OpenWrt/kenzok8-package
1
0
Fork 0
mirror of https://github.com/kenzok8/small-package synced 2025-04-04 03:01:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

update 2024-02-04 23:34:26

Browse Source
This commit is contained in:
github-actions[bot] 2024-02-04 23:34:26 +08:00
parent eea5e9bf49
commit d80262d823
8 changed files with 381 additions and 355 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

322
luci-app-nginx-pingos/root/etc/pingos.template
View File

@ -1,29 +1,29 @@
user root;
user root;
daemon on;
master_process on;
worker_processes 1;
worker_processes 1;
#worker_rlimit 4g;
#error_log |TMP_PATH|/error.log;
#error_log |TMP_PATH|/error.log notice;
error_log |TMP_PATH|/error.log info;
error_log |TMP_PATH|/error.log info;
worker_rlimit_nofile 102400;
worker_rlimit_core 2G;
working_directory |TMP_PATH|;
worker_rlimit_core 2G;
working_directory |TMP_PATH|;
pid |TMP_PATH|/pingos.pid;
events {
use epoll;
worker_connections 4096;
multi_listen unix:|TMP_PATH|/http |HTTP_PORT|;
multi_listen unix:|TMP_PATH|/rtmp |RTMP_PORT|;
use epoll;
worker_connections 4096;
multi_listen unix:|TMP_PATH|/http |HTTP_PORT|;
multi_listen unix:|TMP_PATH|/rtmp |RTMP_PORT|;
dynamic_refresh_interval 5s;
dynamic_domain_buckets 1001;
resolver 114.114.114.114 valid=1m;
resolver_timeout 30s;
dynamic_refresh_interval 5s;
dynamic_domain_buckets 1001;
resolver 114.114.114.114 valid=1m;
resolver_timeout 30s;
}
#stream_zone buckets=1024 streams=4096;
@ -32,178 +32,178 @@ events {
#dynamic_log |TMP_PATH|/dynamic.log info;
rtmp {
log_format log_bandwidth '{"app":"$app","name":"$name","bitrate":$bitrate,"args":"$args","timestamp":$ntp,"ts":"$time_local","type":"$command","remote_addr":"$remote_addr","domain":"$domain"}';
access_log |TMP_PATH|/bandwidth.log log_bandwidth trunc=60s;
log_format log_bandwidth '{"app":"$app","name":"$name","bitrate":$bitrate,"args":"$args","timestamp":$ntp,"ts":"$time_local","type":"$command","remote_addr":"$remote_addr","domain":"$domain"}';
access_log |TMP_PATH|/bandwidth.log log_bandwidth trunc=60s;
server {
listen |RTMP_PORT|;
listen [::]:|RTMP_PORT| ipv6only=on;
serverid 000;
out_queue 2048;
server_name localhost;
rtmp_auto_pull on;
rtmp_auto_pull_port unix:|TMP_PATH|/rtmp;
application push {
live on;
push rtmp://127.0.0.1:|RTMP_PORT|/live app=live;
}
server {
listen |RTMP_PORT|;
listen [::]:|RTMP_PORT| ipv6only=on;
serverid 000;
out_queue 2048;
server_name localhost;
rtmp_auto_pull on;
rtmp_auto_pull_port unix:|TMP_PATH|/rtmp;
application live {
live_record |TS_RECORD|;
live_record_path |RECORD_PATH|;
application push {
live on;
push rtmp://127.0.0.1:|RTMP_PORT|/live app=live;
}
recorder r1{
record |FLV_RECORD|;
record_path |RECORD_PATH|;
}
application live {
live_record |TS_RECORD|;
live_record_path |RECORD_PATH|;
live on;
hls |HLS|;
hls_path |TMP_PATH|/hls;
hls_fragment 4000ms;
recorder r1{
record |FLV_RECORD|;
record_path |RECORD_PATH|;
}
live on;
hls |HLS|;
hls_path |TMP_PATH|/hls;
hls_fragment 4000ms;
#hls_max_fragment 10000ms;
hls_playlist_length 12000ms;
hls_type live;
hls_playlist_length 12000ms;
hls_type live;
hls2 |HLS2|;
mpegts_cache_time 20s;
hls2 |HLS2|;
mpegts_cache_time 20s;
hls2_fragment 2000ms;
hls2_max_fragment 3000ms;
hls2_playlist_length 6000ms;
hls2_fragment 2000ms;
hls2_max_fragment 3000ms;
hls2_playlist_length 6000ms;
wait_key on;
wait_video on;
cache_time 1s;
send_all on;
low_latency off;
fix_timestamp 2s;
wait_key on;
wait_video on;
cache_time 1s;
send_all on;
low_latency off;
fix_timestamp 2s;
# h265 codecid, default 12
hevc_codecid 12;
}
}
hevc_codecid 12;
}
}
}
http {
include /usr/share/pingos/conf/mime.types;
default_type application/octet-stream;
include /usr/share/pingos/conf/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_X-Forwarded-For" "$http_X-Real-IP" "$host"';
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_X-Forwarded-For" "$http_X-Real-IP" "$host"';
access_log |TMP_PATH|/access.log main;
access_log |TMP_PATH|/access.log main;
sendfile on;
#tcp_nopush on;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#keepalive_timeout 0;
keepalive_timeout 65;
#reset_server_name www.test1.com www.test2.com;
#gzip on;
#reset_server_name www.test1.com www.test2.com;
#gzip on;
upstream hlsm {
#hash $remote_addr consistent;
hash $arg_session consistent;
# 这里需要注意,你要开几个进程,就要按这个规则写几条记录
server unix:|TMP_PATH|/http.0;
