OpenWrt/kenzok8-package
1
0
Fork 0
mirror of https://github.com/kenzok8/small-package synced 2025-01-08 13:27:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

update 2023-02-16 23:37:45

Browse Source
This commit is contained in:
github-actions[bot] 2023-02-16 23:37:45 +08:00
parent bd31f786b3
commit 9e75997999
153 changed files with 3871 additions and 3946 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
adguardhome/Makefile
View File

@ -6,13 +6,13 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=adguardhome
PKG_VERSION:=0.108.0-b.26
PKG_VERSION:=0.107.24
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=v$(PKG_VERSION)
PKG_SOURCE_URL:=https://github.com/AdguardTeam/AdGuardHome
PKG_HASH:=9d6c89acca2e99e325f0572b5e73d3df41a5bd024d7ed007ef7203e6404b5515
PKG_HASH:=d5b1940ebc9e434c087823b9ad9d2210d0a24ed8598b6a238ec16a37a1480316
PKG_LICENSE:=GPL-3.0-only
PKG_LICENSE_FILES:=LICENSE.txt

2
aliyundrive-webdav/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=aliyundrive-webdav
PKG_VERSION:=1.10.6
PKG_VERSION:=1.11.0
PKG_RELEASE:=1
PKG_LICENSE:=MIT

1
aliyundrive-webdav/files/aliyundrive-webdav.config
View File

@ -12,7 +12,6 @@ config server
option cache_ttl '600'
option root '/'
option no_trash '0'
option domain_id ''
option read_only '0'
option tls_cert ''
option tls_key ''

65
aliyundrive-webdav/files/aliyundrive-webdav.init
View File

@ -26,50 +26,45 @@ start_service() {
local host=$(uci_get_by_type server host 127.0.0.1)
local port=$(uci_get_by_type server port 8080)
local root=$(uci_get_by_type server root /)
local domain_id=$(uci_get_by_type server domain_id)
local tls_cert=$(uci_get_by_type server tls_cert)
local tls_key=$(uci_get_by_type server tls_key)
local extra_options="--auto-index"
if [[ ! -z "$domain_id" ]]; then
extra_options="$extra_options --domain-id $domain_id"
else
case "$(uci_get_by_type server no_trash 0)" in
1|on|true|yes|enabled)
extra_options="$extra_options --no-trash"
;;
*) ;;
esac
case "$(uci_get_by_type server no_trash 0)" in
1|on|true|yes|enabled)
extra_options="$extra_options --no-trash"
;;
*) ;;
esac
case "$(uci_get_by_type server read_only 0)" in
1|on|true|yes|enabled)
extra_options="$extra_options --read-only"
;;
*) ;;
esac
case "$(uci_get_by_type server read_only 0)" in
1|on|true|yes|enabled)
extra_options="$extra_options --read-only"
;;
*) ;;
esac
case "$(uci_get_by_type server skip_upload_same_size 0)" in
1|on|true|yes|enabled)
extra_options="$extra_options --skip-upload-same-size"
;;
*) ;;
esac
case "$(uci_get_by_type server skip_upload_same_size 0)" in
1|on|true|yes|enabled)
extra_options="$extra_options --skip-upload-same-size"
;;
*) ;;
esac
case "$(uci_get_by_type server prefer_http_download 0)" in
1|on|true|yes|enabled)
extra_options="$extra_options --prefer-http-download"
;;
*) ;;
esac
case "$(uci_get_by_type server prefer_http_download 0)" in
1|on|true|yes|enabled)
extra_options="$extra_options --prefer-http-download"
;;
*) ;;
esac
case "$(uci_get_by_type server no_redirect 0)" in
1|on|true|yes|enabled)
extra_options="$extra_options --no-redirect"
;;
*) ;;
esac
fi
case "$(uci_get_by_type server no_redirect 0)" in
1|on|true|yes|enabled)
extra_options="$extra_options --no-redirect"
;;
*) ;;
esac
if [[ ! -z "$tls_cert" && ! -z "$tls_key" ]]; then
extra_options="$extra_options --tls-cert $tls_cert --tls-key $tls_key"

4
dnsproxy/Makefile
View File

@ -5,12 +5,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=dnsproxy
PKG_VERSION:=0.46.6
PKG_VERSION:=0.47.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/AdguardTeam/dnsproxy/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=b6baa8f822475c80cc77fe9a1c7a2b1e81784e0861933aba2c7ac60a6d6d963d
PKG_HASH:=be88e9db73b7d5fa42afd4bc38c901a7e589c503bfb091c43362c956e2669915
PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
PKG_LICENSE:=Apache-2.0

13
homeproxy/htdocs/luci-static/resources/view/homeproxy/client.js
View File

@ -153,7 +153,7 @@ return view.extend({
o.rmempty = false;
o = s.taboption('routing', form.Value, 'dns_server', _('DNS server'),
_('You can only have one server set. Custom DNS server format as plain IPv4/IPv6.'));
_('You can only have one server set. It MUST support TCP query.'));
o.value('wan', _('Use DNS server from WAN'));
o.value('1.1.1.1', _('CloudFlare Public DNS (1.1.1.1)'));
o.value('208.67.222.222', _('Cisco Public DNS (208.67.222.222)'));
@ -167,9 +167,11 @@ return view.extend({
o.depends({'routing_mode': 'custom', '!reverse': true});
o.validate = function(section_id, value) {
if (section_id && !['local', 'wan'].includes(value)) {
let ipv6_support = this.map.lookupOption('ipv6_support', section_id)[0].formvalue(section_id);
if (!value)
return _('Expecting: %s').format(_('non-empty value'));
else if (!stubValidator.apply('ipaddr', value))
else if (!stubValidator.apply((ipv6_support === '1') ? 'ipaddr' : 'ip4addr', value))
return _('Expecting: %s').format(_('valid IP address'));
}
@ -867,6 +869,7 @@ return view.extend({
L.sortedKeys(ip6addrs, null, 'addr').forEach(function(ipv6) {
so.value(ipv6, '%s (%s)'.format(ipv6, ip6addrs[ipv6]));
});
so.depends('homeproxy.config.ipv6_support', '1');
so = ss.taboption('lan_ip_policy', form.DynamicList, 'lan_proxy_mac_addrs', _('Proxy MAC addresses'));
so.datatype = 'macaddr';
@ -889,6 +892,7 @@ return view.extend({
L.sortedKeys(ip6addrs, null, 'addr').forEach(function(ipv6) {
so.value(ipv6, '%s (%s)'.format(ipv6, ip6addrs[ipv6]));
});
so.depends('homeproxy.config.ipv6_support', '1');
so = ss.taboption('lan_ip_policy', form.DynamicList, 'lan_gaming_mode_mac_addrs', _('Gaming mode MAC addresses'));
so.datatype = 'macaddr';
@ -908,6 +912,7 @@ return view.extend({
L.sortedKeys(ip6addrs, null, 'addr').forEach(function(ipv6) {
so.value(ipv6, '%s (%s)'.format(ipv6, ip6addrs[ipv6]));
});
so.depends('homeproxy.config.ipv6_support', '1');
so = ss.taboption('lan_ip_policy', form.DynamicList, 'lan_global_proxy_ipv4_ips', _('Global proxy IPv4 IP-s'));
so.datatype = 'or(ip4addr, cidr4)';
@ -921,7 +926,7 @@ return view.extend({
L.sortedKeys(ip6addrs, null, 'addr').forEach(function(ipv6) {
so.value(ipv6, '%s (%s)'.format(ipv6, ip6addrs[ipv6]));
});
so.depends({'homeproxy.config.routing_mode': 'custom', '!reverse': true});
so.depends({'homeproxy.config.routing_mode': /^((?!custom).)+$/, 'homeproxy.config.ipv6_support': '1'});
/* LAN IP policy end */
/* WAN IP policy start */
@ -932,12 +937,14 @@ return view.extend({
so = ss.taboption('wan_ip_policy', form.DynamicList, 'wan_proxy_ipv6_ips', _('Proxy IPv6 IP-s'));
so.datatype = 'or(ip6addr, cidr6)';
so.depends('homeproxy.config.ipv6_support', '1');
so = ss.taboption('wan_ip_policy', form.DynamicList, 'wan_direct_ipv4_ips', _('Direct IPv4 IP-s'));
so.datatype = 'or(ip4addr, cidr4)';
so = ss.taboption('wan_ip_policy', form.DynamicList, 'wan_direct_ipv6_ips', _('Direct IPv6 IP-s'));
so.datatype = 'or(ip6addr, cidr6)';
so.depends('homeproxy.config.ipv6_support', '1');
/* WAN IP policy end */
/* Proxy domain list start */

76
homeproxy/root/etc/homeproxy/scripts/firewall_post.ut
View File

@ -187,10 +187,14 @@ set homeproxy_proxy_addr_v6 {
{# TCP redirect #}
{% if (match(proxy_mode, /redirect/)): %}
chain homeproxy_redirect_proxy {
chain homeproxy_redirect_proxy_port {
{% if (routing_port !== 'all'): %}
tcp dport != { {{ routing_port }} } counter return
{% endif %}
goto homeproxy_redirect_proxy
}
chain homeproxy_redirect_proxy {
meta l4proto tcp counter redirect to :{{ redirect_port }}
}
@ -204,7 +208,7 @@ chain homeproxy_redirect {
{% if (control_info.lan_proxy_ipv4_ips): %}
ip saddr != { {{ array_to_nftstr(control_info.lan_proxy_ipv4_ips) }} } counter return
{% endif /* lan_proxy_ipv4_ips */ %}
{% if (ipv6_support === '1' && control_info.lan_proxy_ipv6_ips): %}
{% if (control_info.lan_proxy_ipv6_ips): %}
ip6 saddr != { {{ array_to_nftstr(control_info.lan_proxy_ipv6_ips) }} } counter return
{% endif /* lan_proxy_ipv6_ips */ %}
{% elif (control_info.lan_proxy_mode === 'except_listed'): %}
@ -214,14 +218,14 @@ chain homeproxy_redirect {
{% if (control_info.lan_proxy_ipv4_ips): %}
ip saddr { {{ array_to_nftstr(control_info.lan_direct_ipv4_ips) }} } counter return
{% endif /* lan_direct_ipv4_ips */ %}
{% if (ipv6_support === '1' && control_info.lan_direct_ipv6_ips): %}
{% if (control_info.lan_direct_ipv6_ips): %}
ip6 saddr { {{ array_to_nftstr(control_info.lan_direct_ipv6_ips) }} } counter return
{% endif /* lan_direct_ipv6_ips */ %}
{% endif /* lan_proxy_mode */ %}
ip daddr @homeproxy_proxy_addr_v4 counter goto homeproxy_redirect_proxy
ip daddr @homeproxy_proxy_addr_v4 counter goto homeproxy_redirect_proxy_port
{% if (ipv6_support === '1'): %}
ip6 daddr @homeproxy_proxy_addr_v6 counter goto homeproxy_redirect_proxy
ip6 daddr @homeproxy_proxy_addr_v6 counter goto homeproxy_redirect_proxy_port
{% endif %}
ip daddr @homeproxy_local_addr_v4 counter return
@ -230,16 +234,16 @@ chain homeproxy_redirect {
{% endif %}
{% if (control_info.lan_global_proxy_ipv4_ips && routing_mode !== 'custom'): %}
ip saddr { {{ array_to_nftstr(control_info.lan_global_proxy_ipv4_ips) }} } counter goto homeproxy_redirect_proxy
ip saddr { {{ array_to_nftstr(control_info.lan_global_proxy_ipv4_ips) }} } counter goto homeproxy_redirect_proxy_port
{% endif /* lan_global_proxy_ipv4_ips */ %}
{% if (ipv6_support === '1' && control_info.lan_global_proxy_ipv6_ips && routing_mode !== 'custom'): %}
ip6 saddr { {{ array_to_nftstr(control_info.lan_global_proxy_ipv6_ips) }} } counter goto homeproxy_redirect_proxy
{% if (control_info.lan_global_proxy_ipv6_ips && routing_mode !== 'custom'): %}
ip6 saddr { {{ array_to_nftstr(control_info.lan_global_proxy_ipv6_ips) }} } counter goto homeproxy_redirect_proxy_port
{% endif /* lan_global_proxy_ipv6_ips */ %}
{% if (control_info.wan_direct_ipv4_ips): %}
ip daddr { {{ array_to_nftstr(control_info.wan_direct_ipv4_ips) }} } counter return
{% endif /* wan_direct_ipv4_ips */ %}
{% if (ipv6_support === '1' && control_info.wan_direct_ipv6_ips): %}
{% if (control_info.wan_direct_ipv6_ips): %}
ip6 daddr { {{ array_to_nftstr(control_info.wan_direct_ipv6_ips) }} } counter return
{% endif /* wan_direct_ipv6_ips */ %}
@ -261,16 +265,16 @@ chain homeproxy_redirect {
{% endif /* routing_mode */ %}
{% if (control_info.lan_gaming_mode_mac_addrs): %}
ether saddr { {{ array_to_nftstr(control_info.lan_gaming_mode_mac_addrs) }} } meta l4proto tcp counter redirect to :{{ redirect_port }}
ether saddr { {{ array_to_nftstr(control_info.lan_gaming_mode_mac_addrs) }} } counter goto homeproxy_redirect_proxy
{% endif /* lan_gaming_mode_mac_addrs */ %}
{% if (control_info.lan_gaming_mode_ipv4_ips): %}
ip saddr { {{ array_to_nftstr(control_info.lan_gaming_mode_ipv4_ips) }} } meta l4proto tcp counter redirect to :{{ redirect_port }}
ip saddr { {{ array_to_nftstr(control_info.lan_gaming_mode_ipv4_ips) }} } counter goto homeproxy_redirect_proxy
{% endif /* lan_gaming_mode_ipv4_ips */ %}
{% if (ipv6_support === '1' && control_info.lan_gaming_mode_ipv6_ips): %}
ip6 saddr { {{ array_to_nftstr(control_info.lan_gaming_mode_ipv6_ips) }} } meta l4proto tcp counter redirect to :{{ redirect_port }}
{% if (control_info.lan_gaming_mode_ipv6_ips): %}
ip6 saddr { {{ array_to_nftstr(control_info.lan_gaming_mode_ipv6_ips) }} } counter goto homeproxy_redirect_proxy
{% endif /* lan_gaming_mode_ipv6_ips */ %}
counter goto homeproxy_redirect_proxy
counter goto homeproxy_redirect_proxy_port
}
chain homeproxy_dstnat_redir {
@ -293,10 +297,14 @@ chain dstnat {
{# UDP tproxy #}
{% if (match(proxy_mode, /tproxy/) && (outbound_udp_node !== 'nil' || routing_mode === 'custom')): %}
chain homeproxy_mangle_tproxy {
chain homeproxy_mangle_tproxy_port {
{% if (routing_port !== 'all'): %}
udp dport != { {{ routing_port }} } counter return
{% endif %}
goto homeproxy_mangle_tproxy
}
chain homeproxy_mangle_tproxy {
meta l4proto udp mark set {{ tproxy_mark }} tproxy ip to 127.0.0.1:{{ tproxy_port }} counter accept
{% if (ipv6_support === '1'): %}
meta l4proto udp mark set {{ tproxy_mark }} tproxy ip6 to [::]:{{ tproxy_port }} counter accept
@ -324,7 +332,7 @@ chain homeproxy_mangle_prerouting {
{% if (control_info.lan_proxy_ipv4_ips): %}
ip saddr != { {{ array_to_nftstr(control_info.lan_proxy_ipv4_ips) }} } counter return
{% endif /* lan_proxy_ipv4_ips */ %}
{% if (ipv6_support === '1' && control_info.lan_proxy_ipv6_ips): %}
{% if (control_info.lan_proxy_ipv6_ips): %}
ip6 saddr != { {{ array_to_nftstr(control_info.lan_proxy_ipv6_ips) }} } counter return
{% endif /* lan_proxy_ipv6_ips */ %}
{% elif (control_info.lan_proxy_mode === 'except_listed'): %}
@ -334,14 +342,14 @@ chain homeproxy_mangle_prerouting {
{% if (control_info.lan_proxy_ipv4_ips): %}
ip saddr { {{ array_to_nftstr(control_info.lan_direct_ipv4_ips) }} } counter return
{% endif /* lan_direct_ipv4_ips */ %}
{% if (ipv6_support === '1' && control_info.lan_direct_ipv6_ips): %}
{% if (control_info.lan_direct_ipv6_ips): %}
ip6 saddr { {{ array_to_nftstr(control_info.lan_direct_ipv6_ips) }} } counter return
{% endif /* lan_direct_ipv6_ips */ %}
{% endif /* lan_proxy_mode */ %}
ip daddr @homeproxy_proxy_addr_v4 counter goto homeproxy_mangle_tproxy
ip daddr @homeproxy_proxy_addr_v4 counter goto homeproxy_mangle_tproxy_port
{% if (ipv6_support === '1'): %}
ip6 daddr @homeproxy_proxy_addr_v6 counter goto homeproxy_mangle_tproxy
ip6 daddr @homeproxy_proxy_addr_v6 counter goto homeproxy_mangle_tproxy_port
{% endif %}
ip daddr @homeproxy_local_addr_v4 counter return
@ -350,16 +358,16 @@ chain homeproxy_mangle_prerouting {
{% endif %}
{% if (control_info.lan_global_proxy_ipv4_ips && routing_mode !== 'custom'): %}
ip saddr { {{ array_to_nftstr(control_info.lan_global_proxy_ipv4_ips) }} } counter goto homeproxy_mangle_tproxy
ip saddr { {{ array_to_nftstr(control_info.lan_global_proxy_ipv4_ips) }} } counter goto homeproxy_mangle_tproxy_port
{% endif /* lan_global_proxy_ipv4_ips */ %}
{% if (ipv6_support === '1' && control_info.lan_global_proxy_ipv6_ips && routing_mode !== 'custom'): %}
ip6 saddr { {{ array_to_nftstr(control_info.lan_global_proxy_ipv6_ips) }} } counter goto homeproxy_mangle_tproxy
{% if (control_info.lan_global_proxy_ipv6_ips && routing_mode !== 'custom'): %}
ip6 saddr { {{ array_to_nftstr(control_info.lan_global_proxy_ipv6_ips) }} } counter goto homeproxy_mangle_tproxy_port
{% endif /* lan_global_proxy_ipv6_ips */ %}
{% if (control_info.wan_direct_ipv4_ips): %}
ip daddr { {{ array_to_nftstr(control_info.wan_direct_ipv4_ips) }} } counter return
{% endif /* wan_direct_ipv4_ips */ %}
{% if (ipv6_support === '1' && control_info.wan_direct_ipv6_ips): %}
{% if (control_info.wan_direct_ipv6_ips): %}
ip6 daddr { {{ array_to_nftstr(control_info.wan_direct_ipv6_ips) }} } counter return
{% endif /* wan_direct_ipv6_ips */ %}
@ -385,16 +393,16 @@ chain homeproxy_mangle_prerouting {
{% endif /* routing_mode */ %}
{% if (control_info.lan_gaming_mode_mac_addrs): %}
ether saddr { {{ array_to_nftstr(control_info.lan_gaming_mode_mac_addrs) }} } meta l4proto udp mark set {{ tproxy_mark }} counter accept
ether saddr { {{ array_to_nftstr(control_info.lan_gaming_mode_mac_addrs) }} } counter goto homeproxy_mangle_tproxy
{% endif /* lan_gaming_mode_mac_addrs */ %}
{% if (control_info.lan_gaming_mode_ipv4_ips): %}
ip saddr { {{ array_to_nftstr(control_info.lan_gaming_mode_ipv4_ips) }} } meta l4proto udp mark set {{ tproxy_mark }} counter accept
ip saddr { {{ array_to_nftstr(control_info.lan_gaming_mode_ipv4_ips) }} } counter goto homeproxy_mangle_tproxy
{% endif /* lan_gaming_mode_ipv4_ips */ %}
{% if (ipv6_support === '1' && control_info.lan_gaming_mode_ipv6_ips): %}
ip6 saddr { {{ array_to_nftstr(control_info.lan_gaming_mode_ipv6_ips) }} } meta l4proto udp mark set {{ tproxy_mark }} counter accept
{% if (control_info.lan_gaming_mode_ipv6_ips): %}
ip6 saddr { {{ array_to_nftstr(control_info.lan_gaming_mode_ipv6_ips) }} } counter goto homeproxy_mangle_tproxy
{% endif /* lan_gaming_mode_ipv6_ips */ %}
counter goto homeproxy_mangle_tproxy
counter goto homeproxy_mangle_tproxy_port
}
chain homeproxy_mangle_output {
@ -413,7 +421,7 @@ chain homeproxy_mangle_output {
{% if (control_info.wan_direct_ipv4_ips): %}
ip daddr { {{ array_to_nftstr(control_info.wan_direct_ipv4_ips) }} } counter return
{% endif /* wan_direct_ipv4_ips */ %}
{% if (ipv6_support === '1' && control_info.wan_direct_ipv6_ips): %}
{% if (control_info.wan_direct_ipv6_ips): %}
ip6 daddr { {{ array_to_nftstr(control_info.wan_direct_ipv6_ips) }} } counter return
{% endif /* wan_direct_ipv6_ips */ %}
@ -475,7 +483,7 @@ chain homeproxy_mangle_tun {
{% if (control_info.lan_proxy_ipv4_ips): %}
ip saddr != { {{ array_to_nftstr(control_info.lan_proxy_ipv4_ips) }} } counter return
{% endif /* lan_proxy_ipv4_ips */ %}
{% if (ipv6_support === '1' && control_info.lan_proxy_ipv6_ips): %}
{% if (control_info.lan_proxy_ipv6_ips): %}
ip6 saddr != { {{ array_to_nftstr(control_info.lan_proxy_ipv6_ips) }} } counter return
{% endif /* lan_proxy_ipv6_ips */ %}
{% elif (control_info.lan_proxy_mode === 'except_listed'): %}
@ -485,7 +493,7 @@ chain homeproxy_mangle_tun {
{% if (control_info.lan_proxy_ipv4_ips): %}
ip saddr { {{ array_to_nftstr(control_info.lan_direct_ipv4_ips) }} } counter return
{% endif /* lan_direct_ipv4_ips */ %}
{% if (ipv6_support === '1' && control_info.lan_direct_ipv6_ips): %}
{% if (control_info.lan_direct_ipv6_ips): %}
ip6 saddr { {{ array_to_nftstr(control_info.lan_direct_ipv6_ips) }} } counter return
{% endif /* lan_direct_ipv6_ips */ %}
{% endif /* lan_proxy_mode */ %}
@ -503,14 +511,14 @@ chain homeproxy_mangle_tun {
{% if (control_info.lan_global_proxy_ipv4_ips && routing_mode !== 'custom'): %}
ip saddr { {{ array_to_nftstr(control_info.lan_global_proxy_ipv4_ips) }} } counter goto homeproxy_mangle_tun_mark
{% endif /* lan_global_proxy_ipv4_ips */ %}
{% if (ipv6_support === '1' && control_info.lan_global_proxy_ipv6_ips && routing_mode !== 'custom'): %}
{% if (control_info.lan_global_proxy_ipv6_ips && routing_mode !== 'custom'): %}
ip6 saddr { {{ array_to_nftstr(control_info.lan_global_proxy_ipv6_ips) }} } counter goto homeproxy_mangle_tun_mark
{% endif /* lan_global_proxy_ipv6_ips */ %}
{% if (control_info.wan_direct_ipv4_ips): %}
ip daddr { {{ array_to_nftstr(control_info.wan_direct_ipv4_ips) }} } counter return
{% endif /* wan_direct_ipv4_ips */ %}
{% if (ipv6_support === '1' && control_info.wan_direct_ipv6_ips): %}
{% if (control_info.wan_direct_ipv6_ips): %}
ip6 daddr { {{ array_to_nftstr(control_info.wan_direct_ipv6_ips) }} } counter return
{% endif /* wan_direct_ipv6_ips */ %}
@ -541,7 +549,7 @@ chain homeproxy_mangle_tun {
{% if (control_info.lan_gaming_mode_ipv4_ips): %}
ip saddr { {{ array_to_nftstr(control_info.lan_gaming_mode_ipv4_ips) }} } counter mark set {{ tun_mark }}
{% endif /* lan_gaming_mode_ipv4_ips */ %}
{% if (ipv6_support === '1' && control_info.lan_gaming_mode_ipv6_ips): %}
{% if (control_info.lan_gaming_mode_ipv6_ips): %}
ip6 saddr { {{ array_to_nftstr(control_info.lan_gaming_mode_ipv6_ips) }} } counter mark set {{ tun_mark }}
{% endif /* lan_gaming_mode_ipv6_ips */ %}

