From 87d662c8efc479474956b61e669adb69135f928a Mon Sep 17 00:00:00 2001 From: kenzok8 Date: Sat, 7 Dec 2024 16:24:54 +0800 Subject: [PATCH] update 2024-12-07 16:24:54 --- floatip/Makefile | 2 +- floatip/files/floatip.config | 4 +- floatip/files/floatip.init | 2 +- floatip/files/floatip.sh | 4 +- .../luasrc/model/cbi/passwall/client/rule.lua | 3 +- .../model/cbi/passwall/client/rule_list.lua | 12 +-- luci-app-passwall/po/zh-cn/passwall.po | 3 + .../root/usr/share/passwall/app.sh | 25 +++-- .../share/passwall/helper_chinadns_add.lua | 65 ++++++++---- .../share/passwall/helper_smartdns_add.lua | 61 +++++++++--- .../root/usr/share/passwall/iptables.sh | 98 ++++++++++++++----- .../root/usr/share/passwall/nftables.sh | 94 +++++++++++++----- luci-app-systools/Makefile | 2 +- .../luasrc/controller/systools.lua | 4 +- .../usr/libexec/{istorec => }/systools.sh | 36 ++----- v2ray-geoview/Makefile | 4 +- 16 files changed, 277 insertions(+), 142 deletions(-) rename luci-app-systools/root/usr/libexec/{istorec => }/systools.sh (51%) diff --git a/floatip/Makefile b/floatip/Makefile index 671db2ebd..d13fd624f 100644 --- a/floatip/Makefile +++ b/floatip/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=floatip -PKG_VERSION:=1.0.0 +PKG_VERSION:=1.0.1 PKG_RELEASE:=1 PKG_MAINTAINER:=jjm2473 diff --git a/floatip/files/floatip.config b/floatip/files/floatip.config index 9f697a494..87b52dad2 100644 --- a/floatip/files/floatip.config +++ b/floatip/files/floatip.config @@ -6,7 +6,7 @@ config floatip 'main' # option role 'main' # 对于 fallback 节点,检查到 check_ip 都不在线超过一定时间(例如30秒),就设置自身的 set_ip,然后检查 check_ip 中任一 IP 在线就清除自身的 set_ip,重复上述流程。 # 对于 main 节点,启动后不断检查 set_ip ,直到 set_ip 不在线,就设置自身的 set_ip,然后退出进程。 - option set_ip '192.168.100.2/24' + option set_ip '192.168.100.3/24' # check_ip 仅 fallback 有效,并且检查时只检查跟 set_ip 同一网段的 - list check_ip '192.168.100.3' + list check_ip '192.168.100.2' # list check_ip '192.168.100.4' diff --git a/floatip/files/floatip.init b/floatip/files/floatip.init index 824502b45..3c719766e 100755 --- a/floatip/files/floatip.init +++ b/floatip/files/floatip.init @@ -13,7 +13,7 @@ start_service() { config_get set_ip "main" set_ip [[ -n "$set_ip" ]] || return 0 eval "$(ipcalc.sh "$set_ip" )";set_prefix=$PREFIX;set_ip=$IP - [[ "$set_ip" = 0.0.0.0 ]] && set_ip=192.168.100.2 + [[ "$set_ip" = 0.0.0.0 ]] && set_ip=192.168.100.3 [[ "$set_prefix" = 0 ]] && set_prefix=24 local lan_ip="`uci -q get network.lan.ipaddr`" [[ -n "$lan_ip" ]] || return 0 diff --git a/floatip/files/floatip.sh b/floatip/files/floatip.sh index 2756c8a8a..ca809a606 100755 --- a/floatip/files/floatip.sh +++ b/floatip/files/floatip.sh @@ -45,7 +45,7 @@ fallback_loop() { eval "$(ipcalc.sh "$set_ip" )";set_net=$NETWORK;set_prefix=$PREFIX;set_ip=$IP [[ "$set_net" = 0.0.0.0 ]] && set_net=192.168.100.0 [[ "$set_prefix" = 0 ]] && set_prefix=24 - [[ "$set_ip" = 0.0.0.0 ]] && set_ip=192.168.100.2 + [[ "$set_ip" = 0.0.0.0 ]] && set_ip=192.168.100.3 local ipaddr="$set_ip/$set_prefix" local valid_check_ip cip for cip in $check_ip; do @@ -104,7 +104,7 @@ main_loop() { eval "$(ipcalc.sh "$set_ip" )";set_net=$NETWORK;set_prefix=$PREFIX;set_ip=$IP [[ "$set_net" = 0.0.0.0 ]] && set_net=192.168.100.0 [[ "$set_prefix" = 0 ]] && set_prefix=24 - [[ "$set_ip" = 0.0.0.0 ]] && set_ip=192.168.100.2 + [[ "$set_ip" = 0.0.0.0 ]] && set_ip=192.168.100.3 local ipaddr="$set_ip/$set_prefix" while :; do # sleep 2-6s diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/rule.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/rule.lua index b5f16699d..a53f8d72b 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/rule.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/rule.lua @@ -94,7 +94,8 @@ if has_xray or has_singbox then o.rmempty = false o.description = "" end diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua index 906c4ca8c..551d6612e 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua @@ -41,7 +41,7 @@ o.validate = function(self, value) value = value:gsub("^%s+", ""):gsub("%s+$","\n"):gsub("\r\n","\n"):gsub("[ \t]*\n[ \t]*", "\n") string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(hosts, w) end) for index, host in ipairs(hosts) do - if host:sub(1, 1) == "#" then + if host:sub(1, 1) == "#" or host:sub(1, 8) == "geosite:" then return value end if not datatypes.hostname(host) then @@ -70,7 +70,7 @@ o.validate = function(self, value) value = value:gsub("^%s+", ""):gsub("%s+$","\n"):gsub("\r\n","\n"):gsub("[ \t]*\n[ \t]*", "\n") string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(ipmasks, w) end) for index, ipmask in ipairs(ipmasks) do - if ipmask:sub(1, 1) == "#" then + if ipmask:sub(1, 1) == "#" or