#server unix:|TMP_PATH|/http.1;
}
upstream hlsm {
#hash $remote_addr consistent;
hash $arg_session consistent;
# 这里需要注意,你要开几个进程,就要按这个规则写几条记录
server unix:|TMP_PATH|/http.0;
#server unix:|TMP_PATH|/http.1;
}
server {
listen |HTTP_PORT|;
listen [::]:|HTTP_PORT|;
|ssl_certificate|
|ssl_certificate_key|
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location /rtmp_stat {
rtmp_stat all;
rtmp_stat_stylesheet /stat.xsl;
}
server {
listen |HTTP_PORT|;
listen [::]:|HTTP_PORT|;
|ssl_certificate|
|ssl_certificate_key|
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location /xstat {
rtmp_stat all;
}
location /rtmp_stat {
rtmp_stat all;
rtmp_stat_stylesheet /stat.xsl;
}
location /sys_stat {
sys_stat;
}
location ~ .mp4$ {
root /usr/share/pingos/html;
#mp4;
}
location /xstat {
rtmp_stat all;
}
location /control {
rtmp_control all;
}
location /flv {
flv_live |RTMP_PORT| app=live;
add_header 'Access-Control-Allow-Origin' '*';
add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "*";
add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token";
add_header "Access-Control-Expose-Headers" "*";
}
location /ts {
ts_live |RTMP_PORT| app=live;
expires -1;
add_header 'Access-Control-Allow-Origin' '*';
add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "*";
add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token";
add_header "Access-Control-Expose-Headers" "*";
}
location /hls {
# Serve HLS fragments
types {
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
}
root |TMP_PATH|;
expires -1;
add_header Cache-Control no-cache;
add_header 'Access-Control-Allow-Origin' '*';
add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "*";
add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token";
add_header "Access-Control-Expose-Headers" "*";
}
location /sys_stat {
sys_stat;
}
location ~ .mp4$ {
root /usr/share/pingos/html;
#mp4;
}
location /hlsm {
hls2_live |RTMP_PORT| app=live;
add_header 'Access-Control-Allow-Origin' '*';
add_header Cache-Control no-cache;
add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "*";
add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token";
add_header "Access-Control-Expose-Headers" "*";
}
location /control {
rtmp_control all;
}
location /flv {
flv_live |RTMP_PORT| app=live;
add_header 'Access-Control-Allow-Origin' '*';
add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "*";
add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token";
add_header "Access-Control-Expose-Headers" "*";
}
location /ts {
ts_live |RTMP_PORT| app=live;
expires -1;
add_header 'Access-Control-Allow-Origin' '*';
add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "*";
add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token";
add_header "Access-Control-Expose-Headers" "*";
}
location /hls {
# Serve HLS fragments
types {
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
}
root |TMP_PATH|;
expires -1;
add_header Cache-Control no-cache;
add_header 'Access-Control-Allow-Origin' '*';
add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "*";
add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token";
add_header "Access-Control-Expose-Headers" "*";
}
location /hls2 {
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 1M;
proxy_busy_buffers_size 2M;
proxy_max_temp_file_size 0;
set $hls_args location=/hls2&scheme=$scheme;
# if ($args) {
# set $hls_args $args&location=/hls2&scheme=$scheme;
# }
proxy_set_header Host $host:$server_port;
rewrite ^/(.*)/(.*)\.(.*)$ /hlsm/$2.$3?$hls_args break;
proxy_pass http://hlsm;
}
location /hlsm {
hls2_live |RTMP_PORT| app=live;
add_header 'Access-Control-Allow-Origin' '*';
add_header Cache-Control no-cache;
add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "*";
add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token";
add_header "Access-Control-Expose-Headers" "*";
}
location / {
chunked_transfer_encoding on;
root /usr/share/pingos/html/;
}
}
location /hls2 {
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 1M;
proxy_busy_buffers_size 2M;
proxy_max_temp_file_size 0;
set $hls_args location=/hls2&scheme=$scheme;
#if ($args) {
# set $hls_args $args&location=/hls2&scheme=$scheme;
#}
proxy_set_header Host $host:$server_port;
rewrite ^/(.*)/(.*)\.(.*)$ /hlsm/$2.$3?$hls_args break;
proxy_pass http://hlsm;
}
location / {
chunked_transfer_encoding on;
root /usr/share/pingos/html/;
}
}
}

319
luci-app-nginx-pingos/root/resource/conf-template/nginx.conf
View File

@ -1,29 +1,29 @@
user root;
user root;
daemon on;
master_process on;
worker_processes 1;
worker_processes 1;
#worker_rlimit 4g;
#error_log logs/error.log;
#error_log logs/error.log notice;
error_log logs/error.log info;
error_log logs/error.log info;
worker_rlimit_nofile 102400;
worker_rlimit_core 2G;
working_directory /tmp;
worker_rlimit_core 2G;
working_directory /tmp;
pid logs/nginx.pid;
pid logs/nginx.pid;
events {
use epoll;
worker_connections 4096;
multi_listen unix:/tmp/http 8080;
multi_listen unix:/tmp/rtmp 1935;
use epoll;
worker_connections 4096;
multi_listen unix:/tmp/http 8080;
multi_listen unix:/tmp/rtmp 1935;
dynamic_refresh_interval 5s;
dynamic_domain_buckets 1001;
resolver 114.114.114.114 valid=1m;
resolver_timeout 30s;
dynamic_refresh_interval 5s;
dynamic_domain_buckets 1001;
resolver 114.114.114.114 valid=1m;
resolver_timeout 30s;
}
#stream_zone buckets=1024 streams=4096;
@ -31,175 +31,176 @@ events {
#dynamic_conf conf/nginx_dynamic.conf 10;
#dynamic_log logs/dynamic.log info;
rtmp {
log_format log_bandwidth '{"app":"$app","name":"$name","bitrate":$bitrate,"args":"$args","timestamp":$ntp,"ts":"$time_local","type":"$command","remote_addr":"$remote_addr","domain":"$domain"}';
access_log logs/bandwidth.log log_bandwidth trunc=60s;
log_format log_bandwidth '{"app":"$app","name":"$name","bitrate":$bitrate,"args":"$args","timestamp":$ntp,"ts":"$time_local","type":"$command","remote_addr":"$remote_addr","domain":"$domain"}';
access_log logs/bandwidth.log log_bandwidth trunc=60s;
server {
listen 1935;
serverid 000;
out_queue 2048;
server_name live.pingos.io;
rtmp_auto_pull on;
rtmp_auto_pull_port unix:/tmp/rtmp;
server {
listen 1935;
serverid 000;
out_queue 2048;
server_name live.pingos.io;
rtmp_auto_pull on;
rtmp_auto_pull_port unix:/tmp/rtmp;
application push {
live on;
push rtmp://127.0.0.1/live app=live;
}
application push {
live on;
push rtmp://127.0.0.1/live app=live;
}
application live {
live_record on;
live_record_path /data/record;
application live {
live_record on;
live_record_path /data/record;
recorder r1{
record all;
record_path /data/record;
}
recorder r1{
record all;
record_path /data/record;
}
live on;
hls on;
hls_path /tmp/hls;
hls_fragment 4000ms;
# hls_max_fragment 10000ms;
hls_playlist_length 12000ms;
hls_type live;
live on;
hls on;
hls_path /tmp/hls;
hls_fragment 4000ms;
#hls_max_fragment 10000ms;
hls_playlist_length 12000ms;
hls_type live;
hls2 on;
mpegts_cache_time 20s;
hls2 on;
mpegts_cache_time 20s;
hls2_fragment 2000ms;
hls2_max_fragment 3000ms;
hls2_playlist_length 6000ms;
hls2_fragment 2000ms;
hls2_max_fragment 3000ms;
hls2_playlist_length 6000ms;
wait_key on;
wait_video on;
cache_time 1s;
send_all on;
low_latency off;
fix_timestamp 2s;
# h265 codecid, default 12
hevc_codecid 12;
}
}
wait_key on;
wait_video on;
cache_time 1s;
send_all on;
low_latency off;
fix_timestamp 2s;
# h265 codecid, default 12
hevc_codecid 12;
}
}
}
http {
include mime.types;
default_type application/octet-stream;
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_X-Forwarded-For" "$http_X-Real-IP" "$host"';
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_X-Forwarded-For" "$http_X-Real-IP" "$host"';
access_log logs/access.log main;
access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#keepalive_timeout 0;
keepalive_timeout 65;
#reset_server_name www.test1.com www.test2.com;
#gzip on;
#reset_server_name www.test1.com www.test2.com;
#gzip on;
upstream hlsm {
# hash $remote_addr consistent;
hash $arg_session consistent;
# 这里需要注意,你要开几个进程,就要按这个规则写几条记录
server unix:/tmp/http.0;
# server unix:/tmp/http.1;
# server unix:/tmp/http.2;
# server unix:/tmp/http.3;
}
upstream hlsm {
# hash $remote_addr consistent;
hash $arg_session consistent;
# 这里需要注意,你要开几个进程,就要按这个规则写几条记录
server unix:/tmp/http.0;
# server unix:/tmp/http.1;
# server unix:/tmp/http.2;
# server unix:/tmp/http.3;
}
server {
listen 8080;
# listen 443 ssl;
# ssl_certificate /usr/local/pingos/cert/full_chain.pem;
# ssl_certificate_key /usr/local/pingos/cert/privkey.pem;
location /rtmp_stat {
rtmp_stat all;
rtmp_stat_stylesheet /stat.xsl;
}
server {
listen 8080;
# listen 443 ssl;
# ssl_certificate /usr/local/pingos/cert/full_chain.pem;
# ssl_certificate_key /usr/local/pingos/cert/privkey.pem;
location /rtmp_stat {
rtmp_stat all;
rtmp_stat_stylesheet /stat.xsl;
}
location /xstat {
rtmp_stat all;
}
location /xstat {
rtmp_stat all;
}
location /sys_stat {
sys_stat;
}
location ~ .mp4$ {
root html;
#mp4;
}
location /sys_stat {
sys_stat;
}
location ~ .mp4$ {
root html;
#mp4;
}
location /control {
rtmp_control all;
}
location /flv {
flv_live 1935 app=live;
add_header 'Access-Control-Allow-Origin' '*';
add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "*";
add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token";
add_header "Access-Control-Expose-Headers" "*";
}
location /ts {
ts_live 1935 app=live;
expires -1;
add_header 'Access-Control-Allow-Origin' '*';
add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "*";
add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token";
add_header "Access-Control-Expose-Headers" "*";
}
location /hls {
# Serve HLS fragments
types {
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
}
root /tmp;
expires -1;
add_header Cache-Control no-cache;
add_header 'Access-Control-Allow-Origin' '*';
add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "*";
add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token";
add_header "Access-Control-Expose-Headers" "*";
}
location /control {
rtmp_control all;
}
location /flv {
flv_live 1935 app=live;
add_header 'Access-Control-Allow-Origin' '*';
add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "*";
add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token";
add_header "Access-Control-Expose-Headers" "*";
}
location /ts {
ts_live 1935 app=live;
expires -1;
add_header 'Access-Control-Allow-Origin' '*';
add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "*";
add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token";
add_header "Access-Control-Expose-Headers" "*";
}
location /hls {
# Serve HLS fragments
types {
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
}
root /tmp;
expires -1;
add_header Cache-Control no-cache;
add_header 'Access-Control-Allow-Origin' '*';
add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "*";
add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token";
add_header "Access-Control-Expose-Headers" "*";
}
location /hlsm {
hls2_live 1935 app=live;
add_header 'Access-Control-Allow-Origin' '*';
add_header Cache-Control no-cache;
add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "*";
add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token";
add_header "Access-Control-Expose-Headers" "*";
}
location /hlsm {
hls2_live 1935 app=live;
add_header 'Access-Control-Allow-Origin' '*';
add_header Cache-Control no-cache;
add_header "Access-Control-Allow-Credentials" "true";
add_header "Access-Control-Allow-Methods" "*";
add_header "Access-Control-Allow-Headers" "Content-Type,Access-Token";
add_header "Access-Control-Expose-Headers" "*";
}
location /hls2 {
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 1M;
proxy_busy_buffers_size 2M;
proxy_max_temp_file_size 0;
set $hls_args location=/hls2&scheme=$scheme;
# if ($args) {
# set $hls_args $args&location=/hls2&scheme=$scheme;
# }
proxy_set_header Host $host:$server_port;
rewrite ^/(.*)/(.*)\.(.*)$ /hlsm/$2.$3?$hls_args break;
proxy_pass http://hlsm;
}
location /hls2 {
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 1M;
proxy_busy_buffers_size 2M;
proxy_max_temp_file_size 0;
set $hls_args location=/hls2&scheme=$scheme;
# if ($args) {
# set $hls_args $args&location=/hls2&scheme=$scheme;
# }
proxy_set_header Host $host:$server_port;
rewrite ^/(.*)/(.*)\.(.*)$ /hlsm/$2.$3?$hls_args break;
proxy_pass http://hlsm;
}
location / {
chunked_transfer_encoding on;
root html/;
}
}
location / {
chunked_transfer_encoding on;
root html/;
}
}
}

2
luci-app-xray/README.md
View File

@ -39,6 +39,8 @@ Fork this repository and:
## Changelog since 3.3.0
* 2024-01-19 chore: bump version
* 2024-01-24 feat: add alias to LAN Hosts Access Control
* 2024-02-04 fix: avoid firewall restart failure & some minor adjustments
## Changelog since 3.2.0

2
luci-app-xray/core/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-xray
PKG_VERSION:=3.3.0
PKG_VERSION:=3.3.1
PKG_RELEASE:=1
PKG_LICENSE:=MPLv2

6
luci-app-xray/core/root/etc/init.d/xray_core
View File

@ -5,8 +5,6 @@ STOP=15
USE_PROCD=1
NAME=xray_core
FIREWALL_INCLUDE="/usr/share/xray/firewall_include.ut"
setup_firewall() {
ip rule add fwmark 251 lookup 251
ip route add local default dev lo table 251
@ -14,7 +12,7 @@ setup_firewall() {
ip -6 route add local default dev lo table 251
logger -st xray[$$] -p4 "Generating firewall4 rules..."
/usr/bin/utpl ${FIREWALL_INCLUDE} > /var/etc/xray/firewall_include.nft
/usr/bin/utpl /usr/share/xray/firewall_include.ut > /var/etc/xray/01_firewall_include.nft
logger -st xray[$$] -p4 "Triggering firewall4 restart..."
/etc/init.d/firewall restart
@ -27,7 +25,7 @@ flush_firewall() {
ip -6 route del local default dev lo table 251
logger -st xray[$$] -p4 "Flushing firewall4 rules..."
rm -f /var/etc/xray/firewall_include.nft
rm -f /var/etc/xray/*.nft
logger -st xray[$$] -p4 "Triggering firewall4 restart..."
/etc/init.d/firewall restart

43
luci-app-xray/core/root/usr/share/xray/default_gateway.uc
View File

@ -1,7 +1,7 @@
#!/usr/bin/ucode
"use strict";
import { popen, stat } from "fs";
import { open, popen, stat } from "fs";
import { connect } from "ubus";
function network_dump() {
@ -48,24 +48,44 @@ function gen_tp_spec_dv4_dg(dg) {
return "";
}
if (length(dg) > 0) {
return `flush set inet fw4 tp_spec_dv4_dg\nadd element inet fw4 tp_spec_dv4_dg { ${join(", ", dg)} }\n`;
return `set tp_spec_dv4_dg {
type ipv4_addr
size 16
flags interval
elements = { ${join(", ", dg)} }
}\n`;
}
return "";
}
function gen_tp_spec_dv6_dg(pd) {
if (length(pd) > 0) {
return `flush set inet fw4 tp_spec_dv6_dg\nadd element inet fw4 tp_spec_dv6_dg { ${join(", ", pd)} }\n`;
return `set tp_spec_dv6_dg {
type ipv6_addr
size 16
flags interval
elements = { ${join(", ", pd)} }
}\n`;
}
return "";
}
function update_nft(dg, pd) {
const process = popen("nft -f -", "w");
process.write(gen_tp_spec_dv4_dg(dg));
process.write(gen_tp_spec_dv6_dg(pd));
process.flush();
process.close();
function generate_include(rule_dg, rule_pd, file_path) {
const handle = open(file_path, "w");
handle.write(rule_dg);
handle.write(rule_pd);
handle.flush();
handle.close();
}
function update_nft(rule_dg, rule_pd) {
const handle = popen("nft -f -", "w");
handle.write(`table inet fw4 {
${rule_dg}
${rule_pd}
}`);
handle.flush();
handle.close();
}
function restart_dnsmasq_if_necessary() {
@ -82,6 +102,9 @@ if (log == "") {
print("default gateway not available, please wait for interface ready");
} else {
print(`default gateway available at ${log}\n`);
update_nft(dg, pd);
const rule_dg = gen_tp_spec_dv4_dg(dg);
const rule_pd = gen_tp_spec_dv6_dg(pd);
update_nft(rule_dg, rule_pd);
generate_include(rule_dg, rule_pd, "/var/etc/xray/02_default_gateway_include.nft");
}
restart_dnsmasq_if_necessary();

40
luci-app-xray/core/root/usr/share/xray/firewall_include.ut
View File

@ -127,7 +127,8 @@
set tp_spec_dv4_sp {
type ipv4_addr
flags constant,interval
size 32
flags interval
elements = { 0.0.0.0/8, 10.0.0.0/8,
100.64.0.0/10, 127.0.0.0/8,
169.254.0.0/16, 172.16.0.0/12,
@ -137,7 +138,8 @@
set tp_spec_dv6_sp {
type ipv6_addr
flags constant,interval
size 32
flags interval
elements = { ::,
::1,
::ffff:0.0.0.0/96,
@ -156,7 +158,7 @@
{% if (length(tp_spec_sm4_bp) > 0): %}
set tp_spec_sm4_bp {
type ether_addr
flags constant
size {{ length(tp_spec_sm4_bp) * 2 + 1 }}
elements = { {{ join(", ", tp_spec_sm4_bp) }} }
}
{% endif %}
@ -164,7 +166,7 @@
{% if (length(tp_spec_sm6_bp) > 0): %}
set tp_spec_sm6_bp {
type ether_addr
flags constant
size {{ length(tp_spec_sm6_bp) * 2 + 1 }}
elements = { {{ join(", ", tp_spec_sm6_bp) }} }
}
{% endif %}
@ -172,7 +174,7 @@
{% if (length(tp_spec_sm4_tp) > 0): %}
set tp_spec_sm4_tp {
type ether_addr
flags constant
size {{ length(tp_spec_sm4_tp) * 2 + 1 }}
elements = { {{ join(", ", tp_spec_sm4_tp) }} }
}
{% endif %}
@ -180,7 +182,7 @@
{% if (length(tp_spec_sm6_tp) > 0): %}
set tp_spec_sm6_tp {
type ether_addr
flags constant
size {{ length(tp_spec_sm6_tp) * 2 + 1 }}
elements = { {{ join(", ", tp_spec_sm6_tp) }} }
}
{% endif %}
@ -188,7 +190,7 @@
{% for (let i in extra_inbound_tcp_v4_map): %}
set tp_spec_sm4_ft_{{ i }} {
type ether_addr
flags constant
size {{ length(extra_inbound_tcp_v4_map) * 2 + 1 }}
elements = { {{ join(", ", extra_inbound_tcp_v4_map[i]) }} }
}
{% endfor %}
@ -196,7 +198,7 @@
{% for (let i in extra_inbound_udp_v4_map): %}
set tp_spec_sm4_fu_{{ i }} {
type ether_addr
flags constant
size {{ length(extra_inbound_udp_v4_map) * 2 + 1 }}
elements = { {{ join(", ", extra_inbound_udp_v4_map[i]) }} }
}
{% endfor %}
@ -204,7 +206,7 @@
{% for (let i in extra_inbound_tcp_v6_map): %}
set tp_spec_sm6_ft_{{ i }} {
type ether_addr
flags constant
size {{ length(extra_inbound_tcp_v6_map) * 2 + 1 }}
elements = { {{ join(", ", extra_inbound_tcp_v6_map[i]) }} }
}
{% endfor %}
@ -212,7 +214,7 @@
{% for (let i in extra_inbound_udp_v6_map): %}
set tp_spec_sm6_fu_{{ i }} {
type ether_addr
flags constant
size {{ length(extra_inbound_udp_v6_map) * 2 + 1 }}
elements = { {{ join(", ", extra_inbound_udp_v6_map[i]) }} }
}
{% endfor %}
@ -220,7 +222,7 @@
{% if (length(manual_tproxy_source_ips) > 0): %}
set tp_spec_dv4_mt {
type ipv4_addr
flags constant, interval
size {{ length(manual_tproxy_source_ips) * 2 + 1 }}
elements = { {{ join(", ", manual_tproxy_source_ips) }} }
}
{% endif %}
@ -228,8 +230,8 @@
{% if (length(wan_bp_ips_v4) > 0): %}
set tp_spec_dv4_bp {
type ipv4_addr
size {{ length(wan_bp_ips_v4) }}
flags constant, interval
size {{ length(wan_bp_ips_v4) * 2 + 1 }}
flags interval
elements = { {{ join(", ", wan_bp_ips_v4)}} }
}
{% endif %}
@ -237,8 +239,8 @@
{% if (length(wan_bp_ips_v6) > 0): %}
set tp_spec_dv6_bp {
type ipv6_addr
size {{ length(wan_bp_ips_v6) }}
flags constant, interval
size {{ length(wan_bp_ips_v6) * 2 + 1 }}
flags interval
elements = { {{ join(", ", wan_bp_ips_v6)}} }
}
{% endif %}
@ -246,8 +248,8 @@
{% if (length(wan_fw_ips_v4) > 0): %}
set tp_spec_dv4_fw {
type ipv4_addr
size {{ length(wan_fw_ips_v4) }}
flags constant, interval
size {{ length(wan_fw_ips_v4) * 2 + 1 }}
flags interval
elements = { {{ join(", ", wan_fw_ips_v4)}} }
}
{% endif %}
@ -255,8 +257,8 @@
{% if (length(wan_fw_ips_v6) > 0): %}
set tp_spec_dv6_fw {
type ipv6_addr
size {{ length(wan_fw_ips_v6) }}
flags constant, interval
size {{ length(wan_fw_ips_v6) * 2 + 1 }}
flags interval
elements = { {{ join(", ", wan_fw_ips_v6)}} }
}
{% endif %}

2
luci-app-xray/status/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-xray-status
PKG_VERSION:=3.3.0
PKG_VERSION:=3.3.1
PKG_RELEASE:=1
PKG_LICENSE:=MPLv2