14
homeproxy/root/etc/homeproxy/scripts/generate_sing-box.uc
View File

@ -10,7 +10,7 @@
import { readfile, writefile } from 'fs';
import { cursor } from 'uci';
import { executeCommand, isEmpty, strToInt, removeBlankAttrs, validateHostname } from 'homeproxy';
import { executeCommand, isEmpty, strToInt, removeBlankAttrs, validateHostname, validation } from 'homeproxy';
import { HP_DIR, RUN_DIR } from 'homeproxy';
/* UCI config start */
@ -41,7 +41,7 @@ let wan_dns = executeCommand('ifstatus wan | jsonfilter -e \'@["dns-server"][0]\
if (wan_dns.exitcode === 0 && trim(wan_dns.stdout))
wan_dns = trim(wan_dns.stdout);
else
wan_dns = (routing_mode in ['proxy_mainland_china', 'global']) ? '8.8.8.8' : '114.114.114.114';
wan_dns = (routing_mode in ['proxy_mainland_china', 'global']) ? '208.67.222.222' : '114.114.114.114';
const dns_port = uci.get(uciconfig, uciinfra, 'dns_port') || '5333';
@ -159,7 +159,7 @@ function generate_outbound(node) {
version: (node.type === 'shadowtls') ? strToInt(node.shadowtls_version) : ((node.type === 'socks') ? node.socks_version : null),
/* VLESS / VMess */
uuid: node.uuid,
alter_id: node.vmess_alterid,
alter_id: strToInt(node.vmess_alterid),
security: node.vmess_encrypt,
global_padding: node.vmess_global_padding ? (node.vmess_global_padding === '1') : null,
authenticated_length: node.vmess_authenticated_length ? (node.vmess_authenticated_length === '1') : null,
@ -221,7 +221,7 @@ function get_outbound(cfg) {
if (isEmpty(cfg))
return null;
if (cfg in ['direct-out', 'black-out'])
if (cfg in ['direct-out', 'block-out'])
return cfg;
else {
const node = uci.get(uciconfig, cfg, 'node');
@ -317,7 +317,7 @@ if (!isEmpty(main_node)) {
if (dns_server !== wan_dns) {
push(config.dns.servers, {
tag: 'main-dns',
address: dns_server,
address: 'tcp://' + ((validation('ip6addr', dns_server) === 0) ? `[${dns_server}]` : dns_server),
strategy: (ipv6_support !== '1') ? 'ipv4_only' : null,
detour: 'main-out'
});
@ -569,12 +569,12 @@ if (!isEmpty(main_node) || !isEmpty(default_outbound))
geoip: {
path: HP_DIR + '/resources/geoip.db',
download_url: 'https://github.com/1715173329/sing-geoip/releases/latest/download/geoip.db',
download_detour: get_outbound(default_outbound) || (routing_mode !== 'proxy_mainland_china' && !isEmpty(main_node)) ? 'main-out' : 'direct-out'
download_detour: get_outbound(default_outbound) || ((routing_mode !== 'proxy_mainland_china' && !isEmpty(main_node)) ? 'main-out' : 'direct-out')
},
geosite: {
path: HP_DIR + '/resources/geosite.db',
download_url: 'https://github.com/1715173329/sing-geosite/releases/latest/download/geosite.db',
download_detour: get_outbound(default_outbound) || (routing_mode !== 'proxy_mainland_china' && !isEmpty(main_node)) ? 'main-out' : 'direct-out'
download_detour: get_outbound(default_outbound) || ((routing_mode !== 'proxy_mainland_china' && !isEmpty(main_node)) ? 'main-out' : 'direct-out')
},
rules: [
{

2
homeproxy/root/etc/homeproxy/scripts/homeproxy.uc
View File

@ -182,7 +182,7 @@ export function parseURL(url) {
return '';
});
objurl.pathname = url ?? '/';
objurl.pathname = url || '/';
if (!objurl.protocol || !objurl.hostname)
return null;

20
homeproxy/root/etc/homeproxy/scripts/update_subscriptions.uc
View File

@ -55,7 +55,8 @@ function filter_check(name) {
const patten = regexp(i);
if (match(name, patten))
ret = true;
} if (filter_mode === 'whitelist')
}
if (filter_mode === 'whitelist')
ret = !ret;
return ret
@ -85,6 +86,7 @@ function parse_uri(uri) {
if (type(uri) === 'object') {
if (uri.nodetype === 'sip008') {
/* https://shadowsocks.org/guide/sip008.html */
config = {
label: uri.remarks,
type: 'shadowsocks',
@ -106,7 +108,7 @@ function parse_uri(uri) {
hysteria_params = hysteria_url.searchParams;
if (!sing_features.with_quic || (hysteria_params.protocol && hysteria_params.protocol !== 'udp')) {
log(sprintf('Skipping unsupportedd %s node: %s.', 'hysteria', urldecode(hysteria_url.hash) || hysteria_url.hostname));
log(sprintf('Skipping unsupported %s node: %s.', 'hysteria', urldecode(hysteria_url.hash) || hysteria_url.hostname));
if (!sing_features.with_quic)
log(sprintf('Please rebuild sing-box with %s support!', 'QUIC'));
@ -320,6 +322,8 @@ function parse_uri(uri) {
uuid: uri.id,
vmess_alterid: uri.aid,
vmess_encrypt: uri.scy || 'auto',
vmess_global_padding: '1',
vmess_authenticated_length: '1',
transport: (uri.net !== 'tcp') ? uri.net : null,
tls: (uri.tls === 'tls') ? '1' : '0',
tls_sni: uri.sni || uri.host,
@ -389,6 +393,8 @@ function main() {
let nodes;
try {
nodes = json(res).servers || json(res);
/* Shadowsocks SIP008 format */
if (nodes[0].server && nodes[0].method)
map(nodes, (_, i) => nodes[i].nodetype = 'sip008');
} catch(e) {
@ -425,7 +431,7 @@ function main() {
node_cache[groupHash][confHash] = config;
node_cache[groupHash][nameHash] = config;
count += 1;
count++;
}
}
@ -450,7 +456,7 @@ function main() {
if (!node_cache[cfg.grouphash] || !node_cache[cfg.grouphash][cfg['.name']]) {
uci.delete(uciconfig, cfg['.name']);
removed += 1;
removed++;
log(sprintf('Removing node: %s.', cfg.label || cfg['name']));
} else {
@ -469,7 +475,7 @@ function main() {
uci.set(uciconfig, nameHash, 'node');
map(keys(node), (v) => uci.set(uciconfig, nameHash, v, node[v]));
added += 1;
added++;
log(sprintf('Adding node: %s.', node.label));
});
uci.commit();
@ -480,6 +486,7 @@ function main() {
if (first_server) {
if (!uci.get(uciconfig, main_node)) {
uci.set(uciconfig, ucimain, 'main_node', first_server);
uci.commit();
need_restart = true;
log('Main node is gone, switching to the first node.');
@ -488,6 +495,7 @@ function main() {
if (!isEmpty(main_udp_node) && main_udp_node !== 'same') {
if (!uci.get(uciconfig, main_udp_node)) {
uci.set(uciconfig, ucimain, 'main_udp_node', first_server);
uci.commit();
need_restart = true;
log('Main UDP node is gone, switching to the first node.');
@ -496,6 +504,7 @@ function main() {
} else {
uci.set(uciconfig, ucimain, 'main_node', 'nil');
uci.set(uciconfig, ucimain, 'main_udp_node', 'nil');
uci.commit();
need_restart = true;
log('No available node, disable tproxy.');
@ -503,7 +512,6 @@ function main() {
}
if (need_restart) {
uci.commit();
log('Restarting service...');
init_action('homeproxy', 'stop');
init_action('homeproxy', 'start');

23
homeproxy/root/etc/init.d/homeproxy
View File

@ -47,13 +47,13 @@ start_service() {
local inbounds="$(jsonfilter -i "$RUN_DIR/sing-box.json" -e "@.inbounds[@.tag!='dns-in']" 2>"/dev/null")"
if [ ! -e "$RUN_DIR/sing-box.json" ]; then
log "Error: failed to generate configuration."
exit 1
return 1
elif [ -z "$inbounds" ]; then
log "Error: no valid inbound found."
exit 1
return 1
elif ! "$PROG" check --config "$RUN_DIR/sing-box.json" 2>>"$LOG_PATH"; then
log "Error: wrong configuration detected."
exit 1
return 1
fi
if [ "$outbound_node" != "nil" ]; then
@ -191,21 +191,22 @@ stop_service() {
# Nftables rules
for i in "homeproxy_dstnat_redir" "homeproxy_output_redir" \
"homeproxy_redirect" "homeproxy_redirect_proxy" \
"homeproxy_mangle_prerouting" "homeproxy_mangle_output" \
"homeproxy_redirect" "homeproxy_redirect_proxy_port" \
"homeproxy_redirect_proxy" "homeproxy_mangle_prerouting" \
"homeproxy_mangle_output" "homeproxy_mangle_tproxy_port" \
"homeproxy_mangle_tproxy" "homeproxy_mangle_mark" \
"homeproxy_mangle_tun" "homeproxy_mangle_tun_mark" \
"homeproxy_mangle_prerouting_tun"; do
nft flush chain inet fw4 "$i" 2>"/dev/null"
nft delete chain inet fw4 "$i" 2>"/dev/null"
done
nft flush chain inet fw4 "$i"
nft delete chain inet fw4 "$i"
done 2>"/dev/null"
for i in "homeproxy_local_addr_v4" "homeproxy_local_addr_v6" \
"homeproxy_gfw_list_v4" "homeproxy_gfw_list_v6" \
"homeproxy_mainland_addr_v4" "homeproxy_mainland_addr_v6" \
"homeproxy_proxy_addr_v4" "homeproxy_proxy_addr_v6"; do
nft flush set inet fw4 "$i" 2>"/dev/null"
nft delete set inet fw4 "$i" 2>"/dev/null"
done
nft flush set inet fw4 "$i"
nft delete set inet fw4 "$i"
done 2>"/dev/null"
echo > "$RUN_DIR/fw4_pre.nft"
echo > "$RUN_DIR/fw4_post.nft"
fw4 reload >"/dev/null" 2>&1

2
luci-app-aliyundrive-webdav/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-aliyundrive-webdav
PKG_VERSION:=1.10.6
PKG_VERSION:=1.11.0
PKG_RELEASE:=1
PKG_PO_VERSION:=$(PKG_VERSION)-$(PKG_RELEASE)

3
luci-app-aliyundrive-webdav/luasrc/model/cbi/aliyundrive-webdav/client.lua
View File

@ -71,9 +71,6 @@ read_only = e:option(Flag, "read_only", translate("Enable read only mode"))
read_only.description = translate("Disallow upload, modify and delete file operations")
read_only.rmempty = false
domain_id = e:option(Value, "domain_id", translate("Domain ID"))
domain_id.description = translate("Input domain_id option will use <a href=\"https://www.aliyun.com/product/storage/pds\" target=\"_blank\">Aliyun PDS</a> instead of <a href=\"https://www.aliyundrive.com\" target=\"_blank\">AliyunDrive</a>")
debug = e:option(Flag, "debug", translate("Debug Mode"))
debug.rmempty = false

6
luci-app-aliyundrive-webdav/po/zh-cn/aliyundrive-webdav.po
View File

@ -85,12 +85,6 @@ msgstr "启用只读模式"
msgid "Disallow upload, modify and delete file operations"
msgstr "禁止上传、修改和删除文件操作"
msgid "Domain ID"
msgstr "阿里云相册与云盘服务 domainId"
msgid "Input domain_id option will use <a href=\"https://www.aliyun.com/product/storage/pds\" target=\"_blank\">Aliyun PDS</a> instead of <a href=\"https://www.aliyundrive.com\" target=\"_blank\">AliyunDrive</a>"
msgstr "填写此选项将使用<a href=\"https://www.aliyun.com/product/storage/pds\" target=\"_blank\">阿里云相册与网盘服务</a>而不是<a href=\"https://www.aliyundrive.com\" target=\"_blank\">阿里云盘</a>"
msgid "Skip uploading same size files"
msgstr "跳过上传相同大小的文件"

2
luci-app-amlogic/Makefile
View File

@ -16,7 +16,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-amlogic
PKG_VERSION:=3.1.159
PKG_VERSION:=3.1.160
PKG_RELEASE:=1
PKG_LICENSE:=GPL-2.0 License

1
luci-app-amlogic/luasrc/model/cbi/amlogic/amlogic_config.lua
View File

@ -64,6 +64,7 @@ kernel_branch:value("5.10", translate("5.10"))
kernel_branch:value("5.15", translate("5.15"))
kernel_branch:value("6.0", translate("6.0"))
kernel_branch:value("6.1", translate("6.1"))
kernel_branch:value("6.2", translate("6.2"))
local default_kernel_branch = luci.sys.exec("ls /lib/modules/ 2>/dev/null | grep -oE '^[1-9].[0-9]{1,3}'")
kernel_branch.default = trim(default_kernel_branch)
kernel_branch.rmempty = false

12
luci-app-fileassistant/htdocs/luci-static/resources/fileassistant/fb.js
View File

@ -19,7 +19,7 @@ String.prototype.replaceAll = function(search, replacement) {
function removePath(filename, isdir) {
var c = confirm('你确定要删除 ' + filename + ' 吗?');
if (c) {
iwxhr.get('/cgi-bin/luci/admin/services/fileassistant/delete',
iwxhr.get('/cgi-bin/luci/admin/nas/fileassistant/delete',
{
path: concatPath(currentPath, filename),
isdir: isdir
@ -44,7 +44,7 @@ String.prototype.replaceAll = function(search, replacement) {
}
var c = confirm('你确定要安装 ' + filename + ' 吗?');
if (c) {
iwxhr.get('/cgi-bin/luci/admin/services/fileassistant/install',
iwxhr.get('/cgi-bin/luci/admin/nas/fileassistant/install',
{
filepath: concatPath(currentPath, filename),
isdir: isdir
@ -76,7 +76,7 @@ String.prototype.replaceAll = function(search, replacement) {
newname = newname.trim();
if (newname != filename) {
var newpath = concatPath(currentPath, newname);
iwxhr.get('/cgi-bin/luci/admin/services/fileassistant/rename',
iwxhr.get('/cgi-bin/luci/admin/nas/fileassistant/rename',
{
filepath: concatPath(currentPath, filename),
newpath: newpath
@ -93,7 +93,7 @@ String.prototype.replaceAll = function(search, replacement) {
function openpath(filename, dirname) {
dirname = dirname || currentPath;
window.open('/cgi-bin/luci/admin/services/fileassistant/open?path='
window.open('/cgi-bin/luci/admin/nas/fileassistant/open?path='
+ encodeURIComponent(dirname) + '&filename='
+ encodeURIComponent(filename));
}
@ -210,7 +210,7 @@ String.prototype.replaceAll = function(search, replacement) {
opt = opt || {};
path = concatPath(path, '');
if (currentPath != path) {
iwxhr.get('/cgi-bin/luci/admin/services/fileassistant/list',
iwxhr.get('/cgi-bin/luci/admin/nas/fileassistant/list',
{path: path},
function (x, res) {
if (res.ec === 0) {
@ -255,7 +255,7 @@ String.prototype.replaceAll = function(search, replacement) {
formData.append('upload-dir', concatPath(currentPath, ''));
formData.append('upload-file', uploadinput.files[0]);
var xhr = new XMLHttpRequest();
xhr.open("POST", "/cgi-bin/luci/admin/services/fileassistant/upload", true);
xhr.open("POST", "/cgi-bin/luci/admin/nas/fileassistant/upload", true);
xhr.onload = function() {
if (xhr.status == 200) {
var res = JSON.parse(xhr.responseText);

18
luci-app-fileassistant/luasrc/controller/fileassistant.lua
View File

@ -1,32 +1,32 @@
module("luci.controller.fileassistant", package.seeall)
function index()
entry({"admin", "services"}, firstchild(), _("Services") , 45).dependent = false
entry({"admin", "nas"}, firstchild(), _("NAS") , 45).dependent = false
entry({"admin", "services"}, firstchild(), "Services", 44).dependent = false
entry({"admin", "nas"}, firstchild(), "NAS", 44).dependent = false
local page
page = entry({"admin", "services", "fileassistant"}, template("fileassistant"), _("文件助手"), 1)
page = entry({"admin", "nas", "fileassistant"}, template("fileassistant"), _("文件助手"), 1)
page.i18n = "base"
page.dependent = true
page.acl_depends = { "luci-app-fileassistant" }
page = entry({"admin", "services", "fileassistant", "list"}, call("fileassistant_list"), nil)
page = entry({"admin", "nas", "fileassistant", "list"}, call("fileassistant_list"), nil)
page.leaf = true
page = entry({"admin", "services", "fileassistant", "open"}, call("fileassistant_open"), nil)
page = entry({"admin", "nas", "fileassistant", "open"}, call("fileassistant_open"), nil)
page.leaf = true
page = entry({"admin", "services", "fileassistant", "delete"}, call("fileassistant_delete"), nil)
page = entry({"admin", "nas", "fileassistant", "delete"}, call("fileassistant_delete"), nil)
page.leaf = true
page = entry({"admin", "services", "fileassistant", "rename"}, call("fileassistant_rename"), nil)
page = entry({"admin", "nas", "fileassistant", "rename"}, call("fileassistant_rename"), nil)
page.leaf = true
page = entry({"admin", "services", "fileassistant", "upload"}, call("fileassistant_upload"), nil)
page = entry({"admin", "nas", "fileassistant", "upload"}, call("fileassistant_upload"), nil)
page.leaf = true
page = entry({"admin", "services", "fileassistant", "install"}, call("fileassistant_install"), nil)
page = entry({"admin", "nas", "fileassistant", "install"}, call("fileassistant_install"), nil)
page.leaf = true
end

2
luci-app-mosdns/root/etc/mosdns/rule/geoip_cn.txt
View File

@ -1951,6 +1951,7 @@
103.85.168.0/21
103.85.164.0/22
103.85.176.0/22
103.85.186.0/23
103.85.224.0/22
103.86.28.0/22
103.86.32.0/22
@ -6364,6 +6365,7 @@
2400:de00::/32
2400:de20::/32
2400:de80::/32
2400:dee0::/32
2400:e0c0::/32
2400:e5c0::/32
2400:e680::/32

50
luci-app-mosdns/root/etc/mosdns/rule/geosite_cn.txt
View File

@ -1609,7 +1609,6 @@
180268900.com
18095.com
180qt.com
181230.com
18183.com
18183g.com
1818hm.com
@ -2567,6 +2566,7 @@
3259.com
326pay.com
32800.com
328888.xyz
328f.com
328vip.com
3290.com
@ -5858,7 +5858,6 @@
800mei.net
800pharm.com
800tu.com
800ux.com
800vod.com
800xs.net
800you.com
@ -7611,7 +7610,6 @@ ahchuangyebang.com
ahcjhjj.com
ahcnb.com
ahdf56.com
ahdltj.com
ahdsez.com
ahdzfp.com
aheading.com
@ -8454,7 +8452,6 @@ amuletj.com
amuletor.com
amunion.com
amuren.com
amwayapp.com
amwiki.org
amysql.com
amyxun.com
@ -8642,6 +8639,7 @@ anw.red
anweishi.com
anweizhi.com
anwen.cc
anwsa.com
anxcn.com
anxia.com
anxiaoer.com
@ -9341,6 +9339,7 @@ avatr.com
avc-mr.com
avc-ott.com
avdll.com
avemaria.fun
aves.art
avexchina.com
avgh5.com
@ -11722,7 +11721,6 @@ bronzesoft.com
brother-cn.net
brother-movie.com
brother.co.jp
brother66.com
browurl.com
brsiee.com
brtbeacon.com
@ -14249,7 +14247,6 @@ chinalims.net
chinalincoln.com
chinalink-sh.net
chinalink.tv
chinalinuxpub.com
chinalions.com
chinalive.com
chinaliyou.com
@ -16533,7 +16530,6 @@ cqqigao.com
cqqiyi.com
cqqnb.net
cqqp.com
cqqsl.com
cqqsyy.com
cqqzgrh.com
cqrc.net
@ -17372,7 +17368,6 @@ dahuaddns.com
dahuatech.com
dahuawang.com
dahuifuwu.com
dahuitu.net
dahulu.com
dahuoji.biz
dai361.com
@ -19005,6 +19000,7 @@ doit.am
doitim.com
doiua.com
doki8.com
doklam.wang
dolanzz.com
dolcn.com
dole.club
@ -19285,6 +19281,7 @@ doyouhike.net
dozer.cc
dozview.com
dp.image-gmkt.com
dp.tech
dp2u.com
dpcafc.com
dpcq1.net
@ -19786,6 +19783,7 @@ dyj.cc
dyjqd.com
dykj.site
dylc.com
dyldd.com
dyly.com
dyonr.com
dyqc.com
@ -21021,6 +21019,7 @@ etrack07.com
etrack08.com
etranshare.com
etrd.org
etrlie.com
ets100.com
etsc-tech.com
etsoon.com
@ -22624,6 +22623,7 @@ fsgzhg.com
fshd.com
fshzg.com
fsigc.com
fsirya.com
fsjoy.com
fsky.pro
fslgz.com
@ -24644,6 +24644,7 @@ guanyiyun.com
guanzhongrc.com
guanzhu.mobi
guanzhulian.com
guanziheng.com
guapaijia.com
guardrailchina.com
guazhuan.com
@ -24893,7 +24894,6 @@ gx-newmedia.com
gx8899.com
gxaedu.com
gxairlines.com
gxaj.com
gxar.com
gxb.io
gxb2b.net
@ -26556,6 +26556,7 @@ heyuan5.com
heyuyhw.com
heywoodsminiprogram.com
heywow.net
heyynot.com
hez70.com
heze.cc
hezebus.com
@ -27868,7 +27869,6 @@ huanghanlian.com
huanghepiao.com
huanghouyz.com
huangjiemin.com
huangjunying.com
huanglei.me
huangli.com
huangliangbo.com
@ -29252,6 +29252,7 @@ idangdai.com
idanpianji.com
idaocao.com
idatacube.com
idataforces.com
idataway.com
idaxiang.org
idbhost.com
@ -30337,6 +30338,7 @@ iplaysoft.com
ipmay.com
ipmost.com
ipmph.com
ipns.network
ipo.hk
ipo.la
ipo3.com
@ -31739,6 +31741,7 @@ jidekan.com
jideos.com
jidi.com
jidujiao.com
jidujiasu.com
jiduu.com
jie0.com
jie518.com
@ -33252,7 +33255,6 @@ jx3tong.com
jxage.com
jxal.net
jxbhwl.com
jxbin.com
jxc4.com
jxcaipu.com
jxcb.net
@ -33542,6 +33544,7 @@ kaihuia.com
kaijia.com
kaijia.me
kaikeba.com
kailincheng.com
kailing.pub
kaimanhua.com
kaimg.com
@ -34155,6 +34158,7 @@ kjson.com
kjsv.com
kjt.com
kjw.cc
kjwjcq.com
kjwlxt.com
kjycx.com
kjyicdn.com
@ -40300,6 +40304,7 @@ nanyangcable.com
nanyuetong.com
nanzhao1.com
naobiao.com
naocm.com
naoda.net
naoffer.com
naonaola.com
@ -40867,7 +40872,6 @@ niutoushe.com
niutrans.com
niutrip.com
niutuku.com
niuwap2p.com
niuwk.com
niuxgame77.com
niuxiao.net
@ -43782,6 +43786,7 @@ qdwsb.com
qdxfgy.com
qdxtcw.com
qdycdx.com
qdyckj.com
qdyijiamei.com
qdymjy.com
qdyudie.com
@ -44088,7 +44093,6 @@ qidong.co
qidong.name
qidongyx.com
qidou.com
qiduowei.com
qie.tv
qiecdn.com
qieerxi.com
@ -44358,6 +44362,7 @@ qishu.cc
qishu.co
qishu.tw
qishunbao.com
qishuta.net
qisool.com
qita.love
qitete.com
@ -44756,6 +44761,7 @@ qsbdc.com
qsboy.com
qscfph.com
qschou.com
qscvli.com
qsebao.com
qseeking.com
qsfcw.com
@ -45914,7 +45920,6 @@ router.tw
routeryun.com
routewize.com
routuan.com
rouzip.com
rowcan.com
royalpay.com.au
royole.com
@ -47192,6 +47197,7 @@ shandongruixiang.com
shandongsannong.com
shandongyunpin.com
shandw.com
shang-chain.com
shang-tai.com
shang0898.com
shang168.com
@ -47534,6 +47540,7 @@ shenqibuy.com
shenqiwunet.com
shenquol.com
shenrongda.com
shenrongjidian.com
shenruan.org
shenshi777.com
shenshiads.com
@ -48089,6 +48096,7 @@ shuiliaosheji.com
shuimiao.net
shuimujiaju.com
shuimushequ.com
shuimuyulin.com
shuini.biz
shuipingzuo.com
shuiqian.cc
@ -50863,7 +50871,6 @@ tao616.com
tao800.com
tao8090.com
taoad.com
taoba568.com
taobao
taobao-img.com
taobao.com
@ -51891,7 +51898,6 @@ tj-guangxin.com
tj-kingdee.com
tj-model.com
tj-un.com
tj-yijiajing.com
tj-zt.com
tj0573.com
tj20.com
@ -52446,6 +52452,7 @@ tradow.com
tradplusad.com
traineexp.com
trainingipv6.com
trainnets.com
trait-wholesale.com
tranbbs.com
trans4e.com
@ -55590,7 +55597,6 @@ wekbo.com
wekuo.com
welansh.com
welcrm.com
weldzy.com
welefen.com
weleve.com
weliads.com
@ -58628,6 +58634,7 @@ xinhua08.com
xinhuaapp.com
xinhuacu.com
xinhuamm.net
xinhuan.mobi
xinhuanet.com
xinhuanet.ltd
xinhuaphoto.org
@ -60226,7 +60233,6 @@ ybm100.com
ybren.com
ybs120.com
ybscjp.com
ybssdp.com
ybtong.com
ybtvyun.com
ybvip.com
@ -60351,6 +60357,7 @@ yeai.com
yealink.com
yealinkvc.com
yeambin.com
yeaosound.com
yeapcloud.com
yeapcloud.net
yearnfar.com
@ -60360,6 +60367,7 @@ yebangyu.org
yeboyzq.com
yecdn.com
yedingding.com
yeduxiaoshuo.com
yee5.com
yeeaoo.com
yeecall.com
@ -60527,7 +60535,6 @@ ygzt.net
yh31.com
yh596.com
yh598.com
yh7761.com
yh99.cc
yhachina.com
yhbimg.com
@ -60570,6 +60577,7 @@ yhspy.com
yhsrv.com
yhtools.cc
yhtx.tv
yhudxc.com
yhurl.com
yhwomen.com
yhx3318.com
@ -60812,7 +60820,6 @@ yingchuang.com
yingchulawyer.com
yingci86.com
yingdev.com
yingdianzi.com
yinge.cc
yinge.tech
yingerchela.com
@ -61706,7 +61713,6 @@ youxidun.com
youxiduo.com
youxifan.com
youxigongchang.com
youxigonglue8.com
youxigt.com
youxigu.com
youxiguancha.com
@ -62521,7 +62527,6 @@ yuucn.com
yuudnn.com
yuuwan.com
yuwan-game.com
yuwandian.com
yuwanshe.com
yuweixian.com
yuwell.com
@ -63313,6 +63318,7 @@ zgshq.com
zgshxfw.com
zgsj.com
zgsmmhw.com
zgsnzj.com
zgsof.com
zgsssss.com
zgsta.com

