OpenWrt/kenzok8-package
1
0
Fork 0
mirror of https://github.com/kenzok8/small-package synced 2025-01-08 13:27:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

update 04-28 16:50:19

Browse Source
This commit is contained in:
github-actions[bot] 2022-04-28 16:50:19 +08:00
parent 57669191a5
commit 8158a798ca
24 changed files with 522 additions and 629 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app-store-ui/src/dist/luci-static/istore/index.js vendored
View File

File diff suppressed because one or more lines are too long

2
app-store-ui/src/dist/luci-static/istore/style.css vendored
View File

File diff suppressed because one or more lines are too long

2
dnsproxy/Makefile
View File

@ -5,7 +5,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=dnsproxy
PKG_VERSION:=0.42.1
PKG_VERSION:=0.42.2
PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz

4
luci-app-passwall/Makefile
View File

@ -6,8 +6,8 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-passwall
PKG_VERSION:=4.53
PKG_RELEASE:=11
PKG_VERSION:=4.54
PKG_RELEASE:=1
PKG_CONFIG_DEPENDS:= \
CONFIG_PACKAGE_$(PKG_NAME)_Transparent_Proxy \

2
luci-app-passwall/luasrc/controller/passwall.lua
View File

@ -181,7 +181,7 @@ end
function status()
-- local dns_mode = ucic:get(appname, "@global[0]", "dns_mode")
local e = {}
e.dns_mode_status = luci.sys.call("netstat -apn | grep ':7913 ' >/dev/null") == 0
e.dns_mode_status = luci.sys.call("netstat -apn | grep ':15353 ' >/dev/null") == 0
e.haproxy_status = luci.sys.call(string.format("top -bn1 | grep -v grep | grep '%s/bin/' | grep haproxy >/dev/null", appname)) == 0
e["tcp_node_status"] = luci.sys.call(string.format("top -bn1 | grep -v -E 'grep|acl/|acl_' | grep '%s/bin/' | grep -i 'TCP' >/dev/null", appname)) == 0

8
luci-app-passwall/luasrc/model/cbi/passwall/api/api.lua
View File

@ -206,6 +206,14 @@ function iprange(val)
return false
end
function get_domain_from_url(url)
local domain = string.match(url, "//([^/]+)")
if domain then
return domain
end
return url
end
function get_valid_nodes()
local nodes_ping = uci_get_type("global_other", "nodes_ping") or ""
local nodes = {}

318
luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray.lua
View File

@ -19,16 +19,17 @@ local local_http_port = var["-local_http_port"]
local local_http_username = var["-local_http_username"]
local local_http_password = var["-local_http_password"]
local dns_listen_port = var["-dns_listen_port"]
local dns_server = var["-dns_server"]
local dns_tcp_server = var["-dns_tcp_server"]
local dns_cache = var["-dns_cache"]
local doh_url = var["-doh_url"]
local doh_host = var["-doh_host"]
local dns_client_ip = var["-dns_client_ip"]
local dns_query_strategy = var["-dns_query_strategy"]
local remote_dns_server = var["-remote_dns_server"]
local remote_dns_port = var["-remote_dns_port"]
local remote_dns_tcp_server = var["-remote_dns_tcp_server"]
local remote_dns_doh_url = var["-remote_dns_doh_url"]
local remote_dns_doh_host = var["-remote_dns_doh_host"]
local remote_dns_fake = var["-remote_dns_fake"]
local dns_cache = var["-dns_cache"]
local dns_client_ip = var["-dns_client_ip"]
local dns_socks_address = var["-dns_socks_address"]
local dns_socks_port = var["-dns_socks_port"]
local dns_fakedns = var["-dns_fakedns"]
local loglevel = var["-loglevel"] or "warning"
local new_port
@ -291,59 +292,33 @@ if node_id then
table.insert(inbounds, inbound)
end
if tcp_redir_port then
table.insert(inbounds, {
port = tonumber(tcp_redir_port),
if tcp_redir_port or udp_redir_port then
local inbound = {
protocol = "dokodemo-door",
settings = {network = "tcp", followRedirect = true},
streamSettings = {sockopt = {tproxy = tcp_proxy_way}},
sniffing = {enabled = sniffing and true or false, destOverride = {"http", "tls", (dns_fakedns) and "fakedns"}, metadataOnly = false, routeOnly = route_only and true or nil, domainsExcluded = (sniffing and not route_only) and get_domain_excluded() or nil}
})
end
if udp_redir_port then
table.insert(inbounds, {
port = tonumber(udp_redir_port),
protocol = "dokodemo-door",
settings = {network = "udp", followRedirect = true},
settings = {network = "tcp,udp", followRedirect = true},
streamSettings = {sockopt = {tproxy = "tproxy"}},
sniffing = {enabled = sniffing and true or false, destOverride = {"http", "tls", (dns_fakedns) and "fakedns"}, metadataOnly = false, routeOnly = route_only and true or nil, domainsExcluded = (sniffing and not route_only) and get_domain_excluded() or nil}
})
end
sniffing = {enabled = sniffing and true or false, destOverride = {"http", "tls", (remote_dns_fake) and "fakedns"}, metadataOnly = false, routeOnly = route_only and true or nil, domainsExcluded = (sniffing and not route_only) and get_domain_excluded() or nil}
}
if tcp_redir_port then
local tcp_inbound = api.clone(inbound)
tcp_inbound.tag = "tcp_redir"
tcp_inbound.settings.network = "tcp"
tcp_inbound.port = tonumber(tcp_redir_port)
tcp_inbound.streamSettings.sockopt.tproxy = tcp_proxy_way
table.insert(inbounds, tcp_inbound)
end
local up_trust_doh = uci:get(appname, "@global[0]", "up_trust_doh")
if up_trust_doh then
local t = {}
string.gsub(up_trust_doh, '[^' .. "," .. ']+', function (w)
table.insert(t, w)
end)
if #t > 1 then
local host = sys.exec("echo -n $(echo " .. t[1] .. " | sed 's/https:\\/\\///g' | awk -F ':' '{print $1}' | awk -F '/' '{print $1}')")
dns = {
hosts = {
[host] = t[2]
}
}
if udp_redir_port then
local udp_inbound = api.clone(inbound)
udp_inbound.tag = "udp_redir"
udp_inbound.settings.network = "udp"
udp_inbound.port = tonumber(udp_redir_port)
table.insert(inbounds, udp_inbound)
end
end
if node.protocol == "_shunt" then
table.insert(outbounds, {
protocol = "freedom",
tag = "direct",
settings = {
domainStrategy = "UseIPv4"
},
streamSettings = {
sockopt = {
mark = 255
}
}
})
table.insert(outbounds, {
protocol = "blackhole",
tag = "blackhole"
})
local rules = {}
local default_node_id = node.default_node or "_direct"
@ -545,55 +520,64 @@ if node_id then
end
end
if dns_server or dns_fakedns then
table.insert(outbounds, {
protocol = "dns",
tag = "dns-out"
})
if remote_dns_server or remote_dns_doh_url or remote_dns_fake then
local rules = {}
local _remote_dns_proto = "tcp"
if not routing then
routing = {
domainStrategy = "IPOnDemand",
rules = {}
}
end
dns = {
tag = "dns-in1",
hosts = {},
disableCache = (dns_cache and dns_cache == "0") and true or false,
servers = {
dns_server
},
disableFallback = true,
disableFallbackIfMatch = true,
servers = {},
clientIp = (dns_client_ip and dns_client_ip ~= "") and dns_client_ip or nil,
queryStrategy = (dns_query_strategy and dns_query_strategy ~= "") and dns_query_strategy or nil
queryStrategy = (dns_query_strategy and dns_query_strategy ~= "") and dns_query_strategy or "UseIPv4"
}
if doh_url and doh_host then
dns.hosts = {
[doh_host] = dns_server
}
if not tcp_redir_port and not dns_socks_port then
doh_url = doh_url:gsub("https://", "https+local://")
end
dns.servers = {
doh_url
}
local _remote_dns = {
--_flag = "remote"
}
if remote_dns_tcp_server then
_remote_dns.address = remote_dns_tcp_server
_remote_dns.port = tonumber(remote_dns_port)
end
if dns_tcp_server then
if not tcp_redir_port and not dns_socks_port then
dns_tcp_server = dns_tcp_server:gsub("tcp://", "tcp+local://")
if remote_dns_doh_url and remote_dns_doh_host then
if remote_dns_server and remote_dns_doh_host ~= remote_dns_server and not api.is_ip(remote_dns_doh_host) then
dns.hosts[remote_dns_doh_host] = remote_dns_server
end
dns.servers = {
dns_tcp_server
}
_remote_dns.address = remote_dns_doh_url
_remote_dns.port = tonumber(remote_dns_port)
_remote_dns_proto = "doh"
end
if dns_fakedns then
if remote_dns_fake then
remote_dns_server = "1.1.1.1"
fakedns = {}
fakedns[#fakedns + 1] = {
ipPool = "198.18.0.0/16",
poolSize = 65535
}
dns_server = "1.1.1.1"
dns.servers = {
"fakedns"
}
if dns_query_strategy == "UseIP" then
fakedns[#fakedns + 1] = {
ipPool = "fc00::/18",
poolSize = 65535
}
end
_remote_dns.address = "fakedns"
end
table.insert(dns.servers, _remote_dns)
if dns_listen_port then
table.insert(inbounds, {
listen = "127.0.0.1",
@ -601,72 +585,128 @@ if dns_server or dns_fakedns then
protocol = "dokodemo-door",
tag = "dns-in",
settings = {
address = dns_server,
port = 53,
address = remote_dns_server,
port = (_remote_dns_proto ~= "doh" and tonumber(remote_dns_port)) and tonumber(remote_dns_port) or 53,
network = "tcp,udp"
}
})
end
table.insert(rules, {
type = "field",
inboundTag = {
"dns-in"
},
outboundTag = "dns-out"
})
if dns_socks_address and dns_socks_port then
table.insert(outbounds, 1, {
tag = "out",
protocol = "socks",
streamSettings = {
network = "tcp",
security = "none"
},
table.insert(outbounds, {
tag = "dns-out",
protocol = "dns",
settings = {
servers = {
{
address = dns_socks_address,
port = tonumber(dns_socks_port)
}
}
address = remote_dns_server,
port = (_remote_dns_proto ~= "doh" and tonumber(remote_dns_port)) and tonumber(remote_dns_port) or 53,
network = "tcp",
}
})
local outboundTag = "out"
table.insert(rules, {
table.insert(routing.rules, 1, {
type = "field",
inboundTag = {
"dns-in1"
"dns-in"
},
outboundTag = outboundTag
outboundTag = "dns-out"
})
end
if node_id and tcp_redir_port and not dns_fakedns then
local outboundTag = node_id
--[[
local default_dns_flag = "remote"
if node_id and tcp_redir_port then
local node = uci:get_all(appname, node_id)
if node.protocol == "_shunt" then
outboundTag = "default"
if node.default_node == "_direct" then
default_dns_flag = "direct"
end
end
table.insert(rules, {
type = "field",
inboundTag = {
"dns-in1"
},
outboundTag = outboundTag
})
end
if not routing then
routing = {
domainStrategy = "IPOnDemand",
rules = rules
}
else
for index, value in ipairs(rules) do
table.insert(routing.rules, 1, value)
if dns.servers and #dns.servers > 0 then
local dns_servers = nil
for index, value in ipairs(dns.servers) do
if not dns_servers and value["_flag"] == default_dns_flag then
dns_servers = {
_flag = "default",
address = value.address,
port = value.port
}
break
end
end
if dns_servers then
table.insert(dns.servers, 1, dns_servers)
end
end
]]--
if true then
local dns_outboundTag = "direct"
if dns_socks_address and dns_socks_port then
dns_outboundTag = "out"
table.insert(outbounds, 1, {
tag = dns_outboundTag,
protocol = "socks",
streamSettings = {
network = "tcp",
security = "none"
},
settings = {
servers = {
{
address = dns_socks_address,
port = tonumber(dns_socks_port)
}
}
}
})
else
if node_id and tcp_redir_port and not remote_dns_fake then
dns_outboundTag = node_id
local node = uci:get_all(appname, node_id)
if node.protocol == "_shunt" then
dns_outboundTag = "default"
end
end
end
if dns_outboundTag == "direct" then
table.insert(routing.rules, {
type = "field",
ip = {
remote_dns_server
},
port = tonumber(remote_dns_port),
outboundTag = dns_outboundTag
})
else
table.insert(rules, {
type = "field",
ip = {
remote_dns_server
},
port = tonumber(remote_dns_port),
outboundTag = dns_outboundTag
})
end
end
local default_rule_index = #routing.rules > 0 and #routing.rules or 1
for index, value in ipairs(routing.rules) do
if value["_flag"] == "default" then
default_rule_index = index
break
end
end
for index, value in ipairs(rules) do
local t = rules[#rules + 1 - index]
table.insert(routing.rules, default_rule_index, t)
end
local dns_hosts_len = 0
for key, value in pairs(dns.hosts) do
dns_hosts_len = dns_hosts_len + 1
end
if dns_hosts_len == 0 then
dns.hosts = nil
end
end
@ -704,5 +744,21 @@ if inbounds or outbounds then
-- }
}
}
table.insert(outbounds, {
protocol = "freedom",
tag = "direct",
settings = {
domainStrategy = (dns_query_strategy and dns_query_strategy ~= "") and dns_query_strategy or "UseIPv4"
},
streamSettings = {
sockopt = {
mark = 255
}
}
})
table.insert(outbounds, {
protocol = "blackhole",
tag = "blackhole"
})
print(jsonc.stringify(config, 1))
end