ipmask:sub(1, 6) == "geoip:" then return value end if not ( datatypes.ipmask4(ipmask) or datatypes.ipmask6(ipmask) ) then @@ -101,7 +101,7 @@ o.validate = function(self, value) value = value:gsub("^%s+", ""):gsub("%s+$","\n"):gsub("\r\n","\n"):gsub("[ \t]*\n[ \t]*", "\n") string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(hosts, w) end) for index, host in ipairs(hosts) do - if host:sub(1, 1) == "#" then + if host:sub(1, 1) == "#" or host:sub(1, 8) == "geosite:" then return value end if not datatypes.hostname(host) then @@ -130,7 +130,7 @@ o.validate = function(self, value) value = value:gsub("^%s+", ""):gsub("%s+$","\n"):gsub("\r\n","\n"):gsub("[ \t]*\n[ \t]*", "\n") string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(ipmasks, w) end) for index, ipmask in ipairs(ipmasks) do - if ipmask:sub(1, 1) == "#" then + if ipmask:sub(1, 1) == "#" or ipmask:sub(1, 6) == "geoip:" then return value end if not ( datatypes.ipmask4(ipmask) or datatypes.ipmask6(ipmask) ) then @@ -159,7 +159,7 @@ o.validate = function(self, value) value = value:gsub("^%s+", ""):gsub("%s+$","\n"):gsub("\r\n","\n"):gsub("[ \t]*\n[ \t]*", "\n") string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(hosts, w) end) for index, host in ipairs(hosts) do - if host:sub(1, 1) == "#" then + if host:sub(1, 1) == "#" or host:sub(1, 8) == "geosite:" then return value end if not datatypes.hostname(host) then @@ -188,7 +188,7 @@ o.validate = function(self, value) value = value:gsub("^%s+", ""):gsub("%s+$","\n"):gsub("\r\n","\n"):gsub("[ \t]*\n[ \t]*", "\n") string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(ipmasks, w) end) for index, ipmask in ipairs(ipmasks) do - if ipmask:sub(1, 1) == "#" then + if ipmask:sub(1, 1) == "#" or ipmask:sub(1, 6) == "geoip:" then return value end if not ( datatypes.ipmask4(ipmask) or datatypes.ipmask6(ipmask) ) then diff --git a/luci-app-passwall/po/zh-cn/passwall.po b/luci-app-passwall/po/zh-cn/passwall.po index 12c1c894e..dfb3bd636 100644 --- a/luci-app-passwall/po/zh-cn/passwall.po +++ b/luci-app-passwall/po/zh-cn/passwall.po @@ -934,6 +934,9 @@ msgstr "开启 Geo 数据解析" msgid "Analyzes and preloads GeoIP/Geosite data to enhance the shunt performance of Sing-box/Xray." msgstr "分析和预加载 GeoIP/Geosite 数据,以增强 Sing-box/Xray 的分流效果。" +msgid "Once enabled, the rule list can support GeoIP/Geosite rules." +msgstr "启用后,规则列表可以支持 GeoIP/Geosite 规则。" + msgid "Note: Increases resource usage; Geosite analysis is only supported in ChinaDNS-NG and SmartDNS modes." msgstr "注:会增加一些系统资源的开销,仅在 ChinaDNS-NG 和 SmartDNS 模式下支持分析 Geosite 。" diff --git a/luci-app-passwall/root/usr/share/passwall/app.sh b/luci-app-passwall/root/usr/share/passwall/app.sh index 80c8fcdd9..4e1968a1f 100755 --- a/luci-app-passwall/root/usr/share/passwall/app.sh +++ b/luci-app-passwall/root/usr/share/passwall/app.sh @@ -359,17 +359,6 @@ parse_doh() { eval "${__url_var}='${__url}' ${__host_var}='${__host}' ${__port_var}='${__port}' ${__bootstrap_var}='${__bootstrap}'" } -get_dnsmasq_conf_dir() { - local dnsmasq_conf_path=$(grep -l "^conf-dir=" /tmp/etc/dnsmasq.conf.${DEFAULT_DNSMASQ_CFGID}) - [ -n "$dnsmasq_conf_path" ] && { - local dnsmasq_conf_dir=$(grep '^conf-dir=' "$dnsmasq_conf_path" | cut -d'=' -f2 | head -n 1) - [ -n "$dnsmasq_conf_dir" ] && { - DNSMASQ_CONF_DIR=${dnsmasq_conf_dir%*/} - TMP_DNSMASQ_PATH=${DNSMASQ_CONF_DIR}/${CONFIG} - } - } -} - run_ipt2socks() { local flag proto tcp_tproxy local_port socks_address socks_port socks_username socks_password log_file local _extra_param="" @@ -2010,7 +1999,17 @@ RESOLVFILE=/tmp/resolv.conf.d/resolv.conf.auto ISP_DNS=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort -u | grep -v 0.0.0.0 | grep -v 127.0.0.1) ISP_DNS6=$(cat $RESOLVFILE 2>/dev/null | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | awk -F % '{print $1}' | awk -F " " '{print $2}'| sort -u | grep -v -Fx ::1 | grep -v -Fx ::) -DEFAULT_DNSMASQ_CFGID=$(uci show dhcp.@dnsmasq[0] | awk -F '.' '{print $2}' | awk -F '=' '{print $1}'| head -1) +DEFAULT_DNSMASQ_CFGID="$(uci -q show "dhcp.@dnsmasq[0]" | awk 'NR==1 {split($0, conf, /[.=]/); print conf[2]}')" +if [ -f "/tmp/etc/dnsmasq.conf.$DEFAULT_DNSMASQ_CFGID" ]; then + DNSMASQ_CONF_DIR="$(awk -F '=' '/^conf-dir=/ {print $2}' "/tmp/etc/dnsmasq.conf.$DEFAULT_DNSMASQ_CFGID")" + if [ -n "$DNSMASQ_CONF_DIR" ]; then + DNSMASQ_CONF_DIR=${DNSMASQ_CONF_DIR%*/} + TMP_DNSMASQ_PATH=${DNSMASQ_CONF_DIR}/${CONFIG} + else + DNSMASQ_CONF_DIR="/tmp/dnsmasq.d" + fi +fi + DEFAULT_DNS=$(uci show dhcp.