1
luci-app-mosdns/root/etc/mosdns/rule/geosite_no_cn.txt
View File

@ -2033,6 +2033,7 @@
7986943.com
799299.com
79ten.com
7aipai.com
7capture.com
7cow.com
7hg8.vip

3
luci-app-mosdns/root/etc/mosdns/rule/whitelist.txt
View File

@ -3,3 +3,6 @@ ddns.synology.com
checkip.synology.com
checkip.dyndns.org
checkipv6.synology.com
ntp.aliyun.com
cn.ntp.org.cn
ntp.ntsc.ac.cn

6
luci-app-passwall/Makefile
View File

@ -1,13 +1,13 @@
# Copyright (C) 2018-2020 L-WRT Team
# Copyright (C) 2021-2022 xiaorouji
# Copyright (C) 2021-2023 xiaorouji
#
# This is free software, licensed under the GNU General Public License v3.
include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-passwall
PKG_VERSION:=4.58
PKG_RELEASE:=3
PKG_VERSION:=4.59
PKG_RELEASE:=2
PKG_CONFIG_DEPENDS:= \
CONFIG_PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy \

16
luci-app-passwall/luasrc/controller/passwall.lua
View File

@ -1,21 +1,21 @@
-- Copyright (C) 2018-2020 L-WRT Team
-- Copyright (C) 2021-2022 xiaorouji
-- Copyright (C) 2021-2023 xiaorouji
module("luci.controller.passwall", package.seeall)
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local appname = api.appname
local ucic = luci.model.uci.cursor()
local http = require "luci.http"
local util = require "luci.util"
local i18n = require "luci.i18n"
local brook = require("luci.model.cbi." .. appname ..".api.brook")
local v2ray = require("luci.model.cbi." .. appname ..".api.v2ray")
local xray = require("luci.model.cbi." .. appname ..".api.xray")
local trojan_go = require("luci.model.cbi." .. appname ..".api.trojan_go")
local hysteria = require("luci.model.cbi." .. appname ..".api.hysteria")
local brook = require("luci.passwall.brook")
local v2ray = require("luci.passwall.v2ray")
local xray = require("luci.passwall.xray")
local trojan_go = require("luci.passwall.trojan_go")
local hysteria = require("luci.passwall.hysteria")
function index()
appname = require "luci.model.cbi.passwall.api.api".appname
appname = require "luci.passwall.api".appname
entry({"admin", "services", appname}).dependent = true
entry({"admin", "services", appname, "reset_config"}, call("reset_config")).leaf = true
entry({"admin", "services", appname, "show"}, call("show_menu")).leaf = true

83
luci-app-passwall/luasrc/model/cbi/passwall/api/gen_hysteria.lua
View File

@ -1,83 +0,0 @@
local api = require "luci.model.cbi.passwall.api.api"
local uci = api.uci
local jsonc = api.jsonc
local var = api.get_args(arg)
local node_id = var["-node"]
if not node_id then
print("-node 不能为空")
return
end
local node = uci:get_all("passwall", node_id)
local local_tcp_redir_port = var["-local_tcp_redir_port"]
local local_udp_redir_port = var["-local_udp_redir_port"]
local local_socks_address = var["-local_socks_address"] or "0.0.0.0"
local local_socks_port = var["-local_socks_port"]
local local_socks_username = var["-local_socks_username"]
local local_socks_password = var["-local_socks_password"]
local local_http_address = var["-local_http_address"] or "0.0.0.0"
local local_http_port = var["-local_http_port"]
local local_http_username = var["-local_http_username"]
local local_http_password = var["-local_http_password"]
local tcp_proxy_way = var["-tcp_proxy_way"]
local server_host = var["-server_host"] or node.address
local server_port = var["-server_port"] or node.port
if api.is_ipv6(server_host) then
server_host = api.get_ipv6_full(server_host)
end
local server = server_host .. ":" .. server_port
if (node.hysteria_hop) then
server = server .. "," .. node.hysteria_hop
end
local config = {
server = server,
protocol = node.protocol or "udp",
obfs = node.hysteria_obfs,
auth = (node.hysteria_auth_type == "base64") and node.hysteria_auth_password or nil,
auth_str = (node.hysteria_auth_type == "string") and node.hysteria_auth_password or nil,
alpn = node.hysteria_alpn or nil,
server_name = node.tls_serverName,
insecure = (node.tls_allowInsecure == "1") and true or false,
up_mbps = tonumber(node.hysteria_up_mbps) or 10,
down_mbps = tonumber(node.hysteria_down_mbps) or 50,
retry = -1,
retry_interval = 5,
recv_window_conn = (node.hysteria_recv_window_conn) and tonumber(node.hysteria_recv_window_conn) or nil,
recv_window = (node.hysteria_recv_window) and tonumber(node.hysteria_recv_window) or nil,
handshake_timeout = (node.hysteria_handshake_timeout) and tonumber(node.hysteria_handshake_timeout) or nil,
idle_timeout = (node.hysteria_idle_timeout) and tonumber(node.hysteria_idle_timeout) or nil,
hop_interval = (node.hysteria_hop_interval) and tonumber(node.hysteria_hop_interval) or nil,
disable_mtu_discovery = (node.hysteria_disable_mtu_discovery) and true or false,
fast_open = (node.fast_open == "1") and true or false,
socks5 = (local_socks_address and local_socks_port) and {
listen = local_socks_address .. ":" .. local_socks_port,
timeout = 300,
disable_udp = false,
user = (local_socks_username and local_socks_password) and local_socks_username,
password = (local_socks_username and local_socks_password) and local_socks_password,
} or nil,
http = (local_http_address and local_http_port) and {
listen = local_http_address .. ":" .. local_http_port,
timeout = 300,
disable_udp = false,
user = (local_http_username and local_http_password) and local_http_username,
password = (local_http_username and local_http_password) and local_http_password,
} or nil,
redirect_tcp = ("redirect" == tcp_proxy_way and local_tcp_redir_port) and {
listen = "0.0.0.0:" .. local_tcp_redir_port,
timeout = 300
} or nil,
tproxy_tcp = ("tproxy" == tcp_proxy_way and local_tcp_redir_port) and {
listen = "0.0.0.0:" .. local_tcp_redir_port,
timeout = 300
} or nil,
tproxy_udp = (local_udp_redir_port) and {
listen = "0.0.0.0:" .. local_udp_redir_port,
timeout = 60
} or nil
}
print(jsonc.stringify(config, 1))

28
luci-app-passwall/luasrc/model/cbi/passwall/api/gen_naiveproxy.lua
View File

@ -1,28 +0,0 @@
local api = require "luci.model.cbi.passwall.api.api"
local uci = api.uci
local jsonc = api.jsonc
local var = api.get_args(arg)
local node_id = var["-node"]
if not node_id then
print("-node 不能为空")
return
end
local node = uci:get_all("passwall", node_id)
local run_type = var["-run_type"]
local local_addr = var["-local_addr"]
local local_port = var["-local_port"]
local server_host = var["-server_host"] or node.address
local server_port = var["-server_port"] or node.port
if api.is_ipv6(server_host) then
server_host = api.get_ipv6_full(server_host)
end
local server = server_host .. ":" .. server_port
local config = {
listen = run_type .. "://" .. local_addr .. ":" .. local_port,
proxy = node.protocol .. "://" .. node.username .. ":" .. node.password .. "@" .. server
}
print(jsonc.stringify(config, 1))

108
luci-app-passwall/luasrc/model/cbi/passwall/api/gen_shadowsocks.lua
View File

@ -1,108 +0,0 @@
local api = require "luci.model.cbi.passwall.api.api"
local uci = api.uci
local jsonc = api.jsonc
local var = api.get_args(arg)
local node_id = var["-node"]
if not node_id then
print("-node 不能为空")
return
end
local node = uci:get_all("passwall", node_id)
local server_host = var["-server_host"] or node.address
local server_port = var["-server_port"] or node.port
local local_addr = var["-local_addr"]
local local_port = var["-local_port"]
local mode = var["-mode"]
local local_socks_address = var["-local_socks_address"] or "0.0.0.0"
local local_socks_port = var["-local_socks_port"]
local local_socks_username = var["-local_socks_username"]
local local_socks_password = var["-local_socks_password"]
local local_http_address = var["-local_http_address"] or "0.0.0.0"
local local_http_port = var["-local_http_port"]
local local_http_username = var["-local_http_username"]
local local_http_password = var["-local_http_password"]
local local_tcp_redir_port = var["-local_tcp_redir_port"]
local local_tcp_redir_address = var["-local_tcp_redir_address"] or "0.0.0.0"
local local_udp_redir_port = var["-local_udp_redir_port"]
local local_udp_redir_address = var["-local_udp_redir_address"] or "0.0.0.0"
if api.is_ipv6(server_host) then
server_host = api.get_ipv6_only(server_host)
end
local server = server_host
local config = {
server = server,
server_port = tonumber(server_port),
local_address = local_addr,
local_port = tonumber(local_port),
password = node.password,
method = node.method,
timeout = tonumber(node.timeout),
fast_open = (node.tcp_fast_open and node.tcp_fast_open == "true") and true or false,
reuse_port = true,
tcp_tproxy = var["-tcp_tproxy"] and true or nil
}
if node.type == "SS" then
if node.plugin and node.plugin ~= "none" then
config.plugin = node.plugin
config.plugin_opts = node.plugin_opts or nil
end
config.mode = mode
elseif node.type == "SSR" then
config.protocol = node.protocol
config.protocol_param = node.protocol_param
config.obfs = node.obfs
config.obfs_param = node.obfs_param
elseif node.type == "SS-Rust" then
config = {
servers = {
{
address = server,
port = tonumber(server_port),
method = node.method,
password = node.password,
timeout = tonumber(node.timeout),
plugin = (node.plugin and node.plugin ~= "none") and node.plugin or nil,
plugin_opts = (node.plugin and node.plugin ~= "none") and node.plugin_opts or nil
}
},
locals = {},
fast_open = (node.tcp_fast_open and node.tcp_fast_open == "true") and true or false
}
if local_socks_address and local_socks_port then
table.insert(config.locals, {
local_address = local_socks_address,
local_port = tonumber(local_socks_port),
mode = "tcp_and_udp"
})
end
if local_http_address and local_http_port then
table.insert(config.locals, {
protocol = "http",
local_address = local_http_address,
local_port = tonumber(local_http_port)
})
end
if local_tcp_redir_address and local_tcp_redir_port then
table.insert(config.locals, {
protocol = "redir",
mode = "tcp_only",
tcp_redir = var["-tcp_tproxy"] and "tproxy" or nil,
local_address = local_tcp_redir_address,
local_port = tonumber(local_tcp_redir_port)
})
end
if local_udp_redir_address and local_udp_redir_port then
table.insert(config.locals, {
protocol = "redir",
mode = "udp_only",
local_address = local_udp_redir_address,
local_port = tonumber(local_udp_redir_port)
})
end
end
print(jsonc.stringify(config, 1))

86
luci-app-passwall/luasrc/model/cbi/passwall/api/gen_trojan.lua
View File

@ -1,86 +0,0 @@
local api = require "luci.model.cbi.passwall.api.api"
local uci = api.uci
local json = api.jsonc
local var = api.get_args(arg)
local node_id = var["-node"]
if not node_id then
print("-node 不能为空")
return
end
local node = uci:get_all("passwall", node_id)
local run_type = var["-run_type"]
local local_addr = var["-local_addr"]
local local_port = var["-local_port"]
local server_host = var["-server_host"] or node.address
local server_port = var["-server_port"] or node.port
local loglevel = var["-loglevel"] or 2
local cipher = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
local cipher13 = "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384"
if api.is_ipv6(server_host) then
server_host = api.get_ipv6_only(server_host)
end
local server = server_host
local trojan = {
run_type = run_type,
local_addr = local_addr,
local_port = tonumber(local_port),
remote_addr = server,
remote_port = tonumber(server_port),
password = {node.password},
log_level = tonumber(loglevel),
ssl = {
verify = (node.tls_allowInsecure ~= "1") and true or false,
verify_hostname = true,
cert = nil,
cipher = cipher,
cipher_tls13 = cipher13,
sni = node.tls_serverName or server,
alpn = {"h2", "http/1.1"},
reuse_session = true,
session_ticket = (node.tls_sessionTicket and node.tls_sessionTicket == "1") and true or false,
curves = ""
},
udp_timeout = 60,
tcp = {
use_tproxy = (node.type == "Trojan-Plus" and var["-use_tproxy"]) and true or nil,
no_delay = true,
keep_alive = true,
reuse_port = true,
fast_open = (node.tcp_fast_open == "true") and true or false,
fast_open_qlen = 20
}
}
if node.type == "Trojan-Go" then
trojan.ssl.cipher = nil
trojan.ssl.cipher_tls13 = nil
trojan.ssl.fingerprint = (node.fingerprint ~= "disable") and node.fingerprint or ""
trojan.ssl.alpn = (node.trojan_transport == 'ws') and {} or {"h2", "http/1.1"}
if node.tls ~= "1" and node.trojan_transport == "original" then trojan.ssl = nil end
trojan.transport_plugin = ((not node.tls or node.tls ~= "1") and node.trojan_transport == "original") and {
enabled = node.plugin_type ~= nil,
type = node.plugin_type or "plaintext",
command = node.plugin_type ~= "plaintext" and node.plugin_cmd or nil,
option = node.plugin_type ~= "plaintext" and node.plugin_option or nil,
arg = node.plugin_type ~= "plaintext" and { node.plugin_arg } or nil,
env = {}
} or nil
trojan.websocket = (node.trojan_transport == 'ws') and {
enabled = true,
path = node.ws_path or "/",
host = node.ws_host or (node.tls_serverName or server)
} or nil
trojan.shadowsocks = (node.ss_aead == "1") and {
enabled = true,
method = node.ss_aead_method or "aes_128_gcm",
password = node.ss_aead_pwd or ""
} or nil
trojan.mux = (node.smux == "1") and {
enabled = true,
concurrency = tonumber(node.mux_concurrency),
idle_timeout = tonumber(node.smux_idle_timeout)
} or nil
end
print(json.stringify(trojan, 1))

