList = rpc.declare({
object: 'service',
method: 'list',
params: ['name'],
expect: { '': {} }
});
function getPidOfSmartdns() {
return L.resolveDefault(callServiceList(conf), {})
.then(function (res) {
var isrunning = false;
try {
isrunning = res[conf]['instances']['smartdns']['running'];
} catch (e) { }
return isrunning;
});
}
function getIPTablesRedirect() {
return fs.exec('/usr/sbin/iptables', ['-t', 'nat', '-nL', 'PREROUTING']).then(function (res) {
if (res.code === 0) {
return res.stdout.trim();
} else {
return "";
}
});
}
function getIP6TablesRedirect() {
return fs.exec('/usr/sbin/ip6tables', ['-t', 'nat', '-nL', 'PREROUTING']).then(function (res) {
if (res.code === 0) {
return res.stdout.trim();
} else {
return "";
}
});
}
function smartdnsServiceStatus() {
return Promise.all([
getPidOfSmartdns(),
getIPTablesRedirect(),
getIP6TablesRedirect()
]);
}
function smartdnsRenderStatus(res) {
var renderHTML = "";
var isRunning = res[0];
var ipt = res[1];
var ip6t = res[2];
var serverPort = uci.get_first('smartdns', 'smartdns', 'port');
var redirectMode = uci.get_first('smartdns', 'smartdns', 'redirect');
var ipv6Enabled = uci.get_first('smartdns', 'smartdns', 'ipv6_server');
if (isRunning) {
renderHTML += "<span style=\"color:green;font-weight:bold\">SmartDNS - " + _("RUNNING") + "</span>";
} else {
renderHTML += "<span style=\"color:red;font-weight:bold\">SmartDNS - " + _("NOT RUNNING") + "</span>";
return renderHTML;
}
if (redirectMode === "dnsmasq-upstream") {
var matchLine = "127.0.0.1#" + serverPort;
var dnsmasqServer = uci.get_first('dhcp', 'dnsmasq', 'server') || "";
if (dnsmasqServer.indexOf(matchLine) < 0) {
renderHTML += "<br /><span style=\"color:red;font-weight:bold\">" + _("Dnsmasq Forwared To Smartdns Failure") + "</span>";
}
} else if (redirectMode === "redirect") {
var redirectRules = (ipt || '').split(/\n/).filter(function (rule) {
return rule.match(/REDIRECT/) && rule.match(/dpt:53/) && rule.match("ports " + serverPort);
});
if (redirectRules.length <= 0) {
renderHTML += "<br /><span style=\"color:red;font-weight:bold\">" + _("IPV4 53 Port Redirect Failure") + "</span>";
if (ipv6Enabled) {
var redirectRules = (ip6t || '').split(/\n/).filter(function (rule) {
return rule.match(/REDIRECT/) && rule.match(/dpt:53/) && rule.match("ports " + serverPort);
});
if (redirectRules.length <= 0) {
renderHTML += "<br /><span style=\"color:red;font-weight:bold\">" + _("IPV6 53 Port Redirect Failure") + "</span>";
}
}
}
}
return renderHTML;
}
return L.view.extend({
load: function () {
return Promise.all([
uci.load('smartdns'),
uci.load('dhcp')
]);
},
render: function (stats) {
var m, s, o;
m = new form.Map('smartdns', _('SmartDNS'));
m.title = _("SmartDNS Server");
m.description = _("SmartDNS is a local high-performance DNS server, supports finding fastest IP, "
+ "supports ad filtering, and supports avoiding DNS poisoning.");
s = m.section(form.NamedSection, '_status');
s.anonymous = true;
s.render = function (section_id) {
L.Poll.add(function () {
return L.resolveDefault(smartdnsServiceStatus()).then(function (res) {
var view = document.getElementById("service_status");
view.innerHTML = smartdnsRenderStatus(res);
});
});
return E('div', { class: 'cbi-map' },
E('div', { class: 'cbi-section' }, [
E('div', { id: 'service_status' },
_('Collecting data ...'))
])
);
}
// Basic;
s = m.section(form.TypedSection, "smartdns", _("Settings"), _("General Settings"));
s.anonymous = true;
s.tab("settings", _("General Settings"));
s.tab("seconddns", _("Second Server Settings"));
s.tab("custom", _("Custom Settings"));
// Eanble;
o = s.taboption("settings", form.Flag, "enabled", _("Enable"), _("Enable or disable smartdns server"));
o.default = o.disabled;
o.rempty = false;
// server name;
o = s.taboption("settings", form.Value, "server_name", _("Server Name"), _("Smartdns server name"));
o.default = "smartdns";
o.datatype = "hostname";
o.rempty = false;
// Port;
o = s.taboption("settings", form.Value, "port", _("Local Port"), _("Smartdns local server port"));
o.placeholder = 6053;
o.default = 6053;
o.datatype = "port";
o.rempty = false;
// Enable TCP server;
o = s.taboption("settings", form.Flag, "tcp_server", _("TCP Server"), _("Enable TCP DNS Server"));
o.rmempty = false;
o.default = o.enabled;
// Support IPV6;
o = s.taboption("settings", form.Flag, "ipv6_server", _("IPV6 Server"), _("Enable IPV6 DNS Server"));
o.rmempty = false;
o.default = o.enabled;
// Support DualStack ip selection;
o = s.taboption("settings", form.Flag, "dualstack_ip_selection", _("Dual-stack IP Selection"),
_("Enable IP selection between IPV4 and IPV6"));
o.rmempty = false;
o.default = o.disabled;
// Domain prefetch load ;
o = s.taboption("settings", form.Flag, "prefetch_domain", _("Domain prefetch"),
_("Enable domain prefetch, accelerate domain response speed."));
o.rmempty = false;
o.default = o.disabled;
// Domain Serve expired
o = s.taboption("settings", form.Flag, "serve_expired", _("Serve expired"),
_("Attempts to serve old responses from cache with a TTL of 0 in the response without waiting for the actual resolution to finish."));
o.rmempty = false;
o.default = o.disabled;
// Redirect;
o = s.taboption("settings", form.ListValue, "redirect", _("Redirect"), _("SmartDNS redirect mode"));
o.placeholder = "none";
o.value("none", _("none"));
o.value("dnsmasq-upstream", _("Run as dnsmasq upstream server"));
o.value("redirect", _("Redirect 53 port to SmartDNS"));
o.default = "none";
o.rempty = false;
// cache-size;
o = s.taboption("settings", form.Value, "cache_size", _("Cache Size"), _("DNS domain result cache size"));
o.rempty = true;
// rr-ttl;
o = s.taboption("settings", form.Value, "rr_ttl", _("Domain TTL"), _("TTL for all domain result."));
o.rempty = true;
// rr-ttl-min;
o = s.taboption("settings", form.Value, "rr_ttl_min", _("Domain TTL Min"),
_("Minimum TTL for all domain result."));
o.rempty = true;
o.placeholder = "300";
o.default = 300;
o.optional = true;
// second dns server;
// rr-ttl-max;
o = s.taboption("settings", form.Value, "rr_ttl_max", _("Domain TTL Max"),
_("Maximum TTL for all domain result."));
o.rempty = true;
// Eanble;
o = s.taboption("seconddns", form.Flag, "seconddns_enabled", _("Enable"),
_("Enable or disable second DNS server."));
o.default = o.disabled;
o.rempty = false;
// Port;
o = s.taboption("seconddns", form.Value, "seconddns_port", _("Local Port"), _("Smartdns local server port"));
o.placeholder = 6553;
o.default = 6553;
o.datatype = "port";
o.rempty = false;
// Enable TCP server;
o = s.taboption("seconddns", form.Flag, "seconddns_tcp_server", _("TCP Server"), _("Enable TCP DNS Server"));
o.rmempty = false;
o.default = o.enabled;
// dns server group;
o = s.taboption("seconddns", form.Value, "seconddns_server_group", _("Server Group"),
_("Query DNS through specific dns server group, such as office, home."));
o.rmempty = true;
o.placeholder = "default";
o.datatype = "hostname";
o.rempty = true;
o = s.taboption("seconddns", form.Flag, "seconddns_no_speed_check", _("Skip Speed Check"),
_("Do not check speed."));
o.rmempty = false;
o.default = o.disabled;
// skip address rules;
