diff --git a/luci-app-mihomo/Makefile b/luci-app-mihomo/Makefile
index 196f40d4..c930c382 100644
--- a/luci-app-mihomo/Makefile
+++ b/luci-app-mihomo/Makefile
@@ -1,6 +1,6 @@
include $(TOPDIR)/rules.mk
-PKG_VERSION:=1.16.0
+PKG_VERSION:=1.17.0
LUCI_TITLE:=LuCI Support for mihomo
LUCI_DEPENDS:=+luci-base +mihomo
diff --git a/luci-app-mihomo/htdocs/luci-static/resources/view/mihomo/proxy.js b/luci-app-mihomo/htdocs/luci-static/resources/view/mihomo/proxy.js
index 6264ef3d..8c631f88 100644
--- a/luci-app-mihomo/htdocs/luci-static/resources/view/mihomo/proxy.js
+++ b/luci-app-mihomo/htdocs/luci-static/resources/view/mihomo/proxy.js
@@ -140,6 +140,10 @@ return view.extend({
o.rmempty = false;
o.value('0-65535', _('All Port'));
o.value('123 443 8443', _('Commonly Used Port'));
+
+ o = s.taboption('bypass', form.DynamicList, 'bypass_dscp', _('Bypass DSCP'));
+ o.datatype = 'range(0, 63)';
+
return m.render();
}
});
diff --git a/luci-app-mihomo/po/templates/mihomo.pot b/luci-app-mihomo/po/templates/mihomo.pot
index 43d9ac58..68d3bb72 100644
--- a/luci-app-mihomo/po/templates/mihomo.pot
+++ b/luci-app-mihomo/po/templates/mihomo.pot
@@ -61,6 +61,10 @@ msgstr ""
msgid "Bypass China Mainland IP"
msgstr ""
+#: applications/luci-app-mihomo/htdocs/luci-static/resources/view/mihomo/proxy.js:144
+msgid "Bypass DSCP"
+msgstr ""
+
#: applications/luci-app-mihomo/htdocs/luci-static/resources/view/mihomo/proxy.js:124
msgid "Bypass Group"
msgstr ""
diff --git a/luci-app-mihomo/po/zh_Hans/mihomo.po b/luci-app-mihomo/po/zh_Hans/mihomo.po
index b3afaadd..a9b62478 100644
--- a/luci-app-mihomo/po/zh_Hans/mihomo.po
+++ b/luci-app-mihomo/po/zh_Hans/mihomo.po
@@ -68,6 +68,10 @@ msgstr "绕过"
msgid "Bypass China Mainland IP"
msgstr "绕过中国大陆 IP"
+#: applications/luci-app-mihomo/htdocs/luci-static/resources/view/mihomo/proxy.js:144
+msgid "Bypass DSCP"
+msgstr "绕过 DSCP"
+
#: applications/luci-app-mihomo/htdocs/luci-static/resources/view/mihomo/proxy.js:124
msgid "Bypass Group"
msgstr "绕过用户组"
diff --git a/luci-app-passwall/Makefile b/luci-app-passwall/Makefile
index 7b625eae..6653f5f7 100644
--- a/luci-app-passwall/Makefile
+++ b/luci-app-passwall/Makefile
@@ -1,5 +1,5 @@
# Copyright (C) 2018-2020 L-WRT Team
-# Copyright (C) 2021-2023 xiaorouji
+# Copyright (C) 2021-2025 xiaorouji
#
# This is free software, licensed under the GNU General Public License v3.
diff --git a/luci-app-passwall/luasrc/controller/passwall.lua b/luci-app-passwall/luasrc/controller/passwall.lua
index 2ed0db40..c01e5ef2 100644
--- a/luci-app-passwall/luasrc/controller/passwall.lua
+++ b/luci-app-passwall/luasrc/controller/passwall.lua
@@ -1,10 +1,10 @@
-- Copyright (C) 2018-2020 L-WRT Team
--- Copyright (C) 2021-2023 xiaorouji
+-- Copyright (C) 2021-2025 xiaorouji
module("luci.controller.passwall", package.seeall)
local api = require "luci.passwall.api"
-local appname = "passwall" -- not available
-local uci = api.libuci -- in funtion index()
+local appname = "passwall" -- not available
+local uci = api.uci -- in funtion index()
local fs = api.fs
local http = require "luci.http"
local util = require "luci.util"
@@ -17,8 +17,8 @@ function index()
else return end
end
local api = require "luci.passwall.api"
- local appname = "passwall" -- global definitions not available
- local uci = api.libuci -- in function index()
+ local appname = "passwall" -- global definitions not available
+ local uci = api.uci -- in function index()
local fs = api.fs
entry({"admin", "services", appname}).dependent = true
entry({"admin", "services", appname, "reset_config"}, call("reset_config")).leaf = true
@@ -110,7 +110,7 @@ end
function show_menu()
uci:delete(appname, "@global[0]", "hide_from_luci")
- uci:commit(appname)
+ api.uci_save(uci, appname, true)
luci.sys.call("rm -rf /tmp/luci-*")
luci.sys.call("/etc/init.d/rpcd restart >/dev/null")
luci.http.redirect(api.url())
@@ -118,7 +118,7 @@ end
function hide_menu()
uci:set(appname, "@global[0]", "hide_from_luci","1")
- uci:commit(appname)
+ api.uci_save(uci, appname, true)
luci.sys.call("rm -rf /tmp/luci-*")
luci.sys.call("/etc/init.d/rpcd restart >/dev/null")
luci.http.redirect(luci.dispatcher.build_url("admin", "status", "overview"))
@@ -135,6 +135,7 @@ function socks_autoswitch_add_node()
local id = luci.http.formvalue("id")
local key = luci.http.formvalue("key")
if id and id ~= "" and key and key ~= "" then
+ uci:set(appname, id, "enable_autoswitch", "1")
local new_list = uci:get(appname, id, "autoswitch_backup_node") or {}
for i = #new_list, 1, -1 do
if (uci:get(appname, new_list[i], "remarks") or ""):find(key) then
@@ -146,8 +147,8 @@ function socks_autoswitch_add_node()
table.insert(new_list, e.id)
end
end
- api.uci_set_list(uci, appname, id, "autoswitch_backup_node", new_list)
- uci:commit(appname)
+ uci:set_list(appname, id, "autoswitch_backup_node", new_list)
+ api.uci_save(uci, appname)
end
luci.http.redirect(api.url("socks_config", id))
end
@@ -156,14 +157,15 @@ function socks_autoswitch_remove_node()
local id = luci.http.formvalue("id")
local key = luci.http.formvalue("key")
if id and id ~= "" and key and key ~= "" then
+ uci:set(appname, id, "enable_autoswitch", "1")
local new_list = uci:get(appname, id, "autoswitch_backup_node") or {}
for i = #new_list, 1, -1 do
if (uci:get(appname, new_list[i], "remarks") or ""):find(key) then
table.remove(new_list, i)
end
end
- api.uci_set_list(uci, appname, id, "autoswitch_backup_node", new_list)
- uci:commit(appname)
+ uci:set_list(appname, id, "autoswitch_backup_node", new_list)
+ api.uci_save(uci, appname)
end
luci.http.redirect(api.url("socks_config", id))
end
@@ -353,7 +355,7 @@ function set_node()
local protocol = luci.http.formvalue("protocol")
local section = luci.http.formvalue("section")
uci:set(appname, "@global[0]", protocol .. "_node", section)
- uci:commit(appname)
+ api.uci_save(uci, appname, true)
luci.sys.call("/etc/init.d/passwall restart > /dev/null 2>&1 &")
luci.http.redirect(api.url("log"))
end
@@ -361,7 +363,7 @@ end
function copy_node()
local section = luci.http.formvalue("section")
local uuid = api.gen_short_uuid()
- api.uci_section(uci, appname, "nodes", uuid)
+ uci:section(appname, "nodes", uuid)
for k, v in pairs(uci:get_all(appname, section)) do
local filter = k:find("%.")
if filter and filter == 1 then
@@ -375,7 +377,7 @@ function copy_node()
end
uci:delete(appname, uuid, "add_from")
uci:set(appname, uuid, "add_mode", 1)
- uci:commit(appname)
+ api.uci_save(uci, appname)
luci.http.redirect(api.url("node_config", uuid))
end
@@ -385,7 +387,7 @@ function clear_all_nodes()
uci:delete(appname, '@global[0]', "udp_node")
uci:foreach(appname, "socks", function(t)
uci:delete(appname, t[".name"])
- api.uci_set_list(uci, appname, t[".name"], "autoswitch_backup_node", {})
+ uci:set_list(appname, t[".name"], "autoswitch_backup_node", {})
end)
uci:foreach(appname, "haproxy_config", function(t)
uci:delete(appname, t[".name"])
@@ -398,7 +400,7 @@ function clear_all_nodes()
uci:delete(appname, node['.name'])
end)
- uci:commit(appname)
+ api.uci_save(uci, appname, true)
luci.sys.call("/etc/init.d/" .. appname .. " stop")
end
@@ -421,7 +423,7 @@ function delete_select_nodes()
table.remove(auto_switch_node_list, i)
end
end
- api.uci_set_list(uci, appname, t[".name"], "autoswitch_backup_node", auto_switch_node_list)
+ uci:set_list(appname, t[".name"], "autoswitch_backup_node", auto_switch_node_list)
end)
uci:foreach(appname, "haproxy_config", function(t)
if t["lbss"] == w then
@@ -448,7 +450,7 @@ function delete_select_nodes()
end)
uci:delete(appname, w)
end)
- uci:commit(appname)
+ api.uci_save(uci, appname, true)
luci.sys.call("/etc/init.d/" .. appname .. " restart > /dev/null 2>&1 &")
end
diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/socks_config.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/socks_config.lua
index bc1ab22d..1e70f23f 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/socks_config.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/socks_config.lua
@@ -123,6 +123,8 @@ for k, v in pairs(nodes_table) do
socks_node:value(v.id, v["remark"])
end
-m:append(Template(appname .. "/socks_auto_switch/footer"))
+o = s:option(DummyValue, "btn", " ")
+o.template = appname .. "/socks_auto_switch/btn"
+o:depends("enable_autoswitch", true)
return m
diff --git a/luci-app-passwall/luasrc/passwall/api.lua b/luci-app-passwall/luasrc/passwall/api.lua
index c866607c..1dbeb84a 100644
--- a/luci-app-passwall/luasrc/passwall/api.lua
+++ b/luci-app-passwall/luasrc/passwall/api.lua
@@ -3,6 +3,7 @@ local com = require "luci.passwall.com"
bin = require "nixio".bin
fs = require "nixio.fs"
sys = require "luci.sys"
+uci = require "luci.model.uci".cursor()
libuci = require "uci".cursor()
util = require "luci.util"
datatypes = require "luci.cbi.datatypes"
@@ -30,6 +31,10 @@ function log(...)
