update 2023-04-17 23:35:25

2025-01-08 11:17:34 +08:00 · 2023-04-17 23:35:25 +08:00 · 2023-04-17 23:35:25 +08:00 · 8a6710c8e2
commit 8a6710c8e2
parent f0545348c0
4 changed files with 13 additions and 130 deletions
--- a/luci-app-openclash/Makefile
+++ b/luci-app-openclash/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=luci-app-openclash
-PKG_VERSION:=0.45.111
+PKG_VERSION:=0.45.112
 PKG_RELEASE:=beta
 PKG_MAINTAINER:=vernesong <https://github.com/vernesong/OpenClash>

--- a/luci-app-openclash/po/zh-cn/openclash.zh-cn.po
+++ b/luci-app-openclash/po/zh-cn/openclash.zh-cn.po
@ -3378,12 +3378,6 @@ msgstr "提示：IPv6 代理模式为 TProxy..."
 msgid "Warning: Only Meta Core Support IPv6 Tun Mode, Use TProxy Instead..."
 msgstr "提示：只有 Meta 内核支持 IPv6 Tun 模式，使用 TProxy 模式代替..."

-msgid "Tip: Can't Get IPv4 LAN Interfaces, Please Verify The Firewall's LAN Zone Name is lan..."
-msgstr "提示：无法获取 IPv4 的 LAN 接口名称，请确保防火墙设置中 IPv4 LAN 区域的名称为 lan..."
-
-msgid "Tip: Can't Get IPv6 LAN Interfaces, Please Verify The Firewall's LAN Zone Name is lan..."
-msgstr "提示：无法获取 IPv6 的 LAN 接口名称，请确保防火墙设置中 IPv6 LAN 区域的名称为 lan..."
-
 msgid "Tip: Can't Get IPv4 WAN Interfaces, Please Verify The Firewall's WAN Zone Name is wan, Ignore This IF The Device Does not Have a WAN Interfaces..."
 msgstr "提示：无法获取 IPv4 的 WAN 接口名称，请确保防火墙设置中 IPv6 WAN 区域的名称为 wan，如设备无 WAN 口请忽略此提示..."

--- a/luci-app-openclash/root/etc/init.d/openclash
+++ b/luci-app-openclash/root/etc/init.d/openclash
@ -1330,45 +1330,6 @@ if [ "$ipv6_enable" -eq 1 ]; then
   esac
 fi

-#lan interfaces
-if [ -n "$FW4" ]; then
-   lan_ints=$(nft list chain inet fw4 input |grep -e "jump input_lan" 2>/dev/null |awk '{for (i=1;i<=NF;i++){if ($i ~ /iifname/ && $(i+1) != "{") {print $(i+1)} if ($i ~ /iifname/ && $(i+1) == "{"){for (j=i+1;j<=NF;j++){if ($j~ /}/) {out="";for (k=i+1;k<=j;k++){out=out" "$k};print out}}}}}' 2>/dev/null |sed 's/"//g'|sed 's/{//g'|sed 's/}//g'|sed 's/,//g')
-   if [ -z "$lan_ints" ]; then
-      lan_ints=$(ip route |grep 'default' |awk '{print $5}' |head -1 2>/dev/null)
-      if [ -z "$(echo "$(ls -l /sys/class/net/ 2>/dev/null |awk '{print $9}' 2>/dev/null)" |grep -E ^${lan_ints}$)" ]; then
-         lan_ints=""
-      fi
-   fi
-   lan6_ints=$(nft list chain inet fw4 input |grep -e "jump input_lan" 2>/dev/null |awk '{for (i=1;i<=NF;i++){if ($i ~ /iifname/ && $(i+1) != "{") {print $(i+1)} if ($i ~ /iifname/ && $(i+1) == "{"){for (j=i+1;j<=NF;j++){if ($j~ /}/) {out="";for (k=i+1;k<=j;k++){out=out" "$k};print out}}}}}' 2>/dev/null |sed 's/"//g'|sed 's/{//g'|sed 's/}//g'|sed 's/,//g')
-   if [ -z "$lan6_ints" ]; then
-      lan6_ints=$(ip route |grep 'default' |awk '{print $5}' |head -1 2>/dev/null)
-      if [ -z "$(echo "$(ls -l /sys/class/net/ 2>/dev/null |awk '{print $9}' 2>/dev/null)" |grep -E ^${lan6_ints}$)" ]; then
-         lan6_ints=""
-      fi
-   fi
-else
-   lan_ints=$(iptables-save -t filter |grep -e "-j zone_lan_input" 2>/dev/null |awk '{for (i=1;i<=NF;i++) {if ($i ~ /-i/) {print $(i+1)}}}' 2>/dev/null)
