fish/immortalwrt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

luci-app-passwall: sync with upstream source

Browse Source
This commit is contained in:
CN_SZTL 2020-02-27 18:00:29 +08:00
parent 4680c89c42
commit 8ad5c0a243
No known key found for this signature in database
GPG Key ID: 6850B6345C862176
30 changed files with 5543 additions and 6572 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
package/lienol/luci-app-passwall/Makefile
View File

@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-passwall
PKG_VERSION:=3.6
PKG_RELEASE:=2
PKG_DATE:=20200225
PKG_RELEASE:=5
PKG_DATE:=20200227
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
@ -83,7 +83,7 @@ endef
define Package/$(PKG_NAME)
CATEGORY:=LuCI
SUBMENU:=3. Applications
TITLE:=LuCI support for PassWall By Lienol
TITLE:=LuCI support for PassWall
PKGARCH:=all
DEPENDS:=+libmbedtls +iptables-mod-tproxy +kmod-ipt-tproxy +iptables-mod-ipopt +kmod-ipt-ipopt +ip +ipset +coreutils +coreutils-base64 +coreutils-nohup +luci-lib-jsonc \
+wget +resolveip +unzip +dnsmasq-full +tcping \
@ -114,14 +114,19 @@ endef
define Build/Compile
endef
define Package/$(PKG_NAME)/conffiles
/etc/config/passwall
/usr/share/passwall/rules/blacklist_host
/usr/share/passwall/rules/blacklist_ip
/usr/share/passwall/rules/whitelist_host
/usr/share/passwall/rules/whitelist_ip
endef
define Package/$(PKG_NAME)/install
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./root/etc/config/passwall $(1)/etc/config/passwall
$(INSTALL_CONF) ./root/etc/config/passwall_show $(1)/etc/config/passwall_show
$(INSTALL_DIR) $(1)/etc/config/passwall_rule
cp -pR ./root/etc/config/passwall_rule/* $(1)/etc/config/passwall_rule/
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_CONF) ./root/etc/uci-defaults/* $(1)/etc/uci-defaults

29
package/lienol/luci-app-passwall/luasrc/controller/passwall.lua
View File

@ -128,44 +128,30 @@ function status()
"echo -n `uci -q get %s.@global_other[0].tcp_node_num`" %
appname)
for i = 1, tcp_node_num, 1 do
local listen_port = luci.sys.exec(
string.format(
"[ -f '/var/etc/passwall/port/TCP_%s' ] && echo -n `cat /var/etc/passwall/port/TCP_%s`",
i, i))
e["tcp_node%s_status" % i] = luci.sys.call(
string.format(
"ps -w | grep -v grep | grep '%s/bin/' | grep -i -E 'TCP_%s|brook tproxy -l 0.0.0.0:%s|ipt2socks -T -l %s' >/dev/null",
appname, i, listen_port,
listen_port)) == 0
"ps -w | grep -v grep | grep '%s/bin/' | grep -i -E 'TCP_%s|brook_tcp_%s|ipt2socks_tcp_%s' >/dev/null",
appname, i, i, i)) == 0
end
local udp_node_num = luci.sys.exec(
"echo -n `uci -q get %s.@global_other[0].udp_node_num`" %
appname)
for i = 1, udp_node_num, 1 do
local listen_port = luci.sys.exec(
string.format(
"[ -f '/var/etc/passwall/port/UDP_%s' ] && echo -n `cat /var/etc/passwall/port/UDP_%s`",
i, i))
e["udp_node%s_status" % i] = luci.sys.call(
string.format(
"ps -w | grep -v grep | grep '%s/bin/' | grep -i -E 'UDP_%s|brook tproxy -l 0.0.0.0:%s|ipt2socks -U -l %s' >/dev/null",
appname, i, listen_port,
listen_port)) == 0
"ps -w | grep -v grep | grep '%s/bin/' | grep -i -E 'UDP_%s|brook_udp_%s|ipt2socks_udp_%s' >/dev/null",
appname, i, i, i)) == 0
end
local socks5_node_num = luci.sys.exec(
"echo -n `uci -q get %s.@global_other[0].socks5_node_num`" %
appname)
for i = 1, socks5_node_num, 1 do
local listen_port = luci.sys.exec(
string.format(
"[ -f '/var/etc/passwall/port/SOCKS5_%s' ] && echo -n `cat /var/etc/passwall/port/SOCKS5_%s`",
i, i))
e["socks5_node%s_status" % i] = luci.sys.call(
string.format(
"ps -w | grep -v grep | grep '%s/bin/' | grep -i -E 'SOCKS5_%s|brook client -l 0.0.0.0:%s' >/dev/null",
appname, i, listen_port)) == 0
"ps -w | grep -v grep | grep '%s/bin/' | grep -i -E 'SOCKS5_%s|brook_socks_%s' >/dev/null",
appname, i, i)) == 0
end
luci.http.prepare_content("application/json")
luci.http.write_json(e)
@ -274,7 +260,8 @@ end
function update_rules()
local update = luci.http.formvalue("update")
luci.sys.call("lua /usr/share/passwall/rule_update.lua log '" .. update .. "' > /dev/null 2>&1 &")
luci.sys.call("lua /usr/share/passwall/rule_update.lua log '" .. update ..
"' > /dev/null 2>&1 &")
end
function kcptun_check()

4
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/acl.lua
View File

@ -22,8 +22,8 @@ table.sort(key_table)
m = Map("passwall")
-- [[ ACLs Settings ]]--
s = m:section(TypedSection, "acl_rule", translate("ACLs"), translate(
"ACLs is a tools which used to designate specific IP proxy mode, IP or MAC address can be entered."))
s = m:section(TypedSection, "acl_rule", translate("ACLs"), "<font color='red'>" .. translate(
"ACLs is a tools which used to designate specific IP proxy mode, IP or MAC address can be entered.") .. "</font>")
s.template = "cbi/tblsection"
s.sortable = true
s.anonymous = true

2
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_trojan_client_config.lua
View File

@ -29,7 +29,7 @@ local trojan = {
tcp = {
no_delay = true,
keep_alive = true,
reuse_port = false,
reuse_port = true,
fast_open = (node.tcp_fast_open == "true") and true or false,
fast_open_qlen = 20
}

2
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray_client_config.lua
View File

@ -154,7 +154,7 @@ elseif node.type == "V2ray_shunt" then
type = "field",
domain = {
"youtube", "youtube.com", "youtu.be", "googlevideo.com",
"gvt2.com"
"ytimg.com","gvt2.com"
},
outboundTag = "youtube"
}

22
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/global.lua
View File

@ -54,7 +54,8 @@ o = s:option(Flag, "enabled", translate("Main switch"))
o.rmempty = false
---- TCP Node
local tcp_node_num = tonumber(api.uci_get_type("global_other", "tcp_node_num", 1))
local tcp_node_num = tonumber(
api.uci_get_type("global_other", "tcp_node_num", 1))
for i = 1, tcp_node_num, 1 do
if i == 1 then
o = s:option(ListValue, "tcp_node" .. i, translate("TCP Node"),
@ -68,7 +69,8 @@ for i = 1, tcp_node_num, 1 do
end
---- UDP Node
local udp_node_num = tonumber(api.uci_get_type("global_other", "udp_node_num", 1))
local udp_node_num = tonumber(
api.uci_get_type("global_other", "udp_node_num", 1))
for i = 1, udp_node_num, 1 do
if i == 1 then
o = s:option(ListValue, "udp_node" .. i, translate("UDP Node"),
@ -85,7 +87,8 @@ for i = 1, udp_node_num, 1 do
end
---- Socks5 Node
local socks5_node_num = tonumber(api.uci_get_type("global_other", "socks5_node_num", 1))
local socks5_node_num = tonumber(api.uci_get_type("global_other",
"socks5_node_num", 1))
for i = 1, socks5_node_num, 1 do
if i == 1 then
o = s:option(ListValue, "socks5_node" .. i, translate("Socks5 Node"),
@ -101,9 +104,9 @@ for i = 1, socks5_node_num, 1 do
end
if api.uci_get_type("global_other", "wangejibadns", "0") == "1" then
o = s:option(Value, "up_china_dns", translate("China DNS Server") .. "(UDP)",
translate(
"If you want to work with other DNS acceleration services, use the default.<br />Example: 127.0.0.1#6053 ,Represents DNS on using 127.0.0.1 the 6053 port. such as SmartDNS, AdGuard Home...<br />Only use two at most, english comma separation, If you do not fill in the # and the following port, you are using port 53.<br />If you use custom, unless you know what you're doing, setting it up incorrectly can cause your stuck to crash !"))
o = s:option(Value, "up_china_dns",
translate("China DNS Server") .. "(UDP)", translate(
"If you want to work with other DNS acceleration services, use the default.<br />Only use two at most, english comma separation, If you do not fill in the # and the following port, you are using port 53."))
o.default = "default"
o:value("default", translate("default"))
o:value("dnsbyisp", translate("dnsbyisp"))
@ -123,7 +126,7 @@ o = s:option(ListValue, "dns_mode", translate("DNS Mode"), translate(
"if has problem, please try another mode.<br />if you use no patterns are used, DNS of wan will be used by default as upstream of dnsmasq."))
o.rmempty = false
o:reset_values()
if is_finded("chinadns-ng") and api.uci_get_type("global_other", "wangejibadns", "0") == "1" then o:value("chinadns-ng", "ChinaDNS-NG") end
if is_finded("chinadns-ng") then o:value("chinadns-ng", "ChinaDNS-NG") end
if is_installed("pdnsd") or is_installed("pdnsd-alt") or is_finded("pdnsd") then
o:value("pdnsd", "pdnsd")
end
@ -180,11 +183,6 @@ o:value("208.67.220.220", "208.67.220.220 (Open DNS)")
o:depends("dns_mode", "pdnsd")
o:depends("up_trust_chinadns_ng_dns", "pdnsd")
---- DNS Hijack
o = s:option(Flag, "dns_53", translate("DNS Hijack"))
o.default = 1
o.rmempty = false
---- Default Proxy Mode
o = s:option(ListValue, "proxy_mode",
translate("Default") .. translate("Proxy Mode"),

32
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/node_config.lua
View File

@ -85,6 +85,15 @@ v2ray_protocol = s:option(ListValue, "v2ray_protocol",
v2ray_protocol:value("vmess", translate("Vmess"))
v2ray_protocol:depends("type", "V2ray")
brook_protocol = s:option(ListValue, "brook_protocol",
translate("Brook Protocol"))
brook_protocol:value("client", translate("Brook"))
brook_protocol:value("wsclient", translate("WebSocket"))
brook_protocol:depends("type", "Brook")
brook_tls = s:option(Flag, "brook_tls", translate("Use TLS"))
brook_tls:depends("brook_protocol", "wsclient")
local n = {}
uci:foreach(appname, "nodes", function(e)
if e.type and e.type == "V2ray" and e.remarks and e.port then
@ -97,22 +106,26 @@ for key, _ in pairs(n) do table.insert(key_table, key) end
table.sort(key_table)
v2ray_balancing_node = s:option(DynamicList, "v2ray_balancing_node",
translate("Load balancing node list"), translate(
translate("Load balancing node list"),
translate(
"Load balancing node list, <a target='_blank' href='https://toutyrater.github.io/routing/balance2.html'>document</a>"))
for _, key in pairs(key_table) do v2ray_balancing_node:value(key, n[key]) end
v2ray_balancing_node:depends("type", "V2ray_balancing")
youtube_node = s:option(ListValue, "youtube_node", "Youtube " .. translate("Node"))
youtube_node = s:option(ListValue, "youtube_node",
"Youtube " .. translate("Node"))
youtube_node:value("nil", translate("Close"))
for _, key in pairs(key_table) do youtube_node:value(key, n[key]) end
youtube_node:depends("type", "V2ray_shunt")
netflix_node = s:option(ListValue, "netflix_node", "Netflix " .. translate("Node"))
netflix_node = s:option(ListValue, "netflix_node",
"Netflix " .. translate("Node"))
netflix_node:value("nil", translate("Close"))
for _, key in pairs(key_table) do netflix_node:value(key, n[key]) end
netflix_node:depends("type", "V2ray_shunt")
default_node = s:option(ListValue, "default_node", translate("Default") .. " " .. translate("Node"))
default_node = s:option(ListValue, "default_node",
translate("Default") .. " " .. translate("Node"))
default_node:value("nil", translate("Close"))
for _, key in pairs(key_table) do default_node:value(key, n[key]) end
default_node:depends("type", "V2ray_shunt")
@ -205,8 +218,7 @@ if is_finded("v2ray-plugin") then ss_plugin:value("v2ray-plugin") end
if is_finded("obfs-local") then ss_plugin:value("obfs-local") end
ss_plugin:depends("type", "SS")
ss_plugin_opts =
s:option(Value, "ss_plugin_opts", translate("opts"))
ss_plugin_opts = s:option(Value, "ss_plugin_opts", translate("opts"))
ss_plugin_opts:depends("ss_plugin", "v2ray-plugin")
ss_plugin_opts:depends("ss_plugin", "obfs-local")
@ -223,10 +235,6 @@ kcp_server = s:option(Value, "kcp_server", translate("Kcptun Server"))
kcp_server.placeholder = translate("Default:Current Server")
kcp_server:depends("use_kcp", "1")
kcp_use_ipv6 = s:option(Flag, "kcp_use_ipv6", translate("Use IPv6"))
kcp_use_ipv6.default = 0
kcp_use_ipv6:depends("use_kcp", "1")
kcp_port = s:option(Value, "kcp_port", translate("Kcptun Port"))
kcp_port.datatype = "port"
kcp_port:depends("use_kcp", "1")
@ -431,7 +439,7 @@ function rmempty_restore()
password.rmempty = true
timeout.rmempty = true
tcp_fast_open.rmempty = true
--v2ray_protocol.rmempty = true
-- v2ray_protocol.rmempty = true
v2ray_VMess_id.rmempty = true
v2ray_VMess_alterId.rmempty = true
end
@ -453,7 +461,7 @@ type.validate = function(self, value)
elseif value == "V2ray" then
address.rmempty = false
port.rmempty = false
--v2ray_protocol.rmempty = false
-- v2ray_protocol.rmempty = false
v2ray_VMess_id.rmempty = false
v2ray_VMess_alterId.rmempty = false
elseif value == "V2ray_balancing" then

27
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/other.lua
View File

@ -55,17 +55,16 @@ s.anonymous = true
s.addremove = false
---- TCP No Redir Ports
o = s:option(Value, "tcp_no_redir_ports", translate("TCP No Redir Ports"),
translate(
"Fill in the ports you don't want to be forwarded by the agent, with the highest priority."))
o = s:option(Value, "tcp_no_redir_ports", translate("TCP No Redir Ports"))
o.default = "disable"
o:value("disable", translate("No patterns are used"))
o:value("1:65535", translate("All"))
---- UDP No Redir Ports
o = s:option(Value, "udp_no_redir_ports", translate("UDP No Redir Ports"),
translate(
"Fill in the ports you don't want to be forwarded by the agent, with the highest priority."))
"<font color='red'>" .. translate(
"Fill in the ports you don't want to be forwarded by the agent, with the highest priority.") ..
"</font>")
o.default = "disable"
o:value("disable", translate("No patterns are used"))
o:value("1:65535", translate("All"))
@ -86,8 +85,7 @@ o:value("1:65535", translate("All"))
o:value("53", "DNS")
---- Multi SS/SSR Process Option
o = s:option(Value, "process", translate("Multi Process Option"),
translate("you can start SS/SSR with multiple process"))
o = s:option(Value, "process", translate("Multi Process Option"))
o.default = "0"
o.rmempty = false
o:value("0", translate("Auto"))
@ -129,9 +127,9 @@ o.rmempty = true
-- [[ Other Settings ]]--
s = m:section(TypedSection, "global_other", translate("Other Settings"),
translatef(
"<font color='red'>" .. translatef(
"You can only set up a maximum of %s nodes for the time being, Used for access control.",
"3"))
"3") .. "</font>")
s.anonymous = true
s.addremove = false
@ -175,15 +173,4 @@ o = s:option(Flag, "status_show_ip111", translate("Status Show IP111"))
o.default = "0"
o.rmempty = false
---- Hide Menu
o = s:option(Button, "hide", translate("Hide Menu"),
translate(
"After the hidden to the display, input example in the address bar:") ..
" http://192.168.1.1/cgi-bin/luci/admin/vpn/passwall/show")
o.inputstyle = "remove"
function o.write(e, e)
luci.http.redirect(luci.dispatcher.build_url("admin", "vpn", "passwall",
"hide"))
end
return m

17
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/rule.lua
View File

@ -1,12 +1,17 @@
local e = require "nixio.fs"
local e = require "luci.sys"
-- local t = luci.sys.exec("cat /usr/share/passwall/dnsmasq.d/gfwlist.conf|grep -c ipset")
m = Map("passwall")
-- [[ Rule Settings ]]--
--[[
s = m:section(TypedSection, "global_rules", translate("Rule status"))
s.anonymous = true
s:append(Template("passwall/rule/rule_version"))
o = s:option(Flag, "adblock", translate("Enable adblock"))
o.rmempty = false
o = s:option(Value, "adblock_url", translate("adblock_url"))
o.default = "https://easylist-downloads.adblockplus.org/easylistchina+easylist.txt"
---- Auto Update
o = s:option(Flag, "auto_update", translate("Enable auto update rules"))
@ -26,11 +31,13 @@ o = s:option(ListValue, "time_update", translate("Day update rules"))
for e = 0, 23 do o:value(e, e .. translate("oclock")) end
o.default = 0
o:depends("auto_update", 1)
--]]
-- [[ Subscribe Settings ]]--
s = m:section(TypedSection, "global_subscribe", translate("Node Subscribe"),
translate(
"Please input the subscription url first, save and submit before updating. If you subscribe to update, it is recommended to delete all subscriptions and then re-subscribe."))
"<font color='red'>" .. translate(
"Please input the subscription url first, save and submit before updating. If you subscribe to update, it is recommended to delete all subscriptions and then re-subscribe.") ..
"</font>")
s.anonymous = true
---- Subscribe via proxy
@ -97,7 +104,9 @@ o.rmempty = false
-- [[ App Settings ]]--
s = m:section(TypedSection, "global_app", translate("App Update"),
translate("Please confirm that your firmware supports FPU."))
"<font color='red'>" ..
translate("Please confirm that your firmware supports FPU.") ..
"</font>")
s.anonymous = true
s:append(Template("passwall/rule/v2ray_version"))
s:append(Template("passwall/rule/kcptun_version"))

78
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/rule_list.lua
View File

@ -2,62 +2,68 @@ local fs = require "nixio.fs"
m = Map("passwall")
-- [[ Rule List Settings ]]--
s = m:section(TypedSection, "global", translate("Set Blacklist And Whitelist"))
s = m:section(TypedSection, "global_rules")
s.anonymous = true
---- Whitelist Hosts
local w_host_file = "/etc/config/passwall_rule/whitelist_host"
o = s:option(TextValue, "whitelist_host", translate("Whitelist Hosts"))
o.description = translate(
"Join the white list of domain names will not go agent.")
o.rows = 5
s:tab("w_hosts", translate("Whitelist Hosts"), "<font color='red'>" ..
translate("Join the white list of domain names will not go agent.") ..
"</font>")
local w_host_file = "/usr/share/passwall/rules/whitelist_host"
o = s:taboption("w_hosts", TextValue, "whitelist_host")
o.rows = 20
o.wrap = "off"
o.cfgvalue = function(self, section) return fs.readfile(w_host_file) or "" end
o.write = function(self, section, value) fs.writefile(w_host_file, value:gsub("\r\n", "\n")) end
o.write = function(self, section, value)
fs.writefile(w_host_file, value:gsub("\r\n", "\n"):gsub("http://", ""):gsub(
"https://", ""))
end
o.remove = function(self, section, value) fs.writefile(w_host_file, "") end
---- Whitelist IP
local w_ip_file = "/etc/config/passwall_rule/whitelist_ip"
o = s:option(TextValue, "whitelist_ip", translate("Whitelist IP"))
o.description = translate(
"These had been joined ip addresses will not use proxy.Please input the ip address or ip address segment,every line can input only one ip address.For example,112.123.134.145/24 or 112.123.134.145.")
o.rows = 5
s:tab("w_ip", translate("Whitelist IP"), "<font color='red'>" .. translate(
"These had been joined ip addresses will not use proxy.Please input the ip address or ip address segment,every line can input only one ip address.For example,192.168.0.0/24 or 223.5.5.5.") ..
"</font>")
local w_ip_file = "/usr/share/passwall/rules/whitelist_ip"
o = s:taboption("w_ip", TextValue, "whitelist_ip")
o.rows = 20
o.wrap = "off"
o.cfgvalue = function(self, section) return fs.readfile(w_ip_file) or "" end
o.write = function(self, section, value) fs.writefile(w_ip_file, value:gsub("\r\n", "\n")) end
o.write = function(self, section, value)
fs.writefile(w_ip_file, value:gsub("\r\n", "\n"):gsub("http://", ""):gsub(
"https://", ""))
end
o.remove = function(self, section, value) fs.writefile(w_ip_file, "") end
---- Blacklist Hosts
local b_host_file = "/etc/config/passwall_rule/blacklist_host"
o = s:option(TextValue, "blacklist_host", translate("Blacklist Hosts"))
o.description = translate(
"These had been joined websites will use proxy.Please input the domain names of websites,every line can input only one website domain.For example,google.com.")
o.rows = 5
s:tab("b_hosts", translate("Blacklist Hosts"),
"<font color='red'>" .. translate(
"These had been joined websites will use proxy.Please input the domain names of websites,every line can input only one website domain.For example,google.com.") ..
"</font>")
local b_host_file = "/usr/share/passwall/rules/blacklist_host"
o = s:taboption("b_hosts", TextValue, "blacklist_host")
o.rows = 20
o.wrap = "off"
o.cfgvalue = function(self, section) return fs.readfile(b_host_file) or "" end
o.write = function(self, section, value) fs.writefile(b_host_file, value:gsub("\r\n", "\n")) end
o.write = function(self, section, value)
fs.writefile(b_host_file, value:gsub("\r\n", "\n"):gsub("http://", ""):gsub(
"https://", ""))
end
o.remove = function(self, section, value) fs.writefile(b_host_file, "") end
---- Blacklist IP
local b_ip_file = "/etc/config/passwall_rule/blacklist_ip"
o = s:option(TextValue, "blacklist_ip", translate("Blacklist IP"))
o.description = translate(
"These had been joined ip addresses will use proxy.Please input the ip address or ip address segment,every line can input only one ip address.For example,112.123.134.145/24 or 112.123.134.145.")
o.rows = 5
s:tab("b_ip", translate("Blacklist IP"), "<font color='red'>" .. translate(
"These had been joined ip addresses will use proxy.Please input the ip address or ip address segment,every line can input only one ip address.For example,35.24.0.0/24 or 8.8.4.4.") ..
"</font>")
local b_ip_file = "/usr/share/passwall/rules/blacklist_ip"
o = s:taboption("b_ip", TextValue, "blacklist_ip")
o.rows = 20
o.wrap = "off"
o.cfgvalue = function(self, section) return fs.readfile(b_ip_file) or "" end
o.write = function(self, section, value) fs.writefile(b_ip_file, value:gsub("\r\n", "\n")) end
o.write = function(self, section, value)
fs.writefile(b_ip_file, value:gsub("\r\n", "\n"):gsub("http://", ""):gsub(
"https://", ""))
end
o.remove = function(self, section, value) fs.writefile(b_ip_file, "") end
---- Router Hosts
local router_file = "/etc/config/passwall_rule/router"
o = s:option(TextValue, "routerlist", translate("Router Hosts"))
o.description = translate(
"These had been joined websites will use proxy,but only Router model.Please input the domain names of websites,every line can input only one website domain.For example,google.com.")
o.rows = 5
o.wrap = "off"
o.cfgvalue = function(self, section) return fs.readfile(router_file) or "" end
o.write = function(self, section, value) fs.writefile(router_file, value:gsub("\r\n", "\n")) end
o.remove = function(self, section, value) fs.writefile(router_file, "") end
return m

7
package/lienol/luci-app-passwall/luasrc/view/passwall/log/log.htm
View File

@ -15,7 +15,7 @@ local dsp = require "luci.dispatcher"
}
);
}
XHR.poll(3, '<%=dsp.build_url("admin/vpn/passwall/get_log")%>', null,
XHR.poll(2, '<%=dsp.build_url("admin/vpn/passwall/get_log")%>', null,
function(x, data) {
if(x && x.status == 200) {
var log_textarea = document.getElementById('log_textarea');
@ -27,9 +27,6 @@ local dsp = require "luci.dispatcher"
//]]>
</script>
<fieldset class="cbi-section" id="_log_fieldset">
<legend>
<%:These is logs.%>
</legend>
<input class="cbi-button cbi-input-remove" type="button" onclick="clearlog()" value="<%:Clear logs%>" />
<textarea id="log_textarea" class="cbi-input-textarea" style="width: 100%;margin-top: 10px;" data-update="change" rows="40" wrap="off" readonly="readonly"></textarea>
<textarea id="log_textarea" class="cbi-input-textarea" style="width: 100%;margin-top: 10px;" data-update="change" rows="30" wrap="off" readonly="readonly"></textarea>
</fieldset>

146
package/lienol/luci-app-passwall/luasrc/view/passwall/node_list/node_list.htm
View File

@ -35,6 +35,52 @@ table td, .table .td {
<script type="text/javascript">
//<![CDATA[
var ajax = {
post: function(url, data, fn_success, fn_timeout) {
var xhr = new XMLHttpRequest();
var code = ajax.encode(data);
xhr.open("POST", url, true);
xhr.timeout = 1000;
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xhr.ontimeout = function() {
fn_timeout(xhr);
}
xhr.onreadystatechange = function() {
if(xhr.readyState == 4 && (xhr.status == 200 || xhr.status == 304)) {
var json = null;
if (xhr.getResponseHeader("Content-Type") == "application/json") {
try {
json = eval('(' + xhr.responseText + ')');
}
catch(e) {
json = null;
}
}
fn_success(xhr, json);
}
};
xhr.send(code);
},
encode: function(obj) {
obj = obj ? obj : { };
obj['_'] = Math.random();
if (typeof obj == 'object')
{
var code = '';
var self = this;
for (var k in obj)
code += (code ? '&' : '') +
k + '=' + encodeURIComponent(obj[k]);
return code;
}
return obj;
}
}
var section = "";
function open_set_node_div(cbi_id) {
section = cbi_id;
@ -94,11 +140,14 @@ table td, .table .td {
/* 自动Ping */
const auto_ping_value = document.getElementsByClassName('auto_ping_value');
const xhr = (index) => {
return new Promise((res) => {
const dom = auto_ping_value[index];
if (!dom) res()
var cbi_id = dom.getAttribute("cbiid");
var index = 0;
function auto_ping() {
if (index >= auto_ping_value.length) {
return;
}
var has_ping = auto_ping_value[index].getAttribute("has_ping");
if (has_ping == null) {
var cbi_id = auto_ping_value[index].getAttribute("cbiid");
<% if compact_display_nodes and tonumber(compact_display_nodes) == 1 then %>
var remarks = document.getElementById("cbid.passwall." + cbi_id + ".remarks").value;
var address = null;
@ -113,38 +162,67 @@ table td, .table .td {
var port = document.getElementById("cbid.passwall." + cbi_id + ".port").value;
<% end %>
if ((address != null && address != "") && (port != null && port != "")) {
XHR.get('<%=dsp.build_url("admin/vpn/passwall/ping_node")%>', {
index,
address: address,
port: port
},
(x, result) => {
if (result.ping == null || result.ping.trim() == "") {
auto_ping_value[result.index].innerHTML = "<font style='color:red'><%:Timeout%></font>";
} else {
var ping = parseInt(result.ping);
if (ping < 100)
auto_ping_value[result.index].innerHTML = "<font style='color:green'>" + result.ping + " ms" + "</font>";
else if (ping < 200)
auto_ping_value[result.index].innerHTML = "<font style='color:#fb9a05'>" + result.ping + " ms" + "</font>";
else if (ping >= 200)
auto_ping_value[result.index].innerHTML = "<font style='color:red'>" + result.ping + " ms" + "</font>";
}
res();
});
ajax.post('<%=dsp.build_url("admin/vpn/passwall/ping_node")%>', {
index: index,
address: address,
port: port
},
function(x, result) {
if(x && x.status == 200) {
for(var i = 0; i < auto_ping_value.length; i++) {
var obj = auto_ping_value[i];
var obj_cbi_id = obj.getAttribute("cbiid");
<% if compact_display_nodes and tonumber(compact_display_nodes) == 1 then %>
var obj_remarks = document.getElementById("cbid.passwall." + obj_cbi_id + ".remarks").value;
var obj_address = null;
var obj_port = null;
if (obj_remarks.lastIndexOf("") != -1 && obj_remarks.lastIndexOf("") != -1) {
var obj_address_full = obj_remarks.substring(obj_remarks.lastIndexOf("") + 1, obj_remarks.lastIndexOf(""));
obj_address = obj_address_full.substring(0, obj_address_full.lastIndexOf(":"));
obj_port = obj_address_full.substring(obj_address_full.lastIndexOf(":") + 1);
}
<% else %>
var obj_address = document.getElementById("cbid.passwall." + obj_cbi_id + ".address").value;
var obj_port = document.getElementById("cbid.passwall." + obj_cbi_id + ".port").value;
<% end %>
if (address == obj_address && port == obj_port) {
auto_ping_value[i].setAttribute("has_ping", "1");
if (result.ping == null || result.ping.trim() == "") {
auto_ping_value[i].innerHTML = "<font style='color:red'><%:Timeout%></font>";
} else {
var ping = parseInt(result.ping);
if (ping < 100)
auto_ping_value[i].innerHTML = "<font style='color:green'>" + result.ping + " ms" + "</font>";
else if (ping < 200)
auto_ping_value[i].innerHTML = "<font style='color:#fb9a05'>" + result.ping + " ms" + "</font>";
else if (ping >= 200)
auto_ping_value[i].innerHTML = "<font style='color:red'>" + result.ping + " ms" + "</font>";
}
}
}
}
index++;
auto_ping();
},
function(x) {
auto_ping_value[index].innerHTML = "<font style='color:red'><%:Timeout%></font>";
index++;
auto_ping();
},
);
} else {
index++;
auto_ping();
}
})
}
let task = -1;
const auto_ping_thread = () => {
task = task + 1
if (auto_ping_value[task]) {
xhr(task).then(auto_ping_thread);
}
else {
index++;
auto_ping();
}
}
for (let i = 0; i < 3; i++) {
auto_ping_thread()
}
auto_ping();
//添加"应用"按钮到"修改"按钮前
var edit_btn = document.getElementsByClassName("cbi-button cbi-button-edit");

46
package/lienol/luci-app-passwall/luasrc/view/passwall/rule/rule_version.htm
View File

@ -1,14 +1,5 @@
<%
local api = require "luci.model.cbi.passwall.api.api"
local dsp = require "luci.dispatcher"
local gfwlist_version = api.uci_get_type("global_rules", "gfwlist_version")
local chnroute_version = api.uci_get_type("global_rules", "chnroute_version")
local chnlist_version = api.uci_get_type("global_rules", "chnlist_version")
local gfwlist_update = api.uci_get_type("global_rules", "gfwlist_update", "1") == "1" and "checked='checked'" or ""
local chnroute_update = api.uci_get_type("global_rules", "chnroute_update", "1") == "1" and "checked='checked'" or ""
local chnlist_update = api.uci_get_type("global_rules", "chnlist_update", "1") == "1" and "checked='checked'" or ""
-%>
<script type="text/javascript">
@ -44,42 +35,6 @@ local chnlist_update = api.uci_get_type("global_rules", "chnlist_update", "1") =
</script>
<fieldset class="cbi-section">
<fieldset class="cbi-section" id="_rule_fieldset">
<div class="cbi-value">
<label class="cbi-value-title">gfwlist
<%:Version%>
</label>
<div class="cbi-value-field">
<div class="cbi-value-description">
<span><%=gfwlist_version%> 】</span>
<input type="checkbox" name="gfwlist_update" value="1" <%=gfwlist_update%> />
</div>
</div>
</div>
<div class="cbi-value">
<label class="cbi-value-title">chnroute
<%:Version%>
</label>
<div class="cbi-value-field">
<div class="cbi-value-description">
<span><%=chnroute_version%> 】</span>
<input type="checkbox" name="chnroute_update" value="1" <%=chnroute_update%> />
</div>
</div>
</div>
<div class="cbi-value">
<label class="cbi-value-title">chnlist
<%:Version%>
</label>
<div class="cbi-value-field">
<div class="cbi-value-description">
<span><%=chnlist_version%> 】</span>
<input type="checkbox" name="chnlist_update" value="1" <%=chnroute_update%> />
</div>
</div>
</div>
<div class="cbi-value">
<label class="cbi-value-title">
<%:Manually update%>
@ -88,6 +43,5 @@ local chnlist_update = api.uci_get_type("global_rules", "chnlist_update", "1") =
<input class="cbi-button cbi-input-apply" type="button" id="update_rules_btn" onclick="update_rules(this)" value="<%:Manually update%>" />
</div>
</div>
</fieldset>
</fieldset>

32
package/lienol/luci-app-passwall/po/zh_Hans/passwall.po
View File

@ -157,8 +157,8 @@ msgstr "DNS地址"
msgid "China DNS Server"
msgstr "国内DNS服务器"
msgid "If you want to work with other DNS acceleration services, use the default.<br />Example: 127.0.0.1#6053 ,Represents DNS on using 127.0.0.1 the 6053 port. such as SmartDNS, AdGuard Home...<br />Only use two at most, english comma separation, If you do not fill in the # and the following port, you are using port 53.<br />If you use custom, unless you know what you're doing, setting it up incorrectly can cause your stuck to crash !"
msgstr "如果你想和其他DNS加速服务一起工作请使用默认。<br />127.0.0.1#6053 使用本机的6053端口的DNS服务。例SmartDNSAdGuardHome等等。<br />最多使用2个DNS服务器英文逗号分隔如果没有填#和后面的端口则使用53端口。<br />如果你使用自定义,除非你知道你在做什么,否则设置不当会直接导致卡到崩溃!"
msgid "If you want to work with other DNS acceleration services, use the default.<br />Only use two at most, english comma separation, If you do not fill in the # and the following port, you are using port 53."
msgstr "如果你想和其他DNS加速服务一起工作请使用默认。<br />最多使用2个DNS服务器英文逗号分隔如果没有填#和后面的端口则使用53端口。"
msgid "Upstream trust DNS Server for ChinaDNS-NG"
msgstr "ChinaDNS-NG可信DNS"
@ -652,23 +652,17 @@ msgstr "IP黑名单"
msgid "Router Hosts"
msgstr "路由器本机黑名单"
msgid "These had been joined websites will use proxy.Please input the domain names of websites,every line can input only one website domain.For example,google.com."
msgstr "加入的域名将走代理对所有模式有效。输入网站域名google.com每个地址段一行。"
msgid "These had been joined ip addresses will use proxy.Please input the ip address or ip address segment,every line can input only one ip address.For example,112.123.134.145/24 or 112.123.134.145."
msgstr "加入的地址段将走代理对所有模式有效。可输入IP地址或地址段112.123.134.145/24或112.123.134.145,每个地址段一行。"
msgid "Join the white list of domain names will not go agent."
msgstr "加入的域名不走代理通道,对所有模式有效。且优先于黑名单。"
msgid "These had been joined ip addresses will not use proxy.Please input the ip address or ip address segment,every line can input only one ip address.For example,112.123.134.145/24 or 112.123.134.145."
msgstr "加入的地址段不走代理通道对所有模式有效。且优先于黑名单。可输入IP地址或地址段112.123.134.145/24或112.123.134.145每个地址段一行。"
msgid "These had been joined ip addresses will not use proxy.Please input the ip address or ip address segment,every line can input only one ip address.For example,192.168.0.0/24 or 223.5.5.5."
msgstr "加入的IP段不走代理通道对所有模式有效。且优先于黑名单。可输入IP地址或地址段192.168.0.0/24或223.5.5.5,每个地址段一行。"
msgid "These had been joined websites will use proxy,but only Router model.Please input the domain names of websites,every line can input only one website domain.For example,google.com."
msgstr "加入的域名将走代理,仅限路由器本机使用。输入网站域名google.com每个地址段一行。"
msgid "These had been joined websites will use proxy.Please input the domain names of websites,every line can input only one website domain.For example,google.com."
msgstr "加入的域名将走代理,对所有模式有效。输入网站域名google.com每个地址段一行。"
msgid "These is logs."
msgstr "这里显示的是最近的日志。"
msgid "These had been joined ip addresses will use proxy.Please input the ip address or ip address segment,every line can input only one ip address.For example,35.24.0.0/24 or 8.8.4.4."
msgstr "加入的IP段将走代理对所有模式有效。可输入IP地址或地址段35.24.0.0/24或8.8.4.4,每个地址段一行。"
msgid "Clear logs"
msgstr "清空日志"
@ -728,7 +722,7 @@ msgid "Use Kcptun"
msgstr "使用Kcptun"
msgid "Please confirm whether the Kcptun is installed. If not, please go to Rule Update download installation."
msgstr "请确认KCP是否已安装,若没有请到自动更新下载安装。"
msgstr "请确认Kcptun是否已安装,若没有请到自动更新下载安装。"
msgid "Kcptun Server"
msgstr "Kcptun服务器"
@ -740,7 +734,13 @@ msgid "Kcptun Config"
msgstr "Kcptun参数配置"
msgid "--crypt aes192 --key abc123 --mtu 1350 --sndwnd 128 --rcvwnd 1024 --mode fast"
msgstr "默认Kcptun和SS服务器相同IP,参数中无需配置服务器IP和本地端口需要配置的参数和格式如--crypt aes192 --key abc123 --mtu 1350 --sndwnd 128 --rcvwnd 1024 --mode fast"
msgstr "参数中无需配置服务器IP和本地端口需要配置的参数和格式如--crypt aes192 --key abc123 --mtu 1350 --sndwnd 128 --rcvwnd 1024 --mode fast"
msgid "Brook Protocol"
msgstr "Brook协议"
msgid "Use TLS"
msgstr "使用TLS"
msgid "V2ray Protocol"
msgstr "V2ray协议"

9
package/lienol/luci-app-passwall/root/etc/config/passwall
View File

@ -8,7 +8,6 @@ config global
option up_china_dns 'default'
option dns_forward '8.8.4.4'
option use_tcp_node_resolve_dns '1'
option dns_53 '1'
option proxy_mode 'chnroute'
option localhost_proxy_mode 'gfwlist'
@ -17,7 +16,7 @@ config global_haproxy
config global_delay
option auto_on '0'
option start_daemon '0'
option start_daemon '1'
option start_delay '1'
config global_forwarding
@ -44,12 +43,6 @@ config global_other
config global_rules
option auto_update '0'
option gfwlist_update '1'
option chnroute_update '1'
option chnlist_update '1'
option gfwlist_version '2019-12-10'
option chnroute_version '2019-12-05'
option chnlist_version '2020-01-06'
config global_app
option v2ray_file '/usr/bin/v2ray/'

0
package/lienol/luci-app-passwall/root/etc/config/passwall_rule/router
View File

176
package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh
View File

@ -5,13 +5,13 @@
. $IPKG_INSTROOT/lib/functions/service.sh
CONFIG=passwall
CONFIG_PATH=/var/etc/$CONFIG
RUN_BIN_PATH=$CONFIG_PATH/bin
RUN_ID_PATH=$CONFIG_PATH/id
TMP_PATH=/var/etc/$CONFIG
TMP_BIN_PATH=$TMP_PATH/bin
TMP_ID_PATH=$TMP_PATH/id
LOCK_FILE=/var/lock/$CONFIG.lock
LOG_FILE=/var/log/$CONFIG.log
RULE_PATH=/etc/config/${CONFIG}_rule
APP_PATH=/usr/share/$CONFIG
RULES_PATH=/usr/share/${CONFIG}/rules
TMP_DNSMASQ_PATH=/var/etc/dnsmasq-passwall.d
DNSMASQ_PATH=/etc/dnsmasq.d
RESOLVFILE=/tmp/resolv.conf.d/resolv.conf.auto
@ -120,12 +120,12 @@ ln_start_bin() {
local file=$1
local bin=$2
local cmd=$3
if [ -n "${RUN_BIN_PATH}/$bin" -a -f "${RUN_BIN_PATH}/$bin" ];then
${RUN_BIN_PATH}/$bin $cmd >/dev/null 2>&1 &
if [ -n "${TMP_BIN_PATH}/$bin" -a -f "${TMP_BIN_PATH}/$bin" ];then
${TMP_BIN_PATH}/$bin $cmd >/dev/null 2>&1 &
else
if [ -n "$file" -a -f "$file" ];then
ln -s $file ${RUN_BIN_PATH}/$bin
${RUN_BIN_PATH}/$bin $cmd >/dev/null 2>&1 &
ln -s $file ${TMP_BIN_PATH}/$bin
${TMP_BIN_PATH}/$bin $cmd >/dev/null 2>&1 &
else
echolog "找不到$bin主程序,无法启动!"
fi
@ -183,22 +183,27 @@ load_config() {
[ "$LOCALHOST_PROXY_MODE" == "default" ] && LOCALHOST_PROXY_MODE=$PROXY_MODE
UP_CHINA_DNS=$(config_t_get global up_china_dns dnsbyisp)
wangejibadns=$(config_t_get global_other wangejibadns 0)
[ "$wangejibadns" == "0" ] && {
UP_CHINA_DNS="default"
[ "$DNS_MODE" == "chinadns-ng" ] && DNS_MODE="pdnsd" && use_udp_node_resolve_dns=0
}
[ "$wangejibadns" == "0" ] && UP_CHINA_DNS="default"
[ "$UP_CHINA_DNS" == "default" ] && IS_DEFAULT_CHINA_DNS=1
[ ! -f "$RESOLVFILE" -o ! -s "$RESOLVFILE" ] && RESOLVFILE=/tmp/resolv.conf.auto
[ "$UP_CHINA_DNS" == "dnsbyisp" -o "$UP_CHINA_DNS" == "default" ] && {
local dns1=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | grep -v 0.0.0.0 | grep -v 127.0.0.1 | sed -n '1P')
if [ -n "$dns1" ]; then
UP_CHINA_DNS=$dns1
if [ "$UP_CHINA_DNS" == "dnsbyisp" -o "$UP_CHINA_DNS" == "default" ]; then
UP_CHINA_DNS1=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | grep -v 0.0.0.0 | grep -v 127.0.0.1 | sed -n '1P')
if [ -n "$UP_CHINA_DNS1" ]; then
UP_CHINA_DNS=$UP_CHINA_DNS1
else
UP_CHINA_DNS="223.5.5.5"
fi
local dns2=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | grep -v 0.0.0.0 | grep -v 127.0.0.1 | sed -n '2P')
[ -n "$dns1" -a -n "$dns2" ] && UP_CHINA_DNS="$dns1,$dns2"
}
local UP_CHINA_DNS2=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | grep -v 0.0.0.0 | grep -v 127.0.0.1 | sed -n '2P')
[ -n "$UP_CHINA_DNS1" -a -n "$UP_CHINA_DNS2" ] && UP_CHINA_DNS="$UP_CHINA_DNS1,$UP_CHINA_DNS2"
else
UP_CHINA_DNS1=$(echo $UP_CHINA_DNS | awk -F ',' '{print $1}')
if [ -n "$UP_CHINA_DNS1" ]; then
UP_CHINA_DNS2=$(echo $UP_CHINA_DNS | awk -F ',' '{print $2}')
[ -n "$UP_CHINA_DNS2" ] && UP_CHINA_DNS="${UP_CHINA_DNS1},${UP_CHINA_DNS2}"
else
UP_CHINA_DNS="223.5.5.5"
fi
fi
TCP_REDIR_PORT1=$(config_t_get global_forwarding tcp_redir_port 1041)
TCP_REDIR_PORT2=$(expr $TCP_REDIR_PORT1 + 1)
TCP_REDIR_PORT3=$(expr $TCP_REDIR_PORT2 + 1)
@ -209,7 +214,7 @@ load_config() {
SOCKS5_PROXY_PORT2=$(expr $SOCKS5_PROXY_PORT1 + 1)
SOCKS5_PROXY_PORT3=$(expr $SOCKS5_PROXY_PORT2 + 1)
PROXY_IPV6=$(config_t_get global_forwarding proxy_ipv6 0)
mkdir -p /var/etc $CONFIG_PATH $RUN_BIN_PATH $RUN_ID_PATH
mkdir -p /var/etc $TMP_PATH $TMP_BIN_PATH $TMP_ID_PATH
return 0
}
@ -274,7 +279,12 @@ gen_start_config() {
lua $API_GEN_TROJAN $node client "0.0.0.0" $local_port >$config_file
ln_start_bin $(find_bin trojan) trojan "-c $config_file"
elif [ "$type" == "brook" ]; then
ln_start_bin $(config_t_get global_app brook_file $(find_bin brook)) brook "client -l 0.0.0.0:$local_port -i 0.0.0.0 -s $server_host:$port -p $(config_n_get $node password)"
local protocol=$(config_n_get $node brook_protocol client)
local brook_tls=$(config_n_get $node brook_tls 0)
[ "$protocol" == "wsclient" ] && {
[ "$brook_tls" == "1" ] && server_host="wss://${server_host}" || server_host="ws://${server_host}"
}
ln_start_bin $(config_t_get global_app brook_file $(find_bin brook)) brook_socks_$5 "$protocol -l 0.0.0.0:$local_port -i 0.0.0.0 -s $server_host:$port -p $(config_n_get $node password)"
elif [ "$type" == "ssr" ]; then
gen_ss_ssr_config_file ssr $local_port 0 $node $config_file
ln_start_bin $(find_bin ssr-local) ssr-local "-c $config_file -b 0.0.0.0 -u"
@ -301,9 +311,9 @@ gen_start_config() {
local server_username=$(config_n_get $node username)
local server_password=$(config_n_get $node password)
eval port=\$UDP_REDIR_PORT$5
ln_start_bin $(find_bin ipt2socks) ipt2socks "-U -l $port -b 0.0.0.0 -s $node_address -p $node_port -R"
ln_start_bin $(find_bin ipt2socks) ipt2socks_udp_$5 "-U -l $port -b 0.0.0.0 -s $node_address -p $node_port -R"
# local redsocks_config_file=$CONFIG_PATH/UDP_$i.conf
# local redsocks_config_file=$TMP_PATH/UDP_$i.conf
# gen_redsocks_config $redsocks_config_file udp $port $node_address $node_port $server_username $server_password
# ln_start_bin $(find_bin redsocks2) redsocks2 "-c $redsocks_config_file"
elif [ "$type" == "v2ray" -o "$type" == "v2ray_balancing" -o "$type" == "v2ray_shunt" ]; then
@ -321,13 +331,18 @@ gen_start_config() {
local server_username=$(config_n_get $node username)
local server_password=$(config_n_get $node password)
eval port=\$UDP_REDIR_PORT$5
ln_start_bin $(find_bin ipt2socks) ipt2socks "-U -l $port -b 0.0.0.0 -s 127.0.0.1 -p $socks5_port -R"
ln_start_bin $(find_bin ipt2socks) ipt2socks_udp_$5 "-U -l $port -b 0.0.0.0 -s 127.0.0.1 -p $socks5_port -R"
# local redsocks_config_file=$CONFIG_PATH/redsocks_UDP_$i.conf
# local redsocks_config_file=$TMP_PATH/redsocks_UDP_$i.conf
# gen_redsocks_config $redsocks_config_file udp $port "127.0.0.1" $socks5_port
# ln_start_bin $(find_bin redsocks2) redsocks2 "-c $redsocks_config_file"
elif [ "$type" == "brook" ]; then
ln_start_bin $(config_t_get global_app brook_file $(find_bin brook)) brook "tproxy -l 0.0.0.0:$local_port -s $server_host:$port -p $(config_n_get $node password)"
local protocol=$(config_n_get $node brook_protocol client)
if [ "$protocol" == "wsclient" ]; then
echolog "Brook的WebSocket不支持UDP转发"
else
ln_start_bin $(config_t_get global_app brook_file $(find_bin brook)) brook_udp_$5 "tproxy -l 0.0.0.0:$local_port -s $server_host:$port -p $(config_n_get $node password)"
fi
elif [ "$type" == "ssr" ]; then
gen_ss_ssr_config_file ssr $local_port 0 $node $config_file
ln_start_bin $(find_bin ssr-redir) ssr-redir "-c $config_file -U"
@ -354,9 +369,9 @@ gen_start_config() {
local server_username=$(config_n_get $node username)
local server_password=$(config_n_get $node password)
eval port=\$TCP_REDIR_PORT$5
ln_start_bin $(find_bin ipt2socks) ipt2socks "-T -l $port -b 0.0.0.0 -s $node_address -p $node_port -R"
ln_start_bin $(find_bin ipt2socks) ipt2socks_tcp_$5 "-T -l $port -b 0.0.0.0 -s $node_address -p $node_port -R"
# local redsocks_config_file=$CONFIG_PATH/TCP_$i.conf
# local redsocks_config_file=$TMP_PATH/TCP_$i.conf
# gen_redsocks_config $redsocks_config_file tcp $port $node_address $socks5_port $server_username $server_password
# ln_start_bin $(find_bin redsocks2) redsocks2 "-c $redsocks_config_file"
elif [ "$type" == "v2ray" -o "$type" == "v2ray_balancing" -o "$type" == "v2ray_shunt" ]; then
@ -364,7 +379,9 @@ gen_start_config() {
ln_start_bin $(config_t_get global_app v2ray_file $(find_bin v2ray))/v2ray v2ray "-config=$config_file"
elif [ "$type" == "trojan" ]; then
lua $API_GEN_TROJAN $node nat "0.0.0.0" $local_port >$config_file
ln_start_bin $(find_bin trojan) trojan "-c $config_file"
for k in $(seq 1 $process); do
ln_start_bin $(find_bin trojan) trojan "-c $config_file"
done
else
local kcptun_use=$(config_n_get $node use_kcp 0)
if [ "$kcptun_use" == "1" ]; then
@ -380,7 +397,7 @@ gen_start_config() {
local run_kcptun_ip=$server_host
[ -n "$kcptun_server_host" ] && run_kcptun_ip=$(get_host_ip $network_type $kcptun_server_host)
KCPTUN_REDIR_PORT=$(get_not_exists_port_after $KCPTUN_REDIR_PORT udp)
ln_start_bin $(config_t_get global_app kcptun_client_file $(find_bin kcptun-client)) kcptun-client "--log $CONFIG_PATH/kcptun_${5}.log -l 0.0.0.0:$KCPTUN_REDIR_PORT -r $run_kcptun_ip:$kcptun_port $kcptun_config"
ln_start_bin $(config_t_get global_app kcptun_client_file $(find_bin kcptun-client)) kcptun-client "--log $TMP_PATH/kcptun_${5}.log -l 0.0.0.0:$KCPTUN_REDIR_PORT -r $run_kcptun_ip:$kcptun_port $kcptun_config"
fi
fi
if [ "$type" == "ssr" ]; then
@ -394,8 +411,8 @@ gen_start_config() {
local plugin=$(config_n_get $node ss_plugin)
if [ "$plugin" != "none" ]; then
[ "$plugin" == "v2ray-plugin" -o "$plugin" == "obfs-local" ] && {
local opts=$(config_n_get $node ss_plugin_opts)
plugin_params="--plugin $plugin --plugin-opts $opts"
local opts=$(config_n_get $node ss_plugin_opts)
plugin_params="--plugin $plugin --plugin-opts $opts"
}
fi
for k in $(seq 1 $process); do
@ -403,11 +420,22 @@ gen_start_config() {
done
elif [ "$type" == "brook" ]; then
local server_ip=$server_host
[ "$kcptun_use" == "1" ] && {
server_ip=127.0.0.1
port=$KCPTUN_REDIR_PORT
}
ln_start_bin $(config_t_get global_app brook_file $(find_bin brook)) brook "tproxy -l 0.0.0.0:$local_port -s $server_ip:$port -p $(config_n_get $node password)"
local protocol=$(config_n_get $node brook_protocol client)
local brook_tls=$(config_n_get $node brook_tls 0)
if [ "$protocol" == "wsclient" ]; then
[ "$brook_tls" == "1" ] && server_ip="wss://${server_ip}" || server_ip="ws://${server_ip}"
socks5_port=$(get_not_exists_port_after $(expr $SOCKS5_PROXY_PORT3 + 3) tcp)
ln_start_bin $(config_t_get global_app brook_file $(find_bin brook)) brook_tcp_$5 "wsclient -l 127.0.0.1:$socks5_port -i 127.0.0.1 -s $server_ip:$port -p $(config_n_get $node password)"
eval port=\$TCP_REDIR_PORT$5
ln_start_bin $(find_bin ipt2socks) ipt2socks_tcp_$5 "-T -l $port -b 0.0.0.0 -s 127.0.0.1 -p $socks5_port -R"
echolog "Brook的WebSocket不支持透明代理将使用ipt2socks转换透明代理"
else
[ "$kcptun_use" == "1" ] && {
server_ip=127.0.0.1
port=$KCPTUN_REDIR_PORT
}
ln_start_bin $(config_t_get global_app brook_file $(find_bin brook)) brook_tcp_$5 "tproxy -l 0.0.0.0:$local_port -s $server_ip:$port -p $(config_n_get $node password)"
fi
fi
fi
fi
@ -420,13 +448,13 @@ start_redir() {
eval node=\$${1}_NODE$i
[ "$node" != "nil" ] && {
TYPE=$(echo $(config_n_get $node type) | tr 'A-Z' 'a-z')
local config_file=$CONFIG_PATH/${1}_${i}.json
local config_file=$TMP_PATH/${1}_${i}.json
eval current_port=\$${1}_${2}_PORT$i
local port=$(echo $(get_not_exists_port_after $current_port $3))
eval ${1}_${2}$i=$port
gen_start_config $node $port $1 $config_file $i
#eval ip=\$${1}_NODE${i}_IP
echo $node > $RUN_ID_PATH/${1}_${i}
echo $node > $TMP_ID_PATH/${1}_${i}
}
done
}
@ -443,7 +471,7 @@ start_crontab() {
sed -i '/$CONFIG/d' /etc/crontabs/root >/dev/null 2>&1 &
start_daemon=$(config_t_get global_delay start_daemon)
if [ "$start_daemon" = "1" ]; then
echo "*/2 * * * * nohup $APP_PATH/monitor.sh > /dev/null 2>&1" >>/etc/crontabs/root
echo "*/1 * * * * nohup $APP_PATH/monitor.sh > /dev/null 2>&1" >>/etc/crontabs/root
echolog "已启动守护进程。"
fi
@ -481,12 +509,12 @@ start_crontab() {
autoupdatesubscribe=$(config_t_get global_subscribe auto_update_subscribe)
weekupdatesubscribe=$(config_t_get global_subscribe week_update_subscribe)
dayupdatesubscribe=$(config_t_get global_subscribe time_update_subscribe)
if [ "$autoupdate" = "1" ]; then
local t="0 $dayupdate * * $weekupdate"
[ "$weekupdate" = "7" ] && t="0 $dayupdate * * *"
echo "$t lua $APP_PATH/rule_update.lua nil log > /dev/null 2>&1 &" >>/etc/crontabs/root
echolog "配置定时任务:自动更新规则。"
fi
#if [ "$autoupdate" = "1" ]; then
# local t="0 $dayupdate * * $weekupdate"
# [ "$weekupdate" = "7" ] && t="0 $dayupdate * * *"
# echo "$t lua $APP_PATH/rule_update.lua nil log > /dev/null 2>&1 &" >>/etc/crontabs/root
# echolog "配置定时任务:自动更新规则。"
#fi
if [ "$autoupdatesubscribe" = "1" ]; then
local t="0 $dayupdatesubscribe * * $weekupdate"
@ -533,9 +561,9 @@ start_dns() {
;;
chinadns-ng)
other_port=$(expr $DNS_PORT + 1)
cat $RULE_PATH/gfwlist.conf | sort | uniq | sed -e '/127.0.0.1/d' | sed 's/ipset=\/.//g' | sed 's/\/gfwlist//g' > $CONFIG_PATH/gfwlist.txt
[ -f "$CONFIG_PATH/gfwlist.txt" ] && local gfwlist_param="-g $CONFIG_PATH/gfwlist.txt"
[ -f "$RULE_PATH/chnlist" ] && local chnlist_param="-m $RULE_PATH/chnlist"
cat $APP_PATH/gfwlist.conf | sort | uniq | sed -e '/127.0.0.1/d' | sed 's/ipset=\/.//g' | sed 's/\/gfwlist//g' > $TMP_PATH/gfwlist.txt
[ -f "$TMP_PATH/gfwlist.txt" ] && local gfwlist_param="-g $TMP_PATH/gfwlist.txt"
[ -f "$APP_PATH/chnlist" ] && local chnlist_param="-m $APP_PATH/chnlist"
up_trust_chinadns_ng_dns=$(config_t_get global up_trust_chinadns_ng_dns "pdnsd")
if [ "$up_trust_chinadns_ng_dns" == "pdnsd" ]; then
@ -572,17 +600,16 @@ start_dns() {
add_dnsmasq() {
mkdir -p $TMP_DNSMASQ_PATH $DNSMASQ_PATH /var/dnsmasq.d
cat $RULE_PATH/whitelist_host | sed -e "/^$/d" | sed "s/^/ipset=&\/./g" | sed "s/$/\/&whitelist/g" | sort | awk '{if ($0!=line) print;line=$0}' > $TMP_DNSMASQ_PATH/whitelist_host.conf
cat $RULES_PATH/whitelist_host | sed -e "/^$/d" | sed "s/^/ipset=&\/./g" | sed "s/$/\/&whitelist/g" | sort | awk '{if ($0!=line) print;line=$0}' > $TMP_DNSMASQ_PATH/whitelist_host.conf
local adblock=$(config_t_get global_rules adblock 1)
local adblock=$(config_t_get global_rules adblock 0)
[ "$adblock" == "1" ] && {
[ -f "$RULE_PATH/adblock.conf" -a -s "$RULE_PATH/adblock.conf" ] && ln -s $RULE_PATH/adblock.conf $TMP_DNSMASQ_PATH/adblock.conf
[ -f "$RULES_PATH/adblock.conf" -a -s "$RULES_PATH/adblock.conf" ] && ln -s $RULES_PATH/adblock.conf $TMP_DNSMASQ_PATH/adblock.conf
}
[ "$DNS_MODE" != "nonuse" ] && {
[ -f "$RULE_PATH/blacklist_host" -a -s "$RULE_PATH/blacklist_host" ] && cat $RULE_PATH/blacklist_host | sed -e "/^$/d" | awk '{print "server=/."$1"/127.0.0.1#'$DNS_PORT'\nipset=/."$1"/blacklist"}' > $TMP_DNSMASQ_PATH/blacklist_host.conf
[ -f "$RULE_PATH/router" -a -s "$RULE_PATH/router" ] && cat $RULE_PATH/router | sed -e "/^$/d" | awk '{print "server=/."$1"/127.0.0.1#'$DNS_PORT'\nipset=/."$1"/router"}' > $TMP_DNSMASQ_PATH/router.conf
[ -f "$RULE_PATH/gfwlist.conf" -a -s "$RULE_PATH/gfwlist.conf" ] && ln -s $RULE_PATH/gfwlist.conf $TMP_DNSMASQ_PATH/gfwlist.conf
[ -f "$RULES_PATH/blacklist_host" -a -s "$RULES_PATH/blacklist_host" ] && cat $RULES_PATH/blacklist_host | sed -e "/^$/d" | awk '{print "server=/."$1"/127.0.0.1#'$DNS_PORT'\nipset=/."$1"/blacklist"}' > $TMP_DNSMASQ_PATH/blacklist_host.conf
[ -f "$RULES_PATH/gfwlist.conf" -a -s "$RULES_PATH/gfwlist.conf" ] && ln -s $RULES_PATH/gfwlist.conf $TMP_DNSMASQ_PATH/gfwlist.conf
subscribe_proxy=$(config_t_get global_subscribe subscribe_proxy 0)
[ "$subscribe_proxy" -eq 1 ] && {
@ -599,10 +626,10 @@ add_dnsmasq() {
[ -n "$url" -a "$url" != "" ] && {
if [ -n "$(echo -n "$url" | grep "//")" ]; then
echo -n "$url" | awk -F'/' '{print $3}' | sed "s/^/server=&\/./g" | sed "s/$/\/127.0.0.1#$DNS_PORT/g" >>$TMP_DNSMASQ_PATH/subscribe.conf
echo -n "$url" | awk -F'/' '{print $3}' | sed "s/^/ipset=&\/./g" | sed "s/$/\/router/g" >>$TMP_DNSMASQ_PATH/subscribe.conf
echo -n "$url" | awk -F'/' '{print $3}' | sed "s/^/ipset=&\/./g" | sed "s/$/\/blacklist/g" >>$TMP_DNSMASQ_PATH/subscribe.conf
else
echo -n "$url" | awk -F'/' '{print $1}' | sed "s/^/server=&\/./g" | sed "s/$/\/127.0.0.1#$DNS_PORT/g" >>$TMP_DNSMASQ_PATH/subscribe.conf
echo -n "$url" | awk -F'/' '{print $1}' | sed "s/^/ipset=&\/./g" | sed "s/$/\/router/g" >>$TMP_DNSMASQ_PATH/subscribe.conf
echo -n "$url" | awk -F'/' '{print $1}' | sed "s/^/ipset=&\/./g" | sed "s/$/\/blacklist/g" >>$TMP_DNSMASQ_PATH/subscribe.conf
fi
}
done
@ -613,10 +640,8 @@ add_dnsmasq() {
[ -z "$IS_DEFAULT_CHINA_DNS" -o "$IS_DEFAULT_CHINA_DNS" == 0 ] && {
server="server=127.0.0.1#$DNS_PORT"
[ "$DNS_MODE" != "chinadns-ng" ] && {
local china_dns1=$(echo $UP_CHINA_DNS | awk -F "," '{print $1}')
local china_dns2=$(echo $UP_CHINA_DNS | awk -F "," '{print $2}')
[ -n "$china_dns1" ] && server="server=$china_dns1"
[ -n "$china_dns2" ] && server="${server}\n${server_2}"
[ -n "$UP_CHINA_DNS1" ] && server="server=$UP_CHINA_DNS1"
[ -n "$UP_CHINA_DNS2" ] && server="${server}\n${UP_CHINA_DNS2}"
server="${server}\nno-resolv"
}
cat <<-EOF > /var/dnsmasq.d/dnsmasq-$CONFIG.conf
@ -697,7 +722,7 @@ gen_redsocks_config() {
}
gen_pdnsd_config() {
pdnsd_dir=$CONFIG_PATH/pdnsd
pdnsd_dir=$TMP_PATH/pdnsd
mkdir -p $pdnsd_dir
touch $pdnsd_dir/pdnsd.cache
chown -R root.nogroup $pdnsd_dir
@ -710,13 +735,14 @@ gen_pdnsd_config() {
server_port = $1;
status_ctl = on;
query_method = tcp_only;
min_ttl = 1d;
min_ttl = 1h;
max_ttl = 1w;
timeout = 10;
tcp_qtimeout = 1;
par_queries = 1;
neg_domain_pol = on;
udpbufsize = 1024;
proc_limit = 2;
procq_limit = 8;
}
EOF
@ -729,7 +755,7 @@ gen_pdnsd_config() {
edns_query = on;
port = 53;
timeout = 4;
interval = 60;
interval = 10m;
uptest = none;
purge_cache = off;
}
@ -743,8 +769,8 @@ gen_pdnsd_config() {
ip = 208.67.222.222, 208.67.220.220;
edns_query = on;
port = 443;
timeout = 4;
interval = 60;
timeout = 3;
interval = 10m;
uptest = none;
purge_cache = off;
}
@ -753,17 +779,11 @@ gen_pdnsd_config() {
ip = 208.67.222.222, 208.67.220.220;
edns_query = on;
port = 5353;
timeout = 4;
interval = 60;
timeout = 3;
interval = 10m;
uptest = none;
purge_cache = off;
}
source {
ttl = 86400;
owner = "localhost.";
serve_aliases = on;
file = "/etc/hosts";
}
EOF
}
@ -779,7 +799,7 @@ start_haproxy() {
[ "$enabled" = "1" ] && {
haproxy_bin=$(find_bin haproxy)
[ -f "$haproxy_bin" ] && {
local HAPROXY_PATH=$CONFIG_PATH/haproxy
local HAPROXY_PATH=$TMP_PATH/haproxy
mkdir -p $HAPROXY_PATH
local HAPROXY_FILE=$HAPROXY_PATH/config.cfg
bport=$(config_t_get global_haproxy haproxy_port)
@ -969,8 +989,8 @@ stop() {
source $APP_PATH/iptables.sh stop
flush_include
kill_all v2ray-plugin obfs-local
ps -w | grep -E "$CONFIG_PATH" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &
rm -rf $TMP_DNSMASQ_PATH $CONFIG_PATH
ps -w | grep -E "$TMP_PATH" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &
rm -rf $TMP_DNSMASQ_PATH $TMP_PATH
stop_dnsmasq
stop_crontab
echolog "关闭相关程序,清理相关文件和缓存完成。"

1
package/lienol/luci-app-passwall/root/usr/share/passwall/config.default
View File

@ -8,7 +8,6 @@ config global
option up_china_dns 'default'
option dns_forward '8.8.4.4'
option use_tcp_node_resolve_dns '1'
option dns_53 '1'
option proxy_mode 'chnroute'
option localhost_proxy_mode 'gfwlist'

111
package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh
View File

@ -2,7 +2,6 @@
IPSET_LANIPLIST="laniplist"
IPSET_VPSIPLIST="vpsiplist"
IPSET_ROUTER="router"
IPSET_GFW="gfwlist"
IPSET_CHN="chnroute"
IPSET_BLACKLIST="blacklist"
@ -150,8 +149,8 @@ load_acl() {
$ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp $(comment "$remarks") -j RETURN
else
[ "$TCP_NODE" != "nil" ] && {
eval TCP_NODE_TYPE=$(echo $(config_n_get $node type) | tr 'A-Z' 'a-z')
if [ "$TCP_NODE_TYPE" == "brook" ]; then
eval TCP_NODE_TYPE=$(echo $(config_n_get $TCP_NODE type) | tr 'A-Z' 'a-z')
if [ "$TCP_NODE_TYPE" == "brook" -a "$(config_n_get $TCP_NODE brook_protocol client)" == "client" ]; then
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
eval tcp_redir_port=\$TCP_REDIR_PORT$tcp_node
$ipt_m -A PSW_ACL $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp $(factor $tcp_redir_ports "-m multiport --dport") $(comment "$remarks") -$(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode)$tcp_node
@ -217,7 +216,7 @@ filter_node() {
[ -n "$1" -a "$1" != "nil" ] && {
local type=$(echo $(config_n_get $1 type) | tr 'A-Z' 'a-z')
local i=$ipt_n
[ "$type" == "brook" ] && i=$ipt_m
[ "$type" == "brook" -a "$(config_n_get $1 brook_protocol client)" == "client" ] && i=$ipt_m
local address=$(config_n_get $1 address)
local port=$(config_n_get $1 port)
is_exist=$($i -L PSW 2>/dev/null | grep -c "$address:$port")
@ -252,29 +251,19 @@ filter_node() {
fi
}
dns_hijack() {
dnshijack=$(config_t_get global dns_53)
if [ "$dnshijack" = "1" -o "$1" = "force" ]; then
echolog "添加DNS劫持规则..."
$ipt_n -I PSW -p udp --dport 53 -j REDIRECT --to-ports 53
$ipt_n -I PSW -p tcp --dport 53 -j REDIRECT --to-ports 53
fi
}
add_firewall_rule() {
echolog "开始加载防火墙规则..."
echolog "默认代理模式:$(get_action_chain_name $PROXY_MODE)"
ipset -! create $IPSET_LANIPLIST nethash
ipset -! create $IPSET_VPSIPLIST nethash
ipset -! create $IPSET_ROUTER nethash
ipset -! create $IPSET_GFW nethash
ipset -! create $IPSET_CHN nethash
ipset -! create $IPSET_BLACKLIST nethash && ipset flush $IPSET_BLACKLIST
ipset -! create $IPSET_WHITELIST nethash && ipset flush $IPSET_WHITELIST
cat $RULE_PATH/chnroute | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULE_PATH/blacklist_ip | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULE_PATH/whitelist_ip | sed -e "/^$/d" | sed -e "s/^/add $IPSET_WHITELIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/chnroute | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/blacklist_ip | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/whitelist_ip | sed -e "/^$/d" | sed -e "s/^/add $IPSET_WHITELIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
ipset -! -R <<-EOF || return 1
$(gen_laniplist | sed -e "s/^/add $IPSET_LANIPLIST /")
@ -288,9 +277,11 @@ add_firewall_rule() {
}
# 忽略特殊IP段
lan_ip=$(ifconfig br-lan | grep "inet addr" | awk '{print $2}' | awk -F : '{print $2}') #路由器lan IP
lan_ipv4=$(ip address show br-lan | grep -w "inet" | awk '{print $2}') #当前LAN IPv4段
[ -n "$lan_ipv4" ] && ipset -! add $IPSET_LANIPLIST $lan_ipv4 >/dev/null 2>&1 &
lan_ifname=$(uci -q -p /var/state get network.lan.ifname)
[ -n "$lan_ifname" ] && {
lan_ip=$(ip address show $lan_ifname | grep -w "inet" | awk '{print $2}')
[ -n "$lan_ip" ] && ipset -! add $IPSET_LANIPLIST $lan_ip >/dev/null 2>&1 &
}
$ipt_n -N PSW
$ipt_n -A PSW $(dst $IPSET_LANIPLIST) -j RETURN
@ -351,7 +342,7 @@ add_firewall_rule() {
if [ "$node" != "nil" ]; then
filter_node $node
local TCP_NODE_TYPE=$(echo $(config_n_get $node type) | tr 'A-Z' 'a-z')
if [ "$TCP_NODE_TYPE" == "brook" ]; then
if [ "$TCP_NODE_TYPE" == "brook" -a "$(config_n_get $node brook_protocol client)" == "client" ]; then
$ipt_n -X PSW_GLO$k
$ipt_n -X PSW_GFW$k
$ipt_n -X PSW_CHN$k
@ -401,7 +392,7 @@ add_firewall_rule() {
fi
[ "$k" == 1 ] && {
if [ "$TCP_NODE_TYPE" == "brook" ]; then
if [ "$TCP_NODE_TYPE" == "brook" -a "$(config_n_get $node brook_protocol client)" == "client" ]; then
[ "$use_tcp_node_resolve_dns" == 1 -a -n "$DNS_FORWARD" ] && {
for dns in $DNS_FORWARD
do
@ -412,8 +403,9 @@ add_firewall_rule() {
done
}
# 用于本机流量转发
$ipt_m -A OUTPUT -p tcp -j PSW_OUTPUT
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
$ipt_m -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(dst $IPSET_ROUTER) $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j MARK --set-mark 1
$ipt_m -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(dst $IPSET_BLACKLIST) $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j MARK --set-mark 1
[ "$LOCALHOST_PROXY_MODE" == "global" ] && $ipt_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j MARK --set-mark 1
[ "$LOCALHOST_PROXY_MODE" == "gfwlist" ] && $ipt_m -A PSW_OUTPUT -p tcp $(dst $IPSET_GFW) $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j MARK --set-mark 1
[ "$LOCALHOST_PROXY_MODE" == "chnroute" ] && $ipt_m -A PSW_OUTPUT -p tcp -m set ! --match-set $IPSET_CHN dst $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j MARK --set-mark 1
@ -433,7 +425,7 @@ add_firewall_rule() {
fi
# 用于本机流量转发
$ipt_n -A OUTPUT -j PSW_OUTPUT
$ipt_n -A OUTPUT -p tcp -j PSW_OUTPUT
[ "$use_tcp_node_resolve_dns" == 1 -a -n "$DNS_FORWARD" ] && {
for dns in $DNS_FORWARD
do
@ -444,7 +436,6 @@ add_firewall_rule() {
done
}
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_n -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
$ipt_n -A PSW_OUTPUT -p tcp $(dst $IPSET_ROUTER) $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j REDIRECT --to-ports $TCP_REDIR_PORT1
$ipt_n -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j $(get_action_chain $LOCALHOST_PROXY_MODE)1
fi
}
@ -489,7 +480,7 @@ add_firewall_rule() {
if [ "$node" != "nil" ]; then
filter_node $node
local UDP_NODE_TYPE=$(echo $(config_n_get $node type) | tr 'A-Z' 'a-z')
[ "$UDP_NODE_TYPE" == "brook" ] && $ipt_m -A PSW_ACL -p udp -m socket -j MARK --set-mark 1
[ "$UDP_NODE_TYPE" == "brook" -a "$(config_n_get $node brook_protocol client)" == "client" ] && $ipt_m -A PSW_ACL -p udp -m socket -j MARK --set-mark 1
# 全局模式
$ipt_m -A PSW_GLO$k -p udp $(dst $IPSET_BLACKLIST) -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
$ipt_m -A PSW_GLO$k -p udp -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
@ -512,7 +503,7 @@ add_firewall_rule() {
[ "$k" == 1 ] && {
# 用于本机流量转发
$ipt_m -A OUTPUT -j PSW_OUTPUT
$ipt_m -A OUTPUT -p udp -j PSW_OUTPUT
[ "$use_udp_node_resolve_dns" == 1 -a -n "$DNS_FORWARD" ] && {
for dns in $DNS_FORWARD
do
@ -525,7 +516,7 @@ add_firewall_rule() {
}
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
$ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(dst $IPSET_ROUTER) -j MARK --set-mark 1
$ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(dst $IPSET_BLACKLIST) -j MARK --set-mark 1
[ "$LOCALHOST_PROXY_MODE" == "global" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS -j MARK --set-mark 1
[ "$LOCALHOST_PROXY_MODE" == "gfwlist" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS $(dst $IPSET_GFW) -j MARK --set-mark 1
[ "$LOCALHOST_PROXY_MODE" == "chnroute" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_REDIR_PORTS -m set ! --match-set $IPSET_CHN dst -j MARK --set-mark 1
@ -550,7 +541,7 @@ add_firewall_rule() {
else
[ "$TCP_NODE1" != "nil" ] && {
local TCP_NODE_TYPE1=$(echo $(config_n_get $TCP_NODE1 type) | tr 'A-Z' 'a-z')
if [ "$TCP_NODE_TYPE1" == "brook" ]; then
if [ "$TCP_NODE_TYPE1" == "brook" -a "$(config_n_get $TCP_NODE1 brook_protocol client)" == "client" ]; then
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_ACL -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS $(comment "Default") -j RETURN
$ipt_m -A PSW_ACL -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(comment "Default") -j $(get_action_chain $PROXY_MODE)1
else
@ -583,13 +574,14 @@ del_firewall_rule() {
}
$ipt_n -D PREROUTING -j PSW 2>/dev/null
$ipt_n -D OUTPUT -j PSW_OUTPUT 2>/dev/null
$ipt_n -D OUTPUT -p tcp -j PSW_OUTPUT 2>/dev/null
$ipt_n -F PSW 2>/dev/null && $ipt_n -X PSW 2>/dev/null
$ipt_n -F PSW_ACL 2>/dev/null && $ipt_n -X PSW_ACL 2>/dev/null
$ipt_n -F PSW_OUTPUT 2>/dev/null && $ipt_n -X PSW_OUTPUT 2>/dev/null
$ipt_m -D PREROUTING -j PSW 2>/dev/null
$ipt_m -D OUTPUT -j PSW_OUTPUT 2>/dev/null
$ipt_m -D OUTPUT -p tcp -j PSW_OUTPUT 2>/dev/null
$ipt_m -D OUTPUT -p udp -j PSW_OUTPUT 2>/dev/null
$ipt_m -F PSW 2>/dev/null && $ipt_m -X PSW 2>/dev/null
$ipt_m -F PSW_ACL 2>/dev/null && $ipt_m -X PSW_ACL 2>/dev/null
$ipt_m -F PSW_OUTPUT 2>/dev/null && $ipt_m -X PSW_OUTPUT 2>/dev/null
@ -601,41 +593,32 @@ del_firewall_rule() {
$ip6t_n -F PSW_OUTPUT 2>/dev/null && $ip6t_n -X PSW_OUTPUT 2>/dev/null
local max_num=5
if [ "$max_num" -ge 1 ]; then
for i in $(seq 1 $max_num); do
local k=$i
$ipt_n -F PSW_GLO$k 2>/dev/null && $ipt_n -X PSW_GLO$k 2>/dev/null
$ipt_n -F PSW_GFW$k 2>/dev/null && $ipt_n -X PSW_GFW$k 2>/dev/null
$ipt_n -F PSW_CHN$k 2>/dev/null && $ipt_n -X PSW_CHN$k 2>/dev/null
$ipt_n -F PSW_GAME$k 2>/dev/null && $ipt_n -X PSW_GAME$k 2>/dev/null
$ipt_n -F PSW_HOME$k 2>/dev/null && $ipt_n -X PSW_HOME$k 2>/dev/null
$ipt_m -F PSW_GLO$k 2>/dev/null && $ipt_m -X PSW_GLO$k 2>/dev/null
$ipt_m -F PSW_GFW$k 2>/dev/null && $ipt_m -X PSW_GFW$k 2>/dev/null
$ipt_m -F PSW_CHN$k 2>/dev/null && $ipt_m -X PSW_CHN$k 2>/dev/null
$ipt_m -F PSW_GAME$k 2>/dev/null && $ipt_m -X PSW_GAME$k 2>/dev/null
$ipt_m -F PSW_HOME$k 2>/dev/null && $ipt_m -X PSW_HOME$k 2>/dev/null
$ip6t_n -F PSW_GLO$k 2>/dev/null && $ip6t_n -X PSW_GLO$k 2>/dev/null
$ip6t_n -F PSW_GFW$k 2>/dev/null && $ip6t_n -X PSW_GFW$k 2>/dev/null
$ip6t_n -F PSW_CHN$k 2>/dev/null && $ip6t_n -X PSW_CHN$k 2>/dev/null
$ip6t_n -F PSW_HOME$k 2>/dev/null && $ip6t_n -X PSW_HOME$k 2>/dev/null
ip_rule_exist=$(ip rule show | grep "from all fwmark 0x1 lookup 100" | grep -c 100)
if [ ! -z "$ip_rule_exist" ]; then
until [ "$ip_rule_exist" = 0 ]; do
ip rule del fwmark 1 lookup 100
ip_rule_exist=$(expr $ip_rule_exist - 1)
done
fi
ip route del local 0.0.0.0/0 dev lo table 100 2>/dev/null
done
fi
for i in $(seq 1 $max_num); do
local k=$i
$ipt_n -F PSW_GLO$k 2>/dev/null && $ipt_n -X PSW_GLO$k 2>/dev/null
$ipt_n -F PSW_GFW$k 2>/dev/null && $ipt_n -X PSW_GFW$k 2>/dev/null
$ipt_n -F PSW_CHN$k 2>/dev/null && $ipt_n -X PSW_CHN$k 2>/dev/null
$ipt_n -F PSW_GAME$k 2>/dev/null && $ipt_n -X PSW_GAME$k 2>/dev/null
$ipt_n -F PSW_HOME$k 2>/dev/null && $ipt_n -X PSW_HOME$k 2>/dev/null
$ipt_m -F PSW_GLO$k 2>/dev/null && $ipt_m -X PSW_GLO$k 2>/dev/null
$ipt_m -F PSW_GFW$k 2>/dev/null && $ipt_m -X PSW_GFW$k 2>/dev/null
$ipt_m -F PSW_CHN$k 2>/dev/null && $ipt_m -X PSW_CHN$k 2>/dev/null
$ipt_m -F PSW_GAME$k 2>/dev/null && $ipt_m -X PSW_GAME$k 2>/dev/null
$ipt_m -F PSW_HOME$k 2>/dev/null && $ipt_m -X PSW_HOME$k 2>/dev/null
$ip6t_n -F PSW_GLO$k 2>/dev/null && $ip6t_n -X PSW_GLO$k 2>/dev/null
$ip6t_n -F PSW_GFW$k 2>/dev/null && $ip6t_n -X PSW_GFW$k 2>/dev/null
$ip6t_n -F PSW_CHN$k 2>/dev/null && $ip6t_n -X PSW_CHN$k 2>/dev/null
$ip6t_n -F PSW_HOME$k 2>/dev/null && $ip6t_n -X PSW_HOME$k 2>/dev/null
done
ip rule del fwmark 1 lookup 100 2>/dev/null
ip route del local 0.0.0.0/0 dev lo table 100 2>/dev/null
ipset -F $IPSET_LANIPLIST >/dev/null 2>&1 && ipset -X $IPSET_LANIPLIST >/dev/null 2>&1 &
ipset -F $IPSET_VPSIPLIST >/dev/null 2>&1 && ipset -X $IPSET_VPSIPLIST >/dev/null 2>&1 &
ipset -F $IPSET_ROUTER >/dev/null 2>&1 && ipset -X $IPSET_ROUTER >/dev/null 2>&1 &
#ipset -F $IPSET_GFW >/dev/null 2>&1 && ipset -X $IPSET_GFW >/dev/null 2>&1 &
ipset -F $IPSET_GFW >/dev/null 2>&1 && ipset -X $IPSET_GFW >/dev/null 2>&1 &
#ipset -F $IPSET_CHN >/dev/null 2>&1 && ipset -X $IPSET_CHN >/dev/null 2>&1 &
ipset -F $IPSET_BLACKLIST >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST >/dev/null 2>&1 &
ipset -F $IPSET_WHITELIST >/dev/null 2>&1 && ipset -X $IPSET_WHITELIST >/dev/null 2>&1 &
@ -644,7 +627,6 @@ del_firewall_rule() {
flush_ipset() {
ipset -F $IPSET_LANIPLIST >/dev/null 2>&1 && ipset -X $IPSET_LANIPLIST >/dev/null 2>&1 &
ipset -F $IPSET_VPSIPLIST >/dev/null 2>&1 && ipset -X $IPSET_VPSIPLIST >/dev/null 2>&1 &
ipset -F $IPSET_ROUTER >/dev/null 2>&1 && ipset -X $IPSET_ROUTER >/dev/null 2>&1 &
ipset -F $IPSET_GFW >/dev/null 2>&1 && ipset -X $IPSET_GFW >/dev/null 2>&1 &
ipset -F $IPSET_CHN >/dev/null 2>&1 && ipset -X $IPSET_CHN >/dev/null 2>&1 &
ipset -F $IPSET_BLACKLIST >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST >/dev/null 2>&1 &
@ -653,7 +635,6 @@ flush_ipset() {
start() {
add_firewall_rule
dns_hijack
}
stop() {

9
package/lienol/luci-app-passwall/root/usr/share/passwall/monitor.sh
View File

@ -49,8 +49,7 @@ ENABLED=$(config_t_get global enabled 0)
exit 0
fi
fi
[ -f "/var/etc/passwall/port/TCP_$i" ] && listen_port=$(echo -n `cat /var/etc/passwall/port/TCP_$i`)
icount=$(ps -w | grep -v grep | grep $RUN_BIN_PATH | grep -i -E "TCP_${i}|brook tproxy -l 0.0.0.0:${listen_port}|ipt2socks -T -l ${listen_port}" | wc -l)
icount=$(ps -w | grep -v grep | grep $RUN_BIN_PATH | grep -i -E "TCP_${i}|brook_tcp_$i|ipt2socks_tcp_$i" | wc -l)
if [ $icount = 0 ]; then
/etc/init.d/passwall restart
exit 0
@ -64,8 +63,7 @@ ENABLED=$(config_t_get global enabled 0)
eval tmp_node=\$UDP_NODE$i
if [ "$tmp_node" != "nil" ]; then
[ "$tmp_node" == "default" ] && tmp_node=$TCP_NODE1
[ -f "/var/etc/passwall/port/UDP_$i" ] && listen_port=$(echo -n `cat /var/etc/passwall/port/UDP_$i`)
icount=$(ps -w | grep -v grep | grep $RUN_BIN_PATH | grep -i -E "UDP_${i}|brook tproxy -l 0.0.0.0:${listen_port}|ipt2socks -U -l ${listen_port}" | wc -l)
icount=$(ps -w | grep -v grep | grep $RUN_BIN_PATH | grep -i -E "UDP_${i}|brook_udp_$i|ipt2socks_udp_$i" | wc -l)
if [ $icount = 0 ]; then
/etc/init.d/passwall restart
exit 0
@ -77,8 +75,7 @@ ENABLED=$(config_t_get global enabled 0)
for i in $(seq 1 $SOCKS5_NODE_NUM); do
eval tmp_node=\$SOCKS5_NODE$i
if [ "$tmp_node" != "nil" ]; then
[ -f "/var/etc/passwall/port/SOCKS5_$i" ] && listen_port=$(echo -n `cat /var/etc/passwall/port/SOCKS5_$i`)
icount=$(ps -w | grep -v grep | grep $RUN_BIN_PATH | grep -i -E "SOCKS5_${i}|brook client -l 0.0.0.0:${listen_port}" | wc -l)
icount=$(ps -w | grep -v grep | grep $RUN_BIN_PATH | grep -i -E "SOCKS5_${i}|brook_socks_$i" | wc -l)
if [ $icount = 0 ]; then
/etc/init.d/passwall restart
exit 0

0
package/lienol/luci-app-passwall/root/etc/config/passwall_rule/adblock.conf → package/lienol/luci-app-passwall/root/usr/share/passwall/rules/adblock.conf
View File

0
package/lienol/luci-app-passwall/root/etc/config/passwall_rule/blacklist_host → package/lienol/luci-app-passwall/root/usr/share/passwall/rules/blacklist_host
View File

0
package/lienol/luci-app-passwall/root/etc/config/passwall_rule/blacklist_ip → package/lienol/luci-app-passwall/root/usr/share/passwall/rules/blacklist_ip
View File

11320
package/lienol/luci-app-passwall/root/etc/config/passwall_rule/chnlist → package/lienol/luci-app-passwall/root/usr/share/passwall/rules/chnlist
View File

File diff suppressed because it is too large Load Diff

0
package/lienol/luci-app-passwall/root/etc/config/passwall_rule/chnroute → package/lienol/luci-app-passwall/root/usr/share/passwall/rules/chnroute
View File

0
package/lienol/luci-app-passwall/root/etc/config/passwall_rule/gfwlist.conf → package/lienol/luci-app-passwall/root/usr/share/passwall/rules/gfwlist.conf
View File

0
package/lienol/luci-app-passwall/root/etc/config/passwall_rule/whitelist_host → package/lienol/luci-app-passwall/root/usr/share/passwall/rules/whitelist_host
View File

6
package/lienol/luci-app-passwall/root/etc/config/passwall_rule/whitelist_ip → package/lienol/luci-app-passwall/root/usr/share/passwall/rules/whitelist_ip
View File

@ -2,8 +2,6 @@
114.114.115.115
223.5.5.5
223.6.6.6
112.124.47.27
114.215.126.16
119.29.29.29
1.2.4.8
210.2.4.8
119.29.29.29
210.2.4.8

15
package/lienol/luci-app-passwall/root/usr/share/passwall/subscribe.lua
View File

@ -289,7 +289,7 @@ local function processData(szType, content, add_mode)
end
-- wget
local function wget(url)
local stdout = luci.sys.exec('/usr/bin/wget --user-agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36" --no-check-certificate -t 3 -T 10 -O- "' .. url .. '"')
local stdout = luci.sys.exec('/usr/bin/wget --user-agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36" --no-check-certificate -t 3 -T 10 -O- "' .. url .. '"')
return trim(stdout)
end
@ -345,7 +345,10 @@ local function truncate_nodes()
end
local function update_node(manual)
assert(next(nodeResult), "node result is empty")
if next(nodeResult) == nil then
log("更新失败,没有可用的节点信息")
return
end
local add, del = 0, 0
ucic:foreach(name, uciType, function(old)
if old.grouphashkey or old.hashkey then -- 没有 hash 的不参与删除
@ -404,6 +407,7 @@ local function parse_link(raw, remark, md5_str, manual)
-- SSD 似乎是这种格式 ssd:// 开头的
if raw:find('ssd://') then
szType = 'ssd'
add_mode = remark
local nEnd = select(2, raw:find('ssd://'))
nodes = base64Decode(raw:sub(nEnd + 1, #raw))
nodes = jsonParse(nodes)
@ -467,6 +471,10 @@ local function parse_link(raw, remark, md5_str, manual)
end
end
log('成功解析节点数量: ' ..#nodes)
else
if not manual then
log('获取到的节点内容为空...')
end
end
end
@ -478,6 +486,7 @@ local execute = function()
if enabled and enabled == "1" then
local remark = obj.remark
local url = obj.url
log('正在订阅: ' .. url)
local md5_str = md5(url)
local raw = wget(url)
parse_link(raw, remark, md5_str)
@ -517,4 +526,4 @@ if arg[1] then
elseif arg[1] == "truncate" then
truncate_nodes()
end
end
end

7
package/lienol/luci-app-passwall/root/usr/share/passwall/test.sh
View File

@ -4,12 +4,9 @@ CONFIG=passwall
LOCK_FILE=/var/lock/${CONFIG}_test.lock
LOG_FILE=/var/log/$CONFIG.log
get_date() {
echo "$(date "+%Y-%m-%d %H:%M:%S")"
}
echolog() {
echo -e "$(get_date): $1" >> $LOG_FILE
local d="$(date "+%Y-%m-%d %H:%M:%S")"
echo -e "$d: $1" >> $LOG_FILE
}
test_url() {