@dnsmasq[0] | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' '\n' | grep -v "\/" | head -2 | sed ':label;N;s/\n/,/;b label') [ -z "${DEFAULT_DNS}" ] && [ "$(echo $ISP_DNS | tr ' ' '\n' | wc -l)" -le 2 ] && DEFAULT_DNS=$(echo -n $ISP_DNS | tr ' ' '\n' | head -2 | tr '\n' ',') LOCAL_DNS="${DEFAULT_DNS:-119.29.29.29,223.5.5.5}" @@ -2020,8 +2019,6 @@ DNS_QUERY_STRATEGY="UseIP" [ "$FILTER_PROXY_IPV6" = "1" ] && DNS_QUERY_STRATEGY="UseIPv4" DNSMASQ_FILTER_PROXY_IPV6=${FILTER_PROXY_IPV6} -get_dnsmasq_conf_dir - export V2RAY_LOCATION_ASSET=$(config_t_get global_rules v2ray_location_asset "/usr/share/v2ray/") export XRAY_LOCATION_ASSET=$V2RAY_LOCATION_ASSET mkdir -p /tmp/etc $TMP_PATH $TMP_BIN_PATH $TMP_SCRIPT_FUNC_PATH $TMP_ID_PATH $TMP_ROUTE_PATH $TMP_ACL_PATH $TMP_IFACE_PATH $TMP_PATH2 diff --git a/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua index dc9cf486f..60e847dd8 100644 --- a/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua +++ b/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua @@ -30,6 +30,7 @@ local RULES_PATH = "/usr/share/" .. appname .. "/rules" local FLAG_PATH = TMP_ACL_PATH .. "/" .. FLAG local config_lines = {} local tmp_lines = {} +local USE_GEOVIEW = uci:get(appname, "@global_rules[0]", "enable_geoview") local function log(...) if NO_LOGIC_LOG == "1" then @@ -115,12 +116,18 @@ end --自定义规则组,后声明的组具有更高优先级 --屏蔽列表 local file_block_host = TMP_ACL_PATH .. "/block_host" -if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then --对自定义列表进行清洗 +if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then local block_domain, lookup_block_domain = {}, {} + local geosite_arg = "" for line in io.lines(RULES_PATH .. "/block_host") do - line = api.get_std_domain(line) - if line ~= "" and not line:find("#") then - insert_unique(block_domain, line, lookup_block_domain) + if not line:find("#") and line:find("geosite:") then + line = string.match(line, ":([^:]+)$") + geosite_arg = geosite_arg .. (geosite_arg ~= "" and "," or "") .. line + else + line = api.get_std_domain(line) + if line ~= "" and not line:find("#") then + insert_unique(block_domain, line, lookup_block_domain) + end end end if #block_domain > 0 then @@ -130,6 +137,10 @@ if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then --对自定 end f_out:close() end + if USE_GEOVIEW == "1" and geosite_arg ~= "" and api.is_finded("geoview") then + get_geosite(geosite_arg, file_block_host) + log(" * 解析[屏蔽列表] Geosite 到屏蔽域名表(blocklist)完成") + end end if USE_BLOCK_LIST == "1" and is_file_nonzero(file_block_host) then tmp_lines = { @@ -168,12 +179,18 @@ end --直连(白名单)列表 local file_direct_host = TMP_ACL_PATH .. "/direct_host" -if USE_DIRECT_LIST == "1" and not fs.access(file_direct_host) then --对自定义列表进行清洗 +if USE_DIRECT_LIST == "1" and not fs.access(file_direct_host) then local direct_domain, lookup_direct_domain = {}, {} + local geosite_arg = "" for line in io.lines(RULES_PATH .. "/direct_host") do - line = api.get_std_domain(line) - if line ~= "" and not line:find("#") then - insert_unique(direct_domain, line, lookup_direct_domain) + if not line:find("#") and line:find("geosite:") then + line = string.match(line, ":([^:]+)$") + geosite_arg = geosite_arg .. (geosite_arg ~= "" and "," or "") .. line + else + line = api.get_std_domain(line) + if line ~= "" and not line:find("#") then + insert_unique(direct_domain, line, lookup_direct_domain) + end end end if #direct_domain > 0 then @@ -183,6 +200,10 @@ if USE_DIRECT_LIST == "1" and not fs.access(file_direct_host) then --对自定 end f_out:close() end + if USE_GEOVIEW == "1" and geosite_arg ~= "" and api.is_finded("geoview") then + get_geosite(geosite_arg, file_direct_host) + log(" * 解析[直连列表] Geosite 到域名白名单(whitelist)完成") + end end if USE_DIRECT_LIST == "1" and is_file_nonzero(file_direct_host) then tmp_lines = { @@ -197,12 +218,18 @@ end --代理(黑名单)列表 local file_proxy_host = TMP_ACL_PATH .. "/proxy_host" -if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then --对自定义列表进行清洗 +if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then local proxy_domain, lookup_proxy_domain = {}, {} + local geosite_arg = "" for line in io.lines(RULES_PATH .. "/proxy_host") do - line = api.get_std_domain(line) - if line ~= "" and not line:find("#") then - insert_unique(proxy_domain, line, lookup_proxy_domain) + if not line:find("#") and line:find("geosite:") then + line = string.match(line, ":([^:]+)$") + geosite_arg = geosite_arg .. (geosite_arg ~= "" and "," or "") .. line + else + line = api.get_std_domain(line) + if line ~= "" and not line:find("#") then + insert_unique(proxy_domain, line, lookup_proxy_domain) + end end end if #proxy_domain > 0 then @@ -212,6 +239,10 @@ if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then --对自定 end f_out:close() end + if USE_GEOVIEW == "1" and geosite_arg ~= "" and