-   if [ -z "$lan_ints" ]; then
-      lan_ints=$(ip route |grep 'default' |awk '{print $5}' |head -1 2>/dev/null)
-      if [ -z "$(echo "$(ls -l /sys/class/net/ 2>/dev/null |awk '{print $9}' 2>/dev/null)" |grep -E ^${lan_ints}$)" ]; then
-         lan_ints=""
-      fi
-   fi
-   lan6_ints=$(ip6tables-save -t filter |grep -e "-j zone_lan_input" 2>/dev/null |awk '{for (i=1;i<=NF;i++) {if ($i ~ /-i/) {print $(i+1)}}}' 2>/dev/null)
-   if [ -z "$lan6_ints" ]; then
-      lan6_ints=$(ip route |grep 'default' |awk '{print $5}' |head -1 2>/dev/null)
-      if [ -z "$(echo "$(ls -l /sys/class/net/ 2>/dev/null |awk '{print $9}' 2>/dev/null)" |grep -E ^${lan6_ints}$)" ]; then
-         lan6_ints=""
-      fi
-   fi
-fi
-if [ -z "$lan_ints" ]; then
-   LOG_OUT "Tip: Can't Get IPv4 LAN Interfaces, Please Verify The Firewall's LAN Zone Name is lan..."
-fi
-if [ -z "$lan6_ints" ]; then
-   LOG_OUT "Tip: Can't Get IPv6 LAN Interfaces, Please Verify The Firewall's LAN Zone Name is lan..."
-fi
-
 if [ -n "$FW4" ]; then
   LOG_OUT "Tip: Firewall4 was Detected, Use NFTABLE Rules..."
   if [ "$china_ip_route" = "1" ] || [ "$disable_udp_quic" = "1" ]; then
@ -1584,14 +1545,7 @@ if [ -n "$FW4" ]; then
      #tcp
      nft 'add chain inet fw4 openclash' 2>/dev/null
      nft 'flush chain inet fw4 openclash' 2>/dev/null
-      if [ -n "$lan_ints" ]; then
-         nft add rule inet fw4 openclash iifname lo ip daddr @localnetwork counter return 2>/dev/null
-         for lan_int in $lan_ints; do
-            nft add rule inet fw4 openclash iifname "$lan_int" ip daddr @localnetwork counter return
-         done >/dev/null 2>&1
-      else
-         nft add rule inet fw4 openclash ip daddr @localnetwork counter return 2>/dev/null
-      fi
+      nft add rule inet fw4 openclash ip daddr @localnetwork counter return 2>/dev/null
      if [ -z "$en_mode_tun" ] && [ "$en_mode" = "fake-ip" ]; then
          nft add rule inet fw4 openclash ip protocol tcp ip daddr { "$fakeip_range" } counter redirect to "$proxy_port" 2>/dev/null
      fi
@ -1631,14 +1585,7 @@ if [ -n "$FW4" ]; then
            nft 'add chain inet fw4 openclash_upnp' 2>/dev/null
            nft 'flush chain inet fw4 openclash_upnp' 2>/dev/null
            upnp_exclude
-            if [ -n "$lan_ints" ]; then
-               nft add rule inet fw4 openclash_mangle iifname lo ip daddr @localnetwork counter return 2>/dev/null
-               for lan_int in $lan_ints; do
-                  nft add rule inet fw4 openclash_mangle iifname "$lan_int" ip daddr @localnetwork counter return
-               done >/dev/null 2>&1
-            else
-               nft add rule inet fw4 openclash_mangle ip daddr @localnetwork counter return 2>/dev/null
-            fi
+            nft add rule inet fw4 openclash_mangle ip daddr @localnetwork counter return 2>/dev/null
            nft 'add rule inet fw4 openclash_mangle udp dport 53 counter return' 2>/dev/null
            if [ "$en_mode" = "fake-ip" ]; then