end
end
+function is_js_luci()
+ return sys.call('[ -f "/www/luci-static/resources/uci.js" ]') == 0
+end
+
function uci_set_list(cursor, config, section, option, value)
if config and section and option then
if not value or #value == 0 then
@@ -55,24 +60,48 @@ function uci_section(cursor, config, type, name, values)
return stat and name
end
+function uci_save(cursor, config, commit, apply)
+ if is_js_luci() then
+ commit = true
+ if commit then
+ if apply then
+ cursor:commit(config)
+ else
+ sh_uci_commit(config)
+ end
+ end
+ else
+ cursor:save(config)
+ if commit then
+ cursor:commit(config)
+ if apply then
+ sys.call("/etc/init.d/" .. config .. " reload > /dev/null 2>&1 &")
+ end
+ end
+ end
+end
+
function sh_uci_get(config, section, option)
exec_call(string.format("uci -q get %s.%s.%s", config, section, option))
- exec_call(string.format("uci -q commit %s", config))
end
-function sh_uci_set(config, section, option, val)
+function sh_uci_set(config, section, option, val, commit)
exec_call(string.format("uci -q set %s.%s.%s=\"%s\"", config, section, option, val))
- exec_call(string.format("uci -q commit %s", config))
+ if commit then sh_uci_commit(config) end
end
-function sh_uci_del(config, section, option)
+function sh_uci_del(config, section, option, commit)
exec_call(string.format("uci -q delete %s.%s.%s", config, section, option))
- exec_call(string.format("uci -q commit %s", config))
+ if commit then sh_uci_commit(config) end
end
-function sh_uci_add_list(config, section, option, val)
+function sh_uci_add_list(config, section, option, val, commit)
exec_call(string.format("uci -q del_list %s.%s.%s=\"%s\"", config, section, option, val))
exec_call(string.format("uci -q add_list %s.%s.%s=\"%s\"", config, section, option, val))
+ if commit then sh_uci_commit(config) end
+end
+
+function sh_uci_commit(config)
exec_call(string.format("uci -q commit %s", config))
end
@@ -175,7 +204,7 @@ end
function curl_direct(url, file, args)
--直连访问
- local chn_list = libuci:get(appname, "@global[0]", "chn_list") or "direct"
+ local chn_list = uci:get(appname, "@global[0]", "chn_list") or "direct"
local Dns = (chn_list == "proxy") and "1.1.1.1" or "223.5.5.5"
if not args then args = {} end
local tmp_args = clone(args)
@@ -419,30 +448,10 @@ function get_domain_from_url(url)
return url
end
-function get_node_name(node_id)
- local e
- if type(node_id) == "table" then
- e = node_id
- else
- e = libuci:get_all(appname, node_id)
- end
- if e then
- if e.type and e.remarks then
- if e.protocol and (e.protocol == "_balancing" or e.protocol == "_shunt" or e.protocol == "_iface") then
- local type = e.type
- if type == "sing-box" then type = "Sing-Box" end
- local remark = "%s:[%s] " % {type .. " " .. i18n.translatef(e.protocol), e.remarks}
- return remark
- end
- end
- end
- return ""
-end
-
function get_valid_nodes()
local show_node_info = uci_get_type("@global_other[0]", "show_node_info", "0")
local nodes = {}
- libuci:foreach(appname, "nodes", function(e)
+ uci:foreach(appname, "nodes", function(e)
e.id = e[".name"]
if e.type and e.remarks then
if e.protocol and (e.protocol == "_balancing" or e.protocol == "_shunt" or e.protocol == "_iface") then
@@ -539,7 +548,7 @@ function gen_short_uuid()
end
function uci_get_type(type, config, default)
- local value = libuci:get(appname, type, config) or default
+ local value = uci:get(appname, type, config) or default
if (value == nil or value == "") and (default and default ~= "") then
value = default
end
diff --git a/luci-app-passwall/luasrc/passwall/server_app.lua b/luci-app-passwall/luasrc/passwall/server_app.lua
index ef267c64..50357056 100644
--- a/luci-app-passwall/luasrc/passwall/server_app.lua
+++ b/luci-app-passwall/luasrc/passwall/server_app.lua
@@ -3,7 +3,7 @@
local action = arg[1]
local api = require "luci.passwall.api"
local sys = api.sys
-local uci = api.libuci
+local uci = api.uci
local jsonc = api.jsonc
local CONFIG = "passwall_server"
diff --git a/luci-app-passwall/luasrc/passwall/util_hysteria2.lua b/luci-app-passwall/luasrc/passwall/util_hysteria2.lua
index 12afe687..b818aadb 100644
--- a/luci-app-passwall/luasrc/passwall/util_hysteria2.lua
+++ b/luci-app-passwall/luasrc/passwall/util_hysteria2.lua
@@ -1,6 +1,6 @@
module("luci.passwall.util_hysteria2", package.seeall)
local api = require "luci.passwall.api"
-local uci = api.libuci
+local uci = api.uci
local jsonc = api.jsonc
function gen_config_server(node)
diff --git a/luci-app-passwall/luasrc/passwall/util_naiveproxy.lua b/luci-app-passwall/luasrc/passwall/util_naiveproxy.lua
index b6ef39b3..ee095c1e 100644
--- a/luci-app-passwall/luasrc/passwall/util_naiveproxy.lua
+++ b/luci-app-passwall/luasrc/passwall/util_naiveproxy.lua
@@ -1,6 +1,6 @@
module("luci.passwall.util_naiveproxy", package.seeall)
local api = require "luci.passwall.api"
-local uci = api.libuci
+local uci = api.uci
local jsonc = api.jsonc
function gen_config(var)
diff --git a/luci-app-passwall/luasrc/passwall/util_shadowsocks.lua b/luci-app-passwall/luasrc/passwall/util_shadowsocks.lua
index 5e724e77..e6080001 100644
--- a/luci-app-passwall/luasrc/passwall/util_shadowsocks.lua
+++ b/luci-app-passwall/luasrc/passwall/util_shadowsocks.lua
@@ -1,6 +1,6 @@
module("luci.passwall.util_shadowsocks", package.seeall)
local api = require "luci.passwall.api"
-local uci = api.libuci
+local uci = api.uci
local jsonc = api.jsonc
function gen_config_server(node)
diff --git a/luci-app-passwall/luasrc/passwall/util_sing-box.lua b/luci-app-passwall/luasrc/passwall/util_sing-box.lua
index e6cdbc7d..bfa24b46 100644
--- a/luci-app-passwall/luasrc/passwall/util_sing-box.lua
+++ b/luci-app-passwall/luasrc/passwall/util_sing-box.lua
@@ -1,6 +1,6 @@
module("luci.passwall.util_sing-box", package.seeall)
local api = require "luci.passwall.api"
-local uci = api.libuci
+local uci = api.uci
local sys = api.sys
local jsonc = api.jsonc
local appname = "passwall"
diff --git a/luci-app-passwall/luasrc/passwall/util_trojan.lua b/luci-app-passwall/luasrc/passwall/util_trojan.lua
index 31bd67a4..848b689a 100644
--- a/luci-app-passwall/luasrc/passwall/util_trojan.lua
+++ b/luci-app-passwall/luasrc/passwall/util_trojan.lua
@@ -1,6 +1,6 @@
module("luci.passwall.util_trojan", package.seeall)
local api = require "luci.passwall.api"
-local uci = api.libuci
+local uci = api.uci
local json = api.jsonc
function gen_config_server(node)
diff --git a/luci-app-passwall/luasrc/passwall/util_tuic.lua b/luci-app-passwall/luasrc/passwall/util_tuic.lua
index be00dcb8..e138b6da 100644
--- a/luci-app-passwall/luasrc/passwall/util_tuic.lua
+++ b/luci-app-passwall/luasrc/passwall/util_tuic.lua
@@ -1,6 +1,6 @@
module("luci.passwall.util_tuic", package.seeall)
local api = require "luci.passwall.api"
-local uci = api.libuci
+local uci = api.uci
local json = api.jsonc
function gen_config(var)
diff --git a/luci-app-passwall/luasrc/passwall/util_xray.lua b/luci-app-passwall/luasrc/passwall/util_xray.lua
index c3ac56c2..828b7681 100644
--- a/luci-app-passwall/luasrc/passwall/util_xray.lua
+++ b/luci-app-passwall/luasrc/passwall/util_xray.lua
@@ -1,6 +1,6 @@
module("luci.passwall.util_xray", package.seeall)
local api = require "luci.passwall.api"
-local uci = api.libuci
+local uci = api.uci
local sys = api.sys
local jsonc = api.jsonc
local appname = "passwall"
diff --git a/luci-app-passwall/luasrc/view/passwall/socks_auto_switch/footer.htm b/luci-app-passwall/luasrc/view/passwall/socks_auto_switch/btn.htm
similarity index 63%
rename from luci-app-passwall/luasrc/view/passwall/socks_auto_switch/footer.htm
rename to luci-app-passwall/luasrc/view/passwall/socks_auto_switch/btn.htm
index 067b9787..287c1d2f 100644
--- a/luci-app-passwall/luasrc/view/passwall/socks_auto_switch/footer.htm
+++ b/luci-app-passwall/luasrc/view/passwall/socks_auto_switch/btn.htm
@@ -19,5 +19,7 @@ local api = require "luci.passwall.api"
}
//]]>
-
-
\ No newline at end of file
+
" data-index="<%=self.index%>" data-depends="<%=pcdata(self:deplist2json(section))%>">
+
+
+
\ No newline at end of file
diff --git a/luci-app-passwall/root/usr/share/passwall/app.sh b/luci-app-passwall/root/usr/share/passwall/app.sh
index eafa6259..57b989bd 100755
--- a/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/luci-app-passwall/root/usr/share/passwall/app.sh
@@ -1,6 +1,6 @@
#!/bin/sh
# Copyright (C) 2018-2020 L-WRT Team
-# Copyright (C) 2021-2023 xiaorouji
+# Copyright (C) 2021-2025 xiaorouji
. $IPKG_INSTROOT/lib/functions.sh
. $IPKG_INSTROOT/lib/functions/service.sh
@@ -417,8 +417,8 @@ run_ipt2socks() {
}
run_singbox() {
- local flag type node tcp_redir_port udp_redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password
- local dns_listen_port direct_dns_port direct_dns_udp_server direct_dns_tcp_server direct_dns_dot_server remote_dns_protocol remote_dns_udp_server remote_dns_tcp_server remote_dns_doh remote_dns_client_ip remote_fakedns remote_dns_query_strategy dns_cache dns_socks_address dns_socks_port
+ local flag type node tcp_redir_port tcp_proxy_way udp_redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password
+ local dns_listen_port direct_dns_query_strategy direct_dns_port direct_dns_udp_server direct_dns_tcp_server direct_dns_dot_server remote_dns_protocol remote_dns_udp_server remote_dns_tcp_server remote_dns_doh remote_dns_client_ip remote_fakedns remote_dns_query_strategy dns_cache dns_socks_address dns_socks_port
local loglevel log_file config_file server_host server_port
local _extra_param=""
eval_set_val $@
@@ -448,6 +448,7 @@ run_singbox() {
[ -n "$server_host" ] && _extra_param="${_extra_param} -server_host $server_host"
[ -n "$server_port" ] && _extra_param="${_extra_param} -server_port $server_port"
[ -n "$tcp_redir_port" ] && _extra_param="${_extra_param} -tcp_redir_port $tcp_redir_port"
+ [ -n "$tcp_proxy_way" ] && _extra_param="${_extra_param} -tcp_proxy_way $tcp_proxy_way"
[ -n "$udp_redir_port" ] && _extra_param="${_extra_param} -udp_redir_port $udp_redir_port"
[ -n "$socks_address" ] && _extra_param="${_extra_param} -local_socks_address $socks_address"
[ -n "$socks_port" ] && _extra_param="${_extra_param} -local_socks_port $socks_port"
@@ -474,7 +475,8 @@ run_singbox() {
direct_dns_port=$(echo ${local_dns} | awk -F '#' '{print $2}')
fi
_extra_param="${_extra_param} -direct_dns_port ${direct_dns_port:-53}"
- _extra_param="${_extra_param} -direct_dns_query_strategy ${DIRECT_DNS_QUERY_STRATEGY}"
+ direct_dns_query_strategy=${direct_dns_query_strategy:-UseIP}
+ _extra_param="${_extra_param} -direct_dns_query_strategy ${direct_dns_query_strategy}"
[ -n "$remote_dns_query_strategy" ] && _extra_param="${_extra_param} -remote_dns_query_strategy ${remote_dns_query_strategy}"
case "$remote_dns_protocol" in
@@ -493,14 +495,13 @@ run_singbox() {
esac
[ -n "$remote_dns_client_ip" ] && _extra_param="${_extra_param} -remote_dns_client_ip ${remote_dns_client_ip}"
[ "$remote_fakedns" = "1" ] && _extra_param="${_extra_param} -remote_dns_fake 1"
- _extra_param="${_extra_param} -tcp_proxy_way ${TCP_PROXY_WAY}"
lua $UTIL_SINGBOX gen_config ${_extra_param} > $config_file
ln_run "$(first_type $(config_t_get global_app singbox_file) sing-box)" "sing-box" $log_file run -c "$config_file"
}
run_xray() {
- local flag type node tcp_redir_port udp_redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password
- local dns_listen_port remote_dns_udp_server remote_dns_tcp_server remote_dns_doh remote_dns_client_ip remote_fakedns remote_dns_query_strategy dns_cache dns_socks_address dns_socks_port
+ local flag type node tcp_redir_port tcp_proxy_way udp_redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password
+ local dns_listen_port direct_dns_query_strategy remote_dns_udp_server remote_dns_tcp_server remote_dns_doh remote_dns_client_ip remote_fakedns remote_dns_query_strategy dns_cache dns_socks_address dns_socks_port
local loglevel log_file config_file server_host server_port
local _extra_param=""
eval_set_val $@
@@ -519,6 +520,7 @@ run_xray() {
[ -n "$server_host" ] && _extra_param="${_extra_param} -server_host $server_host"
[ -n "$server_port" ] && _extra_param="${_extra_param} -server_port $server_port"
[ -n "$tcp_redir_port" ] && _extra_param="${_extra_param} -tcp_redir_port $tcp_redir_port"
+ [ -n "$tcp_proxy_way" ] && _extra_param="${_extra_param} -tcp_proxy_way $tcp_proxy_way"
[ -n "$udp_redir_port" ] && _extra_param="${_extra_param} -udp_redir_port $udp_redir_port"
[ -n "$socks_address" ] && _extra_param="${_extra_param} -local_socks_address $socks_address"
[ -n "$socks_port" ] && _extra_param="${_extra_param} -local_socks_port $socks_port"
@@ -528,7 +530,8 @@ run_xray() {
[ -n "$http_username" ] && [ -n "$http_password" ] && _extra_param="${_extra_param} -local_http_username $http_username -local_http_password $http_password"
[ -n "$dns_socks_address" ] && [ -n "$dns_socks_port" ] && _extra_param="${_extra_param} -dns_socks_address ${dns_socks_address} -dns_socks_port ${dns_socks_port}"
[ -n "$dns_listen_port" ] && _extra_param="${_extra_param} -dns_listen_port ${dns_listen_port}"
- _extra_param="${_extra_param} -direct_dns_query_strategy ${DIRECT_DNS_QUERY_STRATEGY}"
+ direct_dns_query_strategy=${direct_dns_query_strategy:-UseIP}
+ _extra_param="${_extra_param} -direct_dns_query_strategy ${direct_dns_query_strategy}"
[ -n "$remote_dns_query_strategy" ] && _extra_param="${_extra_param} -remote_dns_query_strategy ${remote_dns_query_strategy}"
[ -n "$remote_dns_client_ip" ] && _extra_param="${_extra_param} -remote_dns_client_ip ${remote_dns_client_ip}"
[ "$remote_fakedns" = "1" ] && _extra_param="${_extra_param} -remote_dns_fake 1"
@@ -545,7 +548,6 @@ run_xray() {
[ -n "$_doh_bootstrap" ] && _extra_param="${_extra_param} -remote_dns_doh_ip ${_doh_bootstrap}"
_extra_param="${_extra_param} -remote_dns_doh_port ${_doh_port} -remote_dns_doh_url ${_doh_url} -remote_dns_doh_host ${_doh_host}"
}
- _extra_param="${_extra_param} -tcp_proxy_way ${TCP_PROXY_WAY}"
_extra_param="${_extra_param} -loglevel $loglevel"
lua $UTIL_XRAY gen_config ${_extra_param} > $config_file
ln_run "$(first_type $(config_t_get global_app ${type}_file) ${type})" ${type} $log_file run -c "$config_file"
@@ -924,7 +926,7 @@ run_redir() {
}
NEXT_DNS_LISTEN_PORT=$(expr $NEXT_DNS_LISTEN_PORT + 1)
}
- run_singbox flag=$_flag node=$node tcp_redir_port=$local_port config_file=$config_file log_file=$log_file ${_args}
+ run_singbox flag=$_flag node=$node tcp_redir_port=$local_port tcp_proxy_way=$TCP_PROXY_WAY config_file=$config_file log_file=$log_file ${_args}
;;
xray)
local _flag="TCP"
@@ -982,7 +984,7 @@ run_redir() {
}
NEXT_DNS_LISTEN_PORT=$(expr $NEXT_DNS_LISTEN_PORT + 1)
}
- run_xray flag=$_flag node=$node tcp_redir_port=$local_port config_file=$config_file log_file=$log_file ${_args}
+ run_xray flag=$_flag node=$node tcp_redir_port=$local_port tcp_proxy_way=$TCP_PROXY_WAY config_file=$config_file log_file=$log_file ${_args}
;;
trojan*)
[ "${TCP_PROXY_WAY}" = "tproxy" ] && lua_tproxy_arg="-use_tproxy true"
@@ -1424,6 +1426,7 @@ start_dns() {
local log_file=/dev/null
local _args="type=$DNS_MODE config_file=$config_file log_file=$log_file"
[ "${DNS_CACHE}" == "0" ] && _args="${_args} dns_cache=0"
+ _args="${_args} direct_dns_query_strategy=${DIRECT_DNS_QUERY_STRATEGY}"
_args="${_args} remote_dns_query_strategy=${REMOTE_DNS_QUERY_STRATEGY}"
DNSMASQ_FILTER_PROXY_IPV6=0
local _remote_dns_client_ip=$(config_t_get global remote_dns_client_ip)
@@ -1459,6 +1462,7 @@ start_dns() {
local log_file=/dev/null
local _args="type=$DNS_MODE config_file=$config_file log_file=$log_file"
[ "${DNS_CACHE}" == "0" ] && _args="${_args} dns_cache=0"
+ _args="${_args} direct_dns_query_strategy=${DIRECT_DNS_QUERY_STRATEGY}"
_args="${_args} remote_dns_query_strategy=${REMOTE_DNS_QUERY_STRATEGY}"
DNSMASQ_FILTER_PROXY_IPV6=0
local _remote_dns_client_ip=$(config_t_get global remote_dns_client_ip)
diff --git a/luci-app-passwall/root/usr/share/passwall/haproxy.lua b/luci-app-passwall/root/usr/share/passwall/haproxy.lua
index 7efaaeb7..67366ae1 100644
--- a/luci-app-passwall/root/usr/share/passwall/haproxy.lua
+++ b/luci-app-passwall/root/usr/share/passwall/haproxy.lua
@@ -4,7 +4,7 @@ local api = require ("luci.passwall.api")
local appname = "passwall"
local fs = api.fs
local jsonc = api.jsonc
-local uci = api.libuci
+local uci = api.uci
local sys = api.sys
local log = function(...)
