OpenWrt/kenzok8-small
1
0
Fork 0
mirror of https://github.com/kenzok8/small.git synced 2025-01-07 03:26:39 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

update 2024-12-07 16:16:26

Browse Source
This commit is contained in:
actions-user 2024-12-07 16:16:26 +08:00
parent c53e512273
commit 348d92801f
12 changed files with 317 additions and 153 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
luci-app-mihomo/Makefile
View File

@ -1,6 +1,6 @@
include $(TOPDIR)/rules.mk
PKG_VERSION:=1.13.2
PKG_VERSION:=1.13.3
LUCI_TITLE:=LuCI Support for mihomo
LUCI_DEPENDS:=+luci-base +mihomo

3
luci-app-passwall/luasrc/model/cbi/passwall/client/rule.lua
View File

@ -94,7 +94,8 @@ if has_xray or has_singbox then
o.rmempty = false
o.description = "<ul>"
.. "<li>" .. translate("Experimental feature.") .. "</li>"
.. "<li>" .. translate("Analyzes and preloads GeoIP/Geosite data to enhance the shunt performance of Sing-box/Xray.") .. "</li>"
.. "<li>" .. "1." .. translate("Analyzes and preloads GeoIP/Geosite data to enhance the shunt performance of Sing-box/Xray.") .. "</li>"
.. "<li>" .. "2." .. translate("Once enabled, the rule list can support GeoIP/Geosite rules.") .. "</li>"
.. "<li>" .. translate("Note: Increases resource usage; Geosite analysis is only supported in ChinaDNS-NG and SmartDNS modes.") .. "</li>"
.. "</ul>"
end

12
luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua
View File

@ -41,7 +41,7 @@ o.validate = function(self, value)
value = value:gsub("^%s+", ""):gsub("%s+$","\n"):gsub("\r\n","\n"):gsub("[ \t]*\n[ \t]*", "\n")
string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(hosts, w) end)
for index, host in ipairs(hosts) do
if host:sub(1, 1) == "#" then
if host:sub(1, 1) == "#" or host:sub(1, 8) == "geosite:" then
return value
end
if not datatypes.hostname(host) then
@ -70,7 +70,7 @@ o.validate = function(self, value)
value = value:gsub("^%s+", ""):gsub("%s+$","\n"):gsub("\r\n","\n"):gsub("[ \t]*\n[ \t]*", "\n")
string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(ipmasks, w) end)
for index, ipmask in ipairs(ipmasks) do
if ipmask:sub(1, 1) == "#" then
if ipmask:sub(1, 1) == "#" or ipmask:sub(1, 6) == "geoip:" then
return value
end
if not ( datatypes.ipmask4(ipmask) or datatypes.ipmask6(ipmask) ) then
@ -101,7 +101,7 @@ o.validate = function(self, value)
value = value:gsub("^%s+", ""):gsub("%s+$","\n"):gsub("\r\n","\n"):gsub("[ \t]*\n[ \t]*", "\n")
string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(hosts, w) end)
for index, host in ipairs(hosts) do
if host:sub(1, 1) == "#" then
if host:sub(1, 1) == "#" or host:sub(1, 8) == "geosite:" then
return value
end
if not datatypes.hostname(host) then
@ -130,7 +130,7 @@ o.validate = function(self, value)
value = value:gsub("^%s+", ""):gsub("%s+$","\n"):gsub("\r\n","\n"):gsub("[ \t]*\n[ \t]*", "\n")
string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(ipmasks, w) end)
for index, ipmask in ipairs(ipmasks) do
if ipmask:sub(1, 1) == "#" then
if ipmask:sub(1, 1) == "#" or ipmask:sub(1, 6) == "geoip:" then
return value
end
if not ( datatypes.ipmask4(ipmask) or datatypes.ipmask6(ipmask) ) then
@ -159,7 +159,7 @@ o.validate = function(self, value)
value = value:gsub("^%s+", ""):gsub("%s+$","\n"):gsub("\r\n","\n"):gsub("[ \t]*\n[ \t]*", "\n")
string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(hosts, w) end)
for index, host in ipairs(hosts) do
if host:sub(1, 1) == "#" then
if host:sub(1, 1) == "#" or host:sub(1, 8) == "geosite:" then
return value
end
if not datatypes.hostname(host) then
@ -188,7 +188,7 @@ o.validate = function(self, value)
value = value:gsub("^%s+", ""):gsub("%s+$","\n"):gsub("\r\n","\n"):gsub("[ \t]*\n[ \t]*", "\n")
string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(ipmasks, w) end)
for index, ipmask in ipairs(ipmasks) do
if ipmask:sub(1, 1) == "#" then
if ipmask:sub(1, 1) == "#" or ipmask:sub(1, 6) == "geoip:" then
return value
end
if not ( datatypes.ipmask4(ipmask) or datatypes.ipmask6(ipmask) ) then

3
luci-app-passwall/po/zh-cn/passwall.po
View File

@ -934,6 +934,9 @@ msgstr "开启 Geo 数据解析"
msgid "Analyzes and preloads GeoIP/Geosite data to enhance the shunt performance of Sing-box/Xray."
msgstr "分析和预加载 GeoIP/Geosite 数据,以增强 Sing-box/Xray 的分流效果。"
msgid "Once enabled, the rule list can support GeoIP/Geosite rules."
msgstr "启用后,规则列表可以支持 GeoIP/Geosite 规则。"
msgid "Note: Increases resource usage; Geosite analysis is only supported in ChinaDNS-NG and SmartDNS modes."
msgstr "注:会增加一些系统资源的开销,仅在 ChinaDNS-NG 和 SmartDNS 模式下支持分析 Geosite 。"