               nft add rule inet fw4 openclash_mangle meta l4proto { udp } ip daddr { "$fakeip_range" } mark set "$PROXY_FWMARK" tproxy ip to 127.0.0.1:"$tproxy_port" counter accept 2>/dev/null
@ -1776,14 +1723,7 @@ if [ -n "$FW4" ]; then

      #其他流量
      nft 'add rule inet fw4 openclash_mangle meta l4proto {tcp,udp} iifname utun counter return' 2>/dev/null
-      if [ -n "$lan_ints" ]; then
-         nft add rule inet fw4 openclash_mangle iifname lo ip daddr @localnetwork counter return 2>/dev/null
-         for lan_int in $lan_ints; do
-            nft add rule inet fw4 openclash_mangle iifname "$lan_int" ip daddr @localnetwork counter return
-         done >/dev/null 2>&1
-      else
-         nft add rule inet fw4 openclash_mangle ip daddr @localnetwork counter return 2>/dev/null
-      fi
+      nft add rule inet fw4 openclash_mangle ip daddr @localnetwork counter return 2>/dev/null
      nft 'add rule inet fw4 openclash_mangle ip saddr @localnetwork meta l4proto {tcp,udp} th sport @lan_ac_black_ports counter return' 2>/dev/null
      nft 'add rule inet fw4 openclash_mangle ip daddr @wan_ac_black_ips counter return' 2>/dev/null
      nft 'add rule inet fw4 openclash_mangle ip saddr @lan_ac_black_ips counter return' 2>/dev/null
@ -1985,14 +1925,7 @@ if [ -n "$FW4" ]; then
         #tcp
         nft 'add chain inet fw4 openclash_v6' 2>/dev/null
         nft 'flush chain inet fw4 openclash_v6' 2>/dev/null
-         if [ -n "$lan6_ints" ]; then
-            nft add rule inet fw4 openclash_v6 iifname lo ip6 daddr @localnetwork6 counter return 2>/dev/null
-            for lan6_int in $lan6_ints; do
-               nft add rule inet fw4 openclash_v6 iifname "$lan6_int" ip6 daddr @localnetwork6 counter return
-            done >/dev/null 2>&1
-         else
-            nft add rule inet fw4 openclash_v6 ip6 daddr @localnetwork6 counter return 2>/dev/null
-         fi
+         nft add rule inet fw4 openclash_v6 ip6 daddr @localnetwork6 counter return 2>/dev/null
         nft 'add rule inet fw4 openclash_v6 ip6 saddr @localnetwork6 meta nfproto {ipv6} sport @lan_ac_black_ports counter return' 2>/dev/null
         nft 'add rule inet fw4 openclash_v6 ip6 daddr @wan_ac_black_ipv6s counter return' 2>/dev/null
         nft 'add rule inet fw4 openclash_v6 ip6 saddr @lan_ac_black_ipv6s counter return' 2>/dev/null
@ -2048,14 +1981,7 @@ if [ -n "$FW4" ]; then
      if [ "$enable_v6_udp_proxy" -eq 1 ] || [ "$ipv6_mode" -eq 0 ] || [ "$ipv6_mode" -eq 2 ]; then
         nft 'add chain inet fw4 openclash_mangle_v6' 2>/dev/null
         nft 'flush chain inet fw4 openclash_mangle_v6' 2>/dev/null
-         if [ -n "$lan6_ints" ]; then
-            nft add rule inet fw4 openclash_mangle_v6 iifname lo ip6 daddr @localnetwork6 counter return 2>/dev/null
-            for lan6_int in $lan6_ints; do
-               nft add rule inet fw4 openclash_mangle_v6 iifname "$lan6_int" ip6 daddr @localnetwork6 counter return
-            done >/dev/null 2>&1
-         else
-            nft add rule inet fw4 openclash_mangle_v6 ip6 daddr @localnetwork6 counter return 2>/dev/null