diff --git a/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua
index 981578ad..06161537 100644
--- a/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua
+++ b/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua
@@ -21,7 +21,7 @@ local NFTFLAG = var["-NFTFLAG"]
local REMOTE_FAKEDNS = var["-REMOTE_FAKEDNS"]
local LOG_FILE = var["-LOG_FILE"]
-local uci = api.libuci
+local uci = api.uci
local sys = api.sys
local fs = api.fs
local datatypes = api.datatypes
diff --git a/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq.lua b/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq.lua
index b168d73e..165ed51f 100644
--- a/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq.lua
+++ b/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq.lua
@@ -1,6 +1,6 @@
local api = require "luci.passwall.api"
local appname = "passwall"
-local uci = api.libuci
+local uci = api.uci
local sys = api.sys
local fs = api.fs
local datatypes = api.datatypes
@@ -25,7 +25,7 @@ local function backup_servers()
local DNSMASQ_DNS = uci:get("dhcp", "@dnsmasq[0]", "server")
if DNSMASQ_DNS and #DNSMASQ_DNS > 0 then
uci:set(appname, "@global[0]", "dnsmasq_servers", DNSMASQ_DNS)
- uci:commit(appname)
+ api.uci_save(uci, appname, true)
end
end
@@ -43,11 +43,11 @@ local function restore_servers()
tinsert(dns_table, v)
end
uci:delete(appname, "@global[0]", "dnsmasq_servers")
- uci:commit(appname)
+ api.uci_save(uci, appname, true)
end
if dns_table and #dns_table > 0 then
- api.uci_set_list(uci, "dhcp", "@dnsmasq[0]", "server", dns_table)
- uci:commit("dhcp")
+ uci:set_list("dhcp", "@dnsmasq[0]", "server", dns_table)
+ api.uci_save(uci, "dhcp", true)
end
end
@@ -76,7 +76,7 @@ function stretch()
end
end
uci:set("dhcp", "@dnsmasq[0]", "resolvfile", RESOLVFILE)
- uci:commit("dhcp")
+ api.uci_save(uci, "dhcp", true)
end
end
@@ -102,8 +102,8 @@ function logic_restart(var)
tinsert(dns_table, v)
end
end
- api.uci_set_list(uci, "dhcp", "@dnsmasq[0]", "server", dns_table)
- uci:commit("dhcp")
+ uci:set_list("dhcp", "@dnsmasq[0]", "server", dns_table)
+ api.uci_save(uci, "dhcp", true)
end
sys.call("/etc/init.d/dnsmasq restart >/dev/null 2>&1")
restore_servers()
diff --git a/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua
index 16e1419d..ed0fa0bf 100644
--- a/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua
+++ b/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua
@@ -28,7 +28,7 @@ local CACHE_FLAG = "smartdns_" .. FLAG
local CACHE_DNS_PATH = CACHE_PATH .. "/" .. CACHE_FLAG
local CACHE_DNS_FILE = CACHE_DNS_PATH .. ".conf"
-local uci = api.libuci
+local uci = api.uci
local sys = api.sys
local fs = api.fs
local datatypes = api.datatypes
diff --git a/luci-app-passwall/root/usr/share/passwall/rule_update.lua b/luci-app-passwall/root/usr/share/passwall/rule_update.lua
index e399a70e..f0ffc645 100755
--- a/luci-app-passwall/root/usr/share/passwall/rule_update.lua
+++ b/luci-app-passwall/root/usr/share/passwall/rule_update.lua
@@ -2,7 +2,7 @@
local api = require ("luci.passwall.api")
local name = api.appname
-local uci = api.libuci
+local uci = api.uci
local sys = api.sys
local jsonc = api.jsonc
local fs = api.fs
@@ -469,7 +469,7 @@ uci:set(name, "@global_rules[0]", "chnroute6_update", chnroute6_update)
uci:set(name, "@global_rules[0]", "chnlist_update", chnlist_update)
uci:set(name, "@global_rules[0]", "geoip_update", geoip_update)
uci:set(name, "@global_rules[0]", "geosite_update", geosite_update)
-uci:commit(name)
+api.uci_save(uci, name, true)
if reboot == 1 then
if arg3 == "cron" then
diff --git a/luci-app-passwall/root/usr/share/passwall/subscribe.lua b/luci-app-passwall/root/usr/share/passwall/subscribe.lua
index 8f66cef7..696c18e7 100755
--- a/luci-app-passwall/root/usr/share/passwall/subscribe.lua
+++ b/luci-app-passwall/root/usr/share/passwall/subscribe.lua
@@ -1312,7 +1312,7 @@ local function truncate_nodes(add_from)
end
end
end)
- uci:commit(appname)
+ api.uci_save(uci, appname, true)
end
local function select_node(nodes, config)
@@ -1464,7 +1464,7 @@ local function update_node(manual)
end
end
end
- uci:commit(appname)
+ api.uci_save(uci, appname, true)
if next(CONFIG) then
local nodes = {}
@@ -1499,7 +1499,7 @@ local function update_node(manual)
end
]]--
- uci:commit(appname)
+ api.uci_save(uci, appname, true)
end
if arg[3] == "cron" then
diff --git a/luci-app-passwall2/Makefile b/luci-app-passwall2/Makefile
index a6d87a8d..2ef577c3 100644
--- a/luci-app-passwall2/Makefile
+++ b/luci-app-passwall2/Makefile
@@ -1,4 +1,4 @@
-# Copyright (C) 2022-2023 xiaorouji
+# Copyright (C) 2022-2025 xiaorouji
#
# This is free software, licensed under the GNU General Public License v3.
diff --git a/luci-app-passwall2/luasrc/controller/passwall2.lua b/luci-app-passwall2/luasrc/controller/passwall2.lua
index 56b59097..7cd9e825 100644
--- a/luci-app-passwall2/luasrc/controller/passwall2.lua
+++ b/luci-app-passwall2/luasrc/controller/passwall2.lua
@@ -1,9 +1,9 @@
--- Copyright (C) 2022-2023 xiaorouji
+-- Copyright (C) 2022-2025 xiaorouji
module("luci.controller.passwall2", package.seeall)
local api = require "luci.passwall2.api"
-local appname = api.appname -- not available
-local uci = api.libuci -- in funtion index()
+local appname = api.appname -- not available
+local uci = api.uci -- in funtion index()
local http = require "luci.http"
local util = require "luci.util"
local i18n = require "luci.i18n"
@@ -15,8 +15,8 @@ function index()
else return end
end
local api = require "luci.passwall2.api"
- local appname = "passwall2" -- global definitions not available
- local uci = api.libuci -- in function index()
+ local appname = api.appname -- global definitions not available
+ local uci = api.uci -- in function index()
entry({"admin", "services", appname}).dependent = true
entry({"admin", "services", appname, "reset_config"}, call("reset_config")).leaf = true
entry({"admin", "services", appname, "show"}, call("show_menu")).leaf = true
@@ -99,7 +99,7 @@ end
function show_menu()
uci:delete(appname, "@global[0]", "hide_from_luci")
- uci:commit(appname)
+ api.uci_save(uci, appname, true)
luci.sys.call("rm -rf /tmp/luci-*")
luci.sys.call("/etc/init.d/rpcd restart >/dev/null")
luci.http.redirect(api.url())
@@ -107,7 +107,7 @@ end
function hide_menu()
uci:set(appname, "@global[0]", "hide_from_luci","1")
- uci:commit(appname)
+ api.uci_save(uci, appname, true)
luci.sys.call("rm -rf /tmp/luci-*")
luci.sys.call("/etc/init.d/rpcd restart >/dev/null")
luci.http.redirect(luci.dispatcher.build_url("admin", "status", "overview"))
@@ -124,6 +124,7 @@ function socks_autoswitch_add_node()
local id = luci.http.formvalue("id")
local key = luci.http.formvalue("key")
if id and id ~= "" and key and key ~= "" then
+ uci:set(appname, id, "enable_autoswitch", "1")
local new_list = uci:get(appname, id, "autoswitch_backup_node") or {}
for i = #new_list, 1, -1 do
if (uci:get(appname, new_list[i], "remarks") or ""):find(key) then
@@ -135,8 +136,8 @@ function socks_autoswitch_add_node()
table.insert(new_list, e.id)
end
end
- api.uci_set_list(uci, appname, id, "autoswitch_backup_node", new_list)
- uci:commit(appname)
+ uci:set_list(appname, id, "autoswitch_backup_node", new_list)
+ api.uci_save(uci, appname)
end
luci.http.redirect(api.url("socks_config", id))
end
@@ -145,14 +146,15 @@ function socks_autoswitch_remove_node()
local id = luci.http.formvalue("id")
local key = luci.http.formvalue("key")
if id and id ~= "" and key and key ~= "" then
+ uci:set(appname, id, "enable_autoswitch", "1")
local new_list = uci:get(appname, id, "autoswitch_backup_node") or {}
for i = #new_list, 1, -1 do
if (uci:get(appname, new_list[i], "remarks") or ""):find(key) then
table.remove(new_list, i)
end
end
- api.uci_set_list(uci, appname, id, "autoswitch_backup_node", new_list)
- uci:commit(appname)
+ uci:set_list(appname, id, "autoswitch_backup_node", new_list)
+ api.uci_save(uci, appname)
end
luci.http.redirect(api.url("socks_config", id))
end
@@ -292,7 +294,7 @@ function set_node()
local config = luci.http.formvalue("config")
local section = luci.http.formvalue("section")
uci:set(appname, type, config, section)
- uci:commit(appname)
+ api.uci_save(uci, appname, true)
luci.sys.call("/etc/init.d/passwall2 restart > /dev/null 2>&1 &")
luci.http.redirect(api.url("log"))
end
@@ -300,7 +302,7 @@ end
function copy_node()
local section = luci.http.formvalue("section")
local uuid = api.gen_short_uuid()
- api.uci_section(uci, appname, "nodes", uuid)
+ uci:section(appname, "nodes", uuid)
for k, v in pairs(uci:get_all(appname, section)) do
local filter = k:find("%.")