805
luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray.lua
View File

@ -1,805 +0,0 @@
module("luci.model.cbi.passwall.api.gen_v2ray", package.seeall)
local api = require "luci.model.cbi.passwall.api.api"
local var = api.get_args(arg)
local flag = var["-flag"]
local node_id = var["-node"]
local tcp_proxy_way = var["-tcp_proxy_way"] or "redirect"
local tcp_redir_port = var["-tcp_redir_port"]
local udp_redir_port = var["-udp_redir_port"]
local sniffing = var["-sniffing"]
local route_only = var["-route_only"]
local buffer_size = var["-buffer_size"]
local local_socks_address = var["-local_socks_address"] or "0.0.0.0"
local local_socks_port = var["-local_socks_port"]
local local_socks_username = var["-local_socks_username"]
local local_socks_password = var["-local_socks_password"]
local local_http_address = var["-local_http_address"] or "0.0.0.0"
local local_http_port = var["-local_http_port"]
local local_http_username = var["-local_http_username"]
local local_http_password = var["-local_http_password"]
local dns_listen_port = var["-dns_listen_port"]
local dns_query_strategy = var["-dns_query_strategy"]
local remote_dns_server = var["-remote_dns_server"]
local remote_dns_port = var["-remote_dns_port"]
local remote_dns_tcp_server = var["-remote_dns_tcp_server"]
local remote_dns_doh_url = var["-remote_dns_doh_url"]
local remote_dns_doh_host = var["-remote_dns_doh_host"]
local remote_dns_fake = var["-remote_dns_fake"]
local dns_cache = var["-dns_cache"]
local dns_client_ip = var["-dns_client_ip"]
local dns_socks_address = var["-dns_socks_address"]
local dns_socks_port = var["-dns_socks_port"]
local loglevel = var["-loglevel"] or "warning"
local new_port
local uci = api.uci
local sys = api.sys
local jsonc = api.jsonc
local appname = api.appname
local fs = api.fs
local dns = nil
local fakedns = nil
local inbounds = {}
local outbounds = {}
local routing = nil
local function get_new_port()
if new_port then
new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port %s tcp)", appname, new_port + 1)))
else
new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port auto tcp)", appname)))
end
return new_port
end
local function get_domain_excluded()
local path = string.format("/usr/share/%s/rules/domains_excluded", appname)
local content = fs.readfile(path)
if not content then return nil end
local hosts = {}
string.gsub(content, '[^' .. "\n" .. ']+', function(w)
local s = w:gsub("^%s*(.-)%s*$", "%1") -- Trim
if s == "" then return end
if s:find("#") and s:find("#") == 1 then return end
if not s:find("#") or s:find("#") ~= 1 then table.insert(hosts, s) end
end)
if #hosts == 0 then hosts = nil end
return hosts
end
function gen_outbound(node, tag, proxy_table)
local proxy = 0
local proxy_tag = "nil"
local dialerProxy = nil
if proxy_table ~= nil and type(proxy_table) == "table" then
proxy = proxy_table.proxy or 0
proxy_tag = proxy_table.tag or "nil"
dialerProxy = proxy_table.dialerProxy
end
local result = nil
if node and node ~= "nil" then
local node_id = node[".name"]
if tag == nil then
tag = node_id
end
if node.type == "V2ray" or node.type == "Xray" then
proxy = 0
if proxy_tag ~= "nil" then
if dialerProxy and dialerProxy == "1" then
node.streamSettings = {
sockopt = {
dialerProxy = proxy_tag
}
}
else
node.proxySettings = {
tag = proxy_tag,
transportLayer = true
}
end
end
end
if node.type ~= "V2ray" and node.type ~= "Xray" then
if node.type == "Socks" then
node.protocol = "socks"
node.transport = "tcp"
else
local relay_port = node.port
new_port = get_new_port()
sys.call(string.format('/usr/share/%s/app.sh run_socks "%s"> /dev/null',
appname,
string.format("flag=%s node=%s bind=%s socks_port=%s config_file=%s relay_port=%s",
new_port, --flag
node_id, --node
"127.0.0.1", --bind
new_port, --socks port
string.format("%s_%s_%s_%s.json", flag, tag, node_id, new_port), --config file
(proxy == 1 and relay_port) and tostring(relay_port) or "" --relay port
)
)
)
node = {}
node.protocol = "socks"
node.transport = "tcp"
node.address = "127.0.0.1"
node.port = new_port
end
node.stream_security = "none"
else
if node.tls and node.tls == "1" then
node.stream_security = "tls"
end
end
result = {
_flag_tag = node_id,
_flag_proxy = proxy,
_flag_proxy_tag = proxy_tag,
tag = tag,
proxySettings = node.proxySettings or nil,
protocol = node.protocol,
mux = {
enabled = (node.mux == "1") and true or false,
concurrency = (node.mux_concurrency) and tonumber(node.mux_concurrency) or 8
} or nil,
-- 底层传输配置
streamSettings = (node.streamSettings or node.protocol == "vmess" or node.protocol == "vless" or node.protocol == "socks" or node.protocol == "shadowsocks" or node.protocol == "trojan") and {
sockopt = {
mark = 255,
dialerProxy = (node.streamSettings and dialerProxy and dialerProxy == "1") and node.streamSettings.sockopt.dialerProxy or nil
},
network = node.transport,
security = node.stream_security,
tlsSettings = (node.stream_security == "tls") and {
serverName = node.tls_serverName,
allowInsecure = (node.tls_allowInsecure == "1") and true or false,
fingerprint = (node.type == "Xray" and node.fingerprint and node.fingerprint ~= "") and node.fingerprint or nil
} or nil,
tcpSettings = (node.transport == "tcp" and node.protocol ~= "socks") and {
header = {
type = node.tcp_guise or "none",
request = (node.tcp_guise == "http") and {
path = node.tcp_guise_http_path or {"/"},
headers = {
Host = node.tcp_guise_http_host or {}
}
} or nil
}
} or nil,
kcpSettings = (node.transport == "mkcp") and {
mtu = tonumber(node.mkcp_mtu),
tti = tonumber(node.mkcp_tti),
uplinkCapacity = tonumber(node.mkcp_uplinkCapacity),
downlinkCapacity = tonumber(node.mkcp_downlinkCapacity),
congestion = (node.mkcp_congestion == "1") and true or false,
readBufferSize = tonumber(node.mkcp_readBufferSize),
writeBufferSize = tonumber(node.mkcp_writeBufferSize),
seed = (node.mkcp_seed and node.mkcp_seed ~= "") and node.mkcp_seed or nil,
header = {type = node.mkcp_guise}
} or nil,
wsSettings = (node.transport == "ws") and {
path = node.ws_path or "",
headers = (node.ws_host ~= nil) and
{Host = node.ws_host} or nil,
maxEarlyData = tonumber(node.ws_maxEarlyData) or nil,
earlyDataHeaderName = (node.ws_earlyDataHeaderName) and node.ws_earlyDataHeaderName or nil
} or nil,
httpSettings = (node.transport == "h2") and {
path = node.h2_path,
host = node.h2_host,
read_idle_timeout = tonumber(node.h2_read_idle_timeout) or nil,
health_check_timeout = tonumber(node.h2_health_check_timeout) or nil
} or nil,
dsSettings = (node.transport == "ds") and
{path = node.ds_path} or nil,
quicSettings = (node.transport == "quic") and {
security = node.quic_security,
key = node.quic_key,
header = {type = node.quic_guise}
} or nil,
grpcSettings = (node.transport == "grpc") and {
serviceName = node.grpc_serviceName,
multiMode = (node.grpc_mode == "multi") and true or nil,
idle_timeout = tonumber(node.grpc_idle_timeout) or nil,
health_check_timeout = tonumber(node.grpc_health_check_timeout) or nil,
permit_without_stream = (node.grpc_permit_without_stream == "1") and true or nil,
initial_windows_size = tonumber(node.grpc_initial_windows_size) or nil
} or nil
} or nil,
settings = {
vnext = (node.protocol == "vmess" or node.protocol == "vless") and {
{
address = node.address,
port = tonumber(node.port),
users = {
{
id = node.uuid,
level = 0,
security = (node.protocol == "vmess") and node.security or nil,
encryption = node.encryption or "none",
flow = (node.protocol == "vless" and node.tls == '1' and node.tlsflow) and node.tlsflow or nil
}
}
}
} or nil,
servers = (node.protocol == "socks" or node.protocol == "http" or node.protocol == "shadowsocks" or node.protocol == "trojan") and {
{
address = node.address,
port = tonumber(node.port),
method = node.method or nil,
ivCheck = (node.protocol == "shadowsocks") and node.iv_check == "1" or nil,
uot = (node.protocol == "shadowsocks") and node.uot == "1" or nil,
password = node.password or "",
users = (node.username and node.password) and {
{
user = node.username,
pass = node.password
}
} or nil
}
} or nil,
address = (node.protocol == "wireguard" and node.wireguard_local_address) and node.wireguard_local_address or nil,
secretKey = (node.protocol == "wireguard") and node.wireguard_secret_key or nil,
peers = (node.protocol == "wireguard") and {
{
publicKey = node.wireguard_public_key,
endpoint = node.address .. ":" .. node.port,
preSharedKey = node.wireguard_preSharedKey,
keepAlive = node.wireguard_keepAlive and tonumber(node.wireguard_keepAlive) or nil
}
} or nil,
mtu = (node.protocol == "wireguard" and node.wireguard_mtu) and tonumber(node.wireguard_mtu) or nil
}
}
local alpn = {}
if node.alpn and node.alpn ~= "default" then
string.gsub(node.alpn, '[^' .. "," .. ']+', function(w)
table.insert(alpn, w)
end)
end
if alpn and #alpn > 0 then
if result.streamSettings.tlsSettings then
result.streamSettings.tlsSettings.alpn = alpn
end
end
end
return result
end
if node_id then
local node = uci:get_all(appname, node_id)
if local_socks_port then
local inbound = {
listen = local_socks_address,
port = tonumber(local_socks_port),
protocol = "socks",
settings = {auth = "noauth", udp = true},
sniffing = {enabled = true, destOverride = {"http", "tls"}}
}
if local_socks_username and local_socks_password and local_socks_username ~= "" and local_socks_password ~= "" then
inbound.settings.auth = "password"
inbound.settings.accounts = {
{
user = local_socks_username,
pass = local_socks_password
}
}
end
table.insert(inbounds, inbound)
end
if local_http_port then
local inbound = {
listen = local_http_address,
port = tonumber(local_http_port),
protocol = "http",
settings = {allowTransparent = false}
}
if local_http_username and local_http_password and local_http_username ~= "" and local_http_password ~= "" then
inbound.settings.accounts = {
{
user = local_http_username,
pass = local_http_password
}
}
end
table.insert(inbounds, inbound)
end
if tcp_redir_port or udp_redir_port then
local inbound = {
protocol = "dokodemo-door",
settings = {network = "tcp,udp", followRedirect = true},
streamSettings = {sockopt = {tproxy = "tproxy"}},
sniffing = {enabled = sniffing and true or false, destOverride = {"http", "tls", (remote_dns_fake) and "fakedns"}, metadataOnly = false, routeOnly = route_only and true or nil, domainsExcluded = (sniffing and not route_only) and get_domain_excluded() or nil}
}
if tcp_redir_port then
local tcp_inbound = api.clone(inbound)
tcp_inbound.tag = "tcp_redir"
tcp_inbound.settings.network = "tcp"
tcp_inbound.port = tonumber(tcp_redir_port)
tcp_inbound.streamSettings.sockopt.tproxy = tcp_proxy_way
table.insert(inbounds, tcp_inbound)
end
if udp_redir_port then
local udp_inbound = api.clone(inbound)
udp_inbound.tag = "udp_redir"
udp_inbound.settings.network = "udp"
udp_inbound.port = tonumber(udp_redir_port)
table.insert(inbounds, udp_inbound)
end
end
if node.protocol == "_shunt" then
local rules = {}
local default_node_id = node.default_node or "_direct"
local default_outboundTag
if default_node_id == "_direct" then
default_outboundTag = "direct"
elseif default_node_id == "_blackhole" then
default_outboundTag = "blackhole"
else
local default_node = uci:get_all(appname, default_node_id)
local main_node_id = node.main_node or "nil"
local proxy = 0
local proxy_tag
if main_node_id ~= "nil" then
local main_node = uci:get_all(appname, main_node_id)
if main_node and api.is_normal_node(main_node) and main_node_id ~= default_node_id then
local main_node_outbound = gen_outbound(main_node, "main")
if main_node_outbound then
table.insert(outbounds, main_node_outbound)
proxy = 1
proxy_tag = "main"
if default_node.type ~= "V2ray" and default_node.type ~= "Xray" then
proxy_tag = nil
new_port = get_new_port()
table.insert(inbounds, {
tag = "proxy_default",
listen = "127.0.0.1",
port = new_port,
protocol = "dokodemo-door",
settings = {network = "tcp,udp", address = default_node.address, port = tonumber(default_node.port)}
})
if default_node.tls_serverName == nil then
default_node.tls_serverName = default_node.address
end
default_node.address = "127.0.0.1"
default_node.port = new_port
table.insert(rules, 1, {
type = "field",
inboundTag = {"proxy_default"},
outboundTag = "main"
})
end
end
end
end
if default_node and api.is_normal_node(default_node) then
local default_outbound = gen_outbound(default_node, "default", { proxy = proxy, tag = proxy_tag, dialerProxy = node.dialerProxy })
if default_outbound then
table.insert(outbounds, default_outbound)
default_outboundTag = "default"
end
end
end
uci:foreach(appname, "shunt_rules", function(e)
local name = e[".name"]
if name and e.remarks then
local _node_id = node[name] or "nil"
local proxy_tag = node[name .. "_proxy_tag"] or "nil"
local outboundTag
if _node_id == "_direct" then
outboundTag = "direct"
elseif _node_id == "_blackhole" then
outboundTag = "blackhole"
elseif _node_id == "_default" then
outboundTag = "default"
else
if _node_id ~= "nil" then
local _node = uci:get_all(appname, _node_id)
if _node and api.is_normal_node(_node) then
local new_outbound
for index, value in ipairs(outbounds) do
if value["_flag_tag"] == _node_id and value["_flag_proxy_tag"] == proxy_tag then
new_outbound = api.clone(value)
break
end
end
if new_outbound then
new_outbound["tag"] = name
table.insert(outbounds, new_outbound)
outboundTag = name
else
if _node.type ~= "V2ray" and _node.type ~= "Xray" then
if proxy_tag ~= "nil" then
new_port = get_new_port()
table.insert(inbounds, {
tag = "proxy_" .. name,
listen = "127.0.0.1",
port = new_port,
protocol = "dokodemo-door",
settings = {network = "tcp,udp", address = _node.address, port = tonumber(_node.port)}
})
if _node.tls_serverName == nil then
_node.tls_serverName = _node.address
end
_node.address = "127.0.0.1"
_node.port = new_port
table.insert(rules, 1, {
type = "field",
inboundTag = {"proxy_" .. name},
outboundTag = proxy_tag
})
end
end
local _outbound = gen_outbound(_node, name, { proxy = (proxy_tag ~= "nil") and 1 or 0, tag = (proxy_tag ~= "nil") and proxy_tag or nil, dialerProxy = node.dialerProxy })
if _outbound then
table.insert(outbounds, _outbound)
outboundTag = name
end
end
end
end
end
if outboundTag then
if outboundTag == "default" then
outboundTag = default_outboundTag
end
local protocols = nil
if e["protocol"] and e["protocol"] ~= "" then
protocols = {}
string.gsub(e["protocol"], '[^' .. " " .. ']+', function(w)
table.insert(protocols, w)
end)
end
if e.domain_list then
local _domain = {}
string.gsub(e.domain_list, '[^' .. "\r\n" .. ']+', function(w)
table.insert(_domain, w)
end)
table.insert(rules, {
type = "field",
outboundTag = outboundTag,
domain = _domain,
protocol = protocols
})
end
if e.ip_list then
local _ip = {}
string.gsub(e.ip_list, '[^' .. "\r\n" .. ']+', function(w)
table.insert(_ip, w)
end)
table.insert(rules, {
type = "field",
outboundTag = outboundTag,
ip = _ip,
protocol = protocols
})
end
if not e.domain_list and not e.ip_list and protocols then
table.insert(rules, {
type = "field",
outboundTag = outboundTag,
protocol = protocols
})
end
end
end
end)
if default_outboundTag then
table.insert(rules, {
type = "field",
outboundTag = default_outboundTag,
network = "tcp,udp"
})
end
routing = {
domainStrategy = node.domainStrategy or "AsIs",
domainMatcher = node.domainMatcher or "hybrid",
rules = rules
}
elseif node.protocol == "_balancing" then
if node.balancing_node then
local nodes = node.balancing_node
local length = #nodes
for i = 1, length do
local node = uci:get_all(appname, nodes[i])
local outbound = gen_outbound(node)
if outbound then table.insert(outbounds, outbound) end
end
routing = {
domainStrategy = node.domainStrategy or "AsIs",
domainMatcher = node.domainMatcher or "hybrid",
balancers = {{tag = "balancer", selector = nodes}},
rules = {
{type = "field", network = "tcp,udp", balancerTag = "balancer"}
}
}
end
else
local outbound = nil
if node.protocol == "_iface" then
if node.iface then
outbound = {
protocol = "freedom",
tag = "outbound",
streamSettings = {
sockopt = {
interface = node.iface
}
}
}
end
else
outbound = gen_outbound(node)
end
if outbound then table.insert(outbounds, outbound) end
routing = {
domainStrategy = "AsIs",
domainMatcher = "hybrid",
rules = {}
}
end
end
if remote_dns_server or remote_dns_doh_url or remote_dns_fake then
local rules = {}
local _remote_dns_proto = "tcp"
local _remote_dns_host
if not routing then
routing = {
domainStrategy = "IPOnDemand",
rules = {}
}
end
dns = {
tag = "dns-in1",
hosts = {},
disableCache = (dns_cache and dns_cache == "0") and true or false,
disableFallback = true,
disableFallbackIfMatch = true,
servers = {},
clientIp = (dns_client_ip and dns_client_ip ~= "") and dns_client_ip or nil,
queryStrategy = (dns_query_strategy and dns_query_strategy ~= "") and dns_query_strategy or "UseIPv4"
}
local _remote_dns = {
--_flag = "remote"
}
if remote_dns_tcp_server then
_remote_dns.address = remote_dns_tcp_server
_remote_dns.port = tonumber(remote_dns_port)
end
if remote_dns_doh_url and remote_dns_doh_host then
if remote_dns_server and remote_dns_doh_host ~= remote_dns_server and not api.is_ip(remote_dns_doh_host) then
dns.hosts[remote_dns_doh_host] = remote_dns_server
_remote_dns_host = remote_dns_doh_host
end
_remote_dns.address = remote_dns_doh_url
_remote_dns.port = tonumber(remote_dns_port)
_remote_dns_proto = "doh"
end
if remote_dns_fake then
remote_dns_server = "1.1.1.1"
fakedns = {}
fakedns[#fakedns + 1] = {
ipPool = "198.18.0.0/16",
poolSize = 65535
}
if dns_query_strategy == "UseIP" then
fakedns[#fakedns + 1] = {
ipPool = "fc00::/18",
poolSize = 65535
}
end
_remote_dns.address = "fakedns"
end
table.insert(dns.servers, _remote_dns)
if dns_listen_port then
table.insert(inbounds, {
listen = "127.0.0.1",
port = tonumber(dns_listen_port),
protocol = "dokodemo-door",
tag = "dns-in",
settings = {
address = remote_dns_server,
port = (_remote_dns_proto ~= "doh" and tonumber(remote_dns_port)) and tonumber(remote_dns_port) or 53,
network = "tcp,udp"
}
})
table.insert(outbounds, {
tag = "dns-out",
protocol = "dns",
settings = {
address = remote_dns_server,
port = (_remote_dns_proto ~= "doh" and tonumber(remote_dns_port)) and tonumber(remote_dns_port) or 53,
network = "tcp",
}
})
table.insert(routing.rules, 1, {
type = "field",
inboundTag = {
"dns-in"
},
outboundTag = "dns-out"
})
end
--[[
local default_dns_flag = "remote"
if node_id and tcp_redir_port then
local node = uci:get_all(appname, node_id)
if node.protocol == "_shunt" then
if node.default_node == "_direct" then
default_dns_flag = "direct"
end
end
end
if dns.servers and #dns.servers > 0 then
local dns_servers = nil
for index, value in ipairs(dns.servers) do
if not dns_servers and value["_flag"] == default_dns_flag then
dns_servers = {
_flag = "default",
address = value.address,
port = value.port
}
break
end
end
if dns_servers then
table.insert(dns.servers, 1, dns_servers)
end
end
]]--
if true then
local dns_outboundTag = "direct"
if dns_socks_address and dns_socks_port then
dns_outboundTag = "out"
table.insert(outbounds, 1, {
tag = dns_outboundTag,
protocol = "socks",
streamSettings = {
network = "tcp",
security = "none",
sockopt = {
mark = 255
}
},
settings = {
servers = {
{
address = dns_socks_address,
port = tonumber(dns_socks_port)
}
}
}
})
else
if node_id and tcp_redir_port and not remote_dns_fake then
dns_outboundTag = node_id
local node = uci:get_all(appname, node_id)
if node.protocol == "_shunt" then
dns_outboundTag = "default"
end
end
end
table.insert(rules, {
type = "field",
inboundTag = {
"dns-in1"
},
ip = {
remote_dns_server
},
port = tonumber(remote_dns_port),
outboundTag = dns_outboundTag
})
if _remote_dns_host then
table.insert(rules, {
type = "field",
inboundTag = {
"dns-in1"
},
domain = {
_remote_dns_host
},
port = tonumber(remote_dns_port),
outboundTag = dns_outboundTag
})
end
end
local default_rule_index = #routing.rules > 0 and #routing.rules or 1
for index, value in ipairs(routing.rules) do
if value["_flag"] == "default" then
default_rule_index = index
break
end
end
for index, value in ipairs(rules) do
local t = rules[#rules + 1 - index]
table.insert(routing.rules, default_rule_index, t)
end
local dns_hosts_len = 0
for key, value in pairs(dns.hosts) do
dns_hosts_len = dns_hosts_len + 1
end
if dns_hosts_len == 0 then
dns.hosts = nil
end
end
if inbounds or outbounds then
local config = {
log = {
-- error = string.format("/tmp/etc/%s/%s.log", appname, node[".name"]),
loglevel = loglevel
},
-- DNS
dns = dns,
fakedns = fakedns,
-- 传入连接
inbounds = inbounds,
-- 传出连接
outbounds = outbounds,
-- 路由
routing = routing,
-- 本地策略
policy = {
levels = {
[0] = {
-- handshake = 4,
-- connIdle = 300,
-- uplinkOnly = 2,
-- downlinkOnly = 5,
bufferSize = buffer_size and tonumber(buffer_size) or nil,
statsUserUplink = false,
statsUserDownlink = false
}
},
-- system = {
-- statsInboundUplink = false,
-- statsInboundDownlink = false
-- }
}
}
table.insert(outbounds, {
protocol = "freedom",
tag = "direct",
settings = {
domainStrategy = (dns_query_strategy and dns_query_strategy ~= "") and dns_query_strategy or "UseIPv4"
},
streamSettings = {
sockopt = {
mark = 255
}
}
})
table.insert(outbounds, {
protocol = "blackhole",
tag = "blackhole"
})
print(jsonc.stringify(config, 1))
end

111
luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray_proto.lua
View File

@ -1,111 +0,0 @@
local api = require "luci.model.cbi.passwall.api.api"
local jsonc = api.jsonc
local inbounds = {}
local outbounds = {}
local routing = nil
local var = api.get_args(arg)
local local_socks_address = var["-local_socks_address"] or "0.0.0.0"
local local_socks_port = var["-local_socks_port"]
local local_socks_username = var["-local_socks_username"]
local local_socks_password = var["-local_socks_password"]
local local_http_address = var["-local_http_address"] or "0.0.0.0"
local local_http_port = var["-local_http_port"]
local local_http_username = var["-local_http_username"]
local local_http_password = var["-local_http_password"]
local server_proto = var["-server_proto"]
local server_address = var["-server_address"]
local server_port = var["-server_port"]
local server_username = var["-server_username"]
local server_password = var["-server_password"]
function gen_outbound(proto, address, port, username, password)
local result = {
protocol = proto,
streamSettings = {
network = "tcp",
security = "none"
},
settings = {
servers = {
{
address = address,
port = tonumber(port),
users = (username and password) and {
{
user = username,
pass = password
}
} or nil
}
}
}
}
return result
end
if local_socks_address and local_socks_port then
local inbound = {
listen = local_socks_address,
port = tonumber(local_socks_port),
protocol = "socks",
settings = {
udp = true,
auth = "noauth"
}
}
if local_socks_username and local_socks_password and local_socks_username ~= "" and local_socks_password ~= "" then
inbound.settings.auth = "password"
inbound.settings.accounts = {
{
user = local_socks_username,
pass = local_socks_password
}
}
end
table.insert(inbounds, inbound)
end
if local_http_address and local_http_port then
local inbound = {
listen = local_http_address,
port = tonumber(local_http_port),
protocol = "http",
settings = {
allowTransparent = false
}
}
if local_http_username and local_http_password and local_http_username ~= "" and local_http_password ~= "" then
inbound.settings.accounts = {
{
user = local_http_username,
pass = local_http_password
}
}
end
table.insert(inbounds, inbound)
end
if server_proto ~= "nil" and server_address ~= "nil" and server_port ~= "nil" then
local outbound = gen_outbound(server_proto, server_address, server_port, server_username, server_password)
if outbound then table.insert(outbounds, outbound) end
end
-- 额外传出连接
table.insert(outbounds, {
protocol = "freedom", tag = "direct", settings = {keep = ""}, sockopt = {mark = 255}
})
local config = {
log = {
-- error = string.format("/tmp/etc/passwall/%s.log", node[".name"]),
loglevel = "warning"
},
-- 传入连接
inbounds = inbounds,
-- 传出连接
outbounds = outbounds,
-- 路由
routing = routing
}
print(jsonc.stringify(config, 1))

2
luci-app-passwall/luasrc/model/cbi/passwall/client/acl.lua
View File

@ -1,4 +1,4 @@
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local appname = api.appname
local sys = api.sys
local has_chnlist = api.fs.access("/usr/share/passwall/rules/chnlist")

2
luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
View File

@ -1,4 +1,4 @@
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local appname = api.appname
local sys = api.sys
local has_v2ray = api.is_finded("v2ray")

2
luci-app-passwall/luasrc/model/cbi/passwall/client/app_update.lua
View File

@ -1,4 +1,4 @@
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local appname = api.appname
m = Map(appname)

2
luci-app-passwall/luasrc/model/cbi/passwall/client/auto_switch.lua
View File

@ -1,4 +1,4 @@
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local appname = api.appname
local nodes_table = {}

2
luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
View File

@ -1,4 +1,4 @@
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local appname = api.appname
local uci = api.uci
local datatypes = api.datatypes

2
luci-app-passwall/luasrc/model/cbi/passwall/client/haproxy.lua
View File

@ -1,4 +1,4 @@
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local appname = api.appname
local sys = api.sys
local net = require "luci.model.network".init()

2
luci-app-passwall/luasrc/model/cbi/passwall/client/log.lua
View File

@ -1,4 +1,4 @@
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local appname = api.appname
f = SimpleForm(appname)

2
luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua
View File

@ -1,4 +1,4 @@
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local appname = api.appname
local uci = api.uci

2
luci-app-passwall/luasrc/model/cbi/passwall/client/node_list.lua
View File

@ -1,4 +1,4 @@
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local appname = api.appname
local sys = api.sys
local datatypes = api.datatypes

2
luci-app-passwall/luasrc/model/cbi/passwall/client/node_subscribe.lua
View File

@ -1,4 +1,4 @@
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local appname = api.appname
local has_ss = api.is_finded("ss-redir")
local has_ss_rust = api.is_finded("sslocal")

2
luci-app-passwall/luasrc/model/cbi/passwall/client/node_subscribe_config.lua
View File

@ -1,4 +1,4 @@
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local appname = api.appname
local sys = api.sys
local has_ss = api.is_finded("ss-redir")

2
luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua
View File

@ -1,4 +1,4 @@
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local appname = api.appname
local fs = api.fs
local has_v2ray = api.is_finded("v2ray")

2
luci-app-passwall/luasrc/model/cbi/passwall/client/rule.lua
View File

@ -1,4 +1,4 @@
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local appname = api.appname
local has_v2ray = api.is_finded("v2ray")
local has_xray = api.is_finded("xray")

2
luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua
View File

@ -1,4 +1,4 @@
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local appname = api.appname
local fs = api.fs
local sys = api.sys

2
luci-app-passwall/luasrc/model/cbi/passwall/client/shunt_rules.lua
View File

@ -1,4 +1,4 @@
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local appname = api.appname
local datatypes = api.datatypes

24
luci-app-passwall/luasrc/model/cbi/passwall/server/api/hysteria.lua
View File

@ -1,24 +0,0 @@
module("luci.model.cbi.passwall.server.api.hysteria", package.seeall)
function gen_config(user)
local config = {
listen = ":" .. user.port,
protocol = user.protocol or "udp",
obfs = user.hysteria_obfs,
cert = user.tls_certificateFile,
key = user.tls_keyFile,
auth = (user.hysteria_auth_type == "string") and {
mode = "password",
config = {
password = user.hysteria_auth_password
}
} or nil,
disable_udp = (user.hysteria_udp == "0") and true or false,
alpn = user.hysteria_alpn or nil,
up_mbps = tonumber(user.hysteria_up_mbps) or 10,
down_mbps = tonumber(user.hysteria_down_mbps) or 50,
recv_window_conn = (user.hysteria_recv_window_conn) and tonumber(user.hysteria_recv_window_conn) or nil,
recv_window = (user.hysteria_recv_window) and tonumber(user.hysteria_recv_window) or nil,
disable_mtu_discovery = (user.hysteria_disable_mtu_discovery) and true or false
}
return config
end

25
luci-app-passwall/luasrc/model/cbi/passwall/server/api/shadowsocks.lua
View File

