mirror of
https://github.com/kenzok8/small.git
synced 2025-01-07 03:26:39 +08:00
update 2025-01-02 04:13:29
This commit is contained in:
parent
f9f6664967
commit
a79e1a6c11
@ -17,17 +17,6 @@ GLOBAL_ACL_PATH=${TMP_ACL_PATH}/default
|
||||
LOG_FILE=/tmp/log/$CONFIG.log
|
||||
APP_PATH=/usr/share/$CONFIG
|
||||
RULES_PATH=/usr/share/${CONFIG}/rules
|
||||
DNS_PORT=15353
|
||||
TUN_DNS="127.0.0.1#${DNS_PORT}"
|
||||
LOCAL_DNS=119.29.29.29,223.5.5.5
|
||||
DEFAULT_DNS=
|
||||
IPT_APPEND_DNS=
|
||||
ENABLED_DEFAULT_ACL=0
|
||||
PROXY_IPV6=0
|
||||
PROXY_IPV6_UDP=0
|
||||
resolve_dns=0
|
||||
use_tcp_node_resolve_dns=0
|
||||
use_udp_node_resolve_dns=0
|
||||
LUA_UTIL_PATH=/usr/lib/lua/luci/passwall
|
||||
UTIL_SINGBOX=$LUA_UTIL_PATH/util_sing-box.lua
|
||||
UTIL_SS=$LUA_UTIL_PATH/util_shadowsocks.lua
|
||||
@ -244,7 +233,11 @@ check_ver() {
|
||||
|
||||
get_new_port() {
|
||||
port=$1
|
||||
[ "$port" == "auto" ] && port=2082
|
||||
[ "$port" == "auto" ] && {
|
||||
port=2082
|
||||
local GET_NEW_PORT=$(get_cache_var "get_new_port")
|
||||
[ -n "${GET_NEW_PORT}" ] && port=${GET_NEW_PORT}
|
||||
}
|
||||
protocol=$(echo $2 | tr 'A-Z' 'a-z')
|
||||
result=$(check_port_exists $port $protocol)
|
||||
if [ "$result" != 0 ]; then
|
||||
@ -256,6 +249,7 @@ get_new_port() {
|
||||
fi
|
||||
get_new_port $temp $protocol
|
||||
else
|
||||
set_cache_var "get_new_port" "$port"
|
||||
echo $port
|
||||
fi
|
||||
}
|
||||
@ -379,7 +373,11 @@ set_cache_var() {
|
||||
local key="${1}"
|
||||
shift 1
|
||||
local val="$@"
|
||||
[ -n "${key}" ] && [ -n "${val}" ] && echo "${key}=\"${val}\"" >> $TMP_PATH/var
|
||||
[ -n "${key}" ] && [ -n "${val}" ] && {
|
||||
sed -i "/${key}=/d" $TMP_PATH/var >/dev/null 2>&1
|
||||
echo "${key}=\"${val}\"" >> $TMP_PATH/var
|
||||
eval ${key}=\"${val}\"
|
||||
}
|
||||
}
|
||||
|
||||
get_cache_var() {
|
||||
@ -389,6 +387,10 @@ get_cache_var() {
|
||||
}
|
||||
}
|
||||
|
||||
eval_cache_var() {
|
||||
[ -s "$TMP_PATH/var" ] && eval $(cat "$TMP_PATH/var")
|
||||
}
|
||||
|
||||
run_ipt2socks() {
|
||||
local flag proto tcp_tproxy local_port socks_address socks_port socks_username socks_password log_file
|
||||
local _extra_param=""
|
||||
@ -491,7 +493,7 @@ run_singbox() {
|
||||
esac
|
||||
[ -n "$remote_dns_client_ip" ] && _extra_param="${_extra_param} -remote_dns_client_ip ${remote_dns_client_ip}"
|
||||
[ "$remote_fakedns" = "1" ] && _extra_param="${_extra_param} -remote_dns_fake 1"
|
||||
_extra_param="${_extra_param} -tcp_proxy_way $tcp_proxy_way"
|
||||
_extra_param="${_extra_param} -tcp_proxy_way ${TCP_PROXY_WAY}"
|
||||
lua $UTIL_SINGBOX gen_config ${_extra_param} > $config_file
|
||||
ln_run "$(first_type $(config_t_get global_app singbox_file) sing-box)" "sing-box" $log_file run -c "$config_file"
|
||||
}
|
||||
@ -543,7 +545,7 @@ run_xray() {
|
||||
[ -n "$_doh_bootstrap" ] && _extra_param="${_extra_param} -remote_dns_doh_ip ${_doh_bootstrap}"
|
||||
_extra_param="${_extra_param} -remote_dns_doh_port ${_doh_port} -remote_dns_doh_url ${_doh_url} -remote_dns_doh_host ${_doh_host}"
|
||||
}
|
||||
_extra_param="${_extra_param} -tcp_proxy_way $tcp_proxy_way"
|
||||
_extra_param="${_extra_param} -tcp_proxy_way ${TCP_PROXY_WAY}"
|
||||
_extra_param="${_extra_param} -loglevel $loglevel"
|
||||
lua $UTIL_XRAY gen_config ${_extra_param} > $config_file
|
||||
ln_run "$(first_type $(config_t_get global_app ${type}_file) ${type})" ${type} $log_file run -c "$config_file"
|
||||
@ -762,7 +764,6 @@ run_redir() {
|
||||
}
|
||||
}
|
||||
[ "$bind" != "127.0.0.1" ] && echolog "${PROTO}节点:[$remarks],监听端口:$local_port"
|
||||
set_cache_var "${PROTO}_NODE_PORT" "${port}"
|
||||
|
||||
case "$PROTO" in
|
||||
UDP)
|
||||
@ -820,12 +821,11 @@ run_redir() {
|
||||
[ "$tcp_node_http_port" != "0" ] && tcp_node_http=1
|
||||
if [ $PROXY_IPV6 == "1" ]; then
|
||||
echolog "开启实验性IPv6透明代理(TProxy),请确认您的节点及类型支持IPv6!"