25
luci-app-passwall/root/usr/share/passwall/app.sh
View File

@ -359,17 +359,6 @@ parse_doh() {
eval "${__url_var}='${__url}' ${__host_var}='${__host}' ${__port_var}='${__port}' ${__bootstrap_var}='${__bootstrap}'"
}
get_dnsmasq_conf_dir() {
local dnsmasq_conf_path=$(grep -l "^conf-dir=" /tmp/etc/dnsmasq.conf.${DEFAULT_DNSMASQ_CFGID})
[ -n "$dnsmasq_conf_path" ] && {
local dnsmasq_conf_dir=$(grep '^conf-dir=' "$dnsmasq_conf_path" | cut -d'=' -f2 | head -n 1)
[ -n "$dnsmasq_conf_dir" ] && {
DNSMASQ_CONF_DIR=${dnsmasq_conf_dir%*/}
TMP_DNSMASQ_PATH=${DNSMASQ_CONF_DIR}/${CONFIG}
}
}
}
run_ipt2socks() {
local flag proto tcp_tproxy local_port socks_address socks_port socks_username socks_password log_file
local _extra_param=""
@ -2010,7 +1999,17 @@ RESOLVFILE=/tmp/resolv.conf.d/resolv.conf.auto
ISP_DNS=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort -u | grep -v 0.0.0.0 | grep -v 127.0.0.1)
ISP_DNS6=$(cat $RESOLVFILE 2>/dev/null | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | awk -F % '{print $1}' | awk -F " " '{print $2}'| sort -u | grep -v -Fx ::1 | grep -v -Fx ::)
DEFAULT_DNSMASQ_CFGID=$(uci show dhcp.@dnsmasq[0] | awk -F '.' '{print $2}' | awk -F '=' '{print $1}'| head -1)
DEFAULT_DNSMASQ_CFGID="$(uci -q show "dhcp.@dnsmasq[0]" | awk 'NR==1 {split($0, conf, /[.=]/); print conf[2]}')"
if [ -f "/tmp/etc/dnsmasq.conf.$DEFAULT_DNSMASQ_CFGID" ]; then
DNSMASQ_CONF_DIR="$(awk -F '=' '/^conf-dir=/ {print $2}' "/tmp/etc/dnsmasq.conf.$DEFAULT_DNSMASQ_CFGID")"
if [ -n "$DNSMASQ_CONF_DIR" ]; then
DNSMASQ_CONF_DIR=${DNSMASQ_CONF_DIR%*/}
TMP_DNSMASQ_PATH=${DNSMASQ_CONF_DIR}/${CONFIG}
else
DNSMASQ_CONF_DIR="/tmp/dnsmasq.d"
fi
fi
DEFAULT_DNS=$(uci show dhcp.@dnsmasq[0] | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' '\n' | grep -v "\/" | head -2 | sed ':label;N;s/\n/,/;b label')
[ -z "${DEFAULT_DNS}" ] && [ "$(echo $ISP_DNS | tr ' ' '\n' | wc -l)" -le 2 ] && DEFAULT_DNS=$(echo -n $ISP_DNS | tr ' ' '\n' | head -2 | tr '\n' ',')
LOCAL_DNS="${DEFAULT_DNS:-119.29.29.29,223.5.5.5}"
@ -2020,8 +2019,6 @@ DNS_QUERY_STRATEGY="UseIP"
[ "$FILTER_PROXY_IPV6" = "1" ] && DNS_QUERY_STRATEGY="UseIPv4"
DNSMASQ_FILTER_PROXY_IPV6=${FILTER_PROXY_IPV6}
get_dnsmasq_conf_dir
export V2RAY_LOCATION_ASSET=$(config_t_get global_rules v2ray_location_asset "/usr/share/v2ray/")
export XRAY_LOCATION_ASSET=$V2RAY_LOCATION_ASSET
mkdir -p /tmp/etc $TMP_PATH $TMP_BIN_PATH $TMP_SCRIPT_FUNC_PATH $TMP_ID_PATH $TMP_ROUTE_PATH $TMP_ACL_PATH $TMP_IFACE_PATH $TMP_PATH2