-         fi
+         nft add rule inet fw4 openclash_mangle_v6 ip6 daddr @localnetwork6 counter return 2>/dev/null
         nft 'add rule inet fw4 openclash_mangle_v6 meta nfproto {ipv6} udp dport 53 counter return' 2>/dev/null
         nft 'add rule inet fw4 openclash_mangle_v6 ip6 saddr @localnetwork6 meta nfproto {ipv6} sport @lan_ac_black_ports counter return' 2>/dev/null
         nft 'add rule inet fw4 openclash_mangle_v6 ip6 daddr @wan_ac_black_ipv6s counter return' 2>/dev/null
@ -2390,14 +2316,7 @@ else
      #tcp
      iptables -t nat -N openclash
      iptables -t nat -F openclash
-      if [ -n "$lan_ints" ]; then
-         iptables -t nat -A openclash -i lo -m set --match-set localnetwork dst -j RETURN
-         for lan_int in $lan_ints; do
-            iptables -t nat -A openclash -i "$lan_int" -m set --match-set localnetwork dst -j RETURN
-         done
-      else
-         iptables -t nat -A openclash -m set --match-set localnetwork dst -j RETURN
-      fi
+      iptables -t nat -A openclash -m set --match-set localnetwork dst -j RETURN
      if [ -z "$en_mode_tun" ] && [ "$en_mode" = "fake-ip" ]; then
         iptables -t nat -A openclash -p tcp -d "$fakeip_range" -j REDIRECT --to-ports "$proxy_port"
      fi
@ -2438,14 +2357,7 @@ else
            iptables -t mangle -N openclash_upnp
            iptables -t mangle -F openclash_upnp
            upnp_exclude
-            if [ -n "$lan_ints" ]; then
-               iptables -t mangle -A openclash -i lo -m set --match-set localnetwork dst -j RETURN
-               for lan_int in $lan_ints; do
-                  iptables -t mangle -A openclash -i "$lan_int" -m set --match-set localnetwork dst -j RETURN
-               done >/dev/null 2>&1
-            else
-               iptables -t mangle -A openclash -m set --match-set localnetwork dst -j RETURN
-            fi
+            iptables -t mangle -A openclash -m set --match-set localnetwork dst -j RETURN
            iptables -t mangle -A openclash -p udp --dport 53 -j RETURN >/dev/null 2>&1
            if [ "$en_mode" = "fake-ip" ]; then
               iptables -t mangle -A openclash -p udp -d "$fakeip_range" -j TPROXY --on-port "$tproxy_port" --tproxy-mark "$PROXY_FWMARK"
@ -2583,14 +2495,7 @@ else
      upnp_exclude
      #其他流量
      iptables -t mangle -A openclash -i utun -j RETURN >/dev/null 2>&1
-      if [ -n "$lan_ints" ]; then
-         iptables -t mangle -A openclash -i lo -m set --match-set localnetwork dst -j RETURN
-         for lan_int in $lan_ints; do
-            iptables -t mangle -A openclash -i "$lan_int" -m set --match-set localnetwork dst -j RETURN
-         done >/dev/null 2>&1
-      else
-         iptables -t mangle -A openclash -m set --match-set localnetwork dst -j RETURN
-      fi
+      iptables -t mangle -A openclash -m set --match-set localnetwork dst -j RETURN
      iptables -t mangle -A openclash -m set --match-set localnetwork src -m set --match-set lan_ac_black_ports src -j RETURN >/dev/null 2>&1