|
||||
PROXY_IPV6_UDP=1
|
||||
fi
|
||||
|
||||
if [ "$tcp_proxy_way" = "redirect" ]; then
|
||||
if [ "${TCP_PROXY_WAY}" = "redirect" ]; then
|
||||
can_ipt=$(echo "$REDIRECT_LIST" | grep "$type")
|
||||
elif [ "$tcp_proxy_way" = "tproxy" ]; then
|
||||
elif [ "${TCP_PROXY_WAY}" = "tproxy" ]; then
|
||||
can_ipt=$(echo "$TPROXY_LIST" | grep "$type")
|
||||
fi
|
||||
[ -z "$can_ipt" ] && type="socks"
|
||||
@ -879,14 +879,14 @@ run_redir() {
|
||||
}
|
||||
|
||||
[ "${DNS_MODE}" = "sing-box" ] && {
|
||||
resolve_dns=1
|
||||
NO_PLUGIN_DNS=1
|
||||
config_file=$(echo $config_file | sed "s/.json/_DNS.json/g")
|
||||
_args="${_args} remote_dns_query_strategy=${REMOTE_DNS_QUERY_STRATEGY}"
|
||||
DNSMASQ_FILTER_PROXY_IPV6=0
|
||||
local _remote_dns_client_ip=$(config_t_get global remote_dns_client_ip)
|
||||
[ -n "${_remote_dns_client_ip}" ] && _args="${_args} remote_dns_client_ip=${_remote_dns_client_ip}"
|
||||
[ "${DNS_CACHE}" == "0" ] && _args="${_args} dns_cache=0"
|
||||
resolve_dns_port=${dns_listen_port}
|
||||
resolve_dns_port=${NEXT_DNS_LISTEN_PORT}
|
||||
_args="${_args} dns_listen_port=${resolve_dns_port}"
|
||||
|
||||
case "$(config_t_get global direct_dns_mode "auto")" in
|
||||
@ -922,7 +922,7 @@ run_redir() {
|
||||
_args="${_args} remote_fakedns=1"
|
||||
resolve_dns_log="${resolve_dns_log} + FakeDNS"
|
||||
}
|
||||
dns_listen_port=$(expr $dns_listen_port + 1)
|
||||
NEXT_DNS_LISTEN_PORT=$(expr $NEXT_DNS_LISTEN_PORT + 1)
|
||||
}
|
||||
run_singbox flag=$_flag node=$node tcp_redir_port=$local_port config_file=$config_file log_file=$log_file ${_args}
|
||||
;;
|
||||
@ -957,14 +957,14 @@ run_redir() {
|
||||
}
|
||||
|
||||
[ "${DNS_MODE}" = "xray" ] && {
|
||||
resolve_dns=1
|
||||
NO_PLUGIN_DNS=1
|
||||
config_file=$(echo $config_file | sed "s/.json/_DNS.json/g")
|
||||
_args="${_args} remote_dns_query_strategy=${REMOTE_DNS_QUERY_STRATEGY}"
|
||||
DNSMASQ_FILTER_PROXY_IPV6=0
|
||||
local _remote_dns_client_ip=$(config_t_get global remote_dns_client_ip)
|
||||
[ -n "${_remote_dns_client_ip}" ] && _args="${_args} remote_dns_client_ip=${_remote_dns_client_ip}"
|
||||
[ "${DNS_CACHE}" == "0" ] && _args="${_args} dns_cache=0"
|
||||
resolve_dns_port=${dns_listen_port}
|
||||
resolve_dns_port=${NEXT_DNS_LISTEN_PORT}
|
||||
_args="${_args} dns_listen_port=${resolve_dns_port}"
|
||||
_args="${_args} remote_dns_tcp_server=${REMOTE_DNS}"
|
||||
if [ "$v2ray_dns_mode" = "tcp+doh" ]; then
|
||||
@ -980,12 +980,12 @@ run_redir() {
|
||||
_args="${_args} remote_fakedns=1"
|
||||
resolve_dns_log="${resolve_dns_log} + FakeDNS"
|
||||
}
|
||||
dns_listen_port=$(expr $dns_listen_port + 1)
|
||||
NEXT_DNS_LISTEN_PORT=$(expr $NEXT_DNS_LISTEN_PORT + 1)
|
||||
}
|
||||
run_xray flag=$_flag node=$node tcp_redir_port=$local_port config_file=$config_file log_file=$log_file ${_args}
|
||||
;;
|
||||
trojan*)
|
||||
[ "$tcp_proxy_way" = "tproxy" ] && lua_tproxy_arg="-use_tproxy true"
|
||||
[ "${TCP_PROXY_WAY}" = "tproxy" ] && lua_tproxy_arg="-use_tproxy true"
|
||||
[ "$TCP_UDP" = "1" ] && {
|
||||
config_file=$(echo $config_file | sed "s/TCP/TCP_UDP/g")
|
||||
UDP_REDIR_PORT=$TCP_REDIR_PORT
|
||||
@ -1000,7 +1000,7 @@ run_redir() {
|
||||
ln_run "$(first_type naive)" naive $log_file "$config_file"
|
||||
;;
|
||||
ssr)
|
||||
[ "$tcp_proxy_way" = "tproxy" ] && lua_tproxy_arg="-tcp_tproxy true"
|
||||
[ "${TCP_PROXY_WAY}" = "tproxy" ] && lua_tproxy_arg="-tcp_tproxy true"
|
||||
[ "$TCP_UDP" = "1" ] && {
|
||||
config_file=$(echo $config_file | sed "s/TCP/TCP_UDP/g")
|
||||
UDP_REDIR_PORT=$TCP_REDIR_PORT
|
||||
@ -1011,7 +1011,7 @@ run_redir() {
|
||||
ln_run "$(first_type ssr-redir)" "ssr-redir" $log_file -c "$config_file" -v ${_extra_param}
|
||||
;;
|
||||
ss)
|
||||
[ "$tcp_proxy_way" = "tproxy" ] && lua_tproxy_arg="-tcp_tproxy true"
|
||||
[ "${TCP_PROXY_WAY}" = "tproxy" ] && lua_tproxy_arg="-tcp_tproxy true"
|
||||
lua_mode_arg="-mode tcp_only"
|
||||
[ "$TCP_UDP" = "1" ] && {
|
||||
config_file=$(echo $config_file | sed "s/TCP/TCP_UDP/g")
|
||||
@ -1024,7 +1024,7 @@ run_redir() {
|
||||
;;
|
||||
ss-rust)
|
||||
local _extra_param="-local_tcp_redir_port $local_port"
|
||||
[ "$tcp_proxy_way" = "tproxy" ] && _extra_param="${_extra_param} -tcp_tproxy true"
|
||||
[ "${TCP_PROXY_WAY}" = "tproxy" ] && _extra_param="${_extra_param} -tcp_tproxy true"
|
||||
[ "$tcp_node_socks" = "1" ] && {
|
||||
tcp_node_socks_flag=1
|
||||
config_file=$(echo $config_file | sed "s/TCP/TCP_SOCKS/g")
|
||||
@ -1062,7 +1062,7 @@ run_redir() {
|
||||
unset UDP_NODE
|
||||
_extra_param="${_extra_param} -local_udp_redir_port $local_port"
|
||||
}
|
||||
_extra_param="${_extra_param} -tcp_proxy_way $tcp_proxy_way"
|
||||
_extra_param="${_extra_param} -tcp_proxy_way ${TCP_PROXY_WAY}"
|
||||
lua $UTIL_HYSTERIA2 gen_config -node $node ${_extra_param} > $config_file
|
||||
ln_run "$(first_type $(config_t_get global_app hysteria_file))" "hysteria" $log_file -c "$config_file" client
|
||||
;;
|
||||
@ -1075,7 +1075,7 @@ run_redir() {
|
||||
unset UDP_NODE
