update 2024-06-07 14:14:40

2025-01-07 07:06:58 +08:00 · 2024-06-07 14:14:40 +08:00 · 2024-06-07 14:14:40 +08:00 · f73b47c646
commit f73b47c646
parent 62ea9386e7
8 changed files with 200 additions and 83 deletions
--- a/luci-app-rtbwmon/Makefile
+++ b/luci-app-rtbwmon/Makefile
@ -2,7 +2,7 @@

 include $(TOPDIR)/rules.mk

-PKG_VERSION:=1.0.3-1
+PKG_VERSION:=1.0.4-1
 PKG_RELEASE:=
 PKG_MAINTAINER:=jjm2473 <jjm2473@gmail.com>

--- a/luci-app-rtbwmon/htdocs/luci-static/rtbwmon/rtbwmon.js
+++ b/luci-app-rtbwmon/htdocs/luci-static/rtbwmon/rtbwmon.js
@ -511,6 +511,17 @@
            let iface_select = document.getElementById('iface_select');
            let selected = iface_select.value;
            let ifaces = responseText.trimEnd().split('\n').filter(line=>line).map(iface=>{
+                let priority = 0;
+                switch (iface) {
+                    case "br-lan":
+                        priority = -2;
+                        break;
+                    case "docker0":
+                        priority = -1;
+                        break;
+                }
+                return {iface:iface, priority:priority};
+            }).sort((a,b)=>a.priority-b.priority).map(o=>o.iface).map(iface=>{
                let option = document.createElement('option');
                option.value = iface;
                option.innerHTML = iface;
--- a/luci-app-rtbwmon/root/usr/libexec/rtbwmon.sh
+++ b/luci-app-rtbwmon/root/usr/libexec/rtbwmon.sh
@ -29,7 +29,7 @@ lookup() {
 }

 get_wan_iface() {
-    tail -n +2 /proc/net/route | sed -n -e 's/^\([^\t]\+\)\t00000000\t[^\t]\+\t[^\t]\+\t[^\t]\+\t[^\t]\+\t[^\t]\+\t00000000\t.*$/\1/p'
+    tail -n +2 /proc/net/route | sed -n -e 's/^\([^\t]\+\)\t00000000\t[^\t]\+\t[^\t]\+\t[^\t]\+\t[^\t]\+\t[^\t]\+\t00000000\t.*$/\1/p' | head -1
 }

 get_arp_excluded() {
@ -38,7 +38,7 @@ get_arp_excluded() {

 enforce_wan_iface() {
    local INTERFACE="$1"
-    [[ "$INTERFACE" = "br-lan" ]] && INTERFACE=`uci show network.wan | grep -E 'network\.wan\.(device|ifname)' | sed -n -e "1s/network\\.wan\\.[^=]\\+='\\([^']\\+\\)'\$/\\1/p"`
+    [[ "$INTERFACE" = "br-lan" ]] && INTERFACE=`uci show network.wan | grep -E 'network\.wan\.(device|ifname)=' | sed -n -e "1s/network\\.wan\\.[^=]\\+='\\([^']\\+\\)'\$/\\1/p"`
    [ -z "$INTERFACE" ] && INTERFACE="/"
    echo "$INTERFACE"
 }
@ -175,7 +175,7 @@ show_ifaces() {
    local WAN_INTERFACE=`get_wan_iface`
    [ -z "$WAN_INTERFACE" ] && return 1
    WAN_INTERFACE="$(enforce_wan_iface "$WAN_INTERFACE")"
-    ip addr show scope global up | grep '^ \+inet ' | sed -n -e 's/^.* \([^ ]\+\)$/\1/p' | grep -Fv "$WAN_INTERFACE" | sort -u
+    ip addr show scope global up | grep '^ \+inet ' | sed -n -e 's/^.* \([^ ]\+\)$/\1/p' | grep -Fxv "$WAN_INTERFACE" | sort -u
 }

 prerm() {
--- a/natflow/Makefile
+++ b/natflow/Makefile
@ -99,6 +99,8 @@ define Package/natflow-auth/install
 	$(INSTALL_DATA) ./files/20-natflow-zone.hotplug $(1)/etc/hotplug.d/iface/20-natflow-zone
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) ./files/urllogger-ctl.sh $(1)/usr/sbin/urllogger-ctl
+	$(INSTALL_BIN) ./files/natflow-hostacl.init $(1)/etc/init.d/natflow-hostacl
+	$(INSTALL_DATA) ./files/hostacl.config $(1)/etc/config/hostacl
 endef

 $(eval $(call KernelPackage,natflow))
--- a/natflow/files/hostacl.config
+++ b/natflow/files/hostacl.config
@ -0,0 +1,29 @@
+config main
+	option enabled '0'
+
+config rule
+        list host "baidu.com" #baidu.com and ALL *.baidu.com
+        list host "www.qq.com" #www.qq.com and ALL *.www.qq.com
+        option action "reset"
+        option disabled '1'
+        list ip '192.168.15.100'
+	list ipv6 'fd57:538a:7ca5::/64'
+        list mac 'aa:bb:cc:11:22:33'
+
+config rule
+        list host "google.com" #google.com and ALL *.google.com
+        list host "v.qq.com"
+        option action "drop"
+        option disabled '1'
+        list ip '192.168.15.200,192.168.15.250-192.168.15.254'
+
+config rule
+        list host "1.2.3.4" #HTTP ip access
+        option action "reset"
+        option disabled '1'
+        option mac 'aa:bb:cc:11:22:33,aa:bb:cc:11:22:44,aa:bb:cc:11:22:55'
+
+config rule
+        list host "cn" #cn and ALL .cn domains
+        option action 'record'
+        option disabled "1"
--- a/natflow/files/natflow-hostacl.init
+++ b/natflow/files/natflow-hostacl.init
@ -0,0 +1,101 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2018-2024 X-WRT
+
+START=95
+
+IPOPS="lua /usr/lib/lua/ipops.lua"
+test -e /usr/share/natflow/ipops.lua && IPOPS="lua /usr/share/natflow/ipops.lua"
+
+stop()
+{
+	test -c /dev/hostacl_ctl || return 0
+	echo clear >/dev/hostacl_ctl
+	for i in $(seq 0 31); do
+		ipset destroy host_acl_rule${i}_mac 2>/dev/null
+		ipset destroy host_acl_rule${i}_ipv4 2>/dev/null
+		ipset destroy host_acl_rule${i}_ipv6 2>/dev/null
+	done
+}
+
+# ipset_add ipsetname net
+ipv4set_add()
+{
+	local ipsetname=$1
+	local net=$2
+	#hack for 0.0.0.0/0
+	[ "$net" = "0.0.0.0/0" ] && net="0.0.0.0/1 128.0.0.0/1"
+	for n in $net; do
+		ipset add $ipsetname $n
+	done
+}
+
+start()
+{
+	test -c /dev/hostacl_ctl || return 0
+	stop
+	enabled=$(uci get hostacl.@main[0].enabled 2>/dev/null || echo 0)
+	[ $enabled = "0" ] && return 0
+
+	idx=0
+	while uci get hostacl.@rule[$idx] &>/dev/null; do
+		disabled=$(uci get hostacl.@rule[$idx].disabled 2>/dev/null || echo 0)
+		if [ "$disabled" = "1" ]; then
+			idx=$((idx+1))
+			continue
+		fi
+
+		ip=$(uci get hostacl.@rule[$idx].ip 2>/dev/null)
+		ip=$($IPOPS netStrings2ipcidrStrings "$ip")
+		if [ "$(echo $ip | sed 's/,/ /g' | wc -w)" -gt 1 ]; then
+			ipset create host_acl_rule${idx}_ipv4 hash:net family inet 2>/dev/null
+			ipset flush host_acl_rule${idx}_ipv4
+			for net in $(echo $ip | sed 's/,/ /g'); do
+				ipv4set_add host_acl_rule${idx}_ipv4 $net
+			done
+		fi
+
+		ipv6=$(uci get hostacl.@rule[$idx].ipv6 2>/dev/null)
+		if test -n "$ipv6"; then
+			ipset create host_acl_rule${idx}_ipv6 hash:net family inet6 2>/dev/null
+			ipset flush host_acl_rule${idx}_ipv6
+			for net in $(echo $ipv6 | sed "s/,/ /g;s/'/ /g"); do
+				ipset add host_acl_rule${idx}_ipv6 $net
+			done
+		fi
+
+		mac=$(uci get hostacl.@rule[$idx].mac 2>/dev/null)
+		if test -n "$mac"; then
+			ipset create host_acl_rule${idx}_mac hash:mac 2>/dev/null
+			ipset flush host_acl_rule${idx}_mac
+			for net in $(echo $mac | sed "s/,/ /g;s/'/ /g"); do
+				ipset add host_acl_rule${idx}_mac $net
+			done
+		fi
+
+		action=$(uci get hostacl.@rule[$idx].action 2>/dev/null)
+		if [ "$action" = "record" ]; then
+			action=0
+		elif [ "$action" = "drop" ]; then
+			action=1
+		elif [ "$action" = "reset" ]; then
+			action=2
+		elif [ "$action" = "redirect" ]; then
+			action=3
+		else
+			action=0
+		fi
+
+		host=$(uci get hostacl.@rule[$idx].host 2>/dev/null)
+		host=$(echo $host | sed "s/,/ /g;s/'/ /g")
+		for HOST in $host; do
+			echo add acl=${idx},${action},$HOST >/dev/hostacl_ctl
+		done
+
+		idx=$((idx+1))
+	done
+}
+
+restart()
+{
+	start
+}
--- a/natflow/files/natflow.config
+++ b/natflow/files/natflow.config
@ -46,29 +46,3 @@ config qos_simple "simple1"
 	option rx_rate '10Mbps'
 	option tx_rate '5Mbps'
 	option disabled '1'
-
-config hostacl
-	list host "baidu.com" #baidu.com and ALL *.baidu.com
-	list host "www.qq.com" #www.qq.com and ALL *.www.qq.com
-	option action "reset"
-	option disabled '1'
-	list ip '192.168.15.100'
-	list mac 'aa:bb:cc:11:22:33'
-
-config hostacl
-	list host "google.com" #google.com and ALL *.google.com
-	list host "v.qq.com"
-	option action "drop"
-	option disabled '1'
-	list ip '192.168.15.200,192.168.15.250-192.168.15.254'
-
-config hostacl
-	list host "1.2.3.4" #HTTP ip access
-	option action "reset"
-	option disabled '1'
-	option mac 'aa:bb:cc:11:22:33,aa:bb:cc:11:22:44,aa:bb:cc:11:22:55'
-
-config hostacl
-	list host "cn" #cn and ALL .cn domains
-	option action 'record'
-	option disabled "1"