if filter and filter == 1 then
@@ -314,7 +316,7 @@ function copy_node()
end
uci:delete(appname, uuid, "add_from")
uci:set(appname, uuid, "add_mode", 1)
- uci:commit(appname)
+ api.uci_save(uci, appname)
luci.http.redirect(api.url("node_config", uuid))
end
@@ -323,7 +325,7 @@ function clear_all_nodes()
uci:delete(appname, '@global[0]', "node")
uci:foreach(appname, "socks", function(t)
uci:delete(appname, t[".name"])
- api.uci_set_list(uci, appname, t[".name"], "autoswitch_backup_node", {})
+ uci:set_list(appname, t[".name"], "autoswitch_backup_node", {})
end)
uci:foreach(appname, "haproxy_config", function(t)
uci:delete(appname, t[".name"])
@@ -334,8 +336,7 @@ function clear_all_nodes()
uci:foreach(appname, "nodes", function(node)
uci:delete(appname, node['.name'])
end)
-
- uci:commit(appname)
+ api.uci_save(uci, appname, true)
luci.sys.call("/etc/init.d/" .. appname .. " stop")
end
@@ -355,7 +356,7 @@ function delete_select_nodes()
table.remove(auto_switch_node_list, i)
end
end
- api.uci_set_list(uci, appname, t[".name"], "autoswitch_backup_node", auto_switch_node_list)
+ uci:set_list(appname, t[".name"], "autoswitch_backup_node", auto_switch_node_list)
end)
uci:foreach(appname, "haproxy_config", function(t)
if t["lbss"] == w then
@@ -379,7 +380,7 @@ function delete_select_nodes()
end)
uci:delete(appname, w)
end)
- uci:commit(appname)
+ api.uci_save(uci, appname, true)
luci.sys.call("/etc/init.d/" .. appname .. " restart > /dev/null 2>&1 &")
end
diff --git a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/socks_config.lua b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/socks_config.lua
index e5bc0ca9..fa87ec04 100644
--- a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/socks_config.lua
+++ b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/socks_config.lua
@@ -118,6 +118,8 @@ for k, v in pairs(nodes_table) do
socks_node:value(v.id, v["remark"])
end
-m:append(Template(appname .. "/socks_auto_switch/footer"))
+o = s:option(DummyValue, "btn", " ")
+o.template = appname .. "/socks_auto_switch/btn"
+o:depends("enable_autoswitch", true)
return m
diff --git a/luci-app-passwall2/luasrc/passwall2/api.lua b/luci-app-passwall2/luasrc/passwall2/api.lua
index 855194b4..25a96da5 100644
--- a/luci-app-passwall2/luasrc/passwall2/api.lua
+++ b/luci-app-passwall2/luasrc/passwall2/api.lua
@@ -55,24 +55,48 @@ function uci_section(cursor, config, type, name, values)
return stat and name
end
+function uci_save(cursor, config, commit, apply)
+ if is_js_luci() then
+ commit = true
+ if commit then
+ if apply then
+ cursor:commit(config)
+ else
+ sh_uci_commit(config)
+ end
+ end
+ else
+ cursor:save(config)
+ if commit then
+ cursor:commit(config)
+ if apply then
+ sys.call("/etc/init.d/" .. config .. " reload > /dev/null 2>&1 &")
+ end
+ end
+ end
+end
+
function sh_uci_get(config, section, option)
exec_call(string.format("uci -q get %s.%s.%s", config, section, option))
- exec_call(string.format("uci -q commit %s", config))
end
-function sh_uci_set(config, section, option, val)
+function sh_uci_set(config, section, option, val, commit)
exec_call(string.format("uci -q set %s.%s.%s=\"%s\"", config, section, option, val))
- exec_call(string.format("uci -q commit %s", config))
+ if commit then sh_uci_commit(config) end
end
-function sh_uci_del(config, section, option)
+function sh_uci_del(config, section, option, commit)
exec_call(string.format("uci -q delete %s.%s.%s", config, section, option))
- exec_call(string.format("uci -q commit %s", config))
+ if commit then sh_uci_commit(config) end
end
-function sh_uci_add_list(config, section, option, val)
+function sh_uci_add_list(config, section, option, val, commit)
exec_call(string.format("uci -q del_list %s.%s.%s=\"%s\"", config, section, option, val))
exec_call(string.format("uci -q add_list %s.%s.%s=\"%s\"", config, section, option, val))
+ if commit then sh_uci_commit(config) end
+end
+
+function sh_uci_commit(config)
exec_call(string.format("uci -q commit %s", config))
end
diff --git a/luci-app-passwall2/luasrc/view/passwall2/socks_auto_switch/footer.htm b/luci-app-passwall2/luasrc/view/passwall2/socks_auto_switch/btn.htm
similarity index 63%
rename from luci-app-passwall2/luasrc/view/passwall2/socks_auto_switch/footer.htm
rename to luci-app-passwall2/luasrc/view/passwall2/socks_auto_switch/btn.htm
index b4f629d4..f5bc740c 100644
--- a/luci-app-passwall2/luasrc/view/passwall2/socks_auto_switch/footer.htm
+++ b/luci-app-passwall2/luasrc/view/passwall2/socks_auto_switch/btn.htm
@@ -19,5 +19,7 @@ local api = require "luci.passwall2.api"
}
//]]>
-
-
\ No newline at end of file
+" data-index="<%=self.index%>" data-depends="<%=pcdata(self:deplist2json(section))%>">
+
+
+
\ No newline at end of file
diff --git a/luci-app-passwall2/root/usr/share/passwall2/app.sh b/luci-app-passwall2/root/usr/share/passwall2/app.sh
index 905007dd..e31fc1db 100755
--- a/luci-app-passwall2/root/usr/share/passwall2/app.sh
+++ b/luci-app-passwall2/root/usr/share/passwall2/app.sh
@@ -1,5 +1,5 @@
#!/bin/sh
-# Copyright (C) 2022-2023 xiaorouji
+# Copyright (C) 2022-2025 xiaorouji
. $IPKG_INSTROOT/lib/functions.sh
. $IPKG_INSTROOT/lib/functions/service.sh
@@ -16,13 +16,6 @@ GLOBAL_ACL_PATH=${TMP_ACL_PATH}/default
LOG_FILE=/tmp/log/$CONFIG.log
APP_PATH=/usr/share/$CONFIG
RULES_PATH=/usr/share/${CONFIG}/rules
-TUN_DNS_PORT=15353
-TUN_DNS="127.0.0.1#${TUN_DNS_PORT}"
-DEFAULT_DNS=
-ENABLED_DEFAULT_ACL=0
-ENABLED_ACLS=0
-PROXY_IPV6=0
-PROXY_IPV6_UDP=0
LUA_UTIL_PATH=/usr/lib/lua/luci/passwall2
UTIL_SINGBOX=$LUA_UTIL_PATH/util_sing-box.lua
UTIL_SS=$LUA_UTIL_PATH/util_shadowsocks.lua
@@ -30,8 +23,6 @@ UTIL_XRAY=$LUA_UTIL_PATH/util_xray.lua
UTIL_NAIVE=$LUA_UTIL_PATH/util_naiveproxy.lua
UTIL_HYSTERIA2=$LUA_UTIL_PATH/util_hysteria2.lua
UTIL_TUIC=$LUA_UTIL_PATH/util_tuic.lua
-V2RAY_ARGS=""
-V2RAY_CONFIG=""
echolog() {
local d="$(date "+%Y-%m-%d %H:%M:%S")"
@@ -218,7 +209,11 @@ check_depends() {
get_new_port() {
port=$1
- [ "$port" == "auto" ] && port=2082
+ [ "$port" == "auto" ] && {
+ port=2082
+ local GET_NEW_PORT=$(get_cache_var "get_new_port")
+ [ -n "${GET_NEW_PORT}" ] && port=${GET_NEW_PORT}
+ }
protocol=$(echo $2 | tr 'A-Z' 'a-z')
result=$(check_port_exists $port $protocol)
if [ "$result" != 0 ]; then
@@ -230,6 +225,7 @@ get_new_port() {
fi
get_new_port $temp $protocol
else
+ set_cache_var "get_new_port" "$port"
echo $port
fi
}
@@ -328,7 +324,11 @@ set_cache_var() {
local key="${1}"
shift 1
local val="$@"
- [ -n "${key}" ] && [ -n "${val}" ] && echo "${key}=\"${val}\"" >> $TMP_PATH/var
+ [ -n "${key}" ] && [ -n "${val}" ] && {
+ sed -i "/${key}=/d" $TMP_PATH/var >/dev/null 2>&1
+ echo "${key}=\"${val}\"" >> $TMP_PATH/var
+ eval ${key}=\"${val}\"
+ }
}
get_cache_var() {
local key="${1}"
@@ -337,8 +337,12 @@ get_cache_var() {
}
}
+eval_cache_var() {
+ [ -s "$TMP_PATH/var" ] && eval $(cat "$TMP_PATH/var")
+}
+
run_xray() {
- local flag node redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password
+ local flag node redir_port tcp_proxy_way socks_address socks_port socks_username socks_password http_address http_port http_username http_password
local dns_listen_port direct_dns_query_strategy remote_dns_protocol remote_dns_udp_server remote_dns_tcp_server remote_dns_doh remote_dns_client_ip remote_dns_detour remote_fakedns remote_dns_query_strategy dns_cache write_ipset_direct
local loglevel log_file config_file
local _extra_param=""
@@ -440,15 +444,18 @@ run_xray() {
_extra_param="${_extra_param} -remote_dns_udp_port ${dns_remote_listen_port} -remote_dns_udp_server 127.0.0.1 -remote_dns_query_strategy ${remote_dns_query_strategy}"
fi
}
+ [ -n "${redir_port}" ] && {
+ _extra_param="${_extra_param} -redir_port ${redir_port}"
+ set_cache_var "node_${node}_redir_port" "${redir_port}"
+ [ -n "${tcp_proxy_way}" ] && _extra_param="${_extra_param} -tcp_proxy_way ${tcp_proxy_way}"
+ }
- lua $UTIL_XRAY gen_config -node $node -redir_port $redir_port -tcp_proxy_way $tcp_proxy_way -loglevel $loglevel ${_extra_param} > $config_file
+ lua $UTIL_XRAY gen_config -node $node -loglevel $loglevel ${_extra_param} > $config_file
ln_run "$(first_type $(config_t_get global_app ${type}_file) ${type})" ${type} $log_file run -c "$config_file"
-
- [ -n "${redir_port}" ] && set_cache_var "node_${node}_redir_port" "${redir_port}"
}
run_singbox() {
- local flag node redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password
+ local flag node redir_port tcp_proxy_way socks_address socks_port socks_username socks_password http_address http_port http_username http_password
local dns_listen_port direct_dns_query_strategy remote_dns_protocol remote_dns_udp_server remote_dns_tcp_server remote_dns_doh remote_dns_client_ip remote_dns_detour remote_fakedns remote_dns_query_strategy dns_cache write_ipset_direct
local loglevel log_file config_file
local _extra_param=""
@@ -543,10 +550,14 @@ run_singbox() {
[ "$remote_fakedns" = "1" ] && _extra_param="${_extra_param} -remote_dns_fake 1"
}
- lua $UTIL_SINGBOX gen_config -node $node -redir_port $redir_port -tcp_proxy_way $tcp_proxy_way ${_extra_param} > $config_file
- ln_run "$(first_type $(config_t_get global_app singbox_file) sing-box)" "sing-box" "${log_file}" run -c "$config_file"
+ [ -n "${redir_port}" ] && {
+ _extra_param="${_extra_param} -redir_port ${redir_port}"
+ set_cache_var "node_${node}_redir_port" "${redir_port}"
+ [ -n "${tcp_proxy_way}" ] && _extra_param="${_extra_param} -tcp_proxy_way ${tcp_proxy_way}"
+ }
- [ -n "${redir_port}" ] && set_cache_var "node_${node}_redir_port" "${redir_port}"
+ lua $UTIL_SINGBOX gen_config -node $node ${_extra_param} > $config_file
+ ln_run "$(first_type $(config_t_get global_app singbox_file) sing-box)" "sing-box" "${log_file}" run -c "$config_file"
}
run_socks() {
@@ -714,9 +725,12 @@ run_global() {
if [ $PROXY_IPV6 == "1" ]; then
echolog "开启实验性IPv6透明代理(TProxy),请确认您的节点及类型支持IPv6!"
- PROXY_IPV6_UDP=1
fi
- V2RAY_ARGS="flag=global node=$NODE redir_port=$REDIR_PORT"
+
+ TUN_DNS_PORT=15353
+ TUN_DNS="127.0.0.1#${TUN_DNS_PORT}"
+
+ V2RAY_ARGS="flag=global node=$NODE redir_port=$REDIR_PORT tcp_proxy_way=${TCP_PROXY_WAY}"
V2RAY_ARGS="${V2RAY_ARGS} dns_listen_port=${TUN_DNS_PORT} direct_dns_query_strategy=${DIRECT_DNS_QUERY_STRATEGY} remote_dns_query_strategy=${REMOTE_DNS_QUERY_STRATEGY} dns_cache=${DNS_CACHE}"
local msg="${TUN_DNS} (直连DNS:${AUTO_DNS}"
@@ -774,7 +788,7 @@ run_global() {
run_func="run_singbox"
fi
- ${run_func} $V2RAY_ARGS
+ ${run_func} ${V2RAY_ARGS}
local RUN_NEW_DNSMASQ=1
RUN_NEW_DNSMASQ=${DNS_REDIRECT}
@@ -1202,7 +1216,7 @@ acl_app() {
elif [ "${type}" = "sing-box" ] && [ -n "${SINGBOX_BIN}" ]; then
run_func="run_singbox"
fi
- ${run_func} flag=acl_$sid node=$node redir_port=$redir_port socks_address=127.0.0.1 socks_port=$acl_socks_port dns_listen_port=${dns_port} direct_dns_query_strategy=${direct_dns_query_strategy} remote_dns_protocol=${remote_dns_protocol} remote_dns_tcp_server=${remote_dns} remote_dns_udp_server=${remote_dns} remote_dns_doh="${remote_dns}" remote_dns_client_ip=${remote_dns_client_ip} remote_dns_detour=${remote_dns_detour} remote_fakedns=${remote_fakedns} remote_dns_query_strategy=${remote_dns_query_strategy} write_ipset_direct=${write_ipset_direct} config_file=${config_file}
+ ${run_func} flag=acl_$sid node=$node redir_port=$redir_port tcp_proxy_way=${TCP_PROXY_WAY} socks_address=127.0.0.1 socks_port=$acl_socks_port dns_listen_port=${dns_port} direct_dns_query_strategy=${direct_dns_query_strategy} remote_dns_protocol=${remote_dns_protocol} remote_dns_tcp_server=${remote_dns} remote_dns_udp_server=${remote_dns} remote_dns_doh="${remote_dns}" remote_dns_client_ip=${remote_dns_client_ip} remote_dns_detour=${remote_dns_detour} remote_fakedns=${remote_fakedns} remote_dns_query_strategy=${remote_dns_query_strategy} write_ipset_direct=${write_ipset_direct} config_file=${config_file}
fi
dnsmasq_port=$(get_new_port $(expr $dnsmasq_port + 1))
run_copy_dnsmasq flag="$sid" listen_port=$dnsmasq_port tun_dns="127.0.0.1#${dns_port}"
@@ -1222,10 +1236,13 @@ acl_app() {
start() {
pgrep -f /tmp/etc/passwall2/bin > /dev/null 2>&1 && {
- echolog "程序已启动,先停止再重新启动!"
+ #echolog "程序已启动,先停止再重新启动!"
stop
}
-
+ mkdir -p /tmp/etc $TMP_PATH $TMP_BIN_PATH $TMP_SCRIPT_FUNC_PATH $TMP_ROUTE_PATH $TMP_ACL_PATH $TMP_PATH2
+ get_config
+ export V2RAY_LOCATION_ASSET=$(config_t_get global_rules v2ray_location_asset "/usr/share/v2ray/")
+ export XRAY_LOCATION_ASSET=$V2RAY_LOCATION_ASSET
ulimit -n 65535
start_haproxy
start_socks
@@ -1289,8 +1306,8 @@ start() {
stop() {
clean_log
- [ -n "$($(source $APP_PATH/iptables.sh get_ipt_bin) -t mangle -t nat -L -nv 2>/dev/null | grep "PSW2")" ] && source $APP_PATH/iptables.sh stop
- [ -n "$(nft list sets 2>/dev/null | grep "${CONFIG}_")" ] && source $APP_PATH/nftables.sh stop
+ eval_cache_var
+ [ -n "$USE_TABLES" ] && source $APP_PATH/${USE_TABLES}.sh stop
delete_ip2route
kill_all v2ray-plugin obfs-local
pgrep -f "sleep.*(6s|9s|58s)" | xargs kill -9 >/dev/null 2>&1
@@ -1309,14 +1326,12 @@ stop() {
uci -q delete ${CONFIG}.@global[0].dnsmasq_dns_redirect
uci -q commit ${CONFIG}
}
- if [ -z "$(get_cache_var "ACL_default_dns_port")" ] || [ -n "${bak_dnsmasq_dns_redirect}" ]; then
+ if [ -z "${ACL_default_dns_port}" ] || [ -n "${bak_dnsmasq_dns_redirect}" ]; then
uci -q del_list dhcp.@dnsmasq[0].addnmount="${GLOBAL_DNSMASQ_CONF_PATH}"
uci -q commit dhcp
lua $APP_PATH/helper_dnsmasq.lua restart -LOG 0
fi
- bak_bridge_nf_ipt=$(get_cache_var "bak_bridge_nf_ipt")
[ -n "${bak_bridge_nf_ipt}" ] && sysctl -w net.bridge.bridge-nf-call-iptables=${bak_bridge_nf_ipt} >/dev/null 2>&1
- bak_bridge_nf_ip6t=$(get_cache_var "bak_bridge_nf_ip6t")
[ -n "${bak_bridge_nf_ip6t}" ] && sysctl -w net.bridge.bridge-nf-call-ip6tables=${bak_bridge_nf_ip6t} >/dev/null 2>&1
}
rm -rf $TMP_PATH
@@ -1325,68 +1340,66 @@ stop() {
exit 0
}
-ENABLED=$(config_t_get global enabled 0)
-NODE=$(config_t_get global node)
-[ "$ENABLED" == 1 ] && {
- [ -n "$NODE" ] && [ "$(config_get_type $NODE)" == "nodes" ] && ENABLED_DEFAULT_ACL=1
-}
-ENABLED_ACLS=$(config_t_get global acl_enable 0)
-[ "$ENABLED_ACLS" == 1 ] && {
- [ "$(uci show ${CONFIG} | grep "@acl_rule" | grep "enabled='1'" | wc -l)" == 0 ] && ENABLED_ACLS=0
-}
-SOCKS_ENABLED=$(config_t_get global socks_enabled 0)
-REDIR_PORT=$(echo $(get_new_port 1041 tcp,udp))
-tcp_proxy_way=$(config_t_get global_forwarding tcp_proxy_way redirect)
-TCP_NO_REDIR_PORTS=$(config_t_get global_forwarding tcp_no_redir_ports 'disable')
-UDP_NO_REDIR_PORTS=$(config_t_get global_forwarding udp_no_redir_ports 'disable')
-TCP_REDIR_PORTS=$(config_t_get global_forwarding tcp_redir_ports '22,25,53,143,465,587,853,993,995,80,443')
-UDP_REDIR_PORTS=$(config_t_get global_forwarding udp_redir_ports '1:65535')
-TCP_PROXY_MODE="global"
-UDP_PROXY_MODE="global"
-LOCALHOST_PROXY=$(config_t_get global localhost_proxy '1')
-CLIENT_PROXY=$(config_t_get global client_proxy '1')
-DIRECT_DNS_QUERY_STRATEGY=$(config_t_get global direct_dns_query_strategy UseIP)
-REMOTE_DNS_PROTOCOL=$(config_t_get global remote_dns_protocol tcp)
-REMOTE_DNS_DETOUR=$(config_t_get global remote_dns_detour remote)
-REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
-REMOTE_FAKEDNS=$(config_t_get global remote_fakedns '0')
-REMOTE_DNS_QUERY_STRATEGY=$(config_t_get global remote_dns_query_strategy UseIPv4)
-WRITE_IPSET_DIRECT=$(config_t_get global write_ipset_direct 1)
-DNS_CACHE=$(config_t_get global dns_cache 1)
-DNS_REDIRECT=$(config_t_get global dns_redirect 1)
+get_config() {
+ ENABLED_DEFAULT_ACL=0
+ ENABLED=$(config_t_get global enabled 0)
+ NODE=$(config_t_get global node)
+ [ "$ENABLED" == 1 ] && {
+ [ -n "$NODE" ] && [ "$(config_get_type $NODE)" == "nodes" ] && ENABLED_DEFAULT_ACL=1
+ }
+ ENABLED_ACLS=$(config_t_get global acl_enable 0)
+ [ "$ENABLED_ACLS" == 1 ] && {
+ [ "$(uci show ${CONFIG} | grep "@acl_rule" | grep "enabled='1'" | wc -l)" == 0 ] && ENABLED_ACLS=0
+ }
+ SOCKS_ENABLED=$(config_t_get global socks_enabled 0)
+ REDIR_PORT=$(echo $(get_new_port 1041 tcp,udp))
+ TCP_PROXY_WAY=$(config_t_get global_forwarding tcp_proxy_way redirect)
+ TCP_NO_REDIR_PORTS=$(config_t_get global_forwarding tcp_no_redir_ports 'disable')
+ UDP_NO_REDIR_PORTS=$(config_t_get global_forwarding udp_no_redir_ports 'disable')
+ TCP_REDIR_PORTS=$(config_t_get global_forwarding tcp_redir_ports '22,25,53,143,465,587,853,993,995,80,443')
+ UDP_REDIR_PORTS=$(config_t_get global_forwarding udp_redir_ports '1:65535')
+ PROXY_IPV6=$(config_t_get global_forwarding ipv6_tproxy 0)
+ TCP_PROXY_MODE="global"
+ UDP_PROXY_MODE="global"
+ LOCALHOST_PROXY=$(config_t_get global localhost_proxy '1')
+ CLIENT_PROXY=$(config_t_get global client_proxy '1')
+ DIRECT_DNS_QUERY_STRATEGY=$(config_t_get global direct_dns_query_strategy UseIP)
+ REMOTE_DNS_PROTOCOL=$(config_t_get global remote_dns_protocol tcp)
+ REMOTE_DNS_DETOUR=$(config_t_get global remote_dns_detour remote)
+ REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
+ REMOTE_FAKEDNS=$(config_t_get global remote_fakedns '0')
+ REMOTE_DNS_QUERY_STRATEGY=$(config_t_get global remote_dns_query_strategy UseIPv4)
+ WRITE_IPSET_DIRECT=$(config_t_get global write_ipset_direct 1)
+ DNS_CACHE=$(config_t_get global dns_cache 1)
+ DNS_REDIRECT=$(config_t_get global dns_redirect 1)
-RESOLVFILE=/tmp/resolv.conf.d/resolv.conf.auto
-[ -f "${RESOLVFILE}" ] && [ -s "${RESOLVFILE}" ] || RESOLVFILE=/tmp/resolv.conf.auto
+ RESOLVFILE=/tmp/resolv.conf.d/resolv.conf.auto
+ [ -f "${RESOLVFILE}" ] && [ -s "${RESOLVFILE}" ] || RESOLVFILE=/tmp/resolv.conf.auto
-ISP_DNS=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort -u | grep -v 0.0.0.0 | grep -v 127.0.0.1)
-ISP_DNS6=$(cat $RESOLVFILE 2>/dev/null | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | awk -F % '{print $1}' | awk -F " " '{print $2}'| sort -u | grep -v -Fx ::1 | grep -v -Fx ::)
+ ISP_DNS=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort -u | grep -v 0.0.0.0 | grep -v 127.0.0.1)
+ ISP_DNS6=$(cat $RESOLVFILE 2>/dev/null | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | awk -F % '{print $1}' | awk -F " " '{print $2}'| sort -u | grep -v -Fx ::1 | grep -v -Fx ::)
-DEFAULT_DNSMASQ_CFGID=$(uci show dhcp.@dnsmasq[0] | awk -F '.' '{print $2}' | awk -F '=' '{print $1}'| head -1)
-DEFAULT_DNS=$(uci show dhcp.@dnsmasq[0] | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' '\n' | grep -v "\/" | head -2 | sed ':label;N;s/\n/,/;b label')
-[ -z "${DEFAULT_DNS}" ] && DEFAULT_DNS=$(echo -n $ISP_DNS | tr ' ' '\n' | head -2 | tr '\n' ',' | sed 's/,$//')
-AUTO_DNS=${DEFAULT_DNS:-119.29.29.29}
+ DEFAULT_DNSMASQ_CFGID=$(uci show dhcp.@dnsmasq[0] | awk -F '.' '{print $2}' | awk -F '=' '{print $1}'| head -1)
+ DEFAULT_DNS=$(uci show dhcp.@dnsmasq[0] | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' '\n' | grep -v "\/" | head -2 | sed ':label;N;s/\n/,/;b label')
+ [ -z "${DEFAULT_DNS}" ] && DEFAULT_DNS=$(echo -n $ISP_DNS | tr ' ' '\n' | head -2 | tr '\n' ',' | sed 's/,$//')
+ AUTO_DNS=${DEFAULT_DNS:-119.29.29.29}
-DNSMASQ_CONF_DIR=/tmp/dnsmasq.d
-DEFAULT_DNSMASQ_CFGID="$(uci -q show "dhcp.@dnsmasq[0]" | awk 'NR==1 {split($0, conf, /[.=]/); print conf[2]}')"
-if [ -f "/tmp/etc/dnsmasq.conf.$DEFAULT_DNSMASQ_CFGID" ]; then
- DNSMASQ_CONF_DIR="$(awk -F '=' '/^conf-dir=/ {print $2}' "/tmp/etc/dnsmasq.conf.$DEFAULT_DNSMASQ_CFGID")"
- if [ -n "$DNSMASQ_CONF_DIR" ]; then
- DNSMASQ_CONF_DIR=${DNSMASQ_CONF_DIR%*/}
- else
- DNSMASQ_CONF_DIR="/tmp/dnsmasq.d"
+ DNSMASQ_CONF_DIR=/tmp/dnsmasq.d
+ DEFAULT_DNSMASQ_CFGID="$(uci -q show "dhcp.@dnsmasq[0]" | awk 'NR==1 {split($0, conf, /[.=]/); print conf[2]}')"
+ if [ -f "/tmp/etc/dnsmasq.conf.$DEFAULT_DNSMASQ_CFGID" ]; then
+ DNSMASQ_CONF_DIR="$(awk -F '=' '/^conf-dir=/ {print $2}' "/tmp/etc/dnsmasq.conf.$DEFAULT_DNSMASQ_CFGID")"
+ if [ -n "$DNSMASQ_CONF_DIR" ]; then
+ DNSMASQ_CONF_DIR=${DNSMASQ_CONF_DIR%*/}
+ else
+ DNSMASQ_CONF_DIR="/tmp/dnsmasq.d"
+ fi
fi
-fi
-GLOBAL_DNSMASQ_CONF=${DNSMASQ_CONF_DIR}/dnsmasq-${CONFIG}.conf
-GLOBAL_DNSMASQ_CONF_PATH=${GLOBAL_ACL_PATH}/dnsmasq.d
+ set_cache_var GLOBAL_DNSMASQ_CONF ${DNSMASQ_CONF_DIR}/dnsmasq-${CONFIG}.conf
+ set_cache_var GLOBAL_DNSMASQ_CONF_PATH ${GLOBAL_ACL_PATH}/dnsmasq.d
-PROXY_IPV6=$(config_t_get global_forwarding ipv6_tproxy 0)
-
-XRAY_BIN=$(first_type $(config_t_get global_app xray_file) xray)
-SINGBOX_BIN=$(first_type $(config_t_get global_app singbox_file) sing-box)
-
-export V2RAY_LOCATION_ASSET=$(config_t_get global_rules v2ray_location_asset "/usr/share/v2ray/")
-export XRAY_LOCATION_ASSET=$V2RAY_LOCATION_ASSET
-mkdir -p /tmp/etc $TMP_PATH $TMP_BIN_PATH $TMP_SCRIPT_FUNC_PATH $TMP_ROUTE_PATH $TMP_ACL_PATH $TMP_PATH2
+ XRAY_BIN=$(first_type $(config_t_get global_app xray_file) xray)
+ SINGBOX_BIN=$(first_type $(config_t_get global_app singbox_file) sing-box)
+}
arg1=$1
shift
@@ -1394,28 +1407,28 @@ case $arg1 in
add_ip2route)
add_ip2route $@
;;
-get_new_port)
- get_new_port $@
- ;;
-run_socks)
- run_socks $@
- ;;
-socks_node_switch)
- socks_node_switch $@
- ;;
echolog)
echolog $@
;;
+get_new_port)
+ get_new_port $@
+ ;;
get_cache_var)
get_cache_var $@
;;
set_cache_var)
set_cache_var $@
;;
-stop)
- stop
+run_socks)
+ run_socks $@
+ ;;
+socks_node_switch)
+ socks_node_switch $@
;;
start)
start
;;
+stop)
+ stop
+ ;;
esac
diff --git a/luci-app-passwall2/root/usr/share/passwall2/helper_dnsmasq.lua b/luci-app-passwall2/root/usr/share/passwall2/helper_dnsmasq.lua
index 8870c3f8..879c67b4 100644
--- a/luci-app-passwall2/root/usr/share/passwall2/helper_dnsmasq.lua
+++ b/luci-app-passwall2/root/usr/share/passwall2/helper_dnsmasq.lua
@@ -1,6 +1,6 @@
local api = require "luci.passwall2.api"
local appname = "passwall2"
-local uci = api.libuci
+local uci = api.uci
local sys = api.sys
local fs = api.fs
local datatypes = api.datatypes
@@ -25,7 +25,7 @@ local function backup_servers()
local DNSMASQ_DNS = uci:get("dhcp", "@dnsmasq[0]", "server")
if DNSMASQ_DNS and #DNSMASQ_DNS > 0 then
uci:set(appname, "@global[0]", "dnsmasq_servers", DNSMASQ_DNS)
- uci:commit(appname)
+ api.uci_save(uci, appname, true)
end
end
@@ -43,11 +43,11 @@ local function restore_servers()
tinsert(dns_table, v)
end
uci:delete(appname, "@global[0]", "dnsmasq_servers")
- uci:commit(appname)
+ api.uci_save(uci, appname, true)
end
if dns_table and #dns_table > 0 then
- api.uci_set_list(uci, "dhcp", "@dnsmasq[0]", "server", dns_table)
- uci:commit("dhcp")
+ uci:set_list("dhcp", "@dnsmasq[0]", "server", dns_table)
+ api.uci_save(uci, "dhcp", true)
end
end
@@ -76,7 +76,7 @@ function stretch()
end
end
uci:set("dhcp", "@dnsmasq[0]", "resolvfile", RESOLVFILE)
- uci:commit("dhcp")
+ api.uci_save(uci, "dhcp", true)
end
end
@@ -102,8 +102,8 @@ function logic_restart(var)
tinsert(dns_table, v)
end
end
- api.uci_set_list(uci, "dhcp", "@dnsmasq[0]", "server", dns_table)
- uci:commit("dhcp")
+ uci:set_list("dhcp", "@dnsmasq[0]", "server", dns_table)
+ api.uci_save(uci, "dhcp", true)
end
sys.call("/etc/init.d/dnsmasq restart >/dev/null 2>&1")
restore_servers()
diff --git a/luci-app-passwall2/root/usr/share/passwall2/iptables.sh b/luci-app-passwall2/root/usr/share/passwall2/iptables.sh
index 4f6039ad..c6e5aa45 100755
--- a/luci-app-passwall2/root/usr/share/passwall2/iptables.sh
+++ b/luci-app-passwall2/root/usr/share/passwall2/iptables.sh
@@ -204,47 +204,51 @@ gen_shunt_list() {
NODE_PROTOCOL=$(config_n_get $node protocol)
[ "$NODE_PROTOCOL" = "_shunt" ] && USE_SHUNT_NODE=1
[ "$USE_SHUNT_NODE" = "1" ] && {
- local default_node=$(config_n_get ${node} default_node _direct)
- local default_outbound="redirect"
- [ "$default_node" = "_direct" ] && default_outbound="direct"
- local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
- for shunt_id in $shunt_ids; do
- local shunt_node=$(config_n_get ${node} "${shunt_id}")
- [ -n "$shunt_node" ] && {
- local ipset_v4="passwall2_${node}_${shunt_id}"
- local ipset_v6="passwall2_${node}_${shunt_id}6"
- ipset -! create $ipset_v4 nethash maxelem 1048576
- ipset -! create $ipset_v6 nethash family inet6 maxelem 1048576
- local outbound="redirect"
- [ "$shunt_node" = "_direct" ] && outbound="direct"
- [ "$shunt_node" = "_default" ] && outbound="${default_outbound}"
- _SHUNT_LIST4="${_SHUNT_LIST4} ${ipset_v4}:${outbound}"
- _SHUNT_LIST6="${_SHUNT_LIST6} ${ipset_v6}:${outbound}"
+ local enable_geoview=$(config_t_get global_rules enable_geoview 0)
+ [ -z "$(first_type geoview)" ] && enable_geoview=0
+ local preloading=0
+ preloading=$enable_geoview
+ [ "${preloading}" = "1" ] && {
+ local default_node=$(config_n_get ${node} default_node _direct)
+ local default_outbound="redirect"
+ [ "$default_node" = "_direct" ] && default_outbound="direct"
+ local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
+ for shunt_id in $shunt_ids; do
+ local shunt_node=$(config_n_get ${node} "${shunt_id}")
+ [ -n "$shunt_node" ] && {
+ local ipset_v4="passwall2_${node}_${shunt_id}"
+ local ipset_v6="passwall2_${node}_${shunt_id}6"
+ ipset -! create $ipset_v4 nethash maxelem 1048576
+ ipset -! create $ipset_v6 nethash family inet6 maxelem 1048576
+ local outbound="redirect"
+ [ "$shunt_node" = "_direct" ] && outbound="direct"
+ [ "$shunt_node" = "_default" ] && outbound="${default_outbound}"
+ _SHUNT_LIST4="${_SHUNT_LIST4} ${ipset_v4}:${outbound}"
+ _SHUNT_LIST6="${_SHUNT_LIST6} ${ipset_v6}:${outbound}"
- config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $ipset_v4 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
- config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $ipset_v6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
- [ "$(config_t_get global_rules enable_geoview)" = "1" ] && {
- local _geoip_code=$(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g')
- [ -n "$_geoip_code" ] && {
- if [ "$(config_n_get $node type)" = "sing-box" ]; then
- get_singbox_geoip $_geoip_code ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $ipset_v4 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
- get_singbox_geoip $_geoip_code ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $ipset_v6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
- else
- if type geoview &> /dev/null; then
+ config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $ipset_v4 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
+ config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $ipset_v6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
+ [ "${enable_geoview}" = "1" ] && {
+ local _geoip_code=$(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g')
+ [ -n "$_geoip_code" ] && {
+ if [ "$(config_n_get $node type)" = "sing-box" ]; then
+ get_singbox_geoip $_geoip_code ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $ipset_v4 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
+ get_singbox_geoip $_geoip_code ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $ipset_v6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
+ else
get_geoip $_geoip_code ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $ipset_v4 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
get_geoip $_geoip_code ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $ipset_v6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
fi
- fi
- echolog " - [$?]解析分流规则[$shunt_id]-[geoip:${_geoip_code}]加入到 IPSET 完成"
+ echolog " - [$?]解析分流规则[$shunt_id]-[geoip:${_geoip_code}]加入到 IPSET 完成"
+ }
}
}
- }
- done
+ done
+ }
[ "${_write_ipset_direct}" = "1" ] && {
_SHUNT_LIST4="${_SHUNT_LIST4} ${_set_name4}:direct"
_SHUNT_LIST6="${_SHUNT_LIST6} ${_set_name6}:direct"
}
- [ -n "$default_node" ] && {
+ [ "${preloading}" = "1" ] && [ -n "$default_node" ] && {
local ipset_v4="passwall2_${node}_default"
local ipset_v6="passwall2_${node}_default6"
ipset -! create $ipset_v4 nethash maxelem 1048576
@@ -452,7 +456,7 @@ load_acl() {
$ipt_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") -j PSW2_RULE
$ipt_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(REDIRECT $redir_port TPROXY)
- [ "$PROXY_IPV6" == "1" ] && [ "$PROXY_IPV6_UDP" == "1" ] && {
+ [ "$PROXY_IPV6" == "1" ] && {
$ip6t_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} -d $FAKE_IP_6 -j PSW2_RULE 2>/dev/null
add_shunt_t_rule "${shunt_list6}" "$ip6t_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport")" "-j PSW2_RULE" 2>/dev/null
$ip6t_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") -j PSW2_RULE 2>/dev/null
@@ -551,12 +555,12 @@ load_acl() {
$ipt_m -A PSW2 $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
$ipt_m -A PSW2 $(comment "默认") -p udp $(REDIRECT $REDIR_PORT TPROXY)
- if [ "$PROXY_IPV6_UDP" == "1" ]; then
+ [ "$PROXY_IPV6" == "1" ] && {
$ip6t_m -A PSW2 $(comment "默认") -p udp -d $FAKE_IP_6 -j PSW2_RULE
add_shunt_t_rule "${SHUNT_LIST6}" "$ip6t_m -A PSW2 $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport")" "-j PSW2_RULE"
$ip6t_m -A PSW2 $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
$ip6t_m -A PSW2 $(comment "默认") -p udp $(REDIRECT $REDIR_PORT TPROXY)
- fi
+ }
echolog "${msg2}"
fi
@@ -696,10 +700,9 @@ add_firewall_rule() {
accept_icmp=$(config_t_get global_forwarding accept_icmp 0)
accept_icmpv6=$(config_t_get global_forwarding accept_icmpv6 0)
- local tcp_proxy_way=$(config_t_get global_forwarding tcp_proxy_way redirect)
- if [ "$tcp_proxy_way" = "redirect" ]; then
+ if [ "${TCP_PROXY_WAY}" = "redirect" ]; then
unset is_tproxy
- elif [ "$tcp_proxy_way" = "tproxy" ]; then
+ elif [ "${TCP_PROXY_WAY}" = "tproxy" ]; then
is_tproxy="TPROXY"
fi
@@ -884,14 +887,14 @@ add_firewall_rule() {
insert_rule_before "$ipt_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW2) -p tcp -j PSW2_OUTPUT"
}
- if [ "$PROXY_IPV6" == "1" ]; then
+ [ "$PROXY_IPV6" == "1" ] && {
$ip6t_m -A PSW2_OUTPUT -p tcp -d $FAKE_IP_6 -j PSW2_RULE
add_shunt_t_rule "${SHUNT_LIST6}" "$ip6t_m -A PSW2_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport")" "-j PSW2_RULE"
$ip6t_m -A PSW2_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
$ip6t_m -A PSW2 $(comment "本机") -p tcp -i lo $(REDIRECT $REDIR_PORT TPROXY)
$ip6t_m -A PSW2 $(comment "本机") -p tcp -i lo -j RETURN
insert_rule_before "$ip6t_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW2) -p tcp -j PSW2_OUTPUT"
- fi
+ }
[ -d "${TMP_IFACE_PATH}" ] && {
for iface in $(ls ${TMP_IFACE_PATH}); do
@@ -910,14 +913,14 @@ add_firewall_rule() {
$ipt_m -A PSW2 $(comment "本机") -p udp -i lo -j RETURN
insert_rule_before "$ipt_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW2) -p udp -j PSW2_OUTPUT"
- if [ "$PROXY_IPV6_UDP" == "1" ]; then
+ [ "$PROXY_IPV6" == "1" ] && {
$ip6t_m -A PSW2_OUTPUT -p udp -d $FAKE_IP_6 -j PSW2_RULE
add_shunt_t_rule "${SHUNT_LIST6}" "$ip6t_m -A PSW2_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport")" "-j PSW2_RULE"