      iptables -t mangle -A openclash -m set --match-set wan_ac_black_ips dst -j RETURN >/dev/null 2>&1
      iptables -t mangle -A openclash -m set --match-set lan_ac_black_ips src -j RETURN >/dev/null 2>&1
@ -2787,14 +2692,7 @@ else
         #tcp
         ip6tables -t nat -N openclash
         ip6tables -t nat -F openclash
-         if [ -n "$lan6_ints" ]; then
-            ip6tables -t nat -A openclash -i lo -m set --match-set localnetwork6 dst -j RETURN
-            for lan6_int in $lan6_ints; do
-               ip6tables -t nat -A openclash -i "$lan6_int" -m set --match-set localnetwork6 dst -j RETURN
-            done
-         else
-            ip6tables -t nat -A openclash -m set --match-set localnetwork6 dst -j RETURN
-         fi
+         ip6tables -t nat -A openclash -m set --match-set localnetwork6 dst -j RETURN
         ip6tables -t nat -A openclash -m set --match-set localnetwork6 src -m set --match-set lan_ac_black_ports src -j RETURN >/dev/null 2>&1
         ip6tables -t nat -A openclash -m set --match-set wan_ac_black_ipv6s dst -j RETURN >/dev/null 2>&1
         ip6tables -t nat -A openclash -m set --match-set lan_ac_black_ipv6s src -j RETURN >/dev/null 2>&1
@ -2844,14 +2742,7 @@ else
      if [ "$enable_v6_udp_proxy" -eq 1 ] || [ "$ipv6_mode" -eq 0 ] || [ "$ipv6_mode" -eq 2 ]; then
         ip6tables -t mangle -N openclash
         ip6tables -t mangle -F openclash
-         if [ -n "$lan6_ints" ]; then
-            ip6tables -t mangle -A openclash -i lo -m set --match-set localnetwork6 dst -j RETURN
-            for lan6_int in $lan6_ints; do
-               ip6tables -t mangle -A openclash -i "$lan6_int" -m set --match-set localnetwork6 dst -j RETURN
-            done >/dev/null 2>&1
-         else
-            ip6tables -t mangle -A openclash -m set --match-set localnetwork6 dst -j RETURN
-         fi
+         ip6tables -t mangle -A openclash -m set --match-set localnetwork6 dst -j RETURN
         ip6tables -t mangle -A openclash -p udp --dport 53 -j RETURN >/dev/null 2>&1
         ip6tables -t mangle -A openclash -m set --match-set localnetwork6 src -m set --match-set lan_ac_black_ports src -j RETURN >/dev/null 2>&1
         ip6tables -t mangle -A openclash -m set --match-set wan_ac_black_ipv6s dst -j RETURN >/dev/null 2>&1
--- a/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
+++ b/luci-app-ssr-plus/root/etc/init.d/shadowsocksr
@ -226,8 +226,7 @@ gen_service_file() {
 	if [ $1 == "ssr" ]; then
 		cat <<-EOF >$3
 			{
-			  "server": "0.0.0.0",
-			  "server_ipv6": "::",
+			  "server": ["[::0]", "0.0.0.0"],
 			  "server_port": $(uci_get_by_name $2 server_port),
 			  "mode": "tcp_and_udp",
 			  "password": "$(uci_get_by_name $2 password)",
@ -243,8 +242,7 @@ gen_service_file() {
 	else
 		cat <<-EOF >$3
 			{
-			  "server": "0.0.0.0",
-			  "server_ipv6": "::",
+			  "server": ["[::0]", "0.0.0.0"],
 			  "server_port": $(uci_get_by_name $2 server_port),
 			  "mode": "tcp_and_udp",
 			  "password": "$(uci_get_by_name $2 password)",