update 2024-10-29 16:19:18

2025-01-08 12:08:21 +08:00 · 2024-10-29 16:19:18 +08:00 · 2024-10-29 16:19:18 +08:00 · 99a36bb214
commit 99a36bb214
parent 844088e8c3
4 changed files with 30 additions and 5 deletions
--- a/luci-app-mihomo/Makefile
+++ b/luci-app-mihomo/Makefile
@ -1,6 +1,6 @@
 include $(TOPDIR)/rules.mk

-PKG_VERSION:=1.9.1
+PKG_VERSION:=1.9.2

 LUCI_TITLE:=LuCI Support for mihomo
 LUCI_DEPENDS:=+luci-base +mihomo
--- a/luci-app-ssr-plus/root/usr/bin/ssr-rules
+++ b/luci-app-ssr-plus/root/usr/bin/ssr-rules
@ -103,7 +103,6 @@ ipset_r() {
 		$IPT -A SS_SPEC_WAN_AC -m set --match-set china dst -j RETURN
 		$IPT -A SS_SPEC_WAN_AC -m set --match-set gfwlist dst -j SS_SPEC_WAN_FW
 		$IPT -A SS_SPEC_WAN_AC -m set --match-set gmlan src -m set ! --match-set china dst -j SS_SPEC_WAN_FW
-		$IPT -A SS_SPEC_WAN_AC -j SS_SPEC_WAN_FW
 		;;
 	oversea)
 		ipset -N oversea hash:net 2>/dev/null
--- a/mihomo/Makefile
+++ b/mihomo/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=mihomo
-PKG_RELEASE:=2
+PKG_RELEASE:=3

 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/MetaCubeX/mihomo.git
--- a/mihomo/files/mihomo.init
+++ b/mihomo/files/mihomo.init
@ -264,10 +264,10 @@ start_service() {
 			ip tuntap add dev "$TUN_DEVICE" mode tun vnet_hdr
 			ip link set "$TUN_DEVICE" up
 			if [ "$ipv4_proxy" == 1 ]; then
-				ip route add unicast default dev $TUN_DEVICE table "$TUN_ROUTE_TABLE"
+				ip route add unicast default dev "$TUN_DEVICE" table "$TUN_ROUTE_TABLE"
 			fi
 			if [ "$ipv6_proxy" == 1 ]; then
-				ip -6 route add unicast default dev $TUN_DEVICE table "$TUN_ROUTE_TABLE"
+				ip -6 route add unicast default dev "$TUN_DEVICE" table "$TUN_ROUTE_TABLE"
 			fi
 			$TUN_SH
 		fi
@ -379,6 +379,23 @@ start_service() {
 			fi
 			nft add rule inet "$FW_TABLE" mangle_prerouting meta l4proto udp jump "${access_control_mode}_${udp_transparent_proxy_mode}"
 		fi
+		# fix compatible between tproxy and dockerd (kmod-br-netfilter)
+		if [ "$tproxy_enable" == 1 ] && (lsmod | grep -q br_netfilter); then
+			if [ "$ipv4_proxy" == 1 ]; then
+				local bridge_nf_call_iptables; bridge_nf_call_iptables=$(sysctl -e -n net.bridge.bridge-nf-call-iptables)
+				if [ "$bridge_nf_call_iptables" == 1 ]; then
+					touch /tmp/bridge_nf_call_iptables.flag
+					sysctl -q -w net.bridge.bridge-nf-call-iptables=0
+				fi
+			fi
+			if [ "$ipv6_proxy" == 1 ]; then
+				local bridge_nf_call_ip6tables; bridge_nf_call_ip6tables=$(sysctl -e -n net.bridge.bridge-nf-call-ip6tables)
+				if [ "$bridge_nf_call_ip6tables" == 1 ]; then
+					touch /tmp/bridge_nf_call_ip6tables.flag
+					sysctl -q -w net.bridge.bridge-nf-call-ip6tables=0
+				fi
+			fi
+		fi
 	fi
 	# cron
 	if [[ "$scheduled_restart" == 1 && -n "$cron_expression" ]]; then
@ -431,6 +448,15 @@ cleanup() {
 	for handle in $handles; do
 		nft delete rule inet fw4 forward handle "$handle"
 	done
+	# revert fix compatible between tproxy and dockerd (kmod-br-netfilter)
+	if [ -f "/tmp/bridge_nf_call_iptables.flag" ]; then
+		rm -f /tmp/bridge_nf_call_iptables.flag
+		sysctl -q -w net.bridge.bridge-nf-call-iptables=1
+	fi
+	if [ -f "/tmp/bridge_nf_call_ip6tables.flag" ]; then
+		rm -f /tmp/bridge_nf_call_ip6tables.flag
+		sysctl -q -w net.bridge.bridge-nf-call-ip6tables=1
+	fi
 	# delete cron
 	sed -i '/#mihomo/d' "/etc/crontabs/root" > /dev/null 2>&1
 	/etc/init.d/cron restart