73
luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
View File

@ -242,51 +242,52 @@ o:depends("dns_mode", "v2ray")
o:depends("dns_mode", "xray")
---- DNS Forward
o = s:option(Value, "dns_forward", translate("Remote DNS"))
o = s:option(Value, "remote_dns", translate("Remote DNS"))
o.default = "1.1.1.1"
o:value("1.1.1.1", "1.1.1.1 (CloudFlare DNS)")
o:value("1.1.1.2", "1.1.1.2 (CloudFlare DNS)")
o:value("8.8.8.8", "8.8.8.8 (Google DNS)")
o:value("8.8.4.4", "8.8.4.4 (Google DNS)")
o:value("208.67.222.222", "208.67.222.222 (Open DNS)")
o:value("208.67.220.220", "208.67.220.220 (Open DNS)")
o:value("1.1.1.1", "1.1.1.1 (CloudFlare)")
o:value("1.1.1.2", "1.1.1.2 (CloudFlare-Security)")
o:value("8.8.4.4", "8.8.4.4 (Google)")
o:value("8.8.8.8", "8.8.8.8 (Google)")
o:value("9.9.9.9", "9.9.9.9 (Quad9-Recommended)")
o:value("208.67.220.220", "208.67.220.220 (OpenDNS)")
o:value("208.67.222.222", "208.67.222.222 (OpenDNS)")
o:depends("dns_mode", "dns2socks")
o:depends("v2ray_dns_mode", "tcp")
if has_v2ray or has_xray then
---- DoH
o = s:option(Value, "dns_doh", translate("DoH request address"))
o:value("https://cloudflare-dns.com/dns-query,1.1.1.1", "CloudFlare")
o:value("https://security.cloudflare-dns.com/dns-query,1.1.1.2", "CloudFlare-Security")
o:value("https://doh.opendns.com/dns-query,208.67.222.222", "OpenDNS")
o:value("https://dns.google/dns-query,8.8.8.8", "Google")
o:value("https://doh.libredns.gr/dns-query,116.202.176.26", "LibreDNS")
o:value("https://doh.libredns.gr/ads,116.202.176.26", "LibreDNS (No Ads)")
o:value("https://dns.quad9.net/dns-query,9.9.9.9", "Quad9-Recommended")
o:value("https://dns.adguard.com/dns-query,176.103.130.130", "AdGuard")
o.default = "https://cloudflare-dns.com/dns-query,1.1.1.1"
o.validate = function(self, value, t)
if value ~= "" then
local flag = 0
local util = require "luci.util"
local val = util.split(value, ",")
local url = val[1]
val[1] = nil
for i = 1, #val do
local v = val[i]
if v then
if not api.datatypes.ipmask4(v) then
flag = 1
o = s:option(Value, "remote_dns_doh", translate("Remote DNS DoH"))
o:value("https://1.1.1.1/dns-query", "CloudFlare")
o:value("https://1.1.1.2/dns-query", "CloudFlare-Security")
o:value("https://8.8.4.4/dns-query", "Google 8844")
o:value("https://8.8.8.8/dns-query", "Google 8888")
o:value("https://9.9.9.9/dns-query", "Quad9-Recommended")
o:value("https://208.67.222.222/dns-query", "OpenDNS")
o:value("https://dns.adguard.com/dns-query,176.103.130.130", "AdGuard")
o:value("https://doh.libredns.gr/dns-query,116.202.176.26", "LibreDNS")
o:value("https://doh.libredns.gr/ads,116.202.176.26", "LibreDNS (No Ads)")
o.default = "https://1.1.1.1/dns-query"
o.validate = function(self, value, t)
if value ~= "" then
local flag = 0
local util = require "luci.util"
local val = util.split(value, ",")
local url = val[1]
val[1] = nil
for i = 1, #val do
local v = val[i]
if v then
if not api.datatypes.ipmask4(v) then
flag = 1
end
end
end
if flag == 0 then
return value
end
end
if flag == 0 then
return value
end
return nil, translate("DoH request address") .. " " .. translate("Format must be:") .. " URL,IP"
end
return nil, translate("DoH request address") .. " " .. translate("Format must be:") .. " URL,IP"
end
o:depends("v2ray_dns_mode", "doh")
o:depends("v2ray_dns_mode", "doh")
end
o = s:option(Value, "dns_client_ip", translate("EDNS Client Subnet"))

59
luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
View File

@ -86,8 +86,6 @@ o.rmempty = false
---- TCP Node
tcp_node = s:taboption("Main", ListValue, "tcp_node", "<a style='color: red'>" .. translate("TCP Node") .. "</a>")
tcp_node.description = ""
--tcp_node.description = translate("For proxy specific list.")
--tcp_node.description = o.description .. "<br />"
local current_node = luci.sys.exec(string.format("[ -f '/tmp/etc/%s/id/TCP' ] && echo -n $(cat /tmp/etc/%s/id/TCP)", appname, appname))
if current_node and current_node ~= "" and current_node ~= "nil" then
local n = uci:get_all(appname, current_node)
@ -168,7 +166,6 @@ end
udp_node = s:taboption("Main", ListValue, "udp_node", "<a style='color: red'>" .. translate("UDP Node") .. "</a>")
udp_node:value("nil", translate("Close"))
--udp_node.description = translate("For proxy game network.")
udp_node:value("tcp", translate("Same as the tcp node"))
s:tab("DNS", translate("DNS"))
@ -182,6 +179,7 @@ if api.is_finded("smartdns") then
group_domestic.placeholder = "local"
group_domestic:depends("dns_shunt", "smartdns")
group_domestic.description = translate("You only need to configure domestic DNS packets in SmartDNS and set it redirect or as Dnsmasq upstream, and fill in the domestic DNS group name here.")
group_domestic.description = group_domestic.description .. string.format('<a href="%s" target="_blank">%s</a>', "https://github.com/luckyyyyy/blog/issues/57", translate("Guide"))
end
o = s:taboption("DNS", Flag, "filter_proxy_ipv6", translate("Filter Proxy Host IPv6"), translate("Experimental feature."))
@ -232,36 +230,37 @@ o.validate = function(self, value, t)
end
o:depends({dns_mode = "dns2socks"})
---- DoH
o = s:taboption("DNS", Value, "up_trust_doh", translate("DoH request address"))
o:value("https://cloudflare-dns.com/dns-query,1.1.1.1", "CloudFlare")
o:value("https://security.cloudflare-dns.com/dns-query,1.1.1.2", "CloudFlare-Security")
o:value("https://doh.opendns.com/dns-query,208.67.222.222", "OpenDNS")
o:value("https://dns.google/dns-query,8.8.8.8", "Google")
o:value("https://doh.libredns.gr/dns-query,116.202.176.26", "LibreDNS")
o:value("https://doh.libredns.gr/ads,116.202.176.26", "LibreDNS (No Ads)")
o:value("https://dns.quad9.net/dns-query,9.9.9.9", "Quad9-Recommended")
o:value("https://dns.adguard.com/dns-query,176.103.130.130", "AdGuard")
o.default = "https://cloudflare-dns.com/dns-query,1.1.1.1"
o.validate = doh_validate
o:depends("v2ray_dns_mode", "doh")
---- DNS Forward
o = s:taboption("DNS", Value, "dns_forward", translate("Remote DNS"))
--o.description = translate("IP:Port mode acceptable, multi value split with english comma.") .. " " .. translate("If you use dns2socks, only the first one is valid.")
o = s:taboption("DNS", Value, "remote_dns", translate("Remote DNS"))
o.datatype = "or(ipaddr,ipaddrport)"
o.default = "1.1.1.1"
o:value("1.1.1.1", "1.1.1.1 (CloudFlare DNS)")
o:value("1.1.1.2", "1.1.1.2 (CloudFlare DNS)")
o:value("8.8.8.8", "8.8.8.8 (Google DNS)")
o:value("8.8.4.4", "8.8.4.4 (Google DNS)")
o:value("208.67.222.222", "208.67.222.222 (Open DNS)")
o:value("208.67.220.220", "208.67.220.220 (Open DNS)")
o:value("1.1.1.1", "1.1.1.1 (CloudFlare)")
o:value("1.1.1.2", "1.1.1.2 (CloudFlare-Security)")
o:value("8.8.4.4", "8.8.4.4 (Google)")
o:value("8.8.8.8", "8.8.8.8 (Google)")
o:value("9.9.9.9", "9.9.9.9 (Quad9-Recommended)")
o:value("208.67.220.220", "208.67.220.220 (OpenDNS)")
o:value("208.67.222.222", "208.67.222.222 (OpenDNS)")
o:depends({dns_mode = "dns2socks"})
o:depends({dns_mode = "pdnsd"})
o:depends({dns_mode = "udp"})
o:depends({v2ray_dns_mode = "tcp"})
---- DoH
o = s:taboption("DNS", Value, "remote_dns_doh", translate("Remote DNS DoH"))
o.default = "https://1.1.1.1/dns-query"
o:value("https://1.1.1.1/dns-query", "CloudFlare")
o:value("https://1.1.1.2/dns-query", "CloudFlare-Security")
o:value("https://8.8.4.4/dns-query", "Google 8844")
o:value("https://8.8.8.8/dns-query", "Google 8888")
o:value("https://9.9.9.9/dns-query", "Quad9-Recommended")
o:value("https://208.67.222.222/dns-query", "OpenDNS")
o:value("https://dns.adguard.com/dns-query,176.103.130.130", "AdGuard")
o:value("https://doh.libredns.gr/dns-query,116.202.176.26", "LibreDNS")
o:value("https://doh.libredns.gr/ads,116.202.176.26", "LibreDNS (No Ads)")
o.validate = doh_validate
o:depends("v2ray_dns_mode", "doh")
o = s:taboption("DNS", Value, "dns_client_ip", translate("EDNS Client Subnet"))
o.description = translate("Notify the DNS server when the DNS query is notified, the location of the client (cannot be a private IP address).") .. "<br />" ..
translate("This feature requires the DNS server to support the Edns Client Subnet (RFC7871).")
@ -311,8 +310,7 @@ end
s:tab("Proxy", translate("Mode"))
---- TCP Default Proxy Mode
tcp_proxy_mode = s:taboption("Proxy", ListValue, "tcp_proxy_mode", "TCP " .. translate("Default") .. translate("Proxy Mode"))
-- o.description = translate("If not available, try clearing the cache.")
tcp_proxy_mode = s:taboption("Proxy", ListValue, "tcp_proxy_mode", "TCP " .. translate("Default Proxy Mode"))
tcp_proxy_mode:value("disable", translate("No Proxy"))
tcp_proxy_mode:value("global", translate("Global Proxy"))
tcp_proxy_mode:value("gfwlist", translate("GFW List"))
@ -325,7 +323,7 @@ tcp_proxy_mode.default = "chnroute"
--tcp_proxy_mode.validate = redir_mode_validate
---- UDP Default Proxy Mode
udp_proxy_mode = s:taboption("Proxy", ListValue, "udp_proxy_mode", "UDP " .. translate("Default") .. translate("Proxy Mode"))
udp_proxy_mode = s:taboption("Proxy", ListValue, "udp_proxy_mode", "UDP " .. translate("Default Proxy Mode"))
udp_proxy_mode:value("disable", translate("No Proxy"))
udp_proxy_mode:value("global", translate("Global Proxy"))
udp_proxy_mode:value("gfwlist", translate("GFW List"))
@ -339,7 +337,6 @@ udp_proxy_mode.default = "chnroute"
---- Localhost TCP Proxy Mode
localhost_tcp_proxy_mode = s:taboption("Proxy", ListValue, "localhost_tcp_proxy_mode", translate("Router Localhost") .. " TCP " .. translate("Proxy Mode"))
-- o.description = translate("The server client can also use this rule to scientifically surf the Internet.")
localhost_tcp_proxy_mode:value("default", translatef("Same as the %s default proxy mode", "TCP"))
localhost_tcp_proxy_mode:value("global", translate("Global Proxy"))
localhost_tcp_proxy_mode:value("gfwlist", translate("GFW List"))
@ -379,14 +376,14 @@ o.rmempty = false
o = s:taboption("log", Flag, "close_log_udp", translatef("%s Node Log Close", "UDP"))
o.rmempty = false
loglevel = s:taboption("log", ListValue, "loglevel", "V2ray/Xray" .. translate("Log Level"))
loglevel = s:taboption("log", ListValue, "loglevel", "V2ray/Xray " .. translate("Log Level"))
loglevel.default = "warning"
loglevel:value("debug")
loglevel:value("info")
loglevel:value("warning")
loglevel:value("error")
trojan_loglevel = s:taboption("log", ListValue, "trojan_loglevel", "Trojan" .. translate("Log Level"))
trojan_loglevel = s:taboption("log", ListValue, "trojan_loglevel", "Trojan " .. translate("Log Level"))
trojan_loglevel.default = "2"
trojan_loglevel:value("0", "all")
trojan_loglevel:value("1", "info")

26
luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua
View File

@ -257,32 +257,6 @@ address:depends({ type = "Xray", protocol = "socks" })
address:depends({ type = "Xray", protocol = "shadowsocks" })
address:depends({ type = "Xray", protocol = "trojan" })
--[[
use_ipv6 = s:option(Flag, "use_ipv6", translate("Use IPv6"))
use_ipv6.default = 0
use_ipv6:depends("type", "Socks")
use_ipv6:depends("type", "SS")
use_ipv6:depends("type", "SS-Rust")
use_ipv6:depends("type", "SSR")
use_ipv6:depends("type", "Brook")
use_ipv6:depends("type", "Trojan")
use_ipv6:depends("type", "Trojan-Plus")
use_ipv6:depends("type", "Trojan-Go")
use_ipv6:depends("type", "Hysteria")
use_ipv6:depends({ type = "V2ray", protocol = "vmess" })
use_ipv6:depends({ type = "V2ray", protocol = "vless" })
use_ipv6:depends({ type = "V2ray", protocol = "http" })
use_ipv6:depends({ type = "V2ray", protocol = "socks" })
use_ipv6:depends({ type = "V2ray", protocol = "shadowsocks" })
use_ipv6:depends({ type = "V2ray", protocol = "trojan" })
use_ipv6:depends({ type = "Xray", protocol = "vmess" })
use_ipv6:depends({ type = "Xray", protocol = "vless" })
use_ipv6:depends({ type = "Xray", protocol = "http" })
use_ipv6:depends({ type = "Xray", protocol = "socks" })
use_ipv6:depends({ type = "Xray", protocol = "shadowsocks" })
use_ipv6:depends({ type = "Xray", protocol = "trojan" })
--]]
port = s:option(Value, "port", translate("Port"))
port.datatype = "port"
port.rmempty = false

2
luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua
View File

@ -88,8 +88,6 @@ o.default = "22,25,53,143,465,587,853,993,995,80,443"
o:value("1:65535", translate("All"))
o:value("22,25,53,143,465,587,853,993,995,80,443", translate("Common Use"))
o:value("80,443", translate("Only Web"))
o:value("80:65535", "80 " .. translate("or more"))
o:value("1:443", "443 " .. translate("or less"))
---- UDP Redir Ports
o = s:option(Value, "udp_redir_ports", translate("UDP Redir Ports"))

142
luci-app-passwall/po/zh-cn/passwall.po
View File

@ -16,39 +16,12 @@ msgstr "连接正常"
msgid "Problem detected!"
msgstr "连接失败"
msgid "Very Fast"
msgstr "非常快"
msgid "Fast"
msgstr "很快"
msgid "General"
msgstr "一般般"
msgid "Slow"
msgstr "很慢"
msgid "Very Slow"
msgstr "非常慢"
msgid "Touch Check"
msgstr "点我检测"
msgid "Kernel Unsupported"
msgstr "内核不支持"
msgid "Use IPv6"
msgstr "使用IPv6"
msgid "Parsing IP"
msgstr "域名解析IP"
msgid "TCP Server"
msgstr "TCP服务器"
msgid "UDP Server"
msgstr "UDP服务器"
msgid "Main Settings"
msgstr "节点选择"
@ -110,19 +83,19 @@ msgid "Main switch"
msgstr "主开关"
msgid "TCP Node"
msgstr "TCP节点"
msgstr "TCP 节点"
msgid "UDP Node"
msgstr "UDP节点"
msgstr "UDP 节点"
msgid "Edit Current Node"
msgstr "编辑当前节点"
msgid "Socks Config"
msgstr "Socks配置"
msgstr "Socks 配置"
msgid "Socks Node"
msgstr "Socks节点"
msgstr "Socks 节点"
msgid "Listen Port"
msgstr "监听端口"
@ -136,12 +109,6 @@ msgstr "与TCP节点相同"
msgid "Current node: %s"
msgstr "当前节点:%s"
msgid "For proxy specific list."
msgstr "用于代理特定的列表。"
msgid "For proxy game network."
msgstr "用于代理游戏等。"
msgid "DNS Shunt"
msgstr "DNS分流"
@ -151,26 +118,17 @@ msgstr "国内分组名"
msgid "You only need to configure domestic DNS packets in SmartDNS and set it redirect or as Dnsmasq upstream, and fill in the domestic DNS group name here."
msgstr "你只需要在SmartDNS配置好国内DNS分组并设置重定向或作为Dnsmasq上游此处填入国内DNS分组名。"
msgid "Guide"
msgstr "教程"
msgid "Filter Mode"
msgstr "过滤模式"
msgid "TCP node must be '%s' type to use FakeDNS."
msgstr "TCP节点必须是 '%s' 类型才能使用 FakeDNS。"
msgstr "TCP 节点必须是 '%s' 类型才能使用 FakeDNS。"
msgid "Remote DNS"
msgstr "远程DNS"
msgid "IP:Port mode acceptable, multi value split with english comma."
msgstr "接受 IP:Port 形式的输入,多个以英文逗号分隔。"
msgid "If you use dns2socks, only the first one is valid."
msgstr "如果使用dns2socks只有第一个生效。"
msgid "Ali"
msgstr "阿里"
msgid "Baidu"
msgstr "百度"
msgstr "远程 DNS"
msgid "Resolver For The List Proxied"
msgstr "解析被代理的域名列表"
@ -179,7 +137,7 @@ msgid "Requery DNS By %s"
msgstr "通过%s请求DNS"
msgid "Socks Server"
msgstr "Socks服务器"
msgstr "Socks 服务器"
msgid "Misconfigured"
msgstr "配置不当"
@ -190,11 +148,8 @@ msgstr "请确保此Socks服务可用。"
msgid "Format must be:"
msgstr "格式必须为:"
msgid "DoH request address"
msgstr "DoH 请求地址"
msgid "China list or gfwlist cannot be used together with outside China list!"
msgstr "中国列表不能和中国列表外或防火墙表一起使用!"
msgid "Remote DNS DoH"
msgstr "远程 DNS DoH"
msgid "Cache Resolved"
msgstr "缓存解析结果"
@ -223,9 +178,6 @@ msgstr "清空 IPSET"
msgid "Try this feature if the rule modification does not take effect."
msgstr "如果修改规则后没有生效,请尝试此功能。"
msgid "The server client can also use this rule to scientifically surf the Internet."
msgstr "本机服务器的客户端也可以使用这个代理模式上网。"
msgid "About DNS issues:"
msgstr "关于DNS问题"
@ -283,11 +235,8 @@ msgstr "单进程"
msgid "Proxy Mode"
msgstr "代理模式"
msgid "%s Proxy Mode"
msgstr "%s 代理模式"
msgid "If not available, try clearing the cache."
msgstr "如果无法使用,请尝试清除缓存。"
msgid "Default Proxy Mode"
msgstr "默认代理模式"
msgid "No Proxy"
msgstr "不代理"
@ -314,10 +263,7 @@ msgid "Localhost"
msgstr "本机"
msgid "Router Localhost"
msgstr "路由器自身"
msgid "Danger"
msgstr "危险"
msgstr "路由器本机"
msgid "Same as the %s default proxy mode"
msgstr "与 %s 默认代理模式相同"
@ -325,6 +271,9 @@ msgstr "与 %s 默认代理模式相同"
msgid "Want different devices to use different proxy modes/ports/nodes? Please use access control."
msgstr "希望不同设备使用不同的代理模式/端口/节点?请使用访问控制。"
msgid "China list or gfwlist cannot be used together with outside China list!"
msgstr "中国列表不能和中国列表外或防火墙表一起使用!"
msgid "Operation"
msgstr "操作"
@ -547,15 +496,6 @@ msgstr "组"
msgid "Auto Ping"
msgstr "自动Ping"
msgid "This will automatically ping the node for latency"
msgstr "选中后保存应用后即自动Ping节点"
msgid "Use TCP Detection delay"
msgstr "使用TCP检测延迟"
msgid "This will use tcping replace ping detection of node"
msgstr "选中后保存应用后即使用tcping替换ping检测节点"
msgid "Concise display nodes"
msgstr "简洁显示节点"
@ -611,25 +551,25 @@ msgid "Forwarding Settings"
msgstr "转发配置"
msgid "TCP No Redir Ports"
msgstr "TCP不转发端口"
msgstr "TCP 不转发端口"
msgid "UDP No Redir Ports"
msgstr "UDP不转发端口"
msgstr "UDP 不转发端口"
msgid "Fill in the ports you don't want to be forwarded by the agent, with the highest priority."
msgstr "填写你不希望被代理转发的端口,优先级最高。"
msgid "TCP Proxy Drop Ports"
msgstr "TCP转发屏蔽端口"
msgstr "TCP 转发屏蔽端口"
msgid "UDP Proxy Drop Ports"
msgstr "UDP转发屏蔽端口"
msgstr "UDP 转发屏蔽端口"
msgid "TCP Redir Ports"
msgstr "TCP转发端口"
msgstr "TCP 转发端口"
msgid "UDP Redir Ports"
msgstr "UDP转发端口"
msgstr "UDP 转发端口"
msgid "No patterns are used"
msgstr "不使用"
@ -643,12 +583,6 @@ msgstr "常用的"
msgid "Only Web"
msgstr "仅网页"
msgid "or more"
msgstr "及以上"
msgid "or less"
msgstr "及以下"
msgid "Default"
msgstr "默认"
@ -674,29 +608,14 @@ msgid "When enabled, the server not will resolve the domain name again."
msgstr "启用后,服务器不会再次解析域名。"
msgid "TCP Proxy Way"
msgstr "TCP代理方式"
msgstr "TCP 代理方式"
msgid "Proxy Settings"
msgstr "代理配置"
msgid "TCP Redir Port"
msgstr "TCP透明代理端口"
msgid "UDP Redir Port"
msgstr "UDP透明代理端口"
msgid "Custom Dnsmasq"
msgstr "自定义Dnsmasq设置"
msgid "Setting a parameter error will cause dnsmasq fail to start."
msgstr "参数设置错误将会导致Dnsmasq无法启动。"
msgid "Auto Switch"
msgstr "自动切换"
msgid "When there is no server, an automatic reconnect scheme is used"
msgstr "当没有服务器时,则使用自动重连方案"
msgid "How often to test"
msgstr "多久检测一次"
@ -706,9 +625,6 @@ msgstr "超时秒数"
msgid "Timeout retry num"
msgstr "超时重试次数"
msgid "Automatic switching cannot be used when this option is checked"
msgstr "当勾选此选项时,不能使用自动切换"
msgid "Main node"
msgstr "主节点"
@ -1085,7 +1001,7 @@ msgid "Local Port"
msgstr "本地端口"
msgid "TCP Fast Open"
msgstr "TCP快速打开"
msgstr "TCP 快速打开"
msgid "Need node support required"
msgstr "需要节点支持"
@ -1172,7 +1088,7 @@ msgid "Auth"
msgstr "身份认证"
msgid "Socks for authentication"
msgstr "Socks认证方式"
msgstr "Socks 认证方式"
msgid "Socks protocol authentication, support anonymous and password."
msgstr "Socks 协议的认证方式,支持匿名方式和账号密码方式。"
@ -1298,10 +1214,10 @@ msgid "Not enabled log"
msgstr "未启用日志"
msgid "UDP Forward"
msgstr "UDP转发"
msgstr "UDP 转发"
msgid "DNS Settings"
msgstr "DNS设置"
msgstr "DNS 设置"
msgid "Null"
msgstr "无"

2
luci-app-passwall/root/usr/share/passwall/0_default_config
View File

@ -5,7 +5,7 @@ config global
option tcp_node 'nil'
option udp_node 'nil'
option dns_mode 'pdnsd'
option dns_forward '1.1.1.1'
option remote_dns '1.1.1.1'
option filter_proxy_ipv6 '0'
option tcp_proxy_mode 'chnroute'
option udp_proxy_mode 'chnroute'