api.is_finded("geoview") then + get_geosite(geosite_arg, file_proxy_host) + log(" * 解析[代理列表] Geosite 到代理域名表(blacklist)完成") + end end if USE_PROXY_LIST == "1" and is_file_nonzero(file_proxy_host) then tmp_lines = { @@ -334,14 +365,14 @@ if uci:get(appname, TCP_NODE, "protocol") == "_shunt" then end end - local use_geoview = uci:get(appname, "@global_rules[0]", "enable_geoview") - if GFWLIST == "1" and CHNLIST == "0" and use_geoview == "1" then --仅GFW模式解析geosite + if GFWLIST == "1" and CHNLIST == "0" and USE_GEOVIEW == "1" and api.is_finded("geoview") then --仅GFW模式解析geosite if geosite_white_arg ~= "" then get_geosite(geosite_white_arg, file_white_host) end if geosite_shunt_arg ~= "" then get_geosite(geosite_shunt_arg, file_shunt_host) end + log(" * 解析[分流节点] Geosite 完成") end if is_file_nonzero(file_white_host) then @@ -409,11 +440,11 @@ end table.insert(config_lines, "hosts") if DEFAULT_TAG == "chn" then - log(string.format(" - 默认:%s", DNS_LOCAL)) + log(string.format(" - 默认 DNS :%s", DNS_LOCAL)) elseif DEFAULT_TAG == "gfw" then - log(string.format(" - 默认:%s", DNS_TRUST)) + log(string.format(" - 默认 DNS :%s", DNS_TRUST)) else - log(string.format(" - 默认:%s", "智能匹配")) + log(string.format(" - 默认 DNS :%s", "智能匹配")) end --输出配置文件 diff --git a/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua index 894631ec0..06b54e77e 100644 --- a/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua +++ b/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua @@ -36,6 +36,7 @@ local RULES_PATH = "/usr/share/" .. appname .. "/rules" local FLAG_PATH = TMP_ACL_PATH .. "/" .. FLAG local config_lines = {} local tmp_lines = {} +local USE_GEOVIEW = uci:get(appname, "@global_rules[0]", "enable_geoview") local function log(...) if NO_LOGIC_LOG == "1" then @@ -233,12 +234,18 @@ end --屏蔽列表 local file_block_host = TMP_ACL_PATH .. "/block_host" -if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then --对自定义列表进行清洗 +if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then local block_domain, lookup_block_domain = {}, {} + local geosite_arg = "" for line in io.lines(RULES_PATH .. "/block_host") do - line = api.get_std_domain(line) - if line ~= "" and not line:find("#") then - insert_unique(block_domain, line, lookup_block_domain) + if not line:find("#") and line:find("geosite:") then + line = string.match(line, ":([^:]+)$") + geosite_arg = geosite_arg .. (geosite_arg ~= "" and "," or "") .. line + else + line = api.get_std_domain(line) + if line ~= "" and not line:find("#") then + insert_unique(block_domain, line, lookup_block_domain) + end end end if #block_domain > 0 then @@ -248,6 +255,10 @@ if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then --对自定 end f_out:close() end + if USE_GEOVIEW == "1" and geosite_arg ~= "" and api.is_finded("geoview") then + get_geosite(geosite_arg, file_block_host) + log(" * 解析[屏蔽列表] Geosite 到屏蔽域名表(blocklist)完成") + end end if USE_BLOCK_LIST == "1" and is_file_nonzero(file_block_host) then local domain_set_name = "passwall-block" @@ -289,12 +300,18 @@ end --直连(白名单)列表 local file_direct_host = TMP_ACL_PATH .. "/direct_host" -if USE_DIRECT_LIST == "1" and not fs.access(file_direct_host) then --对自定义列表进行清洗 +if USE_DIRECT_LIST == "1" and not fs.access(file_direct_host) then local direct_domain, lookup_direct_domain = {}, {} + local geosite_arg = "" for line in io.lines(RULES_PATH .. "/direct_host") do - line = api.get_std_domain(line) - if line ~= "" and not line:find("#") then - insert_unique(direct_domain, line, lookup_direct_domain) + if not line:find("#") and line:find("geosite:") then + line = string.match(line, ":([^:]+)$") + geosite_arg = geosite_arg .. (geosite_arg ~= "" and "," or "") .. line + else + line = api.get_std_domain(line) + if line ~= "" and not line:find("#") then + insert_unique(direct_domain, line, lookup_direct_domain) + end end end if #direct_domain > 0 then @@ -304,6 +321,10 @@ if USE_DIRECT_LIST == "1" and not fs.access(file_direct_host) then --对自定 end f_out:close() end + if USE_GEOVIEW == "1" and geosite_arg ~= "" and api.is_finded("geoview") then + get_geosite(geosite_arg, file_direct_host) + log(" * 解析[直连列表] Geosite 到域名白名单(whitelist)完成") + end end if USE_DIRECT_LIST == "1" and is_file_nonzero(file_direct_host) then local domain_set_name = "passwall-directlist" @@ -320,12 +341,18 @@ end --代理(黑名单)列表 local file_proxy_host = TMP_ACL_PATH .. "/proxy_host" -if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then --对自定义列表进行清洗 +if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then local proxy_domain, lookup_proxy_domain = {}, {} + local geosite_arg = "" for line in io.lines(RULES_PATH .. "/proxy_host") do - line = api.get_std_domain(line) - if line ~= "" and not line:find("#") then - insert_unique(proxy_domain, line, lookup_proxy_domain) + if not line:find("#") and line:find("geosite:") then + line = string.match(line, ":([^:]+)$") + geosite_arg = geosite_arg .. (geosite_arg ~= "" and "," or "") .. line + else + line = api.get_std_domain(line) + if line ~= "" and not line:find("#") then + insert_unique(proxy_domain, line, lookup_proxy_domain) + end end end if #proxy_domain > 0 then @@ -335,6 +362,10 @@ if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then --对自定 end f_out:close() end + if USE_GEOVIEW == "1" and geosite_arg ~= "" and api.is_finded("geoview") then + get_geosite(geosite_arg, file_proxy_host) + log(" * 解析[代理列表] Geosite 到代理域名表(blacklist)完成") + end end if USE_PROXY_LIST == "1" and is_file_nonzero(file_proxy_host) then local domain_set_name = "passwall-proxylist" @@ -477,14 +508,14 @@ if uci:get(appname, TCP_NODE, "protocol") == "_shunt" then end end - local use_geoview = uci:get(appname, "@global_rules[0]", "enable_geoview") - if USE_GFW_LIST == "1" and CHN_LIST == "0" and use_geoview == "1" then --仅GFW模式解析geosite + if USE_GFW_LIST == "1" and CHN_LIST == "0" and USE_GEOVIEW == "1" and api.is_finded("geoview") then --仅GFW模式解析geosite if geosite_white_arg ~= "" then get_geosite(geosite_white_arg, file_white_host) end if geosite_shunt_arg ~= "" then get_geosite(geosite_shunt_arg, file_shunt_host) end + log(" * 解析[分流节点] Geosite 完成") end if is_file_nonzero(file_white_host) then @@ -535,7 +566,7 @@ if #config_lines > 0 then end if DEFAULT_DNS_GROUP then - log(string.format(" - 默认分组:%s", DEFAULT_DNS_GROUP)) + log(string.format(" - 默认 DNS 分组:%s", DEFAULT_DNS_GROUP)) end fs.symlink(CACHE_DNS_FILE, SMARTDNS_CONF) diff --git a/luci-app-passwall/root/usr/share/passwall/iptables.sh b/luci-app-passwall/root/usr/share/passwall/iptables.sh index d724f7c86..601567261 100755 --- a/luci-app-passwall/root/usr/share/passwall/iptables.sh +++ b/luci-app-passwall/root/usr/share/passwall/iptables.sh @@ -776,53 +776,97 @@ add_firewall_rule() { ipset -! create $IPSET_WHITELIST6 nethash family inet6 maxelem 1048576 timeout 172800 ipset -! create $IPSET_BLOCKLIST6 nethash family inet6 maxelem 1048576 timeout 172800 - #分流规则的IP列表(使用分流节点时导入) + cat $RULES_PATH/chnroute | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + cat $RULES_PATH/chnroute6 | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + + #导入规则列表、分流规则中的IP列表 local USE_SHUNT_NODE=0 + local USE_PROXY_LIST_ALL=${USE_PROXY_LIST} + local USE_DIRECT_LIST_ALL=${USE_DIRECT_LIST} + local USE_BLOCK_LIST_ALL=${USE_BLOCK_LIST} local _TCP_NODE=$(config_t_get global tcp_node nil) local _UDP_NODE=$(config_t_get global udp_node nil) + local USE_GEOVIEW=$(config_t_get global_rules enable_geoview) [ "$_TCP_NODE" != "nil" ] && [ "$(config_n_get $_TCP_NODE protocol)" = "_shunt" ] && USE_SHUNT_TCP=1 && USE_SHUNT_NODE=1 [ "$_UDP_NODE" != "nil" ] && [ "$(config_n_get $_UDP_NODE protocol)" = "_shunt" ] && USE_SHUNT_UDP=1 && USE_SHUNT_NODE=1 [ "$_UDP_NODE" = "tcp" ] && USE_SHUNT_UDP=$USE_SHUNT_TCP - - [ "$USE_SHUNT_NODE" = "0" ] && { - for acl_section in $(uci show ${CONFIG} | grep "=acl_rule" | cut -d '.' -sf 2 | cut -d '=' -sf 1); do - [ "$(config_n_get $acl_section enabled)" != "1" ] && continue - for _node in $(config_n_get $acl_section tcp_node) $(config_n_get $acl_section udp_node); do - local node_protocol=$(config_n_get $_node protocol) - [ "$node_protocol" = "_shunt" ] && { USE_SHUNT_NODE=1; break 2; } - done + + for acl_section in $(uci show ${CONFIG} | grep "=acl_rule" | cut -d '.' -sf 2 | cut -d '=' -sf 1); do + [ "$(config_n_get $acl_section enabled)" != "1" ] && continue + [ "$(config_n_get $acl_section use_global_config 0)" != "1" ] && { + [ "$(config_n_get $acl_section use_direct_list 1)" = "1" ] && USE_PROXY_LIST_ALL=1 + [ "$(config_n_get $acl_section use_proxy_list 1)" = "1" ] && USE_DIRECT_LIST_ALL=1 + [ "$(config_n_get $acl_section use_block_list 1)" = "1" ] && USE_BLOCK_LIST_ALL=1 + } + for _node in $(config_n_get $acl_section tcp_node) $(config_n_get $acl_section udp_node); do + local node_protocol=$(config_n_get $_node protocol) + [ "$node_protocol" = "_shunt" ] && { USE_SHUNT_NODE=1; break; } done + done + + #直连列表 + [ "$USE_DIRECT_LIST_ALL" = "1" ] && { + cat $RULES_PATH/direct_ip | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_WHITELIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + cat $RULES_PATH/direct_ip | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_WHITELIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + [ "$USE_GEOVIEW" = "1" ] && { + local GEOIP_CODE=$(cat $RULES_PATH/direct_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g') + if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then + get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_WHITELIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_WHITELIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + echolog " - [$?]