OpenWrt/kiddin9-packages
1
0
Fork 0
mirror of https://github.com/kiddin9/openwrt-packages.git synced 2025-01-09 06:07:44 +08:00
Code Issues Packages Projects Releases Wiki Activity

🌈 Sync 2024-08-17 12:23:57

Browse Source
This commit is contained in:
github-actions[bot] 2024-08-17 12:23:57 +08:00
parent 8a8d0f607d
commit 50a6457726
14 changed files with 110 additions and 326 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
luci-app-3ginfo-lite/root/usr/share/3ginfo-lite/3ginfo.sh
View File

@ -393,7 +393,7 @@ esac
# MODE
if [ -z "$MODE_NUM" ] || [ "x$MODE_NUM" == "x0" ]; then
MODE_NUM=$(echo "$O" | awk -F[,] '/^\+COPS/ {print $4;exit}')
MODE_NUM=$(echo "$O" | awk -F[,] '/^\+COPS/ {print $4;exit}' | xargs)
fi
case "$MODE_NUM" in
2*) MODE="UMTS";;

48
luci-app-mihomo/htdocs/luci-static/resources/tools/mihomo.js
View File

@ -1,5 +1,6 @@
'use strict';
'require baseclass';
'require uci';
'require fs';
'require rpc';
@ -47,10 +48,6 @@ return baseclass.extend({
return L.resolveDefault(fs.list(this.profilesDir), []);
},
loadProfile: function () {
return L.resolveDefault(fs.exec_direct('/usr/libexec/mihomo-call', ['load', 'profile'], 'json'), {});
},
status: async function () {
try {
return (await this.callServiceList('mihomo'))['mihomo']['instances']['mihomo']['running'];
@ -75,28 +72,35 @@ return baseclass.extend({
return L.resolveDefault(fs.exec_direct('/usr/libexec/mihomo-call', ['version', 'core']));
},
openDashboard: async function (type) {
callMihomoAPI: async function (method, path, body) {
const running = await this.status();
if (running) {
const profile = await this.loadProfile();
const apiListen = profile['external-controller'];
if (apiListen) {
const apiPort = apiListen.split(':')[1];
const apiSecret = profile['secret'] || '';
let url;
if (type === 'razord') {
url = `http://${window.location.hostname}:${apiPort}/ui/razord/#/?host=${window.location.hostname}&port=${apiPort}&secret=${apiSecret}`;
} else if (type === 'yacd') {
url = `http://${window.location.hostname}:${apiPort}/ui/yacd/?hostname=${window.location.hostname}&port=${apiPort}&secret=${apiSecret}`;
} else if (type === 'metacubexd') {
url = `http://${window.location.hostname}:${apiPort}/ui/metacubexd/#/setup?hostname=${window.location.hostname}&port=${apiPort}&secret=${apiSecret}`;
} else {
return;
}
window.open(url, '_blank');
const apiPort = uci.get('mihomo', 'mixin', 'api_port');
const apiSecret = uci.get('mihomo', 'mixin', 'api_secret');
const url = `http://${window.location.hostname}:${apiPort}${path}`;
await fetch(url, {
method: method,
headers: { 'Authorization': `Bearer ${apiSecret}` },
body: body
})
} else {
alert(_('Service is not running.'));
}
},
openDashboard: async function () {
const running = await this.status();
if (running) {
const uiName = uci.get('mihomo', 'mixin', 'ui_name');
const apiPort = uci.get('mihomo', 'mixin', 'api_port');
const apiSecret = uci.get('mihomo', 'mixin', 'api_secret');
let url;
if (uiName) {
url = `http://${window.location.hostname}:${apiPort}/ui/${uiName}/#/setup?hostname=${window.location.hostname}&port=${apiPort}&secret=${apiSecret}`;
} else {
alert(_('External Control is not configured.'));
url = `http://${window.location.hostname}:${apiPort}/ui/#/setup?hostname=${window.location.hostname}&port=${apiPort}&secret=${apiSecret}`;
}
window.open(url, '_blank');
} else {
alert(_('Service is not running.'));
}

29
luci-app-mihomo/htdocs/luci-static/resources/view/mihomo/config.js
View File

@ -127,26 +127,18 @@ return view.extend({
return mihomo.restart();
};
o = s.option(form.Button, 'razord', '-');
o.inputtitle = _('Open Razord');
o = s.option(form.Button, 'update_dashboard', '-');
o.inputstyle = 'positive';
o.inputtitle = _('Update Dashboard');
o.onclick = function () {
mihomo.openDashboard(this.option);
return mihomo.callMihomoAPI('POST', '/upgrade/ui');
};
o.depends('mihomo.mixin.ui_razord', '1');
o = s.option(form.Button, 'yacd', '-');
o.inputtitle = _('Open YACD');
o = s.option(form.Button, 'open_dashboard', '-');
o.inputtitle = _('Open Dashboard');
o.onclick = function () {
mihomo.openDashboard(this.option);
return mihomo.openDashboard();
};
o.depends('mihomo.mixin.ui_yacd', '1');
o = s.option(form.Button, 'metacubexd', '-');
o.inputtitle = _('Open MetaCubeXD');
o.onclick = function () {
mihomo.openDashboard(this.option);
};
o.depends('mihomo.mixin.ui_metacubexd', '1');
s = m.section(form.NamedSection, 'config', 'config', _('Basic Config'));
@ -396,13 +388,10 @@ return view.extend({
s.tab('external_control', _('External Control Config'));
o = s.taboption('external_control', form.Flag, 'ui_razord', _('Use Razord'));
o = s.taboption('external_control', form.Value, 'ui_name', _('UI Name'));
o.rmempty = false;
o = s.taboption('external_control', form.Flag, 'ui_yacd', _('Use YACD'));
o.rmempty = false;
o = s.taboption('external_control', form.Flag, 'ui_metacubexd', _('Use MetaCubeXD'));
o = s.taboption('external_control', form.Value, 'ui_url', _('UI Url'));
o.rmempty = false;
o = s.taboption('external_control', form.Value, 'api_port', _('API Port'));

3
luci-app-mihomo/htdocs/luci-static/resources/view/mihomo/editor.js
View File

@ -8,11 +8,12 @@
return view.extend({
load: function () {
return Promise.all([
uci.load('mihomo'),
mihomo.listProfiles(),
]);
},
render: function (data) {
const profiles = data[0];
const profiles = data[1];
let m, s, o;

6
luci-app-mihomo/htdocs/luci-static/resources/view/mihomo/log.js
View File

@ -1,6 +1,7 @@
'use strict';
'require form';
'require view';
'require uci';
'require fs';
'require poll';
'require tools.mihomo as mihomo'
@ -8,13 +9,14 @@
return view.extend({
load: function () {
return Promise.all([
uci.load('mihomo'),
mihomo.getAppLog(),
mihomo.getCoreLog()
]);
},
render: function (data) {
const appLog = data[0];
const coreLog = data[1];
const appLog = data[1];
const coreLog = data[2];
let m, s, o;

39
luci-app-mihomo/po/zh_Hans/mihomo.po
View File

@ -4,12 +4,12 @@ msgstr "Mihomo"
msgid "Mihomo is a rule based proxy in Go."
msgstr "Mihomo 是一个Go语言编写的基于规则的代理工具。"
msgid "Usage"
msgstr "使用说明"
msgid "Config"
msgstr "配置"
msgid "Basic Config"
msgstr "基础配置"
msgid "Status"
msgstr "状态"
@ -34,8 +34,14 @@ msgstr "重新加载"
msgid "Restart"
msgstr "重启"
msgid "Usage"
msgstr "使用说明"
msgid "Update Dashboard"
msgstr "更新面板"
msgid "Open Dashboard"
msgstr "打开面板"
msgid "Basic Config"
msgstr "基础配置"
msgid "Enable"
msgstr "启用"
@ -220,30 +226,15 @@ msgstr "日志级别"
msgid "External Control Config"
msgstr "外部控制配置"
msgid "Use Razord"
msgstr "使用 Razord 面板"
msgid "UI Name"
msgstr "UI 名称"
msgid "Open Razord"
msgstr "打开 Razord 面板"
msgid "Use YACD"
msgstr "使用 YACD 面板"
msgid "Open YACD"
msgstr "打开 YACD 面板"
msgid "Use MetaCubeXD"
msgstr "使用 MetaCubeXD 面板"
msgid "Open MetaCubeXD"
msgstr "打开 MetaCubeXD 面板"
msgid "UI Url"
msgstr "UI 下载地址"
msgid "Service is not running."
msgstr "服务未在运行。"
msgid "External Control is not configured."
msgstr "未配置外部控制。"
msgid "API Port"
msgstr "API 端口"

5
mihomo/Makefile
View File

@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=mihomo
PKG_VERSION:=1.18.7
PKG_RELEASE:=31
PKG_RELEASE:=32
PKG_BUILD_TIME=$(shell date -u -Iseconds)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
@ -25,7 +25,7 @@ define Package/mihomo
CATEGORY:=Network
TITLE:=A rule based proxy in Go.
URL:=https://wiki.metacubex.one
DEPENDS:=$(GO_ARCH_DEPENDS) +ca-bundle +curl +inotifywait +yq firewall4 +kmod-nft-tproxy +ip-full +kmod-tun
DEPENDS:=$(GO_ARCH_DEPENDS) +ca-bundle +curl +yq firewall4 +kmod-nft-tproxy +ip-full +kmod-tun
USERID:=mihomo=7890:mihomo=7890
endef
@ -52,7 +52,6 @@ define Package/mihomo/install
$(INSTALL_DATA) $(CURDIR)/files/mixin.yaml $(1)/etc/mihomo/mixin.yaml
$(INSTALL_BIN) $(CURDIR)/files/scripts/constants.sh $(1)/etc/mihomo/scripts/constants.sh
$(INSTALL_BIN) $(CURDIR)/files/scripts/upnp_watcher.sh $(1)/etc/mihomo/scripts/upnp_watcher.sh
$(INSTALL_BIN) $(CURDIR)/files/scripts/tun.sh $(1)/etc/mihomo/scripts/tun.sh
$(INSTALL_BIN) $(CURDIR)/files/nftables/hijack.nft $(1)/etc/mihomo/nftables/hijack.nft

8
mihomo/files/mihomo.conf
View File

@ -49,12 +49,8 @@ config mixin 'mixin'
option 'tcp_concurrent' '1'
option 'tcp_keep_alive_interval' '600'
option 'log_level' 'info'
option 'ui_razord' '0'
option 'ui_razord_url' 'https://mirror.ghproxy.com/https://github.com/MetaCubeX/Razord-meta/archive/refs/heads/gh-pages.tar.gz'
option 'ui_yacd' '0'
option 'ui_yacd_url' 'https://mirror.ghproxy.com/https://github.com/MetaCubeX/Yacd-meta/archive/refs/heads/gh-pages.tar.gz'
option 'ui_metacubexd' '1'
option 'ui_metacubexd_url' 'https://mirror.ghproxy.com/https://github.com/MetaCubeX/metacubexd/archive/refs/heads/gh-pages.tar.gz'
option 'ui_name' 'metacubexd'
option 'ui_url' 'https://mirror.ghproxy.com/https://github.com/MetaCubeX/metacubexd/archive/refs/heads/gh-pages.zip'
option 'api_port' '9090'
option 'api_secret' ''
option 'selection_cache' '1'

194
mihomo/files/mihomo.init
View File

@ -55,13 +55,9 @@ start_service() {
config_get tcp_keep_alive_interval "mixin" "tcp_keep_alive_interval" 600
config_get log_level "mixin" "log_level"
### external control
local ui_razord ui_razord_url ui_yacd ui_yacd_url ui_metacubexd ui_metacubexd_url api_port api_secret selection_cache
config_get_bool ui_razord "mixin" "ui_razord" 0
config_get ui_razord_url "mixin" "ui_razord_url"
config_get_bool ui_yacd "mixin" "ui_yacd" 0
config_get ui_yacd_url "mixin" "ui_yacd_url"
config_get_bool ui_metacubexd "mixin" "ui_metacubexd" 0
config_get ui_metacubexd_url "mixin" "ui_metacubexd_url"
local ui_name ui_url api_port api_secret selection_cache
config_get ui_name "mixin" "ui_name"
config_get ui_url "mixin" "ui_url"
config_get api_port "mixin" "api_port" "9090"
config_get api_secret "mixin" "api_secret" "666666"
config_get_bool selection_cache "mixin" "selection_cache" 0
@ -162,23 +158,18 @@ start_service() {
curl -s -o "$RUN_PROFILE_PATH" -L -H "User-Agent: mihomo clash.meta clash" "$url"
log "Use Url: $url"
fi
# download ui
log "Download UI."
download_ui "$ui_razord" "$ui_razord_url" "$RUN_UI_DIR" "Razord-meta-gh-pages" "razord"
download_ui "$ui_yacd" "$ui_yacd_url" "$RUN_UI_DIR" "Yacd-meta-gh-pages" "yacd"
download_ui "$ui_metacubexd" "$ui_metacubexd_url" "$RUN_UI_DIR" "metacubexd-gh-pages" "metacubexd"
# mixin
if [ "$mixin" == 0 ]; then
log "Mixin is disabled, only mixin neccesary config."
# do mixin
log_level="$log_level" ipv6_proxy="$ipv6_proxy" \
ui_path="ui" api_listen="0.0.0.0:$api_port" api_secret="$api_secret" \
ui_path="ui" ui_name="$ui_name" ui_url="$ui_url" api_listen="0.0.0.0:$api_port" api_secret="$api_secret" \
http_port="$http_port" socks_port="$socks_port" mixed_port="$mixed_port" redir_port="$redir_port" tproxy_port="$tproxy_port" \
tun_stack="$tun_stack" tun_device="$TUN_DEVICE" tun_mtu="$tun_mtu" tun_gso="$tun_gso" tun_gso_max_size="$tun_gso_max_size" tun_endpoint_independent_nat="$tun_endpoint_independent_nat" \
dns_enable="true" dns_listen="0.0.0.0:$dns_port" \
yq -M -i '
.log-level = env(log_level) | .ipv6 = env(ipv6_proxy) == 1 |
.external-ui = env(ui_path) | .external-controller = env(api_listen) | .secret = env(api_secret) |
.external-ui = env(ui_path) | .external-ui-name = env(ui_name) | .external-ui-url = env(ui_url) | .external-controller = env(api_listen) | .secret = env(api_secret) |
.port = env(http_port) | .socks-port = env(socks_port) | .mixed-port = env(mixed_port) | .redir-port = env(redir_port) | .tproxy-port = env(tproxy_port) |
.tun.stack = env(tun_stack) | .tun.device = env(tun_device) | .tun.mtu = env(tun_mtu) | .tun.gso = env(tun_gso) == 1 | .tun.gso-max-size = env(tun_gso_max_size) | .tun.endpoint-independent-nat = env(tun_endpoint_independent_nat) == 1 |
.dns.enable = env(dns_enable) | .dns.listen = env(dns_listen)
@ -187,7 +178,7 @@ start_service() {
log "Mixin is enabled, mixin all config."
# do mixin
mode="$mode" match_process="$match_process" unify_delay="$unify_delay" tcp_concurrent="$tcp_concurrent" tcp_keep_alive_interval="$tcp_keep_alive_interval" log_level="$log_level" ipv6_proxy="$ipv6_proxy" \
ui_path="ui" api_listen="0.0.0.0:$api_port" api_secret="$api_secret" selection_cache="$selection_cache" \
ui_path="ui" ui_name="$ui_name" ui_url="$ui_url" api_listen="0.0.0.0:$api_port" api_secret="$api_secret" selection_cache="$selection_cache" \
allow_lan="$allow_lan" http_port="$http_port" socks_port="$socks_port" mixed_port="$mixed_port" redir_port="$redir_port" tproxy_port="$tproxy_port" \
tun_stack="$tun_stack" tun_device="$TUN_DEVICE" tun_mtu="$tun_mtu" tun_gso="$tun_gso" tun_gso_max_size="$tun_gso_max_size" tun_endpoint_independent_nat="$tun_endpoint_independent_nat" \
dns_enable="true" dns_listen="0.0.0.0:$dns_port" dns_mode="$dns_mode" fake_ip_range="$fake_ip_range" fake_ip_cache="$fake_ip_cache" \
@ -197,7 +188,7 @@ start_service() {
geox_auto_update="$geox_auto_update" geox_update_interval="$geox_update_interval" \
yq -M -i '
.mode = env(mode) | .find-process-mode = env(match_process) | .unified-delay = env(unify_delay) == 1 | .tcp-concurrent = env(tcp_concurrent) == 1 | .keep-alive-interval = env(tcp_keep_alive_interval) | .log-level = env(log_level) | .ipv6 = env(ipv6_proxy) == 1 |
.external-ui = env(ui_path) | .external-controller = env(api_listen) | .secret = env(api_secret) | .profile.store-selected = env(selection_cache) == 1 |
.external-ui = env(ui_path) | .external-ui-name = env(ui_name) | .external-ui-url = env(ui_url) | .external-controller = env(api_listen) | .secret = env(api_secret) | .profile.store-selected = env(selection_cache) == 1 |
.allow-lan = env(allow_lan) == 1 | .port = env(http_port) | .socks-port = env(socks_port) | .mixed-port = env(mixed_port) | .redir-port = env(redir_port) | .tproxy-port = env(tproxy_port) |
.tun.stack = env(tun_stack) | .tun.device = env(tun_device) | .tun.mtu = env(tun_mtu) | .tun.gso = env(tun_gso) == 1 | .tun.gso-max-size = env(tun_gso_max_size) | .tun.endpoint-independent-nat = env(tun_endpoint_independent_nat) == 1 |
.dns.enable = env(dns_enable) | .dns.listen = env(dns_listen) | .dns.enhanced-mode = env(dns_mode) | .dns.fake-ip-range = env(fake_ip_range) | .profile.store-fake-ip = env(fake_ip_cache) == 1 |
@ -357,10 +348,6 @@ start_service() {
# exclusion
log "Transparent Proxy: Add exclusions."
add_wan_inbound_exclusions
add_firewall_exclusions
add_upnp_exclusions
# reload config
config_load mihomo
# router proxy
if [ "$router_proxy" == 1 ]; then
log "Transparent Proxy: Router Proxy is enabled, set proxy for router."
@ -403,7 +390,7 @@ reload_service() {
}
service_triggers() {
procd_add_reload_trigger "mihomo" "firewall" "upnpd"
procd_add_reload_trigger "mihomo"
config_load mihomo
config_list_foreach "proxy" "wan_interfaces" add_reload_interface_trigger
@ -444,29 +431,6 @@ clear_all_log() {
echo -n > "$RUN_CORE_LOG_PATH"
}
download_ui() {
local enabled="$1"
local url="$2"
local file_dir="$3"
local src_dir_name="$4"
local dest_dir_name="$5"
local file_path="$file_dir/$src_dir_name.tar.gz"
local src_dir="$file_dir/$src_dir_name"
local dest_dir="$file_dir/$dest_dir_name"
if [ "$enabled" == 1 ]; then
if [ ! -d "$dest_dir" ]; then
curl -s -L -o "$file_path" "$url"
tar -x -z -f "$file_path" -C "$file_dir"
rm -f "$file_path"
mv "$src_dir" "$dest_dir"
fi
else
if [ -d "$dest_dir" ]; then
rm -rf "$dest_dir"
fi
fi
}
mixin_authentications() {
local section="$1"
@ -595,7 +559,6 @@ add_acl_mac() {
}
add_wan_inbound_exclusions() {
config_load mihomo
config_list_foreach "proxy" "wan_interfaces" add_wan_inbound_exclusion
config_list_foreach "proxy" "wan6_interfaces" add_wan6_inbound_exclusion
}
@ -609,138 +572,17 @@ add_wan_inbound_exclusion() {
}
add_wan6_inbound_exclusion() {
local wan6_prefix
network_get_prefixes6 wan6_prefix $1
local wan6_ip wan6_subnet wan6_prefix
network_get_ipaddr6 wan6_ip $1
if [ -n "$wan6_ip" ]; then
nft add element inet $FW_TABLE wan_ip6 \{ "$wan6_ip" \}
fi
network_get_subnet6 wan6_subnet $1
if [ -n "$wan6_subnet" ]; then
nft add element inet $FW_TABLE wan_ip6 \{ "$wan6_subnet" \}
fi
network_get_prefix6 wan6_prefix $1
if [ -n "$wan6_prefix" ]; then
nft add element inet $FW_TABLE wan_ip6 \{ "$wan6_prefix" \}
fi
}
add_firewall_exclusions() {
config_load firewall
config_foreach add_firewall_rule_exclusion "rule"
config_foreach add_firewall_redirect_exclusion "redirect"
}
add_firewall_rule_exclusion() {
local section="$1"
local enabled name family proto src dest dest_ip dest_port
config_get_bool enabled "$section" "enabled" 1
config_get name "$section" "name"
config_get family "$section" "family"
config_get proto "$section" "proto"
config_get src "$section" "src"
config_get dest "$section" "dest"
config_get dest_ip "$section" "dest_ip"
config_get dest_port "$section" "dest_port"
if [[ "$enabled" == 0 || -z "$src" || -z "$dest_port" ]]; then
return
fi
local ipv4=0
local ipv6=0
if [ "$family" == "ipv4" ]; then
ipv4=1
elif [ "$family" == "ipv6" ]; then
ipv6=1
else [ -z "$family" ]
ipv4=1
ipv6=1
family="ipv4 ipv6"
fi
if [[ -z "$proto" || "$proto" == "all" ]]; then
proto="tcp udp"
fi
if [ -z "$dest" ]; then
local f p s
for f in $family; do
for p in $proto; do
for s in $dest_port; do
nft add element inet $FW_TABLE router_exclusion \{ "$f" . "$p" . "$s" \}
done
done
done
else
# TODO: Check IP Version
local p i s
if [ "$ipv4" == 1 ]; then
for p in $proto; do
for i in $dest_ip; do
for s in $dest_port; do
nft add element inet $FW_TABLE redirect_exclusion \{ "$p" . "$i" . "$s" \} > /dev/null 2>&1
done
done
done
fi
if [ "$ipv6" == 1 ]; then
for p in $proto; do
for i in $dest_ip; do
for s in $dest_port; do
nft add element inet $FW_TABLE redirect_exclusion6 \{ "$p" . "$i" . "$s" \} > /dev/null 2>&1
done
done
done
fi
fi
}
add_firewall_redirect_exclusion() {
local section="$1"
local enabled name proto src_dport dest dest_ip dest_port
config_get_bool enabled "$section" "enabled" 1
config_get name "$section" "name"
config_get proto "$section" "proto"
config_get src_dport "$section" "src_dport"
config_get dest "$section" "dest"
config_get dest_ip "$section" "dest_ip"
config_get dest_port "$section" "dest_port"
if [ "$enabled" == 0 ]; then
return
fi
local tcp=0
local udp=0
if [[ -z "$proto" || "$proto" == "all" ]]; then
tcp=1
udp=1
else
for p in $proto; do
[ "$p" == "tcp" ] && tcp=1
[ "$p" == "udp" ] && udp=1
done
fi
if [ -z "$dest_port" ]; then
dest_port="$src_dport"
fi
if [[ -z "$dest" || -z "$dest_ip" ]]; then
if [ "$tcp" == 1 ]; then
nft add element inet $FW_TABLE router_exclusion \{ ipv4 . tcp . "$dest_port" \}
fi
if [ "$udp" == 1 ]; then
nft add element inet $FW_TABLE router_exclusion \{ ipv4 . udp . "$dest_port" \}
fi
else
if [ "$tcp" == 1 ]; then
nft add element inet $FW_TABLE redirect_exclusion \{ tcp . "$dest_ip" . "$dest_port" \}
fi
if [ "$udp" == 1 ]; then
nft add element inet $FW_TABLE redirect_exclusion \{ udp . "$dest_ip" . "$dest_port" \}
fi
fi
}
add_upnp_exclusions() {
procd_open_instance upnp_watcher
procd_set_param command /bin/sh -c "$UPNP_WATCHER_SH"
procd_set_param data timestamp=$(date +%s)
procd_set_param respawn 3600 5 0
procd_close_instance
}

32
mihomo/files/nftables/hijack.nft
View File

@ -100,30 +100,6 @@ table inet mihomo {
auto-merge
}
set redirect_exclusion {
type inet_proto . ipv4_addr . inet_service
flags interval
auto-merge
}
set redirect_exclusion6 {
type inet_proto . ipv6_addr . inet_service
flags interval
auto-merge
}
set upnp_exclusion {
type inet_proto . ipv4_addr . inet_service
flags interval, timeout
auto-merge
}
set router_exclusion {
type nf_proto . inet_proto . inet_service
flags interval
auto-merge
}
chain router_dns_hijack {
meta nfproto @dns_hijack_nfproto meta l4proto { tcp, udp } th dport 53 oifname lo meta skuid != $MIHOMO_USER counter redirect to :$DNS_PORT
}
@ -199,14 +175,13 @@ table inet mihomo {
ip6 daddr @reserved_ip6 counter return
ip daddr @wan_ip counter return
ip6 daddr @wan_ip6 counter return
ct reply ip saddr @wan_ip counter return
ct reply ip6 saddr @wan_ip6 counter return
ip daddr @china_ip counter return
ip6 daddr @china_ip6 counter return
meta l4proto . th dport != @acl_dport ip daddr != @fake_ip counter return
meta nfproto ipv6 meta l4proto . th dport != @acl_dport counter return
meta l4proto { tcp, udp } th dport 53 counter return
meta l4proto . ip saddr . th sport @redirect_exclusion counter return
meta l4proto . ip6 saddr . th sport @redirect_exclusion6 counter return
meta l4proto . ip saddr . th sport @upnp_exclusion counter return
}
chain mangle_output {
@ -216,11 +191,12 @@ table inet mihomo {
ip6 daddr @reserved_ip6 counter return
ip daddr @wan_ip counter return
ip6 daddr @wan_ip6 counter return
ct reply ip saddr @wan_ip counter return
ct reply ip6 saddr @wan_ip6 counter return
ip daddr @china_ip counter return
ip6 daddr @china_ip6 counter return
meta l4proto . th dport != @acl_dport ip daddr != @fake_ip counter return
meta nfproto ipv6 meta l4proto . th dport != @acl_dport counter return
meta l4proto { tcp, udp } th dport 53 counter return
meta nfproto . meta l4proto . th sport @router_exclusion counter return
}
}

1
mihomo/files/scripts/constants.sh
View File

@ -23,7 +23,6 @@ RUN_UI_DIR="$RUN_DIR/ui"
# scripts
SH_DIR="$HOME_DIR/scripts"
UPNP_WATCHER_SH="$SH_DIR/upnp_watcher.sh"
TUN_SH="$SH_DIR/tun.sh"
# nftables

40
mihomo/files/scripts/upnp_watcher.sh
View File

@ -1,40 +0,0 @@
#!/bin/sh
. $IPKG_INSTROOT/lib/functions.sh
. $IPKG_INSTROOT/etc/mihomo/scripts/constants.sh
load_config() {
config_load upnpd
config_get enabled "config" "enabled" 0
config_get upnp_lease_file "config" "upnp_lease_file" "/var/run/miniupnpd.leases"
}
add_upnp_exclusion() {
local timestamp; timestamp=$(date +%s)
local lease_expire_at lease_proto lease_src_ip lease_src_port
while read -r line; do
lease_expire_at=$(echo "$line" | awk -F ':' '{print $5}')
local timeout; timeout=$(( lease_expire_at - timestamp ))
if [ "$timeout" -le 0 ]; then
continue
fi
lease_proto=$(echo "$line" | awk -F ':' '{print tolower($1)}')
lease_src_ip=$(echo "$line" | awk -F ':' '{print $3}')
lease_src_port=$(echo "$line" | awk -F ':' '{print $4}')
nft add element inet $FW_TABLE upnp_exclusion \{ "$lease_proto" . "$lease_src_ip" . "$lease_src_port" timeout "${timeout}s" \}
done < "$upnp_lease_file"
}
load_config
if [ "$enabled" == 0 ]; then
return
fi
add_upnp_exclusion
while true; do
if (inotifywait -t 300 -e create,modify --include "$(basename "$upnp_lease_file")" "$(dirname "$upnp_lease_file")"); then
add_upnp_exclusion
fi
done

25
mihomo/files/uci-defaults/migrate.sh
View File

@ -108,6 +108,31 @@ lan_proxy=$(uci -q get mihomo.proxy.lan_proxy); [ -z "$lan_proxy" ] && {
fi
}
# add mihomo.mixin.ui_name
ui_name=$(uci -q get mihomo.mixin.ui_name); [ -z "$ui_name" ] && uci set mihomo.mixin.ui_name="metacubexd"
# add mihomo.mixin.ui_url
ui_url=$(uci -q get mihomo.mixin.ui_url); [ -z "$ui_url" ] && uci set mihomo.mixin.ui_url="https://mirror.ghproxy.com/https://github.com/MetaCubeX/metacubexd/archive/refs/heads/gh-pages.zip"
# delete mihomo.mixin.ui_razord
ui_razord=$(uci -q get mihomo.mixin.ui_razord); [ -n "$ui_razord" ] && uci delete mihomo.mixin.ui_razord
# delete mihomo.mixin.ui_razord_url
ui_razord_url=$(uci -q get mihomo.mixin.ui_razord_url); [ -n "$ui_razord_url" ] && uci delete mihomo.mixin.ui_razord_url
# delete mihomo.mixin.ui_yacd
ui_yacd=$(uci -q get mihomo.mixin.ui_yacd); [ -n "$ui_yacd" ] && uci delete mihomo.mixin.ui_yacd
# delete mihomo.mixin.ui_yacd_url
ui_yacd_url=$(uci -q get mihomo.mixin.ui_yacd_url); [ -n "$ui_yacd_url" ] && uci delete mihomo.mixin.ui_yacd_url
# delete mihomo.mixin.ui_metacubexd
ui_metacubexd=$(uci -q get mihomo.mixin.ui_metacubexd); [ -n "$ui_metacubexd" ] && uci delete mihomo.mixin.ui_metacubexd
# delete mihomo.mixin.ui_metacubexd_url
ui_metacubexd_url=$(uci -q get mihomo.mixin.ui_metacubexd_url); [ -n "$ui_metacubexd_url" ] && uci delete mihomo.mixin.ui_metacubexd_url
# commit
uci commit mihomo

4
ppp/Makefile
View File

@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=ppp
PKG_RELEASE:=59
PKG_RELEASE:=60
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/paulusmack/ppp
PKG_SOURCE_DATE:=2021-01-04
PKG_SOURCE_VERSION:=04e6b8dde02a25d765cca3ff5e7ba03887346c6f
PKG_SOURCE_VERSION:=fa612cba719c2c44ebb196a14aaaf6f4497fce03
PKG_MIRROR_HASH:=skip
PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
PKG_LICENSE:=BSD-4-Clause