65
luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua
View File

@ -30,6 +30,7 @@ local RULES_PATH = "/usr/share/" .. appname .. "/rules"
local FLAG_PATH = TMP_ACL_PATH .. "/" .. FLAG
local config_lines = {}
local tmp_lines = {}
local USE_GEOVIEW = uci:get(appname, "@global_rules[0]", "enable_geoview")
local function log(...)
if NO_LOGIC_LOG == "1" then
@ -115,12 +116,18 @@ end
--自定义规则组,后声明的组具有更高优先级
--屏蔽列表
local file_block_host = TMP_ACL_PATH .. "/block_host"
if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then --对自定义列表进行清洗
if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then
local block_domain, lookup_block_domain = {}, {}
local geosite_arg = ""
for line in io.lines(RULES_PATH .. "/block_host") do
line = api.get_std_domain(line)
if line ~= "" and not line:find("#") then
insert_unique(block_domain, line, lookup_block_domain)
if not line:find("#") and line:find("geosite:") then
line = string.match(line, ":([^:]+)$")
geosite_arg = geosite_arg .. (geosite_arg ~= "" and "," or "") .. line
else
line = api.get_std_domain(line)
if line ~= "" and not line:find("#") then
insert_unique(block_domain, line, lookup_block_domain)
end
end
end
if #block_domain > 0 then
@ -130,6 +137,10 @@ if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then --对自定
end
f_out:close()
end
if USE_GEOVIEW == "1" and geosite_arg ~= "" and api.is_finded("geoview") then
get_geosite(geosite_arg, file_block_host)
log(" * 解析[屏蔽列表] Geosite 到屏蔽域名表(blocklist)完成")
end
end
if USE_BLOCK_LIST == "1" and is_file_nonzero(file_block_host) then
tmp_lines = {
@ -168,12 +179,18 @@ end
--直连(白名单)列表
local file_direct_host = TMP_ACL_PATH .. "/direct_host"
if USE_DIRECT_LIST == "1" and not fs.access(file_direct_host) then --对自定义列表进行清洗
if USE_DIRECT_LIST == "1" and not fs.access(file_direct_host) then
local direct_domain, lookup_direct_domain = {}, {}
local geosite_arg = ""
for line in io.lines(RULES_PATH .. "/direct_host") do
line = api.get_std_domain(line)
if line ~= "" and not line:find("#") then
insert_unique(direct_domain, line, lookup_direct_domain)
if not line:find("#") and line:find("geosite:") then
line = string.match(line, ":([^:]+)$")
geosite_arg = geosite_arg .. (geosite_arg ~= "" and "," or "") .. line
else
line = api.get_std_domain(line)
if line ~= "" and not line:find("#") then
insert_unique(direct_domain, line, lookup_direct_domain)
end
end
end
if #direct_domain > 0 then
@ -183,6 +200,10 @@ if USE_DIRECT_LIST == "1" and not fs.access(file_direct_host) then --对自定
end
f_out:close()
end
if USE_GEOVIEW == "1" and geosite_arg ~= "" and api.is_finded("geoview") then
get_geosite(geosite_arg, file_direct_host)
log(" * 解析[直连列表] Geosite 到域名白名单(whitelist)完成")
end
end
if USE_DIRECT_LIST == "1" and is_file_nonzero(file_direct_host) then
tmp_lines = {
@ -197,12 +218,18 @@ end
--代理(黑名单)列表
local file_proxy_host = TMP_ACL_PATH .. "/proxy_host"
if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then --对自定义列表进行清洗
if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then
local proxy_domain, lookup_proxy_domain = {}, {}
local geosite_arg = ""
for line in io.lines(RULES_PATH .. "/proxy_host") do
line = api.get_std_domain(line)
if line ~= "" and not line:find("#") then
insert_unique(proxy_domain, line, lookup_proxy_domain)
if not line:find("#") and line:find("geosite:") then
line = string.match(line, ":([^:]+)$")
geosite_arg = geosite_arg .. (geosite_arg ~= "" and "," or "") .. line
else
line = api.get_std_domain(line)
if line ~= "" and not line:find("#") then
insert_unique(proxy_domain, line, lookup_proxy_domain)
end
end
end
if #proxy_domain > 0 then
@ -212,6 +239,10 @@ if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then --对自定
end
f_out:close()
end
if USE_GEOVIEW == "1" and geosite_arg ~= "" and api.is_finded("geoview") then
get_geosite(geosite_arg, file_proxy_host)
log(" * 解析[代理列表] Geosite 到代理域名表(blacklist)完成")
end
end
if USE_PROXY_LIST == "1" and is_file_nonzero(file_proxy_host) then
tmp_lines = {
@ -334,14 +365,14 @@ if uci:get(appname, TCP_NODE, "protocol") == "_shunt" then
end
end
local use_geoview = uci:get(appname, "@global_rules[0]", "enable_geoview")
if GFWLIST == "1" and CHNLIST == "0" and use_geoview == "1" then --仅GFW模式解析geosite
if GFWLIST == "1" and CHNLIST == "0" and USE_GEOVIEW == "1" and api.is_finded("geoview") then --仅GFW模式解析geosite
if geosite_white_arg ~= "" then
get_geosite(geosite_white_arg, file_white_host)
end
if geosite_shunt_arg ~= "" then
get_geosite(geosite_shunt_arg, file_shunt_host)
end
log(" * 解析[分流节点] Geosite 完成")
end
if is_file_nonzero(file_white_host) then
@ -409,11 +440,11 @@ end
table.insert(config_lines, "hosts")
if DEFAULT_TAG == "chn" then
log(string.format(" - 默认%s", DNS_LOCAL))
log(string.format(" - 默认 DNS %s", DNS_LOCAL))
elseif DEFAULT_TAG == "gfw" then
log(string.format(" - 默认%s", DNS_TRUST))
log(string.format(" - 默认 DNS %s", DNS_TRUST))
else
log(string.format(" - 默认%s", "智能匹配"))
log(string.format(" - 默认 DNS %s", "智能匹配"))
end
--输出配置文件

61
luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua
View File

@ -36,6 +36,7 @@ local RULES_PATH = "/usr/share/" .. appname .. "/rules"
local FLAG_PATH = TMP_ACL_PATH .. "/" .. FLAG
local config_lines = {}
local tmp_lines = {}
local USE_GEOVIEW = uci:get(appname, "@global_rules[0]", "enable_geoview")
local function log(...)
if NO_LOGIC_LOG == "1" then
@ -233,12 +234,18 @@ end
--屏蔽列表
local file_block_host = TMP_ACL_PATH .. "/block_host"
if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then --对自定义列表进行清洗
if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then
local block_domain, lookup_block_domain = {}, {}
local geosite_arg = ""
for line in io.lines(RULES_PATH .. "/block_host") do
line = api.get_std_domain(line)
if line ~= "" and not line:find("#") then
insert_unique(block_domain, line, lookup_block_domain)
if not line:find("#") and line:find("geosite:") then
line = string.match(line, ":([^:]+)$")
geosite_arg = geosite_arg .. (geosite_arg ~= "" and "," or "") .. line
else
line = api.get_std_domain(line)
if line ~= "" and not line:find("#") then
insert_unique(block_domain, line, lookup_block_domain)
end
end
end
if #block_domain > 0 then
@ -248,6 +255,10 @@ if USE_BLOCK_LIST == "1" and not fs.access(file_block_host) then --对自定
end
f_out:close()
end
if USE_GEOVIEW == "1" and geosite_arg ~= "" and api.is_finded("geoview") then
get_geosite(geosite_arg, file_block_host)
log(" * 解析[屏蔽列表] Geosite 到屏蔽域名表(blocklist)完成")
end
end
if USE_BLOCK_LIST == "1" and is_file_nonzero(file_block_host) then
local domain_set_name = "passwall-block"
@ -289,12 +300,18 @@ end
--直连(白名单)列表
local file_direct_host = TMP_ACL_PATH .. "/direct_host"
if USE_DIRECT_LIST == "1" and not fs.access(file_direct_host) then --对自定义列表进行清洗
if USE_DIRECT_LIST == "1" and not fs.access(file_direct_host) then
local direct_domain, lookup_direct_domain = {}, {}
local geosite_arg = ""
for line in io.lines(RULES_PATH .. "/direct_host") do
line = api.get_std_domain(line)
if line ~= "" and not line:find("#") then
insert_unique(direct_domain, line, lookup_direct_domain)
if not line:find("#") and line:find("geosite:") then
line = string.match(line, ":([^:]+)$")
geosite_arg = geosite_arg .. (geosite_arg ~= "" and "," or "") .. line
else
line = api.get_std_domain(line)
if line ~= "" and not line:find("#") then
insert_unique(direct_domain, line, lookup_direct_domain)
end
end
end
if #direct_domain > 0 then
@ -304,6 +321,10 @@ if USE_DIRECT_LIST == "1" and not fs.access(file_direct_host) then --对自定
end
f_out:close()
end
if USE_GEOVIEW == "1" and geosite_arg ~= "" and api.is_finded("geoview") then
get_geosite(geosite_arg, file_direct_host)
log(" * 解析[直连列表] Geosite 到域名白名单(whitelist)完成")
end
end
if USE_DIRECT_LIST == "1" and is_file_nonzero(file_direct_host) then
local domain_set_name = "passwall-directlist"
@ -320,12 +341,18 @@ end
--代理(黑名单)列表
local file_proxy_host = TMP_ACL_PATH .. "/proxy_host"
if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then --对自定义列表进行清洗
if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then
local proxy_domain, lookup_proxy_domain = {}, {}
local geosite_arg = ""
for line in io.lines(RULES_PATH .. "/proxy_host") do
line = api.get_std_domain(line)
if line ~= "" and not line:find("#") then
insert_unique(proxy_domain, line, lookup_proxy_domain)
if not line:find("#") and line:find("geosite:") then
line = string.match(line, ":([^:]+)$")
geosite_arg = geosite_arg .. (geosite_arg ~= "" and "," or "") .. line
else
line = api.get_std_domain(line)
if line ~= "" and not line:find("#") then
insert_unique(proxy_domain, line, lookup_proxy_domain)
end
end
end
if #proxy_domain > 0 then
@ -335,6 +362,10 @@ if USE_PROXY_LIST == "1" and not fs.access(file_proxy_host) then --对自定
end
f_out:close()
end
if USE_GEOVIEW == "1" and geosite_arg ~= "" and api.is_finded("geoview") then
get_geosite(geosite_arg, file_proxy_host)
log(" * 解析[代理列表] Geosite 到代理域名表(blacklist)完成")
end
end
if USE_PROXY_LIST == "1" and is_file_nonzero(file_proxy_host) then
local domain_set_name = "passwall-proxylist"
@ -477,14 +508,14 @@ if uci:get(appname, TCP_NODE, "protocol") == "_shunt" then
end
end
local use_geoview = uci:get(appname, "@global_rules[0]", "enable_geoview")
if USE_GFW_LIST == "1" and CHN_LIST == "0" and use_geoview == "1" then --仅GFW模式解析geosite
if USE_GFW_LIST == "1" and CHN_LIST == "0" and USE_GEOVIEW == "1" and api.is_finded("geoview") then --仅GFW模式解析geosite
if geosite_white_arg ~= "" then
get_geosite(geosite_white_arg, file_white_host)
end
if geosite_shunt_arg ~= "" then
get_geosite(geosite_shunt_arg, file_shunt_host)
end
log(" * 解析[分流节点] Geosite 完成")
end
if is_file_nonzero(file_white_host) then
@ -535,7 +566,7 @@ if #config_lines > 0 then
end
if DEFAULT_DNS_GROUP then
log(string.format(" - 默认分组:%s", DEFAULT_DNS_GROUP))
log(string.format(" - 默认 DNS 分组:%s", DEFAULT_DNS_GROUP))
end
fs.symlink(CACHE_DNS_FILE, SMARTDNS_CONF)

98
luci-app-passwall/root/usr/share/passwall/iptables.sh
View File

@ -776,53 +776,97 @@ add_firewall_rule() {
ipset -! create $IPSET_WHITELIST6 nethash family inet6 maxelem 1048576 timeout 172800
ipset -! create $IPSET_BLOCKLIST6 nethash family inet6 maxelem 1048576 timeout 172800
#分流规则的IP列表(使用分流节点时导入)
cat $RULES_PATH/chnroute | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/chnroute6 | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
#导入规则列表、分流规则中的IP列表
local USE_SHUNT_NODE=0
local USE_PROXY_LIST_ALL=${USE_PROXY_LIST}
local USE_DIRECT_LIST_ALL=${USE_DIRECT_LIST}
local USE_BLOCK_LIST_ALL=${USE_BLOCK_LIST}
local _TCP_NODE=$(config_t_get global tcp_node nil)
local _UDP_NODE=$(config_t_get global udp_node nil)
local USE_GEOVIEW=$(config_t_get global_rules enable_geoview)
[ "$_TCP_NODE" != "nil" ] && [ "$(config_n_get $_TCP_NODE protocol)" = "_shunt" ] && USE_SHUNT_TCP=1 && USE_SHUNT_NODE=1
[ "$_UDP_NODE" != "nil" ] && [ "$(config_n_get $_UDP_NODE protocol)" = "_shunt" ] && USE_SHUNT_UDP=1 && USE_SHUNT_NODE=1
[ "$_UDP_NODE" = "tcp" ] && USE_SHUNT_UDP=$USE_SHUNT_TCP
[ "$USE_SHUNT_NODE" = "0" ] && {
for acl_section in $(uci show ${CONFIG} | grep "=acl_rule" | cut -d '.' -sf 2 | cut -d '=' -sf 1); do
[ "$(config_n_get $acl_section enabled)" != "1" ] && continue
for _node in $(config_n_get $acl_section tcp_node) $(config_n_get $acl_section udp_node); do
local node_protocol=$(config_n_get $_node protocol)
[ "$node_protocol" = "_shunt" ] && { USE_SHUNT_NODE=1; break 2; }
done
for acl_section in $(uci show ${CONFIG} | grep "=acl_rule" | cut -d '.' -sf 2 | cut -d '=' -sf 1); do
[ "$(config_n_get $acl_section enabled)" != "1" ] && continue
[ "$(config_n_get $acl_section use_global_config 0)" != "1" ] && {
[ "$(config_n_get $acl_section use_direct_list 1)" = "1" ] && USE_PROXY_LIST_ALL=1
[ "$(config_n_get $acl_section use_proxy_list 1)" = "1" ] && USE_DIRECT_LIST_ALL=1
[ "$(config_n_get $acl_section use_block_list 1)" = "1" ] && USE_BLOCK_LIST_ALL=1
}
for _node in $(config_n_get $acl_section tcp_node) $(config_n_get $acl_section udp_node); do
local node_protocol=$(config_n_get $_node protocol)
[ "$node_protocol" = "_shunt" ] && { USE_SHUNT_NODE=1; break; }
done
done
#直连列表
[ "$USE_DIRECT_LIST_ALL" = "1" ] && {
cat $RULES_PATH/direct_ip | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_WHITELIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/direct_ip | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_WHITELIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
[ "$USE_GEOVIEW" = "1" ] && {
local GEOIP_CODE=$(cat $RULES_PATH/direct_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g')
if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then
get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_WHITELIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_WHITELIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
echolog " - [$?]解析并加入[直连列表] GeoIP 到 IPSET 完成"
fi
}
}
#代理列表
[ "$USE_PROXY_LIST_ALL" = "1" ] && {
cat $RULES_PATH/proxy_ip | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLACKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/proxy_ip | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_BLACKLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
[ "$USE_GEOVIEW" = "1" ] && {
local GEOIP_CODE=$(cat $RULES_PATH/proxy_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g')
if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then
get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLACKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_BLACKLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
echolog " - [$?]解析并加入[代理列表] GeoIP 到 IPSET 完成"
fi
}
}
#屏蔽列表
[ "$USE_PROXY_LIST_ALL" = "1" ] && {
cat $RULES_PATH/block_ip | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLOCKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/block_ip | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_BLOCKLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
[ "$USE_GEOVIEW" = "1" ] && {
local GEOIP_CODE=$(cat $RULES_PATH/block_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g')
if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then
get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLOCKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_BLOCKLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
echolog " - [$?]解析并加入[屏蔽列表] GeoIP 到 IPSET 完成"
fi
}
}
#分流列表
[ "$USE_SHUNT_NODE" = "1" ] && {
local GEOIP_CODE=""
local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
for shunt_id in $shunt_ids; do
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
[ "$(config_t_get global_rules enable_geoview)" = "1" ] && {
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | grep -v "^#" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
[ "$USE_GEOVIEW" = "1" ] && {
local geoip_code=$(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g')
[ -n "$geoip_code" ] && GEOIP_CODE="${GEOIP_CODE:+$GEOIP_CODE,}$geoip_code"
}
done
if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then
get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
echolog " - [$?]解析并加入[分流节点] GeoIP 到 IPSET 完成"
fi
}
if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then
get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
echolog " - [$?]解析并加入分流节点 GeoIP 到 IPSET 完成"
fi
cat $RULES_PATH/chnroute | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLACKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/direct_ip | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_WHITELIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/block_ip | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLOCKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/chnroute6 | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/direct_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_WHITELIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/block_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLOCKLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
#局域网IP列表
ipset -! -R <<-EOF
$(gen_lanlist | sed -e "s/^/add $IPSET_LANLIST /")
EOF

94
luci-app-passwall/root/usr/share/passwall/nftables.sh
View File

@ -839,9 +839,9 @@ add_firewall_rule() {
else
gen_nftset $NFTSET_CHN ipv4_addr "2d" 0 $(cat $RULES_PATH/chnroute | tr -s '\n' | grep -v "^#")
fi
gen_nftset $NFTSET_BLACKLIST ipv4_addr "2d" 0 $(cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
gen_nftset $NFTSET_WHITELIST ipv4_addr "2d" 0 $(cat $RULES_PATH/direct_ip | tr -s '\n' | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
gen_nftset $NFTSET_BLOCKLIST ipv4_addr "2d" 0 $(cat $RULES_PATH/block_ip | tr -s '\n' | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
gen_nftset $NFTSET_BLACKLIST ipv4_addr "2d" 0
gen_nftset $NFTSET_WHITELIST ipv4_addr "2d" 0
gen_nftset $NFTSET_BLOCKLIST ipv4_addr "2d" 0
gen_nftset $NFTSET_SHUNTLIST ipv4_addr "2d" 0
gen_nftset $NFTSET_VPSLIST6 ipv6_addr 0 0
@ -853,47 +853,97 @@ add_firewall_rule() {
else
gen_nftset $NFTSET_CHN6 ipv6_addr "2d" 0 $(cat $RULES_PATH/chnroute6 | tr -s '\n' | grep -v "^#")
fi
gen_nftset $NFTSET_BLACKLIST6 ipv6_addr "2d" 0 $(cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
gen_nftset $NFTSET_WHITELIST6 ipv6_addr "2d" 0 $(cat $RULES_PATH/direct_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
gen_nftset $NFTSET_BLOCKLIST6 ipv6_addr "2d" 0 $(cat $RULES_PATH/block_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
gen_nftset $NFTSET_BLACKLIST6 ipv6_addr "2d" 0
gen_nftset $NFTSET_WHITELIST6 ipv6_addr "2d" 0
gen_nftset $NFTSET_BLOCKLIST6 ipv6_addr "2d" 0
gen_nftset $NFTSET_SHUNTLIST6 ipv6_addr "2d" 0
#分流规则的IP列表(使用分流节点时导入)
#导入规则列表、分流规则的IP列表
local USE_SHUNT_NODE=0
local USE_PROXY_LIST_ALL=${USE_PROXY_LIST}
local USE_DIRECT_LIST_ALL=${USE_DIRECT_LIST}
local USE_BLOCK_LIST_ALL=${USE_BLOCK_LIST}
local _TCP_NODE=$(config_t_get global tcp_node nil)
local _UDP_NODE=$(config_t_get global udp_node nil)
local USE_GEOVIEW=$(config_t_get global_rules enable_geoview)
[ "$_TCP_NODE" != "nil" ] && [ "$(config_n_get $_TCP_NODE protocol)" = "_shunt" ] && USE_SHUNT_TCP=1 && USE_SHUNT_NODE=1
[ "$_UDP_NODE" != "nil" ] && [ "$(config_n_get $_UDP_NODE protocol)" = "_shunt" ] && USE_SHUNT_UDP=1 && USE_SHUNT_NODE=1
[ "$_UDP_NODE" = "tcp" ] && USE_SHUNT_UDP=$USE_SHUNT_TCP
[ "$USE_SHUNT_NODE" = "0" ] && {
for acl_section in $(uci show ${CONFIG} | grep "=acl_rule" | cut -d '.' -sf 2 | cut -d '=' -sf 1); do
[ "$(config_n_get $acl_section enabled)" != "1" ] && continue
for _node in $(config_n_get $acl_section tcp_node) $(config_n_get $acl_section udp_node); do
local node_protocol=$(config_n_get $_node protocol)
[ "$node_protocol" = "_shunt" ] && { USE_SHUNT_NODE=1; break 2; }
done
for acl_section in $(uci show ${CONFIG} | grep "=acl_rule" | cut -d '.' -sf 2 | cut -d '=' -sf 1); do
[ "$(config_n_get $acl_section enabled)" != "1" ] && continue
[ "$(config_n_get $acl_section use_global_config 0)" != "1" ] && {
[ "$(config_n_get $acl_section use_direct_list 1)" = "1" ] && USE_PROXY_LIST_ALL=1
[ "$(config_n_get $acl_section use_proxy_list 1)" = "1" ] && USE_DIRECT_LIST_ALL=1
[ "$(config_n_get $acl_section use_block_list 1)" = "1" ] && USE_BLOCK_LIST_ALL=1
}
for _node in $(config_n_get $acl_section tcp_node) $(config_n_get $acl_section udp_node); do
local node_protocol=$(config_n_get $_node protocol)
[ "$node_protocol" = "_shunt" ] && { USE_SHUNT_NODE=1; break; }
done
done
#直连列表
[ "$USE_DIRECT_LIST_ALL" = "1" ] && {
insert_nftset $NFTSET_WHITELIST "0" $(cat $RULES_PATH/direct_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
insert_nftset $NFTSET_WHITELIST6 "0" $(cat $RULES_PATH/direct_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
[ "$USE_GEOVIEW" = "1" ] && {
local GEOIP_CODE=$(cat $RULES_PATH/direct_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g')
if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then
insert_nftset $NFTSET_WHITELIST "0" $(get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
insert_nftset $NFTSET_WHITELIST6 "0" $(get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
echolog " - [$?]解析并加入[直连列表] GeoIP 到 NFTSET 完成"
fi
}
}
#代理列表
[ "$USE_PROXY_LIST_ALL" = "1" ] && {
insert_nftset $NFTSET_BLACKLIST "0" $(cat $RULES_PATH/proxy_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
insert_nftset $NFTSET_BLACKLIST6 "0" $(cat $RULES_PATH/proxy_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
[ "$USE_GEOVIEW" = "1" ] && {
local GEOIP_CODE=$(cat $RULES_PATH/proxy_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g')
if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then
insert_nftset $NFTSET_BLACKLIST "0" $(get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
insert_nftset $NFTSET_BLACKLIST6 "0" $(get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
echolog " - [$?]解析并加入[代理列表] GeoIP 到 NFTSET 完成"
fi
}
}
#屏蔽列表
[ "$USE_PROXY_LIST_ALL" = "1" ] && {
insert_nftset $NFTSET_BLOCKLIST "0" $(cat $RULES_PATH/block_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
insert_nftset $NFTSET_BLOCKLIST6 "0" $(cat $RULES_PATH/block_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
[ "$USE_GEOVIEW" = "1" ] && {
local GEOIP_CODE=$(cat $RULES_PATH/block_ip | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g')
if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then
insert_nftset $NFTSET_BLOCKLIST "0" $(get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
insert_nftset $NFTSET_BLOCKLIST6 "0" $(get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
echolog " - [$?]解析并加入[屏蔽列表] GeoIP 到 NFTSET 完成"
fi
}
}
#分流列表
[ "$USE_SHUNT_NODE" = "1" ] && {
local GEOIP_CODE=""
local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
for shunt_id in $shunt_ids; do
insert_nftset $NFTSET_SHUNTLIST "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
insert_nftset $NFTSET_SHUNTLIST6 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
[ "$(config_t_get global_rules enable_geoview)" = "1" ] && {
insert_nftset $NFTSET_SHUNTLIST "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
insert_nftset $NFTSET_SHUNTLIST6 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
[ "$USE_GEOVIEW" = "1" ] && {
local geoip_code=$(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g')
[ -n "$geoip_code" ] && GEOIP_CODE="${GEOIP_CODE:+$GEOIP_CODE,}$geoip_code"
}
done
if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then
insert_nftset $NFTSET_SHUNTLIST "0" $(get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
insert_nftset $NFTSET_SHUNTLIST6 "0" $(get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
echolog " - [$?]解析并加入[分流节点] GeoIP 到 NFTSET 完成"
fi
}
if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then
insert_nftset $NFTSET_SHUNTLIST "0" $(get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
insert_nftset $NFTSET_SHUNTLIST6 "0" $(get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
echolog " - [$?]解析并加入分流节点 GeoIP 到 NFTSET 完成"
fi
# 忽略特殊IP段
local lan_ifname lan_ip

8
mihomo/Makefile
View File

@ -5,9 +5,9 @@ PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/MetaCubeX/mihomo.git
PKG_SOURCE_DATE:=2024-11-30
PKG_SOURCE_VERSION:=9de9f1ef518206e43e9f8300cfc724d8e128d049
PKG_MIRROR_HASH:=f63f13e16866b769fddc90c1b14196fcee6ce804a4ff5975fbd9b82b45a95234
PKG_SOURCE_DATE:=2024-12-06
PKG_SOURCE_VERSION:=d6b496d3c0eb99cf966e0f93ed00434797e5216c
PKG_MIRROR_HASH:=c292d2bc4a733cfaf9f28ba6c4e5117672243b0552297bf31ba908469055dcc6
PKG_LICENSE:=MIT
PKG_MAINTAINER:=Joseph Mory <morytyann@gmail.com>
@ -16,7 +16,7 @@ PKG_BUILD_DEPENDS:=golang/host
PKG_BUILD_PARALLEL:=1
PKG_BUILD_FLAGS:=no-mips16
PKG_BUILD_VERSION:=alpha-9de9f1e
PKG_BUILD_VERSION:=alpha-d6b496d
PKG_BUILD_TIME:=$(shell date -u -Iseconds)
GO_PKG:=github.com/metacubex/mihomo

