luci-app-passwal: sync with upstream source
This commit is contained in:
CN_SZTL
parent
104e4ea91e
commit
20ef96075c
@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=luci-app-passwall
|
||||
PKG_VERSION:=3.9
|
||||
PKG_RELEASE:=19
|
||||
PKG_DATE:=20200717
|
||||
PKG_RELEASE:=20
|
||||
PKG_DATE:=20200719
|
||||
|
||||
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
|
||||
|
||||
|
||||
@ -58,13 +58,13 @@ if node.type == "Trojan-Go" then
|
||||
} or nil
|
||||
trojan.websocket = node.trojan_transport and node.trojan_transport:find('ws') and {
|
||||
enabled = true,
|
||||
path = (node.ws_path ~= nil) and node.ws_path or "/",
|
||||
host = (node.ws_host ~= nil) and node.ws_host or (node.tls_serverName ~= nil and node.tls_serverName or node.address)
|
||||
path = node.ws_path or "/",
|
||||
host = node.ws_host or (node.tls_serverName or node.address)
|
||||
} or nil
|
||||
trojan.shadowsocks = (node.ss_aead == "1") and {
|
||||
enabled = true,
|
||||
method = (node.ss_aead_method ~= nil) and node.ss_aead_method or "aead_aes_128_gcm",
|
||||
password = (node.ss_aead_pwd ~= nil) and node.ss_aead_pwd or ""
|
||||
method = node.ss_aead_method or "aead_aes_128_gcm",
|
||||
password = node.ss_aead_pwd or ""
|
||||
} or nil
|
||||
end
|
||||
print(json.stringify(trojan, 1))
|
||||
|
||||
@ -72,7 +72,7 @@ s = m:section(NamedSection, arg[1], "nodes", "")
|
||||
s.addremove = false
|
||||
s.dynamic = false
|
||||
|
||||
share = s:option(DummyValue, "share_url", translate("Share Current"))
|
||||
share = s:option(DummyValue, "passwall", translate("Share Current"))
|
||||
share.rawhtml = true
|
||||
share.template = "passwall/node_list/link_share_man"
|
||||
share.value = arg[1]
|
||||
@ -484,7 +484,7 @@ ss_aead:depends("type", "Trojan-Go")
|
||||
ss_aead.default = "0"
|
||||
|
||||
ss_aead_method = s:option(ListValue, "ss_aead_method", translate("Encrypt Method"))
|
||||
for _, v in ipairs(encrypt_methods_ss_aead) do ss_aead_method:value(v, v:upper()) end
|
||||
for _, v in ipairs(encrypt_methods_ss_aead) do ss_aead_method:value(v, v) end
|
||||
ss_aead_method.default = "aead_aes_128_gcm"
|
||||
ss_aead_method:depends("ss_aead", "1")
|
||||
|
||||
|
||||
@ -82,6 +82,9 @@ local function start()
|
||||
elseif type == "Trojan" then
|
||||
config = require("luci.model.cbi.passwall.server.api.trojan").gen_config(user)
|
||||
bin = ln_start("/usr/sbin/trojan-plus", "trojan-plus", "-c " .. config_file)
|
||||
elseif type == "Trojan-Go" then
|
||||
config = require("luci.model.cbi.passwall.server.api.trojan").gen_config(user)
|
||||
bin = ln_start(_api.get_trojan_go_path(), "trojan-go", "-config " .. config_file)
|
||||
elseif type == "Brook" then
|
||||
local brook_protocol = user.brook_protocol
|
||||
local brook_password = user.password
|
||||
|
||||
@ -8,16 +8,16 @@ function gen_config(user)
|
||||
local_port = tonumber(user.port),
|
||||
remote_addr = (user.remote_enable == "1" and user.remote_address) and user.remote_address or nil,
|
||||
remote_port = (user.remote_enable == "1" and user.remote_port) and user.remote_port or nil,
|
||||
password = { user.password },
|
||||
password = user.type == "Trojan-Go" and user.passwords or { user.password },
|
||||
log_level = 1,
|
||||
(user.stream_security == nil or user.stream_security == "tls") and ssl = {
|
||||
ssl = (user.stream_security == nil or user.stream_security == "tls") and {
|
||||
cert = user.tls_certificateFile,
|
||||
key = user.tls_keyFile,
|
||||
key_password = "",
|
||||
cipher = user.fingerprint == nil and cipher or (user.fingerprint == "disable" and cipher13 .. ":" .. cipher or ""),
|
||||
cipher_tls13 = user.fingerprint == nil and cipher13 or nil,
|
||||
sni = "",
|
||||
verify = false,
|
||||
sni = user.tls_serverName,
|
||||
verify = (user.tls_allowInsecure ~= "1") and true or false,
|
||||
verify_hostname = false,
|
||||
reuse_session = true,
|
||||
session_ticket = (user.tls_sessionTicket == "1") and true or false,
|
||||