o = s.taboption("seconddns", form.Flag, "seconddns_no_rule_addr", _("Skip Address Rules"),
_("Skip address rules."));
o.rmempty = false;
o.default = o.disabled;
// skip name server rules;
o = s.taboption("seconddns", form.Flag, "seconddns_no_rule_nameserver", _("Skip Nameserver Rule"),
_("Skip nameserver rules."));
o.rmempty = false;
o.default = o.disabled;
// skip ipset rules;
o = s.taboption("seconddns", form.Flag, "seconddns_no_rule_ipset", _("Skip Ipset Rule"),
_("Skip ipset rules."));
o.rmempty = false;
o.default = o.disabled;
// skip soa address rule;
o = s.taboption("seconddns", form.Flag, "seconddns_no_rule_soa", _("Skip SOA Address Rule"),
_("Skip SOA address rules."));
o.rmempty = false;
o.default = o.disabled;
o = s.taboption("seconddns", form.Flag, "seconddns_no_dualstack_selection", _("Skip Dualstack Selection"),
_("Skip Dualstack Selection."));
o.rmempty = false;
o.default = o.disabled;
// skip cache;
o = s.taboption("seconddns", form.Flag, "seconddns_no_cache", _("Skip Cache"), _("Skip Cache."));
o.rmempty = false;
o.default = o.disabled;
// Force AAAA SOA
o = s.taboption("seconddns", form.Flag, "force_aaaa_soa", _("Force AAAA SOA"), _("Force AAAA SOA."));
o.rmempty = false;
o.default = o.disabled;
// custom settings;
o = s.taboption("custom", form.TextValue, "custom_conf",
"", _("smartdns custom settings"));
o.rows = 20;
o.cfgvalue = function (section_id) {
return fs.trimmed('/etc/smartdns/custom.conf');
};
o.write = function (section_id, formvalue) {
return fs.write('/etc/smartdns/custom.conf', formvalue.trim().replace(/\r\n/g, '\n') + '\n');
};
o = s.taboption("custom", form.Flag, "coredump", _("Generate Coredump"),
_("Generate Coredump file when smartdns crash, coredump file is located at /tmp/smartdns.xxx.core."));
o.rmempty = false;
o.default = o.disabled;
// Upstream servers;
s = m.section(form.GridSection, "server", _("Upstream Servers"),
_("Upstream Servers, support UDP, TCP protocol. Please configure multiple DNS servers, "
+ "including multiple foreign DNS servers."));
s.anonymous = true;
s.addremove = true;
s.tab('general', _('General Settings'));
s.tab('advanced', _('Advanced Settings'));
// enable flag;
o = s.taboption("general", form.Flag, "enabled", _("Enable"), _("Enable"));
o.rmempty = false;
o.default = o.enabled;
o.editable = true;
// name;
o = s.taboption("general", form.Value, "name", _("DNS Server Name"), _("DNS Server Name"));
// IP address;
o = s.taboption("general", form.Value, "ip", _("ip"), _("DNS Server ip"));
o.datatype = "or(ipaddr, string)";
o.rmempty = false;
// port;
o = s.taboption("general", form.Value, "port", _("port"), _("DNS Server port"));
o.placeholder = "default";
o.datatype = "port";
o.rempty = true;
o.depends("type", "udp");
o.depends("type", "tcp");
o.depends("type", "tls");
// type;
o = s.taboption("general", form.ListValue, "type", _("type"), _("DNS Server type"));
o.placeholder = "udp";
o.value("udp", _("udp"));
o.value("tcp", _("tcp"));
o.value("tls", _("tls"));
o.value("https", _("https"));
o.default = "udp";
o.rempty = false;
// Advanced Options
// server group
o = s.taboption("advanced", form.Value, "server_group", _("Server Group"), _("DNS Server group belongs to, "
+ "used with nameserver, such as office, home."))
o.rmempty = true
o.placeholder = "default"
o.datatype = "hostname"
o.rempty = true
o.modalonly = true;
// blacklist_ip
o = s.taboption("advanced", form.Flag, "blacklist_ip", _("IP Blacklist Filtering"),
_("Filtering IP with blacklist"))
o.rmempty = false
o.default = o.disabled
o.modalonly = true;
// TLS host verify
o = s.taboption("advanced", form.Value, "tls_host_verify", _("TLS Hostname Verify"),
_("Set TLS hostname to verify."))
o.default = ""
o.datatype = "string"
o.rempty = true
o.modalonly = true;
o.depends("type", "tls")
o.depends("type", "https")
// certificate verify
o = s.taboption("advanced", form.Flag, "no_check_certificate", _("No check certificate"),
_("Do not check certificate."))
o.rmempty = false
o.default = o.disabled
o.modalonly = true;
o.depends("type", "tls")
o.depends("type", "https")
// SNI host name
o = s.taboption("advanced", form.Value, "host_name", _("TLS SNI name"),
_("Sets the server name indication for query."))
o.default = ""
o.datatype = "hostname"
o.rempty = true
o.modalonly = true;
o.depends("type", "tls")
o.depends("type", "https")
// http host
o = s.taboption("advanced", form.Value, "http_host", _("HTTP Host"),
_("Set the HTTP host used for the query. Use this parameter when the host of the URL address is an IP address."))
o.default = ""
o.datatype = "hostname"
o.rempty = true
o.modalonly = true;
o.depends("type", "https")
// SPKI pin
o = s.taboption("advanced", form.Value, "spki_pin", _("TLS SPKI Pinning"),
_("Used to verify the validity of the TLS server, The value is Base64 encoded SPKI fingerprint, "
+ "leaving blank to indicate that the validity of TLS is not verified."))
o.default = ""
o.datatype = "string"
o.rempty = true
o.modalonly = true;
o.depends("type", "tls")
o.depends("type", "https")
// other args
o = s.taboption("advanced", form.Value, "addition_arg", _("Additional Server Args"),
_("Additional Args for upstream dns servers"))
o.default = ""
o.rempty = true
o.modalonly = true;
// Doman addresss;
s = m.section(form.TypedSection, "smartdns", _("Advanced Settings"), _("Advanced Settings"));
s.anonymous = true;
s.tab("domain-address", _("Domain Address"), _("Set Specific domain ip address."));
s.tab("blackip-list", _("IP Blacklist"), _("Set Specific ip blacklist."));
o = s.taboption("domain-address", form.TextValue, "address_conf",
"",
_("Specify an IP address to return for any host in the given domains, Queries in the domains are never "
+ "forwarded and always replied to with the specified IP address which may be IPv4 or IPv6."));
o.rows = 20;
o.cfgvalue = function (section_id) {
return fs.trimmed('/etc/smartdns/address.conf');
};
o.write = function (section_id, formvalue) {
return fs.write('/etc/smartdns/address.conf', formvalue.trim().replace(/\r\n/g, '\n') + '\n');
};
// IP Blacklist;
// blacklist;
o = s.taboption("blackip-list", form.TextValue, "blackip_ip_conf",
"", _("Configure IP blacklists that will be filtered from the results of specific DNS server."));
o.rows = 20;
o.cfgvalue = function (section_id) {
return fs.trimmed('/etc/smartdns/blacklist-ip.conf');
};
o.write = function (section_id, formvalue) {
return fs.write('/etc/smartdns/blacklist-ip.conf', formvalue.trim().replace(/\r\n/g, '\n') + '\n');
};
// Doman addresss;
s = m.section(form.TypedSection, "smartdns", _("Technical Support"),
_("If you like this software, please buy me a cup of coffee."));
s.anonymous = true;
o = s.option(form.Button, "web");
o.title = _("SmartDNS official website");
o.inputtitle = _("open website");
o.inputstyle = "apply";
o.onclick = function () {
window.open("https://pymumu.github.io/smartdns", '_blank');
};
o = s.option(form.Button, "Donate");
o.title = _("Donate to smartdns");
o.inputtitle = _("Donate");
o.inputstyle = "apply";
o.onclick = function () {
window.open("https://pymumu.github.io/smartdns/#donate", '_blank');
};
return m.render();
}
});

83
luci-app-smartdns/luasrc/controller/smartdns.lua
View File

@ -1,83 +0,0 @@
--
-- Copyright (C) 2018-2020 Ruilin Peng (Nick) <pymumu@gmail.com>.
--
-- smartdns is free software: you can redistribute it and/or modify
-- it under the terms of the GNU General Public License as published by
-- the Free Software Foundation, either version 3 of the License, or
-- (at your option) any later version.
--
-- smartdns is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-- GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License
-- along with this program. If not, see <http://www.gnu.org/licenses/>.
module("luci.controller.smartdns", package.seeall)
local smartdns = require "luci.model.smartdns"
function index()
if not nixio.fs.access("/etc/config/smartdns") then
return
end
local page
page = entry({"admin", "services", "smartdns"}, cbi("smartdns/smartdns"), _("SmartDNS"), 60)
page.dependent = true
page = entry({"admin", "services", "smartdns", "status"}, call("act_status"))
page.leaf = true
page = entry({"admin", "services", "smartdns", "upstream"}, cbi("smartdns/upstream"), nil)
page.leaf = true
end
local function is_running()
return luci.sys.call("pidof smartdns >/dev/null") == 0
end
function act_status()
local e={}
local ipv6_server;
local redirect_mode="none";
e.ipv6_works = 2;
e.ipv4_works = 2;
e.ipv6_server = 1;
e.dnsmasq_forward = 0;
redirect_mode = smartdns.get_config_option("smartdns", "smartdns", "redirect", nil);
if redirect_mode == "redirect" then
e.redirect = 1
elseif redirect_mode == "dnsmasq-upstream" then
e.redirect = 2
else
e.redirect = 0
end
e.local_port = smartdns.get_config_option("smartdns", "smartdns", "port", nil);
ipv6_server = smartdns.get_config_option("smartdns", "smartdns", "ipv6_server", nil);
if e.redirect == 1 then
if e.local_port ~= nil and e.local_port ~= "53" then
e.ipv4_works = luci.sys.call("iptables -t nat -nL PREROUTING 2>/dev/null | grep REDIRECT | grep dpt:53 | grep %q >/dev/null 2>&1" % e.local_port) == 0
if ipv6_server == "1" then
e.ipv6_works = luci.sys.call("ip6tables -t nat -nL PREROUTING 2>/dev/null| grep REDIRECT | grep dpt:53 | grep %q >/dev/null 2>&1" % e.local_port) == 0
else
e.ipv6_works = 2
end
else
e.redirect = 0
end
elseif e.redirect == 2 then
local str;
local dnsmasq_server = luci.sys.exec("uci get dhcp.@dnsmasq[0].server")
if e.local_port ~= nil then
str = "127.0.0.1#" .. e.local_port
if string.sub(dnsmasq_server,1,string.len(str)) == str then
e.dnsmasq_forward = 1
end
end
end
e.running = is_running()
luci.http.prepare_content("application/json")
luci.http.write_json(e)
end

342
luci-app-smartdns/luasrc/model/cbi/smartdns/smartdns.lua
View File

@ -1,342 +0,0 @@
--
-- Copyright (C) 2018-2020 Ruilin Peng (Nick) <pymumu@gmail.com>.
--
-- smartdns is free software: you can redistribute it and/or modify
-- it under the terms of the GNU General Public License as published by
-- the Free Software Foundation, either version 3 of the License, or
-- (at your option) any later version.
--
-- smartdns is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-- GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License
-- along with this program. If not, see <http://www.gnu.org/licenses/>.
require ("nixio.fs")
require ("luci.http")
require ("luci.dispatcher")
require ("nixio.fs")
m = Map("smartdns")
m.title = translate("SmartDNS Server")
m.description = translate("SmartDNS is a local high-performance DNS server, supports finding fastest IP, supports ad filtering, and supports avoiding DNS poisoning.")
m:section(SimpleSection).template = "smartdns/smartdns_status"
-- Basic
s = m:section(TypedSection, "smartdns", translate("Settings"), translate("General Settings"))
s.anonymous = true
s:tab("settings", translate("General Settings"))
s:tab("seconddns", translate("Second Server Settings"))
s:tab("custom", translate("Custom Settings"))
---- Eanble
o = s:taboption("settings", Flag, "enabled", translate("Enable"), translate("Enable or disable smartdns server"))
o.default = o.disabled
o.rempty = false
---- server name
o = s:taboption("settings", Value, "server_name", translate("Server Name"), translate("Smartdns server name"))
o.default = "smartdns"
o.datatype = "hostname"
o.rempty = false
---- Port
o = s:taboption("settings", Value, "port", translate("Local Port"), translate("Smartdns local server port"))
o.placeholder = 6053
o.default = 6053
o.datatype = "port"
o.rempty = false
---- Enable TCP server
o = s:taboption("settings", Flag, "tcp_server", translate("TCP Server"), translate("Enable TCP DNS Server"))
o.rmempty = false
o.default = o.enabled
o.cfgvalue = function(...)
return Flag.cfgvalue(...) or "1"
end
---- Support IPV6
o = s:taboption("settings", Flag, "ipv6_server", translate("IPV6 Server"), translate("Enable IPV6 DNS Server"))
o.rmempty = false
o.default = o.enabled
o.cfgvalue = function(...)
return Flag.cfgvalue(...) or "1"
end
---- Support DualStack ip selection
o = s:taboption("settings", Flag, "dualstack_ip_selection", translate("Dual-stack IP Selection"), translate("Enable IP selection between IPV4 and IPV6"))
o.rmempty = false
o.default = o.disabled
o.cfgvalue = function(...)
return Flag.cfgvalue(...) or "0"
end
---- Domain prefetch load
o = s:taboption("settings", Flag, "prefetch_domain", translate("Domain prefetch"), translate("Enable domain prefetch, accelerate domain response speed."))
o.rmempty = false
o.default = o.disabled
o.cfgvalue = function(...)
return Flag.cfgvalue(...) or "0"
end
---- Domain Serve expired
o = s:taboption("settings", Flag, "serve_expired", translate("Serve expired"),
translate("Attempts to serve old responses from cache with a TTL of 0 in the response without waiting for the actual resolution to finish."))
o.rmempty = false
o.default = o.disabled
o.cfgvalue = function(...)
return Flag.cfgvalue(...) or "0"
end
---- Redirect
o = s:taboption("settings", ListValue, "redirect", translate("Redirect"), translate("SmartDNS redirect mode"))
o.placeholder = "none"
o:value("none", translate("none"))
o:value("dnsmasq-upstream", translate("Run as dnsmasq upstream server"))
o:value("redirect", translate("Redirect 53 port to SmartDNS"))
o.default = "none"
o.rempty = false
---- cache-size
o = s:taboption("settings", Value, "cache_size", translate("Cache Size"), translate("DNS domain result cache size"))
o.rempty = true
---- rr-ttl
o = s:taboption("settings", Value, "rr_ttl", translate("Domain TTL"), translate("TTL for all domain result."))
o.rempty = true
---- rr-ttl-min
o = s:taboption("settings", Value, "rr_ttl_min", translate("Domain TTL Min"), translate("Minimum TTL for all domain result."))
o.rempty = true
o.placeholder = "300"
o.default = 300
o.optional = true
---- second dns server
---- rr-ttl-max
o = s:taboption("settings", Value, "rr_ttl_max", translate("Domain TTL Max"), translate("Maximum TTL for all domain result."))
o.rempty = true
---- Eanble
o = s:taboption("seconddns", Flag, "seconddns_enabled", translate("Enable"), translate("Enable or disable second DNS server."))
o.default = o.disabled
o.rempty = false
---- Port
o = s:taboption("seconddns", Value, "seconddns_port", translate("Local Port"), translate("Smartdns local server port"))
o.placeholder = 6553
o.default = 6553
o.datatype = "port"
o.rempty = false
---- Enable TCP server
o = s:taboption("seconddns", Flag, "seconddns_tcp_server", translate("TCP Server"), translate("Enable TCP DNS Server"))
o.rmempty = false
o.default = o.enabled
o.cfgvalue = function(...)
return Flag.cfgvalue(...) or "1"
end
---- dns server group
o = s:taboption("seconddns", Value, "seconddns_server_group", translate("Server Group"), translate("Query DNS through specific dns server group, such as office, home."))
o.rmempty = true
o.placeholder = "default"
o.datatype = "hostname"
o.rempty = true
o = s:taboption("seconddns", Flag, "seconddns_no_speed_check", translate("Skip Speed Check"), translate("Do not check speed."))
o.rmempty = false
o.default = o.disabled
o.cfgvalue = function(...)
return Flag.cfgvalue(...) or "0"
end
---- skip address rules
o = s:taboption("seconddns", Flag, "seconddns_no_rule_addr", translate("Skip Address Rules"), translate("Skip address rules."))
o.rmempty = false
o.default = o.disabled
o.cfgvalue = function(...)
return Flag.cfgvalue(...) or "0"
end
---- skip name server rules
o = s:taboption("seconddns", Flag, "seconddns_no_rule_nameserver", translate("Skip Nameserver Rule"), translate("Skip nameserver rules."))
o.rmempty = false
o.default = o.disabled
o.cfgvalue = function(...)
return Flag.cfgvalue(...) or "0"
end
---- skip ipset rules
o = s:taboption("seconddns", Flag, "seconddns_no_rule_ipset", translate("Skip Ipset Rule"), translate("Skip ipset rules."))
o.rmempty = false
o.default = o.disabled
o.cfgvalue = function(...)
return Flag.cfgvalue(...) or "0"
end
---- skip soa address rule
o = s:taboption("seconddns", Flag, "seconddns_no_rule_soa", translate("Skip SOA Address Rule"), translate("Skip SOA address rules."))
o.rmempty = false
o.default = o.disabled
o.cfgvalue = function(...)
return Flag.cfgvalue(...) or "0"
end
o = s:taboption("seconddns", Flag, "seconddns_no_dualstack_selection", translate("Skip Dualstack Selection"), translate("Skip Dualstack Selection."))
o.rmempty = false
o.default = o.disabled
o.cfgvalue = function(...)
return Flag.cfgvalue(...) or "0"
end
---- skip cache
o = s:taboption("seconddns", Flag, "seconddns_no_cache", translate("Skip Cache"), translate("Skip Cache."))
o.rmempty = false
o.default = o.disabled
o.cfgvalue = function(...)
return Flag.cfgvalue(...) or "0"
end
---- Force AAAA SOA
o = s:taboption("seconddns", Flag, "force_aaaa_soa", translate("Force AAAA SOA"), translate("Force AAAA SOA."))
o.rmempty = false
o.default = o.disabled
o.cfgvalue = function(...)
return Flag.cfgvalue(...) or "0"
end
----- custom settings
custom = s:taboption("custom", Value, "Custom Settings",
translate(""),
translate("smartdns custom settings"))
custom.template = "cbi/tvalue"
custom.rows = 20
function custom.cfgvalue(self, section)
return nixio.fs.readfile("/etc/smartdns/custom.conf")
end
function custom.write(self, section, value)
value = value:gsub("\r\n?", "\n")
nixio.fs.writefile("/etc/smartdns/custom.conf", value)
end
o = s:taboption("custom", Flag, "coredump", translate("Generate Coredump"), translate("Generate Coredump file when smartdns crash, coredump file is located at /tmp/smartdns.xxx.core."))
o.rmempty = false
o.default = o.disabled
o.cfgvalue = function(...)
return Flag.cfgvalue(...) or "0"
end
-- Upstream servers
s = m:section(TypedSection, "server", translate("Upstream Servers"), translate("Upstream Servers, support UDP, TCP protocol. " ..
"Please configure multiple DNS servers, including multiple foreign DNS servers."))
s.anonymous = true
s.addremove = true
s.template = "cbi/tblsection"
s.extedit = luci.dispatcher.build_url("admin/services/smartdns/upstream/%s")
---- enable flag
o = s:option(Flag, "enabled", translate("Enable"), translate("Enable"))
o.rmempty = false
o.default = o.enabled
o.cfgvalue = function(...)
return Flag.cfgvalue(...) or "1"
end
---- name
s:option(Value, "name", translate("DNS Server Name"), translate("DNS Server Name"))
---- IP address
o = s:option(Value, "ip", translate("ip"), translate("DNS Server ip"))
o.datatype = "or(ipaddr, string)"
o.rmempty = false
---- port
o = s:option(Value, "port", translate("port"), translate("DNS Server port"))
o.placeholder = "default"
o.datatype = "port"
o.rempty = true
o:depends("type", "udp")
o:depends("type", "tcp")
o:depends("type", "tls")
---- type
o = s:option(ListValue, "type", translate("type"), translate("DNS Server type"))
o.placeholder = "udp"
o:value("udp", translate("udp"))
o:value("tcp", translate("tcp"))
o:value("tls", translate("tls"))
o:value("https", translate("https"))
o.default = "udp"
o.rempty = false
s = m:section(TypedSection, "smartdns", translate("Advanced Settings"), translate("Advanced Settings"));
s.anonymous = true;
s:tab("domain-address", translate("Domain Address"), translate("Set Specific domain ip address."));
s:tab("blackip-list", translate("IP Blacklist"), translate("Set Specific ip blacklist."));
-- Doman addresss
addr = s:taboption("domain-address", Value, "address",
translate(""),
translate("Specify an IP address to return for any host in the given domains, Queries in the domains are never forwarded and always replied to with the specified IP address which may be IPv4 or IPv6."))
addr.template = "cbi/tvalue"
addr.rows = 20
function addr.cfgvalue(self, section)
return nixio.fs.readfile("/etc/smartdns/address.conf")
end
function addr.write(self, section, value)
value = value:gsub("\r\n?", "\n")
nixio.fs.writefile("/etc/smartdns/address.conf", value)
end
-- IP Blacklist
addr = s:taboption("blackip-list", Value, "blacklist_ip",
translate(""),
translate("Configure IP blacklists that will be filtered from the results of specific DNS server."))
addr.template = "cbi/tvalue"
addr.rows = 20
function addr.cfgvalue(self, section)
return nixio.fs.readfile("/etc/smartdns/blacklist-ip.conf")
end
function addr.write(self, section, value)
value = value:gsub("\r\n?", "\n")
nixio.fs.writefile("/etc/smartdns/blacklist-ip.conf", value)
end
-- Technical Support
s = m:section(TypedSection, "smartdns", translate("Technical Support"),
translate("If you like this software, please buy me a cup of coffee."))
s.anonymous = true
o = s:option(Button, "web")
o.title = translate("SmartDNS official website")
o.inputtitle = translate("open website")
o.inputstyle = "apply"
o.write = function()
luci.http.redirect("https://pymumu.github.io/smartdns")
end
o = s:option(Button, "Donate")
o.title = translate("Donate to smartdns")
o.inputtitle = translate("Donate")
o.inputstyle = "apply"
o.write = function()
luci.http.redirect("https://pymumu.github.io/smartdns/#donate")
end
return m

119
luci-app-smartdns/luasrc/model/cbi/smartdns/upstream.lua
View File

@ -1,119 +0,0 @@
--
-- Copyright (C) 2018-2020 Ruilin Peng (Nick) <pymumu@gmail.com>.
--
-- smartdns is free software: you can redistribute it and/or modify
-- it under the terms of the GNU General Public License as published by
-- the Free Software Foundation, either version 3 of the License, or
-- (at your option) any later version.
--
-- smartdns is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-- GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License
-- along with this program. If not, see <http://www.gnu.org/licenses/>.
local sid = arg[1]
m = Map("smartdns", "%s - %s" %{translate("SmartDNS Server"), translate("Upstream DNS Server Configuration")})
m.redirect = luci.dispatcher.build_url("admin/services/smartdns")
if m.uci:get("smartdns", sid) ~= "server" then
luci.http.redirect(m.redirect)
return
end
-- [[ Edit Server ]]--
s = m:section(NamedSection, sid, "server")
s.anonymous = true
s.addremove = false
---- name
s:option(Value, "name", translate("DNS Server Name"), translate("DNS Server Name"))
---- IP address
o = s:option(Value, "ip", translate("ip"), translate("DNS Server ip"))
o.datatype = "or(host, string)"
o.rmempty = false
---- port
o = s:option(Value, "port", translate("port"), translate("DNS Server port"))
o.placeholder = "default"
o.datatype = "port"
o.rempty = true
o:depends("type", "udp")
o:depends("type", "tcp")
o:depends("type", "tls")
---- type
o = s:option(ListValue, "type", translate("type"), translate("DNS Server type"))
o.placeholder = "udp"
o:value("udp", translate("udp"))
o:value("tcp", translate("tcp"))
o:value("tls", translate("tls"))
o:value("https", translate("https"))
o.default = "udp"
o.rempty = false
---- server group
o = s:option(Value, "server_group", translate("Server Group"), translate("DNS Server group belongs to, used with nameserver, such as office, home."))
o.rmempty = true
o.placeholder = "default"
o.datatype = "hostname"
o.rempty = true
---- blacklist_ip
o = s:option(Flag, "blacklist_ip", translate("IP Blacklist Filtering"), translate("Filtering IP with blacklist"))
o.rmempty = false
o.default = o.disabled
o.cfgvalue = function(...)
return Flag.cfgvalue(...) or "0"
end
---- TLS host verify
o = s:option(Value, "tls_host_verify", translate("TLS Hostname Verify"), translate("Set TLS hostname to verify."))
o.default = ""
o.datatype = "string"
o.rempty = true
o:depends("type", "tls")
o:depends("type", "https")
---- SNI host name
o = s:option(Value, "host_name", translate("TLS SNI name"), translate("Sets the server name indication for query."))
o.default = ""
o.datatype = "hostname"
o.rempty = true
o:depends("type", "tls")
o:depends("type", "https")
---- http host
o = s:option(Value, "http_host", translate("HTTP Host"), translate("Set the HTTP host used for the query. Use this parameter when the host of the URL address is an IP address."))
o.default = ""
o.datatype = "hostname"
o.rempty = true
o:depends("type", "https")
---- anti-Answer-Forgery
-- o = s:option(Flag, "check_edns", translate("Anti Answer Forgery"), translate("Anti answer forgery, if DNS does not work properly after enabling, please turn off this feature"))
-- o.rmempty = false
-- o.default = o.disabled
-- o:depends("type", "udp")
-- o.cfgvalue = function(...)
-- return Flag.cfgvalue(...) or "0"
-- end
---- SPKI pin
o = s:option(Value, "spki_pin", translate("TLS SPKI Pinning"), translate("Used to verify the validity of the TLS server, The value is Base64 encoded SPKI fingerprint, leaving blank to indicate that the validity of TLS is not verified."))
o.default = ""
o.datatype = "string"
o.rempty = true
o:depends("type", "tls")
o:depends("type", "https")
---- other args
o = s:option(Value, "addition_arg", translate("Additional Server Args"), translate("Additional Args for upstream dns servers"))
o.default = ""
o.rempty = true
o.optional = true
return m

31
luci-app-smartdns/luasrc/model/smartdns.lua
View File

@ -1,31 +0,0 @@
--
-- Copyright (C) 2018-2020 Ruilin Peng (Nick) <pymumu@gmail.com>.
--
-- smartdns is free software: you can redistribute it and/or modify
-- it under the terms of the GNU General Public License as published by
-- the Free Software Foundation, either version 3 of the License, or
-- (at your option) any later version.
--
-- smartdns is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-- GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License
-- along with this program. If not, see <http://www.gnu.org/licenses/>.
require ("nixio.fs")
require ("luci.http")
require ("luci.dispatcher")
require ("nixio.fs")
local uci = require "luci.model.uci".cursor()
module("luci.model.smartdns", package.seeall)
function get_config_option(module, section, option, default)
return uci:get_first(module, section, option) or default
end
return m

41
luci-app-smartdns/luasrc/view/smartdns/smartdns_status.htm
View File

@ -1,41 +0,0 @@
<script type="text/javascript">//<![CDATA[
XHR.poll(3, '<%=luci.dispatcher.build_url("admin", "services", "smartdns", "status")%>', null,
function(x, data) {
var tb = document.getElementById('smartdns_status');
if (data && tb) {
var links = "";
if (data.running) {
links = '<b><font color=green>SmartDNS - <%:RUNNING%></font></b></em>';
if (data.redirect) {
if (data.redirect == 1) {
if (data.ipv4_works == 0) {
links += "<br></br><b><font color=red><%:IPV4 53 Port Redirect Failure%></font></b>"
}
if (data.ipv6_works != 2) {
if (data.ipv6_works == 0) {
links += "<br></br><b><font color=red><%:IPV6 53 Port Redirect Failure%></font></b>"
}
}
} else if (data.redirect == 2) {
if (data.dnsmasq_forward == 0) {
links += "<br></br><b><font color=red><%:Dnsmasq Forwared To Smartdns Failure%></font></b>"
}
}
}
} else {
links = '<b><font color=red>SmartDNS - <%:NOT RUNNING%></font></b>';
}
tb.innerHTML = links;
}
}
);
//]]>
</script>
<style>.mar-10 {margin-left: 50px; margin-right: 10px;}</style>
<fieldset class="cbi-section">
<p id="smartdns_status">
<em><%:Collecting data...%></em>
</p>
</fieldset>

14
luci-app-smartdns/po/zh-cn/smartdns.po
View File

@ -25,6 +25,12 @@ msgstr "设置"
msgid "Advanced Settings"
msgstr "高级设置"
msgid "RUNNING"
msgstr "运行中"
msgid "NOT RUNNING"
msgstr "未运行"
msgid "Generate Coredump"
msgstr "生成coredump"
@ -83,7 +89,7 @@ msgid "Enable domain prefetch, accelerate domain response speed."
msgstr "启用域名预加载,加速域名响应速度。"
msgid "Serve expired"
msgstr "过期缓存服务"
msgstr "缓存过期服务"
msgid "Attempts to serve old responses from cache with a TTL of 0 in the response without waiting for the actual resolution to finish."
msgstr "查询性能优化有请求时尝试回应TTL为0的过期记录以避免查询等待。"
@ -181,6 +187,12 @@ msgstr "跳过cache"
msgid "Skip Cache."
msgstr "跳过cache。"
msgid "Force AAAA SOA"
msgstr "停用IPV6地址解析"
msgid "Force AAAA SOA."
msgstr "停用IPV6地址解析。"
msgid "Upstream Servers"
msgstr "上游服务器"

13
luci-app-smartdns/root/etc/uci-defaults/50_luci-smartdns
View File

@ -1,13 +0,0 @@
#!/bin/sh
# Copyright 2018-2020 Nick Peng <pymumu@gmail.com>
# Licensed to the public under the GPL V3 License.
uci -q batch <<-EOF >/dev/null
delete ucitrack.@smartdns[-1]
add ucitrack smartdns
set ucitrack.@smartdns[-1].init=smartdns
commit ucitrack
EOF
rm -f /tmp/luci-indexcache
exit 0

12
luci-app-smartdns/root/usr/share/luci/menu.d/luci-app-smartdns.json Normal file
View File

@ -0,0 +1,12 @@
{
"admin/services/smartdns": {
"title": "SmartDNS",
"action": {
"type": "view",
"path": "smartdns/smartdns"
},
"depends": {
"uci": { "smartdns": true }
}
}
}

23
luci-app-smartdns/root/usr/share/rpcd/acl.d/luci-app-smartdns.json Normal file
View File

@ -0,0 +1,23 @@
{
"luci-app-smartdns": {
"description": "Grant access to LuCI app smartdns",
"read": {
"file": {
"/etc/smartdns/*": [ "read" ],
"/usr/sbin/iptables -t nat -nL PREROUTING": [ "exec" ],
"/usr/sbin/ip6tables -t nat -nL PREROUTING": [ "exec" ],
"/usr/sbin/smartdns": [ "exec" ]
},
"ubus": {
"service": [ "list" ]
},
"uci": [ "smartdns" ]
},
"write": {
"file": {
"/etc/smartdns/*": [ "write" ]
},
"uci": [ "smartdns" ]
}
}
}

52
luci-app-tencentcloud-cos/Makefile Normal file
View File

@ -0,0 +1,52 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-tencentcloud-cos
PKG_VERSION=1.0
PKG_RELEASE:=1
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
include $(INCLUDE_DIR)/package.mk
include $(TOPDIR)/feeds/luci/luci.mk
define Package/luci-app-tencentcloud-cos
SECTION:=luci
CATEGORY:=LuCI
SUBMENU:=3. Applications
TITLE:=COSFS Client for LuCI
PKGARCH:=all
DEPENDS=+vsftpd-alt
endef
define Package/luci-app-tencentcloud-cos/description
This package contains LuCI configuration pages for 腾讯云COS.
endef
define Build/Prepare
endef
define Build/Configure
endef
define Build/Compile
endef
define Package/luci-app-tencentcloud-cos/install
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_DIR) $(1)/etc
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_DIR) $(1)/usr/lib/lua/luci/model/cbi
$(INSTALL_DIR) $(1)/usr/lib/lua/luci/controller
$(INSTALL_CONF) ./files/root/etc/config/cosclient $(1)/etc/config/cosclient
$(INSTALL_CONF) ./files/root/etc/passwd-cosfs $(1)/etc/passwd-cosfs
$(INSTALL_BIN) ./files/root/etc/init.d/cosclient $(1)/etc/init.d/cosclient
$(INSTALL_BIN) ./files/root/etc/uploadData $(1)/etc/uploadData
$(INSTALL_BIN) ./files/root/etc/uci-defaults/cosclient $(1)/etc/uci-defaults/cosclient
$(INSTALL_DATA) ./files/root/usr/lib/lua/luci/model/cbi/cosclient.lua $(1)/usr/lib/lua/luci/model/cbi/cosclient.lua
$(INSTALL_DATA) ./files/root/usr/lib/lua/luci/controller/cosclient.lua $(1)/usr/lib/lua/luci/controller/cosclient.lua
endef
$(eval $(call BuildPackage,luci-app-tencentcloud-cos))

9
luci-app-tencentcloud-cos/files/root/etc/config/cosclient Normal file
View File

@ -0,0 +1,9 @@
config cosclient
option secretid ''
option secretkey ''
option bucket ''
option region ''
option sharename ''
option folder 'cos'
option siteid ''

51
luci-app-tencentcloud-cos/files/root/etc/init.d/cosclient Normal file
View File

@ -0,0 +1,51 @@
#!/bin/sh /etc/rc.common
START=100
run_cos()
{
local enable
config_get_bool enable $1 enable
if [ $enable ]; then
local bucket
local region
local folder
local secretid
local secretkey
local requestAddrPre="http://cos."
local requestAddrEnd=".myqcloud.com"
config_get bucket $1 bucket
config_get region $1 region
config_get folder $1 folder
config_get secretid $1 secretid
config_get secretkey $1 secretkey
local flodername="/home/ftp/"$folder
if [ ! -d "$flodername" ];then
mkdir $flodername
fi
echo $bucket":"$secretid":"$secretkey > /etc/passwd-cosfs
uci set vsftpd.@anonymous[-1].enable=1
uci set vsftpd.@anonymous[-1].enable=1
uci set vsftpd.@anonymous[-1].enable=1
uci set vsftpd.@anonymous[-1].enable=1
uci commit vsftpd
/etc/init.d/vsftpd restart
cosfs $bucket $flodername -ourl=$requestAddrPre$region$requestAddrEnd -odbglevel=info -onoxattr -oallow_other
echo "COSFS Client has started."
fi
}
start()
{
count=`mount -v | grep fuse.cosfs | awk '{print $3}' | wc -l`
if [ "$count" -ge 1 ]; then
mount -v | grep fuse.cosfs | awk '{print $3}' | xargs umount
fi
config_load cosclient
config_foreach run_cos cosclient
}
stop(){
echo "STOP"
}

0
luci-app-tencentcloud-cos/files/root/etc/passwd-cosfs Normal file
View File

11
luci-app-tencentcloud-cos/files/root/etc/uci-defaults/cosclient Normal file
View File

@ -0,0 +1,11 @@
#!/bin/sh
uci -q batch <<-EOF >/dev/null
delete ucitrack.@cosclient[-1]
add ucitrack cosclient
set ucitrack.@cosclient[-1].init=cosclient
commit ucitrack
EOF
rm -f /tmp/luci-indexcache
exit 0

44
luci-app-tencentcloud-cos/files/root/etc/uploadData Normal file
View File

@ -0,0 +1,44 @@
#!/bin/bash
runflag=$1
if [[ $1 -eq 1 ]]; then
enabled=$2
secretId=$3
secretKey=$4
bucket=$5
region=$6
uin=`/etc/openw $3 $4`
siteid=`uci get cosclient.@cosclient[-1].siteid`
siteurl="openwrt"
siteapp="openwrt"
plugintype="cos"
if [[ ! $siteid ]]; then
$siteid="openwrt_"$(rand 1 50)
`uci set cosclient.@cosclient[-1].sitid=$siteid`
`uci commit cosclient`
fi
. /usr/share/libubox/jshn.sh
json_init
json_add_string "action" "save_config"
json_add_string "plugin_type" "cos"
json_add_object "data"
json_add_string "site_id" $siteid
json_add_string "site_url" $siteurl
json_add_string "site_app" $siteapp
json_add_string "uin" $uin
json_add_string "cust_sec_on" "2"
json_add_object "others"
json_add_string "cos_bucket" $bucket
json_add_string "cos_region" $region
postdata=`json_dump`
`curl -X POST https://openapp.qq.com/api/public/index.php/upload -H "Content-Type: application/json" -d "$postdata"`
fi
function rand(){
min=$1
max=$(($2-$min+1))
num=$(date +%s%N)
echo $(($num%$max+$min))
}

6
luci-app-tencentcloud-cos/files/root/usr/lib/lua/luci/controller/cosclient.lua Normal file
View File

@ -0,0 +1,6 @@
module("luci.controller.cosclient", package.seeall)
function index()
entry({"admin", "tencentcloud"}, firstchild(), "腾讯云设置", 30).dependent=false
entry({"admin", "tencentcloud", "cosclient"}, cbi("cosclient"), _("对象存储COS"), 1)
end

57
luci-app-tencentcloud-cos/files/root/usr/lib/lua/luci/model/cbi/cosclient.lua Normal file
View File

@ -0,0 +1,57 @@
--[[
LuCI - Lua Configuration Interface
Copyright 2010 Jo-Philipp Wich <xm@subsignal.org>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
]]--
require("luci.sys")
m = Map("cosclient", translate("COSFS Client"), translate("Configure COSFS Client."))
s = m:section(TypedSection, "cosclient", "")
s.addremove = false
s.anonymous = true
enable = s:option(Flag, "enable", translate("EnableCos"))
secretid = s:option(Value, "secretid", translate("secretId"))
secretkey = s:option(Value, "secretkey", translate("secretKey"))
bucket = s:option(Value, "bucket", translate("BucketName"))
region = s:option(Value, "region", translate("Region"))
folder = s:option(Value, "folder", translate("FolderName"))
local apply=luci.http.formvalue("cbi.apply")
if apply then
local key, val
local Enable
local Secretid
local Secretkey
local Bucket
local Region
for key, val in pairs(luci.http.formvalue()) do
if(string.find(key,"enable"))
then
Enable=val
elseif(string.find(key,"secretid"))
then
Secretid=val
elseif(string.find(key,"secretkey"))
then
Secretkey=val
elseif(string.find(key,"bucket"))
then
Bucket=val
elseif(string.find(key,"region"))
then
Region=val
end
end
luci.sys.call("/etc/uploadData 1 "..Enable.." "..Secretid.." "..Secretkey.." "..Bucket.." "..Region.." > /dev/null")
end
return m

4
my-autocore/Makefile
View File

@ -14,6 +14,8 @@ PKG_RELEASE:=29
include $(INCLUDE_DIR)/package.mk
define Package/my-autocore-arm
SECTION:=libs
CATEGORY:=Libraries
TITLE:=ARM auto core script.
MAINTAINER:=CN_SZTL
DEPENDS:=@(arm||aarch64) \
@ -24,6 +26,8 @@ define Package/my-autocore-arm
endef
define Package/my-autocore-x86
SECTION:=libs
CATEGORY:=Libraries
TITLE:=x86/x64 auto core loadbalance script.
MAINTAINER:=Lean / CN_SZTL
DEPENDS:=@TARGET_x86 +bc +lm-sensors +ethtool

1
my-default-settings/Makefile
View File

@ -44,3 +44,4 @@ define Package/$(PKG_NAME)/install
endef
$(eval $(call BuildPackage,$(PKG_NAME)))