|
||||
}
|
||||
local _socks_tproxy=""
|
||||
[ "$tcp_proxy_way" = "tproxy" ] && _socks_tproxy="1"
|
||||
[ "${TCP_PROXY_WAY}" = "tproxy" ] && _socks_tproxy="1"
|
||||
run_ipt2socks flag=default proto=${_flag} tcp_tproxy=${_socks_tproxy} local_port=${local_port} socks_address=${_socks_address} socks_port=${_socks_port} socks_username=${_socks_username} socks_password=${_socks_password} log_file=${log_file}
|
||||
fi
|
||||
|
||||
@ -1356,12 +1356,12 @@ start_dns() {
|
||||
|
||||
#当全局(包括访问控制节点)开启chinadns-ng时,不启动新进程。
|
||||
[ "$DNS_SHUNT" != "chinadns-ng" ] || [ "$ACL_RULE_DNSMASQ" = "1" ] && {
|
||||
LOCAL_DNS="127.0.0.1#${dns_listen_port}"
|
||||
LOCAL_DNS="127.0.0.1#${NEXT_DNS_LISTEN_PORT}"
|
||||
local china_ng_c_dns="tcp://$(get_first_dns DIRECT_DNS 53 | sed 's/:/#/g')"
|
||||
ln_run "$(first_type chinadns-ng)" chinadns-ng "/dev/null" -b 127.0.0.1 -l ${dns_listen_port} -c ${china_ng_c_dns} -d chn
|
||||
ln_run "$(first_type chinadns-ng)" chinadns-ng "/dev/null" -b 127.0.0.1 -l ${NEXT_DNS_LISTEN_PORT} -c ${china_ng_c_dns} -d chn
|
||||
echolog " - ChinaDNS-NG(${LOCAL_DNS}) -> ${china_ng_c_dns}"
|
||||
echolog " * 请确保上游直连 DNS 支持 TCP 查询。"
|
||||
dns_listen_port=$(expr $dns_listen_port + 1)
|
||||
NEXT_DNS_LISTEN_PORT=$(expr $NEXT_DNS_LISTEN_PORT + 1)
|
||||
}
|
||||
;;
|
||||
dot)
|
||||
@ -1371,11 +1371,11 @@ start_dns() {
|
||||
|
||||
#当全局(包括访问控制节点)开启chinadns-ng时,不启动新进程。
|
||||
[ "$DNS_SHUNT" != "chinadns-ng" ] || [ "$ACL_RULE_DNSMASQ" = "1" ] && {
|
||||
LOCAL_DNS="127.0.0.1#${dns_listen_port}"
|
||||
ln_run "$(first_type chinadns-ng)" chinadns-ng "/dev/null" -b 127.0.0.1 -l ${dns_listen_port} -c ${DIRECT_DNS} -d chn
|
||||
LOCAL_DNS="127.0.0.1#${NEXT_DNS_LISTEN_PORT}"
|
||||
ln_run "$(first_type chinadns-ng)" chinadns-ng "/dev/null" -b 127.0.0.1 -l ${NEXT_DNS_LISTEN_PORT} -c ${DIRECT_DNS} -d chn
|
||||
echolog " - ChinaDNS-NG(${LOCAL_DNS}) -> ${DIRECT_DNS}"
|
||||
echolog " * 请确保上游直连 DNS 支持 DoT 查询。"
|
||||
dns_listen_port=$(expr $dns_listen_port + 1)
|
||||
NEXT_DNS_LISTEN_PORT=$(expr $NEXT_DNS_LISTEN_PORT + 1)
|
||||
}
|
||||
|
||||
local tmp_dot_ip=$(echo "$DIRECT_DNS" | sed -n 's/.*:\/\/\([^@#]*@\)*\([^@#]*\).*/\2/p')
|
||||
@ -1407,18 +1407,18 @@ start_dns() {
|
||||
# 排除127.0.0.1的条目
|
||||
IPT_APPEND_DNS=$(echo "$IPT_APPEND_DNS" | awk -F',' '{for(i=1;i<=NF;i++) if($i !~ /^127\.0\.0\.1/) printf (i>1?",":"") $i; print ""}' | sed 's/^,\|,$//g')
|
||||
|
||||
TUN_DNS="127.0.0.1#${dns_listen_port}"
|
||||
[ "${resolve_dns}" == "1" ] && TUN_DNS="127.0.0.1#${resolve_dns_port}"
|
||||
TUN_DNS="127.0.0.1#${NEXT_DNS_LISTEN_PORT}"
|
||||
[ -n "${NO_PLUGIN_DNS}" ] && TUN_DNS="127.0.0.1#${resolve_dns_port}"
|
||||
|
||||
case "$DNS_MODE" in
|
||||
dns2socks)
|
||||
local dns2socks_socks_server=$(echo $(config_t_get global socks_server 127.0.0.1:1080) | sed "s/#/:/g")
|
||||
local dns2socks_forward=$(get_first_dns REMOTE_DNS 53 | sed 's/#/:/g')
|
||||
run_dns2socks socks=$dns2socks_socks_server listen_address=127.0.0.1 listen_port=${dns_listen_port} dns=$dns2socks_forward cache=$DNS_CACHE
|
||||
run_dns2socks socks=$dns2socks_socks_server listen_address=127.0.0.1 listen_port=${NEXT_DNS_LISTEN_PORT} dns=$dns2socks_forward cache=$DNS_CACHE
|
||||
echolog " - dns2socks(${TUN_DNS}),${dns2socks_socks_server} -> tcp://${dns2socks_forward}"
|
||||
;;
|
||||
sing-box)
|
||||
[ "${resolve_dns}" == "0" ] && {
|
||||
[ -z "${NO_PLUGIN_DNS}" ] && {
|
||||
local config_file=$TMP_PATH/DNS.json
|
||||
local log_file=$TMP_PATH/DNS.log
|
||||
local log_file=/dev/null
|
||||
@ -1428,9 +1428,9 @@ start_dns() {
|
||||
DNSMASQ_FILTER_PROXY_IPV6=0
|
||||
local _remote_dns_client_ip=$(config_t_get global remote_dns_client_ip)
|
||||
[ -n "${_remote_dns_client_ip}" ] && _args="${_args} remote_dns_client_ip=${_remote_dns_client_ip}"
|
||||
use_tcp_node_resolve_dns=1
|
||||
TCP_PROXY_DNS=1
|
||||
local v2ray_dns_mode=$(config_t_get global v2ray_dns_mode tcp)
|
||||
_args="${_args} dns_listen_port=${dns_listen_port}"
|
||||
_args="${_args} dns_listen_port=${NEXT_DNS_LISTEN_PORT}"
|
||||
_args="${_args} remote_dns_protocol=${v2ray_dns_mode}"
|
||||
case "$v2ray_dns_mode" in
|
||||
tcp)
|
||||
@ -1453,7 +1453,7 @@ start_dns() {
|
||||
}
|
||||
;;
|
||||
xray)
|
||||
[ "${resolve_dns}" == "0" ] && {
|
||||
[ -z "${NO_PLUGIN_DNS}" ] && {
|
||||
local config_file=$TMP_PATH/DNS.json
|
||||
local log_file=$TMP_PATH/DNS.log
|
||||
local log_file=/dev/null
|
||||
@ -1463,8 +1463,8 @@ start_dns() {
|
||||
DNSMASQ_FILTER_PROXY_IPV6=0
|
||||
local _remote_dns_client_ip=$(config_t_get global remote_dns_client_ip)
|
||||
[ -n "${_remote_dns_client_ip}" ] && _args="${_args} remote_dns_client_ip=${_remote_dns_client_ip}"
|
||||
use_tcp_node_resolve_dns=1
|
||||
_args="${_args} dns_listen_port=${dns_listen_port}"
|
||||
TCP_PROXY_DNS=1
|
||||
_args="${_args} dns_listen_port=${NEXT_DNS_LISTEN_PORT}"
|
||||
_args="${_args} remote_dns_tcp_server=${REMOTE_DNS}"
|
||||
local v2ray_dns_mode=$(config_t_get global v2ray_dns_mode tcp)
|
||||
if [ "$v2ray_dns_mode" = "tcp+doh" ]; then