解析并加入[直连列表] GeoIP 到 IPSET 完成" + fi + } } + #代理列表 + [ "$USE_PROXY_LIST_ALL" = "1" ] && { + cat $RULES_PATH/proxy_ip | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLACKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + cat $RULES_PATH/proxy_ip | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_BLACKLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + [ "$USE_GEOVIEW" = "1" ] && { + local GEOIP_CODE=$(cat $RULES_PATH/proxy_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g') + if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then + get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLACKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_BLACKLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + echolog " - [$?]解析并加入[代理列表] GeoIP 到 IPSET 完成" + fi + } + } + + #屏蔽列表 + [ "$USE_PROXY_LIST_ALL" = "1" ] && { + cat $RULES_PATH/block_ip | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLOCKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + cat $RULES_PATH/block_ip | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_BLOCKLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + [ "$USE_GEOVIEW" = "1" ] && { + local GEOIP_CODE=$(cat $RULES_PATH/block_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g') + if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then + get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLOCKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_BLOCKLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + echolog " - [$?]解析并加入[屏蔽列表] GeoIP 到 IPSET 完成" + fi + } + } + + #分流列表 [ "$USE_SHUNT_NODE" = "1" ] && { local GEOIP_CODE="" local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}') for shunt_id in $shunt_ids; do - config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - [ "$(config_t_get global_rules enable_geoview)" = "1" ] && { + config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + [ "$USE_GEOVIEW" = "1" ] && { local geoip_code=$(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g') [ -n "$geoip_code" ] && GEOIP_CODE="${GEOIP_CODE:+$GEOIP_CODE,}$geoip_code" } done + if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then + get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + echolog " - [$?]解析并加入[分流节点] GeoIP 到 IPSET 完成" + fi } - if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then - get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - echolog " - [$?]解析并加入分流节点 GeoIP 到 IPSET 完成" - fi - - cat $RULES_PATH/chnroute | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLACKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - cat $RULES_PATH/direct_ip | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_WHITELIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - cat $RULES_PATH/block_ip | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLOCKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - - cat $RULES_PATH/chnroute6 | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - cat $RULES_PATH/direct_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_WHITELIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - cat $RULES_PATH/block_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLOCKLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + #局域网IP列表 ipset -! -R <<-EOF $(gen_lanlist | sed -e "s/^/add $IPSET_LANLIST /") EOF diff --git a/luci-app-passwall/root/usr/share/passwall/nftables.sh b/luci-app-passwall/root/usr/share/passwall/nftables.sh index 6d87dfa47..53affc84e 100755 --- a/luci-app-passwall/root/usr/share/passwall/nftables.sh +++ b/luci-app-passwall/root/usr/share/passwall/nftables.sh @@ -839,9 +839,9 @@ add_firewall_rule() { else gen_nftset $NFTSET_CHN ipv4_addr "2d" 0 $(cat $RULES_PATH/chnroute | tr -s '\n' | grep -v "^#") fi - gen_nftset $NFTSET_BLACKLIST ipv4_addr "2d" 0 $(cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") - gen_nftset $NFTSET_WHITELIST ipv4_addr "2d" 0 $(cat $RULES_PATH/direct_ip | tr -s '\n' | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") - gen_nftset $NFTSET_BLOCKLIST ipv4_addr "2d" 0 $(cat $RULES_PATH/block_ip | tr -s '\n' | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") + gen_nftset $NFTSET_BLACKLIST ipv4_addr "2d" 0 + gen_nftset $NFTSET_WHITELIST ipv4_addr "2d" 0 + gen_nftset $NFTSET_BLOCKLIST ipv4_addr "2d" 0 gen_nftset $NFTSET_SHUNTLIST ipv4_addr "2d" 0 gen_nftset $NFTSET_VPSLIST6 