79
luci-app-passwall/root/usr/share/passwall/app.sh
View File

@ -20,7 +20,7 @@ LOG_FILE=/tmp/log/$CONFIG.log
APP_PATH=/usr/share/$CONFIG
RULES_PATH=/usr/share/${CONFIG}/rules
DNS_N=dnsmasq
DNS_PORT=7913
DNS_PORT=15353
TUN_DNS="127.0.0.1#${DNS_PORT}"
LOCAL_DNS=119.29.29.29
DEFAULT_DNS=
@ -291,7 +291,9 @@ run_ipt2socks() {
}
run_v2ray() {
local flag type node tcp_redir_port udp_redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password dns_socks_address dns_socks_port dns_listen_port dns_proto dns_tcp_server doh dns_client_ip dns_query_strategy dns_cache loglevel log_file config_file
local flag type node tcp_redir_port udp_redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password
local dns_listen_port remote_dns_protocol remote_dns_udp_server remote_dns_tcp_server remote_dns_doh dns_client_ip dns_query_strategy dns_cache dns_socks_address dns_socks_port
local loglevel log_file config_file
local _extra_param=""
eval_set_val $@
[ -z "$type" ] && {
@ -332,22 +334,28 @@ run_v2ray() {
}
local buffer_size=$(config_t_get global_forwarding buffer_size)
[ -n "${buffer_size}" ] && _extra_param="${_extra_param} -buffer_size ${buffer_size}"
case "$dns_proto" in
case "$remote_dns_protocol" in
tcp)
local _dns_forward=$(get_first_dns dns_tcp_server 53 | sed 's/#/:/g')
local _dns_address=$(echo ${_dns_forward} | awk -F ':' '{print $1}')
_extra_param="${_extra_param} -dns_server ${_dns_address} -dns_tcp_server tcp://${_dns_forward}"
local _dns=$(get_first_dns remote_dns_tcp_server 53 | sed 's/#/:/g')
local _dns_address=$(echo ${_dns} | awk -F ':' '{print $1}')
local _dns_port=$(echo ${_dns} | awk -F ':' '{print $2}')
_extra_param="${_extra_param} -remote_dns_server ${_dns_address} -remote_dns_port ${_dns_port} -remote_dns_tcp_server tcp://${_dns}"
;;
doh)
local _doh_url=$(echo $doh | awk -F ',' '{print $1}')
local _doh_host_port=$(echo $_doh_url | sed "s/https:\/\///g" | awk -F '/' '{print $1}')
local _doh_url=$(echo $remote_dns_doh | awk -F ',' '{print $1}')
local _doh_host_port=$(lua_api "get_domain_from_url(\"${_doh_url}\")")
#local _doh_host_port=$(echo $_doh_url | sed "s/https:\/\///g" | awk -F '/' '{print $1}')
local _doh_host=$(echo $_doh_host_port | awk -F ':' '{print $1}')
local is_ip=$(lua_api "is_ip(\"${_doh_host}\")")
local _doh_port=$(echo $_doh_host_port | awk -F ':' '{print $2}')
local _doh_bootstrap=$(echo $doh | cut -d ',' -sf 2-)
_extra_param="${_extra_param} -dns_server ${_doh_bootstrap} -doh_url ${_doh_url} -doh_host ${_doh_host}"
[ -z "${_doh_port}" ] && _doh_port=443
local _doh_bootstrap=$(echo $remote_dns_doh | cut -d ',' -sf 2-)
[ "${is_ip}" = "true" ] && _doh_bootstrap=${_doh_host}
[ -n "$_doh_bootstrap" ] && _extra_param="${_extra_param} -remote_dns_server ${_doh_bootstrap}"
_extra_param="${_extra_param} -remote_dns_port ${_doh_port} -remote_dns_doh_url ${_doh_url} -remote_dns_doh_host ${_doh_host}"
;;
fakedns)
_extra_param="${_extra_param} -dns_fakedns 1"
_extra_param="${_extra_param} -remote_dns_fake 1"
;;
esac
_extra_param="${_extra_param} -tcp_proxy_way $tcp_proxy_way"
@ -666,22 +674,21 @@ run_redir() {
[ -n "${_dns_client_ip}" ] && _v2ray_args="${_v2ray_args} dns_client_ip=${_dns_client_ip}"
[ "${DNS_CACHE}" == "0" ] && _v2ray_args="${_v2ray_args} dns_cache=0"
local v2ray_dns_mode=$(config_t_get global v2ray_dns_mode tcp)
_v2ray_args="${_v2ray_args} dns_proto=${v2ray_dns_mode}"
_v2ray_args="${_v2ray_args} remote_dns_protocol=${v2ray_dns_mode}"
_v2ray_args="${_v2ray_args} dns_listen_port=${dns_listen_port}"
case "$v2ray_dns_mode" in
tcp)
_v2ray_args="${_v2ray_args} dns_tcp_server=${DNS_FORWARD}"
_v2ray_args="${_v2ray_args} remote_dns_tcp_server=${REMOTE_DNS}"
echolog " - 域名解析 DNS Over TCP..."
;;
doh)
up_trust_doh=$(config_t_get global up_trust_doh "https://cloudflare-dns.com/dns-query,1.1.1.1")
_v2ray_args="${_v2ray_args} doh=${up_trust_doh}"
remote_dns_doh=$(config_t_get global remote_dns_doh "https://1.1.1.1/dns-query")
_v2ray_args="${_v2ray_args} remote_dns_doh=${remote_dns_doh}"
echolog " - 域名解析 DNS Over HTTPS..."
;;
fakedns)
fakedns=1
CHINADNS_NG=0
_v2ray_args="${_v2ray_args} dns_fakedns=1"
echolog " - 域名解析 Fake DNS..."
;;
esac
@ -1078,7 +1085,7 @@ start_dns() {
case "$DNS_MODE" in
dns2socks)
local dns2socks_socks_server=$(echo $(config_t_get global socks_server 127.0.0.1:1080) | sed "s/#/:/g")
local dns2socks_forward=$(get_first_dns DNS_FORWARD 53 | sed 's/#/:/g')
local dns2socks_forward=$(get_first_dns REMOTE_DNS 53 | sed 's/#/:/g')
run_dns2socks socks=$dns2socks_socks_server listen_address=127.0.0.1 listen_port=${dns_listen_port} dns=$dns2socks_forward cache=$DNS_CACHE
echolog " - 域名解析dns2socks(127.0.0.1:${dns_listen_port})${dns2socks_socks_server} -> ${dns2socks_forward}"
;;
@ -1096,30 +1103,26 @@ start_dns() {
use_tcp_node_resolve_dns=1
local v2ray_dns_mode=$(config_t_get global v2ray_dns_mode tcp)
_v2ray_args="${_v2ray_args} dns_listen_port=${dns_listen_port}"
_v2ray_args="${_v2ray_args} dns_proto=${v2ray_dns_mode}"
_v2ray_args="${_v2ray_args} remote_dns_protocol=${v2ray_dns_mode}"
case "$v2ray_dns_mode" in
tcp)
_v2ray_args="${_v2ray_args} dns_tcp_server=${DNS_FORWARD}"
_v2ray_args="${_v2ray_args} remote_dns_tcp_server=${REMOTE_DNS}"
echolog " - 域名解析 DNS Over TCP..."
;;
doh)
up_trust_doh=$(config_t_get global up_trust_doh "https://cloudflare-dns.com/dns-query,1.1.1.1")
_v2ray_args="${_v2ray_args} doh=${up_trust_doh}"
remote_dns_doh=$(config_t_get global remote_dns_doh "https://1.1.1.1/dns-query")
_v2ray_args="${_v2ray_args} remote_dns_doh=${remote_dns_doh}"
_doh_url=$(echo $up_trust_doh | awk -F ',' '{print $1}')
_doh_host_port=$(echo $_doh_url | sed "s/https:\/\///g" | awk -F '/' '{print $1}')
_doh_host=$(echo $_doh_host_port | awk -F ':' '{print $1}')
_doh_port=$(echo $_doh_host_port | awk -F ':' '{print $2}')
_doh_bootstrap=$(echo $up_trust_doh | cut -d ',' -sf 2-)
DNS_FORWARD=""
_doh_bootstrap_dns=$(echo $_doh_bootstrap | sed "s/,/ /g")
for _dns in $_doh_bootstrap_dns; do
_dns=$(echo $_dns | awk -F ':' '{print $1}'):${_doh_port:-443}
[ -n "$DNS_FORWARD" ] && DNS_FORWARD=${DNS_FORWARD},${_dns} || DNS_FORWARD=${_dns}
done
unset _dns _doh_bootstrap_dns
unset _doh_url _doh_port _doh_bootstrap
local _doh_url=$(echo $remote_dns_doh | awk -F ',' '{print $1}')
local _doh_host_port=$(lua_api "get_domain_from_url(\"${_doh_url}\")")
local _doh_host=$(echo $_doh_host_port | awk -F ':' '{print $1}')
local _is_ip=$(lua_api "is_ip(\"${_doh_host}\")")
local _doh_port=$(echo $_doh_host_port | awk -F ':' '{print $2}')
[ -z "${_doh_port}" ] && _doh_port=443
local _doh_bootstrap=$(echo $remote_dns_doh | cut -d ',' -sf 2-)
[ "${_is_ip}" = "true" ] && _doh_bootstrap=${_doh_host}
[ -n "${_doh_bootstrap}" ] && REMOTE_DNS=${_doh_bootstrap}:${_doh_port}
unset _doh_url _doh_host_port _doh_host _is_ip _doh_port _doh_bootstrap
echolog " - 域名解析 DNS Over HTTPS..."
;;
esac
@ -1128,13 +1131,13 @@ start_dns() {
;;
pdnsd)
use_tcp_node_resolve_dns=1
gen_pdnsd_config "${dns_listen_port}" "${DNS_FORWARD}" "${DNS_CACHE}"
gen_pdnsd_config "${dns_listen_port}" "${REMOTE_DNS}" "${DNS_CACHE}"
ln_run "$(first_type pdnsd)" pdnsd "/dev/null" --daemon -c "${TMP_PATH}/pdnsd/pdnsd.conf" -d
echolog " - 域名解析pdnsd + 使用(TCP节点)解析域名..."
;;
udp)
use_udp_node_resolve_dns=1
TUN_DNS="$(echo ${DNS_FORWARD} | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')"
TUN_DNS="$(echo ${REMOTE_DNS} | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')"
echolog " - 域名解析使用UDP协议请求DNS$TUN_DNS..."
;;
esac
@ -1484,8 +1487,8 @@ gfwlist=$(echo "${TCP_PROXY_MODE}${LOCALHOST_TCP_PROXY_MODE}${UDP_PROXY_MODE}${L
DNS_SHUNT=$(config_t_get global dns_shunt dnsmasq)
[ -z "$(first_type $DNS_SHUNT)" ] && DNS_SHUNT="dnsmasq"
DNS_MODE=$(config_t_get global dns_mode pdnsd)
DNS_FORWARD=$(config_t_get global dns_forward 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
DNS_CACHE=$(config_t_get global dns_cache 0)
REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
CHINADNS_NG=$(config_t_get global chinadns_ng 0)
filter_proxy_ipv6=$(config_t_get global filter_proxy_ipv6 0)
dns_listen_port=${DNS_PORT}

26
luci-app-passwall/root/usr/share/passwall/iptables.sh
View File

@ -271,7 +271,7 @@ load_acl() {
dnsmasq_port=11400
echolog "访问控制:"
for item in $items; do
local enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node dns_mode dns_forward v2ray_dns_mode dns_doh dns_client_ip
local enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip
local _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark config_file _extra_param
sid=$(uci -q show "${CONFIG}.${item}" | grep "=acl_rule" | awk -F '=' '{print $1}' | awk -F '.' '{print $2}')
eval $(uci -q show "${CONFIG}.${item}" | cut -d'.' -sf 3-)
@ -306,9 +306,9 @@ load_acl() {
tcp_node=${tcp_node:-default}
udp_node=${udp_node:-default}
dns_mode=${dns_mode:-dns2socks}
dns_forward=${dns_forward:-1.1.1.1}
remote_dns=${remote_dns:-1.1.1.1}
[ "$dns_mode" = "v2ray" -o "$dns_mode" = "xray" ] && {
[ "$v2ray_dns_mode" = "doh" ] && dns_forward=${dns_doh:-https://cloudflare-dns.com/dns-query,1.1.1.1}
[ "$v2ray_dns_mode" = "doh" ] && remote_dns=${remote_dns_doh:-https://1.1.1.1/dns-query}
}
[ "$tcp_proxy_mode" = "default" ] && tcp_proxy_mode=$TCP_PROXY_MODE
[ "$udp_proxy_mode" = "default" ] && udp_proxy_mode=$UDP_PROXY_MODE
@ -331,12 +331,12 @@ load_acl() {
dns_port=$(get_new_port $(expr $dns_port + 1))
_dns_port=$dns_port
if [ "$dns_mode" = "dns2socks" ]; then
run_dns2socks flag=acl_${sid} socks_address=127.0.0.1 socks_port=$socks_port listen_address=0.0.0.0 listen_port=${_dns_port} dns=$dns_forward cache=1
run_dns2socks flag=acl_${sid} socks_address=127.0.0.1 socks_port=$socks_port listen_address=0.0.0.0 listen_port=${_dns_port} dns=$remote_dns cache=1
elif [ "$dns_mode" = "v2ray" -o "$dns_mode" = "xray" ]; then
config_file=$TMP_ACL_PATH/${tcp_node}_SOCKS_${socks_port}_DNS.json
run_v2ray flag=acl_${sid} type=$dns_mode dns_socks_address=127.0.0.1 dns_socks_port=$socks_port dns_listen_port=${_dns_port} dns_proto=${v2ray_dns_mode} dns_tcp_server=${dns_forward} doh="${dns_forward}" dns_client_ip=${dns_client_ip} dns_query_strategy=${DNS_QUERY_STRATEGY} config_file=$config_file
run_v2ray flag=acl_${sid} type=$dns_mode dns_socks_address=127.0.0.1 dns_socks_port=$socks_port dns_listen_port=${_dns_port} remote_dns_protocol=${v2ray_dns_mode} remote_dns_tcp_server=${remote_dns} remote_dns_doh="${remote_dns}" dns_client_ip=${dns_client_ip} dns_query_strategy=${DNS_QUERY_STRATEGY} config_file=$config_file
fi
eval node_${tcp_node}_$(echo -n "${dns_forward}" | md5sum | cut -d " " -f1)=${_dns_port}
eval node_${tcp_node}_$(echo -n "${remote_dns}" | md5sum | cut -d " " -f1)=${_dns_port}
}
dnsmasq_port=$(get_new_port $(expr $dnsmasq_port + 1))
@ -349,7 +349,7 @@ load_acl() {
echo "server=${d_server}" >> $TMP_ACL_PATH/$sid/dnsmasq.conf
source $APP_PATH/helper_${DNS_N}.sh add FLAG=${sid} DNS_MODE=$dns_mode TMP_DNSMASQ_PATH=$TMP_ACL_PATH/$sid/dnsmasq.d DNSMASQ_CONF_FILE=/dev/null LOCAL_DNS=$LOCAL_DNS TUN_DNS=127.0.0.1#${_dns_port} TCP_NODE=$tcp_node PROXY_MODE=${tcp_proxy_mode} NO_LOGIC_LOG=1 NO_PROXY_IPV6=${filter_proxy_ipv6}
ln_run "$(first_type dnsmasq)" "dnsmasq_${sid}" "/dev/null" -C $TMP_ACL_PATH/$sid/dnsmasq.conf -x $TMP_ACL_PATH/$sid/dnsmasq.pid
eval node_${tcp_node}_$(echo -n "${tcp_proxy_mode}${dns_forward}" | md5sum | cut -d " " -f1)=${dnsmasq_port}
eval node_${tcp_node}_$(echo -n "${tcp_proxy_mode}${remote_dns}" | md5sum | cut -d " " -f1)=${dnsmasq_port}
}
if [ "$tcp_node" = "$TCP_NODE" ]; then
tcp_port=$TCP_REDIR_PORT
@ -359,9 +359,9 @@ load_acl() {
if [ -n "${_socks_port}" ] && [ -n "${_redir_port}" ]; then
socks_port=${_socks_port}
tcp_port=${_redir_port}
_dnsmasq_port=$(eval echo \${node_${tcp_node}_$(echo -n "${tcp_proxy_mode}${dns_forward}" | md5sum | cut -d " " -f1)})
_dnsmasq_port=$(eval echo \${node_${tcp_node}_$(echo -n "${tcp_proxy_mode}${remote_dns}" | md5sum | cut -d " " -f1)})
if [ -z "${_dnsmasq_port}" ]; then
_dns_port=$(eval echo \${node_${tcp_node}_$(echo -n "${dns_forward}" | md5sum | cut -d " " -f1)})
_dns_port=$(eval echo \${node_${tcp_node}_$(echo -n "${remote_dns}" | md5sum | cut -d " " -f1)})
run_dns ${_dns_port}
else
redirect_dns_port=${_dnsmasq_port}
@ -382,7 +382,7 @@ load_acl() {
config_file=$(echo $config_file | sed "s/SOCKS_${socks_port}/DNS/g")
dns_port=$(get_new_port $(expr $dns_port + 1))
_dns_port=$dns_port
_extra_param="dns_listen_port=${_dns_port} dns_proto=${v2ray_dns_mode} dns_tcp_server=${dns_forward} doh=${dns_forward} dns_client_ip=${dns_client_ip} dns_query_strategy=${DNS_QUERY_STRATEGY}"
_extra_param="dns_listen_port=${_dns_port} remote_dns_protocol=${v2ray_dns_mode} remote_dns_tcp_server=${remote_dns} remote_dns_doh=${remote_dns} dns_client_ip=${dns_client_ip} dns_query_strategy=${DNS_QUERY_STRATEGY}"
fi
config_file="$TMP_PATH/$config_file"
run_v2ray flag=$tcp_node node=$tcp_node tcp_redir_port=$redir_port ${_extra_param} config_file=$config_file
@ -585,7 +585,7 @@ load_acl() {
$ip6t_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN 2>/dev/null
$ipt_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN
done
unset enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node dns_mode dns_forward v2ray_dns_mode dns_doh dns_client_ip
unset enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip
unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark config_file _extra_param
unset ipt_tmp msg msg2
unset redirect_dns_port
@ -1074,7 +1074,7 @@ add_firewall_rule() {
echolog " - [$?]将上游 DNS 服务器 ${2}:${3} 加入到路由器自身代理的 TCP 转发链"
}
[ "$use_tcp_node_resolve_dns" == 1 ] && hosts_foreach DNS_FORWARD _proxy_tcp_access 53
[ "$use_tcp_node_resolve_dns" == 1 ] && hosts_foreach REMOTE_DNS _proxy_tcp_access 53
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && {
$ipt_tmp -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
$ip6t_m -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
@ -1175,7 +1175,7 @@ add_firewall_rule() {
$ipt_m -I PSW $(comment "本机") -p udp -i lo -d ${2} --dport ${3} $(REDIRECT $UDP_REDIR_PORT TPROXY)
echolog " - [$?]将上游 DNS 服务器 ${2}:${3} 加入到路由器自身代理的 UDP 转发链"
}
[ "$use_udp_node_resolve_dns" == 1 ] && hosts_foreach DNS_FORWARD _proxy_udp_access 53
[ "$use_udp_node_resolve_dns" == 1 ] && hosts_foreach REMOTE_DNS _proxy_udp_access 53
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && {
$ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
$ip6t_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN

359
luci-app-passwall/root/usr/share/passwall/rules/chnlist
View File

File diff suppressed because it is too large Load Diff

3
luci-app-passwall/root/usr/share/passwall/rules/chnroute
View File

@ -874,6 +874,9 @@
103.185.80.0/23
103.186.108.0/23
103.186.112.0/23
103.186.136.0/23
103.186.158.0/23
103.186.162.0/23
103.186.4.0/23
103.19.12.0/22
103.19.232.0/22

3
luci-app-passwall/root/usr/share/passwall/rules/chnroute6
View File

@ -36,6 +36,7 @@
2001:df0:8d40::/48
2001:df0:9c0::/48
2001:df0:9d40::/48
2001:df0:ac40::/48
2001:df0:b180::/48
2001:df0:bf80::/48
2001:df0:d880::/48
@ -246,8 +247,10 @@
2400:7200::/32
2400:7240::/32
2400:72c0::/32
2400:72e0::/32
2400:7340::/32
2400:73c0::/32
2400:73e0::/32
2400:7440::/32
2400:74c0::/32
2400:7540::/32

19
luci-app-passwall/root/usr/share/passwall/rules/gfwlist
View File

@ -1210,6 +1210,8 @@ bandpage.com
bandwagonhost.com
bangbros.com
banned.video
bannedbook.net
bannedbook.org
barefootnetworks.com
barkadahansasmartone.com
barrons-advisor.com
@ -2892,6 +2894,7 @@ cochranelibrary.com
cockofhorse.com
code.org
codecademy.com
codeforaliving.io
codei.sh
codeish.co
codeish.io
@ -3060,6 +3063,7 @@ d29vzk4ow07wi7.cloudfront.net
d2anahhhmp1ffz.cloudfront.net
da-files.com
dacebook.com
dafahao.com
dailym.ai
dailymail.co.uk
dailymail.com
@ -3452,6 +3456,7 @@ dollarfotoclub.com
dollarphotoclub.com
dollarphotosclub.com
dombosco.com.br
dongtaiwang.com
donkeykongcountryreturns.com
dontbubble.us
donttrack.us
@ -4355,6 +4360,8 @@ faesebook.com
fafacebook.com
faicbooc.com
fairmarket.com
falundafa.org
falundafa.org.tw
famifun.com.tw
family.co.jp
family.com.tw
@ -7301,6 +7308,7 @@ milofetch.com
mindmeld.com
minecraft.net
minecraftshop.com
minghui.org
mingpao.com
mingpaocanada.com
mingpaomonthly.com
@ -7681,6 +7689,7 @@ movetv.com
movidius.com
movidius.net
moviesanywhere.com
mox.moe
mozilla.com
mozilla.community
mozilla.net
@ -8172,6 +8181,7 @@ nikkei4946.com
nikkeibp.co.jp
nimg.jp
nine.com.au
ninecommentaries.com
nineentertainment.com.au
nineentertainmentco.com.au
ninemediaroom.com.au
@ -8250,8 +8260,10 @@ npr.org
nsimg.net
ntc.party
ntd.com
ntd.tv
ntdca.com
ntdimg.com
ntdtv-dc.com
ntdtv.ca
ntdtv.co.kr
ntdtv.com
@ -9338,6 +9350,7 @@ registry.google
relateiq.com
remirepo.net
renchead.com
renminbao.com
renovacionoffice.com
renovacionxboxlive.com
rentaride.com
@ -9676,6 +9689,8 @@ sharethis.com
sharpdaily.tw
shazam.com
shelfstuff.com
shenyun.com
shenyunperformingarts.org
shields.io
shinhangmc.com
shireyishunjian.com
@ -10032,9 +10047,11 @@ stackauth.com
stackexchange.com
stackmod.blog
stackoverflow.blog
stackoverflow.co
stackoverflow.com
stackoverflow.email
stackoverflowbusiness.com
stackoverflowcareers.com
stackpath.com
stackpath.dev
stacksnippets.net
@ -11266,6 +11283,7 @@ vod-thumb-uk-live.akamaized.net
vod-thumb-ww-live.akamaized.net
vod360.net
vokevr.com
vol.moe
volvo-truck.nl
volvo.ca
volvo.com
@ -11701,6 +11719,7 @@ wsjplus.com
wsjshop.com
wsjwine.com
wto.org
wujieliulan.com
wuso.me
wwapple.net
wwe.com

9
luci-app-passwall/root/usr/share/passwall/rules/lanlist_ipv4
View File

@ -4,6 +4,13 @@
127.0.0.0/8
169.254.0.0/16
172.16.0.0/12
192.0.0.0/24
192.0.2.0/24
192.88.99.0/24
192.168.0.0/16
198.19.0.0/16
198.51.100.0/24
203.0.113.0/24
224.0.0.0/4
240.0.0.0/4
240.0.0.0/4
255.255.255.255/32

3
luci-app-passwall/root/usr/share/passwall/rules/lanlist_ipv6
View File

@ -1,6 +1,5 @@
::/128
::1/128
::ffff:0:0/96
::ffff:0:0:0/96
64:ff9b::/96
100::/64
@ -10,4 +9,4 @@
2002::/16
fc00::/7
fe80::/10
ff00::/8
ff00::/8

4
luci-app-store/Makefile
View File

@ -10,12 +10,12 @@ LUCI_DESCRIPTION:=luci-app-store is a ipk store developed by LinkEase team
LUCI_DEPENDS:=+curl +opkg +luci-base +tar +coreutils +coreutils-stat +libuci-lua +mount-utils
LUCI_PKGARCH:=all
PKG_VERSION:=0.1.9-5
PKG_VERSION:=0.1.9-6
# PKG_RELEASE MUST be empty for luci.mk
PKG_RELEASE:=
ISTORE_UI_VERSION:=0.1.9
ISTORE_UI_RELEASE:=4
ISTORE_UI_RELEASE:=5
PKG_HASH:=skip
PKG_SOURCE_URL_FILE:=v$(ISTORE_UI_VERSION)-$(ISTORE_UI_RELEASE).tar.gz

2
shadowsocks-libev/Makefile
View File

@ -14,7 +14,7 @@ include $(TOPDIR)/rules.mk
#
PKG_NAME:=shadowsocks-libev
PKG_VERSION:=3.3.5
PKG_RELEASE:=4
PKG_RELEASE:=5
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/shadowsocks/shadowsocks-libev/releases/download/v$(PKG_VERSION)

2
shadowsocks-libev/files/shadowsocks-libev.init
View File

@ -156,7 +156,7 @@ ss_rules() {
json_add_string o_nft_udp_extra "$nft_udp_extra"
json_dump -i >"$tmp.json"
if ucode -S -i "$ssrules_uc" -E "$tmp.json" >"$tmp.nft" \
if utpl -S -F "$tmp.json" "$ssrules_uc" >"$tmp.nft" \
&& ! cmp -s "$tmp.nft" "$ssrules_nft"; then
echo "table inet chk {include \"$tmp.nft\";}" >"$tmp.nft.chk"
if nft -f "$tmp.nft.chk" -c; then