28
my-default-settings/files/sysinfo.sh
View File

@ -12,12 +12,6 @@ DATA_STORAGE=/userdisk/data
MEDIA_STORAGE=/userdisk/snail
[[ -f /etc/default/motd ]] && . /etc/default/motd
for f in $MOTD_DISABLE; do
[[ $f == $THIS_SCRIPT ]] && exit 0
done
# don't edit below here
function display()
{
@ -66,24 +60,6 @@ function storage_info()
RootInfo=$(df -h /)
root_usage=$(awk '/\// {print $(NF-1)}' <<<${RootInfo} | sed 's/%//g')
root_total=$(awk '/\// {print $(NF-4)}' <<<${RootInfo})
# storage info
[ -d /boot ] && {
BootInfo=$(df -h /boot) 2>/dev/null
boot_usage=$(awk '/\// {print $(NF-1)}' <<<${BootInfo} | sed 's/%//g')
boot_total=$(awk '/\// {print $(NF-4)}' <<<${BootInfo})
}
StorageInfo=$(df -h $MEDIA_STORAGE 2>/dev/null | grep $MEDIA_STORAGE)
if [[ -n "${StorageInfo}" && ${RootInfo} != *$MEDIA_STORAGE* ]]; then
media_usage=$(awk '/\// {print $(NF-1)}' <<<${StorageInfo} | sed 's/%//g')
media_total=$(awk '/\// {print $(NF-4)}' <<<${StorageInfo})
fi
StorageInfo=$(df -h $DATA_STORAGE 2>/dev/null | grep $DATA_STORAGE)
if [[ -n "${StorageInfo}" && ${RootInfo} != *$DATA_STORAGE* ]]; then
data_usage=$(awk '/\// {print $(NF-1)}' <<<${StorageInfo} | sed 's/%//g')
data_total=$(awk '/\// {print $(NF-4)}' <<<${StorageInfo})
fi
} # storage_info
@ -142,8 +118,4 @@ echo "" # fixed newline
display "系统存储" "$root_usage" "90" "1" "%" " of $root_total"
printf "CPU 信息: \x1B[92m%s\x1B[0m\t" "$(echo `/sbin/cpuinfo | cut -d '(' -f -1`)"
echo ""
display "数据存储" "$data_usage" "90" "1" "%" " of $data_total"
display "媒体存储" "$media_usage" "90" "1" "%" " of $media_total"
echo ""
echo ""

233
my-default-settings/files/uci.defaults
View File

@ -0,0 +1,233 @@
#!/bin/sh
grep -q "ng_index.html index.html" /etc/config/nginx || {
uci -q set nginx._lan.index="ng_index.html index.html index.htm"
uci -q set nginx._ssl.index="ng_index.html index.html index.htm"
uci commit nginx
service nginx reload
}
# [[ "$(df | grep overlay)" && ! "$(df | grep /rom/overlay)" ]] && firstboot
version=`uci -q get base_config.@status[0].version`
. /etc/openwrt_release
test -n "${DISTRIB_ID}" || DISTRIB_ID=OpenWrt
DISTRIB_ID=`echo -n $DISTRIB_ID | tr a-z A-Z`
if [ "$(uci -q get dhcp.@dnsmasq[0].port)" != "53" ]; then
uci -q set dhcp.@dnsmasq[0].port='53'
uci commit dhcp
fi
uci -q batch <<EOF
set attendedsysupgrade.server.url='https://op.supes.top'
commit attendedsysupgrade
EOF
uci set dockerd.firewall.extra_iptables_args='--match conntrack ! --ctstate RELATED,ESTABLISHED'
uci commit dockerd
sed -i '/profile.d/d' /lib/upgrade/keep.d/base-files
echo $(uci -q get uhttpd.main.index_page) | grep -q "cgi-bin/luci" ||
uci -q add_list uhttpd.main.index_page='cgi-bin/luci' && uci commit uhttpd
/etc/init.d/wizard disable
[ -f /usr/bin/wget ] &&
ln -s /usr/bin/wget /usr/bin/wget-ssl
sed -i "s/git-.*-\(.*\)/git-\1/g" /usr/lib/lua/luci/version.lua
[[ "$(echo "$(/sbin/cpuinfo 2>/dev/null)" | grep -i "MHz")" ]] || sed -i "s/_('CPU Info'),cpuinfo.cpufreq,//" /www/luci-static/resources/view/status/include/10_system.js
grep -q op.supes.top /etc/bypass/white.list ||
echo "op.supes.top" >> /etc/bypass/white.list
processor=`cat /proc/cpuinfo | grep 'processor' | wc -l`
test -n "$processor" || processor=3
sed -i "/^threads =/c\threads = $processor" /etc/uwsgi/vassals/luci-webui.ini
test $version -lt 1 && {
uci -q set luci.main.lang='auto'
uci -q set luci.main.mediaurlbase=/luci-static/edge
uci commit luci
uci -q set dropbear.@dropbear[0].Interface='lan'
uci commit dropbear
uci -q get system.@system[0] >/dev/null 2>&1 && {
uci -q set system.@system[0].hostname="${DISTRIB_ID}"
uci -q set system.@system[0].zonename='Asia/Shanghai'
uci -q set system.@system[0].timezone='CST-8'
uci -q del system.ntp.server
uci -q add_list system.ntp.server='ntp.aliyun.com'
uci -q add_list system.ntp.server='0.openwrt.pool.ntp.org'
uci commit system
}
uci -q set uhttpd.main.rfc1918_filter=0
uci -q set uhttpd.main.redirect_https=0
uci -q set uhttpd.main.script_timeout='120'
uci commit uhttpd
wifi_setup_radio(){
local radio=$1
uci -q get wireless.${radio} >/dev/null 2>&1 && {
uci -q batch <<-EOT
set -q wireless.${radio}.disabled='0'
EOT
if [ "$(uci -q get wireless.${radio}.hwmode)" = "11a" ]; then
uci -q set wireless.${radio}.htmode='VHT80'
else
uci -q set wireless.${radio}.htmode='VHT40'
fi
obj=`uci -q add wireless wifi-iface`
test -n "$obj" && {
uci -q set wireless.$obj.device="${radio}"
uci -q set wireless.$obj.network='lan'
uci -q set wireless.$obj.mode='ap'
if [ "$(uci -q get wireless.${radio}.hwmode)" == "11a" ]; then
uci -q set wireless.$obj.ssid="${SSID}_5G"
else
uci -q set wireless.$obj.ssid="${SSID}_2.4G"
fi
if [ "${SSID_PASSWD}" ]; then
uci -q set wireless.$obj.encryption='psk2'
uci -q set wireless.$obj.key="${SSID_PASSWD}"
else
uci -q set wireless.$obj.encryption='none'
fi
}
}
}
[ -f /etc/config/wireless ] && {
SSID=${DISTRIB_ID}
SSID_PASSWD=""
while uci delete wireless.@wifi-iface[0] >/dev/null 2>&1; do :; done
for radio in radio0 radio1 radio2 radio3 wifi0 wifi1 wifi2 wifi3; do
wifi_setup_radio ${radio}
done
uci commit wireless
}
uci -q set upnpd.config.enabled='1'
uci commit upnpd
grep -q log-facility /etc/dnsmasq.conf ||
echo "log-facility=/dev/null" >> /etc/dnsmasq.conf
grep -q /etc/dnsmasq.d /etc/dnsmasq.conf ||
echo "conf-dir=/etc/dnsmasq.d" >> /etc/dnsmasq.conf
uci -q set firewall.@defaults[0].fullcone='1'
uci commit firewall
uci -q set fstab.@global[0].anon_mount=1
uci commit fstab
uci -q set network.lan.ipaddr="10.0.0.1"
uci -q set network.@globals[0].packet_steering=1
uci commit network
uci -q set dhcp.@dnsmasq[0].dns_redirect='1'
uci -q set dhcp.@dnsmasq[0].allservers='1'
uci -q del dhcp.@dnsmasq[0].noresolv
uci -q set dhcp.@dnsmasq[0].cachesize='1500'
uci -q set dhcp.@dnsmasq[0].min_ttl='3600'
uci -q set dhcp.lan.force='1'
uci -q set dhcp.lan.ra='hybrid'
uci -q set dhcp.lan.ndp='hybrid'
uci -q set dhcp.lan.dhcpv6='hybrid'
uci -q set dhcp.lan.force='1'
uci commit dhcp
uci -q set nft-qos.default.limit_enable='0'
uci commit nft-qos
uci -q set system.@system[0].conloglevel='4'
uci -q set system.@system[0].cronloglevel='8'
uci commit system
}
# kB
memtotal=`grep MemTotal /proc/meminfo | awk '{print $2}'`
if test $memtotal -ge 1048576; then
# > 1024M
cachesize=10000
dnsforwardmax=10000
nf_conntrack_max=262144
elif test $memtotal -ge 524288; then
# <= 1024M
cachesize=10000
dnsforwardmax=10000
nf_conntrack_max=131072
elif test $memtotal -ge 262144; then
# <= 512M
cachesize=8192
dnsforwardmax=8192
nf_conntrack_max=65536
elif test $memtotal -ge 131072; then
# <= 256M
cachesize=4096
dnsforwardmax=4096
nf_conntrack_max=65536
elif test $memtotal -ge 65536; then
# <= 128M
cachesize=2048
dnsforwardmax=2048
nf_conntrack_max=32768
else
# < 64M
cachesize=1024
dnsforwardmax=1024
nf_conntrack_max=16384
fi
test $version -lt 1 && {
uci -q get dhcp.@dnsmasq[0] || uci -q add dhcp dnsmasq
uci -q set dhcp.@dnsmasq[0].cachesize="$cachesize"
uci -q set dhcp.@dnsmasq[0].dnsforwardmax="$dnsforwardmax"
uci -q set dhcp.@dnsmasq[0].localservice='0'
uci -q set dhcp.@dnsmasq[0].localise_queries='1'
uci -q set dhcp.@dnsmasq[0].rebind_protection='0'
uci -q set dhcp.@dnsmasq[0].rebind_localhost='1'
uci commit dhcp
uci -q set system.@system[0].zram_comp_algo='zstd'
uci -q set system.@system[0].zram_size_mb="$(expr $memtotal / 1024 / 3)"
uci commit system
version=1
}
# sysctl overwrite
SYSCTL_LOCAL=/etc/sysctl.d/50-local.conf
mkdir -p /etc/sysctl.d
echo -n >$SYSCTL_LOCAL
echo net.nf_conntrack_max=$nf_conntrack_max >>$SYSCTL_LOCAL
echo net.ipv4.ip_early_demux=0 >>$SYSCTL_LOCAL
echo net.bridge.bridge-nf-call-iptables=0 >>$SYSCTL_LOCAL
echo net.ipv4.fib_multipath_hash_policy=1 >>$SYSCTL_LOCAL
echo net.ipv4.tcp_congestion_control=cubic >>$SYSCTL_LOCAL
echo net.netfilter.nf_conntrack_helper=1 >>$SYSCTL_LOCAL
echo kernel.msgmax = 65536 >>$SYSCTL_LOCAL
echo kernel.msgmnb = 65536 >>$SYSCTL_LOCAL
echo vm.swappiness=0 >>$SYSCTL_LOCAL
cp -pR /www/cgi-bin/* /www/
rm -rf /tmp/luci-*
uci -q set base_config.@status[0].version=$version
uci commit base_config
(
[[ -f "/bin/coremark" && ! -f "/etc/bench.log" && "$(uci -q get wizard.default.coremark)" == '1' ]] && {
sleep 30
/bin/coremark >/tmp/coremark.log
cat /tmp/coremark.log | grep "CoreMark 1.0" | cut -d "/" -f 1 | cut -d "." -f -2 >/etc/bench.log
sed -i 's/CoreMark 1.0/(CpuMark/g' /etc/bench.log
echo " Scores)" >>/etc/bench.log
}
) &