@ -1,25 +0,0 @@
module("luci.model.cbi.passwall.server.api.shadowsocks", package.seeall)
function gen_config(user)
local config = {}
config.server_port = tonumber(user.port)
config.password = user.password
config.timeout = tonumber(user.timeout)
config.fast_open = (user.tcp_fast_open and user.tcp_fast_open == "1") and true or false
config.method = user.method
if user.type == "SS-Rust" then
config.server = "::"
config.mode = "tcp_and_udp"
else
config.server = {"[::0]", "0.0.0.0"}
end
if user.type == "SSR" then
config.protocol = user.protocol
config.protocol_param = user.protocol_param
config.obfs = user.obfs
config.obfs_param = user.obfs_param
end
return config
end

61
luci-app-passwall/luasrc/model/cbi/passwall/server/api/trojan.lua
View File

@ -1,61 +0,0 @@
module("luci.model.cbi.passwall.server.api.trojan", package.seeall)
function gen_config(user)
local cipher = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
local cipher13 = "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384"
local config = {
run_type = "server",
local_addr = "::",
local_port = tonumber(user.port),
remote_addr = (user.remote_enable == "1" and user.remote_address) and user.remote_address or nil,
remote_port = (user.remote_enable == "1" and user.remote_port) and tonumber(user.remote_port) or nil,
password = user.uuid,
log_level = (user.log and user.log == "1") and tonumber(user.loglevel) or 5,
ssl = {
cert = user.tls_certificateFile,
key = user.tls_keyFile,
key_password = "",
cipher = cipher,
cipher_tls13 = cipher13,
prefer_server_cipher = true,
reuse_session = true,
session_ticket = (user.tls_sessionTicket == "1") and true or false,
session_timeout = 600,
plain_http_response = "",
curves = "",
dhparam = ""
},
tcp = {
prefer_ipv4 = false,
no_delay = true,
keep_alive = true,
reuse_port = false,
fast_open = (user.tcp_fast_open and user.tcp_fast_open == "1") and true or false,
fast_open_qlen = 20
}
}
if user.type == "Trojan-Go" then
config.ssl.cipher = nil
config.ssl.cipher_tls13 = nil
config.udp_timeout = 60
config.disable_http_check = true
config.transport_plugin = ((user.tls == nil or user.tls ~= "1") and user.trojan_transport == "original") and {
enabled = user.plugin_type ~= nil,
type = user.plugin_type or "plaintext",
command = user.plugin_type ~= "plaintext" and user.plugin_cmd or nil,
option = user.plugin_type ~= "plaintext" and user.plugin_option or nil,
arg = user.plugin_type ~= "plaintext" and { user.plugin_arg } or nil,
env = {}
} or nil
config.websocket = (user.trojan_transport == 'ws') and {
enabled = true,
path = user.ws_path or "/",
host = user.ws_host or ""
} or nil
config.shadowsocks = (user.ss_aead == "1") and {
enabled = true,
method = user.ss_aead_method or "aes_128_gcm",
password = user.ss_aead_pwd or ""
} or nil
end
return config
end

242
luci-app-passwall/luasrc/model/cbi/passwall/server/api/v2ray.lua
View File

@ -1,242 +0,0 @@
module("luci.model.cbi.passwall.server.api.v2ray", package.seeall)
local uci = require"luci.model.uci".cursor()
function gen_config(user)
local settings = nil
local routing = nil
local outbounds = {
{protocol = "freedom", tag = "direct"}, {protocol = "blackhole", tag = "blocked"}
}
if user.protocol == "vmess" or user.protocol == "vless" then
if user.uuid then
local clients = {}
for i = 1, #user.uuid do
clients[i] = {
id = user.uuid[i],
flow = ("vless" == user.protocol and "1" == user.tls and user.tlsflow) and user.tlsflow or nil
}
end
settings = {
clients = clients,
decryption = user.decryption or "none"
}
end
elseif user.protocol == "socks" then
settings = {
udp = ("1" == user.udp_forward) and true or false,
auth = ("1" == user.auth) and "password" or "noauth",
accounts = ("1" == user.auth) and {
{
user = user.username,
pass = user.password
}
} or nil
}
elseif user.protocol == "http" then
settings = {
allowTransparent = false,
accounts = ("1" == user.auth) and {
{
user = user.username,
pass = user.password
}
} or nil
}
user.transport = "tcp"
user.tcp_guise = "none"
elseif user.protocol == "shadowsocks" then
settings = {
method = user.method,
password = user.password,
ivCheck = ("1" == user.iv_check) and true or false,
network = user.ss_network or "TCP,UDP"
}
elseif user.protocol == "trojan" then
if user.uuid then
local clients = {}
for i = 1, #user.uuid do
clients[i] = {
password = user.uuid[i],
}
end
settings = {
clients = clients
}
end
elseif user.protocol == "mtproto" then
settings = {
users = {
{
secret = (user.password == nil) and "" or user.password
}
}
}
elseif user.protocol == "dokodemo-door" then
settings = {
network = user.d_protocol,
address = user.d_address,
port = tonumber(user.d_port)
}
end
if user.fallback and user.fallback == "1" then
local fallbacks = {}
for i = 1, #user.fallback_list do
local fallbackStr = user.fallback_list[i]
if fallbackStr then
local tmp = {}
string.gsub(fallbackStr, '[^' .. "," .. ']+', function(w)
table.insert(tmp, w)
end)
local dest = tmp[1] or ""
local path = tmp[2]
if dest:find("%.") then
else
dest = tonumber(dest)
end
fallbacks[i] = {
path = path,
dest = dest,
xver = 1
}
end
end
settings.fallbacks = fallbacks
end
routing = {
domainStrategy = "IPOnDemand",
rules = {
{
type = "field",
ip = {"10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"},
outboundTag = (user.accept_lan == nil or user.accept_lan == "0") and "blocked" or "direct"
}
}
}
if user.outbound_node and user.outbound_node ~= "nil" then
local outbound = nil
if user.outbound_node == "_iface" and user.outbound_node_iface then
outbound = {
protocol = "freedom",
tag = "outbound",
streamSettings = {
sockopt = {
interface = user.outbound_node_iface
}
}
}
else
local outbound_node_t = uci:get_all("passwall", user.outbound_node)
if user.outbound_node == "_socks" or user.outbound_node == "_http" then
outbound_node_t = {
type = user.type,
protocol = user.outbound_node:gsub("_", ""),
transport = "tcp",
address = user.outbound_node_address,
port = user.outbound_node_port,
username = (user.outbound_node_username and user.outbound_node_username ~= "") and user.outbound_node_username or nil,
password = (user.outbound_node_password and user.outbound_node_password ~= "") and user.outbound_node_password or nil,
}
end
outbound = require("luci.model.cbi.passwall.api.gen_v2ray").gen_outbound(outbound_node_t, "outbound")
end
if outbound then
table.insert(outbounds, 1, outbound)
end
end
local config = {
log = {
-- error = "/tmp/etc/passwall_server/log/" .. user[".name"] .. ".log",
loglevel = ("1" == user.log) and user.loglevel or "none"
},
-- 传入连接
inbounds = {
{
listen = (user.bind_local == "1") and "127.0.0.1" or nil,
port = tonumber(user.port),
protocol = user.protocol,
settings = settings,
streamSettings = {
network = user.transport,
security = "none",
tlsSettings = ("1" == user.tls) and {
disableSystemRoot = false,
certificates = {
{
certificateFile = user.tls_certificateFile,
keyFile = user.tls_keyFile
}
}
} or nil,
tcpSettings = (user.transport == "tcp") and {
acceptProxyProtocol = (user.acceptProxyProtocol and user.acceptProxyProtocol == "1") and true or false,
header = {
type = user.tcp_guise,
request = (user.tcp_guise == "http") and {
path = user.tcp_guise_http_path or {"/"},
headers = {
Host = user.tcp_guise_http_host or {}
}
} or nil
}
} or nil,
kcpSettings = (user.transport == "mkcp") and {
mtu = tonumber(user.mkcp_mtu),
tti = tonumber(user.mkcp_tti),
uplinkCapacity = tonumber(user.mkcp_uplinkCapacity),
downlinkCapacity = tonumber(user.mkcp_downlinkCapacity),
congestion = (user.mkcp_congestion == "1") and true or false,
readBufferSize = tonumber(user.mkcp_readBufferSize),
writeBufferSize = tonumber(user.mkcp_writeBufferSize),
seed = (user.mkcp_seed and user.mkcp_seed ~= "") and user.mkcp_seed or nil,
header = {type = user.mkcp_guise}
} or nil,
wsSettings = (user.transport == "ws") and {
acceptProxyProtocol = (user.acceptProxyProtocol and user.acceptProxyProtocol == "1") and true or false,
headers = (user.ws_host) and {Host = user.ws_host} or nil,
path = user.ws_path
} or nil,
httpSettings = (user.transport == "h2") and {
path = user.h2_path, host = user.h2_host
} or nil,
dsSettings = (user.transport == "ds") and {
path = user.ds_path
} or nil,
quicSettings = (user.transport == "quic") and {
security = user.quic_security,
key = user.quic_key,
header = {type = user.quic_guise}
} or nil,
grpcSettings = (user.transport == "grpc") and {
serviceName = user.grpc_serviceName
} or nil
}
}
},
-- 传出连接
outbounds = outbounds,
routing = routing
}
local alpn = {}
if user.alpn then
string.gsub(user.alpn, '[^' .. "," .. ']+', function(w)
table.insert(alpn, w)
end)
end
if alpn and #alpn > 0 then
if config.inbounds[1].streamSettings.tlsSettings then
config.inbounds[1].streamSettings.tlsSettings.alpn = alpn
end
end
if "1" == user.tls then
config.inbounds[1].streamSettings.security = "tls"
end
return config
end

2
luci-app-passwall/luasrc/model/cbi/passwall/server/index.lua
View File

@ -1,4 +1,4 @@
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
m = Map("passwall_server", translate("Server-Side"))

2
luci-app-passwall/luasrc/model/cbi/passwall/server/user.lua
View File

@ -1,4 +1,4 @@
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local ss_encrypt_method_list = {
"rc4-md5", "aes-128-cfb", "aes-192-cfb", "aes-256-cfb", "aes-128-ctr",

14
luci-app-passwall/luasrc/model/cbi/passwall/api/api.lua → luci-app-passwall/luasrc/passwall/api.lua Executable file → Normal file
View File

@ -1,4 +1,4 @@
module("luci.model.cbi.passwall.api.api", package.seeall)
module("luci.passwall.api", package.seeall)
fs = require "nixio.fs"
sys = require "luci.sys"
uci = require"luci.model.uci".cursor()
@ -147,6 +147,18 @@ function get_args(arg)
return var
end
function get_function_args(arg)
local var = nil
if arg and #arg > 1 then
local param = {}
for i = 2, #arg do
param[#param + 1] = arg[i]
end
var = get_args(param)
end
return var
end
function strToTable(str)
if str == nil or type(str) ~= "string" then
return {}

4
luci-app-passwall/luasrc/model/cbi/passwall/api/brook.lua → luci-app-passwall/luasrc/passwall/brook.lua
View File

@ -1,5 +1,5 @@
module("luci.model.cbi.passwall.api.brook", package.seeall)
local api = require "luci.model.cbi.passwall.api.api"
module("luci.passwall.brook", package.seeall)
local api = require "luci.passwall.api"
local fs = api.fs
local sys = api.sys
local util = api.util

4
luci-app-passwall/luasrc/model/cbi/passwall/api/hysteria.lua → luci-app-passwall/luasrc/passwall/hysteria.lua
View File

@ -1,5 +1,5 @@
module("luci.model.cbi.passwall.api.hysteria", package.seeall)
local api = require "luci.model.cbi.passwall.api.api"
module("luci.passwall.hysteria", package.seeall)
local api = require "luci.passwall.api"
local fs = api.fs
local sys = api.sys
local util = api.util

20
luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua → luci-app-passwall/luasrc/passwall/server_app.lua Executable file → Normal file
View File

@ -1,7 +1,7 @@
#!/usr/bin/lua
local action = arg[1]
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local sys = api.sys
local uci = api.uci
local jsonc = api.jsonc
@ -10,7 +10,7 @@ local CONFIG = "passwall_server"
local CONFIG_PATH = "/tmp/etc/" .. CONFIG
local LOG_APP_FILE = "/tmp/log/" .. CONFIG .. ".log"
local TMP_BIN_PATH = CONFIG_PATH .. "/bin"
local require_dir = "luci.model.cbi.passwall.server.api."
local require_dir = "luci.passwall."
local ipt_bin = sys.exec("echo -n $(/usr/share/passwall/iptables.sh get_ipt_bin)")
local ip6t_bin = sys.exec("echo -n $(/usr/share/passwall/iptables.sh get_ip6t_bin)")
@ -131,7 +131,7 @@ local function start()
end
bin = ln_run("/usr/bin/microsocks", "microsocks_" .. id, string.format("-i :: -p %s %s", port, auth), log_path)
elseif type == "SS" or type == "SSR" then
config = require(require_dir .. "shadowsocks").gen_config(user)
config = require(require_dir .. "util_shadowsocks").gen_config_server(user)
local udp_param = ""
udp_forward = tonumber(user.udp_forward) or 1
if udp_forward == 1 then
@ -140,22 +140,22 @@ local function start()
type = type:lower()
bin = ln_run("/usr/bin/" .. type .. "-server", type .. "-server", "-c " .. config_file .. " " .. udp_param, log_path)
elseif type == "SS-Rust" then
config = require(require_dir .. "shadowsocks").gen_config(user)
config = require(require_dir .. "util_shadowsocks").gen_config_server(user)
bin = ln_run("/usr/bin/ssserver", "ssserver", "-c " .. config_file, log_path)
elseif type == "V2ray" then
config = require(require_dir .. "v2ray").gen_config(user)
config = require(require_dir .. "util_xray").gen_config_server(user)
bin = ln_run(api.get_v2ray_path(), "v2ray", "run -c " .. config_file, log_path)
elseif type == "Xray" then
config = require(require_dir .. "v2ray").gen_config(user)
config = require(require_dir .. "util_xray").gen_config_server(user)
bin = ln_run(api.get_xray_path(), "xray", "run -c " .. config_file, log_path)
elseif type == "Trojan" then
config = require(require_dir .. "trojan").gen_config(user)
config = require(require_dir .. "util_trojan").gen_config_server(user)
bin = ln_run("/usr/sbin/trojan", "trojan", "-c " .. config_file, log_path)
elseif type == "Trojan-Plus" then
config = require(require_dir .. "trojan").gen_config(user)
config = require(require_dir .. "util_trojan").gen_config_server(user)
bin = ln_run("/usr/sbin/trojan-plus", "trojan-plus", "-c " .. config_file, log_path)
elseif type == "Trojan-Go" then
config = require(require_dir .. "trojan").gen_config(user)
config = require(require_dir .. "util_trojan").gen_config_server(user)
bin = ln_run(api.get_trojan_go_path(), "trojan-go", "-config " .. config_file, log_path)
elseif type == "Brook" then
local brook_protocol = user.protocol
@ -167,7 +167,7 @@ local function start()
end
bin = ln_run(api.get_brook_path(), "brook_" .. id, string.format("--debug %s -l :%s -p %s%s", brook_protocol, port, brook_password, brook_path_arg), log_path)
elseif type == "Hysteria" then
config = require(require_dir .. "hysteria").gen_config(user)
config = require(require_dir .. "util_hysteria").gen_config_server(user)
bin = ln_run(api.get_hysteria_path(), "hysteria", "-c " .. config_file .. " server", log_path)
end

4
luci-app-passwall/luasrc/model/cbi/passwall/api/trojan_go.lua → luci-app-passwall/luasrc/passwall/trojan_go.lua
View File

@ -1,5 +1,5 @@
module("luci.model.cbi.passwall.api.trojan_go", package.seeall)
local api = require "luci.model.cbi.passwall.api.api"
module("luci.passwall.trojan_go", package.seeall)
local api = require "luci.passwall.api"
local fs = api.fs
local sys = api.sys
local util = api.util

119
luci-app-passwall/luasrc/passwall/util_hysteria.lua Normal file
View File

@ -0,0 +1,119 @@
module("luci.passwall.util_hysteria", package.seeall)
local api = require "luci.passwall.api"
local uci = api.uci
local jsonc = api.jsonc
function gen_config_server(node)
local config = {
listen = ":" .. node.port,
protocol = node.protocol or "udp",
obfs = node.hysteria_obfs,
cert = node.tls_certificateFile,
key = node.tls_keyFile,
auth = (node.hysteria_auth_type == "string") and {
mode = "password",
config = {
password = node.hysteria_auth_password
}
} or nil,
disable_udp = (node.hysteria_udp == "0") and true or false,
alpn = node.hysteria_alpn or nil,
up_mbps = tonumber(node.hysteria_up_mbps) or 10,
down_mbps = tonumber(node.hysteria_down_mbps) or 50,
recv_window_conn = (node.hysteria_recv_window_conn) and tonumber(node.hysteria_recv_window_conn) or nil,
recv_window = (node.hysteria_recv_window) and tonumber(node.hysteria_recv_window) or nil,
disable_mtu_discovery = (node.hysteria_disable_mtu_discovery) and true or false
}
return config
end
function gen_config(var)
local node_id = var["-node"]
if not node_id then
print("-node 不能为空")
return
end
local node = uci:get_all("passwall", node_id)
local local_tcp_redir_port = var["-local_tcp_redir_port"]
local local_udp_redir_port = var["-local_udp_redir_port"]
local local_socks_address = var["-local_socks_address"] or "0.0.0.0"
local local_socks_port = var["-local_socks_port"]
local local_socks_username = var["-local_socks_username"]
local local_socks_password = var["-local_socks_password"]
local local_http_address = var["-local_http_address"] or "0.0.0.0"
local local_http_port = var["-local_http_port"]
local local_http_username = var["-local_http_username"]
local local_http_password = var["-local_http_password"]
local tcp_proxy_way = var["-tcp_proxy_way"]
local server_host = var["-server_host"] or node.address
local server_port = var["-server_port"] or node.port
if api.is_ipv6(server_host) then
server_host = api.get_ipv6_full(server_host)
end
local server = server_host .. ":" .. server_port
if (node.hysteria_hop) then
server = server .. "," .. node.hysteria_hop
end
local config = {
server = server,
protocol = node.protocol or "udp",
obfs = node.hysteria_obfs,
auth = (node.hysteria_auth_type == "base64") and node.hysteria_auth_password or nil,
auth_str = (node.hysteria_auth_type == "string") and node.hysteria_auth_password or nil,
alpn = node.hysteria_alpn or nil,
server_name = node.tls_serverName,
insecure = (node.tls_allowInsecure == "1") and true or false,
up_mbps = tonumber(node.hysteria_up_mbps) or 10,
down_mbps = tonumber(node.hysteria_down_mbps) or 50,
retry = -1,
retry_interval = 5,
recv_window_conn = (node.hysteria_recv_window_conn) and tonumber(node.hysteria_recv_window_conn) or nil,
recv_window = (node.hysteria_recv_window) and tonumber(node.hysteria_recv_window) or nil,
handshake_timeout = (node.hysteria_handshake_timeout) and tonumber(node.hysteria_handshake_timeout) or nil,
idle_timeout = (node.hysteria_idle_timeout) and tonumber(node.hysteria_idle_timeout) or nil,
hop_interval = (node.hysteria_hop_interval) and tonumber(node.hysteria_hop_interval) or nil,
disable_mtu_discovery = (node.hysteria_disable_mtu_discovery) and true or false,
fast_open = (node.fast_open == "1") and true or false,
socks5 = (local_socks_address and local_socks_port) and {
listen = local_socks_address .. ":" .. local_socks_port,
timeout = 300,
disable_udp = false,
user = (local_socks_username and local_socks_password) and local_socks_username,
password = (local_socks_username and local_socks_password) and local_socks_password,
} or nil,
http = (local_http_address and local_http_port) and {
listen = local_http_address .. ":" .. local_http_port,
timeout = 300,
disable_udp = false,
user = (local_http_username and local_http_password) and local_http_username,
password = (local_http_username and local_http_password) and local_http_password,
} or nil,
redirect_tcp = ("redirect" == tcp_proxy_way and local_tcp_redir_port) and {
listen = "0.0.0.0:" .. local_tcp_redir_port,
timeout = 300
} or nil,
tproxy_tcp = ("tproxy" == tcp_proxy_way and local_tcp_redir_port) and {
listen = "0.0.0.0:" .. local_tcp_redir_port,
timeout = 300
} or nil,
tproxy_udp = (local_udp_redir_port) and {
listen = "0.0.0.0:" .. local_udp_redir_port,
timeout = 60
} or nil
}
return jsonc.stringify(config, 1)
end
_G.gen_config = gen_config
if arg[1] then
local func =_G[arg[1]]
if func then
print(func(api.get_function_args(arg)))
end
end

39
luci-app-passwall/luasrc/passwall/util_naiveproxy.lua Normal file
View File

@ -0,0 +1,39 @@
module("luci.passwall.util_naiveproxy", package.seeall)
local api = require "luci.passwall.api"
local uci = api.uci
local jsonc = api.jsonc
function gen_config(var)
local node_id = var["-node"]
if not node_id then
print("-node 不能为空")
return
end
local node = uci:get_all("passwall", node_id)
local run_type = var["-run_type"]
local local_addr = var["-local_addr"]
local local_port = var["-local_port"]
local server_host = var["-server_host"] or node.address
local server_port = var["-server_port"] or node.port
if api.is_ipv6(server_host) then
server_host = api.get_ipv6_full(server_host)
end
local server = server_host .. ":" .. server_port
local config = {
listen = run_type .. "://" .. local_addr .. ":" .. local_port,
proxy = node.protocol .. "://" .. node.username .. ":" .. node.password .. "@" .. server
}
return jsonc.stringify(config, 1)
end
_G.gen_config = gen_config
if arg[1] then
local func =_G[arg[1]]
if func then
print(func(api.get_function_args(arg)))
end
end

144
luci-app-passwall/luasrc/passwall/util_shadowsocks.lua Normal file
View File

@ -0,0 +1,144 @@
module("luci.passwall.util_shadowsocks", package.seeall)
local api = require "luci.passwall.api"
local uci = api.uci
local jsonc = api.jsonc
function gen_config_server(node)
local config = {}
config.server_port = tonumber(node.port)
config.password = node.password
config.timeout = tonumber(node.timeout)
config.fast_open = (node.tcp_fast_open and node.tcp_fast_open == "1") and true or false
config.method = node.method
if node.type == "SS-Rust" then
config.server = "::"
config.mode = "tcp_and_udp"
else
config.server = {"[::0]", "0.0.0.0"}
end
if node.type == "SSR" then
config.protocol = node.protocol
config.protocol_param = node.protocol_param
config.obfs = node.obfs
config.obfs_param = node.obfs_param
end
return config
end
function gen_config(var)
local node_id = var["-node"]
if not node_id then
print("-node 不能为空")
return
end
local node = uci:get_all("passwall", node_id)
local server_host = var["-server_host"] or node.address
local server_port = var["-server_port"] or node.port
local local_addr = var["-local_addr"]
local local_port = var["-local_port"]
local mode = var["-mode"]
local local_socks_address = var["-local_socks_address"] or "0.0.0.0"
local local_socks_port = var["-local_socks_port"]
local local_socks_username = var["-local_socks_username"]
local local_socks_password = var["-local_socks_password"]
local local_http_address = var["-local_http_address"] or "0.0.0.0"
local local_http_port = var["-local_http_port"]
local local_http_username = var["-local_http_username"]
local local_http_password = var["-local_http_password"]
local local_tcp_redir_port = var["-local_tcp_redir_port"]
local local_tcp_redir_address = var["-local_tcp_redir_address"] or "0.0.0.0"
local local_udp_redir_port = var["-local_udp_redir_port"]
local local_udp_redir_address = var["-local_udp_redir_address"] or "0.0.0.0"
if api.is_ipv6(server_host) then
server_host = api.get_ipv6_only(server_host)
end
local server = server_host
local config = {
server = server,
server_port = tonumber(server_port),
local_address = local_addr,
local_port = tonumber(local_port),
password = node.password,
method = node.method,
timeout = tonumber(node.timeout),
fast_open = (node.tcp_fast_open and node.tcp_fast_open == "true") and true or false,
reuse_port = true,
tcp_tproxy = var["-tcp_tproxy"] and true or nil
}
if node.type == "SS" then
if node.plugin and node.plugin ~= "none" then
config.plugin = node.plugin
config.plugin_opts = node.plugin_opts or nil
end
config.mode = mode
elseif node.type == "SSR" then
config.protocol = node.protocol
config.protocol_param = node.protocol_param
config.obfs = node.obfs
config.obfs_param = node.obfs_param
elseif node.type == "SS-Rust" then
config = {
servers = {
{
address = server,
port = tonumber(server_port),
method = node.method,
password = node.password,
timeout = tonumber(node.timeout),
plugin = (node.plugin and node.plugin ~= "none") and node.plugin or nil,
plugin_opts = (node.plugin and node.plugin ~= "none") and node.plugin_opts or nil
}
},
locals = {},
fast_open = (node.tcp_fast_open and node.tcp_fast_open == "true") and true or false
}
if local_socks_address and local_socks_port then
table.insert(config.locals, {
local_address = local_socks_address,
local_port = tonumber(local_socks_port),
mode = "tcp_and_udp"
})
end
if local_http_address and local_http_port then
table.insert(config.locals, {
protocol = "http",
local_address = local_http_address,
local_port = tonumber(local_http_port)
})
end
if local_tcp_redir_address and local_tcp_redir_port then
table.insert(config.locals, {
protocol = "redir",
mode = "tcp_only",
tcp_redir = var["-tcp_tproxy"] and "tproxy" or nil,
local_address = local_tcp_redir_address,
local_port = tonumber(local_tcp_redir_port)
})
end
if local_udp_redir_address and local_udp_redir_port then
table.insert(config.locals, {
protocol = "redir",
mode = "udp_only",
local_address = local_udp_redir_address,
local_port = tonumber(local_udp_redir_port)
})
end
end
return jsonc.stringify(config, 1)
end
_G.gen_config = gen_config
if arg[1] then
local func =_G[arg[1]]
if func then
print(func(api.get_function_args(arg)))
end
end