ipv6_addr 0 0 @@ -853,47 +853,97 @@ add_firewall_rule() { else gen_nftset $NFTSET_CHN6 ipv6_addr "2d" 0 $(cat $RULES_PATH/chnroute6 | tr -s '\n' | grep -v "^#") fi - gen_nftset $NFTSET_BLACKLIST6 ipv6_addr "2d" 0 $(cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") - gen_nftset $NFTSET_WHITELIST6 ipv6_addr "2d" 0 $(cat $RULES_PATH/direct_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") - gen_nftset $NFTSET_BLOCKLIST6 ipv6_addr "2d" 0 $(cat $RULES_PATH/block_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") + gen_nftset $NFTSET_BLACKLIST6 ipv6_addr "2d" 0 + gen_nftset $NFTSET_WHITELIST6 ipv6_addr "2d" 0 + gen_nftset $NFTSET_BLOCKLIST6 ipv6_addr "2d" 0 gen_nftset $NFTSET_SHUNTLIST6 ipv6_addr "2d" 0 - #分流规则的IP列表(使用分流节点时导入) + #导入规则列表、分流规则中的IP列表 local USE_SHUNT_NODE=0 + local USE_PROXY_LIST_ALL=${USE_PROXY_LIST} + local USE_DIRECT_LIST_ALL=${USE_DIRECT_LIST} + local USE_BLOCK_LIST_ALL=${USE_BLOCK_LIST} local _TCP_NODE=$(config_t_get global tcp_node nil) local _UDP_NODE=$(config_t_get global udp_node nil) + local USE_GEOVIEW=$(config_t_get global_rules enable_geoview) [ "$_TCP_NODE" != "nil" ] && [ "$(config_n_get $_TCP_NODE protocol)" = "_shunt" ] && USE_SHUNT_TCP=1 && USE_SHUNT_NODE=1 [ "$_UDP_NODE" != "nil" ] && [ "$(config_n_get $_UDP_NODE protocol)" = "_shunt" ] && USE_SHUNT_UDP=1 && USE_SHUNT_NODE=1 [ "$_UDP_NODE" = "tcp" ] && USE_SHUNT_UDP=$USE_SHUNT_TCP - [ "$USE_SHUNT_NODE" = "0" ] && { - for acl_section in $(uci show ${CONFIG} | grep "=acl_rule" | cut -d '.' -sf 2 | cut -d '=' -sf 1); do - [ "$(config_n_get $acl_section enabled)" != "1" ] && continue - for _node in $(config_n_get $acl_section tcp_node) $(config_n_get $acl_section udp_node); do - local node_protocol=$(config_n_get $_node protocol) - [ "$node_protocol" = "_shunt" ] && { USE_SHUNT_NODE=1; break 2; } - done + for acl_section in $(uci show ${CONFIG} | grep "=acl_rule" | cut -d '.' -sf 2 | cut -d '=' -sf 1); do + [ "$(config_n_get $acl_section enabled)" != "1" ] && continue + [ "$(config_n_get $acl_section use_global_config 0)" != "1" ] && { + [ "$(config_n_get $acl_section use_direct_list 1)" = "1" ] && USE_PROXY_LIST_ALL=1 + [ "$(config_n_get $acl_section use_proxy_list 1)" = "1" ] && USE_DIRECT_LIST_ALL=1 + [ "$(config_n_get $acl_section use_block_list 1)" = "1" ] && USE_BLOCK_LIST_ALL=1 + } + for _node in $(config_n_get $acl_section tcp_node) $(config_n_get $acl_section udp_node); do + local node_protocol=$(config_n_get $_node protocol) + [ "$node_protocol" = "_shunt" ] && { USE_SHUNT_NODE=1; break; } done + done + + #直连列表 + [ "$USE_DIRECT_LIST_ALL" = "1" ] && { + insert_nftset $NFTSET_WHITELIST "0" $(cat $RULES_PATH/direct_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") + insert_nftset $NFTSET_WHITELIST6 "0" $(cat $RULES_PATH/direct_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") + [ "$USE_GEOVIEW" = "1" ] && { + local GEOIP_CODE=$(cat $RULES_PATH/direct_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g') + if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then + insert_nftset $NFTSET_WHITELIST "0" $(get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") + insert_nftset $NFTSET_WHITELIST6 "0" $(get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") + echolog " - [$?]解析并加入[直连列表] GeoIP 到 NFTSET 完成" + fi + } } + #代理列表 + [ "$USE_PROXY_LIST_ALL" = "1" ] && { + insert_nftset $NFTSET_BLACKLIST "0" $(cat $RULES_PATH/proxy_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") + insert_nftset $NFTSET_BLACKLIST6 "0" $(cat $RULES_PATH/proxy_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") + [ "$USE_GEOVIEW" = "1" ] && { + local GEOIP_CODE=$(cat $RULES_PATH/proxy_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g') + if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then + insert_nftset $NFTSET_BLACKLIST "0" $(get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") + insert_nftset $NFTSET_BLACKLIST6 "0" $(get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") + echolog " - [$?]解析并加入[代理列表] GeoIP 到 NFTSET 完成" + fi + } + } + + #屏蔽列表 + [ "$USE_PROXY_LIST_ALL" = "1" ] && { + insert_nftset $NFTSET_BLOCKLIST "0" $(cat $RULES_PATH/block_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") + insert_nftset $NFTSET_BLOCKLIST6 "0" $(cat $RULES_PATH/block_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") + [ "$USE_GEOVIEW" = "1" ] && { + local GEOIP_CODE=$(cat $RULES_PATH/block_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g') + if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then + insert_nftset $NFTSET_BLOCKLIST "0" $(get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") + insert_nftset $NFTSET_BLOCKLIST6 "0" $(get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") + echolog " - [$?]