$ip6t_m -A PSW2_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
$ip6t_m -A PSW2 $(comment "本机") -p udp -i lo $(REDIRECT $REDIR_PORT TPROXY)
$ip6t_m -A PSW2 $(comment "本机") -p udp -i lo -j RETURN
insert_rule_before "$ip6t_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW2) -p udp -j PSW2_OUTPUT"
- fi
+ }
[ -d "${TMP_IFACE_PATH}" ] && {
for iface in $(ls ${TMP_IFACE_PATH}); do
diff --git a/luci-app-passwall2/root/usr/share/passwall2/nftables.sh b/luci-app-passwall2/root/usr/share/passwall2/nftables.sh
index 1066ea6a..64305bf5 100755
--- a/luci-app-passwall2/root/usr/share/passwall2/nftables.sh
+++ b/luci-app-passwall2/root/usr/share/passwall2/nftables.sh
@@ -258,46 +258,50 @@ gen_shunt_list() {
NODE_PROTOCOL=$(config_n_get $node protocol)
[ "$NODE_PROTOCOL" = "_shunt" ] && USE_SHUNT_NODE=1
[ "$USE_SHUNT_NODE" = "1" ] && {
- local default_node=$(config_n_get ${node} default_node _direct)
- local default_outbound="redirect"
- [ "$default_node" = "_direct" ] && default_outbound="direct"
- local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
- for shunt_id in $shunt_ids; do
- local shunt_node=$(config_n_get ${node} "${shunt_id}")
- [ -n "$shunt_node" ] && {
- local nftset_v4="passwall2_${node}_${shunt_id}"
- local nftset_v6="passwall2_${node}_${shunt_id}6"
- gen_nftset $nftset_v4 ipv4_addr 0 0
- gen_nftset $nftset_v6 ipv6_addr 0 0
- local outbound="redirect"
- [ "$shunt_node" = "_direct" ] && outbound="direct"
- [ "$shunt_node" = "_default" ] && outbound="${default_outbound}"
- _SHUNT_LIST4="${_SHUNT_LIST4} ${nftset_v4}:${outbound}"
- _SHUNT_LIST6="${_SHUNT_LIST6} ${nftset_v6}:${outbound}"
- insert_nftset $nftset_v4 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
- insert_nftset $nftset_v6 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
- [ "$(config_t_get global_rules enable_geoview)" = "1" ] && {
- local _geoip_code=$(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g')
- [ -n "$_geoip_code" ] && {
- if [ "$(config_n_get $node type)" = "sing-box" ]; then
- insert_nftset $nftset_v4 "0" $(get_singbox_geoip $_geoip_code ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
- insert_nftset $nftset_v6 "0" $(get_singbox_geoip $_geoip_code ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
- else
- if type geoview &> /dev/null; then
+ local enable_geoview=$(config_t_get global_rules enable_geoview 0)
+ [ -z "$(first_type geoview)" ] && enable_geoview=0
+ local preloading=0
+ preloading=$enable_geoview
+ [ "${preloading}" = "1" ] && {
+ local default_node=$(config_n_get ${node} default_node _direct)
+ local default_outbound="redirect"
+ [ "$default_node" = "_direct" ] && default_outbound="direct"
+ local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
+ for shunt_id in $shunt_ids; do
+ local shunt_node=$(config_n_get ${node} "${shunt_id}")
+ [ -n "$shunt_node" ] && {
+ local nftset_v4="passwall2_${node}_${shunt_id}"
+ local nftset_v6="passwall2_${node}_${shunt_id}6"
+ gen_nftset $nftset_v4 ipv4_addr 0 0
+ gen_nftset $nftset_v6 ipv6_addr 0 0
+ local outbound="redirect"
+ [ "$shunt_node" = "_direct" ] && outbound="direct"
+ [ "$shunt_node" = "_default" ] && outbound="${default_outbound}"
+ _SHUNT_LIST4="${_SHUNT_LIST4} ${nftset_v4}:${outbound}"
+ _SHUNT_LIST6="${_SHUNT_LIST6} ${nftset_v6}:${outbound}"
+ insert_nftset $nftset_v4 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
+ insert_nftset $nftset_v6 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
+ [ "${enable_geoview}" = "1" ] && {
+ local _geoip_code=$(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g')
+ [ -n "$_geoip_code" ] && {
+ if [ "$(config_n_get $node type)" = "sing-box" ]; then
+ insert_nftset $nftset_v4 "0" $(get_singbox_geoip $_geoip_code ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
+ insert_nftset $nftset_v6 "0" $(get_singbox_geoip $_geoip_code ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
+ else
insert_nftset $nftset_v4 "0" $(get_geoip $_geoip_code ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
insert_nftset $nftset_v6 "0" $(get_geoip $_geoip_code ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
fi
- fi
- echolog " - [$?]解析分流规则[$shunt_id]-[geoip:${_geoip_code}]加入到 NFTSET 完成"
+ echolog " - [$?]解析分流规则[$shunt_id]-[geoip:${_geoip_code}]加入到 NFTSET 完成"
+ }
}
}
- }
- done
+ done
+ }
[ "${_write_ipset_direct}" = "1" ] && {
_SHUNT_LIST4="${_SHUNT_LIST4} ${_set_name4}:direct"
_SHUNT_LIST6="${_SHUNT_LIST6} ${_set_name6}:direct"
}
- [ -n "$default_node" ] && {
+ [ "${preloading}" = "1" ] && [ -n "$default_node" ] && {
local nftset_v4="passwall2_${node}_default"
local nftset_v6="passwall2_${node}_default6"
gen_nftset $nftset_v4 ipv4_addr 0 0
@@ -503,7 +507,7 @@ load_acl() {
nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") counter jump PSW2_RULE comment \"$remarks\""
nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp ${_ipt_source} $(REDIRECT $redir_port TPROXY4) comment \"$remarks\""
- [ "$PROXY_IPV6" == "1" ] && [ "$PROXY_IPV6_UDP" == "1" ] && {
+ [ "$PROXY_IPV6" == "1" ] && {
nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ${_ipt_source} ip6 daddr $FAKE_IP_6 counter jump PSW2_RULE comment \"$remarks\""
add_shunt_t_rule "${shunt_list6}" "nft add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") ip6 daddr" "counter jump PSW2_RULE" "$remarks"
nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") counter jump PSW2_RULE comment \"$remarks\"" 2>/dev/null
@@ -604,7 +608,7 @@ load_acl() {
nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW2_RULE comment \"默认\""
nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp $(REDIRECT $REDIR_PORT TPROXY4) comment \"默认\""
- [ "$PROXY_IPV6" == "1" ] && [ "$PROXY_IPV6_UDP" == "1" ] && {
+ [ "$PROXY_IPV6" == "1" ] && {
nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ip6 daddr $FAKE_IP_6 jump PSW2_RULE comment \"默认\""
add_shunt_t_rule "${SHUNT_LIST6}" "nft add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") ip6 daddr" "counter jump PSW2_RULE" "默认"
nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW2_RULE comment \"默认\""
@@ -744,12 +748,11 @@ add_firewall_rule() {
accept_icmp=$(config_t_get global_forwarding accept_icmp 0)
accept_icmpv6=$(config_t_get global_forwarding accept_icmpv6 0)
- local tcp_proxy_way=$(config_t_get global_forwarding tcp_proxy_way redirect)
- if [ "$tcp_proxy_way" = "redirect" ]; then
+ if [ "${TCP_PROXY_WAY}" = "redirect" ]; then
unset is_tproxy
nft_prerouting_chain="PSW2_NAT"
nft_output_chain="PSW2_OUTPUT_NAT"
- elif [ "$tcp_proxy_way" = "tproxy" ]; then
+ elif [ "${TCP_PROXY_WAY}" = "tproxy" ]; then
is_tproxy="TPROXY"
nft_prerouting_chain="PSW2_MANGLE"
nft_output_chain="PSW2_OUTPUT_MANGLE"
@@ -964,13 +967,13 @@ add_firewall_rule() {
nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp iif lo counter return comment \"本机\""
nft "add rule $NFTABLE_NAME mangle_output ip protocol udp counter jump PSW2_OUTPUT_MANGLE comment \"PSW2_OUTPUT_MANGLE\""
- if [ "$PROXY_IPV6_UDP" == "1" ]; then
+ [ "$PROXY_IPV6" == "1" ] && {
nft "add rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE_V6 meta l4proto udp ip6 daddr $FAKE_IP_6 jump PSW2_RULE"
add_shunt_t_rule "${SHUNT_LIST6}" "nft add rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") ip6 daddr" "counter jump PSW2_RULE"
nft "add rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW2_RULE"
nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp iif lo $(REDIRECT $REDIR_PORT TPROXY) comment \"本机\""
nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp iif lo counter return comment \"本机\""
- fi
+ }
[ -d "${TMP_IFACE_PATH}" ] && {
for iface in $(ls ${TMP_IFACE_PATH}); do
diff --git a/luci-app-passwall2/root/usr/share/passwall2/rule_update.lua b/luci-app-passwall2/root/usr/share/passwall2/rule_update.lua
index b51c2181..f23283c4 100755
--- a/luci-app-passwall2/root/usr/share/passwall2/rule_update.lua
+++ b/luci-app-passwall2/root/usr/share/passwall2/rule_update.lua
@@ -1,12 +1,12 @@
#!/usr/bin/lua
-require 'nixio'
-require 'luci.sys'
-local luci = luci
-local ucic = luci.model.uci.cursor()
-local jsonc = require "luci.jsonc"
-local name = 'passwall2'
local api = require "luci.passwall2.api"
+local name = api.appname
+local fs = api.fs
+local sys = api.sys
+local uci = api.uci
+local jsonc = api.jsonc
+
local arg1 = arg[1]
local arg2 = arg[2]
local arg3 = arg[3]
@@ -14,13 +14,13 @@ local arg3 = arg[3]
local reboot = 0
local geoip_update = 0
local geosite_update = 0
-local asset_location = ucic:get_first(name, 'global_rules', "v2ray_location_asset", "/usr/share/v2ray/")
+local asset_location = uci:get_first(name, 'global_rules', "v2ray_location_asset", "/usr/share/v2ray/")
-- Custom geo file
-local geoip_api = ucic:get_first(name, 'global_rules', "geoip_url", "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases/latest")
-local geosite_api = ucic:get_first(name, 'global_rules', "geosite_url", "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases/latest")
+local geoip_api = uci:get_first(name, 'global_rules', "geoip_url", "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases/latest")
+local geosite_api = uci:get_first(name, 'global_rules', "geosite_url", "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases/latest")
--
-local use_nft = ucic:get(name, "@global_forwarding[0]", "use_nft") or "0"
+local use_nft = uci:get(name, "@global_forwarding[0]", "use_nft") or "0"
if arg3 == "cron" then
arg2 = nil
@@ -67,9 +67,9 @@ local function fetch_geoip()
f:write(content:gsub("geoip.dat", "/tmp/geoip.dat"), "")
f:close()
- if nixio.fs.access(asset_location .. "geoip.dat") then
- luci.sys.call(string.format("cp -f %s %s", asset_location .. "geoip.dat", "/tmp/geoip.dat"))
- if luci.sys.call('sha256sum -c /tmp/geoip.dat.sha256sum > /dev/null 2>&1') == 0 then
+ if fs.access(asset_location .. "geoip.dat") then
+ sys.call(string.format("cp -f %s %s", asset_location .. "geoip.dat", "/tmp/geoip.dat"))
+ if sys.call('sha256sum -c /tmp/geoip.dat.sha256sum > /dev/null 2>&1') == 0 then
log("geoip 版本一致,无需更新。")
return 1
end
@@ -77,8 +77,8 @@ local function fetch_geoip()
for _2, v2 in ipairs(json.assets) do
if v2.name and v2.name == "geoip.dat" then
sret = curl(v2.browser_download_url, "/tmp/geoip.dat")
- if luci.sys.call('sha256sum -c /tmp/geoip.dat.sha256sum > /dev/null 2>&1') == 0 then
- luci.sys.call(string.format("mkdir -p %s && cp -f %s %s", asset_location, "/tmp/geoip.dat", asset_location .. "geoip.dat"))
+ if sys.call('sha256sum -c /tmp/geoip.dat.sha256sum > /dev/null 2>&1') == 0 then
+ sys.call(string.format("mkdir -p %s && cp -f %s %s", asset_location, "/tmp/geoip.dat", asset_location .. "geoip.dat"))
reboot = 1
log("geoip 更新成功。")
return 1
@@ -118,9 +118,9 @@ local function fetch_geosite()
f:write(content:gsub("[^%s]+.dat", "/tmp/geosite.dat"), "")
f:close()
- if nixio.fs.access(asset_location .. "geosite.dat") then
- luci.sys.call(string.format("cp -f %s %s", asset_location .. "geosite.dat", "/tmp/geosite.dat"))
- if luci.sys.call('sha256sum -c /tmp/geosite.dat.sha256sum > /dev/null 2>&1') == 0 then
+ if fs.access(asset_location .. "geosite.dat") then
+ sys.call(string.format("cp -f %s %s", asset_location .. "geosite.dat", "/tmp/geosite.dat"))
+ if sys.call('sha256sum -c /tmp/geosite.dat.sha256sum > /dev/null 2>&1') == 0 then
log("geosite 版本一致,无需更新。")
return 1
end
@@ -128,8 +128,8 @@ local function fetch_geosite()
for _2, v2 in ipairs(json.assets) do
if v2.name and (v2.name == "geosite.dat" or v2.name == "dlc.dat") then
sret = curl(v2.browser_download_url, "/tmp/geosite.dat")
- if luci.sys.call('sha256sum -c /tmp/geosite.dat.sha256sum > /dev/null 2>&1') == 0 then
- luci.sys.call(string.format("mkdir -p %s && cp -f %s %s", asset_location, "/tmp/geosite.dat", asset_location .. "geosite.dat"))
+ if sys.call('sha256sum -c /tmp/geosite.dat.sha256sum > /dev/null 2>&1') == 0 then
+ sys.call(string.format("mkdir -p %s && cp -f %s %s", asset_location, "/tmp/geosite.dat", asset_location .. "geosite.dat"))
reboot = 1
log("geosite 更新成功。")
return 1
@@ -161,8 +161,8 @@ if arg2 then
end
end)
else
- geoip_update = ucic:get_first(name, 'global_rules', "geoip_update", 1)
- geosite_update = ucic:get_first(name, 'global_rules', "geosite_update", 1)
+ geoip_update = uci:get_first(name, 'global_rules', "geoip_update", 1)
+ geosite_update = uci:get_first(name, 'global_rules', "geosite_update", 1)
end
if geoip_update == 0 and geosite_update == 0 then
os.exit(0)
@@ -184,23 +184,22 @@ if tonumber(geosite_update) == 1 then
os.remove("/tmp/geosite.dat.sha256sum")
end
-ucic:set(name, ucic:get_first(name, 'global_rules'), "geoip_update", geoip_update)
-ucic:set(name, ucic:get_first(name, 'global_rules'), "geosite_update", geosite_update)
-ucic:save(name)
-luci.sys.call("uci commit " .. name)
+uci:set(name, uci:get_first(name, 'global_rules'), "geoip_update", geoip_update)
+uci:set(name, uci:get_first(name, 'global_rules'), "geosite_update", geosite_update)
+api.uci_save(uci, name, true)
if reboot == 1 then
if arg3 == "cron" then
- if not nixio.fs.access("/var/lock/" .. name .. ".lock") then
- luci.sys.call("touch /tmp/lock/" .. name .. "_cron.lock")
+ if not fs.access("/var/lock/" .. name .. ".lock") then
+ sys.call("touch /tmp/lock/" .. name .. "_cron.lock")
end
end
log("重启服务,应用新的规则。")
if use_nft == "1" then
- luci.sys.call("sh /usr/share/" .. name .. "/nftables.sh flush_nftset_reload > /dev/null 2>&1 &")
+ sys.call("sh /usr/share/" .. name .. "/nftables.sh flush_nftset_reload > /dev/null 2>&1 &")
else
- luci.sys.call("sh /usr/share/" .. name .. "/iptables.sh flush_ipset_reload > /dev/null 2>&1 &")
+ sys.call("sh /usr/share/" .. name .. "/iptables.sh flush_ipset_reload > /dev/null 2>&1 &")
end
end
log("规则更新完毕...")
diff --git a/luci-app-passwall2/root/usr/share/passwall2/subscribe.lua b/luci-app-passwall2/root/usr/share/passwall2/subscribe.lua
index 57d928ca..3aabb321 100755
--- a/luci-app-passwall2/root/usr/share/passwall2/subscribe.lua
+++ b/luci-app-passwall2/root/usr/share/passwall2/subscribe.lua
@@ -3,8 +3,6 @@
------------------------------------------------
-- @author William Chan
------------------------------------------------
-require 'nixio'
-require 'luci.model.uci'
require 'luci.util'
require 'luci.jsonc'
require 'luci.sys'
@@ -20,6 +18,7 @@ local split = api.split
local jsonParse, jsonStringify = luci.jsonc.parse, luci.jsonc.stringify
local base64Decode = api.base64Decode
local uci = api.libuci
+local fs = api.fs
uci:revert(appname)
local has_ss = api.is_finded("ss-redir")
@@ -1282,7 +1281,7 @@ local function truncate_nodes(add_from)
end
end
end)
- uci:commit(appname)
+ api.uci_save(uci, appname, true)
end
local function select_node(nodes, config)
@@ -1434,7 +1433,7 @@ local function update_node(manual)
end
end
end
- uci:commit(appname)
+ api.uci_save(uci, appname, true)
if next(CONFIG) then
local nodes = {}
@@ -1469,11 +1468,11 @@ local function update_node(manual)
end
]]--
- uci:commit(appname)
+ api.uci_save(uci, appname, true)
end
if arg[3] == "cron" then
- if not nixio.fs.access("/var/lock/" .. appname .. ".lock") then
+ if not fs.access("/var/lock/" .. appname .. ".lock") then
luci.sys.call("touch /tmp/lock/" .. appname .. "_cron.lock")
end
end
diff --git a/mihomo/Makefile b/mihomo/Makefile
index ecbfa6ab..9723643f 100644
--- a/mihomo/Makefile
+++ b/mihomo/Makefile
@@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=mihomo
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/MetaCubeX/mihomo.git
diff --git a/mihomo/files/mihomo.init b/mihomo/files/mihomo.init
index 51494d81..e8fa3af9 100644
--- a/mihomo/files/mihomo.init
+++ b/mihomo/files/mihomo.init
@@ -350,11 +350,12 @@ service_started() {
config_get_bool router_proxy "proxy" "router_proxy" 0
config_get_bool lan_proxy "proxy" "lan_proxy" 0
### access control
- local access_control_mode bypass_china_mainland_ip proxy_tcp_dport proxy_udp_dport
+ local access_control_mode bypass_china_mainland_ip proxy_tcp_dport proxy_udp_dport bypass_dscp
config_get access_control_mode "proxy" "access_control_mode"
config_get_bool bypass_china_mainland_ip "proxy" "bypass_china_mainland_ip" 0
config_get proxy_tcp_dport "proxy" "proxy_tcp_dport" "0-65535"
config_get proxy_udp_dport "proxy" "proxy_udp_dport" "0-65535"
+ config_get bypass_dscp "proxy" "bypass_dscp"
# prepare
local tproxy_enable; tproxy_enable=0
if [[ "$tcp_transparent_proxy_mode" == "tproxy" || "$udp_transparent_proxy_mode" == "tproxy" ]]; then
@@ -477,6 +478,13 @@ service_started() {
for proxy_dport in $proxy_udp_dport; do
nft add element inet "$FW_TABLE" proxy_dport \{ "udp" . "$proxy_dport" \}
done
+ if [ -n "$bypass_dscp" ]; then
+ log "Transparent Proxy" "Bypass DSCP: $bypass_dscp."
+ local dscp
+ for dscp in $bypass_dscp; do
+ nft add element inet "$FW_TABLE" bypass_dscp \{ "$dscp" \}
+ done
+ fi
# router proxy
if [ "$router_proxy" == 1 ]; then
log "Transparent Proxy" "Set proxy for router."
diff --git a/mihomo/files/nftables/hijack.nft b/mihomo/files/nftables/hijack.nft
index 2cd85091..ab438858 100644
--- a/mihomo/files/nftables/hijack.nft
+++ b/mihomo/files/nftables/hijack.nft
@@ -16,6 +16,11 @@ table inet mihomo {
}
}
+ set bypass_dscp {
+ type dscp
+ flags interval
+ }
+
set dns_hijack_nfproto {
type nf_proto
flags interval
@@ -178,6 +183,8 @@ table inet mihomo {
ip6 daddr @china_ip6 counter return
meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != $FAKE_IP counter return
meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return
+ meta l4proto { tcp, udp } ip dscp == @bypass_dscp counter return
+ meta l4proto { tcp, udp } ip6 dscp == @bypass_dscp counter return
}
chain nat_output {
@@ -192,6 +199,8 @@ table inet mihomo {
ip6 daddr @china_ip6 counter return
meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != $FAKE_IP counter return
meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return
+ meta l4proto { tcp, udp } ip dscp == @bypass_dscp counter return
+ meta l4proto { tcp, udp } ip6 dscp == @bypass_dscp counter return
}
chain mangle_prerouting {
@@ -206,6 +215,8 @@ table inet mihomo {
ip6 daddr @china_ip6 counter return
meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != $FAKE_IP counter return
meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return
+ meta l4proto { tcp, udp } ip dscp == @bypass_dscp counter return
+ meta l4proto { tcp, udp } ip6 dscp == @bypass_dscp counter return
meta l4proto udp th dport 53 counter return
}
@@ -221,6 +232,8 @@ table inet mihomo {
ip6 daddr @china_ip6 counter return
meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != $FAKE_IP counter return
meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return
+ meta l4proto { tcp, udp } ip dscp == @bypass_dscp counter return
+ meta l4proto { tcp, udp } ip6 dscp == @bypass_dscp counter return
meta l4proto udp th dport 53 counter return
}
}
diff --git a/shadowsocks-rust/Makefile b/shadowsocks-rust/Makefile
index 320c2cab..a3cd2407 100644
--- a/shadowsocks-rust/Makefile
+++ b/shadowsocks-rust/Makefile
@@ -6,7 +6,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=shadowsocks-rust
-PKG_VERSION:=1.21.2
+PKG_VERSION:=1.22.0
PKG_RELEASE:=1
PKG_SOURCE_HEADER:=shadowsocks-v$(PKG_VERSION)
@@ -21,23 +21,23 @@ endif
ifeq ($(ARCH),aarch64)
PKG_SOURCE:=$(PKG_SOURCE_HEADER).aarch64-$(PKG_SOURCE_BODY).$(PKG_SOURCE_FOOTER)
- PKG_HASH:=19e11f39a1b1cd6f843d2d1b5e7759d557448bc82017ff87b9cfaeeff9814f8f
+ PKG_HASH:=4c20c76ff80e7671428068a1628b6269785fc0d22a127883ed82e2c79e6c332e
else ifeq ($(ARCH),arm)
# Referred to golang/golang-values.mk
ARM_CPU_FEATURES:=$(word 2,$(subst +,$(space),$(call qstrip,$(CONFIG_CPU_TYPE))))
ifeq ($(ARM_CPU_FEATURES),)
PKG_SOURCE:=$(PKG_SOURCE_HEADER).arm-$(PKG_SOURCE_BODY)eabi.$(PKG_SOURCE_FOOTER)
- PKG_HASH:=2873f227ad710cb206df1671d483f49207b7b0c1f234fe12bc470dde1930b555
+ PKG_HASH:=6724fcb42326b003e542fc2df6594dbd28259dc3df7644033844d6d7cba98b61
else
PKG_SOURCE:=$(PKG_SOURCE_HEADER).arm-$(PKG_SOURCE_BODY)eabihf.$(PKG_SOURCE_FOOTER)
- PKG_HASH:=fc775890cfe614dad7a7dcb4185b30088d4ea327235513ad59ca799e410d0327
+ PKG_HASH:=3af6c4e3e28b92957b869a6851296f882f906f30285cf9247ad59f163ce9d808
endif
else ifeq ($(ARCH),i386)
PKG_SOURCE:=$(PKG_SOURCE_HEADER).i686-$(PKG_SOURCE_BODY).$(PKG_SOURCE_FOOTER)
- PKG_HASH:=5f8e8ca7923f44087a14e2146be7264a11f000a3822a32feb163236d9ea1e9ef
+ PKG_HASH:=01419d65ea1dcc41c103bc83601eda7dd7ce311f50097c826aa3262c539c3af3
else ifeq ($(ARCH),x86_64)
PKG_SOURCE:=$(PKG_SOURCE_HEADER).x86_64-$(PKG_SOURCE_BODY).$(PKG_SOURCE_FOOTER)
- PKG_HASH:=53e6cc209ab9f925e5a59c9f43d75b8179551fc9e608846d7649b5e3aff22c16
+ PKG_HASH:=5e3f4a7c78ffeb612620c5cfd4a99a25d1eabffbe9e00ce5a92ee72e99d1310b
else ifeq ($(ARCH),mips)
PKG_SOURCE:=$(PKG_SOURCE_HEADER).mips-$(PKG_SOURCE_BODY).$(PKG_SOURCE_FOOTER)
PKG_HASH:=fa826d72de0c7713fe77570b56931f38e0bb575a370fd8de4e98b2bc29179e97