|
||||
@ -1483,9 +1483,9 @@ start_dns() {
|
||||
}
|
||||
;;
|
||||
dot)
|
||||
use_tcp_node_resolve_dns=1
|
||||
TCP_PROXY_DNS=1
|
||||
if [ "$chinadns_tls" != "nil" ]; then
|
||||
local china_ng_listen_port=${dns_listen_port}
|
||||
local china_ng_listen_port=${NEXT_DNS_LISTEN_PORT}
|
||||
local china_ng_trust_dns=$(config_t_get global remote_dns_dot "tls://dns.google@8.8.4.4")
|
||||
local tmp_dot_ip=$(echo "$china_ng_trust_dns" | sed -n 's/.*:\/\/\([^@#]*@\)*\([^@#]*\).*/\2/p')
|
||||
local tmp_dot_port=$(echo "$china_ng_trust_dns" | sed -n 's/.*#\([0-9]\+\).*/\1/p')
|
||||
@ -1498,7 +1498,7 @@ start_dns() {
|
||||
else
|
||||
echolog " - 你的ChinaDNS-NG版本不支持DoT,远程DNS将默认使用tcp://1.1.1.1"
|
||||
REMOTE_DNS="1.1.1.1"
|
||||
local china_ng_listen_port=${dns_listen_port}
|
||||
local china_ng_listen_port=${NEXT_DNS_LISTEN_PORT}
|
||||
local china_ng_trust_dns="tcp://${REMOTE_DNS}"
|
||||
[ "$DNS_SHUNT" != "chinadns-ng" ] && {
|
||||
[ "$FILTER_PROXY_IPV6" = "1" ] && DNSMASQ_FILTER_PROXY_IPV6=0 && local no_ipv6_trust="-N"
|
||||
@ -1508,8 +1508,8 @@ start_dns() {
|
||||
fi
|
||||
;;
|
||||
udp)
|
||||
use_udp_node_resolve_dns=1
|
||||
local china_ng_listen_port=${dns_listen_port}
|
||||
UDP_PROXY_DNS=1
|
||||
local china_ng_listen_port=${NEXT_DNS_LISTEN_PORT}
|
||||
local china_ng_trust_dns="udp://$(get_first_dns REMOTE_DNS 53 | sed 's/:/#/g')"
|
||||
if [ "$DNS_SHUNT" != "chinadns-ng" ] && [ "$FILTER_PROXY_IPV6" = "1" ]; then
|
||||
DNSMASQ_FILTER_PROXY_IPV6=0
|
||||
@ -1522,8 +1522,8 @@ start_dns() {
|
||||
fi
|
||||
;;
|
||||
tcp)
|
||||
use_tcp_node_resolve_dns=1
|
||||
local china_ng_listen_port=${dns_listen_port}
|
||||
TCP_PROXY_DNS=1
|
||||
local china_ng_listen_port=${NEXT_DNS_LISTEN_PORT}
|
||||
local china_ng_trust_dns="tcp://$(get_first_dns REMOTE_DNS 53 | sed 's/:/#/g')"
|
||||
[ "$DNS_SHUNT" != "chinadns-ng" ] && {
|
||||
[ "$FILTER_PROXY_IPV6" = "1" ] && DNSMASQ_FILTER_PROXY_IPV6=0 && local no_ipv6_trust="-N"
|
||||
@ -1535,8 +1535,8 @@ start_dns() {
|
||||
|
||||
[ -n "${resolve_dns_log}" ] && echolog " - ${resolve_dns_log}"
|
||||
|
||||
[ "${use_tcp_node_resolve_dns}" = "1" ] && echolog " * 请确认上游 DNS 支持 TCP/DoT/DoH 查询,如非直连地址,确保 TCP 代理打开,并且已经正确转发!"
|
||||
[ "${use_udp_node_resolve_dns}" = "1" ] && echolog " * 请确认上游 DNS 支持 UDP 查询并已使用 UDP 节点,如上游 DNS 非直连地址,确保 UDP 代理打开,并且已经正确转发!"
|
||||
[ -n "${TCP_PROXY_DNS}" ] && echolog " * 请确认上游 DNS 支持 TCP/DoT/DoH 查询,如非直连地址,确保 TCP 代理打开,并且已经正确转发!"
|
||||
[ -n "${UDP_PROXY_DNS}" ] && echolog " * 请确认上游 DNS 支持 UDP 查询并已使用 UDP 节点,如上游 DNS 非直连地址,确保 UDP 代理打开,并且已经正确转发!"
|
||||
|
||||
[ "${DNS_SHUNT}" = "smartdns" ] && {
|
||||
if command -v smartdns > /dev/null 2>&1; then
|
||||
@ -1572,7 +1572,7 @@ start_dns() {
|
||||
fi
|
||||
|
||||
[ "$FILTER_PROXY_IPV6" = "1" ] && DNSMASQ_FILTER_PROXY_IPV6=0
|
||||
[ -z "${china_ng_listen_port}" ] && local china_ng_listen_port=$(expr $dns_listen_port + 1)
|
||||
[ -z "${china_ng_listen_port}" ] && local china_ng_listen_port=$(expr $NEXT_DNS_LISTEN_PORT + 1)
|
||||
local china_ng_listen="127.0.0.1#${china_ng_listen_port}"
|
||||
[ -z "${china_ng_trust_dns}" ] && local china_ng_trust_dns=${TUN_DNS}
|
||||
|
||||
@ -1861,7 +1861,7 @@ acl_app() {
|
||||
local dnsmasq_conf=${acl_path}/dnsmasq.conf
|
||||
local dnsmasq_conf_path=${acl_path}/dnsmasq.d
|
||||
lua $APP_PATH/helper_dnsmasq.lua add_rule -FLAG ${sid} -TMP_DNSMASQ_PATH ${dnsmasq_conf_path} -DNSMASQ_CONF_FILE ${dnsmasq_conf} \
|
||||
-LISTEN_PORT ${dnsmasq_port} -DEFAULT_DNS $DEFAULT_DNS -LOCAL_DNS $LOCAL_DNS \
|
||||
-LISTEN_PORT ${dnsmasq_port} -DEFAULT_DNS ${DEFAULT_DNS} -LOCAL_DNS $LOCAL_DNS \
|
||||
-USE_DIRECT_LIST "${use_direct_list}" -USE_PROXY_LIST "${use_proxy_list}" -USE_BLOCK_LIST "${use_block_list}" -USE_GFW_LIST "${use_gfw_list}" -CHN_LIST "${chn_list}" \
|
||||
-TUN_DNS "127.0.0.1#${_dns_port}" -REMOTE_FAKEDNS 0 -USE_DEFAULT_DNS "${use_default_dns:-direct}" -CHINADNS_DNS ${_china_ng_listen:-0} \
|
||||
-TCP_NODE $tcp_node -DEFAULT_PROXY_MODE ${tcp_proxy_mode} -NO_PROXY_IPV6 ${dnsmasq_filter_proxy_ipv6:-0} -NFTFLAG ${nftflag:-0} \
|
||||
@ -1990,6 +1990,10 @@ acl_app() {
|
||||
}
|
||||
|
||||
start() {
|
||||
mkdir -p /tmp/etc $TMP_PATH $TMP_BIN_PATH $TMP_SCRIPT_FUNC_PATH $TMP_ROUTE_PATH $TMP_ACL_PATH $TMP_PATH2
|
||||
get_config
|
||||
export V2RAY_LOCATION_ASSET=$(config_t_get global_rules v2ray_location_asset "/usr/share/v2ray/")
|
||||
export XRAY_LOCATION_ASSET=$V2RAY_LOCATION_ASSET
|
||||
ulimit -n 65535
|
||||
start_haproxy
|
||||
start_socks
|
||||
@ -2060,14 +2064,12 @@ start() {
|
||||
|
||||
stop() {
|
||||
clean_log
|
||||
[ -n "$($(source $APP_PATH/iptables.sh get_ipt_bin) -t mangle -t nat -L -nv 2>/dev/null | grep "PSW")" ] && source $APP_PATH/iptables.sh stop
|
||||
[ -n "$(nft list chains 2>/dev/null | grep "PSW")" ] && source $APP_PATH/nftables.sh stop
|
||||
eval_cache_var
|
||||
[ -n "$USE_TABLES" ] && source $APP_PATH/${USE_TABLES}.sh stop
|
||||
delete_ip2route
|
||||
kill_all v2ray-plugin obfs-local
|
||||