9
my-default-settings/po/zh_Hans/default.po
View File

@ -158,3 +158,12 @@ msgstr "客户端缓存的最小 DNS TTL"
msgid "Modify DNS entries minimum TTL (max is 86400, 0 is no modify)"
msgstr "修改发送到客户端的域名记录的 TTL 时间 (最大 86400, 0 表示不修改)"
msgid "FullCone NAT"
msgstr "全锥形 NAT"
msgid "Using FullCone NAT can improve gaming performance effectively"
msgstr "使用全锥形 NAT 可以有效提升游戏体验"
msgid "Used space"
msgstr "已用空间"

93
netmaker/Makefile Normal file
View File

@ -0,0 +1,93 @@
#
# Copyright (C) 2019 sbilly <superli_1980@hotmail.com>
#
# This is free software, licensed under the MIT License.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=netmaker
PKG_VERSION:=0.9.2
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/gravitl/netmaker.git
PKG_SOURCE_VERSION:=bf51d02de1f3939cd7b1c117986f083848b86d6f
PKG_SOURCE_DATE:=20211214
PKG_MIRROR_HASH:=skip
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE
PKG_MAINTAINER:=sbilly <superli_1980@hotmail.com>
PKG_BUILD_DEPENDS:=golang/host
PKG_BUILD_PARALLEL:=1
PKG_USE_MIPS16:=0
GO_PKG:=github.com/gravitl/netmaker
GO_PKG_INSTALL_EXTRA:=extra/file extra/dir
GO_PKG_EXCLUDES:=excluded
GO_PKG_LDFLAGS:=-s -w
include $(INCLUDE_DIR)/package.mk
include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk
define Package/netmaker
$(call Package/netmaker/Default)
$(call GoPackage/GoSubMenu)
SECTION:=net
CATEGORY:=Network
SUBMENU:=VPN
endef
define Package/netmaker/Default
TITLE:=Netmaker for OpenWRT
URL:=https://github.com/gravitl/netmaker
DEPENDS:=$(GO_ARCH_DEPENDS)
MAINTAINER:=sbilly <superli_1980@hotmail.com>
endef
define Package/netmaker/Default/description
Netmaker is a platform for creating and managing fast, secure, and
dynamic virtual overlay networks using WireGuard. This project offers
OpenWRT packages for Netmaker.
endef
define Package/netmaker/description
$(call Package/netmaker/Default/description)
This package contains the binaries.
endef
define Package/netmaker-dev
TITLE+= (source files)
SECTION:=net
CATEGORY:=Network
SUBMENU:=VPN
PKGARCH:=all
endef
define Package/netmaker-dev/description
$(call Package/netmaker/Default/description)
This package provides the source files.
endef
define Package/netmaker/install
$(INSTALL_DIR) $(1)/etc/netclient/
$(INSTALL_DIR) $(1)/etc/netclient/config
$(INSTALL_DIR) $(1)/etc/systemd/
$(INSTALL_DIR) $(1)/etc/systemd/system
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(GO_PKG_BUILD_BIN_DIR)/netmaker $(1)/usr/bin/
$(INSTALL_BIN) $(GO_PKG_BUILD_BIN_DIR)/netclient $(1)/usr/bin/
$(CP) ./files/* $(1)/
$(LN) netclient $(1)/etc/netclient/netclient
endef
$(eval $(call GoBinPackage,netmaker))
$(eval $(call BuildPackage,netmaker))
$(eval $(call GoSrcPackage,netmaker-dev))
$(eval $(call BuildPackage,netmaker-dev))

42
netmaker/files/etc/init.d/netclient Normal file
View File

@ -0,0 +1,42 @@
#!/bin/sh /etc/rc.common
#Created by oycol<oycol527@outlook.com>
EXTRA_COMMANDS="status"
EXTRA_HELP=" status Check service is running"
START=99
LOG_FILE="/tmp/netclient.logs"
start() {
mkdir -p /etc/netclient/config
mkdir -p /etc/systemd/system
if [ ! -f "${LOG_FILE}" ];then
touch "${LOG_FILE}"
fi
local PID=$(ps|grep "netclient checkin -n all"|grep -v grep|awk '{print $1}')
if [ "${PID}" ];then
echo "service is running"
return
fi
bash -c "while [ 1 ]; do /etc/netclient/netclient checkin -n all >> ${LOG_FILE} 2>&1;sleep 15;\
if [ $(ls -l ${LOG_FILE}|awk '{print $5}') -gt 10240000 ];then tar zcf "${LOG_FILE}.tar" -C / "tmp/netclient.logs" && > $LOG_FILE;fi;done &"
echo "start"
}
stop() {
local PID=$(ps|grep "netclient checkin -n all"|grep -v grep|awk '{print $1}')
if [ "${PID}" ];then
kill "${PID}"
fi
echo "stop"
}
status() {
local PID=$(ps|grep "netclient checkin -n all"|grep -v grep|awk '{print $1}')
if [ "${PID}" ];then
echo -e "netclient[${PID}] is running \n"
else
echo -e "netclient is not running \n"
fi
}