158
luci-app-passwall/luasrc/passwall/util_trojan.lua Normal file
View File

@ -0,0 +1,158 @@
module("luci.passwall.util_trojan", package.seeall)
local api = require "luci.passwall.api"
local uci = api.uci
local json = api.jsonc
function gen_config_server(node)
local cipher = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
local cipher13 = "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384"
local config = {
run_type = "server",
local_addr = "::",
local_port = tonumber(node.port),
remote_addr = (node.remote_enable == "1" and node.remote_address) and node.remote_address or nil,
remote_port = (node.remote_enable == "1" and node.remote_port) and tonumber(node.remote_port) or nil,
password = node.uuid,
log_level = (node.log and node.log == "1") and tonumber(node.loglevel) or 5,
ssl = {
cert = node.tls_certificateFile,
key = node.tls_keyFile,
key_password = "",
cipher = cipher,
cipher_tls13 = cipher13,
prefer_server_cipher = true,
reuse_session = true,
session_ticket = (node.tls_sessionTicket == "1") and true or false,
session_timeout = 600,
plain_http_response = "",
curves = "",
dhparam = ""
},
tcp = {
prefer_ipv4 = false,
no_delay = true,
keep_alive = true,
reuse_port = false,
fast_open = (node.tcp_fast_open and node.tcp_fast_open == "1") and true or false,
fast_open_qlen = 20
}
}
if node.type == "Trojan-Go" then
config.ssl.cipher = nil
config.ssl.cipher_tls13 = nil
config.udp_timeout = 60
config.disable_http_check = true
config.transport_plugin = ((node.tls == nil or node.tls ~= "1") and node.trojan_transport == "original") and {
enabled = node.plugin_type ~= nil,
type = node.plugin_type or "plaintext",
command = node.plugin_type ~= "plaintext" and node.plugin_cmd or nil,
option = node.plugin_type ~= "plaintext" and node.plugin_option or nil,
arg = node.plugin_type ~= "plaintext" and { node.plugin_arg } or nil,
env = {}
} or nil
config.websocket = (node.trojan_transport == 'ws') and {
enabled = true,
path = node.ws_path or "/",
host = node.ws_host or ""
} or nil
config.shadowsocks = (node.ss_aead == "1") and {
enabled = true,
method = node.ss_aead_method or "aes_128_gcm",
password = node.ss_aead_pwd or ""
} or nil
end
return config
end
function gen_config(var)
local node_id = var["-node"]
if not node_id then
print("-node 不能为空")
return
end
local node = uci:get_all("passwall", node_id)
local run_type = var["-run_type"]
local local_addr = var["-local_addr"]
local local_port = var["-local_port"]
local server_host = var["-server_host"] or node.address
local server_port = var["-server_port"] or node.port
local loglevel = var["-loglevel"] or 2
local cipher = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
local cipher13 = "TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384"
if api.is_ipv6(server_host) then
server_host = api.get_ipv6_only(server_host)
end
local server = server_host
local trojan = {
run_type = run_type,
local_addr = local_addr,
local_port = tonumber(local_port),
remote_addr = server,
remote_port = tonumber(server_port),
password = {node.password},
log_level = tonumber(loglevel),
ssl = {
verify = (node.tls_allowInsecure ~= "1") and true or false,
verify_hostname = true,
cert = nil,
cipher = cipher,
cipher_tls13 = cipher13,
sni = node.tls_serverName or server,
alpn = {"h2", "http/1.1"},
reuse_session = true,
session_ticket = (node.tls_sessionTicket and node.tls_sessionTicket == "1") and true or false,
curves = ""
},
udp_timeout = 60,
tcp = {
use_tproxy = (node.type == "Trojan-Plus" and var["-use_tproxy"]) and true or nil,
no_delay = true,
keep_alive = true,
reuse_port = true,
fast_open = (node.tcp_fast_open == "true") and true or false,
fast_open_qlen = 20
}
}
if node.type == "Trojan-Go" then
trojan.ssl.cipher = nil
trojan.ssl.cipher_tls13 = nil
trojan.ssl.fingerprint = (node.fingerprint ~= "disable") and node.fingerprint or ""
trojan.ssl.alpn = (node.trojan_transport == 'ws') and {} or {"h2", "http/1.1"}
if node.tls ~= "1" and node.trojan_transport == "original" then trojan.ssl = nil end
trojan.transport_plugin = ((not node.tls or node.tls ~= "1") and node.trojan_transport == "original") and {
enabled = node.plugin_type ~= nil,
type = node.plugin_type or "plaintext",
command = node.plugin_type ~= "plaintext" and node.plugin_cmd or nil,
option = node.plugin_type ~= "plaintext" and node.plugin_option or nil,
arg = node.plugin_type ~= "plaintext" and { node.plugin_arg } or nil,
env = {}
} or nil
trojan.websocket = (node.trojan_transport == 'ws') and {
enabled = true,
path = node.ws_path or "/",
host = node.ws_host or (node.tls_serverName or server)
} or nil
trojan.shadowsocks = (node.ss_aead == "1") and {
enabled = true,
method = node.ss_aead_method or "aes_128_gcm",
password = node.ss_aead_pwd or ""
} or nil
trojan.mux = (node.smux == "1") and {
enabled = true,
concurrency = tonumber(node.mux_concurrency),
idle_timeout = tonumber(node.smux_idle_timeout)
} or nil
end
return json.stringify(trojan, 1)
end
_G.gen_config = gen_config
if arg[1] then
local func =_G[arg[1]]
if func then
print(func(api.get_function_args(arg)))
end
end

1166
luci-app-passwall/luasrc/passwall/util_xray.lua Normal file
View File

File diff suppressed because it is too large Load Diff

4
luci-app-passwall/luasrc/model/cbi/passwall/api/v2ray.lua → luci-app-passwall/luasrc/passwall/v2ray.lua
View File

@ -1,5 +1,5 @@
module("luci.model.cbi.passwall.api.v2ray", package.seeall)
local api = require "luci.model.cbi.passwall.api.api"
module("luci.passwall.v2ray", package.seeall)
local api = require "luci.passwall.api"
local fs = api.fs
local sys = api.sys
local util = api.util

4
luci-app-passwall/luasrc/model/cbi/passwall/api/xray.lua → luci-app-passwall/luasrc/passwall/xray.lua
View File

@ -1,5 +1,5 @@
module("luci.model.cbi.passwall.api.xray", package.seeall)
local api = require "luci.model.cbi.passwall.api.api"
module("luci.passwall.xray", package.seeall)
local api = require "luci.passwall.api"
local fs = api.fs
local sys = api.sys
local util = api.util

2
luci-app-passwall/luasrc/view/passwall/app_update/brook_version.htm
View File

@ -1,5 +1,5 @@
<%
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local brook_version = api.get_brook_version()
-%>

2
luci-app-passwall/luasrc/view/passwall/app_update/hysteria_version.htm
View File

@ -1,5 +1,5 @@
<%
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local hysteria_version = api.get_hysteria_version()
-%>

2
luci-app-passwall/luasrc/view/passwall/app_update/trojan_go_version.htm
View File

@ -1,5 +1,5 @@
<%
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local trojan_go_version = api.get_trojan_go_version()
-%>

2
luci-app-passwall/luasrc/view/passwall/app_update/v2ray_version.htm
View File

@ -1,5 +1,5 @@
<%
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local v2ray_version = api.get_v2ray_version()
-%>

2
luci-app-passwall/luasrc/view/passwall/app_update/xray_version.htm
View File

@ -1,5 +1,5 @@
<%
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local xray_version = api.get_xray_version()
-%>

2
luci-app-passwall/luasrc/view/passwall/auto_switch/footer.htm
View File

@ -1,5 +1,5 @@
<%
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
-%>
<script type="text/javascript">

2
luci-app-passwall/luasrc/view/passwall/global/faq.htm
View File

@ -1,5 +1,5 @@
<%
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
-%>
<div class="cbi-section cbi-tblsection">
<div id="dns_div">

2
luci-app-passwall/luasrc/view/passwall/global/footer.htm
View File

@ -1,5 +1,5 @@
<%
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local auto_switch = api.uci_get_type("auto_switch", "enable", 0)
-%>
<script type="text/javascript">

2
luci-app-passwall/luasrc/view/passwall/global/status.htm
View File

@ -1,5 +1,5 @@
<%
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
-%>
<style>

2
luci-app-passwall/luasrc/view/passwall/haproxy/status.htm
View File

@ -1,5 +1,5 @@
<%
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local console_port = api.uci_get_type("global_haproxy", "console_port", "")
-%>
<p id="_status"></p>

2
luci-app-passwall/luasrc/view/passwall/log/log.htm
View File

@ -1,5 +1,5 @@
<%
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
-%>
<script type="text/javascript">
//<![CDATA[

2
luci-app-passwall/luasrc/view/passwall/node_list/link_add_node.htm
View File

@ -1,5 +1,5 @@
<%
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
-%>
<style>

2
luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm
View File

@ -1,6 +1,6 @@
<%+cbi/valueheader%>
<%
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local has_v2ray = api.is_finded("v2ray")
local has_xray = api.is_finded("xray")
-%>

2
luci-app-passwall/luasrc/view/passwall/node_list/node_list.htm
View File

@ -1,5 +1,5 @@
<%
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
-%>
<style>

2
luci-app-passwall/luasrc/view/passwall/rule/rule_version.htm
View File

@ -1,5 +1,5 @@
<%
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local gfwlist_update = api.uci_get_type("global_rules", "gfwlist_update", "1") == "1" and "checked='checked'" or ""
local chnroute_update = api.uci_get_type("global_rules", "chnroute_update", "1") == "1" and "checked='checked'" or ""

2
luci-app-passwall/luasrc/view/passwall/server/log.htm
View File

@ -1,5 +1,5 @@
<%
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
-%>
<script type="text/javascript">
//<![CDATA[

2
luci-app-passwall/luasrc/view/passwall/server/users_list_status.htm
View File

@ -1,5 +1,5 @@
<%
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
-%>
<script type="text/javascript">
//<![CDATA[

4
luci-app-passwall/root/etc/init.d/passwall_server
View File

@ -3,11 +3,11 @@
START=99
start() {
lua /usr/lib/lua/luci/model/cbi/passwall/server/api/app.lua start
lua /usr/lib/lua/luci/passwall/server_app.lua start
}
stop() {
lua /usr/lib/lua/luci/model/cbi/passwall/server/api/app.lua stop
lua /usr/lib/lua/luci/passwall/server_app.lua stop
}
restart() {

80
luci-app-passwall/root/usr/share/passwall/app.sh
View File

@ -1,6 +1,6 @@
#!/bin/sh
# Copyright (C) 2018-2020 L-WRT Team
# Copyright (C) 2021-2022 xiaorouji
# Copyright (C) 2021-2023 xiaorouji
. $IPKG_INSTROOT/lib/functions.sh
. $IPKG_INSTROOT/lib/functions/service.sh
@ -31,13 +31,12 @@ PROXY_IPV6_UDP=0
resolve_dns=0
use_tcp_node_resolve_dns=0
use_udp_node_resolve_dns=0
LUA_API_PATH=/usr/lib/lua/luci/model/cbi/$CONFIG/api
API_GEN_SS=$LUA_API_PATH/gen_shadowsocks.lua
API_GEN_V2RAY=$LUA_API_PATH/gen_v2ray.lua
API_GEN_V2RAY_PROTO=$LUA_API_PATH/gen_v2ray_proto.lua
API_GEN_TROJAN=$LUA_API_PATH/gen_trojan.lua
API_GEN_NAIVE=$LUA_API_PATH/gen_naiveproxy.lua
API_GEN_HYSTERIA=$LUA_API_PATH/gen_hysteria.lua
LUA_UTIL_PATH=/usr/lib/lua/luci/passwall
UTIL_SS=$LUA_UTIL_PATH/util_shadowsocks.lua
UTIL_XRAY=$LUA_UTIL_PATH/util_xray.lua
UTIL_TROJAN=$LUA_UTIL_PATH/util_trojan.lua
UTIL_NAIVE=$LUA_UTIL_PATH/util_naiveproxy.lua
UTIL_HYSTERIA=$LUA_UTIL_PATH/util_hysteria.lua
echolog() {
local d="$(date "+%Y-%m-%d %H:%M:%S")"
@ -264,7 +263,7 @@ lua_api() {
echo "nil"
return
}
echo $(lua -e "local api = require 'luci.model.cbi.passwall.api.api' print(api.${func})")
echo $(lua -e "local api = require 'luci.passwall.api' print(api.${func})")
}
run_ipt2socks() {
@ -359,7 +358,7 @@ run_v2ray() {
esac
_extra_param="${_extra_param} -tcp_proxy_way $tcp_proxy_way"
_extra_param="${_extra_param} -loglevel $loglevel"
lua $API_GEN_V2RAY ${_extra_param} > $config_file
lua $UTIL_XRAY gen_config ${_extra_param} > $config_file
ln_run "$(first_type $(config_t_get global_app ${type}_file) ${type})" ${type} $log_file run -c "$config_file"
local protocol=$(config_n_get $node protocol)
[ "$protocol" == "_iface" ] && {
@ -449,7 +448,7 @@ run_socks() {
config_file=$(echo $config_file | sed "s/SOCKS/HTTP_SOCKS/g")
local _extra_param="-local_http_port $http_port"
}
lua $API_GEN_V2RAY_PROTO -local_socks_port $socks_port ${_extra_param} -server_proto socks -server_address ${_socks_address} -server_port ${_socks_port} -server_username ${_socks_username} -server_password ${_socks_password} > $config_file
lua $UTIL_XRAY gen_proto_config -local_socks_port $socks_port ${_extra_param} -server_proto socks -server_address ${_socks_address} -server_port ${_socks_port} -server_username ${_socks_username} -server_password ${_socks_password} > $config_file
ln_run "$bin" $type $log_file run -c "$config_file"
;;
v2ray|\
@ -462,15 +461,15 @@ run_socks() {
run_v2ray flag=$flag node=$node socks_port=$socks_port config_file=$config_file log_file=$log_file ${_v2ray_args}
;;
trojan-go)
lua $API_GEN_TROJAN -node $node -run_type client -local_addr $bind -local_port $socks_port -server_host $server_host -server_port $port > $config_file
lua $UTIL_TROJAN gen_config -node $node -run_type client -local_addr $bind -local_port $socks_port -server_host $server_host -server_port $port > $config_file
ln_run "$(first_type $(config_t_get global_app trojan_go_file) trojan-go)" trojan-go $log_file -config "$config_file"
;;
trojan*)
lua $API_GEN_TROJAN -node $node -run_type client -local_addr $bind -local_port $socks_port -server_host $server_host -server_port $port > $config_file
lua $UTIL_TROJAN gen_config -node $node -run_type client -local_addr $bind -local_port $socks_port -server_host $server_host -server_port $port > $config_file
ln_run "$(first_type ${type})" "${type}" $log_file -c "$config_file"
;;
naiveproxy)
lua $API_GEN_NAIVE -node $node -run_type socks -local_addr $bind -local_port $socks_port -server_host $server_host -server_port $port > $config_file
lua $UTIL_NAIVE gen_config -node $node -run_type socks -local_addr $bind -local_port $socks_port -server_host $server_host -server_port $port > $config_file
ln_run "$(first_type naive)" naive $log_file "$config_file"
;;
brook)
@ -489,11 +488,11 @@ run_socks() {
ln_run "$(first_type $(config_t_get global_app brook_file) brook)" "brook_SOCKS_${flag}" $log_file "$protocol" --socks5 "$bind:$socks_port" -s "${server_host}:${port}${ws_path}" -p "$(config_n_get $node password)"
;;
ssr)
lua $API_GEN_SS -node $node -local_addr "0.0.0.0" -local_port $socks_port -server_host $server_host -server_port $port > $config_file
lua $UTIL_SS gen_config -node $node -local_addr "0.0.0.0" -local_port $socks_port -server_host $server_host -server_port $port > $config_file
ln_run "$(first_type ssr-local)" "ssr-local" $log_file -c "$config_file" -v -u
;;
ss)
lua $API_GEN_SS -node $node -local_addr "0.0.0.0" -local_port $socks_port -server_host $server_host -server_port $port -mode tcp_and_udp > $config_file
lua $UTIL_SS gen_config -node $node -local_addr "0.0.0.0" -local_port $socks_port -server_host $server_host -server_port $port -mode tcp_and_udp > $config_file
ln_run "$(first_type ss-local)" "ss-local" $log_file -c "$config_file" -v
;;
ss-rust)
@ -502,7 +501,7 @@ run_socks() {
config_file=$(echo $config_file | sed "s/SOCKS/HTTP_SOCKS/g")
local _extra_param="-local_http_port $http_port"
}
lua $API_GEN_SS -node $node -local_socks_port $socks_port -server_host $server_host -server_port $port ${_extra_param} > $config_file
lua $UTIL_SS gen_config -node $node -local_socks_port $socks_port -server_host $server_host -server_port $port ${_extra_param} > $config_file
ln_run "$(first_type sslocal)" "sslocal" $log_file -c "$config_file" -v
;;
hysteria)
@ -511,7 +510,7 @@ run_socks() {
config_file=$(echo $config_file | sed "s/SOCKS/HTTP_SOCKS/g")
local _extra_param="-local_http_port $http_port"
}
lua $API_GEN_HYSTERIA -node $node -local_socks_port $socks_port -server_host $server_host -server_port $port ${_extra_param} > $config_file
lua $UTIL_HYSTERIA gen_config -node $node -local_socks_port $socks_port -server_host $server_host -server_port $port ${_extra_param} > $config_file
ln_run "$(first_type $(config_t_get global_app hysteria_file))" "hysteria" $log_file -c "$config_file" client
;;
esac
@ -526,7 +525,7 @@ run_socks() {
[ -n "$bin" ] && type="xray"
fi
[ -z "$type" ] && return 1
lua $API_GEN_V2RAY_PROTO -local_http_port $http_port -server_proto socks -server_address "127.0.0.1" -server_port $socks_port -server_username $_username -server_password $_password > $http_config_file
lua $UTIL_XRAY gen_proto_config -local_http_port $http_port -server_proto socks -server_address "127.0.0.1" -server_port $socks_port -server_username $_username -server_password $_password > $http_config_file
ln_run "$bin" ${type} /dev/null run -c "$http_config_file"
}
unset http_flag
@ -578,12 +577,12 @@ run_redir() {
;;
trojan-go)
local loglevel=$(config_t_get global trojan_loglevel "2")
lua $API_GEN_TROJAN -node $node -run_type nat -local_addr "0.0.0.0" -local_port $local_port -loglevel $loglevel > $config_file
lua $UTIL_TROJAN gen_config -node $node -run_type nat -local_addr "0.0.0.0" -local_port $local_port -loglevel $loglevel > $config_file
ln_run "$(first_type $(config_t_get global_app trojan_go_file) trojan-go)" trojan-go $log_file -config "$config_file"
;;
trojan*)
local loglevel=$(config_t_get global trojan_loglevel "2")
lua $API_GEN_TROJAN -node $node -run_type nat -local_addr "0.0.0.0" -local_port $local_port -loglevel $loglevel > $config_file
lua $UTIL_TROJAN gen_config -node $node -run_type nat -local_addr "0.0.0.0" -local_port $local_port -loglevel $loglevel > $config_file
ln_run "$(first_type ${type})" "${type}" $log_file -c "$config_file"
;;
naiveproxy)
@ -598,19 +597,19 @@ run_redir() {
fi
;;
ssr)
lua $API_GEN_SS -node $node -local_addr "0.0.0.0" -local_port $local_port > $config_file
lua $UTIL_SS gen_config -node $node -local_addr "0.0.0.0" -local_port $local_port > $config_file
ln_run "$(first_type ssr-redir)" "ssr-redir" $log_file -c "$config_file" -v -U
;;
ss)
lua $API_GEN_SS -node $node -local_addr "0.0.0.0" -local_port $local_port -mode udp_only > $config_file
lua $UTIL_SS gen_config -node $node -local_addr "0.0.0.0" -local_port $local_port -mode udp_only > $config_file
ln_run "$(first_type ss-redir)" "ss-redir" $log_file -c "$config_file" -v
;;
ss-rust)
lua $API_GEN_SS -node $node -local_udp_redir_port $local_port > $config_file
lua $UTIL_SS gen_config -node $node -local_udp_redir_port $local_port > $config_file
ln_run "$(first_type sslocal)" "sslocal" $log_file -c "$config_file" -v
;;
hysteria)
lua $API_GEN_HYSTERIA -node $node -local_udp_redir_port $local_port > $config_file
lua $UTIL_HYSTERIA gen_config -node $node -local_udp_redir_port $local_port > $config_file
ln_run "$(first_type $(config_t_get global_app hysteria_file))" "hysteria" $log_file -c "$config_file" client
;;
esac
@ -708,7 +707,7 @@ run_redir() {
UDP_NODE="nil"
}
local loglevel=$(config_t_get global trojan_loglevel "2")
lua $API_GEN_TROJAN -node $node -run_type nat -local_addr "0.0.0.0" -local_port $local_port -loglevel $loglevel > $config_file
lua $UTIL_TROJAN gen_config -node $node -run_type nat -local_addr "0.0.0.0" -local_port $local_port -loglevel $loglevel > $config_file
ln_run "$(first_type $(config_t_get global_app trojan_go_file) trojan-go)" trojan-go $log_file -config "$config_file"
;;
trojan*)
@ -719,11 +718,11 @@ run_redir() {
UDP_NODE="nil"
}
local loglevel=$(config_t_get global trojan_loglevel "2")
lua $API_GEN_TROJAN -node $node -run_type nat -local_addr "0.0.0.0" -local_port $local_port -loglevel $loglevel $lua_tproxy_arg > $config_file
lua $UTIL_TROJAN gen_config -node $node -run_type nat -local_addr "0.0.0.0" -local_port $local_port -loglevel $loglevel $lua_tproxy_arg > $config_file
ln_run "$(first_type ${type})" "${type}" $log_file -c "$config_file"
;;
naiveproxy)
lua $API_GEN_NAIVE -node $node -run_type redir -local_addr "0.0.0.0" -local_port $local_port > $config_file
lua $UTIL_NAIVE gen_config -node $node -run_type redir -local_addr "0.0.0.0" -local_port $local_port > $config_file
ln_run "$(first_type naive)" naive $log_file "$config_file"
;;
brook)
@ -747,7 +746,7 @@ run_redir() {
UDP_NODE="nil"
_extra_param="-u"
}
lua $API_GEN_SS -node $node -local_addr "0.0.0.0" -local_port $local_port $lua_tproxy_arg > $config_file
lua $UTIL_SS gen_config -node $node -local_addr "0.0.0.0" -local_port $local_port $lua_tproxy_arg > $config_file
ln_run "$(first_type ssr-redir)" "ssr-redir" $log_file -c "$config_file" -v ${_extra_param}
;;
ss)
@ -759,7 +758,7 @@ run_redir() {
UDP_NODE="nil"
lua_mode_arg="-mode tcp_and_udp"
}
lua $API_GEN_SS -node $node -local_addr "0.0.0.0" -local_port $local_port $lua_mode_arg $lua_tproxy_arg > $config_file
lua $UTIL_SS gen_config -node $node -local_addr "0.0.0.0" -local_port $local_port $lua_mode_arg $lua_tproxy_arg > $config_file
ln_run "$(first_type ss-redir)" "ss-redir" $log_file -c "$config_file" -v
;;
ss-rust)
@ -781,7 +780,7 @@ run_redir() {
UDP_NODE="nil"
_extra_param="${_extra_param} -local_udp_redir_port $local_port"
}
lua $API_GEN_SS -node $node ${_extra_param} > $config_file
lua $UTIL_SS gen_config -node $node ${_extra_param} > $config_file
ln_run "$(first_type sslocal)" "sslocal" $log_file -c "$config_file" -v
;;
hysteria)
@ -803,7 +802,7 @@ run_redir() {
_extra_param="${_extra_param} -local_udp_redir_port $local_port"
}
_extra_param="${_extra_param} -tcp_proxy_way $tcp_proxy_way"
lua $API_GEN_HYSTERIA -node $node ${_extra_param} > $config_file
lua $UTIL_HYSTERIA gen_config -node $node ${_extra_param} > $config_file
ln_run "$(first_type $(config_t_get global_app hysteria_file))" "hysteria" $log_file -c "$config_file" client
;;
esac
@ -1305,16 +1304,13 @@ kill_all() {
}
boot() {
[ "$ENABLED" == 1 ] && {
local delay=$(config_t_get global_delay start_delay 1)
if [ "$delay" -gt 0 ]; then
echolog "执行启动延时 $delay 秒后再启动!"
sleep $delay && start >/dev/null 2>&1 &
else
start
fi
}
return 0
local delay=$(config_t_get global_delay start_delay 1)
if [ "$delay" -gt 0 ]; then
echolog "执行启动延时 $delay 秒后再启动!"
sleep $delay && start >/dev/null 2>&1 &
else
start
fi
}
start() {