解析并加入[屏蔽列表] GeoIP 到 NFTSET 完成" + fi + } + } + + #分流列表 [ "$USE_SHUNT_NODE" = "1" ] && { local GEOIP_CODE="" local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}') for shunt_id in $shunt_ids; do - insert_nftset $NFTSET_SHUNTLIST "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") - insert_nftset $NFTSET_SHUNTLIST6 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") - [ "$(config_t_get global_rules enable_geoview)" = "1" ] && { + insert_nftset $NFTSET_SHUNTLIST "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") + insert_nftset $NFTSET_SHUNTLIST6 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") + [ "$USE_GEOVIEW" = "1" ] && { local geoip_code=$(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g') [ -n "$geoip_code" ] && GEOIP_CODE="${GEOIP_CODE:+$GEOIP_CODE,}$geoip_code" } done + if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then + insert_nftset $NFTSET_SHUNTLIST "0" $(get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") + insert_nftset $NFTSET_SHUNTLIST6 "0" $(get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") + echolog " - [$?]解析并加入[分流节点] GeoIP 到 NFTSET 完成" + fi } - if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then - insert_nftset $NFTSET_SHUNTLIST "0" $(get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") - insert_nftset $NFTSET_SHUNTLIST6 "0" $(get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") - echolog " - [$?]解析并加入分流节点 GeoIP 到 NFTSET 完成" - fi # 忽略特殊IP段 local lan_ifname lan_ip diff --git a/luci-app-systools/Makefile b/luci-app-systools/Makefile index 24fc962a0..554e979d4 100644 --- a/luci-app-systools/Makefile +++ b/luci-app-systools/Makefile @@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk -PKG_VERSION:=1.0.7-20241206 +PKG_VERSION:=1.0.8-20241207 PKG_RELEASE:= LUCI_TITLE:=LuCI support for SysTools diff --git a/luci-app-systools/luasrc/controller/systools.lua b/luci-app-systools/luasrc/controller/systools.lua index f0c2b2e9b..9ff708738 100755 --- a/luci-app-systools/luasrc/controller/systools.lua +++ b/luci-app-systools/luasrc/controller/systools.lua @@ -186,9 +186,9 @@ end function install_execute_systools(req) local cmd if req["tool"] == "speedtest" then - cmd = string.format("/usr/libexec/istorec/systools.sh %s %s", req["tool"], req["speedTestServer"]) + cmd = string.format("/usr/libexec/systools.sh %s %s", req["tool"], req["speedTestServer"]) else - cmd = string.format("/usr/libexec/istorec/systools.sh %s", req["tool"]) + cmd = string.format("/usr/libexec/systools.sh %s", req["tool"]) end cmd = "/etc/init.d/tasks task_add systools " .. luci.util.shellquote(cmd) os.execute(cmd .. " >/dev/null 2>&1") diff --git a/luci-app-systools/root/usr/libexec/istorec/systools.sh b/luci-app-systools/root/usr/libexec/systools.sh similarity index 51% rename from luci-app-systools/root/usr/libexec/istorec/systools.sh rename to luci-app-systools/root/usr/libexec/systools.sh index 8b00a8088..b6f5ef534 100755 --- a/luci-app-systools/root/usr/libexec/istorec/systools.sh +++ b/luci-app-systools/root/usr/libexec/systools.sh @@ -16,39 +16,17 @@ usage() { echo " speedtest Start a speedtest" } -case ${ACTION} in - "turn_off_ipv6"|\ - "full_ipv6"|\ - "half_ipv6") - bash "/usr/share/systools/${ACTION}.run" - ;; - "reset_rom_pkgs") - bash "/usr/share/systools/${ACTION}.run" - ;; - "qb_reset_password") - bash "/usr/share/systools/${ACTION}.run" - ;; - "disk_power_mode") - bash "/usr/share/systools/${ACTION}.run" - ;; +case "${ACTION}" in "speedtest") /usr/share/systools/speedtest.run ${1} ;; - "openssl-aes256gcm") - bash "/usr/share/systools/${ACTION}.run" - ;; - "openssl-chacha20-poly1305") - bash "/usr/share/systools/${ACTION}.run" - ;; - "istore-reinstall") - bash "/usr/share/systools/${ACTION}.run" - ;; - "disable-wandrop") - bash "/usr/share/systools/${ACTION}.run" - ;; *) - usage - exit 1 + if [ -n "${ACTION}" -a -s /usr/share/systools/${ACTION}.run ]; then + bash "/usr/share/systools/${ACTION}.run" + else + usage + exit 1 + fi ;; esac diff --git a/v2ray-geoview/Makefile b/v2ray-geoview/Makefile index 208f387bc..c97025db1 100644 --- a/v2ray-geoview/Makefile +++ b/v2ray-geoview/Makefile @@ -1,12 +1,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=geoview -PKG_VERSION:=0.0.8 +PKG_VERSION:=0.0.9 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/snowie2000/geoview/tar.gz/$(PKG_VERSION)? -PKG_HASH:=1d94d2f251505fd5da8e03de6aba5722554e199b0873de28ecd7be62538aad60 +PKG_HASH:=ba0af14cd7a6ce457584ab4754331848ed78240ae39abdf65fef646df0130c2e PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE