update 2023-07-18 02:12:14

luci-app-passwall/Makefile

@@ -6,7 +6,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-passwall
-PKG_VERSION:=4.66-9
+PKG_VERSION:=4.66-10
 PKG_RELEASE:=
 
 PKG_CONFIG_DEPENDS:= \
@@ -79,6 +79,7 @@ config PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy
 config PACKAGE_$(PKG_NAME)_Nftables_Transparent_Proxy
 	bool "Nftables Transparent Proxy"
 	select PACKAGE_dnsmasq-full
+	select PACKAGE_ipt2socks
 	select PACKAGE_nftables
 	select PACKAGE_kmod-nft-socket
 	select PACKAGE_kmod-nft-tproxy

luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua

@@ -113,6 +113,10 @@ if api.is_finded("hysteria") then
 	type:value("Hysteria", translate("Hysteria"))
 end
 
+if api.is_finded("tuic-client") then
+	type:value("TUIC", translate("TUIC"))
+end
+
 protocol = s:option(ListValue, "protocol", translate("Protocol"))
 protocol:value("vmess", translate("Vmess"))
 protocol:value("vless", translate("VLESS"))
@@ -292,6 +296,7 @@ address:depends("type", "Trojan-Plus")
 address:depends("type", "Trojan-Go")
 address:depends("type", "Naiveproxy")
 address:depends("type", "Hysteria")
+address:depends("type", "TUIC")
 address:depends({ type = "V2ray", protocol = "vmess" })
 address:depends({ type = "V2ray", protocol = "vless" })
 address:depends({ type = "V2ray", protocol = "http" })
@@ -319,6 +324,7 @@ port:depends("type", "Trojan-Plus")
 port:depends("type", "Trojan-Go")
 port:depends("type", "Naiveproxy")
 port:depends("type", "Hysteria")
+port:depends("type", "TUIC")
 port:depends({ type = "V2ray", protocol = "vmess" })
 port:depends({ type = "V2ray", protocol = "vless" })
 port:depends({ type = "V2ray", protocol = "http" })
@@ -538,6 +544,7 @@ uuid:depends({ type = "V2ray", protocol = "vmess" })
 uuid:depends({ type = "V2ray", protocol = "vless" })
 uuid:depends({ type = "Xray", protocol = "vmess" })
 uuid:depends({ type = "Xray", protocol = "vless" })
+uuid:depends({ type = "TUIC"})
 
 tls = s:option(Flag, "tls", translate("TLS"))
 tls.default = 0
@@ -981,6 +988,111 @@ hysteria_disable_mtu_discovery:depends("type", "Hysteria")
 hysteria_lazy_start = s:option(Flag, "hysteria_lazy_start", translate("Lazy Start"))
 hysteria_lazy_start:depends("type", "Hysteria")
 
+-- [[ TUIC ]]
+-- Tuic Password for remote server connect
+tuic_passwd = s:option(Value, "tuic_password", translate("TUIC User Password For Connect Remote Server"))
+tuic_passwd.password = true
+tuic_passwd.rmempty = true
+tuic_passwd.default = ""
+tuic_passwd:depends("type", "TUIC")
+
+--[[
+-- Tuic username for local socks connect
+tuic_passwd = s:option(Value, "tuic_socks_username", translate("TUIC UserName For Local Socks"))
+tuic_passwd.rmempty = true
+tuic_passwd.default = ""
+tuic_passwd:depends("type", "TUIC")
+
+-- Tuic Password for local socks connect
+tuic_passwd = s:option(Value, "tuic_socks_password", translate("TUIC Password For Local Socks"))
+tuic_passwd.password = true
+tuic_passwd.rmempty = true
+tuic_passwd.default = ""
+tuic_passwd:depends("type", "TUIC")
+--]]
+
+tuic_ip = s:option(Value, "tuic_ip", translate("Set the TUIC proxy server ip address"))
+tuic_ip:depends("type", "TUIC")
+tuic_ip.datatype = "ipaddr"
+tuic_ip.rmempty = true
+
+tuic_udp_relay_mode = s:option(ListValue, "tuic_udp_relay_mode", translate("UDP relay mode"))
+tuic_udp_relay_mode:depends("type", "TUIC")
+tuic_udp_relay_mode:value("native", translate("native"))
+tuic_udp_relay_mode:value("quic", translate("QUIC"))
+tuic_udp_relay_mode.default = "native"
+tuic_udp_relay_mode.rmempty = true
+
+tuic_congestion_control = s:option(ListValue, "tuic_congestion_control", translate("Congestion control algorithm"))
+tuic_congestion_control:depends("type", "TUIC")
+tuic_congestion_control:value("bbr", translate("BBR"))
+tuic_congestion_control:value("cubic", translate("CUBIC"))
+tuic_congestion_control:value("new_reno", translate("New Reno"))
+tuic_congestion_control.default = "cubic"
+tuic_congestion_control.rmempty = true
+
+tuic_heartbeat = s:option(Value, "tuic_heartbeat", translate("Heartbeat interval(second)"))
+tuic_heartbeat:depends("type", "TUIC")
+tuic_heartbeat.datatype = "uinteger"
+tuic_heartbeat.default = "3"
+tuic_heartbeat.rmempty = true
+
+tuic_timeout = s:option(Value, "tuic_timeout", translate("timeout for establishing a connection to server(second)"))
+tuic_timeout:depends("type", "TUIC")
+tuic_timeout.datatype = "uinteger"
+tuic_timeout.default = "8"
+tuic_timeout.rmempty = true
+
+tuic_gc_interval = s:option(Value, "tuic_gc_interval", translate("garbage collection interval(second)"))
+tuic_gc_interval:depends("type", "TUIC")
+tuic_gc_interval.datatype = "uinteger"
+tuic_gc_interval.default = "3"
+tuic_gc_interval.rmempty = true
+
+tuic_gc_lifetime = s:option(Value, "tuic_gc_lifetime", translate("garbage collection lifetime(second)"))
+tuic_gc_lifetime:depends("type", "TUIC")
+tuic_gc_lifetime.datatype = "uinteger"
+tuic_gc_lifetime.default = "15"
+tuic_gc_lifetime.rmempty = true
+
+tuic_send_window = s:option(Value, "tuic_send_window", translate("TUIC send window"))
+tuic_send_window.datatype = "uinteger"
+tuic_send_window:depends("type", "TUIC")
+tuic_send_window.default = 20971520
+tuic_send_window.rmempty = true
+
+tuic_receive_window = s:option(Value, "tuic_receive_window", translate("TUIC receive window"))
+tuic_receive_window.datatype = "uinteger"
+tuic_receive_window:depends("type", "TUIC")
+tuic_receive_window.default = 10485760
+tuic_receive_window.rmempty = true
+
+tuic_max_package_size = s:option(Value, "tuic_max_package_size", translate("TUIC Maximum packet size the socks5 server can receive from external, in bytes"))
+tuic_max_package_size.datatype = "uinteger"
+tuic_max_package_size:depends("type", "TUIC")
+tuic_max_package_size.default = 1500
+tuic_max_package_size.rmempty = true
+
+--Tuic settings for the local inbound socks5 server
+tuic_dual_stack = s:option(Flag, "tuic_dual_stack", translate("Set if the listening socket should be dual-stack"))
+tuic_dual_stack:depends("type", "TUIC")
+tuic_dual_stack.default = 0
+tuic_dual_stack.rmempty = true
+
+tuic_disable_sni = s:option(Flag, "tuic_disable_sni", translate("Disable SNI"))
+tuic_disable_sni:depends("type", "TUIC")
+tuic_disable_sni.default = 0
+tuic_disable_sni.rmempty = true
+
+tuic_zero_rtt_handshake = s:option(Flag, "tuic_zero_rtt_handshake", translate("Enable 0-RTT QUIC handshake"))
+tuic_zero_rtt_handshake:depends("type", "TUIC")
+tuic_zero_rtt_handshake.default = 0
+tuic_zero_rtt_handshake.rmempty = true
+
+tuic_tls_alpn = s:option(DynamicList, "tuic_tls_alpn", translate("TLS ALPN"))
+tuic_tls_alpn:depends({ type = "TUIC"})
+tuic_tls_alpn.rmempty = true
+
 protocol.validate = function(self, value)
 	if value == "_shunt" or value == "_balancing" then
 		address.rmempty = true

luci-app-passwall/luasrc/passwall/util_tuic.lua

@@ -0,0 +1,57 @@
+module("luci.passwall.util_trojan", package.seeall)
+local api = require "luci.passwall.api"
+local uci = api.uci
+local json = api.jsonc
+
+function gen_config(var)
+	local node_id = var["-node"]
+	if not node_id then
+		print("-node 不能为空")
+		return
+	end
+	local node = uci:get_all("passwall", node_id)
+	local local_addr = var["-local_addr"]
+	local local_port = var["-local_port"]
+	local server_host = var["-server_host"] or node.address
+	local server_port = var["-server_port"] or node.port
+	local loglevel = var["-loglevel"] or "warn"
+
+	local tuic= {
+			relay = {
+				server = server_host .. ":" .. server_port,
+				ip = node.tuic_ip,
+				uuid = node.uuid,
+				password = node.tuic_password,
+				-- certificates = node.tuic_certificate and { node.tuic_certpath } or nil,
+				udp_relay_mode = node.tuic_udp_relay_mode,
+				congestion_control = node.tuic_congestion_control,
+				heartbeat = node.tuic_heartbeat .. "s",
+				timeout = node.tuic_timeout .. "s",
+				gc_interval = node.tuic_gc_interval .. "s",
+				gc_lifetime = node.tuic_gc_lifetime .. "s",
+				alpn = node.tuic_tls_alpn,
+				disable_sni = (node.tuic_disable_sni == "1"),
+				zero_rtt_handshake = (node.tuic_zero_rtt_handshake == "1"),
+				send_window = tonumber(node.tuic_send_window),
+				receive_window = tonumber(node.tuic_receive_window)
+			},
+			["local"] = {
+				server = "[::]:" .. local_port,
+				username = node.tuic_socks_username,
+				password = node.tuic_socks_password,
+				dual_stack = (node.tuic_dual_stack == "1") and true or false,
+				max_packet_size = tonumber(node.tuic_max_package_size)
+			},
+			log_level = loglevel
+	}
+	return json.stringify(tuic, 1)
+end
+
+_G.gen_config = gen_config
+
+if arg[1] then
+	local func =_G[arg[1]]
+	if func then
+		print(func(api.get_function_args(arg)))
+	end
+end

luci-app-passwall/po/zh-cn/passwall.po

@@ -1150,6 +1150,54 @@ msgstr "SS AEAD节点使用类型"
 msgid "Trojan Node Use Type"
 msgstr "Trojan节点使用类型"
 
+msgid "Set the TUIC proxy server ip address"
+msgstr "指定远程TUIC服务器IP"
+
+msgid "TUIC User Password For Connect Remote Server"
+msgstr "用于远程TUIC服务器连接的密码"
+
+msgid "TUIC UserName For Local Socks"
+msgstr "用于本地Socks服务器连接的用户名"
+
+msgid "TUIC Password For Local Socks"
+msgstr "用于本地Socks服务器连接的密码"
+
+msgid "UDP relay mode"
+msgstr "UDP中继模式"
+
+msgid "Congestion control algorithm"
+msgstr "拥塞控制算法"
+
+msgid "Heartbeat interval(second)"
+msgstr "保活心跳包发送间隔（单位：秒）"
+
+msgid "Timeout for establishing a connection to server(second)"
+msgstr "连接超时时间（单位：秒）"
+
+msgid "Garbage collection interval(second)"
+msgstr "UDP数据包片残片清理间隔（单位：秒）"
+
+msgid "Garbage collection lifetime(second)"
+msgstr "UDP数据包残片在服务器的保留时间（单位：秒）"
+
+msgid "Disable SNI"
+msgstr "关闭SNI服务器名称指示"
+
+msgid "Enable 0-RTT QUIC handshake"
+msgstr "客户端启用 0-RTT QUIC 连接握手"
+
+msgid "TUIC send window"
+msgstr "发送窗口（无需确认即可发送的最大字节数：默认8Mb*2）"
+
+msgid "TUIC receive window"
+msgstr "接收窗口（无需确认即可接收的最大字节数：默认8Mb）"
+
+msgid "TUIC Maximum packet size the socks5 server can receive from external, in bytes"
+msgstr "TUIC socks5 服务器可以从外部接收的最大数据包大小（以字节为单位）"
+
+msgid "Set if the listening socket should be dual-stack"
+msgstr "设置监听套接字为双栈"
+
 msgid "<br />none: default, no masquerade, data sent is packets with no characteristics.<br />srtp: disguised as an SRTP packet, it will be recognized as video call data (such as FaceTime).<br />utp: packets disguised as uTP will be recognized as bittorrent downloaded data.<br />wechat-video: packets disguised as WeChat video calls.<br />dtls: disguised as DTLS 1.2 packet.<br />wireguard: disguised as a WireGuard packet. (not really WireGuard protocol)"
 msgstr "<br />none：默认值，不进行伪装，发送的数据是没有特征的数据包。<br />srtp：伪装成 SRTP 数据包，会被识别为视频通话数据（如 FaceTime）。<br />utp：伪装成 uTP 数据包，会被识别为 BT 下载数据。<br />wechat-video：伪装成微信视频通话的数据包。<br />dtls：伪装成 DTLS 1.2 数据包。<br />wireguard：伪装成 WireGuard 数据包。(并不是真正的 WireGuard 协议)"
 

luci-app-passwall/root/usr/share/passwall/app.sh

@@ -37,6 +37,7 @@ UTIL_XRAY=$LUA_UTIL_PATH/util_xray.lua
 UTIL_TROJAN=$LUA_UTIL_PATH/util_trojan.lua
 UTIL_NAIVE=$LUA_UTIL_PATH/util_naiveproxy.lua
 UTIL_HYSTERIA=$LUA_UTIL_PATH/util_hysteria.lua
+UTIL_TUIC=$LUA_UTIL_PATH/util_tuic.lua
 
 echolog() {
 	local d="$(date "+%Y-%m-%d %H:%M:%S")"
@@ -592,6 +593,10 @@ run_socks() {
 		lua $UTIL_HYSTERIA gen_config -node $node -local_socks_port $socks_port -server_host $server_host -server_port $port ${_extra_param} > $config_file
 		ln_run "$(first_type $(config_t_get global_app hysteria_file))" "hysteria" $log_file -c "$config_file" client
 	;;
+	tuic)
+		lua $UTIL_TUIC gen_config -node $node -local_addr $bind -local_port $socks_port -server_host $server_host -server_port $port > $config_file
+		ln_run "$(first_type tuic-client)" "tuic-client" $log_file -c "$config_file"
+	;;
 	esac
 
 	# http to socks
@@ -691,6 +696,9 @@ run_redir() {
 			lua $UTIL_HYSTERIA gen_config -node $node -local_udp_redir_port $local_port > $config_file
 			ln_run "$(first_type $(config_t_get global_app hysteria_file))" "hysteria" $log_file -c "$config_file" client
 		;;
+		tuic)
+			echolog "TUIC不支持UDP转发！"
+		;;
 		esac
 	;;
 	TCP)