2
luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua
View File

@ -1,5 +1,5 @@
require "luci.sys"
local api = require "luci.model.cbi.passwall.api.api"
local api = require "luci.passwall.api"
local var = api.get_args(arg)
local FLAG = var["-FLAG"]

2
luci-app-passwall/root/usr/share/passwall/rule_update.lua
View File

@ -6,7 +6,7 @@ local luci = luci
local ucic = luci.model.uci.cursor()
local jsonc = require "luci.jsonc"
local name = 'passwall'
local api = require ("luci.model.cbi." .. name .. ".api.api")
local api = require ("luci.passwall.api")
local arg1 = arg[1]
local rule_path = "/usr/share/" .. name .. "/rules"

223
luci-app-passwall/root/usr/share/passwall/rules/chnlist
View File

File diff suppressed because it is too large Load Diff

2
luci-app-passwall/root/usr/share/passwall/rules/chnroute
View File

@ -3116,7 +3116,9 @@
103.84.12.0/22
103.84.136.0/22
103.84.16.0/22
103.84.170.0/23
103.84.20.0/22
103.84.204.0/23
103.84.24.0/22
103.84.28.0/22
103.84.48.0/22

2
luci-app-passwall/root/usr/share/passwall/rules/chnroute6
View File

@ -376,7 +376,9 @@
2400:da60::/32
2400:dd00::/28
2400:dd40::/32
2400:dda0::/32
2400:de00::/32
2400:de20::/32
2400:de80::/32
2400:e0c0::/32
2400:e5c0::/32

2
luci-app-passwall/root/usr/share/passwall/subscribe.lua
View File

@ -9,7 +9,7 @@ require 'luci.util'
require 'luci.jsonc'
require 'luci.sys'
local appname = 'passwall'
local api = require ("luci.model.cbi." .. appname .. ".api.api")
local api = require ("luci.passwall.api")
local datatypes = require "luci.cbi.datatypes"
-- these global functions are accessed all the time by the event handler

4
luci-app-passwall2/Makefile
View File

@ -5,8 +5,8 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-passwall2
PKG_VERSION:=1.8
PKG_RELEASE:=5
PKG_VERSION:=1.9
PKG_RELEASE:=2
PKG_CONFIG_DEPENDS:= \
CONFIG_PACKAGE_$(PKG_NAME)_Transparent_Proxy \

12
luci-app-passwall2/luasrc/controller/passwall2.lua
View File

@ -1,19 +1,19 @@
-- Copyright (C) 2022-2023 xiaorouji
module("luci.controller.passwall2", package.seeall)
local api = require "luci.model.cbi.passwall2.api.api"
local api = require "luci.passwall2.api"
local appname = api.appname
local ucic = luci.model.uci.cursor()
local http = require "luci.http"
local util = require "luci.util"
local i18n = require "luci.i18n"
local brook = require("luci.model.cbi." .. appname ..".api.brook")
local v2ray = require("luci.model.cbi." .. appname ..".api.v2ray")
local xray = require("luci.model.cbi." .. appname ..".api.xray")
local hysteria = require("luci.model.cbi." .. appname ..".api.hysteria")
local brook = require("luci.passwall2.brook")
local v2ray = require("luci.passwall2.v2ray")
local xray = require("luci.passwall2.xray")
local hysteria = require("luci.passwall2.hysteria")
function index()
appname = require "luci.model.cbi.passwall2.api.api".appname
appname = require "luci.passwall2.api".appname
entry({"admin", "services", appname}).dependent = true
entry({"admin", "services", appname, "reset_config"}, call("reset_config")).leaf = true
entry({"admin", "services", appname, "show"}, call("show_menu")).leaf = true

68
luci-app-passwall2/luasrc/model/cbi/passwall2/api/gen_hysteria.lua
View File

@ -1,68 +0,0 @@
local api = require "luci.model.cbi.passwall2.api.api"
local uci = api.uci
local jsonc = api.jsonc
local var = api.get_args(arg)
local node_id = var["-node"]
if not node_id then
print("-node 不能为空")
return
end
local node = uci:get_all("passwall2", node_id)
local local_socks_address = var["-local_socks_address"] or "0.0.0.0"
local local_socks_port = var["-local_socks_port"]
local local_socks_username = var["-local_socks_username"]
local local_socks_password = var["-local_socks_password"]
local local_http_address = var["-local_http_address"] or "0.0.0.0"
local local_http_port = var["-local_http_port"]
local local_http_username = var["-local_http_username"]
local local_http_password = var["-local_http_password"]
local server_host = var["-server_host"] or node.address
local server_port = var["-server_port"] or node.port
if api.is_ipv6(server_host) then
server_host = api.get_ipv6_full(server_host)
end
local server = server_host .. ":" .. server_port
if (node.hysteria_hop) then
server = server .. "," .. node.hysteria_hop
end
local config = {
server = server,
protocol = node.protocol or "udp",
obfs = node.hysteria_obfs,
auth = (node.hysteria_auth_type == "base64") and node.hysteria_auth_password or nil,
auth_str = (node.hysteria_auth_type == "string") and node.hysteria_auth_password or nil,
alpn = node.hysteria_alpn or nil,
server_name = node.tls_serverName,
insecure = (node.tls_allowInsecure == "1") and true or false,
up_mbps = tonumber(node.hysteria_up_mbps) or 10,
down_mbps = tonumber(node.hysteria_down_mbps) or 50,
retry = -1,
retry_interval = 5,
recv_window_conn = (node.hysteria_recv_window_conn) and tonumber(node.hysteria_recv_window_conn) or nil,
recv_window = (node.hysteria_recv_window) and tonumber(node.hysteria_recv_window) or nil,
handshake_timeout = (node.hysteria_handshake_timeout) and tonumber(node.hysteria_handshake_timeout) or nil,
idle_timeout = (node.hysteria_idle_timeout) and tonumber(node.hysteria_idle_timeout) or nil,
hop_interval = (node.hysteria_hop_interval) and tonumber(node.hysteria_hop_interval) or nil,
disable_mtu_discovery = (node.hysteria_disable_mtu_discovery) and true or false,
fast_open = (node.fast_open == "1") and true or false,
socks5 = (local_socks_address and local_socks_port) and {
listen = local_socks_address .. ":" .. local_socks_port,
timeout = 300,
disable_udp = false,
user = (local_socks_username and local_socks_password) and local_socks_username,
password = (local_socks_username and local_socks_password) and local_socks_password,
} or nil,
http = (local_http_address and local_http_port) and {
listen = local_http_address .. ":" .. local_http_port,
timeout = 300,
disable_udp = false,
user = (local_http_username and local_http_password) and local_http_username,
password = (local_http_username and local_http_password) and local_http_password,
} or nil
}
print(jsonc.stringify(config, 1))

28
luci-app-passwall2/luasrc/model/cbi/passwall2/api/gen_naiveproxy.lua
View File

@ -1,28 +0,0 @@
local api = require "luci.model.cbi.passwall2.api.api"
local uci = api.uci
local jsonc = api.jsonc
local var = api.get_args(arg)
local node_id = var["-node"]
if not node_id then
print("-node 不能为空")
return
end
local node = uci:get_all("passwall2", node_id)
local run_type = var["-run_type"]
local local_addr = var["-local_addr"]
local local_port = var["-local_port"]
local server_host = var["-server_host"] or node.address
local server_port = var["-server_port"] or node.port
if api.is_ipv6(server_host) then
server_host = api.get_ipv6_full(server_host)
end
local server = server_host .. ":" .. server_port
local config = {
listen = run_type .. "://" .. local_addr .. ":" .. local_port,
proxy = node.protocol .. "://" .. node.username .. ":" .. node.password .. "@" .. server
}
print(jsonc.stringify(config, 1))

86
luci-app-passwall2/luasrc/model/cbi/passwall2/api/gen_shadowsocks.lua
View File

@ -1,86 +0,0 @@
local api = require "luci.model.cbi.passwall2.api.api"
local uci = api.uci
local jsonc = api.jsonc
local var = api.get_args(arg)
local node_id = var["-node"]
if not node_id then
print("-node 不能为空")
return
end
local node = uci:get_all("passwall2", node_id)
local server_host = var["-server_host"] or node.address
local server_port = var["-server_port"] or node.port
local local_addr = var["-local_addr"]
local local_port = var["-local_port"]
local mode = var["-mode"]
local local_socks_address = var["-local_socks_address"] or "0.0.0.0"
local local_socks_port = var["-local_socks_port"]
local local_socks_username = var["-local_socks_username"]
local local_socks_password = var["-local_socks_password"]
local local_http_address = var["-local_http_address"] or "0.0.0.0"
local local_http_port = var["-local_http_port"]
local local_http_username = var["-local_http_username"]
local local_http_password = var["-local_http_password"]
if api.is_ipv6(server_host) then
server_host = api.get_ipv6_only(server_host)
end
local server = server_host
local config = {
server = server,
server_port = tonumber(server_port),
local_address = local_addr,
local_port = tonumber(local_port),
password = node.password,
method = node.method,
timeout = tonumber(node.timeout),
fast_open = (node.tcp_fast_open and node.tcp_fast_open == "true") and true or false,
reuse_port = true
}
if node.type == "SS" then
if node.plugin and node.plugin ~= "none" then
config.plugin = node.plugin
config.plugin_opts = node.plugin_opts or nil
end
config.mode = mode
elseif node.type == "SSR" then
config.protocol = node.protocol
config.protocol_param = node.protocol_param
config.obfs = node.obfs
config.obfs_param = node.obfs_param
elseif node.type == "SS-Rust" then
config = {
servers = {
{
address = server,
port = tonumber(server_port),
method = node.method,
password = node.password,
timeout = tonumber(node.timeout),
plugin = (node.plugin and node.plugin ~= "none") and node.plugin or nil,
plugin_opts = (node.plugin and node.plugin ~= "none") and node.plugin_opts or nil
}
},
locals = {},
fast_open = (node.tcp_fast_open and node.tcp_fast_open == "true") and true or false
}
if local_socks_address and local_socks_port then
table.insert(config.locals, {
local_address = local_socks_address,
local_port = tonumber(local_socks_port),
mode = "tcp_and_udp"
})
end
if local_http_address and local_http_port then
table.insert(config.locals, {
protocol = "http",
local_address = local_http_address,
local_port = tonumber(local_http_port)
})
end
end
print(jsonc.stringify(config, 1))