pgrep -f "sleep.*(6s|9s|58s)" | xargs kill -9 >/dev/null 2>&1
|
||||
pgrep -af "${CONFIG}/" | awk '! /app\.sh|subscribe\.lua|rule_update\.lua|tasks\.sh|ujail/{print $1}' | xargs kill -9 >/dev/null 2>&1
|
||||
unset V2RAY_LOCATION_ASSET
|
||||
unset XRAY_LOCATION_ASSET
|
||||
stop_crontab
|
||||
source $APP_PATH/helper_smartdns.sh del
|
||||
rm -rf $GLOBAL_DNSMASQ_CONF
|
||||
@ -2081,14 +2083,12 @@ stop() {
|
||||
uci -q delete ${CONFIG}.@global[0].dnsmasq_dns_redirect
|
||||
uci -q commit ${CONFIG}
|
||||
}
|
||||
if [ -z "$(get_cache_var "ACL_default_dns_port")" ] || [ -n "${bak_dnsmasq_dns_redirect}" ]; then
|
||||
if [ -z "${ACL_default_dns_port}" ] || [ -n "${bak_dnsmasq_dns_redirect}" ]; then
|
||||
uci -q del_list dhcp.@dnsmasq[0].addnmount="${GLOBAL_DNSMASQ_CONF_PATH}"
|
||||
uci -q commit dhcp
|
||||
lua $APP_PATH/helper_dnsmasq.lua restart -LOG 0
|
||||
fi
|
||||
bak_bridge_nf_ipt=$(get_cache_var "bak_bridge_nf_ipt")
|
||||
[ -n "${bak_bridge_nf_ipt}" ] && sysctl -w net.bridge.bridge-nf-call-iptables=${bak_bridge_nf_ipt} >/dev/null 2>&1
|
||||
bak_bridge_nf_ip6t=$(get_cache_var "bak_bridge_nf_ip6t")
|
||||
[ -n "${bak_bridge_nf_ip6t}" ] && sysctl -w net.bridge.bridge-nf-call-ip6tables=${bak_bridge_nf_ip6t} >/dev/null 2>&1
|
||||
}
|
||||
rm -rf $TMP_PATH
|
||||
@ -2097,97 +2097,97 @@ stop() {
|
||||
exit 0
|
||||
}
|
||||
|
||||
ENABLED=$(config_t_get global enabled 0)
|
||||
SOCKS_ENABLED=$(config_t_get global socks_enabled 0)
|
||||
TCP_REDIR_PORT=1041
|
||||
TCP_NODE=$(config_t_get global tcp_node)
|
||||
UDP_REDIR_PORT=1051
|
||||
UDP_NODE=$(config_t_get global udp_node)
|
||||
TCP_UDP=0
|
||||
if [ "$UDP_NODE" == "tcp" ]; then
|
||||
UDP_NODE=$TCP_NODE
|
||||
TCP_UDP=1
|
||||
elif [ "$UDP_NODE" == "$TCP_NODE" ]; then
|
||||
TCP_UDP=1
|
||||
fi
|
||||
[ "$ENABLED" == 1 ] && {
|
||||
[ -n "$TCP_NODE" ] && [ "$(config_get_type $TCP_NODE)" == "nodes" ] && ENABLED_DEFAULT_ACL=1
|
||||
[ -n "$UDP_NODE" ] && [ "$(config_get_type $UDP_NODE)" == "nodes" ] && ENABLED_DEFAULT_ACL=1
|
||||
}
|
||||
ENABLED_ACLS=$(config_t_get global acl_enable 0)
|
||||
[ "$ENABLED_ACLS" == 1 ] && {
|
||||
[ "$(uci show ${CONFIG} | grep "@acl_rule" | grep "enabled='1'" | wc -l)" == 0 ] && ENABLED_ACLS=0
|
||||
}
|
||||
|
||||
tcp_proxy_way=$(config_t_get global_forwarding tcp_proxy_way redirect)
|
||||
PROXY_IPV6=$(config_t_get global_forwarding ipv6_tproxy 0)
|
||||
TCP_REDIR_PORTS=$(config_t_get global_forwarding tcp_redir_ports '80,443')
|
||||
UDP_REDIR_PORTS=$(config_t_get global_forwarding udp_redir_ports '1:65535')
|
||||
TCP_NO_REDIR_PORTS=$(config_t_get global_forwarding tcp_no_redir_ports 'disable')
|
||||
UDP_NO_REDIR_PORTS=$(config_t_get global_forwarding udp_no_redir_ports 'disable')
|
||||
TCP_PROXY_DROP_PORTS=$(config_t_get global_forwarding tcp_proxy_drop_ports 'disable')
|
||||
UDP_PROXY_DROP_PORTS=$(config_t_get global_forwarding udp_proxy_drop_ports '80,443')
|
||||
USE_DIRECT_LIST=$(config_t_get global use_direct_list 1)
|
||||
USE_PROXY_LIST=$(config_t_get global use_proxy_list 1)
|
||||
USE_BLOCK_LIST=$(config_t_get global use_block_list 1)
|
||||
USE_GFW_LIST=$(config_t_get global use_gfw_list 1)
|
||||
CHN_LIST=$(config_t_get global chn_list direct)
|
||||
TCP_PROXY_MODE=$(config_t_get global tcp_proxy_mode proxy)
|
||||
UDP_PROXY_MODE=$(config_t_get global udp_proxy_mode proxy)
|
||||
[ "${TCP_PROXY_MODE}" != "disable" ] && TCP_PROXY_MODE="proxy"
|
||||
[ "${UDP_PROXY_MODE}" != "disable" ] && UDP_PROXY_MODE="proxy"
|
||||
LOCALHOST_PROXY=$(config_t_get global localhost_proxy 1)
|
||||
[ "${LOCALHOST_PROXY}" == 1 ] && {
|
||||
LOCALHOST_TCP_PROXY_MODE=$TCP_PROXY_MODE
|
||||
LOCALHOST_UDP_PROXY_MODE=$UDP_PROXY_MODE
|
||||
}
|
||||
CLIENT_PROXY=$(config_t_get global client_proxy 1)
|
||||
DNS_SHUNT=$(config_t_get global dns_shunt dnsmasq)
|
||||
[ -z "$(first_type $DNS_SHUNT)" ] && DNS_SHUNT="dnsmasq"
|
||||
DNS_MODE=$(config_t_get global dns_mode tcp)
|
||||
SMARTDNS_DNS_MODE=$(config_t_get global smartdns_dns_mode socks)
|
||||
[ "$DNS_SHUNT" = "smartdns" ] && DNS_MODE=$SMARTDNS_DNS_MODE
|
||||
DNS_CACHE=0
|
||||
REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
|
||||
USE_DEFAULT_DNS=$(config_t_get global use_default_dns direct)
|
||||
FILTER_PROXY_IPV6=$(config_t_get global filter_proxy_ipv6 0)
|
||||
DNS_REDIRECT=$(config_t_get global dns_redirect 1)
|
||||
dns_listen_port=${DNS_PORT}
|
||||
|
||||
REDIRECT_LIST="socks ss ss-rust ssr sing-box xray trojan-plus naiveproxy hysteria2"
|
||||
TPROXY_LIST="socks ss ss-rust ssr sing-box xray trojan-plus hysteria2"
|
||||
RESOLVFILE=/tmp/resolv.conf.d/resolv.conf.auto
|
||||
[ -f "${RESOLVFILE}" ] && [ -s "${RESOLVFILE}" ] || RESOLVFILE=/tmp/resolv.conf.auto
|
||||
|
||||
ISP_DNS=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort -u | grep -v 0.0.0.0 | grep -v 127.0.0.1)
|
||||
ISP_DNS6=$(cat $RESOLVFILE 2>/dev/null | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | awk -F % '{print $1}' | awk -F " " '{print $2}'| sort -u | grep -v -Fx ::1 | grep -v -Fx ::)
|
||||
|
||||
DEFAULT_DNS=$(uci show dhcp.@dnsmasq[0] | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' '\n' | grep -v "\/" | head -2 | sed ':label;N;s/\n/,/;b label')
|
||||
[ -z "${DEFAULT_DNS}" ] && [ "$(echo $ISP_DNS | tr ' ' '\n' | wc -l)" -le 2 ] && DEFAULT_DNS=$(echo -n $ISP_DNS | tr ' ' '\n' | head -2 | tr '\n' ',' | sed 's/,$//')
|
||||
LOCAL_DNS="${DEFAULT_DNS:-119.29.29.29,223.5.5.5}"
|
||||
IPT_APPEND_DNS=${LOCAL_DNS}
|
||||
|
||||
DNSMASQ_CONF_DIR=/tmp/dnsmasq.d
|
||||
DEFAULT_DNSMASQ_CFGID="$(uci -q show "dhcp.@dnsmasq[0]" | awk 'NR==1 {split($0, conf, /[.=]/); print conf[2]}')"
|
||||
if [ -f "/tmp/etc/dnsmasq.conf.$DEFAULT_DNSMASQ_CFGID" ]; then
|
||||
DNSMASQ_CONF_DIR="$(awk -F '=' '/^conf-dir=/ {print $2}' "/tmp/etc/dnsmasq.conf.$DEFAULT_DNSMASQ_CFGID")"
|
||||
if [ -n "$DNSMASQ_CONF_DIR" ]; then
|
||||
DNSMASQ_CONF_DIR=${DNSMASQ_CONF_DIR%*/}
|
||||
else
|
||||
DNSMASQ_CONF_DIR="/tmp/dnsmasq.d"
|
||||
get_config() {
|
||||
ENABLED_DEFAULT_ACL=0
|
||||
TCP_REDIR_PORT=1041
|
||||
UDP_REDIR_PORT=1051
|
||||
ENABLED=$(config_t_get global enabled 0)
|
||||
SOCKS_ENABLED=$(config_t_get global socks_enabled 0)
|
||||
TCP_NODE=$(config_t_get global tcp_node)
|
||||
UDP_NODE=$(config_t_get global udp_node)
|
||||
TCP_UDP=0
|
||||
if [ "$UDP_NODE" == "tcp" ]; then
|
||||
UDP_NODE=$TCP_NODE
|
||||
TCP_UDP=1
|
||||
elif [ "$UDP_NODE" == "$TCP_NODE" ]; then
|
||||
TCP_UDP=1
|
||||
fi
|
||||
fi
|
||||
GLOBAL_DNSMASQ_CONF=${DNSMASQ_CONF_DIR}/dnsmasq-${CONFIG}.conf
|
||||
GLOBAL_DNSMASQ_CONF_PATH=${GLOBAL_ACL_PATH}/dnsmasq.d
|
||||
[ "$ENABLED" == 1 ] && {
|
||||
[ -n "$TCP_NODE" ] && [ "$(config_get_type $TCP_NODE)" == "nodes" ] && ENABLED_DEFAULT_ACL=1
|
||||
[ -n "$UDP_NODE" ] && [ "$(config_get_type $UDP_NODE)" == "nodes" ] && ENABLED_DEFAULT_ACL=1
|
||||
}
|
||||
ENABLED_ACLS=$(config_t_get global acl_enable 0)
|
||||
[ "$ENABLED_ACLS" == 1 ] && {
|
||||
[ "$(uci show ${CONFIG} | grep "@acl_rule" | grep "enabled='1'" | wc -l)" == 0 ] && ENABLED_ACLS=0
|
||||
}
|
||||
|
||||
DIRECT_DNS_QUERY_STRATEGY="UseIP"
|
||||
REMOTE_DNS_QUERY_STRATEGY="UseIP"
|
||||
[ "$FILTER_PROXY_IPV6" = "1" ] && REMOTE_DNS_QUERY_STRATEGY="UseIPv4"
|
||||
DNSMASQ_FILTER_PROXY_IPV6=${FILTER_PROXY_IPV6}
|
||||
TCP_PROXY_WAY=$(config_t_get global_forwarding tcp_proxy_way redirect)
|
||||
PROXY_IPV6=$(config_t_get global_forwarding ipv6_tproxy 0)
|
||||
TCP_REDIR_PORTS=$(config_t_get global_forwarding tcp_redir_ports '80,443')
|
||||
UDP_REDIR_PORTS=$(config_t_get global_forwarding udp_redir_ports '1:65535')
|
||||
TCP_NO_REDIR_PORTS=$(config_t_get global_forwarding tcp_no_redir_ports 'disable')
|
||||
UDP_NO_REDIR_PORTS=$(config_t_get global_forwarding udp_no_redir_ports 'disable')
|
||||
TCP_PROXY_DROP_PORTS=$(config_t_get global_forwarding tcp_proxy_drop_ports 'disable')
|
||||
UDP_PROXY_DROP_PORTS=$(config_t_get global_forwarding udp_proxy_drop_ports '80,443')
|
||||
USE_DIRECT_LIST=$(config_t_get global use_direct_list 1)
|
||||
USE_PROXY_LIST=$(config_t_get global use_proxy_list 1)
|
||||
USE_BLOCK_LIST=$(config_t_get global use_block_list 1)
|
||||
USE_GFW_LIST=$(config_t_get global use_gfw_list 1)
|
||||
CHN_LIST=$(config_t_get global chn_list direct)
|
||||
TCP_PROXY_MODE=$(config_t_get global tcp_proxy_mode proxy)
|
||||
UDP_PROXY_MODE=$(config_t_get global udp_proxy_mode proxy)
|
||||
[ "${TCP_PROXY_MODE}" != "disable" ] && TCP_PROXY_MODE="proxy"
|
||||
[ "${UDP_PROXY_MODE}" != "disable" ] && UDP_PROXY_MODE="proxy"
|
||||
LOCALHOST_PROXY=$(config_t_get global localhost_proxy 1)
|
||||
[ "${LOCALHOST_PROXY}" == 1 ] && {
|
||||
LOCALHOST_TCP_PROXY_MODE=$TCP_PROXY_MODE
|
||||
LOCALHOST_UDP_PROXY_MODE=$UDP_PROXY_MODE
|
||||
}
|
||||
CLIENT_PROXY=$(config_t_get global client_proxy 1)
|
||||
DNS_SHUNT=$(config_t_get global dns_shunt dnsmasq)
|
||||
[ -z "$(first_type $DNS_SHUNT)" ] && DNS_SHUNT="dnsmasq"
|
||||
DNS_MODE=$(config_t_get global dns_mode tcp)
|
||||
[ "$DNS_SHUNT" = "smartdns" ] && DNS_MODE=$(config_t_get global smartdns_dns_mode socks)
|
||||
REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
|
||||
USE_DEFAULT_DNS=$(config_t_get global use_default_dns direct)
|
||||
FILTER_PROXY_IPV6=$(config_t_get global filter_proxy_ipv6 0)
|
||||
DNS_REDIRECT=$(config_t_get global dns_redirect 1)
|
||||
|
||||
export V2RAY_LOCATION_ASSET=$(config_t_get global_rules v2ray_location_asset "/usr/share/v2ray/")
|
||||
export XRAY_LOCATION_ASSET=$V2RAY_LOCATION_ASSET
|
||||
mkdir -p /tmp/etc $TMP_PATH $TMP_BIN_PATH $TMP_SCRIPT_FUNC_PATH $TMP_ROUTE_PATH $TMP_ACL_PATH $TMP_PATH2
|
||||
REDIRECT_LIST="socks ss ss-rust ssr sing-box xray trojan-plus naiveproxy hysteria2"
|
||||
TPROXY_LIST="socks ss ss-rust ssr sing-box xray trojan-plus hysteria2"
|
||||
|
||||
NEXT_DNS_LISTEN_PORT=15353
|
||||
TUN_DNS="127.0.0.1#${NEXT_DNS_LISTEN_PORT}"
|
||||
DNS_CACHE=0
|
||||
DIRECT_DNS_QUERY_STRATEGY="UseIP"
|
||||
REMOTE_DNS_QUERY_STRATEGY="UseIP"
|
||||
[ "$FILTER_PROXY_IPV6" = "1" ] && REMOTE_DNS_QUERY_STRATEGY="UseIPv4"
|
||||
DNSMASQ_FILTER_PROXY_IPV6=${FILTER_PROXY_IPV6}
|
||||
|
||||
RESOLVFILE=/tmp/resolv.conf.d/resolv.conf.auto
|
||||
[ -f "${RESOLVFILE}" ] && [ -s "${RESOLVFILE}" ] || RESOLVFILE=/tmp/resolv.conf.auto
|
||||
|
||||
ISP_DNS=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort -u | grep -v 0.0.0.0 | grep -v 127.0.0.1)
|
||||
ISP_DNS6=$(cat $RESOLVFILE 2>/dev/null | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | awk -F % '{print $1}' | awk -F " " '{print $2}'| sort -u | grep -v -Fx ::1 | grep -v -Fx ::)
|
||||
|
||||
DEFAULT_DNS=$(uci show dhcp.@dnsmasq[0] | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' '\n' | grep -v "\/" | head -2 | sed ':label;N;s/\n/,/;b label')
|
||||
[ -z "${DEFAULT_DNS}" ] && [ "$(echo $ISP_DNS | tr ' ' '\n' | wc -l)" -le 2 ] && DEFAULT_DNS=$(echo -n $ISP_DNS | tr ' ' '\n' | head -2 | tr '\n' ',' | sed 's/,$//')
|
||||
LOCAL_DNS="${DEFAULT_DNS:-119.29.29.29,223.5.5.5}"
|
||||
IPT_APPEND_DNS=${LOCAL_DNS}
|
||||
|
||||
DNSMASQ_CONF_DIR=/tmp/dnsmasq.d
|
||||
DEFAULT_DNSMASQ_CFGID="$(uci -q show "dhcp.@dnsmasq[0]" | awk 'NR==1 {split($0, conf, /[.=]/); print conf[2]}')"
|
||||
if [ -f "/tmp/etc/dnsmasq.conf.$DEFAULT_DNSMASQ_CFGID" ]; then
|
||||
DNSMASQ_CONF_DIR="$(awk -F '=' '/^conf-dir=/ {print $2}' "/tmp/etc/dnsmasq.conf.$DEFAULT_DNSMASQ_CFGID")"
|
||||
if [ -n "$DNSMASQ_CONF_DIR" ]; then
|
||||
DNSMASQ_CONF_DIR=${DNSMASQ_CONF_DIR%*/}
|
||||
else
|
||||
DNSMASQ_CONF_DIR="/tmp/dnsmasq.d"
|
||||
fi
|
||||
fi
|
||||
set_cache_var GLOBAL_DNSMASQ_CONF ${DNSMASQ_CONF_DIR}/dnsmasq-${CONFIG}.conf
|
||||
set_cache_var GLOBAL_DNSMASQ_CONF_PATH ${GLOBAL_ACL_PATH}/dnsmasq.d
|
||||
}
|
||||
|
||||
arg1=$1
|
||||
shift
|
||||
@ -2195,31 +2195,28 @@ case $arg1 in
|
||||
add_ip2route)
|
||||
add_ip2route $@
|
||||
;;
|
||||
get_new_port)
|
||||
get_new_port $@
|
||||
;;
|
||||
run_socks)
|
||||
run_socks $@
|
||||
;;
|
||||
run_redir)
|
||||
run_redir $@
|
||||
;;
|
||||
socks_node_switch)
|
||||
socks_node_switch $@
|
||||
;;
|
||||
echolog)
|
||||
echolog $@
|
||||
;;
|
||||
get_new_port)
|
||||
get_new_port $@
|
||||
;;
|
||||
get_cache_var)
|
||||
get_cache_var $@
|
||||
;;
|
||||
set_cache_var)
|
||||
set_cache_var $@
|
||||
;;
|
||||
stop)
|
||||
stop
|
||||
run_socks)
|
||||
run_socks $@
|
||||
;;
|
||||
socks_node_switch)
|
||||
socks_node_switch $@
|
||||
;;
|
||||
start)
|
||||
start
|
||||
;;
|
||||
stop)
|
||||
stop
|
||||
;;
|
||||
esac
|
||||
|
@ -476,7 +476,7 @@ load_acl() {
|
||||
[ "${udp_proxy_mode}" != "disable" ] && $ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") -j PSW_RULE
|
||||
$ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(REDIRECT $udp_port TPROXY)
|
||||
|
||||
[ "$PROXY_IPV6" == "1" ] && [ "$PROXY_IPV6_UDP" == "1" ] && {
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
[ "${use_proxy_list}" = "1" ] && $ip6t_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") $(dst $black6_set_name) -j PSW_RULE 2>/dev/null
|
||||
[ "${use_gfw_list}" = "1" ] && $ip6t_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") $(dst $gfw6_set_name) -j PSW_RULE 2>/dev/null
|
||||
[ "${chn_list}" != "0" ] && $ip6t_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_CHN6) $(get_jump_ipt ${chn_list} "-j PSW_RULE") 2>/dev/null
|
||||
@ -653,7 +653,7 @@ load_acl() {
|
||||
[ "${UDP_PROXY_MODE}" != "disable" ] && $ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW_RULE
|
||||
$ipt_m -A PSW $(comment "默认") -p udp $(REDIRECT $UDP_REDIR_PORT TPROXY)
|
||||
|
||||
[ "$PROXY_IPV6" == "1" ] && [ "$PROXY_IPV6_UDP" == "1" ] && {
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && $ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACK6) -j PSW_RULE
|
||||
[ "${USE_GFW_LIST}" = "1" ] && $ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_GFW6) -j PSW_RULE
|
||||
[ "${CHN_LIST}" != "0" ] && $ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_CHN6) $(get_jump_ipt ${CHN_LIST} "-j PSW_RULE")
|
||||
@ -899,10 +899,9 @@ add_firewall_rule() {
|
||||
accept_icmp=$(config_t_get global_forwarding accept_icmp 0)
|
||||
accept_icmpv6=$(config_t_get global_forwarding accept_icmpv6 0)
|
||||
|
||||
local tcp_proxy_way=$(config_t_get global_forwarding tcp_proxy_way redirect)
|
||||
if [ "$tcp_proxy_way" = "redirect" ]; then
|
||||
if [ "${TCP_PROXY_WAY}" = "redirect" ]; then
|
||||
unset is_tproxy
|
||||
elif [ "$tcp_proxy_way" = "tproxy" ]; then
|
||||
elif [ "${TCP_PROXY_WAY}" = "tproxy" ]; then
|
||||
is_tproxy="TPROXY"
|
||||
fi
|
||||
|
||||
@ -1128,7 +1127,7 @@ add_firewall_rule() {
|
||||
echolog " - [$?]将上游 DNS 服务器 [${2}]:${3} 加入到路由器自身代理的 TCP 转发链,请确保您的节点支持IPv6,并开启IPv6透明代理!"
|
||||
fi
|
||||
}
|
||||
[ "$use_tcp_node_resolve_dns" == 1 ] && hosts_foreach REMOTE_DNS _proxy_tcp_access 53
|
||||
[ -n "${TCP_PROXY_DNS}" ] && hosts_foreach REMOTE_DNS _proxy_tcp_access 53
|
||||
|
||||
[ "$accept_icmp" = "1" ] && {
|
||||
$ipt_n -A OUTPUT -p icmp -j PSW_OUTPUT
|
||||
@ -1202,8 +1201,7 @@ add_firewall_rule() {
|
||||
echolog " - [$?]将上游 DNS 服务器 [${2}]:${3} 加入到路由器自身代理的 UDP 转发链,请确保您的节点支持IPv6,并开启IPv6透明代理!"
|
||||
fi
|
||||
}
|
||||
[ "$use_udp_node_resolve_dns" == 1 ] && hosts_foreach REMOTE_DNS _proxy_udp_access 53
|
||||
|
||||
[ -n "${UDP_PROXY_DNS}" ] && hosts_foreach REMOTE_DNS _proxy_udp_access 53
|
||||
[ -n "${LOCALHOST_UDP_PROXY_MODE}" ] && {
|
||||
$ipt_m -A PSW_OUTPUT -p udp -d $FAKE_IP -j PSW_RULE
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && $ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACK) -j PSW_RULE
|
||||
@ -1216,7 +1214,7 @@ add_firewall_rule() {
|
||||
$ipt_m -A PSW $(comment "本机") -p udp -i lo -j RETURN
|
||||
insert_rule_before "$ipt_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW) -p udp -j PSW_OUTPUT"
|
||||
|
||||
[ "$PROXY_IPV6" == "1" ] && [ "$PROXY_IPV6_UDP" == "1" ] && {
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
[ -n "$LOCALHOST_UDP_PROXY_MODE" ] && {
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && $ip6t_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACK6) -j PSW_RULE
|
||||
[ "${USE_GFW_LIST}" = "1" ] && $ip6t_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_GFW6) -j PSW_RULE
|
||||
|
@ -521,7 +521,7 @@ load_acl() {
|
||||
[ "${udp_proxy_mode}" != "disable" ] && nft "add rule $NFTABLE_NAME PSW_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") counter jump PSW_RULE comment \"$remarks\""
|
||||
nft "add rule $NFTABLE_NAME PSW_MANGLE ip protocol udp ${_ipt_source} $(REDIRECT $udp_port TPROXY4) comment \"$remarks\""
|
||||
|
||||
[ "$PROXY_IPV6" == "1" ] && [ "$PROXY_IPV6_UDP" == "1" ] && {
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
[ "${use_proxy_list}" = "1" ] && nft "add rule $NFTABLE_NAME PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") ip6 daddr @$black6_set_name counter jump PSW_RULE comment \"$remarks\"" 2>/dev/null
|
||||
[ "${use_gfw_list}" = "1" ] && nft "add rule $NFTABLE_NAME PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") ip6 daddr @$gfw6_set_name counter jump PSW_RULE comment \"$remarks\"" 2>/dev/null
|
||||
[ "${chn_list}" != "0" ] && nft "add rule $NFTABLE_NAME PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") ip6 daddr @$NFTSET_CHN6 $(get_jump_ipt ${chn_list} "counter jump PSW_RULE") comment \"$remarks\"" 2>/dev/null
|
||||
@ -704,7 +704,7 @@ load_acl() {
|
||||
nft "add rule $NFTABLE_NAME PSW_MANGLE ip protocol udp $(REDIRECT $UDP_REDIR_PORT TPROXY4) comment \"默认\""
|
||||
nft "add rule $NFTABLE_NAME PSW_MANGLE ip protocol udp counter return comment \"默认\""
|
||||
|
||||
[ "$PROXY_IPV6" == "1" ] && [ "$PROXY_IPV6_UDP" == "1" ] && {
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && nft "add rule $NFTABLE_NAME PSW_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") ip6 daddr @$NFTSET_BLACK6 counter jump PSW_RULE comment \"默认\""
|
||||
[ "${USE_GFW_LIST}" = "1" ] && nft "add rule $NFTABLE_NAME PSW_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") ip6 daddr @$NFTSET_GFW6 counter jump PSW_RULE comment \"默认\""
|
||||
[ "${CHN_LIST}" != "0" ] && nft "add rule $NFTABLE_NAME PSW_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") ip6 daddr @$NFTSET_CHN6 $(get_jump_ipt ${CHN_LIST} "counter jump PSW_RULE") comment \"默认\""
|
||||
@ -948,12 +948,11 @@ add_firewall_rule() {
|
||||
accept_icmp=$(config_t_get global_forwarding accept_icmp 0)
|
||||
accept_icmpv6=$(config_t_get global_forwarding accept_icmpv6 0)
|
||||
|
||||
local tcp_proxy_way=$(config_t_get global_forwarding tcp_proxy_way redirect)
|
||||
if [ "$tcp_proxy_way" = "redirect" ]; then
|
||||
if [ "${TCP_PROXY_WAY}" = "redirect" ]; then
|
||||
unset is_tproxy
|
||||
nft_prerouting_chain="PSW_NAT"
|
||||
nft_output_chain="PSW_OUTPUT_NAT"
|
||||
elif [ "$tcp_proxy_way" = "tproxy" ]; then
|
||||
elif [ "${TCP_PROXY_WAY}" = "tproxy" ]; then
|
||||
is_tproxy="TPROXY"
|
||||
nft_prerouting_chain="PSW_MANGLE"
|
||||
nft_output_chain="PSW_OUTPUT_MANGLE"
|
||||
@ -1176,7 +1175,7 @@ add_firewall_rule() {
|
||||
echolog " - [$?]将上游 DNS 服务器 [${2}]:${3} 加入到路由器自身代理的 TCP 转发链,请确保您的节点支持IPv6,并开启IPv6透明代理!"
|
||||
fi
|
||||
}
|
||||
[ "$use_tcp_node_resolve_dns" == 1 ] && hosts_foreach REMOTE_DNS _proxy_tcp_access 53
|
||||
[ "$TCP_PROXY_DNS" == 1 ] && hosts_foreach REMOTE_DNS _proxy_tcp_access 53
|
||||
|
||||
[ "$accept_icmp" = "1" ] && {
|
||||
nft "add rule $NFTABLE_NAME PSW_ICMP_REDIRECT oif lo ip protocol icmp ip daddr $FAKE_IP counter redirect"
|
||||
@ -1255,7 +1254,7 @@ add_firewall_rule() {
|
||||
echolog " - [$?]将上游 DNS 服务器 [${2}]:${3} 加入到路由器自身代理的 UDP 转发链,请确保您的节点支持IPv6,并开启IPv6透明代理!"
|
||||
fi
|
||||
}
|
||||
[ "$use_udp_node_resolve_dns" == 1 ] && hosts_foreach REMOTE_DNS _proxy_udp_access 53
|
||||
[ -n "${UDP_PROXY_DNS}" ] && hosts_foreach REMOTE_DNS _proxy_udp_access 53
|
||||
[ -n "${LOCALHOST_UDP_PROXY_MODE}" ] && {
|
||||
nft "add rule $NFTABLE_NAME PSW_OUTPUT_MANGLE ip protocol udp ip daddr $FAKE_IP counter jump PSW_RULE"
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && nft "add rule $NFTABLE_NAME PSW_OUTPUT_MANGLE ip protocol udp ip daddr @$NFTSET_BLACK $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW_RULE"
|
||||
@ -1268,7 +1267,7 @@ add_firewall_rule() {
|
||||
nft "add rule $NFTABLE_NAME PSW_MANGLE ip protocol udp iif lo counter return comment \"本机\""
|
||||
nft "add rule $NFTABLE_NAME mangle_output ip protocol udp counter jump PSW_OUTPUT_MANGLE comment \"PSW_OUTPUT_MANGLE\""
|
||||
|
||||
[ "$PROXY_IPV6" == "1" ] && [ "$PROXY_IPV6_UDP" == "1" ] && {
|
||||
[ "$PROXY_IPV6" == "1" ] && {
|
||||
[ -n "${LOCALHOST_UDP_PROXY_MODE}" ] && {
|
||||
[ "${USE_PROXY_LIST}" = "1" ] && nft "add rule $NFTABLE_NAME PSW_OUTPUT_MANGLE_V6 meta l4proto udp ip6 daddr @$NFTSET_BLACK6 $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW_RULE"
|
||||
[ "${USE_GFW_LIST}" = "1" ] && nft "add rule $NFTABLE_NAME PSW_OUTPUT_MANGLE_V6 meta l4proto udp ip6 daddr @$NFTSET_GFW6 $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW_RULE"
|
||||
|
Loading…
Reference in New Issue
Block a user