95
mihomo/files/mihomo.init
View File

@ -19,7 +19,7 @@ boot() {
config_get_bool enabled "config" "enabled" 0
config_get start_delay "config" "start_delay" 0
if [[ "$enabled" == 1 && "$start_delay" -gt 0 ]]; then
log "App will start after $start_delay seconds."
log "App" "Start after $start_delay seconds."
sleep "$start_delay"
fi
# start
@ -35,13 +35,13 @@ start_service() {
local enabled
config_get_bool enabled "config" "enabled" 0
if [ "$enabled" == 0 ]; then
log "App is disabled."
log "Exiting..."
log "App" "Disabled."
log "App" "Exit."
return
fi
# start
log "App is enabled."
log "Starting..."
log "App" "Enabled."
log "App" "Start."
# get config
## app config
local scheduled_restart cron_expression profile mixin test_profile fast_reload
@ -150,10 +150,10 @@ start_service() {
if [[ "$profile" == "file:"* ]]; then
local profile_name; profile_name=$(basename "${profile/file:/}")
local profile_file; profile_file="$PROFILES_DIR/$profile_name"
log "Use Profile: $profile_name."
log "Profile" "Use file: $profile_name."
if [ ! -f "$profile_file" ]; then
log "File not found."
log "Exiting..."
log "Profile" "File not found."
log "App" "Exit."
return
fi
cp -f "$profile_file" "$RUN_PROFILE_PATH"
@ -162,25 +162,26 @@ start_service() {
local subscription_name subscription_prefer
config_get subscription_name "$subscription_section" "name"
config_get subscription_prefer "$subscription_section" "prefer" "remote"
log "Use Subscription: $subscription_name."
log "Profile" "Use subscription: $subscription_name."
local subscription_file; subscription_file="$SUBSCRIPTIONS_DIR/$subscription_section.yaml"
if [ "$subscription_prefer" == "remote" ] || [[ "$subscription_prefer" == "local" && ! -f "$subscription_file" ]]; then
update_subscription "$subscription_section"
fi
if [ ! -f "$subscription_file" ]; then
log "Subscription file not found."
log "Exiting..."
log "Profile" "Subscription file not found."
log "App" "Exit."
return
fi
cp -f "$subscription_file" "$RUN_PROFILE_PATH"
else
log "No profile/subscription selected."
log "Exiting..."
log "Profile" "No profile/subscription selected."
log "App" "Exit."
return
fi
# mixin
if [ "$mixin" == 0 ]; then
log "Mixin is disabled, only mixin neccesary config."
log "Mixin" "Disabled."
log "Mixin" "Mixin neccesary config."
# do mixin
log_level="$log_level" ipv6="$ipv6" \
ui_path="ui" ui_name="$ui_name" ui_url="$ui_url" api_listen="0.0.0.0:$api_port" api_secret="$api_secret" \
@ -195,7 +196,8 @@ start_service() {
.dns.enable = env(dns_enable) | .dns.listen = strenv(dns_listen) | .dns.enhanced-mode = strenv(dns_mode) | .dns.fake-ip-range = strenv(fake_ip_range)
' "$RUN_PROFILE_PATH"
else
log "Mixin is enabled, mixin all config."
log "Mixin" "Enabled."
log "Mixin" "Mixin all config."
# do mixin
log_level="$log_level" mode="$mode" match_process="$match_process" tcp_keep_alive_idle="$tcp_keep_alive_idle" tcp_keep_alive_interval="$tcp_keep_alive_interval" ipv6="$ipv6" \
ui_path="ui" ui_name="$ui_name" ui_url="$ui_url" api_listen="0.0.0.0:$api_port" api_secret="$api_secret" selection_cache="$selection_cache" \
@ -255,17 +257,18 @@ start_service() {
fi
# test profile
if [ "$test_profile" == 1 ]; then
log "Profile testing..."
log "Profile" "Testing..."
if ($PROG -d "$RUN_DIR" -t >> "$CORE_LOG_PATH" 2>&1); then
log "Profile test passed!"
log "Profile" "Test passed!"
else
log "Profile test failed!"
log "Exiting..."
log "Profile" "Test failed!"
log "Profile" "Please check the core log to find out the problem."
log "App" "Exit."
return
fi
fi
# start core
log "Start Core"
log "Core" "Start."
procd_open_instance mihomo
procd_set_param command /bin/sh -c "$PROG -d $RUN_DIR >> $CORE_LOG_PATH 2>&1"
@ -284,8 +287,9 @@ start_service() {
procd_close_instance
# transparent proxy
if [ "$transparent_proxy" == 1 ]; then
log "Transparent Proxy is enabled."
log "Transparent Proxy: Start."
log "Transparent Proxy" "Enabled."
log "Transparent Proxy" "TCP Mode: $tcp_transparent_proxy_mode."
log "Transparent Proxy" "UDP Mode: $udp_transparent_proxy_mode."
# prepare
if [ "$tproxy_enable" == 1 ]; then
if [ "$ipv4_proxy" == 1 ]; then
@ -339,27 +343,27 @@ start_service() {
nft -f "$RESERVED_IP6_NFT"
# dns hijack
if [ "$ipv4_dns_hijack" == 1 ]; then
log "Transparent Proxy: IPv4 DNS Hijack is enabled, IPv4 dns request will redirect to the core."
log "Transparent Proxy" "Hijack IPv4 dns request."
nft add element inet "$FW_TABLE" dns_hijack_nfproto \{ ipv4 \}
fi
if [ "$ipv6_dns_hijack" == 1 ]; then
log "Transparent Proxy: IPv6 DNS Hijack is enabled, IPv6 dns request will redirect to the core."
log "Transparent Proxy" "Hijack IPv6 dns request."
nft add element inet "$FW_TABLE" dns_hijack_nfproto \{ ipv6 \}
fi
# proxy
if [ "$ipv4_proxy" == 1 ]; then
log "Transparent Proxy: IPv4 Proxy is enabled, set proxy for IPv4 traffic."
log "Transparent Proxy" "Proxy IPv4 traffic."
nft add element inet "$FW_TABLE" proxy_nfproto \{ ipv4 \}
fi
if [ "$ipv6_proxy" == 1 ]; then
log "Transparent Proxy: IPv6 Proxy is enabled, set proxy for IPv6 traffic."
log "Transparent Proxy" "Proxy IPv6 traffic."
nft add element inet "$FW_TABLE" proxy_nfproto \{ ipv6 \}
fi
# bypass
config_list_foreach "proxy" "bypass_user" add_bypass_user
config_list_foreach "proxy" "bypass_group" add_bypass_group
if [ "$bypass_china_mainland_ip" == 1 ]; then
log "Transparent Proxy: Bypass china mainland ip is enabled."
log "Transparent Proxy" "Bypass china mainland ip."
if [ "$ipv4_proxy" == 1 ]; then
nft -f "$GEOIP_CN_NFT"
fi
@ -367,8 +371,8 @@ start_service() {
nft -f "$GEOIP6_CN_NFT"
fi
fi
log "Transparent Proxy: Destination TCP Port to Proxy: $proxy_tcp_dport."
log "Transparent Proxy: Destination UDP Port to Proxy: $proxy_udp_dport."
log "Transparent Proxy" "Destination TCP Port to Proxy: $proxy_tcp_dport."
log "Transparent Proxy" "Destination UDP Port to Proxy: $proxy_udp_dport."
local proxy_dport
for proxy_dport in $proxy_tcp_dport; do
nft add element inet "$FW_TABLE" proxy_dport \{ "tcp" . "$proxy_dport" \}
@ -378,7 +382,7 @@ start_service() {
done
# router proxy
if [ "$router_proxy" == 1 ]; then
log "Transparent Proxy: Router Proxy is enabled, set proxy for router."
log "Transparent Proxy" "Set proxy for router."
if [ "$tcp_transparent_proxy_mode" == "redirect" ]; then
nft insert rule inet "$FW_TABLE" nat_output jump router_dns_hijack
nft add rule inet "$FW_TABLE" nat_output meta l4proto tcp jump router_${tcp_transparent_proxy_mode}
@ -391,14 +395,14 @@ start_service() {
fi
# lan proxy
if [ "$lan_proxy" == 1 ]; then
log "Transparent Proxy: Lan Proxy is enabled, set proxy for lan."
log "Transparent Proxy" "Set proxy for lan."
# access control
if [ "$access_control_mode" == "all" ]; then
log "Transparent Proxy: Access Control is using all mode, set proxy for all client."
log "Transparent Proxy" "Access Control is using all mode, set proxy for all client."
elif [ "$access_control_mode" == "allow" ]; then
log "Transparent Proxy: Access Control is using allow mode, set proxy for client which is in acl."
log "Transparent Proxy" "Access Control is using allow mode, set proxy for client which is in acl."
elif [ "$access_control_mode" == "block" ]; then
log "Transparent Proxy: Access Control is using block mode, set proxy for client which is not in acl."
log "Transparent Proxy" "Access Control is using block mode, set proxy for client which is not in acl."
fi
config_list_foreach "proxy" "acl_ip" add_acl_ip
config_list_foreach "proxy" "acl_ip6" add_acl_ip6
@ -434,11 +438,11 @@ start_service() {
fi
# cron
if [[ "$scheduled_restart" == 1 && -n "$cron_expression" ]]; then
log "Add crontab for scheduled restart."
log "App" "Set scheduled restart."
echo "$cron_expression /etc/init.d/mihomo restart #mihomo" >> "/etc/crontabs/root"
/etc/init.d/cron restart
fi
log "Start Successful!"
log "App" "Start Successful."
}
service_stopped() {
@ -455,6 +459,8 @@ service_triggers() {
}
cleanup() {
# clear log
clear_log
# delete routing policy
ip rule del ipproto tcp table "$TPROXY_ROUTE_TABLE" > /dev/null 2>&1
ip rule del ipproto udp table "$TPROXY_ROUTE_TABLE" > /dev/null 2>&1
@ -503,18 +509,19 @@ prepare_log() {
fi
if [ ! -f "$APP_LOG_PATH" ]; then
touch "$APP_LOG_PATH"
else
echo -n > "$APP_LOG_PATH"
fi
if [ ! -f "$CORE_LOG_PATH" ]; then
touch "$CORE_LOG_PATH"
else
echo -n > "$CORE_LOG_PATH"
fi
}
clear_log() {
echo -n > "$APP_LOG_PATH"
echo -n > "$CORE_LOG_PATH"
}
log() {
echo "[$(date "+%Y-%m-%d %H:%M:%S")] $1" >> "$APP_LOG_PATH"
echo "[$(date "+%Y-%m-%d %H:%M:%S")] [$1] $2" >> "$APP_LOG_PATH"
}
mixin_authentications() {
@ -646,12 +653,12 @@ update_subscription() {
uci_remove "mihomo" "$subscription_section" "update"
uci_remove "mihomo" "$subscription_section" "success"
# update subscription
log "Update Subscription: $subscription_name."
log "Profile" "Update subscription: $subscription_name."
local subscription_header_tmpfile; subscription_header_tmpfile="/tmp/$subscription_section.header"
local subscription_tmpfile; subscription_tmpfile="/tmp/$subscription_section.yaml"
local subscription_file; subscription_file="$SUBSCRIPTIONS_DIR/$subscription_section.yaml"
if (curl -s -f --connect-timeout 15 --retry 3 -L -X GET -A "$subscription_user_agent" -D "$subscription_header_tmpfile" -o "$subscription_tmpfile" "$subscription_url"); then
log "Subscription update succeed."
log "Profile" "Subscription update successful."
local subscription_expire subscription_upload subscription_download subscription_total subscription_used subscription_avaliable
subscription_expire=$(grep "subscription-userinfo: " "$subscription_header_tmpfile" | grep -o -E "expire=[[:digit:]]+" | cut -d '=' -f 2)
subscription_upload=$(grep "subscription-userinfo: " "$subscription_header_tmpfile" | grep -o -E "upload=[[:digit:]]+" | cut -d '=' -f 2)
@ -688,7 +695,7 @@ update_subscription() {
rm -f "$subscription_header_tmpfile"
mv -f "$subscription_tmpfile" "$subscription_file"
else
log "Subscription update failed."
log "Profile" "Subscription update failed."
# update subscription info
uci_set "mihomo" "$subscription_section" "success" "0"
# remove tmpfile

4
v2ray-geoview/Makefile
View File

@ -1,12 +1,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=geoview
PKG_VERSION:=0.0.8
PKG_VERSION:=0.0.9
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/snowie2000/geoview/tar.gz/$(PKG_VERSION)?
PKG_HASH:=1d94d2f251505fd5da8e03de6aba5722554e199b0873de28ecd7be62538aad60
PKG_HASH:=ba0af14cd7a6ce457584ab4754331848ed78240ae39abdf65fef646df0130c2e
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE