update 2024-06-07 14:14:40

luci-app-rtbwmon/Makefile

@@ -2,7 +2,7 @@
 
 include $(TOPDIR)/rules.mk
 
-PKG_VERSION:=1.0.3-1
+PKG_VERSION:=1.0.4-1
 PKG_RELEASE:=
 PKG_MAINTAINER:=jjm2473 <jjm2473@gmail.com>
 

luci-app-rtbwmon/htdocs/luci-static/rtbwmon/rtbwmon.js

@@ -511,6 +511,17 @@
             let iface_select = document.getElementById('iface_select');
             let selected = iface_select.value;
             let ifaces = responseText.trimEnd().split('\n').filter(line=>line).map(iface=>{
+                let priority = 0;
+                switch (iface) {
+                    case "br-lan":
+                        priority = -2;
+                        break;
+                    case "docker0":
+                        priority = -1;
+                        break;
+                }
+                return {iface:iface, priority:priority};
+            }).sort((a,b)=>a.priority-b.priority).map(o=>o.iface).map(iface=>{
                 let option = document.createElement('option');
                 option.value = iface;
                 option.innerHTML = iface;

luci-app-rtbwmon/root/usr/libexec/rtbwmon.sh

@@ -29,7 +29,7 @@ lookup() {
 }
 
 get_wan_iface() {
-    tail -n +2 /proc/net/route | sed -n -e 's/^\([^\t]\+\)\t00000000\t[^\t]\+\t[^\t]\+\t[^\t]\+\t[^\t]\+\t[^\t]\+\t00000000\t.*$/\1/p'
+    tail -n +2 /proc/net/route | sed -n -e 's/^\([^\t]\+\)\t00000000\t[^\t]\+\t[^\t]\+\t[^\t]\+\t[^\t]\+\t[^\t]\+\t00000000\t.*$/\1/p' | head -1
 }
 
 get_arp_excluded() {
@@ -38,7 +38,7 @@ get_arp_excluded() {
 
 enforce_wan_iface() {
     local INTERFACE="$1"
-    [[ "$INTERFACE" = "br-lan" ]] && INTERFACE=`uci show network.wan | grep -E 'network\.wan\.(device|ifname)' | sed -n -e "1s/network\\.wan\\.[^=]\\+='\\([^']\\+\\)'\$/\\1/p"`
+    [[ "$INTERFACE" = "br-lan" ]] && INTERFACE=`uci show network.wan | grep -E 'network\.wan\.(device|ifname)=' | sed -n -e "1s/network\\.wan\\.[^=]\\+='\\([^']\\+\\)'\$/\\1/p"`
     [ -z "$INTERFACE" ] && INTERFACE="/"
     echo "$INTERFACE"
 }
@@ -175,7 +175,7 @@ show_ifaces() {
     local WAN_INTERFACE=`get_wan_iface`
     [ -z "$WAN_INTERFACE" ] && return 1
     WAN_INTERFACE="$(enforce_wan_iface "$WAN_INTERFACE")"
-    ip addr show scope global up | grep '^ \+inet ' | sed -n -e 's/^.* \([^ ]\+\)$/\1/p' | grep -Fv "$WAN_INTERFACE" | sort -u
+    ip addr show scope global up | grep '^ \+inet ' | sed -n -e 's/^.* \([^ ]\+\)$/\1/p' | grep -Fxv "$WAN_INTERFACE" | sort -u
 }
 
 prerm() {

natflow/Makefile

@@ -99,6 +99,8 @@ define Package/natflow-auth/install
 	$(INSTALL_DATA) ./files/20-natflow-zone.hotplug $(1)/etc/hotplug.d/iface/20-natflow-zone
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) ./files/urllogger-ctl.sh $(1)/usr/sbin/urllogger-ctl
+	$(INSTALL_BIN) ./files/natflow-hostacl.init $(1)/etc/init.d/natflow-hostacl
+	$(INSTALL_DATA) ./files/hostacl.config $(1)/etc/config/hostacl
 endef
 
 $(eval $(call KernelPackage,natflow))

natflow/files/hostacl.config

@@ -0,0 +1,29 @@
+config main
+	option enabled '0'
+
+config rule
+        list host "baidu.com" #baidu.com and ALL *.baidu.com
+        list host "www.qq.com" #www.qq.com and ALL *.www.qq.com
+        option action "reset"
+        option disabled '1'
+        list ip '192.168.15.100'
+	list ipv6 'fd57:538a:7ca5::/64'
+        list mac 'aa:bb:cc:11:22:33'
+
+config rule
+        list host "google.com" #google.com and ALL *.google.com
+        list host "v.qq.com"
+        option action "drop"
+        option disabled '1'
+        list ip '192.168.15.200,192.168.15.250-192.168.15.254'
+
+config rule
+        list host "1.2.3.4" #HTTP ip access
+        option action "reset"
+        option disabled '1'
+        option mac 'aa:bb:cc:11:22:33,aa:bb:cc:11:22:44,aa:bb:cc:11:22:55'
+
+config rule
+        list host "cn" #cn and ALL .cn domains
+        option action 'record'
+        option disabled "1"

natflow/files/natflow-hostacl.init

@@ -0,0 +1,101 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2018-2024 X-WRT
+
+START=95
+
+IPOPS="lua /usr/lib/lua/ipops.lua"
+test -e /usr/share/natflow/ipops.lua && IPOPS="lua /usr/share/natflow/ipops.lua"
+
+stop()
+{
+	test -c /dev/hostacl_ctl || return 0
+	echo clear >/dev/hostacl_ctl
+	for i in $(seq 0 31); do
+		ipset destroy host_acl_rule${i}_mac 2>/dev/null
+		ipset destroy host_acl_rule${i}_ipv4 2>/dev/null
+		ipset destroy host_acl_rule${i}_ipv6 2>/dev/null
+	done
+}
+
+# ipset_add ipsetname net
+ipv4set_add()
+{
+	local ipsetname=$1
+	local net=$2
+	#hack for 0.0.0.0/0
+	[ "$net" = "0.0.0.0/0" ] && net="0.0.0.0/1 128.0.0.0/1"
+	for n in $net; do
+		ipset add $ipsetname $n
+	done
+}
+
+start()
+{
+	test -c /dev/hostacl_ctl || return 0
+	stop
+	enabled=$(uci get hostacl.@main[0].enabled 2>/dev/null || echo 0)
+	[ $enabled = "0" ] && return 0
+
+	idx=0
+	while uci get hostacl.@rule[$idx] &>/dev/null; do
+		disabled=$(uci get hostacl.@rule[$idx].disabled 2>/dev/null || echo 0)
+		if [ "$disabled" = "1" ]; then
+			idx=$((idx+1))
+			continue
+		fi
+
+		ip=$(uci get hostacl.@rule[$idx].ip 2>/dev/null)
+		ip=$($IPOPS netStrings2ipcidrStrings "$ip")
+		if [ "$(echo $ip | sed 's/,/ /g' | wc -w)" -gt 1 ]; then
+			ipset create host_acl_rule${idx}_ipv4 hash:net family inet 2>/dev/null
+			ipset flush host_acl_rule${idx}_ipv4
+			for net in $(echo $ip | sed 's/,/ /g'); do
+				ipv4set_add host_acl_rule${idx}_ipv4 $net
+			done
+		fi
+
+		ipv6=$(uci get hostacl.@rule[$idx].ipv6 2>/dev/null)
+		if test -n "$ipv6"; then
+			ipset create host_acl_rule${idx}_ipv6 hash:net family inet6 2>/dev/null
+			ipset flush host_acl_rule${idx}_ipv6
+			for net in $(echo $ipv6 | sed "s/,/ /g;s/'/ /g"); do
+				ipset add host_acl_rule${idx}_ipv6 $net
+			done
+		fi
+
+		mac=$(uci get hostacl.@rule[$idx].mac 2>/dev/null)
+		if test -n "$mac"; then
+			ipset create host_acl_rule${idx}_mac hash:mac 2>/dev/null
+			ipset flush host_acl_rule${idx}_mac
+			for net in $(echo $mac | sed "s/,/ /g;s/'/ /g"); do
+				ipset add host_acl_rule${idx}_mac $net
+			done
+		fi
+
+		action=$(uci get hostacl.@rule[$idx].action 2>/dev/null)
+		if [ "$action" = "record" ]; then
+			action=0
+		elif [ "$action" = "drop" ]; then
+			action=1
+		elif [ "$action" = "reset" ]; then
+			action=2
+		elif [ "$action" = "redirect" ]; then
+			action=3
+		else
+			action=0
+		fi
+
+		host=$(uci get hostacl.@rule[$idx].host 2>/dev/null)
+		host=$(echo $host | sed "s/,/ /g;s/'/ /g")
+		for HOST in $host; do
+			echo add acl=${idx},${action},$HOST >/dev/hostacl_ctl
+		done
+
+		idx=$((idx+1))
+	done
+}
+
+restart()
+{
+	start
+}

natflow/files/natflow.config

@@ -46,29 +46,3 @@ config qos_simple "simple1"
 	option rx_rate '10Mbps'
 	option tx_rate '5Mbps'
 	option disabled '1'
-
-config hostacl
-	list host "baidu.com" #baidu.com and ALL *.baidu.com
-	list host "www.qq.com" #www.qq.com and ALL *.www.qq.com
-	option action "reset"
-	option disabled '1'
-	list ip '192.168.15.100'
-	list mac 'aa:bb:cc:11:22:33'
-
-config hostacl
-	list host "google.com" #google.com and ALL *.google.com
-	list host "v.qq.com"
-	option action "drop"
-	option disabled '1'
-	list ip '192.168.15.200,192.168.15.250-192.168.15.254'
-
-config hostacl
-	list host "1.2.3.4" #HTTP ip access
-	option action "reset"
-	option disabled '1'
-	option mac 'aa:bb:cc:11:22:33,aa:bb:cc:11:22:44,aa:bb:cc:11:22:55'
-
-config hostacl
-	list host "cn" #cn and ALL .cn domains
-	option action 'record'
-	option disabled "1"

sing-box/files/sing-box.init

@@ -1,54 +1,54 @@
-#!/bin/sh /etc/rc.common
-#
-# Copyright (C) 2022 by nekohasekai <contact-sagernet@sekai.icu>
-# 
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-# 
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#
-
-START=99
-USE_PROCD=1
-
-#####  ONLY CHANGE THIS BLOCK  ######
-PROG=/usr/bin/sing-box # where is sing-box
-RES_DIR=/etc/sing-box/ # resource dir / working dir / the dir where you store ip/domain lists
-CONF=./config.json   # where is the config file, it can be a relative path to $RES_DIR
-#####  ONLY CHANGE THIS BLOCK  ######
-
-start_service() {
-  procd_open_instance
-  procd_set_param command $PROG run -D $RES_DIR -c $CONF
-
-  procd_set_param user root
-  procd_set_param limits core="unlimited"
-  procd_set_param limits nofile="1000000 1000000"
-  procd_set_param stdout 1
-  procd_set_param stderr 1
-  procd_set_param respawn "${respawn_threshold:-3600}" "${respawn_timeout:-5}" "${respawn_retry:-5}"
-  procd_close_instance
-  iptables -I FORWARD -o tun+ -j ACCEPT
-  echo "sing-box is started!"
-}
-
-stop_service() {
-  service_stop $PROG
-  iptables -D FORWARD -o tun+ -j ACCEPT
-  echo "sing-box is stopped!"
-}
-
-reload_service() {
-  stop
-  sleep 2s
-  echo "sing-box is restarted!"
-  start
+#!/bin/sh /etc/rc.common
+#
+# Copyright (C) 2022 by nekohasekai <contact-sagernet@sekai.icu>
+# 
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+# 
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+START=99
+USE_PROCD=1
+
+#####  ONLY CHANGE THIS BLOCK  ######
+PROG=/usr/bin/sing-box # where is sing-box
+RES_DIR=/etc/sing-box/ # resource dir / working dir / the dir where you store ip/domain lists
+CONF=./config.json   # where is the config file, it can be a relative path to $RES_DIR
+#####  ONLY CHANGE THIS BLOCK  ######
+
+start_service() {
+  procd_open_instance
+  procd_set_param command $PROG run -D $RES_DIR -c $CONF
+
+  procd_set_param user root
+  procd_set_param limits core="unlimited"
+  procd_set_param limits nofile="1000000 1000000"
+  procd_set_param stdout 1
+  procd_set_param stderr 1
+  procd_set_param respawn "${respawn_threshold:-3600}" "${respawn_timeout:-5}" "${respawn_retry:-5}"
+  procd_close_instance
+  iptables -I FORWARD -o tun+ -j ACCEPT
+  echo "sing-box is started!"
+}
+
+stop_service() {
+  service_stop $PROG
+  iptables -D FORWARD -o tun+ -j ACCEPT
+  echo "sing-box is stopped!"
+}
+
+reload_service() {
+  stop
+  sleep 2s
+  echo "sing-box is restarted!"
+  start
 }