838
luci-app-passwall2/luasrc/model/cbi/passwall2/api/gen_v2ray.lua
View File

@ -1,838 +0,0 @@
module("luci.model.cbi.passwall2.api.gen_v2ray", package.seeall)
local api = require "luci.model.cbi.passwall2.api.api"
local var = api.get_args(arg)
local flag = var["-flag"]
local node_id = var["-node"]
local tcp_proxy_way = var["-tcp_proxy_way"]
local redir_port = var["-redir_port"]
local sniffing = var["-sniffing"]
local route_only = var["-route_only"]
local buffer_size = var["-buffer_size"]
local local_socks_address = var["-local_socks_address"] or "0.0.0.0"
local local_socks_port = var["-local_socks_port"]
local local_socks_username = var["-local_socks_username"]
local local_socks_password = var["-local_socks_password"]
local local_http_address = var["-local_http_address"] or "0.0.0.0"
local local_http_port = var["-local_http_port"]
local local_http_username = var["-local_http_username"]
local local_http_password = var["-local_http_password"]
local dns_listen_port = var["-dns_listen_port"]
local dns_query_strategy = var["-dns_query_strategy"]
local direct_dns_port = var["-direct_dns_port"]
local direct_dns_udp_server = var["-direct_dns_udp_server"]
local remote_dns_port = var["-remote_dns_port"]
local remote_dns_udp_server = var["-remote_dns_udp_server"]
local remote_dns_fake = var["-remote_dns_fake"]
local dns_cache = var["-dns_cache"]
local dns_direct_domains = {}
local dns_direct_expectIPs = {}
local dns_remote_domains = {}
local dns_remote_expectIPs = {}
local loglevel = var["-loglevel"] or "warning"
local new_port
local uci = api.uci
local sys = api.sys
local jsonc = api.jsonc
local appname = api.appname
local fs = api.fs
local dns = nil
local fakedns = nil
local inbounds = {}
local outbounds = {}
local routing = nil
local function get_new_port()
if new_port then
new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port %s tcp)", appname, new_port + 1)))
else
new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port auto tcp)", appname)))
end
return new_port
end
local function get_domain_excluded()
local path = string.format("/usr/share/%s/domains_excluded", appname)
local content = fs.readfile(path)
if not content then return nil end
local hosts = {}
string.gsub(content, '[^' .. "\n" .. ']+', function(w)
local s = w:gsub("^%s*(.-)%s*$", "%1") -- Trim
if s == "" then return end
if s:find("#") and s:find("#") == 1 then return end
if not s:find("#") or s:find("#") ~= 1 then table.insert(hosts, s) end
end)
if #hosts == 0 then hosts = nil end
return hosts
end
function gen_outbound(node, tag, proxy_table)
local proxy = 0
local proxy_tag = "nil"
local dialerProxy = nil
if proxy_table ~= nil and type(proxy_table) == "table" then
proxy = proxy_table.proxy or 0
proxy_tag = proxy_table.tag or "nil"
dialerProxy = proxy_table.dialerProxy
end
local result = nil
if node and node ~= "nil" then
local node_id = node[".name"]
if tag == nil then
tag = node_id
end
if node.type == "V2ray" or node.type == "Xray" then
proxy = 0
if proxy_tag ~= "nil" then
if dialerProxy and dialerProxy == "1" then
node.streamSettings = {
sockopt = {
dialerProxy = proxy_tag
}
}
else
node.proxySettings = {
tag = proxy_tag,
transportLayer = true
}
end
end
end
if node.type ~= "V2ray" and node.type ~= "Xray" then
local relay_port = node.port
new_port = get_new_port()
sys.call(string.format('/usr/share/%s/app.sh run_socks "%s"> /dev/null',
appname,
string.format("flag=%s node=%s bind=%s socks_port=%s config_file=%s relay_port=%s",
new_port, --flag
node_id, --node
"127.0.0.1", --bind
new_port, --socks port
string.format("%s_%s_%s_%s.json", flag, tag, node_id, new_port), --config file
(proxy == 1 and relay_port) and tostring(relay_port) or "" --relay port
)
)
)
node = {}
node.protocol = "socks"
node.transport = "tcp"
node.address = "127.0.0.1"
node.port = new_port
node.stream_security = "none"
else
if node.tls and node.tls == "1" then
node.stream_security = "tls"
end
end
result = {
_flag_tag = node_id,
_flag_proxy = proxy,
_flag_proxy_tag = proxy_tag,
tag = tag,
proxySettings = node.proxySettings or nil,
protocol = node.protocol,
mux = {
enabled = (node.mux == "1") and true or false,
concurrency = (node.mux_concurrency) and tonumber(node.mux_concurrency) or 8
} or nil,
-- 底层传输配置
streamSettings = (node.streamSettings or node.protocol == "vmess" or node.protocol == "vless" or node.protocol == "socks" or node.protocol == "shadowsocks" or node.protocol == "trojan") and {
sockopt = {
mark = 255,
dialerProxy = (node.streamSettings and dialerProxy and dialerProxy == "1") and node.streamSettings.sockopt.dialerProxy or nil
},
network = node.transport,
security = node.stream_security,
tlsSettings = (node.stream_security == "tls") and {
serverName = node.tls_serverName,
allowInsecure = (node.tls_allowInsecure == "1") and true or false,
fingerprint = (node.type == "Xray" and node.fingerprint and node.fingerprint ~= "") and node.fingerprint or nil
} or nil,
tcpSettings = (node.transport == "tcp" and node.protocol ~= "socks") and {
header = {
type = node.tcp_guise or "none",
request = (node.tcp_guise == "http") and {
path = node.tcp_guise_http_path or {"/"},
headers = {
Host = node.tcp_guise_http_host or {}
}
} or nil
}
} or nil,
kcpSettings = (node.transport == "mkcp") and {
mtu = tonumber(node.mkcp_mtu),
tti = tonumber(node.mkcp_tti),
uplinkCapacity = tonumber(node.mkcp_uplinkCapacity),
downlinkCapacity = tonumber(node.mkcp_downlinkCapacity),
congestion = (node.mkcp_congestion == "1") and true or false,
readBufferSize = tonumber(node.mkcp_readBufferSize),
writeBufferSize = tonumber(node.mkcp_writeBufferSize),
seed = (node.mkcp_seed and node.mkcp_seed ~= "") and node.mkcp_seed or nil,
header = {type = node.mkcp_guise}
} or nil,
wsSettings = (node.transport == "ws") and {
path = node.ws_path or "",
headers = (node.ws_host ~= nil) and
{Host = node.ws_host} or nil,
maxEarlyData = tonumber(node.ws_maxEarlyData) or nil,
earlyDataHeaderName = (node.ws_earlyDataHeaderName) and node.ws_earlyDataHeaderName or nil
} or nil,
httpSettings = (node.transport == "h2") and {
path = node.h2_path,
host = node.h2_host,
read_idle_timeout = tonumber(node.h2_read_idle_timeout) or nil,
health_check_timeout = tonumber(node.h2_health_check_timeout) or nil
} or nil,
dsSettings = (node.transport == "ds") and
{path = node.ds_path} or nil,
quicSettings = (node.transport == "quic") and {
security = node.quic_security,
key = node.quic_key,
header = {type = node.quic_guise}
} or nil,
grpcSettings = (node.transport == "grpc") and {
serviceName = node.grpc_serviceName,
multiMode = (node.grpc_mode == "multi") and true or nil,
idle_timeout = tonumber(node.grpc_idle_timeout) or nil,
health_check_timeout = tonumber(node.grpc_health_check_timeout) or nil,
permit_without_stream = (node.grpc_permit_without_stream == "1") and true or nil,
initial_windows_size = tonumber(node.grpc_initial_windows_size) or nil
} or nil
} or nil,
settings = {
vnext = (node.protocol == "vmess" or node.protocol == "vless") and {
{
address = node.address,
port = tonumber(node.port),
users = {
{
id = node.uuid,
level = 0,
security = (node.protocol == "vmess") and node.security or nil,
encryption = node.encryption or "none",
flow = (node.protocol == "vless" and node.tls == '1' and node.tlsflow) and node.tlsflow or nil
}
}
}
} or nil,
servers = (node.protocol == "socks" or node.protocol == "http" or node.protocol == "shadowsocks" or node.protocol == "trojan") and {
{
address = node.address,
port = tonumber(node.port),
method = node.method or nil,
ivCheck = (node.protocol == "shadowsocks") and node.iv_check == "1" or nil,
uot = (node.protocol == "shadowsocks") and node.uot == "1" or nil,
password = node.password or "",
users = (node.username and node.password) and {
{
user = node.username,
pass = node.password
}
} or nil
}
} or nil,
address = (node.protocol == "wireguard" and node.wireguard_local_address) and node.wireguard_local_address or nil,
secretKey = (node.protocol == "wireguard") and node.wireguard_secret_key or nil,
peers = (node.protocol == "wireguard") and {
{
publicKey = node.wireguard_public_key,
endpoint = node.address .. ":" .. node.port,
preSharedKey = node.wireguard_preSharedKey,
keepAlive = node.wireguard_keepAlive and tonumber(node.wireguard_keepAlive) or nil
}
} or nil,
mtu = (node.protocol == "wireguard" and node.wireguard_mtu) and tonumber(node.wireguard_mtu) or nil
}
}
local alpn = {}
if node.alpn and node.alpn ~= "default" then
string.gsub(node.alpn, '[^' .. "," .. ']+', function(w)
table.insert(alpn, w)
end)
end
if alpn and #alpn > 0 then
if result.streamSettings.tlsSettings then
result.streamSettings.tlsSettings.alpn = alpn
end
end
end
return result
end
if true then
if local_socks_port then
local inbound = {
listen = local_socks_address,
port = tonumber(local_socks_port),
protocol = "socks",
settings = {auth = "noauth", udp = true},
sniffing = {enabled = true, destOverride = {"http", "tls"}}
}
if local_socks_username and local_socks_password and local_socks_username ~= "" and local_socks_password ~= "" then
inbound.settings.auth = "password"
inbound.settings.accounts = {
{
user = local_socks_username,
pass = local_socks_password
}
}
end
table.insert(inbounds, inbound)
end
if local_http_port then
local inbound = {
listen = local_http_address,
port = tonumber(local_http_port),
protocol = "http",
settings = {allowTransparent = false}
}
if local_http_username and local_http_password and local_http_username ~= "" and local_http_password ~= "" then
inbound.settings.accounts = {
{
user = local_http_username,
pass = local_http_password
}
}
end
table.insert(inbounds, inbound)
end
if redir_port then
local inbound = {
port = tonumber(redir_port),
protocol = "dokodemo-door",
settings = {network = "tcp,udp", followRedirect = true},
streamSettings = {sockopt = {tproxy = "tproxy"}},
sniffing = {enabled = sniffing and true or false, destOverride = {"http", "tls", (remote_dns_fake) and "fakedns"}, metadataOnly = false, routeOnly = route_only and true or nil, domainsExcluded = (sniffing and not route_only) and get_domain_excluded() or nil}
}
local tcp_inbound = api.clone(inbound)
tcp_inbound.tag = "tcp_redir"
tcp_inbound.settings.network = "tcp"
tcp_inbound.streamSettings.sockopt.tproxy = tcp_proxy_way
table.insert(inbounds, tcp_inbound)
local udp_inbound = api.clone(inbound)
udp_inbound.tag = "udp_redir"
udp_inbound.settings.network = "udp"
table.insert(inbounds, udp_inbound)
end
local nodes = {}
if node_id then
local node = uci:get_all(appname, node_id)
if node then
nodes[node_id] = node
end
end
for k, v in pairs(nodes) do
local node = v
if node.protocol == "_shunt" then
local rules = {}
local default_node_id = node.default_node or "_direct"
local default_outboundTag
if default_node_id == "_direct" then
default_outboundTag = "direct"
elseif default_node_id == "_blackhole" then
default_outboundTag = "blackhole"
else
local default_node = uci:get_all(appname, default_node_id)
local main_node_id = node.main_node or "nil"
local proxy = 0
local proxy_tag
if main_node_id ~= "nil" then
local main_node = uci:get_all(appname, main_node_id)
if main_node and api.is_normal_node(main_node) and main_node_id ~= default_node_id then
local main_node_outbound = gen_outbound(main_node, "main")
if main_node_outbound then
table.insert(outbounds, main_node_outbound)
proxy = 1
proxy_tag = "main"
if default_node.type ~= "V2ray" and default_node.type ~= "Xray" then
proxy_tag = nil
new_port = get_new_port()
table.insert(inbounds, {
tag = "proxy_default",
listen = "127.0.0.1",
port = new_port,
protocol = "dokodemo-door",
settings = {network = "tcp,udp", address = default_node.address, port = tonumber(default_node.port)}
})
if default_node.tls_serverName == nil then
default_node.tls_serverName = default_node.address
end
default_node.address = "127.0.0.1"
default_node.port = new_port
table.insert(rules, 1, {
type = "field",
inboundTag = {"proxy_default"},
outboundTag = "main"
})
end
end
end
end
if default_node and api.is_normal_node(default_node) then
local default_outbound = gen_outbound(default_node, "default", { proxy = proxy, tag = proxy_tag, dialerProxy = node.dialerProxy })
if default_outbound then
table.insert(outbounds, default_outbound)
default_outboundTag = "default"
end
end
end
uci:foreach(appname, "shunt_rules", function(e)
local name = e[".name"]
if name and e.remarks then
local _node_id = node[name] or "nil"
local proxy_tag = node[name .. "_proxy_tag"] or "nil"
local outboundTag
if _node_id == "_direct" then
outboundTag = "direct"
elseif _node_id == "_blackhole" then
outboundTag = "blackhole"
elseif _node_id == "_default" then
outboundTag = "default"
else
if _node_id ~= "nil" then
local _node = uci:get_all(appname, _node_id)
if _node and api.is_normal_node(_node) then
local new_outbound
for index, value in ipairs(outbounds) do
if value["_flag_tag"] == _node_id and value["_flag_proxy_tag"] == proxy_tag then
new_outbound = api.clone(value)
break
end
end
if new_outbound then
new_outbound["tag"] = name
table.insert(outbounds, new_outbound)
outboundTag = name
else
if _node.type ~= "V2ray" and _node.type ~= "Xray" then
if proxy_tag ~= "nil" then
new_port = get_new_port()
table.insert(inbounds, {
tag = "proxy_" .. name,
listen = "127.0.0.1",
port = new_port,
protocol = "dokodemo-door",
settings = {network = "tcp,udp", address = _node.address, port = tonumber(_node.port)}
})
if _node.tls_serverName == nil then
_node.tls_serverName = _node.address
end
_node.address = "127.0.0.1"
_node.port = new_port
table.insert(rules, 1, {
type = "field",
inboundTag = {"proxy_" .. name},
outboundTag = proxy_tag
})
end
end
local _outbound = gen_outbound(_node, name, { proxy = (proxy_tag ~= "nil") and 1 or 0, tag = (proxy_tag ~= "nil") and proxy_tag or nil, dialerProxy = node.dialerProxy })
if _outbound then
table.insert(outbounds, _outbound)
outboundTag = name
end
end
end
end
end
if outboundTag then
if outboundTag == "default" then
outboundTag = default_outboundTag
end
local protocols = nil
if e["protocol"] and e["protocol"] ~= "" then
protocols = {}
string.gsub(e["protocol"], '[^' .. " " .. ']+', function(w)
table.insert(protocols, w)
end)
end
local domains = nil
if e.domain_list then
domains = {}
string.gsub(e.domain_list, '[^' .. "\r\n" .. ']+', function(w)
table.insert(domains, w)
if outboundTag == "direct" then
table.insert(dns_direct_domains, w)
else
if outboundTag ~= "nil" then
table.insert(dns_remote_domains, w)
end
end
end)
end
local ip = nil
if e.ip_list then
ip = {}
string.gsub(e.ip_list, '[^' .. "\r\n" .. ']+', function(w)
table.insert(ip, w)
if outboundTag == "direct" then
table.insert(dns_direct_expectIPs, w)
else
if outboundTag ~= "nil" then
table.insert(dns_remote_expectIPs, w)
end
end
end)
end
local source = nil
if e.source then
source = {}
string.gsub(e.source, '[^' .. " " .. ']+', function(w)
table.insert(source, w)
end)
end
local rule = {
_flag = e.remarks,
type = "field",
outboundTag = outboundTag,
network = e["network"] or "tcp,udp",
source = source,
sourcePort = e["sourcePort"] ~= "" and e["sourcePort"] or nil,
port = e["port"] ~= "" and e["port"] or nil,
protocol = protocols
}
if domains then
local _rule = api.clone(rule)
_rule["_flag"] = _rule["_flag"] .. "_domains"
_rule.domains = domains
table.insert(rules, _rule)
end
if ip then
local _rule = api.clone(rule)
_rule["_flag"] = _rule["_flag"] .. "_ip"
_rule.ip = ip
table.insert(rules, _rule)
end
if not domains and not ip then
table.insert(rules, rule)
end
end
end
end)
if default_outboundTag then
table.insert(rules, {
_flag = "defalut",
type = "field",
outboundTag = default_outboundTag,
network = "tcp,udp"
})
end
routing = {
domainStrategy = node.domainStrategy or "AsIs",
domainMatcher = node.domainMatcher or "hybrid",
rules = rules
}
elseif node.protocol == "_balancing" then
if node.balancing_node then
local nodes = node.balancing_node
local length = #nodes
for i = 1, length do
local node = uci:get_all(appname, nodes[i])
local outbound = gen_outbound(node)
if outbound then table.insert(outbounds, outbound) end
end
routing = {
domainStrategy = node.domainStrategy or "AsIs",
domainMatcher = node.domainMatcher or "hybrid",
balancers = {{tag = "balancer", selector = nodes}},
rules = {
{type = "field", network = "tcp,udp", balancerTag = "balancer"}
}
}
end
else
local outbound = nil
if node.protocol == "_iface" then
if node.iface then
outbound = {
protocol = "freedom",
tag = "outbound",
streamSettings = {
sockopt = {
interface = node.iface
}
}
}
end
else
outbound = gen_outbound(node)
end
if outbound then table.insert(outbounds, outbound) end
routing = {
domainStrategy = "AsIs",
domainMatcher = "hybrid",
rules = {}
}
table.insert(routing.rules, {
_flag = "defalut",
type = "field",
outboundTag = node_id,
network = "tcp,udp"
})
end
end
end
if remote_dns_udp_server or remote_dns_fake then
local rules = {}
local _remote_dns_proto
if not routing then
routing = {
domainStrategy = "IPOnDemand",
rules = {}
}
end
dns = {
tag = "dns-in1",
hosts = {},
disableCache = (dns_cache and dns_cache == "0") and true or false,
disableFallback = true,
disableFallbackIfMatch = true,
servers = {},
queryStrategy = (dns_query_strategy and dns_query_strategy ~= "") and dns_query_strategy or "UseIPv4"
}
local dns_host = ""
if flag == "global" then
dns_host = uci:get(appname, "@global[0]", "dns_hosts") or ""
else
flag = flag:gsub("acl_", "")
local dns_hosts_mode = uci:get(appname, flag, "dns_hosts_mode") or "default"
if dns_hosts_mode == "default" then
dns_host = uci:get(appname, "@global[0]", "dns_hosts") or ""
elseif dns_hosts_mode == "disable" then
dns_host = ""
elseif dns_hosts_mode == "custom" then
dns_host = uci:get(appname, flag, "dns_hosts") or ""
end
end
if #dns_host > 0 then
string.gsub(dns_host, '[^' .. "\r\n" .. ']+', function(w)
local host = sys.exec(string.format("echo -n $(echo %s | awk -F ' ' '{print $1}')", w))
local key = sys.exec(string.format("echo -n $(echo %s | awk -F ' ' '{print $2}')", w))
if host ~= "" and key ~= "" then
dns.hosts[host] = key
end
end)
end
if true then
local _remote_dns = {
_flag = "remote",
domains = #dns_remote_domains > 0 and dns_remote_domains or nil
--expectIPs = #dns_remote_expectIPs > 0 and dns_remote_expectIPs or nil
}
if remote_dns_udp_server then
_remote_dns.address = remote_dns_udp_server
_remote_dns.port = tonumber(remote_dns_port) or 53
_remote_dns_proto = "udp"
table.insert(routing.rules, 1, {
type = "field",
ip = {
remote_dns_udp_server
},
port = tonumber(remote_dns_port) or 53,
network = "udp",
outboundTag = "direct"
})
end
if remote_dns_fake then
fakedns = {}
fakedns[#fakedns + 1] = {
ipPool = "198.18.0.0/16",
poolSize = 65535
}
if dns_query_strategy == "UseIP" then
fakedns[#fakedns + 1] = {
ipPool = "fc00::/18",
poolSize = 65535
}
end
_remote_dns.address = "fakedns"
end
table.insert(dns.servers, _remote_dns)
end
if true then
local nodes_domain_text = sys.exec('uci show passwall2 | grep ".address=" | cut -d "\'" -f 2 | grep "[a-zA-Z]$" | sort -u')
string.gsub(nodes_domain_text, '[^' .. "\r\n" .. ']+', function(w)
table.insert(dns_direct_domains, "full:" .. w)
end)
local _direct_dns = {
_flag = "direct",
domains = #dns_direct_domains > 0 and dns_direct_domains or nil
--expectIPs = #dns_direct_expectIPs > 0 and dns_direct_expectIPs or nil
}
if direct_dns_udp_server then
_direct_dns.address = direct_dns_udp_server
_direct_dns.port = tonumber(direct_dns_port) or 53
table.insert(routing.rules, 1, {
type = "field",
ip = {
direct_dns_udp_server
},
port = tonumber(direct_dns_port) or 53,
network = "udp",
outboundTag = "direct"
})
end
table.insert(dns.servers, _direct_dns)
end
if dns_listen_port then
table.insert(inbounds, {
listen = "127.0.0.1",
port = tonumber(dns_listen_port),
protocol = "dokodemo-door",
tag = "dns-in",
settings = {
address = "1.1.1.1",
port = 53,
network = "tcp,udp"
}
})
table.insert(outbounds, {
tag = "dns-out",
protocol = "dns",
settings = {
address = "1.1.1.1",
port = tonumber(remote_dns_port) or 53,
network = _remote_dns_proto or "tcp",
}
})
table.insert(routing.rules, 1, {
type = "field",
inboundTag = {
"dns-in"
},
outboundTag = "dns-out"
})
end
local default_dns_flag = "remote"
if node_id and redir_port then
local node = uci:get_all(appname, node_id)
if node.protocol == "_shunt" then
if node.default_node == "_direct" then
default_dns_flag = "direct"
end
end
end
if dns.servers and #dns.servers > 0 then
local dns_servers = nil
for index, value in ipairs(dns.servers) do
if not dns_servers and value["_flag"] == default_dns_flag then
dns_servers = {
_flag = "default",
address = value.address,
port = value.port
}
break
end
end
if dns_servers then
table.insert(dns.servers, 1, dns_servers)
end
end
local default_rule_index = #routing.rules > 0 and #routing.rules or 1
for index, value in ipairs(routing.rules) do
if value["_flag"] == "default" then
default_rule_index = index
break
end
end
for index, value in ipairs(rules) do
local t = rules[#rules + 1 - index]
table.insert(routing.rules, default_rule_index, t)
end
local dns_hosts_len = 0
for key, value in pairs(dns.hosts) do
dns_hosts_len = dns_hosts_len + 1
end
if dns_hosts_len == 0 then
dns.hosts = nil
end
end
if inbounds or outbounds then
local config = {
log = {
--access = string.format("/tmp/etc/%s/%s_access.log", appname, "global"),
--error = string.format("/tmp/etc/%s/%s_error.log", appname, "global"),
--dnsLog = true,
loglevel = loglevel
},
-- DNS
dns = dns,
fakedns = fakedns,
-- 传入连接
inbounds = inbounds,
-- 传出连接
outbounds = outbounds,
-- 路由
routing = routing,
-- 本地策略
policy = {
levels = {
[0] = {
-- handshake = 4,
-- connIdle = 300,
-- uplinkOnly = 2,
-- downlinkOnly = 5,
bufferSize = buffer_size and tonumber(buffer_size) or nil,
statsUserUplink = false,
statsUserDownlink = false
}
},
-- system = {
-- statsInboundUplink = false,
-- statsInboundDownlink = false
-- }
}
}
table.insert(outbounds, {
protocol = "freedom",
tag = "direct",
settings = {
domainStrategy = (dns_query_strategy and dns_query_strategy ~= "") and dns_query_strategy or "UseIPv4"
},
streamSettings = {
sockopt = {
mark = 255
}
}
})
table.insert(outbounds, {
protocol = "blackhole",
tag = "blackhole"
})
print(jsonc.stringify(config, 1))
end

245
luci-app-passwall2/luasrc/model/cbi/passwall2/api/gen_v2ray_dns.lua
View File

@ -1,245 +0,0 @@
module("luci.model.cbi.passwall2.api.gen_v2ray_dns", package.seeall)
local api = require "luci.model.cbi.passwall2.api.api"
local var = api.get_args(arg)
local dns_listen_port = var["-dns_listen_port"]
local dns_query_strategy = var["-dns_query_strategy"]
local dns_out_tag = var["-dns_out_tag"]
local dns_client_ip = var["-dns_client_ip"]
local direct_dns_server = var["-direct_dns_server"]
local direct_dns_port = var["-direct_dns_port"]
local direct_dns_udp_server = var["-direct_dns_udp_server"]
local direct_dns_tcp_server = var["-direct_dns_tcp_server"]
local direct_dns_doh_url = var["-direct_dns_doh_url"]
local direct_dns_doh_host = var["-direct_dns_doh_host"]
local remote_dns_server = var["-remote_dns_server"]
local remote_dns_port = var["-remote_dns_port"]
local remote_dns_udp_server = var["-remote_dns_udp_server"]
local remote_dns_tcp_server = var["-remote_dns_tcp_server"]
local remote_dns_doh_url = var["-remote_dns_doh_url"]
local remote_dns_doh_host = var["-remote_dns_doh_host"]
local remote_dns_outbound_socks_address = var["-remote_dns_outbound_socks_address"]
local remote_dns_outbound_socks_port = var["-remote_dns_outbound_socks_port"]
local remote_dns_fake = var["-remote_dns_fake"]
local dns_cache = var["-dns_cache"]
local loglevel = var["-loglevel"] or "warning"
local jsonc = api.jsonc
local dns = nil
local fakedns = nil
local inbounds = {}
local outbounds = {}
local routing = nil
function gen_outbound(tag, proto, address, port, username, password)
local result = {
tag = tag,
protocol = proto,
streamSettings = {
network = "tcp",
security = "none"
},
settings = {
servers = {
{
address = address,
port = tonumber(port),
users = (username and password) and {
{
user = username,
pass = password
}
} or nil
}
}
}
}
return result
end
if dns_listen_port then
routing = {
domainStrategy = "IPOnDemand",
rules = {}
}
dns = {
tag = "dns-in1",
hosts = {},
disableCache = (dns_cache and dns_cache == "0") and true or false,
disableFallback = true,
disableFallbackIfMatch = true,
servers = {},
clientIp = (dns_client_ip and dns_client_ip ~= "") and dns_client_ip or nil,
queryStrategy = (dns_query_strategy and dns_query_strategy ~= "") and dns_query_strategy or "UseIPv4"
}
local tmp_dns_server, tmp_dns_port, tmp_dns_proto
if dns_out_tag == "remote" then
local _remote_dns = {
_flag = "remote"
}
if remote_dns_udp_server then
_remote_dns.address = remote_dns_udp_server
_remote_dns.port = tonumber(remote_dns_port) or 53
tmp_dns_proto = "udp"
end
if remote_dns_tcp_server then
_remote_dns.address = remote_dns_tcp_server
_remote_dns.port = tonumber(remote_dns_port) or 53
tmp_dns_proto = "tcp"
end
if remote_dns_doh_url and remote_dns_doh_host then
if remote_dns_server and remote_dns_doh_host ~= remote_dns_server and not api.is_ip(remote_dns_doh_host) then
dns.hosts[remote_dns_doh_host] = remote_dns_server
end
_remote_dns.address = remote_dns_doh_url
_remote_dns.port = tonumber(remote_dns_port) or 443
tmp_dns_proto = "tcp"
end
if remote_dns_fake then
remote_dns_server = "1.1.1.1"
fakedns = {}
fakedns[#fakedns + 1] = {
ipPool = "198.18.0.0/16",
poolSize = 65535
}
if dns_query_strategy == "UseIP" then
fakedns[#fakedns + 1] = {
ipPool = "fc00::/18",
poolSize = 65535
}
end
_remote_dns.address = "fakedns"
end
tmp_dns_server = remote_dns_server
tmp_dns_port = remote_dns_port
table.insert(dns.servers, _remote_dns)
table.insert(outbounds, 1, gen_outbound("remote", "socks", remote_dns_outbound_socks_address, remote_dns_outbound_socks_port))
elseif dns_out_tag == "direct" then
local _direct_dns = {
_flag = "direct"
}
if direct_dns_udp_server then
_direct_dns.address = direct_dns_udp_server
_direct_dns.port = tonumber(direct_dns_port) or 53
table.insert(routing.rules, 1, {
type = "field",
ip = {
direct_dns_udp_server
},
port = tonumber(direct_dns_port) or 53,
network = "udp",
outboundTag = "direct"
})
end
if direct_dns_tcp_server then
_direct_dns.address = direct_dns_tcp_server:gsub("tcp://", "tcp+local://")
_direct_dns.port = tonumber(direct_dns_port) or 53
end
if direct_dns_doh_url and direct_dns_doh_host then
if direct_dns_server and direct_dns_doh_host ~= direct_dns_server and not api.is_ip(direct_dns_doh_host) then
dns.hosts[direct_dns_doh_host] = direct_dns_server
end
_direct_dns.address = direct_dns_doh_url:gsub("https://", "https+local://")
_direct_dns.port = tonumber(direct_dns_port) or 443
end
tmp_dns_server = direct_dns_server
tmp_dns_port = direct_dns_port
table.insert(dns.servers, _direct_dns)
table.insert(outbounds, 1, {
protocol = "freedom",
tag = "direct",
settings = {
domainStrategy = (dns_query_strategy and dns_query_strategy ~= "") and dns_query_strategy or "UseIPv4"
},
streamSettings = {
sockopt = {
mark = 255
}
}
})
end
local dns_hosts_len = 0
for key, value in pairs(dns.hosts) do
dns_hosts_len = dns_hosts_len + 1
end
if dns_hosts_len == 0 then
dns.hosts = nil
end
table.insert(inbounds, {
listen = "127.0.0.1",
port = tonumber(dns_listen_port),
protocol = "dokodemo-door",
tag = "dns-in",
settings = {
address = tmp_dns_server or "1.1.1.1",
port = 53,
network = "tcp,udp"
}
})
table.insert(outbounds, {
tag = "dns-out",
protocol = "dns",
settings = {
address = tmp_dns_server or "1.1.1.1",
port = tonumber(tmp_dns_port) or 53,
network = tmp_dns_proto or "tcp",
}
})
table.insert(routing.rules, 1, {
type = "field",
inboundTag = {
"dns-in"
},
outboundTag = "dns-out"
})
table.insert(routing.rules, {
type = "field",
inboundTag = {
"dns-in1"
},
outboundTag = dns_out_tag
})
end
if inbounds or outbounds then
local config = {
log = {
--dnsLog = true,
loglevel = loglevel
},
-- DNS
dns = dns,
fakedns = fakedns,
-- 传入连接
inbounds = inbounds,
-- 传出连接
outbounds = outbounds,
-- 路由
routing = routing
}
print(jsonc.stringify(config, 1))
end

111
luci-app-passwall2/luasrc/model/cbi/passwall2/api/gen_v2ray_proto.lua
View File

@ -1,111 +0,0 @@
local api = require "luci.model.cbi.passwall2.api.api"
local jsonc = api.jsonc
local inbounds = {}
local outbounds = {}
local routing = nil
local var = api.get_args(arg)
local local_socks_address = var["-local_socks_address"] or "0.0.0.0"
local local_socks_port = var["-local_socks_port"]
local local_socks_username = var["-local_socks_username"]
local local_socks_password = var["-local_socks_password"]
local local_http_address = var["-local_http_address"] or "0.0.0.0"
local local_http_port = var["-local_http_port"]
local local_http_username = var["-local_http_username"]
local local_http_password = var["-local_http_password"]
local server_proto = var["-server_proto"]
local server_address = var["-server_address"]
local server_port = var["-server_port"]
local server_username = var["-server_username"]
local server_password = var["-server_password"]
function gen_outbound(proto, address, port, username, password)
local result = {
protocol = proto,
streamSettings = {
network = "tcp",
security = "none"
},
settings = {
servers = {
{
address = address,
port = tonumber(port),
users = (username and password) and {
{
user = username,
pass = password
}
} or nil
}
}
}
}
return result
end
if local_socks_address and local_socks_port then
local inbound = {
listen = local_socks_address,
port = tonumber(local_socks_port),
protocol = "socks",
settings = {
udp = true,
auth = "noauth"
}
}
if local_socks_username and local_socks_password and local_socks_username ~= "" and local_socks_password ~= "" then
inbound.settings.auth = "password"
inbound.settings.accounts = {
{
user = local_socks_username,
pass = local_socks_password
}
}
end
table.insert(inbounds, inbound)
end
if local_http_address and local_http_port then
local inbound = {
listen = local_http_address,
port = tonumber(local_http_port),
protocol = "http",
settings = {
allowTransparent = false
}
}
if local_http_username and local_http_password and local_http_username ~= "" and local_http_password ~= "" then
inbound.settings.accounts = {
{
user = local_http_username,
pass = local_http_password
}
}
end
table.insert(inbounds, inbound)
end
if server_proto ~= "nil" and server_address ~= "nil" and server_port ~= "nil" then
local outbound = gen_outbound(server_proto, server_address, server_port, server_username, server_password)
if outbound then table.insert(outbounds, outbound) end
end
-- 额外传出连接
table.insert(outbounds, {
protocol = "freedom", tag = "direct", settings = {keep = ""}
})
local config = {
log = {
-- error = string.format("/tmp/etc/passwall2/%s.log", node[".name"]),
loglevel = "warning"
},
-- 传入连接
inbounds = inbounds,
-- 传出连接
outbounds = outbounds,
-- 路由
routing = routing
}
print(jsonc.stringify(config, 1))

2
luci-app-passwall2/luasrc/model/cbi/passwall2/client/acl.lua
View File

@ -1,4 +1,4 @@
local api = require "luci.model.cbi.passwall2.api.api"
local api = require "luci.passwall2.api"
local appname = api.appname
local sys = api.sys
local has_chnlist = api.fs.access("/usr/share/passwall2/rules/chnlist")

2
luci-app-passwall2/luasrc/model/cbi/passwall2/client/acl_config.lua
View File

@ -1,4 +1,4 @@
local api = require "luci.model.cbi.passwall2.api.api"
local api = require "luci.passwall2.api"
local appname = api.appname
local sys = api.sys

2
luci-app-passwall2/luasrc/model/cbi/passwall2/client/app_update.lua
View File

@ -1,4 +1,4 @@
local api = require "luci.model.cbi.passwall2.api.api"
local api = require "luci.passwall2.api"
local appname = api.appname
m = Map(appname)

2
luci-app-passwall2/luasrc/model/cbi/passwall2/client/auto_switch.lua
View File

@ -1,4 +1,4 @@
local api = require "luci.model.cbi.passwall2.api.api"
local api = require "luci.passwall2.api"
local appname = api.appname
local nodes_table = {}

Some files were not shown because too many files have changed in this diff Show More