🌈 Sync 2023-03-26 23:35

2025-04-04 23:53:33 +08:00 · 2023-03-26 23:35:26 +08:00 · 2023-03-26 23:35:26 +08:00 · 818ad33607
commit 818ad33607
parent e72b6beeef
19 changed files with 820 additions and 388 deletions
--- a/luci-app-aliyundrive-webdav/Makefile
+++ b/luci-app-aliyundrive-webdav/Makefile
@ -0,0 +1,17 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=luci-app-aliyundrive-webdav
+PKG_VERSION:=2.1.0
+PKG_RELEASE:=1
+PKG_PO_VERSION:=$(PKG_VERSION)-$(PKG_RELEASE)
+
+PKG_LICENSE:=MIT
+PKG_MAINTAINER:=messense <messense@icloud.com>
+
+LUCI_TITLE:=LuCI Support for aliyundrive-webdav
+LUCI_PKGARCH:=all
+LUCI_DEPENDS:=+aliyundrive-webdav
+
+include $(TOPDIR)/feeds/luci/luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature
--- a/luci-app-aliyundrive-webdav/luasrc/controller/aliyundrive-webdav.lua
+++ b/luci-app-aliyundrive-webdav/luasrc/controller/aliyundrive-webdav.lua
@ -0,0 +1,66 @@
+module("luci.controller.aliyundrive-webdav", package.seeall)
+
+function index()
+	if not nixio.fs.access("/etc/config/aliyundrive-webdav") then
+		return
+	end
+
+	local page
+	page = entry({ "admin", "services", "aliyundrive-webdav" }, alias("admin", "services", "aliyundrive-webdav", "client"),
+		_("AliyunDrive WebDAV"), 10) -- 首页
+	page.dependent = true
+	page.acl_depends = { "luci-app-aliyundrive-webdav" }
+
+	entry({ "admin", "services", "aliyundrive-webdav", "client" }, cbi("aliyundrive-webdav/client"), _("Settings"), 10).leaf = true -- 客户端配置
+	entry({ "admin", "services", "aliyundrive-webdav", "log" }, form("aliyundrive-webdav/log"), _("Log"), 30).leaf = true -- 日志页面
+
+	entry({ "admin", "services", "aliyundrive-webdav", "status" }, call("action_status")).leaf = true -- 运行状态
+	entry({ "admin", "services", "aliyundrive-webdav", "logtail" }, call("action_logtail")).leaf = true -- 日志采集
+	entry({ "admin", "services", "aliyundrive-webdav", "qrcode" }, call("action_generate_qrcode")).leaf = true -- 生成扫码登录二维码地址和参数
+	entry({ "admin", "services", "aliyundrive-webdav", "query" }, call("action_query_qrcode")).leaf = true -- 查询扫码登录结果
+	entry({ "admin", "services", "aliyundrive-webdav", "invalidate-cache" }, call("action_invalidate_cache")).leaf = true -- 清除缓存
+end
+
+function action_status()
+	local e = {}
+	e.running = luci.sys.call("pidof aliyundrive-webdav >/dev/null") == 0
+	e.application = luci.sys.exec("aliyundrive-webdav --version")
+	luci.http.prepare_content("application/json")
+	luci.http.write_json(e)
+end
+
+function action_logtail()
+	local fs = require "nixio.fs"
+	local log_path = "/var/log/aliyundrive-webdav.log"
+	local e = {}
+	e.running = luci.sys.call("pidof aliyundrive-webdav >/dev/null") == 0
+	if fs.access(log_path) then
+		e.log = luci.sys.exec("tail -n 100 %s | sed 's/\\x1b\\[[0-9;]*m//g'" % log_path)
+	else
+		e.log = ""
+	end
+	luci.http.prepare_content("application/json")
+	luci.http.write_json(e)
+end
+
+function action_generate_qrcode()
+	local output = luci.sys.exec("aliyundrive-webdav qr generate")
+	luci.http.prepare_content("application/json")
+	luci.http.write(output)
+end
+
+function action_query_qrcode()
+	local data = luci.http.formvalue()
+	local sid = data.sid
+	local output = {}
+	output.refresh_token = luci.sys.exec("aliyundrive-webdav qr query --sid " .. sid)
+	luci.http.prepare_content("application/json")
+	luci.http.write_json(output)
+end
+
+function action_invalidate_cache()
+	local e = {}
+	e.ok = luci.sys.call("kill -HUP `pidof aliyundrive-webdav`") == 0
+	luci.http.prepare_content("application/json")
+	luci.http.write_json(e)
+end
--- a/luci-app-aliyundrive-webdav/luasrc/model/cbi/aliyundrive-webdav/client.lua
+++ b/luci-app-aliyundrive-webdav/luasrc/model/cbi/aliyundrive-webdav/client.lua
@ -0,0 +1,77 @@
+m = Map("aliyundrive-webdav")
+m.title = translate("AliyunDrive WebDAV")
+m.description = translate("<a href=\"https://github.com/messense/aliyundrive-webdav\" target=\"_blank\">Project GitHub URL</a>")
+
+m:section(SimpleSection).template = "aliyundrive-webdav/aliyundrive-webdav_status"
+
+e = m:section(TypedSection, "server")
+e.anonymous = true
+
+enable = e:option(Flag, "enable", translate("Enable"))
+enable.rmempty = false
+
+refresh_token = e:option(Value, "refresh_token", translate("Refresh Token"))
+refresh_token.description = translate("Double click the input box above to get refresh token by scanning qrcode")
+
+qrcode = e:option(DummyValue, '', '')
+qrcode.rawhtml = true
+qrcode.template = 'aliyundrive-webdav/aliyundrive-webdav_qrcode'
+
+root = e:option(Value, "root", translate("Root Directory"))
+root.description = translate("Restrict access to a folder of aliyundrive, defaults to / which means no restrictions")
+root.default = "/"
+
+host = e:option(Value, "host", translate("Host"))
+host.default = "0.0.0.0"
+host.datatype = "ipaddr"
+
+port = e:option(Value, "port", translate("Port"))
+port.default = "8080"
+port.datatype = "port"
+
+tls_cert = e:option(Value, "tls_cert", translate("TLS certificate file path"))
+tls_key = e:option(Value, "tls_key", translate("TLS private key file path"))
+
+auth_user = e:option(Value, "auth_user", translate("Username"))
+auth_password = e:option(Value, "auth_password", translate("Password"))
+auth_password.password = true
+
+read_buffer_size = e:option(Value, "read_buffer_size", translate("Read Buffer Size"))
+read_buffer_size.default = "10485760"
+read_buffer_size.datatype = "uinteger"
+
+prefer_http_download = e:option(Flag, "prefer_http_download", translate("Prefer HTTP Download"))
+prefer_http_download.description = translate("Prefer downloading files using HTTP instead of HTTPS protocol")
+prefer_http_download.rmempty = false
+
+redirect = e:option(Flag, "redirect", translate("Enable 302 Redirect"))
+redirect.description = translate("Enable 302 redirect when possible")
+redirect.rmempty = false
+
+upload_buffer_size = e:option(Value, "upload_buffer_size", translate("Upload Buffer Size"))
+upload_buffer_size.default = "16777216"
+upload_buffer_size.datatype = "uinteger"
+
+skip_upload_same_size = e:option(Flag, "skip_upload_same_size", translate("Skip uploading same size files"))
+skip_upload_same_size.description = translate("Reduce the upload traffic by skipping uploading files with the same size")
+skip_upload_same_size.rmempty = false
+
+cache_size = e:option(Value, "cache_size", translate("Cache Size"))
+cache_size.default = "1000"
+cache_size.datatype = "uinteger"
+
+cache_ttl = e:option(Value, "cache_ttl", translate("Cache Expiration Time (seconds)"))
+cache_ttl.default = "600"
+cache_ttl.datatype = "uinteger"
+
+no_trash = e:option(Flag, "no_trash", translate("Delete file permanently instead of trashing"))
+no_trash.rmempty = false
+
+read_only = e:option(Flag, "read_only", translate("Enable read only mode"))
+read_only.description = translate("Disallow upload, modify and delete file operations")
+read_only.rmempty = false
+
+debug = e:option(Flag, "debug", translate("Debug Mode"))
+debug.rmempty = false
+
+return m
--- a/luci-app-aliyundrive-webdav/luasrc/model/cbi/aliyundrive-webdav/log.lua
+++ b/luci-app-aliyundrive-webdav/luasrc/model/cbi/aliyundrive-webdav/log.lua
@ -0,0 +1,9 @@
+log = SimpleForm("logview")
+log.submit = false
+log.reset = false
+
+t = log:field(DummyValue, '', '')
+t.rawhtml = true
+t.template = 'aliyundrive-webdav/aliyundrive-webdav_log'
+
+return log
--- a/luci-app-aliyundrive-webdav/luasrc/view/aliyundrive-webdav/aliyundrive-webdav_log.htm
+++ b/luci-app-aliyundrive-webdav/luasrc/view/aliyundrive-webdav/aliyundrive-webdav_log.htm
@ -0,0 +1,15 @@
+<%+cbi/valueheader%>
+<textarea id="logview" class="cbi-input-textarea" style="width: 100%" rows="30" readonly="readonly"></textarea>
+
+<script type="text/javascript">
+	const LOG_URL = '<%=luci.dispatcher.build_url("admin", "services", "aliyundrive-webdav", "logtail")%>';
+	XHR.poll(1, LOG_URL, null, (x, d) => {
+		let logview = document.getElementById("logview");
+		if (!d.running) {
+			XHR.halt();
+		}
+		logview.value = d.log;
+		logview.scrollTop = logview.scrollHeight;
+	});
+</script>
+<%+cbi/valuefooter%>
--- a/luci-app-aliyundrive-webdav/luasrc/view/aliyundrive-webdav/aliyundrive-webdav_qrcode.htm
+++ b/luci-app-aliyundrive-webdav/luasrc/view/aliyundrive-webdav/aliyundrive-webdav_qrcode.htm
--- a/luci-app-aliyundrive-webdav/luasrc/view/aliyundrive-webdav/aliyundrive-webdav_status.htm
+++ b/luci-app-aliyundrive-webdav/luasrc/view/aliyundrive-webdav/aliyundrive-webdav_status.htm
@ -0,0 +1,36 @@
+<script type="text/javascript">//<![CDATA[
+XHR.poll(3, '<%=url([[admin]], [[services]], [[aliyundrive-webdav]], [[status]])%>', null,
+	function(x, data) {
+		var tb = document.getElementById('aliyundrive-webdav_status');
+		if (data && tb) {
+			if (data.running) {
+				tb.innerHTML = '<em><b style=color:green>' + data.application + '<%:RUNNING%></b></em>';
+			} else {
+				tb.innerHTML = '<em><b style=color:red>' + data.application + '<%:NOT RUNNING%></b></em>';
+			}
+		}
+	}
+);
+
+function invalidateCache(button) {
+	XHR.get('<%=url([[admin]], [[services]], [[aliyundrive-webdav]], [[invalidate-cache]])%>', null,
+		function(x, data) {
+			if (data.ok) {
+				alert("缓存已清除.");
+			} else {
+				alert("清除缓存失败!");
+			}
+		}
+	);
+}
+//]]>
+</script>
+<style>.mar-10 {margin-left: 50px; margin-right: 10px;}</style>
+<fieldset class="cbi-section">
+	<p id="aliyundrive-webdav_status" style="float: left; width: 60%; margin-top: 12px;">
+		<em><%:Collecting data...%></em>
+	</p>
+	<p class="right" style="float: right; width: 40%;">
+		<button class="cbi-button" onclick="event.stopPropagation(); invalidateCache(this);"><%:Invalidate cache%></button>
+	</p>
+</fieldset>
--- a/luci-app-aliyundrive-webdav/po/zh-cn/aliyundrive-webdav.po
+++ b/luci-app-aliyundrive-webdav/po/zh-cn/aliyundrive-webdav.po
@ -0,0 +1,104 @@
+msgid ""
+msgstr "Content-Type: text/plain; charset=UTF-8\n"
+
+msgid "AliyunDrive"
+msgstr "阿里云盘"
+
+msgid "AliyunDrive WebDAV"
+msgstr "阿里云盘 WebDAV"
+
+msgid "Enable"
+msgstr "启用"
+
+msgid "Refresh Token"
+msgstr "Refresh Token"
+
+msgid "Root Directory"
+msgstr "云盘根目录"
+
+msgid "Host"
+msgstr "监听主机"
+
+msgid "Port"
+msgstr "监听端口"
+
+msgid "TLS certificate file path"
+msgstr "TLS 证书文件路径"
+
+msgid "TLS private key file path"
+msgstr "TLS 私钥文件路径"
+
+msgid "Username"
+msgstr "用户名"
+
+msgid "Password"
+msgstr "密码"
+
+msgid "Read Buffer Size"
+msgstr "下载缓冲大小(bytes)"
+
+msgid "Upload Buffer Size"
+msgstr "上传缓冲大小(bytes)"
+
+msgid "Cache Size"
+msgstr "目录缓存大小"
+
+msgid "Cache Expiration Time (seconds)"
+msgstr "目录缓存过期时间（单位为秒）"
+
+msgid "Collecting data..."
+msgstr "获取数据中..."
+
+msgid "Invalidate cache"
+msgstr "清除缓存"
+
+msgid "RUNNING"
+msgstr "运行中"
+
+msgid "NOT RUNNING"
+msgstr "未运行"
+
+msgid "Settings"
+msgstr "设置"
+
+msgid "Log"
+msgstr "日志"
+
+msgid "Debug Mode"
+msgstr "调试模式"
+
+msgid "<a href=\"https://github.com/messense/aliyundrive-webdav\" target=\"_blank\">Project GitHub URL</a>"
+msgstr "<a href=\"https://github.com/messense/aliyundrive-webdav\" target=\"_blank\">GitHub 项目地址</a> | <a href=\"https://t.zsxq.com/0c9sq6Ca8\" target=\"_blank\">加入知识星球</a>"
+
+msgid "Double click the input box above to get refresh token by scanning qrcode"
+msgstr "鼠标双击上面的输入框扫码登录自动获取 refresh token"
+
+msgid "Restrict access to a folder of aliyundrive, defaults to / which means no restrictions"
+msgstr "限制只能访问该云盘目录，默认为 / 表示不限制，注意这个参数不是本地磁盘路径"
+
+msgid "Delete file permanently instead of trashing"
+msgstr "删除文件不放入回收站"
+
+msgid "Enable read only mode"
+msgstr "启用只读模式"
+
+msgid "Disallow upload, modify and delete file operations"
+msgstr "禁止上传、修改和删除文件操作"
+
+msgid "Skip uploading same size files"
+msgstr "跳过上传相同大小的文件"
+
+msgid "Reduce the upload traffic by skipping uploading files with the same size"
+msgstr "跳过上传相同大小的文件减少上传流量消耗，但可能会导致修改过的同样大小的文件不会被上传"
+
+msgid "Prefer HTTP Download"
+msgstr "使用 HTTP 下载"
+
+msgid "Prefer downloading files using HTTP instead of HTTPS protocol"
+msgstr "优先使用 HTTP 而不是 HTTPS 协议下载，低端设备上降低 CPU 占用"
+
+msgid "Enable 302 Redirect"
+msgstr "启用 302 重定向"
+
+msgid "Enable 302 redirect when possible"
+msgstr "在可能的情况下启用 302 重定向"
--- a/luci-app-aliyundrive-webdav/po/zh_Hans
+++ b/luci-app-aliyundrive-webdav/po/zh_Hans
@ -0,0 +1 @@
+zh-cn
--- a/luci-app-aliyundrive-webdav/root/etc/uci-defaults/luci-aliyundrive-webdav
+++ b/luci-app-aliyundrive-webdav/root/etc/uci-defaults/luci-aliyundrive-webdav
@ -0,0 +1,11 @@
+#!/bin/sh
+
+uci -q batch <<-EOF >/dev/null
+	delete ucitrack.@aliyundrive-webdav[-1]
+	add ucitrack aliyundrive-webdav
+	set ucitrack.@aliyundrive-webdav[-1].init=aliyundrive-webdav
+	commit ucitrack
+EOF
+
+rm -f /tmp/luci-indexcache
+exit 0
--- a/luci-app-aliyundrive-webdav/root/usr/share/rpcd/acl.d/luci-app-aliyundrive-webdav.json
+++ b/luci-app-aliyundrive-webdav/root/usr/share/rpcd/acl.d/luci-app-aliyundrive-webdav.json
@ -0,0 +1,11 @@
+{
+	"luci-app-aliyundrive-webdav": {
+		"description": "Grant UCI access for luci-app-aliyundrive-webdav",
+		"read": {
+			"uci": [ "aliyundrive-webdav" ]
+		},
+		"write": {
+			"uci": [ "aliyundrive-webdav" ]
+		}
+	}
+}
--- a/luci-app-passwall/Makefile
+++ b/luci-app-passwall/Makefile
@ -6,8 +6,8 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=luci-app-passwall
-PKG_VERSION:=4.60
-PKG_RELEASE:=5
+PKG_VERSION:=4.61
+PKG_RELEASE:=1

 PKG_CONFIG_DEPENDS:= \
 	CONFIG_PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy \
--- a/luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm
+++ b/luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm
@ -226,8 +226,10 @@ local has_xray = api.is_finded("xray")
 				info.path = opt.get("h2_path").value;
 			} else if (v_transport === "tcp") {
 				info.type = opt.get("tcp_guise").value;
-				info.host = opt.get("tcp_guise_http_host").value;
-				info.path = opt.get("tcp_guise_http_path").value;
+				if (info.type === "http") {
+					info.host = opt.get("tcp_guise_http_host").value;
+					info.path = opt.get("tcp_guise_http_path").value;
+				}
 			} else if (v_transport === "mkcp") {
 				v_transport = "kcp";
 				info.type = opt.get("mkcp_guise").value;
@ -265,6 +267,7 @@ local has_xray = api.is_finded("xray")
 				params += opt.query("host", "ws_host");
 				params += opt.query("path", "ws_path");
 			} else if (v_transport === "h2") {
+				v_transport = "http";
 				params += opt.query("host", "h2_host");
 				params += opt.query("path", "h2_path");
 			} else if (v_transport === "tcp") {
@ -282,6 +285,7 @@ local has_xray = api.is_finded("xray")
 				//不知道是用path还是serviceName，这里先这样吧
 				params += opt.query("path", "grpc_serviceName");
 				params += opt.query("serviceName", "grpc_serviceName");
+				params += opt.query("mode", "grpc_mode");
 			}
 			params += "&type=" + v_transport;

@ -289,15 +293,25 @@ local has_xray = api.is_finded("xray")

 			if (opt.get("tls").checked) {
 				var v_security = "tls";
-				params += "&security=" + v_security;
-				if (opt.get("tlsflow").value) {
+				if (opt.get("xray_fingerprint") && opt.get("xray_fingerprint").value != "") {
+					let v_fp = opt.get("xray_fingerprint").value;
+					params += "&fp=" + v_fp;
+				}
+				if(opt.get("reality") && opt.get("reality").checked) {
+					v_security = "reality";
+					if (opt.get("reality_fingerprint") && opt.get("reality_fingerprint").value != "") {
+						let v_fp = opt.get("reality_fingerprint").value;
+						params += "&fp=" + v_fp;
+					}
+					params += opt.query("pbk", "reality_publicKey");
+					params += opt.query("sid", "reality_shortId");
+					params += opt.query("spx", "reality_spiderX");
+				}
+				if (opt.get("tlsflow") && opt.get("tlsflow").value) {
 					let v_flow = opt.get("tlsflow").value;
 					params += "&flow=" + v_flow;
 				}
-				if (opt.get("xray_fingerprint").value && opt.get("xray_fingerprint").value != "") {
-					let v_fp = opt.get("xray_fingerprint").value
-					params += "&fp=" + v_fp;
-				}
+				params += "&security=" + v_security;
 				params += opt.query("sni", "tls_serverName");
 			}

@ -855,6 +869,7 @@ local has_xray = api.is_finded("xray")
 			if (queryParam.security) {
 				if (queryParam.security == "tls") {
 					opt.set('tls', true);
+					opt.set('reality', false)
 					opt.set('tlsflow', queryParam.flow || '');
 					opt.set('tls_serverName', queryParam.sni || '');
 					opt.set('tls_allowInsecure', true);
@ -865,11 +880,27 @@ local has_xray = api.is_finded("xray")
 						opt.set('xray_fingerprint', queryParam.fp);
 					}
 				}
+				
+				if (queryParam.security == "reality") {
+					opt.set('tls', true);
+					opt.set('reality', true)
+					opt.set('tlsflow', queryParam.flow || '');
+					opt.set('tls_serverName', queryParam.sni || '');
+					if (queryParam.fp && queryParam.fp.trim() != "") {
+						opt.set('reality_fingerprint', queryParam.fp);
+					}
+					opt.set('reality_publicKey', queryParam.pbk || '');
+					opt.set('reality_shortId', queryParam.sid || '');
+					opt.set('reality_spiderX', queryParam.spx || '');
+				}
+
 			}

 			queryParam.type = queryParam.type.toLowerCase();
 			if (queryParam.type === "kcp" || queryParam.type === "mkcp")
 				queryParam.type = "mkcp"
+			if (queryParam.type === "h2" || queryParam.type === "http")
+				queryParam.type = "h2"
 			opt.set('transport', queryParam.type);
 			if (queryParam.type === "tcp") {
 				opt.set('tcp_guise', queryParam.headerType || "none");
@ -880,7 +911,7 @@ local has_xray = api.is_finded("xray")
 			} else if (queryParam.type === "ws") {
 				opt.set('ws_host', queryParam.host || "");
 				opt.set('ws_path', queryParam.path || "");
-			} else if (queryParam.type === "h2") {
+			} else if (queryParam.type === "h2" || queryParam.type === "http") {
 				opt.set('h2_host', queryParam.host || "");
 				opt.set('h2_path', queryParam.path || "");
 			} else if (queryParam.type === "quic") {
@ -891,6 +922,7 @@ local has_xray = api.is_finded("xray")
 				opt.set('mkcp_guise', queryParam.headerType || "none");
 			} else if (queryParam.type === "grpc") {
 				opt.set('grpc_serviceName', (queryParam.serviceName || queryParam.path) || "");
+				opt.set('grpc_mode', queryParam.mode);
 			}

 			if (m.hash) {
--- a/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/luci-app-passwall/root/usr/share/passwall/app.sh
@ -555,8 +555,8 @@ run_redir() {
 			echolog "${PROTO}节点：[$remarks]${server_host} 是非法的服务器地址，无法启动！"
 			return 1
 		}
-		[ "$bind" != "127.0.0.1" ] && echolog "${PROTO}节点：[$remarks]${server_host}:${port}，监听端口：$local_port"
 	}
+	[ "$bind" != "127.0.0.1" ] && echolog "${PROTO}节点：[$remarks]，监听端口：$local_port"
 	eval ${PROTO}_NODE_PORT=$port

 	case "$PROTO" in
@ -1165,6 +1165,10 @@ start_dns() {
 	}
 	
 	[ "$DNS_SHUNT" = "dnsmasq" ] && {
+		[ "$WHEN_CHNROUTE_DEFAULT_DNS" = "remote" ] && {
+			dnsmasq_version=$(dnsmasq -v | grep -i "Dnsmasq version " | awk '{print $3}')
+			[ "$(expr $dnsmasq_version \>= 2.87)" == 0 ] && echolog "Dnsmasq版本低于2.87，有可能无法正常使用！！！"
+		}
 		source $APP_PATH/helper_dnsmasq.sh stretch
 		lua $APP_PATH/helper_dnsmasq_add.lua -FLAG "default" -TMP_DNSMASQ_PATH ${TMP_DNSMASQ_PATH} \
 			-DNSMASQ_CONF_FILE "/tmp/dnsmasq.d/dnsmasq-passwall.conf" -DEFAULT_DNS ${DEFAULT_DNS} -LOCAL_DNS ${LOCAL_DNS} \
@ -1443,6 +1447,10 @@ acl_app() {
 								echo "no-poll" >> $TMP_ACL_PATH/$sid/dnsmasq.conf
 								echo "no-resolv" >> $TMP_ACL_PATH/$sid/dnsmasq.conf
 							}
+							[ "$when_chnroute_default_dns" = "remote" ] && {
+								dnsmasq_version=$(dnsmasq -v | grep -i "Dnsmasq version " | awk '{print $3}')
+								[ "$(expr $dnsmasq_version \>= 2.87)" == 0 ] && echolog "Dnsmasq版本低于2.87，有可能无法正常使用！！！"
+							}
 							lua $APP_PATH/helper_dnsmasq_add.lua -FLAG ${sid} -TMP_DNSMASQ_PATH $TMP_ACL_PATH/$sid/dnsmasq.d \
 								-DNSMASQ_CONF_FILE $TMP_ACL_PATH/$sid/dnsmasq.conf -DEFAULT_DNS $DEFAULT_DNS -LOCAL_DNS $LOCAL_DNS \
 								-TUN_DNS "127.0.0.1#${_dns_port}" -REMOTE_FAKEDNS 0 -CHNROUTE_MODE_DEFAULT_DNS "${when_chnroute_default_dns:-direct}" -CHINADNS_DNS ${_china_ng_listen:-0} \
--- a/luci-app-passwall/root/usr/share/passwall/iptables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/iptables.sh
@ -962,7 +962,7 @@ add_firewall_rule() {
 				$ip6t_m -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
 				echolog "  - [$?]不代理TCP 端口：$TCP_NO_REDIR_PORTS"
 			}
-			[ "$TCP_PROXY_DROP_PORTS" != "disable" ] && {
+			[ "$TCP_PROXY_DROP_PORTS" != "disable" ] && [ "$LOCALHOST_TCP_PROXY_MODE" != "disable" ] && {
 				$ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") -d $FAKE_IP -j DROP
 				$ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) -j DROP
 				$ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j DROP
@ -971,33 +971,39 @@ add_firewall_rule() {
 			}

 			if [ "${ipt_tmp}" = "${ipt_n}" ]; then
-				$ipt_n -A PSW_OUTPUT -p tcp -d $FAKE_IP $(REDIRECT $TCP_REDIR_PORT)
-				$ipt_n -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $TCP_REDIR_PORT)
-				$ipt_n -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $TCP_REDIR_PORT)
-				$ipt_n -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $LOCALHOST_TCP_PROXY_MODE $TCP_REDIR_PORT)
+				[ "$LOCALHOST_TCP_PROXY_MODE" != "disable" ] && {
+					$ipt_n -A PSW_OUTPUT -p tcp -d $FAKE_IP $(REDIRECT $TCP_REDIR_PORT)
+					$ipt_n -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $TCP_REDIR_PORT)
+					$ipt_n -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $TCP_REDIR_PORT)
+					$ipt_n -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $LOCALHOST_TCP_PROXY_MODE $TCP_REDIR_PORT)
+				}
 				$ipt_n -A OUTPUT -p tcp -j PSW_OUTPUT
 			else
-				$ipt_m -A PSW_OUTPUT -p tcp -d $FAKE_IP -j PSW_RULE
-				$ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) -j PSW_RULE
-				$ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j PSW_RULE
-				$ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_ipset_ipt $LOCALHOST_TCP_PROXY_MODE) -j PSW_RULE
-				$ipt_m -A PSW $(comment "本机") -p tcp -i lo $(REDIRECT $TCP_REDIR_PORT TPROXY)
+				[ "$LOCALHOST_TCP_PROXY_MODE" != "disable" ] && {
+					$ipt_m -A PSW_OUTPUT -p tcp -d $FAKE_IP -j PSW_RULE
+					$ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) -j PSW_RULE
+					$ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j PSW_RULE
+					$ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_ipset_ipt $LOCALHOST_TCP_PROXY_MODE) -j PSW_RULE
+					$ipt_m -A PSW $(comment "本机") -p tcp -i lo $(REDIRECT $TCP_REDIR_PORT TPROXY)
+				}
 				$ipt_m -A PSW $(comment "本机") -p tcp -i lo -j RETURN
 				insert_rule_before "$ipt_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW) -p tcp -j PSW_OUTPUT"
 			fi

 			[ "$PROXY_IPV6" == "1" ] && {
-				$ip6t_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST6) -j PSW_RULE
-				$ip6t_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST6) -j PSW_RULE
-				$ip6t_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_ipset_ip6t $LOCALHOST_TCP_PROXY_MODE) -j PSW_RULE
-				$ip6t_m -A PSW $(comment "本机") -p tcp -i lo $(REDIRECT $TCP_REDIR_PORT TPROXY)
+				[ "$LOCALHOST_TCP_PROXY_MODE" != "disable" ] && {
+					$ip6t_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST6) -j PSW_RULE
+					$ip6t_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST6) -j PSW_RULE
+					$ip6t_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_ipset_ip6t $LOCALHOST_TCP_PROXY_MODE) -j PSW_RULE
+					$ip6t_m -A PSW $(comment "本机") -p tcp -i lo $(REDIRECT $TCP_REDIR_PORT TPROXY)
+				}
 				$ip6t_m -A PSW $(comment "本机") -p tcp -i lo -j RETURN
 				insert_rule_before "$ip6t_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW) -p tcp -j PSW_OUTPUT"
 			}
 		fi

 		# 加载路由器自身代理 UDP
-		[ "$UDP_PROXY_DROP_PORTS" != "disable" ] && {
+		[ "$UDP_PROXY_DROP_PORTS" != "disable" ] && [ "$LOCALHOST_UDP_PROXY_MODE" != "disable" ] && {
 			$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") -d $FAKE_IP -j DROP
 			$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) -j DROP
 			$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j DROP
@ -1024,19 +1030,23 @@ add_firewall_rule() {
 				echolog "  - [$?]不代理 UDP 端口：$UDP_NO_REDIR_PORTS"
 			}

-			$ipt_m -A PSW_OUTPUT -p udp -d $FAKE_IP -j PSW_RULE
-			$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) -j PSW_RULE
-			$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j PSW_RULE
-			$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_ipset_ipt $LOCALHOST_UDP_PROXY_MODE) -j PSW_RULE
-			$ipt_m -A PSW $(comment "本机") -p udp -i lo $(REDIRECT $UDP_REDIR_PORT TPROXY)
+			[ "$LOCALHOST_UDP_PROXY_MODE" != "disable" ] && {
+				$ipt_m -A PSW_OUTPUT -p udp -d $FAKE_IP -j PSW_RULE
+				$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) -j PSW_RULE
+				$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) -j PSW_RULE
+				$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_ipset_ipt $LOCALHOST_UDP_PROXY_MODE) -j PSW_RULE
+				$ipt_m -A PSW $(comment "本机") -p udp -i lo $(REDIRECT $UDP_REDIR_PORT TPROXY)
+			}
 			$ipt_m -A PSW $(comment "本机") -p udp -i lo -j RETURN
 			insert_rule_before "$ipt_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW) -p udp -j PSW_OUTPUT"

 			[ "$PROXY_IPV6" == "1" ] && [ "$PROXY_IPV6_UDP" == "1" ] && {
-				$ip6t_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST6) -j PSW_RULE
-				$ip6t_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST6) -j PSW_RULE
-				$ip6t_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_ipset_ip6t $LOCALHOST_UDP_PROXY_MODE) -j PSW_RULE
-				$ip6t_m -A PSW $(comment "本机") -p udp -i lo $(REDIRECT $UDP_REDIR_PORT TPROXY)
+				[ "$LOCALHOST_UDP_PROXY_MODE" != "disable" ] && {
+					$ip6t_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST6) -j PSW_RULE
+					$ip6t_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST6) -j PSW_RULE
+					$ip6t_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_ipset_ip6t $LOCALHOST_UDP_PROXY_MODE) -j PSW_RULE
+					$ip6t_m -A PSW $(comment "本机") -p udp -i lo $(REDIRECT $UDP_REDIR_PORT TPROXY)
+				}
 				$ip6t_m -A PSW $(comment "本机") -p udp -i lo -j RETURN
 				insert_rule_before "$ip6t_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW) -p udp -j PSW_OUTPUT"
 			}
--- a/luci-app-passwall/root/usr/share/passwall/rules/chnlist
+++ b/luci-app-passwall/root/usr/share/passwall/rules/chnlist
--- a/luci-app-passwall/root/usr/share/passwall/rules/chnroute
+++ b/luci-app-passwall/root/usr/share/passwall/rules/chnroute
@ -349,6 +349,7 @@
 103.116.120.0/22
 103.116.128.0/22
 103.116.132.0/23
+103.116.138.0/23
 103.116.148.0/22
 103.116.184.0/22
 103.116.20.0/22
@ -618,7 +619,6 @@
 103.146.236.0/23
 103.146.252.0/23
 103.146.72.0/23
-103.146.88.0/23
 103.146.90.0/23
 103.147.12.0/23
 103.147.124.0/23
--- a/luci-app-passwall/root/usr/share/passwall/rules/chnroute6
+++ b/luci-app-passwall/root/usr/share/passwall/rules/chnroute6
@ -62,7 +62,6 @@
 2001:df1:fd80::/48
 2001:df2:180::/48
 2001:df2:5780::/48
-2001:df2:5a80::/48
 2001:df2:80::/48
 2001:df2:a580::/48
 2001:df3:1480::/48
@ -387,6 +386,8 @@
 2400:e7e0::/32
 2400:e880::/32
 2400:ebc0::/32
+2400:ed60::/32
+2400:eda0::/32
 2400:edc0::/32
 2400:ee00::/32
 2400:eec0::/32
--- a/luci-app-passwall/root/usr/share/passwall/subscribe.lua
+++ b/luci-app-passwall/root/usr/share/passwall/subscribe.lua
@ -737,7 +737,8 @@ local function processData(szType, content, add_mode, add_from)
 				result.ws_host = params.host
 				result.ws_path = params.path
 			end
-			if params.type == 'h2' then
+			if params.type == 'h2' or params.type == 'http' then
+				params.type = "h2"
 				result.h2_host = params.host
 				result.h2_path = params.path
 			end
@ -765,17 +766,24 @@ local function processData(szType, content, add_mode, add_from)
 			if params.type == 'grpc' then
 				if params.path then result.grpc_serviceName = params.path end
 				if params.serviceName then result.grpc_serviceName = params.serviceName end
+				result.grpc_mode = params.mode
 			end
 			result.transport = params.type
 			
 			result.encryption = params.encryption or "none"

 			result.tls = "0"
-			if params.security == "tls" then
+			if params.security == "tls" or params.security == "reality" then
 				result.tls = "1"
 				result.tlsflow = params.flow or nil
 				result.tls_serverName = (params.sni and params.sni ~= "") and params.sni or params.host
 				result.fingerprint = (params.fp and params.fp ~= "") and params.fp or "chrome"
+				if params.security == "reality" then
+					result.reality = "1"
+					result.reality_publicKey = params.pbk or nil
+					result.reality_shortId = params.sid or nil
+					result.reality_spiderX = params.spx or nil
+				end
 			end

 			result.port = port