@ -29,7 +29,6 @@ function gen_config(user)
|
||||
} or nil,
|
||||
udp_timeout = 60,
|
||||
disable_http_check = true,
|
||||
tcp = {
|
||||
transport_plugin = user.stream_security == "none" and user.trojan_transport == "original" and {
|
||||
enabled = user.plugin_type ~= nil,
|
||||
type = user.plugin_type or "plaintext",
|
||||
@ -40,13 +39,13 @@ function gen_config(user)
|
||||
} or nil,
|
||||
websocket = user.trojan_transport and user.trojan_transport:find('ws') and {
|
||||
enabled = true,
|
||||
path = (user.ws_path ~= nil) and user.ws_path or "/",
|
||||
hostname = (user.ws_host ~= nil) and user.ws_host or (user.tls_serverName ~= nil and user.tls_serverName or user.address)
|
||||
path = user.ws_path or "/",
|
||||
host = user.ws_host or (user.tls_serverName or user.address)
|
||||
} or nil,
|
||||
shadowsocks = (user.ss_aead == "1") and {
|
||||
enabled = true,
|
||||
method = (user.ss_aead_method ~= nil) and user.ss_aead_method or "aead_aes_128_gcm",
|
||||
password = (user.ss_aead_pwd ~= nil) and user.ss_aead_pwd or ""
|
||||
method = user.ss_aead_method or "aead_aes_128_gcm",
|
||||
password = user.ss_aead_pwd or ""
|
||||
} or nil,
|
||||
tcp = {
|
||||
prefer_ipv4 = false,
|
||||
|
||||
@ -56,6 +56,11 @@ s = map:section(NamedSection, arg[1], "user", "")
|
||||
s.addremove = false
|
||||
s.dynamic = false
|
||||
|
||||
share = s:option(DummyValue, "passwall_server", translate("Share Current"))
|
||||
share.rawhtml = true
|
||||
share.template = "passwall/node_list/link_share_man"
|
||||
share.value = arg[1]
|
||||
|
||||
enable = s:option(Flag, "enable", translate("Enable"))
|
||||
enable.default = "1"
|
||||
enable.rmempty = false
|
||||
@ -111,12 +116,18 @@ password.password = true
|
||||
password:depends("type", "SSR")
|
||||
password:depends("type", "Brook")
|
||||
password:depends("type", "Trojan")
|
||||
password:depends("type", "Trojan-Go")
|
||||
password:depends({ type = "V2ray", protocol = "http" })
|
||||
password:depends({ type = "V2ray", protocol = "socks" })
|
||||
password:depends({ type = "V2ray", protocol = "shadowsocks" })
|
||||
password:depends({ type = "V2ray", protocol = "mtproto" })
|
||||
|
||||
passwords = s:option(DynamicList, "passwords", translate("Password"))
|
||||
for i = 1, 3 do
|
||||
local uuid = luci.sys.exec("echo -n $(cat /proc/sys/kernel/random/uuid)")
|
||||
passwords:value(uuid)
|
||||
end
|
||||
passwords:depends("type", "Trojan-Go")
|
||||
|
||||
ssr_encrypt_method = s:option(ListValue, "ssr_encrypt_method", translate("Encrypt Method"))
|
||||
for a, t in ipairs(ssr_encrypt_method_list) do ssr_encrypt_method:value(t) end
|
||||
ssr_encrypt_method:depends("type", "SSR")
|
||||
@ -192,14 +203,27 @@ stream_security:depends({ type = "V2ray", protocol = "vmess", transport = "ws" }
|
||||
stream_security:depends({ type = "V2ray", protocol = "vmess", transport = "h2" })
|
||||
stream_security:depends({ type = "V2ray", protocol = "socks" })
|
||||
stream_security:depends({ type = "V2ray", protocol = "shadowsocks" })
|
||||
stream_security:depends("type", "Trojan")
|
||||
stream_security:depends("type", "Trojan-Go")
|
||||
|
||||
stream_security.validate = function(self, value)
|
||||
if value == "none" and type:formvalue(arg[1]) == "Trojan" then
|
||||
return nil, translate("'none' not supported for original Trojan.")
|
||||
end
|
||||
return value
|
||||
end
|
||||
-- [[ TLS部分 ]] --
|
||||
|
||||
tls_sessionTicket = s:option(Flag, "tls_sessionTicket", translate("Session Ticket"))
|
||||
tls_sessionTicket.default = "0"
|
||||
tls_sessionTicket:depends("stream_security", "tls")
|
||||
|
||||
tls_serverName = s:option(Value, "tls_serverName", translate("Domain"))
|
||||
tls_serverName:depends("stream_security", "tls")
|
||||
|
||||
tls_allowInsecure = s:option(Flag, "tls_allowInsecure", translate("allowInsecure"), translate("Whether unsafe connections are allowed. When checked, V2Ray does not check the validity of the TLS certificate provided by the remote host."))
|
||||
tls_allowInsecure.default = "0"
|
||||
tls_allowInsecure:depends("stream_security", "tls")
|
||||
|
||||
tls_certificateFile = s:option(Value, "tls_certificateFile", translate("Public key absolute path"), translate("as:") .. "/etc/ssl/fullchain.pem")
|
||||
tls_certificateFile:depends("stream_security", "tls")
|
||||
|
||||
@ -213,9 +237,9 @@ transport:value("ws", "WebSocket")
|
||||
transport:value("h2", "HTTP/2")
|
||||
transport:value("ds", "DomainSocket")
|
||||
transport:value("quic", "QUIC")
|
||||
stream_security:depends({ type = "V2ray", protocol = "vmess" })
|
||||
stream_security:depends({ type = "V2ray", protocol = "socks" })
|
||||
stream_security:depends({ type = "V2ray", protocol = "shadowsocks" })
|
||||
transport:depends({ type = "V2ray", protocol = "vmess" })
|
||||
transport:depends({ type = "V2ray", protocol = "socks" })
|
||||
transport:depends({ type = "V2ray", protocol = "shadowsocks" })
|
||||
|
||||
trojan_transport = s:option(ListValue, "trojan_transport", translate("Transport"))
|
||||
trojan_transport:value("original", "Original")
|
||||
@ -341,6 +365,7 @@ remote_enable = s:option(Flag, "remote_enable", translate("Enable Remote"), tran
|
||||
remote_enable.default = "1"
|
||||
remote_enable.rmempty = false
|
||||
remote_enable:depends("type", "Trojan")
|
||||
remote_enable:depends("type", "Trojan-Go")
|
||||
|
||||
remote_address = s:option(Value, "remote_address", translate("Remote Address"))
|
||||
remote_address.default = "127.0.0.1"
|
||||
@ -356,7 +381,7 @@ ss_aead:depends("type", "Trojan-Go")
|
||||
ss_aead.default = "0"
|
||||
|
||||
ss_aead_method = s:option(ListValue, "ss_aead_method", translate("Encrypt Method"))
|
||||
for _, v in ipairs(encrypt_methods_ss_aead) do ss_aead_method:value(v, v:upper()) end
|
||||
for _, v in ipairs(encrypt_methods_ss_aead) do ss_aead_method:value(v, v) end
|
||||
ss_aead_method.default = "aead_aes_128_gcm"
|
||||
ss_aead_method.rmempty = false
|
||||
ss_aead_method:depends("ss_aead", "1")
|
||||
|
||||
@ -100,16 +100,19 @@ local dsp = require "luci.dispatcher"
|
||||
function buildUrl(btn, urlname, sid) {
|
||||
var opt = {
|
||||
base: "cbid.passwall",
|
||||
client : true,
|
||||
fallback: "dummy",
|
||||
get: function(opt) {
|
||||
var id = this.base + "." + opt;
|
||||
var obj = document.getElementsByName(id) || document.getElementById(id);
|
||||
var obj = document.getElementsByName(id)[0] || document.getElementsByClassName(id)[0] || document.getElementById(id)
|
||||
if (obj) {
|
||||
if (obj.length === 1) obj = obj[0];
|
||||
return obj;
|
||||
} else {
|
||||
alert("<%:Faltal on get option, please help in debug: %>" + opt);
|
||||
return document.getElementById(this.fallback);
|
||||
obj = document.getElementById(this.fallback);
|
||||
if (opt === "address") obj.value = "0.0.0.0";
|
||||
else if (opt === "mux") obj.value = "0";
|
||||
if (this.client || (opt !== "address" && opt !== "mux")) alert("<%:Faltal on get option, please help in debug: %>" + opt);
|
||||
return obj;
|
||||
}
|
||||
},
|
||||
getlist: function(opt) {
|
||||
@ -144,7 +147,8 @@ local dsp = require "luci.dispatcher"
|
||||
alert("Never");
|
||||
return false;
|
||||
}
|
||||
opt.base = "cbid.passwall." + sid;
|
||||
opt.base = "cbid." + urlname + "." + sid;
|
||||
opt.client = urlname.indexOf("server") === -1;
|
||||
opt.fallback = urlname + "-dummy";
|
||||
var v_type = opt.get("type").value;
|
||||
var v_alias = opt.get("remarks");
|
||||
@ -169,7 +173,7 @@ local dsp = require "luci.dispatcher"
|
||||
"&remarks=" + b64encutf8safe(v_alias.value);
|
||||
url = b64encsafe(ssr_str);
|
||||
} else if (v_type === "Trojan" || v_type === "Trojan-Go") {
|
||||
var v_password = opt.get("password");
|
||||
var v_password = opt.get(!opt.client && v_type === "Trojan-Go" ? "passwords" : "password");
|
||||
var v_server = opt.get("address");
|
||||
var v_port = opt.get("port");
|
||||
url = encodeURIComponent(v_password.value) +
|
||||
@ -239,6 +243,7 @@ local dsp = require "luci.dispatcher"
|
||||
function fromUrl(btn, urlname, sid) {
|
||||
var opt = {
|
||||
base: 'cbid.passwall',
|
||||
client : true,
|
||||
fallback: 'dummy',
|
||||
get: function(opt) {
|
||||
var obj;
|
||||
@ -247,7 +252,7 @@ local dsp = require "luci.dispatcher"
|
||||
if (obj) {
|
||||
return obj;
|
||||
} else {
|
||||
alert('<%:Faltal on get option, please help in debug: %>' + opt);
|
||||
if (this.client || (opt !== "address" && opt !== "mux")) alert('<%:Faltal on get option, please help in debug: %>' + opt);
|
||||
return document.getElementById(this.fallback);
|
||||
}
|
||||
},
|
||||
@ -287,7 +292,8 @@ local dsp = require "luci.dispatcher"
|
||||
alert("Never");
|
||||
return false;
|
||||
}
|
||||
opt.base = 'cbid.passwall.' + sid
|
||||
opt.base = "cbid." + urlname + "." + sid;
|
||||
opt.client = urlname.indexOf("server") === -1;
|
||||
opt.fallback = urlname + '-dummy';
|
||||
var ssrurl = prompt('<%:Paste Share URL Here%>', '');
|
||||
if (ssrurl === null || ssrurl === "") {
|
||||
@ -333,7 +339,7 @@ local dsp = require "luci.dispatcher"
|
||||
opt.set('protocol_param', dictvalue(pdict, 'protoparam'));
|
||||
var rem = pdict['remarks'];
|
||||
if (typeof(rem) !== 'undefined' && rem !== '' && rem.length > 0)
|
||||
opt.set('remark', b64decutf8safe(rem));
|
||||
opt.set('remarks', b64decutf8safe(rem));
|
||||
} else if (ssu[0] === "ss") {
|
||||
var url0 = "", param = "";
|
||||
var sipIndex = ssu[1].indexOf("@");
|
||||
@ -374,7 +380,7 @@ local dsp = require "luci.dispatcher"
|
||||
opt.set('ss_plugin', plugin || "");
|
||||
opt.set('ss_plugin_opts', pluginOpts || "");
|
||||
if (param !== undefined) {
|
||||
opt.set('remark', decodeURI(param));
|
||||
opt.set('remarks', decodeURI(param));
|
||||
}
|
||||
} else {
|
||||
var sstr = b64decsafe(url0);
|
||||
@ -390,7 +396,7 @@ local dsp = require "luci.dispatcher"
|
||||
opt.set('ss_plugin', "");
|
||||
opt.set('ss_plugin_opts', "");
|
||||
if (param !== undefined) {
|
||||
opt.set('remark', decodeURI(param));
|
||||
opt.set('remarks', decodeURI(param));
|
||||
}
|
||||
}
|
||||
} else if (ssu[0] === "trojan") {
|
||||
@ -420,7 +426,7 @@ local dsp = require "luci.dispatcher"
|
||||
opt.get('type').dispatchEvent(event);
|
||||
opt.set('address', m.hostname);
|
||||
opt.set('port', m.port || "443");
|
||||
opt.set('password', decodeURIComponent(password));
|
||||
opt.set(!opt.client && stype === "Trojan-Go" ? 'passwords' : 'password', decodeURIComponent(password));
|
||||
var tls = true;
|
||||
if (stype === "Trojan-Go") {
|
||||
tls = queryParam.plugin === undefined;
|
||||
@ -454,12 +460,12 @@ local dsp = require "luci.dispatcher"
|
||||
var ss = queryParam.ss === '1';
|
||||
opt.set('ss_aead', ss);
|
||||
if (ss) {
|
||||
opt.set('ss_aead_method', queryParam.ssmethod.toUpperCase() || '');
|
||||
opt.set('ss_aead_method', queryParam.ssmethod.toLowerCase() || '');
|
||||
opt.set('ss_aead_pwd', queryParam.sspasswd || '');
|
||||
}
|
||||
opt.set('mux', queryParam.mux === '1');
|
||||
if (m.hash) {
|
||||
opt.set('remark', decodeURI(m.hash.substr(1)));
|
||||
opt.set('remarks', decodeURI(m.hash.substr(1)));
|
||||
}
|
||||
} else if (ssu[0] === "trojan-go") {
|
||||
var m = parseNodeUrl(ssrurl);
|
||||
@ -483,7 +489,7 @@ local dsp = require "luci.dispatcher"
|
||||
opt.get('type').dispatchEvent(event);
|
||||
opt.set('address', m.hostname);
|
||||
opt.set('port', m.port || "443");
|
||||
opt.set('password', decodeURIComponent(password));
|
||||
opt.set(opt.client ? 'password' : 'passwords', decodeURIComponent(password));
|
||||
opt.set('stream_security', (queryParam.tls && queryParam.tls === '1') ? 'tls' : 'none');
|
||||
opt.get('stream_security').dispatchEvent(event);
|
||||
var plugin = queryParam.plugin !== undefined;
|
||||
@ -538,12 +544,12 @@ local dsp = require "luci.dispatcher"
|
||||
ss = enc.type === 'ss';
|
||||
opt.set('ss_aead', ss);
|
||||
if (ss) {
|
||||
opt.set('ss_aead_method', enc.method.toUpperCase() || '');
|
||||
opt.set('ss_aead_method', enc.method.toLowerCase() || '');
|
||||
opt.set('ss_aead_pwd', enc.password || '');
|
||||
}
|
||||
opt.set('mux', queryParam.mux === '1');
|
||||
if (m.hash) {
|
||||
opt.set('remark', decodeURI(m.hash));
|
||||
opt.set('remarks', decodeURI(m.hash.substr(1)));
|
||||
}
|
||||
} else if (ssu[0] === "vmess") {
|
||||
var sstr = b64DecodeUnicode(ssu[1]);
|
||||
@ -556,7 +562,7 @@ local dsp = require "luci.dispatcher"
|
||||
param = sstr.substr(ploc + 2);
|
||||
}
|
||||
var ssm = JSON.parse(sstr);
|
||||
opt.set('remark', ssm.ps);
|
||||
opt.set('remarks', ssm.ps);
|
||||
opt.set('address', ssm.add);
|
||||
opt.set('port', ssm.port);
|
||||
opt.set('alter_id', ssm.aid);
|
||||
@ -597,7 +603,7 @@ local dsp = require "luci.dispatcher"
|
||||
}
|
||||
|
||||
//]]></script>
|
||||
<input type="test" class="hidden" id='<%=self.option%>-dummy' value="-dummy-" />
|
||||
<input type="text" class="hidden" id='<%=self.option%>-dummy' value="0.0.0.0" />
|
||||
<input type="button" class="cbi-button cbi-button-apply" value='<%:From Share URL%>' onclick="return fromUrl(this, '<%=self.option%>', '<%=self.value%>')" />
|
||||
<input type="button" class="cbi-button cbi-button-apply" value='<%:Build Share URL%>' onclick="return buildUrl(this, '<%=self.option%>', '<%=self.value%>')" />
|
||||
<span id="<%=self.option%>-status"></span>
|
||||
|
||||
@ -11,6 +11,7 @@ config global
|
||||
option udp_proxy_mode 'chnroute'
|
||||
option localhost_tcp_proxy_mode 'gfwlist'
|
||||
option localhost_udp_proxy_mode 'gfwlist'
|
||||
option socks_server '0.0.0.0:1080'
|
||||
|
||||
config global_haproxy
|
||||
option balancing_enable '0'
|
||||
|
||||
@ -20,7 +20,6 @@ LUA_API_PATH=/usr/lib/lua/luci/model/cbi/$CONFIG/api
|
||||
API_GEN_SS=$LUA_API_PATH/gen_shadowsocks.lua
|
||||
API_GEN_V2RAY=$LUA_API_PATH/gen_v2ray.lua
|
||||
API_GEN_TROJAN=$LUA_API_PATH/gen_trojan.lua
|
||||
|
||||
echolog() {
|
||||
local d="$(date "+%Y-%m-%d %H:%M:%S")"
|
||||
echo -e "$d: $1" >>$LOG_FILE
|
||||
@ -85,6 +84,46 @@ get_node_host_ip() {
|
||||
echo $ip
|
||||
}
|
||||
|
||||
hosts_foreach() {
|
||||
local __hosts
|
||||
eval "__hosts=\$${1}"; shift 1
|
||||
local __func=${1}; shift 1
|
||||
local __default_port=${1}; shift 1
|
||||
local __ret=1
|
||||
|
||||
[ -z "${__hosts}" ] && return 0
|
||||
local __ip __port
|
||||
for __host in $(echo $__hosts | sed 's/[ ,]/\n/g'); do
|
||||
__ip=$(echo $__host | sed -n 's/\(^[^:#]*\).*$/\1/p')
|
||||
[ -n "${__default_port}" ] && __port=$(echo $__host | sed -n 's/^[^:#]*[:#]\([0-9]*\).*$/\1/p')
|
||||
eval "$__func \"${__host}\" \"\${__ip}\" \"\${__port:-${__default_port}}\" $@"
|
||||
__ret=$?
|
||||
[ ${__ret} -ge ${ERROR_NO_CATCH:-1} ] && return ${__ret}
|
||||
done
|
||||
}
|
||||
|
||||
get_first_dns() {
|
||||
local __hosts_val=${1}; shift 1
|
||||
__first() {
|
||||
[ -z "${2}" ] && return 0
|
||||
echo "${2}#${3}"
|
||||
return 1
|
||||
}
|
||||
eval "hosts_foreach \"${__hosts_val}\" __first $@"
|
||||
}
|
||||
|
||||
get_last_dns() {
|
||||
local __hosts_val=${1}; shift 1
|
||||
local __first __last
|
||||
__every() {
|
||||
[ -z "${2}" ] && return 0
|
||||
__last="${2}#${3}"
|
||||
__first=${__first:-${__last}}
|
||||
}
|
||||
eval "hosts_foreach \"${__hosts_val}\" __every $@"
|
||||
[ "${__first}" == "${__last}" ] || echo "${__last}"
|
||||
}
|
||||
|
||||
check_port_exists() {
|
||||
port=$1
|
||||
protocol=$2
|
||||
@ -123,13 +162,13 @@ ln_start_bin() {
|
||||
local file=$1
|
||||
[ "$file" != "null" ] && {
|
||||
local bin=$2
|
||||
local cmd=$3
|
||||
shift 2
|
||||
if [ -n "${TMP_BIN_PATH}/$bin" -a -f "${TMP_BIN_PATH}/$bin" ];then
|
||||
${TMP_BIN_PATH}/$bin $cmd >/dev/null 2>&1 &
|
||||
${TMP_BIN_PATH}/$bin $@ >/dev/null 2>&1 &
|
||||
else
|
||||
if [ -n "$file" -a -f "$file" ];then
|
||||
ln -s $file ${TMP_BIN_PATH}/$bin
|
||||
${TMP_BIN_PATH}/$bin $cmd >/dev/null 2>&1 &
|
||||
${TMP_BIN_PATH}/$bin $@ >/dev/null 2>&1 &
|
||||
else
|
||||
echolog "找不到$bin主程序,无法启动!"
|
||||
fi
|
||||
@ -192,7 +231,7 @@ load_config() {
|
||||
}
|
||||
|
||||
DNS_MODE=$(config_t_get global dns_mode pdnsd)
|
||||
DNS_FORWARD=$(config_t_get global dns_forward 8.8.4.4)
|
||||
DNS_FORWARD=$(config_t_get global dns_forward 8.8.4.4:53)
|
||||
DNS_CACHE=$(config_t_get global dns_cache 1)
|
||||
use_tcp_node_resolve_dns=0
|
||||
use_udp_node_resolve_dns=0
|
||||
@ -213,9 +252,9 @@ load_config() {
|
||||
UP_CHINA_DNS2=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | grep -v 0.0.0.0 | grep -v 127.0.0.1 | sed -n '2P')
|
||||
[ -n "$UP_CHINA_DNS1" -a -n "$UP_CHINA_DNS2" ] && UP_CHINA_DNS="$UP_CHINA_DNS1,$UP_CHINA_DNS2"
|
||||
else
|
||||
UP_CHINA_DNS1=$(echo $UP_CHINA_DNS | sed "s/:/#/g" | awk -F ',' '{print $1}')
|
||||
UP_CHINA_DNS1=$(get_first_dns UP_CHINA_DNS 53)
|
||||
if [ -n "$UP_CHINA_DNS1" ]; then
|
||||
UP_CHINA_DNS2=$(echo $UP_CHINA_DNS | sed "s/:/#/g" | awk -F ',' '{print $2}')
|
||||
UP_CHINA_DNS2=$(get_last_dns UP_CHINA_DNS 53)
|
||||
[ -n "$UP_CHINA_DNS2" ] && UP_CHINA_DNS="${UP_CHINA_DNS1},${UP_CHINA_DNS2}"
|
||||
else
|
||||
UP_CHINA_DNS1="119.29.29.29"
|
||||
@ -522,6 +561,8 @@ stop_crontab() {
|
||||
}
|
||||
|
||||
start_dns() {
|
||||
DNS2SOCKS_SOCKS_SERVER=$(echo $(config_t_get global socks_server nil) | sed "s/#/:/g")
|
||||
DNS2SOCKS_FORWARD=$(get_first_dns DNS_FORWARD 53 | sed 's/#/:/g')
|
||||
case "$DNS_MODE" in
|
||||
nonuse)
|
||||
echolog "DNS:不使用,将会直接使用上级DNS!"
|
||||
@ -530,13 +571,10 @@ start_dns() {
|
||||
echolog "DNS:使用本机7913端口DNS服务器解析域名..."
|
||||
;;
|
||||
dns2socks)
|
||||
DNS2SOCKS_SOCKS_SERVER=$(echo $(config_t_get global socks_server nil) | sed "s/#/:/g")
|
||||
[ "$DNS2SOCKS_SOCKS_SERVER" != "nil" ] && {
|
||||
DNS2SOCKS_FORWARD=$(echo $DNS_FORWARD | awk -F ',' '{print $1}')
|
||||
[ -z "$DNS2SOCKS_FORWARD" ] && DNS2SOCKS_FORWARD="8.8.4.4"
|
||||
[ "$DNS_CACHE" == "0" ] && local _cache="/d"
|
||||
ln_start_bin $(find_bin dns2socks) dns2socks "$DNS2SOCKS_SOCKS_SERVER $DNS2SOCKS_FORWARD 127.0.0.1:$DNS_PORT $_cache"
|
||||
echolog "DNS:dns2socks($DNS2SOCKS_FORWARD)..."
|
||||
echolog "DNS:dns2socks(${DNS2SOCKS_FORWARD-D46.182.19.48:53})..."
|
||||
}
|
||||
;;
|
||||
pdnsd)
|
||||
@ -546,11 +584,12 @@ start_dns() {
|
||||
else
|
||||
gen_pdnsd_config $DNS_PORT
|
||||
ln_start_bin $(find_bin pdnsd) pdnsd "--daemon -c $pdnsd_dir/pdnsd.conf -d"
|
||||
echolog "DNS:pdnsd + 使用TCP节点解析DNS($DNS_FORWARD)..."
|
||||
DNS_FORWARD=$(echo $DNS_FORWARD | sed 's/,/ /g')
|
||||
echolog "DNS:pdnsd + 使用TCP节点解析DNS..."
|
||||
fi
|
||||
;;
|
||||
chinadns-ng)
|
||||
local china_ng_chn=$(echo $UP_CHINA_DNS | sed 's/:/#/g')
|
||||
local china_ng_gfw=$(echo $DNS_FORWARD | sed 's/:/#/g')
|
||||
other_port=$(expr $DNS_PORT + 1)
|
||||
[ -f "$RULES_PATH/gfwlist.conf" ] && cat $RULES_PATH/gfwlist.conf | sort | uniq | sed -e '/127.0.0.1/d' | sed 's/ipset=\/.//g' | sed 's/\/gfwlist//g' > $TMP_PATH/gfwlist.txt
|
||||
[ -f "$TMP_PATH/gfwlist.txt" ] && {
|
||||
@ -578,25 +617,20 @@ start_dns() {
|
||||
else
|
||||
gen_pdnsd_config $other_port
|
||||
ln_start_bin $(find_bin pdnsd) pdnsd "--daemon -c $pdnsd_dir/pdnsd.conf -d"
|
||||
ln_start_bin $(find_bin chinadns-ng) chinadns-ng "-l $DNS_PORT -c $UP_CHINA_DNS -t 127.0.0.1#$other_port $gfwlist_param $chnlist_param $fair_mode"
|
||||
echolog "DNS:ChinaDNS-NG + pdnsd($DNS_FORWARD),国内DNS:$UP_CHINA_DNS"
|
||||
DNS_FORWARD=$(echo $DNS_FORWARD | sed 's/,/ /g')
|
||||
ln_start_bin $(find_bin chinadns-ng) chinadns-ng "-l $DNS_PORT -c $china_ng_chn -t 127.0.0.1#$other_port $gfwlist_param $chnlist_param $fair_mode"
|
||||
echolog "DNS:ChinaDNS-NG + pdnsd($china_ng_gfw),国内DNS:$china_ng_chn"
|
||||
fi
|
||||
elif [ "$up_trust_chinadns_ng_dns" == "dns2socks" ]; then
|
||||
DNS2SOCKS_SOCKS_SERVER=$(echo $(config_t_get global socks_server nil) | sed "s/#/:/g")
|
||||
[ "$DNS2SOCKS_SOCKS_SERVER" != "nil" ] && {
|
||||
DNS2SOCKS_FORWARD=$(echo $DNS_FORWARD | awk -F ',' '{print $1}')
|
||||
[ -z "$DNS2SOCKS_FORWARD" ] && DNS2SOCKS_FORWARD="8.8.4.4"
|
||||
[ "$DNS_CACHE" == "0" ] && local _cache="/d"
|
||||
ln_start_bin $(find_bin dns2socks) dns2socks "$DNS2SOCKS_SOCKS_SERVER $DNS2SOCKS_FORWARD 127.0.0.1:$other_port $_cache"
|
||||
ln_start_bin $(find_bin chinadns-ng) chinadns-ng "-l $DNS_PORT -c $UP_CHINA_DNS -t 127.0.0.1#$other_port $gfwlist_param $chnlist_param $fair_mode"
|
||||
echolog "DNS:ChinaDNS-NG + dns2socks($DNS2SOCKS_FORWARD),国内DNS:$UP_CHINA_DNS"
|
||||
ln_start_bin $(find_bin chinadns-ng) chinadns-ng "-l $DNS_PORT -c $china_ng_chn -t 127.0.0.1#$other_port $gfwlist_param $chnlist_param $fair_mode"
|
||||
echolog "DNS:ChinaDNS-NG + dns2socks(${DNS2SOCKS_FORWARD:-D46.182.19.48:53}),国内DNS:$china_ng_chn"
|
||||
}
|
||||
elif [ "$up_trust_chinadns_ng_dns" == "udp" ]; then
|
||||
use_udp_node_resolve_dns=1
|
||||
ln_start_bin $(find_bin chinadns-ng) chinadns-ng "-l $DNS_PORT -c $UP_CHINA_DNS -t $DNS_FORWARD $gfwlist_param $chnlist_param $fair_mode"
|
||||
echolog "DNS:ChinaDNS-NG,国内DNS:$UP_CHINA_DNS,可信DNS:$up_trust_chinadns_ng_dns,如果不能使用,请确保UDP节点已打开并且支持UDP转发。"
|
||||
DNS_FORWARD=$(echo $DNS_FORWARD | sed 's/,/ /g')
|
||||
ln_start_bin $(find_bin chinadns-ng) chinadns-ng "-l $DNS_PORT -c $china_ng_chn -t $china_ng_gfw $gfwlist_param $chnlist_param $fair_mode"
|
||||
echolog "DNS:ChinaDNS-NG,国内DNS:$china_ng_chn,可信DNS:$up_trust_chinadns_ng_dns[$china_ng_gfw],如果不能使用,请确保UDP节点已打开并且支持UDP转发。"
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
@ -707,22 +741,26 @@ gen_pdnsd_config() {
|
||||
}
|
||||
|
||||
EOF
|
||||
|
||||
cat >> $pdnsd_dir/pdnsd.conf <<-EOF
|
||||
server {
|
||||
label = "node";
|
||||
ip = $DNS_FORWARD;
|
||||
edns_query = on;
|
||||
port = 53;
|
||||
timeout = 4;
|
||||
interval = 10m;
|
||||
uptest = none;
|
||||
purge_cache = off;
|
||||
caching = $_cache;
|
||||
}
|
||||
|
||||
EOF
|
||||
|
||||
|
||||
append_pdnsd_updns() {
|
||||
[ -z "${2}" ] && echolog "略过错误配置的 DNS : [${1}]" && return 0
|
||||
echolog "配置 pdnsd 的上游DNS[${2}:${3}]"
|
||||
cat >> $pdnsd_dir/pdnsd.conf <<-EOF
|
||||
server {
|
||||
label = "node-${2}_${3}";
|
||||
ip = ${2};
|
||||
edns_query = on;
|
||||
port = ${3};
|
||||
timeout = 4;
|
||||
interval = 10m;
|
||||
uptest = none;
|
||||
purge_cache = off;
|
||||
caching = $_cache;
|
||||
}
|
||||
EOF
|
||||
}
|
||||
hosts_foreach DNS_FORWARD append_pdnsd_updns 53
|
||||
|
||||
use_tcp_node_resolve_dns=1
|
||||
}
|
||||
|
||||
|
||||
@ -347,17 +347,14 @@ add_firewall_rule() {
|
||||
blist_r=$(REDIRECT 1 MARK)
|
||||
p_r=$(get_redirect_ipt $LOCALHOST_TCP_PROXY_MODE 1 MARK)
|
||||
fi
|
||||
[ "$use_tcp_node_resolve_dns" == 1 -a -n "$DNS_FORWARD" ] && {
|
||||
for dns in $DNS_FORWARD ; do
|
||||
local dns_ip=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $1}')
|
||||
ipset test $IPSET_LANIPLIST $dns_ip 2>/dev/null
|
||||
[ $? == 0 ] && continue
|
||||
local dns_port=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $2}')
|
||||
[ -z "$dns_port" ] && dns_port=53
|
||||
$ipt_tmp -I $dns_l 2 -p tcp -d $dns_ip --dport $dns_port $dns_r
|
||||
[ "$ipt_tmp" == "$ipt_m" ] && $ipt_tmp -I PSW_OUTPUT 2 -p tcp -d $dns_ip --dport $dns_port $(REDIRECT 1 MARK)
|
||||
done
|
||||
_proxy_tcp_access() {
|
||||
[ -n "${2}" ] && return 0
|
||||
ipset test $IPSET_LANIPLIST ${2} 2>/dev/null
|
||||
[ $? == 0 ] && return 0
|
||||
$ipt_tmp -I $dns_l 2 -p tcp -d ${2} --dport ${3} $dns_r
|
||||
[ "$ipt_tmp" == "$ipt_m" ] && $ipt_tmp -I PSW_OUTPUT 2 -p tcp -d ${2} --dport ${3} $(REDIRECT 1 MARK)
|
||||
}
|
||||
[ "$use_tcp_node_resolve_dns" == 1 ] && hosts_foreach DNS_FORWARD _proxy_tcp_access 53
|
||||
$ipt_tmp -A OUTPUT -p tcp -j PSW_OUTPUT
|
||||
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_tmp -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
|
||||
$ipt_tmp -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $blist_r
|
||||
@ -402,18 +399,15 @@ add_firewall_rule() {
|
||||
# 加载路由器自身代理 UDP
|
||||
if [ "$UDP_NODE1" != "nil" ]; then
|
||||
local UDP_NODE1_TYPE=$(echo $(config_n_get $UDP_NODE1 type) | tr 'A-Z' 'a-z')
|
||||
[ "$use_udp_node_resolve_dns" == 1 -a -n "$DNS_FORWARD" ] && {
|
||||
for dns in $DNS_FORWARD ; do
|
||||
local dns_ip=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $1}')
|
||||
ipset test $IPSET_LANIPLIST $dns_ip 2>/dev/null
|
||||
[ $? == 0 ] && continue
|
||||
local dns_port=$(echo $dns | sed "s/:/#/g" | awk -F "#" '{print $2}')
|
||||
[ -z "$dns_port" ] && dns_port=53
|
||||
local ADD_INDEX=2
|
||||
$ipt_m -I PSW $ADD_INDEX -p udp -d $dns_ip --dport $dns_port $(REDIRECT $UDP_REDIR_PORT1 TPROXY)
|
||||
$ipt_m -I PSW_OUTPUT $ADD_INDEX -p udp -d $dns_ip --dport $dns_port $(REDIRECT 1 MARK)
|
||||
done
|
||||
_proxy_udp_access() {
|
||||
[ -n "${2}" ] && return 0
|
||||
ipset test $IPSET_LANIPLIST ${2} 2>/dev/null
|
||||
[ $? == 0 ] && return 0
|
||||
local ADD_INDEX=2
|
||||
$ipt_m -I PSW $ADD_INDEX -p udp -d ${2} --dport ${3} $(REDIRECT $UDP_REDIR_PORT1 TPROXY)
|
||||
$ipt_m -I PSW_OUTPUT $ADD_INDEX -p udp -d ${2} --dport ${3} $(REDIRECT 1 MARK)
|
||||
}
|
||||
[ "$use_udp_node_resolve_dns" == 1 ] && hosts_foreach DNS_FORWARD _proxy_udp_access 53
|
||||
$ipt_m -A OUTPUT -p udp -j PSW_OUTPUT
|
||||
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
|
||||
$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT 1 MARK)
|
||||
|
||||
@ -1,10 +1,124 @@
|
||||
abc.com
|
||||
abema.tv
|
||||
acast.com
|
||||
adblockplus.org
|
||||
adswizz.com
|
||||
agkn.com
|
||||
akadns.net
|
||||
akam.net
|
||||
akamai.com
|
||||
akamai.net
|
||||
akamaiedge.net
|
||||
akamaihd.net
|
||||
akamaistream.net
|
||||
akamaitech.net
|
||||
akamaitechnologies.com
|
||||
akamaitechnologies.fr
|
||||
akamaized.net
|
||||
amazon-adsystem.com
|
||||
amazon.co.jp
|
||||
amazon.co.uk
|
||||
amazon.com
|
||||
amazon.de
|
||||
amazonvideo.com
|
||||
amctv.com
|
||||
bahamut.com.tw
|
||||
beinsportsconnect.net
|
||||
beinsportsconnect.tv
|
||||
blinkbox.com
|
||||
brightcove.com
|
||||
caddyserver.com
|
||||
cbs.com
|
||||
cloudfront.net
|
||||
conviva.com
|
||||
crackle.com
|
||||
crunchyroll.com
|
||||
crwdcntrl.net
|
||||
cwtv.com
|
||||
disney.com
|
||||
disneyjunior.com
|
||||
easylist-downloads.adblockplus.org
|
||||
edgecastcdn.net
|
||||
edgekey.net
|
||||
edgesuite.net
|
||||
fast.com
|
||||
fig.bbc.co.uk
|
||||
footprint.net
|
||||
formyip.com
|
||||
msi.com
|
||||
fox.com
|
||||
gamer.com.tw
|
||||
ggpht.com
|
||||
github-production-release-asset-2e65be.s3.amazonaws.com
|
||||
github.com
|
||||
github.io
|
||||
githubusercontent.com
|
||||
github-production-release-asset-2e65be.s3.amazonaws.com
|
||||
go.com
|
||||
googleapis.com
|
||||
googletagmanager.com
|
||||
googleusercontent.com
|
||||
googlevideo.com
|
||||
gstatic.com
|
||||
happyon.jp
|
||||
hbo.com
|
||||
hbogo.com
|
||||
hbonow.com
|
||||
hinet.net
|
||||
hulu.com
|
||||
hulu.jp
|
||||
huluad.com
|
||||
huluim.com
|
||||
hulustream.com
|
||||
ifconfig.co
|
||||
imrworldwide.com
|
||||
ip2location.com
|
||||
level3.net
|
||||
line.me
|
||||
llnwd.net
|
||||
lovefilm.com
|
||||
maxmind.com
|
||||
mog.com
|
||||
movetv.com
|
||||
msi.com
|
||||
mtv.com
|
||||
mtvnservices.com
|
||||
naver.com
|
||||
naver.jp
|
||||
nbc.com
|
||||
nbcuni.com
|
||||
netflix.com
|
||||
netflix.net
|
||||
nflxext.com
|
||||
nflximg.net
|
||||
nflxso.net
|
||||
nflxvideo.net
|
||||
omtrdc.net
|
||||
open.live.bbc.co.uk
|
||||
openwrt.proxy.ustclug.org
|
||||
easylist-downloads.adblockplus.org
|
||||
adblockplus.org
|
||||
caddyserver.com
|
||||
openx.net
|
||||
optus.com.au
|
||||
optusnet.com.au
|
||||
pandora.com
|
||||
pbs.org
|
||||
playstation.net
|
||||
primevideo.com
|
||||
pubmatic.com
|
||||
radiotime.com
|
||||
sa.bbc.co.uk
|
||||
sho.com
|
||||
sling.com
|
||||
southpark.cc.com
|
||||
spike.com
|
||||
srip.net
|
||||
theplatform.com
|
||||
ttvnw.net
|
||||
turner.com
|
||||
turnin.com
|
||||
twitch.tv
|
||||
uplynk.com
|
||||
vudu.com
|
||||
warnerbros.com
|
||||
wdtvlive.com
|
||||
www.bbc.co.uk
|
||||
xboxlive.com
|
||||
youtube.com
|
||||
ytimg.com
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
apple.com
|
||||
microsoft.com
|
||||
dyndns.com
|
||||
dyndns.com
|
||||
rrys.tv
|
||||
|
||||
Loading…
Reference in New Issue
Block a user