luci-app-passwall: sync with upstream source
This commit is contained in:
CN_SZTL
parent
ed76ec8a1c
commit
90bc88f901
@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=luci-app-passwall
|
||||
PKG_VERSION:=3.9
|
||||
PKG_RELEASE:=22
|
||||
PKG_DATE:=20200724
|
||||
PKG_RELEASE:=23
|
||||
PKG_DATE:=20200727
|
||||
|
||||
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
|
||||
|
||||
|
||||
@ -9,58 +9,61 @@ local v2ray = require "luci.model.cbi.passwall.api.v2ray"
|
||||
local trojan_go = require "luci.model.cbi.passwall.api.trojan_go"
|
||||
|
||||
function index()
|
||||
appname = "passwall"
|
||||
entry({"admin", "services", appname}).dependent = true
|
||||
entry({"admin", "services", appname, "reset_config"}, call("reset_config")).leaf = true
|
||||
entry({"admin", "services", appname, "show"}, call("show_menu")).leaf = true
|
||||
entry({"admin", "services", appname, "hide"}, call("hide_menu")).leaf = true
|
||||
if not nixio.fs.access("/etc/config/passwall") then return end
|
||||
entry({"admin", "services", "passwall", "reset_config"}, call("reset_config")).leaf = true
|
||||
entry({"admin", "services", "passwall", "show"}, call("show_menu")).leaf = true
|
||||
entry({"admin", "services", "passwall", "hide"}, call("hide_menu")).leaf = true
|
||||
if nixio.fs.access("/etc/config/passwall_show") then
|
||||
entry({"admin", "services", "passwall"}, alias("admin", "services", "passwall", "settings"), _("Pass Wall"), 1).dependent = true
|
||||
entry({"admin", "services", appname}, alias("admin", "services", appname, "settings"), _("Pass Wall"), 1).dependent = true
|
||||
end
|
||||
entry({"admin", "services", "passwall", "settings"}, cbi("passwall/global"), _("Basic Settings"), 1).dependent = true
|
||||
entry({"admin", "services", "passwall", "node_list"}, cbi("passwall/node_list"), _("Node List"), 2).dependent = true
|
||||
entry({"admin", "services", "passwall", "auto_switch"}, cbi("passwall/auto_switch"), _("Auto Switch"), 3).leaf = true
|
||||
entry({"admin", "services", "passwall", "other"}, cbi("passwall/other", {autoapply = true}), _("Other Settings"), 93).leaf = true
|
||||
entry({"admin", "services", appname, "settings"}, cbi("passwall/global"), _("Basic Settings"), 1).dependent = true
|
||||
entry({"admin", "services", appname, "node_list"}, cbi("passwall/node_list"), _("Node List"), 2).dependent = true
|
||||
entry({"admin", "services", appname, "auto_switch"}, cbi("passwall/auto_switch"), _("Auto Switch"), 3).leaf = true
|
||||
entry({"admin", "services", appname, "other"}, cbi("passwall/other", {autoapply = true}), _("Other Settings"), 93).leaf = true
|
||||
if nixio.fs.access("/usr/sbin/haproxy") then
|
||||
entry({"admin", "services", "passwall", "haproxy"}, cbi("passwall/haproxy"), _("Load Balancing"), 94).leaf = true
|
||||
entry({"admin", "services", appname, "haproxy"}, cbi("passwall/haproxy"), _("Load Balancing"), 94).leaf = true
|
||||
end
|
||||
entry({"admin", "services", "passwall", "node_subscribe"}, cbi("passwall/node_subscribe"), _("Node Subscribe"), 95).dependent = true
|
||||
entry({"admin", "services", "passwall", "rule"}, cbi("passwall/rule"), _("Rule Update"), 96).leaf = true
|
||||
entry({"admin", "services", "passwall", "node_config"}, cbi("passwall/node_config")).leaf = true
|
||||
entry({"admin", "services", "passwall", "shunt_rules"}, cbi("passwall/shunt_rules")).leaf = true
|
||||
entry({"admin", "services", "passwall", "acl"}, cbi("passwall/acl"), _("Access control"), 97).leaf = true
|
||||
entry({"admin", "services", "passwall", "log"}, form("passwall/log"), _("Watch Logs"), 999).leaf = true
|
||||
entry({"admin", "services", "passwall", "server"}, cbi("passwall/server/index"), _("Server-Side"), 99).leaf = true
|
||||
entry({"admin", "services", "passwall", "server_user"}, cbi("passwall/server/user")).leaf = true
|
||||
entry({"admin", "services", appname, "node_subscribe"}, cbi("passwall/node_subscribe"), _("Node Subscribe"), 95).dependent = true
|
||||
entry({"admin", "services", appname, "rule"}, cbi("passwall/rule"), _("Rule"), 96).leaf = true
|
||||
entry({"admin", "services", appname, "app_update"}, cbi("passwall/app_update"), _("App Update"), 97).leaf = true
|
||||
entry({"admin", "services", appname, "node_config"}, cbi("passwall/node_config")).leaf = true
|
||||
entry({"admin", "services", appname, "shunt_rules"}, cbi("passwall/shunt_rules")).leaf = true
|
||||
entry({"admin", "services", appname, "acl"}, cbi("passwall/acl"), _("Access control"), 98).leaf = true
|
||||
entry({"admin", "services", appname, "log"}, form("passwall/log"), _("Watch Logs"), 999).leaf = true
|
||||
entry({"admin", "services", appname, "server"}, cbi("passwall/server/index"), _("Server-Side"), 99).leaf = true
|
||||
entry({"admin", "services", appname, "server_user"}, cbi("passwall/server/user")).leaf = true
|
||||
|
||||
entry({"admin", "services", "passwall", "server_user_status"}, call("server_user_status")).leaf = true
|
||||
entry({"admin", "services", "passwall", "server_get_log"}, call("server_get_log")).leaf = true
|
||||
entry({"admin", "services", "passwall", "server_clear_log"}, call("server_clear_log")).leaf = true
|
||||
entry({"admin", "services", "passwall", "link_append_temp"}, call("link_append_temp")).leaf = true
|
||||
entry({"admin", "services", "passwall", "link_load_temp"}, call("link_load_temp")).leaf = true
|
||||
entry({"admin", "services", "passwall", "link_clear_temp"}, call("link_clear_temp")).leaf = true
|
||||
entry({"admin", "services", "passwall", "link_add_node"}, call("link_add_node")).leaf = true
|
||||
entry({"admin", "services", "passwall", "get_log"}, call("get_log")).leaf = true
|
||||
entry({"admin", "services", "passwall", "clear_log"}, call("clear_log")).leaf = true
|
||||
entry({"admin", "services", "passwall", "status"}, call("status")).leaf = true
|
||||
entry({"admin", "services", "passwall", "socks_status"}, call("socks_status")).leaf = true
|
||||
entry({"admin", "services", "passwall", "connect_status"}, call("connect_status")).leaf = true
|
||||
entry({"admin", "services", "passwall", "check_port"}, call("check_port")).leaf = true
|
||||
entry({"admin", "services", "passwall", "ping_node"}, call("ping_node")).leaf = true
|
||||
entry({"admin", "services", "passwall", "set_node"}, call("set_node")).leaf = true
|
||||
entry({"admin", "services", "passwall", "copy_node"}, call("copy_node")).leaf = true
|
||||
entry({"admin", "services", "passwall", "clear_all_nodes"}, call("clear_all_nodes")).leaf = true
|
||||
entry({"admin", "services", "passwall", "delete_select_nodes"}, call("delete_select_nodes")).leaf = true
|
||||
entry({"admin", "services", "passwall", "update_rules"}, call("update_rules")).leaf = true
|
||||
entry({"admin", "services", "passwall", "luci_check"}, call("luci_check")).leaf = true
|
||||
entry({"admin", "services", "passwall", "luci_update"}, call("luci_update")).leaf = true
|
||||
entry({"admin", "services", "passwall", "kcptun_check"}, call("kcptun_check")).leaf = true
|
||||
entry({"admin", "services", "passwall", "kcptun_update"}, call("kcptun_update")).leaf = true
|
||||
entry({"admin", "services", "passwall", "brook_check"}, call("brook_check")).leaf = true
|
||||
entry({"admin", "services", "passwall", "brook_update"}, call("brook_update")).leaf = true
|
||||
entry({"admin", "services", "passwall", "v2ray_check"}, call("v2ray_check")).leaf = true
|
||||
entry({"admin", "services", "passwall", "v2ray_update"}, call("v2ray_update")).leaf = true
|
||||
entry({"admin", "services", "passwall", "trojan_go_check"}, call("trojan_go_check")).leaf = true
|
||||
entry({"admin", "services", "passwall", "trojan_go_update"}, call("trojan_go_update")).leaf = true
|
||||
entry({"admin", "services", appname, "server_user_status"}, call("server_user_status")).leaf = true
|
||||
entry({"admin", "services", appname, "server_get_log"}, call("server_get_log")).leaf = true
|
||||
entry({"admin", "services", appname, "server_clear_log"}, call("server_clear_log")).leaf = true
|
||||
entry({"admin", "services", appname, "link_append_temp"}, call("link_append_temp")).leaf = true
|
||||
entry({"admin", "services", appname, "link_load_temp"}, call("link_load_temp")).leaf = true
|
||||
entry({"admin", "services", appname, "link_clear_temp"}, call("link_clear_temp")).leaf = true
|
||||
entry({"admin", "services", appname, "link_add_node"}, call("link_add_node")).leaf = true
|
||||
entry({"admin", "services", appname, "get_log"}, call("get_log")).leaf = true
|
||||
entry({"admin", "services", appname, "clear_log"}, call("clear_log")).leaf = true
|
||||
entry({"admin", "services", appname, "status"}, call("status")).leaf = true
|
||||
entry({"admin", "services", appname, "socks_status"}, call("socks_status")).leaf = true
|
||||
entry({"admin", "services", appname, "connect_status"}, call("connect_status")).leaf = true
|
||||
entry({"admin", "services", appname, "check_port"}, call("check_port")).leaf = true
|
||||
entry({"admin", "services", appname, "ping_node"}, call("ping_node")).leaf = true
|
||||
entry({"admin", "services", appname, "set_node"}, call("set_node")).leaf = true
|
||||
entry({"admin", "services", appname, "copy_node"}, call("copy_node")).leaf = true
|
||||
entry({"admin", "services", appname, "clear_all_nodes"}, call("clear_all_nodes")).leaf = true
|
||||
entry({"admin", "services", appname, "delete_select_nodes"}, call("delete_select_nodes")).leaf = true
|
||||
entry({"admin", "services", appname, "update_rules"}, call("update_rules")).leaf = true
|
||||
entry({"admin", "services", appname, "luci_check"}, call("luci_check")).leaf = true
|
||||
entry({"admin", "services", appname, "luci_update"}, call("luci_update")).leaf = true
|
||||
entry({"admin", "services", appname, "kcptun_check"}, call("kcptun_check")).leaf = true
|
||||
entry({"admin", "services", appname, "kcptun_update"}, call("kcptun_update")).leaf = true
|
||||
entry({"admin", "services", appname, "brook_check"}, call("brook_check")).leaf = true
|
||||
entry({"admin", "services", appname, "brook_update"}, call("brook_update")).leaf = true
|
||||
entry({"admin", "services", appname, "v2ray_check"}, call("v2ray_check")).leaf = true
|
||||
entry({"admin", "services", appname, "v2ray_update"}, call("v2ray_update")).leaf = true
|
||||
entry({"admin", "services", appname, "trojan_go_check"}, call("trojan_go_check")).leaf = true
|
||||
entry({"admin", "services", appname, "trojan_go_update"}, call("trojan_go_update")).leaf = true
|
||||
end
|
||||
|
||||
local function http_write_json(content)
|
||||
@ -70,12 +73,12 @@ end
|
||||
|
||||
function reset_config()
|
||||
luci.sys.call('[ -f "/usr/share/passwall/config.default" ] && cp -f /usr/share/passwall/config.default /etc/config/passwall && /etc/init.d/passwall reload')
|
||||
luci.http.redirect(luci.dispatcher.build_url("admin", "services", "passwall"))
|
||||
luci.http.redirect(luci.dispatcher.build_url("admin", "services", appname))
|
||||
end
|
||||
|
||||
function show_menu()
|
||||
luci.sys.call("touch /etc/config/passwall_show")
|
||||
luci.http.redirect(luci.dispatcher.build_url("admin", "services", "passwall"))
|
||||
luci.http.redirect(luci.dispatcher.build_url("admin", "services", appname))
|
||||
end
|
||||
|
||||
function hide_menu()
|
||||
@ -130,7 +133,7 @@ end
|
||||
function status()
|
||||
-- local dns_mode = ucic:get(appname, "@global[0]", "dns_mode")
|
||||
local e = {}
|
||||
e.dns_mode_status = luci.sys.call("netstat -apn | grep 7913 >/dev/null") == 0
|
||||
e.dns_mode_status = luci.sys.call("netstat -apn | grep ':7913 ' | grep 'LISTEN' >/dev/null") == 0
|
||||
e.haproxy_status = luci.sys.call(string.format("ps -w | grep -v grep | grep '%s/bin/' | grep haproxy >/dev/null", appname)) == 0
|
||||
local tcp_node_num = ucic:get(appname, "@global_other[0]", "tcp_node_num") or 1
|
||||
for i = 1, tcp_node_num, 1 do
|
||||
@ -198,7 +201,7 @@ function set_node()
|
||||
ucic:set(appname, "@global[0]", protocol .. "_node" .. number, section)
|
||||
ucic:commit(appname)
|
||||
luci.sys.call("/etc/init.d/passwall restart > /dev/null 2>&1 &")
|
||||
luci.http.redirect(luci.dispatcher.build_url("admin", "services", "passwall", "log"))
|
||||
luci.http.redirect(luci.dispatcher.build_url("admin", "services", appname, "log"))
|
||||
end
|
||||
|
||||
function copy_node()
|
||||
@ -245,7 +248,7 @@ function check_port()
|
||||
-- retstring = retstring .. "<font color='red'>暂时不支持UDP检测</font><br />"
|
||||
|
||||
retstring = retstring .. "<font color='green'>检测端口可用性</font><br />"
|
||||
ucic:foreach("passwall", "nodes", function(s)
|
||||
ucic:foreach(appname, "nodes", function(s)
|
||||
local ret = ""
|
||||
local tcp_socket
|
||||
if (s.use_kcp and s.use_kcp == "1" and s.kcp_port) or
|
||||
|
||||
@ -75,6 +75,7 @@ local function gen_outbound(node, tag)
|
||||
congestion = (node.mkcp_congestion == "1") and true or false,
|
||||
readBufferSize = tonumber(node.mkcp_readBufferSize),
|
||||
writeBufferSize = tonumber(node.mkcp_writeBufferSize),
|
||||
seed = (node.mkcp_seed and node.mkcp_seed ~= "") and node.mkcp_seed or nil,
|
||||
header = {type = node.mkcp_guise}
|
||||
} or nil,
|
||||
wsSettings = (node.transport == "ws") and {
|
||||
@ -122,6 +123,12 @@ local function gen_outbound(node, tag)
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
if node.transport == "mkcp" or node.transport == "ds" or node.transport == "quic" then
|
||||
result.streamSettings.security = "none"
|
||||
result.streamSettings.tlsSettings = nil
|
||||
end
|
||||
|
||||
return result
|
||||
end
|
||||
|
||||
|
||||
@ -0,0 +1,47 @@
|
||||
local d = require "luci.dispatcher"
|
||||
local appname = "passwall"
|
||||
|
||||
m = Map(appname)
|
||||
|
||||
-- [[ App Settings ]]--
|
||||
s = m:section(TypedSection, "global_app", translate("App Update"),
|
||||
"<font color='red'>" ..
|
||||
translate("Please confirm that your firmware supports FPU.") ..
|
||||
"</font>")
|
||||
s.anonymous = true
|
||||
s:append(Template(appname .. "/app_update/v2ray_version"))
|
||||
s:append(Template(appname .. "/app_update/trojan_go_version"))
|
||||
s:append(Template(appname .. "/app_update/kcptun_version"))
|
||||
s:append(Template(appname .. "/app_update/brook_version"))
|
||||
|
||||
---- V2ray Path
|
||||
o = s:option(Value, "v2ray_file", translate("V2ray Path"), translatef("if you want to run from memory, change the path, such as %s, Then save the application and update it manually.", "/tmp/v2ray/"))
|
||||
o.default = "/usr/bin/v2ray/"
|
||||
o.rmempty = false
|
||||
|
||||
---- Trojan-Go Path
|
||||
o = s:option(Value, "trojan_go_file", translate("Trojan-Go Path"), translatef("if you want to run from memory, change the path, such as %s, Then save the application and update it manually.", "/tmp/trojan-go"))
|
||||
o.default = "/usr/bin/trojan-go"
|
||||
o.rmempty = false
|
||||
|
||||
o = s:option(Value, "trojan_go_latest", translate("Trojan-Go Version API"), translate("alternate API URL for version checking"))
|
||||
o.default = "https://api.github.com/repos/peter-tank/trojan-go/releases/latest"
|
||||
|
||||
---- Kcptun client Path
|
||||
o = s:option(Value, "kcptun_client_file", translate("Kcptun Client Path"), translatef("if you want to run from memory, change the path, such as %s, Then save the application and update it manually.", "/tmp/kcptun-client"))
|
||||
o.default = "/usr/bin/kcptun-client"
|
||||
o.rmempty = false
|
||||
|
||||
--[[
|
||||
o = s:option(Button, "_check_kcptun", translate("Manually update"), translatef("Make sure there is enough space to install %s", "kcptun"))
|
||||
o.template = appname .. "/kcptun"
|
||||
o.inputstyle = "apply"
|
||||
o.btnclick = "onBtnClick_kcptun(this);"
|
||||
o.id = "_kcptun-check_btn"]] --
|
||||
|
||||
---- Brook Path
|
||||
o = s:option(Value, "brook_file", translate("Brook Path"), translatef("if you want to run from memory, change the path, such as %s, Then save the application and update it manually.", "/tmp/brook"))
|
||||
o.default = "/usr/bin/brook"
|
||||
o.rmempty = false
|
||||
|
||||
return m
|
||||
@ -20,7 +20,7 @@ end)
|
||||
m = Map(appname)
|
||||
|
||||
-- [[ Auto Switch Settings ]]--
|
||||
s = m:section(TypedSection, "auto_switch", translate("Auto Switch"))
|
||||
s = m:section(TypedSection, "auto_switch")
|
||||
s.anonymous = true
|
||||
|
||||
---- Enable
|
||||
|
||||
@ -68,8 +68,7 @@ else
|
||||
end
|
||||
|
||||
-- [[ Global Settings ]]--
|
||||
s = m:section(TypedSection, "global", translate("Main Settings"))
|
||||
-- s.description = translate("If you can use it, very stable. If not, GG !!!")
|
||||
s = m:section(TypedSection, "global")
|
||||
s.anonymous = true
|
||||
s.addremove = false
|
||||
|
||||
|
||||
@ -19,7 +19,7 @@ end)
|
||||
m = Map(appname)
|
||||
|
||||
-- [[ Haproxy Settings ]]--
|
||||
s = m:section(TypedSection, "global_haproxy", translate("Load Balancing"))
|
||||
s = m:section(TypedSection, "global_haproxy")
|
||||
s.anonymous = true
|
||||
|
||||
s:append(Template(appname .. "/haproxy/status"))
|
||||
@ -47,7 +47,7 @@ o.default = "1188"
|
||||
o:depends("balancing_enable", 1)
|
||||
|
||||
-- [[ Balancing Settings ]]--
|
||||
s = m:section(TypedSection, "haproxy_config", translate("Load Balancing Setting"),
|
||||
s = m:section(TypedSection, "haproxy_config", "",
|
||||
"<font color='red'>" .. translate("Add a node, Export Of Multi WAN Only support Multi Wan. Load specific gravity range 1-256. Multiple primary servers can be load balanced, standby will only be enabled when the primary server is offline! Multiple groups can be set, Haproxy port same one for each group.").."</font>")
|
||||
s.template = "cbi/tblsection"
|
||||
s.sortable = true
|
||||
|
||||
@ -414,26 +414,35 @@ for a, t in ipairs(header_type_list) do mkcp_guise:value(t) end
|
||||
mkcp_guise:depends("transport", "mkcp")
|
||||
|
||||
mkcp_mtu = s:option(Value, "mkcp_mtu", translate("KCP MTU"))
|
||||
mkcp_mtu.default = "1350"
|
||||
mkcp_mtu:depends("transport", "mkcp")
|
||||
|
||||
mkcp_tti = s:option(Value, "mkcp_tti", translate("KCP TTI"))
|
||||
mkcp_tti.default = "20"
|
||||
mkcp_tti:depends("transport", "mkcp")
|
||||
|
||||
mkcp_uplinkCapacity = s:option(Value, "mkcp_uplinkCapacity", translate("KCP uplinkCapacity"))
|
||||
mkcp_uplinkCapacity.default = "5"
|
||||
mkcp_uplinkCapacity:depends("transport", "mkcp")
|
||||
|
||||
mkcp_downlinkCapacity = s:option(Value, "mkcp_downlinkCapacity", translate("KCP downlinkCapacity"))
|
||||
mkcp_downlinkCapacity.default = "20"
|
||||
mkcp_downlinkCapacity:depends("transport", "mkcp")
|
||||
|
||||
mkcp_congestion = s:option(Flag, "mkcp_congestion", translate("KCP Congestion"))
|
||||
mkcp_congestion:depends("transport", "mkcp")
|
||||
|
||||
mkcp_readBufferSize = s:option(Value, "mkcp_readBufferSize", translate("KCP readBufferSize"))
|
||||
mkcp_readBufferSize.default = "1"
|
||||
mkcp_readBufferSize:depends("transport", "mkcp")
|
||||
|
||||
mkcp_writeBufferSize = s:option(Value, "mkcp_writeBufferSize", translate("KCP writeBufferSize"))
|
||||
mkcp_writeBufferSize.default = "1"
|
||||
mkcp_writeBufferSize:depends("transport", "mkcp")
|
||||
|
||||
mkcp_seed = s:option(Value, "mkcp_seed", translate("KCP Seed"))
|
||||
mkcp_seed:depends("transport", "mkcp")
|
||||
|
||||
-- [[ WebSocket部分 ]]--
|
||||
ws_host = s:option(Value, "ws_host", translate("WebSocket Host"))
|
||||
ws_host:depends("transport", "ws")
|
||||
|
||||
@ -64,45 +64,4 @@ end
|
||||
|
||||
o = s:option(DummyValue, "remarks", translate("Remarks"))
|
||||
|
||||
-- [[ App Settings ]]--
|
||||
s = m:section(TypedSection, "global_app", translate("App Update"),
|
||||
"<font color='red'>" ..
|
||||
translate("Please confirm that your firmware supports FPU.") ..
|
||||
"</font>")
|
||||
s.anonymous = true
|
||||
s:append(Template(appname .. "/rule/v2ray_version"))
|
||||
s:append(Template(appname .. "/rule/trojan_go_version"))
|
||||
s:append(Template(appname .. "/rule/kcptun_version"))
|
||||
s:append(Template(appname .. "/rule/brook_version"))
|
||||
|
||||
---- V2ray Path
|
||||
o = s:option(Value, "v2ray_file", translate("V2ray Path"), translatef("if you want to run from memory, change the path, such as %s, Then save the application and update it manually.", "/tmp/v2ray/"))
|
||||
o.default = "/usr/bin/v2ray/"
|
||||
o.rmempty = false
|
||||
|
||||
---- Trojan-Go Path
|
||||
o = s:option(Value, "trojan_go_file", translate("Trojan-Go Path"), translatef("if you want to run from memory, change the path, such as %s, Then save the application and update it manually.", "/tmp/trojan-go"))
|
||||
o.default = "/usr/bin/trojan-go"
|
||||
o.rmempty = false
|
||||
|
||||
o = s:option(Value, "trojan_go_latest", translate("Trojan-Go Version API"), translate("alternate API URL for version checking"))
|
||||
o.default = "https://api.github.com/repos/peter-tank/trojan-go/releases/latest"
|
||||
|
||||
---- Kcptun client Path
|
||||
o = s:option(Value, "kcptun_client_file", translate("Kcptun Client Path"), translatef("if you want to run from memory, change the path, such as %s, Then save the application and update it manually.", "/tmp/kcptun-client"))
|
||||
o.default = "/usr/bin/kcptun-client"
|
||||
o.rmempty = false
|
||||
|
||||
--[[
|
||||
o = s:option(Button, "_check_kcptun", translate("Manually update"), translatef("Make sure there is enough space to install %s", "kcptun"))
|
||||
o.template = appname .. "/kcptun"
|
||||
o.inputstyle = "apply"
|
||||
o.btnclick = "onBtnClick_kcptun(this);"
|
||||
o.id = "_kcptun-check_btn"]] --
|
||||
|
||||
---- Brook Path
|
||||
o = s:option(Value, "brook_file", translate("Brook Path"), translatef("if you want to run from memory, change the path, such as %s, Then save the application and update it manually.", "/tmp/brook"))
|
||||
o.default = "/usr/bin/brook"
|
||||
o.rmempty = false
|
||||
|
||||
return m
|
||||
|
||||
@ -89,8 +89,7 @@ function gen_config(user)
|
||||
tlsSettings = (node.stream_security == "tls") and {
|
||||
disableSessionResumption = node.sessionTicket ~= "1" and true or false,
|
||||
serverName = node.tls_serverName,
|
||||
allowInsecure = (node.tls_allowInsecure == "1") and true or
|
||||
false
|
||||
allowInsecure = (node.tls_allowInsecure == "1") and true or false
|
||||
} or nil,
|
||||
tcpSettings = (node.transport == "tcp") and {
|
||||
header = {
|
||||
@ -107,25 +106,23 @@ function gen_config(user)
|
||||
mtu = tonumber(node.mkcp_mtu),
|
||||
tti = tonumber(node.mkcp_tti),
|
||||
uplinkCapacity = tonumber(node.mkcp_uplinkCapacity),
|
||||
downlinkCapacity = tonumber(
|
||||
node.mkcp_downlinkCapacity),
|
||||
congestion = (node.mkcp_congestion == "1") and
|
||||
true or false,
|
||||
downlinkCapacity = tonumber(node.mkcp_downlinkCapacity),
|
||||
congestion = (node.mkcp_congestion == "1") and true or false,
|
||||
readBufferSize = tonumber(node.mkcp_readBufferSize),
|
||||
writeBufferSize = tonumber(
|
||||
node.mkcp_writeBufferSize),
|
||||
writeBufferSize = tonumber(node.mkcp_writeBufferSize),
|
||||
seed = (node.mkcp_seed and node.mkcp_seed ~= "") and node.mkcp_seed or nil,
|
||||
header = {type = node.mkcp_guise}
|
||||
} or nil,
|
||||
wsSettings = (node.transport == "ws") and {
|
||||
path = node.ws_path or "",
|
||||
headers = (node.ws_host ~= nil) and
|
||||
{Host = node.ws_host} or nil
|
||||
headers = (node.ws_host ~= nil) and {Host = node.ws_host} or nil
|
||||
} or nil,
|
||||
httpSettings = (node.transport == "h2") and {
|
||||
path = node.h2_path, host = node.h2_host
|
||||
} or nil,
|
||||
dsSettings = (node.transport == "ds") and {
|
||||
path = node.ds_path
|
||||
} or nil,
|
||||
httpSettings = (node.transport == "h2") and
|
||||
{path = node.h2_path, host = node.h2_host} or
|
||||
nil,
|
||||
dsSettings = (node.transport == "ds") and
|
||||
{path = node.ds_path} or nil,
|
||||
quicSettings = (node.transport == "quic") and {
|
||||
security = node.quic_security,
|
||||
key = node.quic_key,
|
||||
@ -165,6 +162,12 @@ function gen_config(user)
|
||||
} or nil
|
||||
}
|
||||
}
|
||||
|
||||
if node.transport == "mkcp" or node.transport == "ds" or node.transport == "quic" then
|
||||
transit_node.streamSettings.security = "none"
|
||||
transit_node.streamSettings.tlsSettings = nil
|
||||
end
|
||||
|
||||
table.insert(outbounds, 1, transit_node)
|
||||
end
|
||||
end
|
||||
@ -214,6 +217,7 @@ function gen_config(user)
|
||||
congestion = (user.mkcp_congestion == "1") and true or false,
|
||||
readBufferSize = tonumber(user.mkcp_readBufferSize),
|
||||
writeBufferSize = tonumber(user.mkcp_writeBufferSize),
|
||||
seed = (user.mkcp_seed and user.mkcp_seed ~= "") and user.mkcp_seed or nil,
|
||||
header = {type = user.mkcp_guise}
|
||||
} or nil,
|
||||
wsSettings = (user.transport == "ws") and {
|
||||
@ -238,5 +242,11 @@ function gen_config(user)
|
||||
outbounds = outbounds,
|
||||
routing = routing
|
||||
}
|
||||
|
||||
if user.transport == "mkcp" or user.transport == "ds" or user.transport == "quic" then
|
||||
user.streamSettings.security = "none"
|
||||
user.streamSettings.tlsSettings = nil
|
||||
end
|
||||
|
||||
return config
|
||||
end
|
||||
|
||||
@ -294,26 +294,35 @@ for a, t in ipairs(header_type_list) do mkcp_guise:value(t) end
|
||||
mkcp_guise:depends("transport", "mkcp")
|
||||
|
||||
mkcp_mtu = s:option(Value, "mkcp_mtu", translate("KCP MTU"))
|
||||
mkcp_mtu.default = "1350"
|
||||
mkcp_mtu:depends("transport", "mkcp")
|
||||
|
||||
mkcp_tti = s:option(Value, "mkcp_tti", translate("KCP TTI"))
|
||||
mkcp_tti.default = "20"
|
||||
mkcp_tti:depends("transport", "mkcp")
|
||||
|
||||
mkcp_uplinkCapacity = s:option(Value, "mkcp_uplinkCapacity", translate("KCP uplinkCapacity"))
|
||||
mkcp_uplinkCapacity.default = "5"
|
||||
mkcp_uplinkCapacity:depends("transport", "mkcp")
|
||||
|
||||
mkcp_downlinkCapacity = s:option(Value, "mkcp_downlinkCapacity", translate("KCP downlinkCapacity"))
|
||||
mkcp_downlinkCapacity.default = "20"
|
||||
mkcp_downlinkCapacity:depends("transport", "mkcp")
|
||||
|
||||
mkcp_congestion = s:option(Flag, "mkcp_congestion", translate("KCP Congestion"))
|
||||
mkcp_congestion:depends("transport", "mkcp")
|
||||
|
||||
mkcp_readBufferSize = s:option(Value, "mkcp_readBufferSize", translate("KCP readBufferSize"))
|
||||
mkcp_readBufferSize.default = "1"
|
||||
mkcp_readBufferSize:depends("transport", "mkcp")
|
||||
|
||||
mkcp_writeBufferSize = s:option(Value, "mkcp_writeBufferSize", translate("KCP writeBufferSize"))
|
||||
mkcp_writeBufferSize.default = "1"
|
||||
mkcp_writeBufferSize:depends("transport", "mkcp")
|
||||
|
||||
mkcp_seed = s:option(Value, "mkcp_seed", translate("KCP Seed"))
|
||||
mkcp_seed:depends("transport", "mkcp")
|
||||
|
||||
-- [[ WebSocket部分 ]]--
|
||||
|
||||
ws_host = s:option(Value, "ws_host", translate("WebSocket Host"))
|
||||
|
||||
@ -67,8 +67,8 @@ msgstr "负载均衡"
|
||||
msgid "Enter interface"
|
||||
msgstr "进入界面"
|
||||
|
||||
msgid "Rule Update"
|
||||
msgstr "自动更新"
|
||||
msgid "Rule"
|
||||
msgstr "规则"
|
||||
|
||||
msgid "Access control"
|
||||
msgstr "访问控制"
|
||||
@ -586,9 +586,6 @@ msgstr "在浏览器输入路由IP加端口访问,如:192.168.1.1:1188"
|
||||
msgid "Haproxy Port"
|
||||
msgstr "负载均衡端口"
|
||||
|
||||
msgid "Load Balancing Setting"
|
||||
msgstr "负载均衡设置"
|
||||
|
||||
msgid "Add a node, Export Of Multi WAN Only support Multi Wan. Load specific gravity range 1-256. Multiple primary servers can be load balanced, standby will only be enabled when the primary server is offline! Multiple groups can be set, Haproxy port same one for each group."
|
||||
msgstr "添加节点,指定出口功能是为多WAN用户准备的。负载比重范围1-256。多个主服务器可以负载均衡,备用只有在主服务器离线时才会启用!可以设置多个组,负载均衡端口相同则为一组。"
|
||||
|
||||
|
||||
@ -95,8 +95,8 @@ hosts_foreach() {
|
||||
[ -z "${__hosts}" ] && return 0
|
||||
local __ip __port
|
||||
for __host in $(echo $__hosts | sed 's/[ ,]/\n/g'); do
|
||||
__ip=$(echo $__host | sed -n 's/\(^[^:#]*\).*$/\1/p')
|
||||
[ -n "${__default_port}" ] && __port=$(echo $__host | sed -n 's/^[^:#]*[:#]\([0-9]*\).*$/\1/p')
|
||||
__port=$(echo $__host | sed -n 's/^.*[:#]\(^[0-9]*\)$/\1/p')
|
||||
__ip="${__host%%${__port:+[:#]${__port}*}}"
|
||||
eval "$__func \"${__host}\" \"\${__ip}\" \"\${__port:-${__default_port}}\" $@"
|
||||
__ret=$?
|
||||
[ ${__ret} -ge ${ERROR_NO_CATCH:-1} ] && return ${__ret}
|
||||
@ -278,7 +278,7 @@ run_socks() {
|
||||
local port=$(config_n_get $node port)
|
||||
local msg
|
||||
|
||||
echolog "分析 Socks 服务 ${bind}:${local_port} 的代理服务器配置...."
|
||||
echolog " 启用 ${bind}:${local_port}"
|
||||
if [ -n "$server_host" ] && [ -n "$port" ]; then
|
||||
server_host=$(echo $server_host | sed 's/^\(https:\/\/\|http:\/\/\)//g' | awk -F '/' '{print $1}')
|
||||
[ -n "$(echo -n $server_host | awk '{print gensub(/[!-~]/,"","g",$0)}')" ] && msg="$remarks,非法的代理服务器地址,无法启动 !"
|
||||
@ -287,13 +287,13 @@ run_socks() {
|
||||
fi
|
||||
|
||||
[ -n "${msg}" ] && {
|
||||
echolog ${msg}
|
||||
echolog " ${msg}"
|
||||
return 1
|
||||
}
|
||||
echolog "使用代理服务器:$remarks,地址:${server_host}:${port}"
|
||||
echolog " 节点:$remarks,${server_host}:${port}"
|
||||
|
||||
if [ "$type" == "socks" ]; then
|
||||
echolog "Socks节点不能使用Socks代理节点!"
|
||||
echolog " 不能使用 Socks 类型的代理节点"
|
||||
elif [ "$type" == "v2ray" ]; then
|
||||
lua $API_GEN_V2RAY $node nil nil $local_port > $config_file
|
||||
ln_start_bin $(config_t_get global_app v2ray_file $(find_bin v2ray))/v2ray v2ray "-config=$config_file"
|
||||
@ -314,11 +314,6 @@ run_socks() {
|
||||
lua $API_GEN_SS $node $local_port > $config_file
|
||||
ln_start_bin $(find_bin ${type}-local) ${type}-local "-c $config_file -b $bind -u"
|
||||
fi
|
||||
|
||||
msg="此 Sock 服务启动失败!"
|
||||
netstat -netplu | grep ":${local_port} "
|
||||
[ $? -eq 0 ] && msg="看起来这个 Socks 服务已经成功开启了。"
|
||||
echolog $msg
|
||||
}
|
||||
|
||||
run_redir() {
|
||||
@ -488,6 +483,7 @@ start_redir() {
|
||||
|
||||
start_socks() {
|
||||
local ids=$(uci show $CONFIG | grep "=socks" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
|
||||
echolog "分析 Socks 服务的节点配置..."
|
||||
for id in $ids; do
|
||||
local enabled=$(config_n_get $id enabled 0)
|
||||
[ "$enabled" == "0" ] && continue
|
||||
@ -732,6 +728,7 @@ gen_pdnsd_config() {
|
||||
local perm_cache=2048
|
||||
local _cache="on"
|
||||
[ "$DNS_CACHE" == "0" ] && _cache="off" && perm_cache=0
|
||||
echolog "准备 pdnsd 配置文件..."
|
||||
cat > $pdnsd_dir/pdnsd.conf <<-EOF
|
||||
global {
|
||||
perm_cache = $perm_cache;
|
||||
@ -754,8 +751,8 @@ gen_pdnsd_config() {
|
||||
EOF
|
||||
|
||||
append_pdnsd_updns() {
|
||||
[ -z "${2}" ] && echolog "略过错误配置的 DNS : [${1}]" && return 0
|
||||
echolog "配置 pdnsd 的上游DNS[${2}:${3}]"
|
||||
[ -z "${2}" ] && echolog " 略过错误 : [${1}]" && return 0
|
||||
echolog " 上游DNS[${2}:${3}]"
|
||||
cat >> $pdnsd_dir/pdnsd.conf <<-EOF
|
||||
server {
|
||||
label = "node-${2}_${3}";
|
||||
@ -936,6 +933,7 @@ start() {
|
||||
add_dnsmasq
|
||||
source $APP_PATH/iptables.sh start
|
||||
/etc/init.d/dnsmasq restart >/dev/null 2>&1
|
||||
echolog "重启 dnsmasq 服务[$?]"
|
||||
}
|
||||
start_crontab
|
||||
echolog "运行完成!\n"
|
||||
@ -953,6 +951,7 @@ stop() {
|
||||
stop_crontab
|
||||
del_dnsmasq
|
||||
/etc/init.d/dnsmasq restart >/dev/null 2>&1
|
||||
echolog "重启 dnsmasq 服务[$?]"
|
||||
echolog "清空并关闭相关程序和缓存完成。"
|
||||
}
|
||||
|
||||
|
||||
@ -30,6 +30,19 @@ comment() {
|
||||
echo "-m comment --comment '$1'"
|
||||
}
|
||||
|
||||
RULE_LAST_INDEX() {
|
||||
[ $# -ge 3 ] || {
|
||||
echolog "索引列举方式不正确(iptables),终止执行!"
|
||||
exit 1
|
||||
}
|
||||
local ipt_tmp=${1}; shift
|
||||
local chain=${1}; shift
|
||||
local list=${1}; shift
|
||||
local default=${1:-0}; shift
|
||||
local _index=$($ipt_tmp -n -L $chain --line-numbers 2>/dev/null | grep "$list" | sed -n '$p' | awk '{print $1}')
|
||||
echo "${_index:-${default}}"
|
||||
}
|
||||
|
||||
REDIRECT() {
|
||||
local redirect="-j REDIRECT --to-ports $1"
|
||||
[ "$2" == "TPROXY" ] && redirect="-j TPROXY --tproxy-mark 0x1/0x1 --on-port $1"
|
||||
@ -136,7 +149,12 @@ load_acl() {
|
||||
[ "$TCP_NODE" != "nil" ] && {
|
||||
eval TCP_NODE_TYPE=$(echo $(config_n_get $TCP_NODE type) | tr 'A-Z' 'a-z')
|
||||
local is_tproxy
|
||||
[ "$TCP_NODE_TYPE" == "brook" -a "$(config_n_get $TCP_NODE brook_protocol client)" == "client" ] && ipt_tmp=$ipt_m && is_tproxy="TPROXY"
|
||||
if [ "$TCP_NODE_TYPE" == "brook" ] && [ "$(config_n_get $TCP_NODE brook_protocol client)" == "client" ]; then
|
||||
echolog "为 brook 启用 TCP TPROXY 模式"
|
||||
ipt_tmp=$ipt_m && is_tproxy="TPROXY"
|
||||
else
|
||||
echolog "使用 TCP FORWARD 模式"
|
||||
fi
|
||||
[ "$tcp_no_redir_ports" != "disable" ] && $ipt_tmp -A PSW $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp -m multiport --dport $tcp_no_redir_ports -j RETURN
|
||||
eval tcp_port=\$TCP_REDIR_PORT$tcp_node
|
||||
$ipt_tmp -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $tcp_port $is_tproxy)
|
||||
@ -149,6 +167,7 @@ load_acl() {
|
||||
|
||||
[ "$udp_proxy_mode" != "disable" ] && {
|
||||
[ "$UDP_NODE" != "nil" ] && {
|
||||
echolog "UDP 代理启用 TPROXY 模式"
|
||||
eval udp_port=\$UDP_REDIR_PORT$udp_node
|
||||
[ "$udp_no_redir_ports" != "disable" ] && $ipt_m -A PSW $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp -m multiport --dport $udp_no_redir_ports -j RETURN
|
||||
$ipt_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $udp_port TPROXY)
|
||||
@ -165,7 +184,12 @@ load_acl() {
|
||||
[ "$TCP_NODE1" != "nil" -a "$TCP_PROXY_MODE" != "disable" ] && {
|
||||
local TCP_NODE1_TYPE=$(echo $(config_n_get $TCP_NODE1 type) | tr 'A-Z' 'a-z')
|
||||
local is_tproxy
|
||||
[ "$TCP_NODE1_TYPE" == "brook" -a "$(config_n_get $TCP_NODE1 brook_protocol client)" == "client" ] && ipt_tmp=$ipt_m && is_tproxy="TPROXY"
|
||||
if [ "$TCP_NODE1_TYPE" == "brook" ] && [ "$(config_n_get $TCP_NODE1 brook_protocol client)" == "client" ]; then
|
||||
ipt_tmp=$ipt_m && is_tproxy="TPROXY"
|
||||
echolog "为 brook TCP默认代理启用 TPROXY 模式!"
|
||||
else
|
||||
echolog "TCP默认代理使用 FORWARD 模式"
|
||||
fi
|
||||
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_tmp -A PSW $(comment "默认") -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
|
||||
$ipt_tmp -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $TCP_REDIR_PORT1 $is_tproxy)
|
||||
$ipt_tmp -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $TCP_PROXY_MODE $TCP_REDIR_PORT1 $is_tproxy)
|
||||
@ -174,11 +198,12 @@ load_acl() {
|
||||
echolog "TCP默认代理模式:$(get_action_chain_name $TCP_PROXY_MODE)"
|
||||
|
||||
# 加载UDP默认代理模式
|
||||
[ "$UDP_NODE1" != "nil" -a "$UDP_PROXY_MODE" != "disable" ] && {
|
||||
if [ "$UDP_NODE1" != "nil" ] && [ "$UDP_PROXY_MODE" != "disable" ]; then
|
||||
echolog "UDP默认代理使用 TPROXY 模式"
|
||||
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW $(comment "默认") -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
|
||||
$ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $UDP_REDIR_PORT1 TPROXY)
|
||||
$ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $UDP_PROXY_MODE $UDP_REDIR_PORT1 TPROXY)
|
||||
}
|
||||
fi
|
||||
$ipt_m -A PSW $(comment "默认") -p udp -j RETURN
|
||||
echolog "UDP默认代理模式:$(get_action_chain_name $UDP_PROXY_MODE)"
|
||||
}
|
||||
@ -187,71 +212,87 @@ filter_vpsip() {
|
||||
echolog "开始过滤所有节点到白名单"
|
||||
uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSIPLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
|
||||
#uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){0,7}::[a-f0-9]{0,4}(:[a-f0-9]{1,4}){0,7}])" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSIP6LIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
|
||||
echolog "过滤所有节点完成"
|
||||
echolog "过滤所有节点直接 IP 地址完成"
|
||||
}
|
||||
|
||||
filter_node() {
|
||||
local proxy_node=${1} stream=$(echo ${2} | tr 'A-Z' 'a-z')
|
||||
local proxy_port=${3}
|
||||
filter_rules() {
|
||||
[ -n "$1" ] && [ "$1" != "nil" ] && {
|
||||
local type=$(echo $(config_n_get $1 type) | tr 'A-Z' 'a-z')
|
||||
local i=$ipt_n
|
||||
[ "$2" == "udp" ] || [ "$type" == "brook" -a "$(config_n_get $1 brook_protocol client)" == "client" ] && i=$ipt_m
|
||||
local address=$(config_n_get $1 address)
|
||||
local port=$(config_n_get $1 port)
|
||||
|
||||
if [ -n "$3" ] && [ "$3" == "1" ] && [ -n "$4" ]; then
|
||||
is_exist=$($i -n -L PSW_OUTPUT 2>/dev/null | grep -c "$address:$port")
|
||||
[ "$is_exist" == 0 ] && {
|
||||
if [ "$i" == "$ipt_m" ]; then
|
||||
$i -I PSW_OUTPUT 2 $(comment "$address:$port") -p $2 -d $address --dport $port $(REDIRECT 1 MARK)
|
||||
else
|
||||
$i -I PSW_OUTPUT 2 $(comment "$address:$port") -p $2 -d $address --dport $port $(REDIRECT $4)
|
||||
fi
|
||||
}
|
||||
else
|
||||
is_exist=$($i -n -L PSW_OUTPUT 2>/dev/null | grep -c "$address:$port")
|
||||
[ "$is_exist" == 0 ] && {
|
||||
local ADD_INDEX=2
|
||||
local INDEX=$($i -n -L PSW_OUTPUT --line-numbers | grep "$IPSET_VPSIPLIST" | sed -n '$p' | awk '{print $1}')
|
||||
[ -n "$INDEX" ] && ADD_INDEX=$INDEX
|
||||
$i -I PSW_OUTPUT $ADD_INDEX $(comment "$address:$port") -p $2 -d $address --dport $port -j RETURN
|
||||
}
|
||||
local msg node=${1} stream=${2}
|
||||
local _proxy=${3} _port=${4}
|
||||
if [ -n "$node" ] && [ "$node" != "nil" ]; then
|
||||
local type=$(echo $(config_n_get $node type) | tr 'A-Z' 'a-z')
|
||||
local address=$(config_n_get $node address)
|
||||
local port=$(config_n_get $node port)
|
||||
local ipt_tmp=$ipt_n
|
||||
if [ "$stream" == "udp" ] || [ "$type" == "brook" -a "$(config_n_get $node brook_protocol client)" == "client" ]; then
|
||||
ipt_tmp=$ipt_m
|
||||
echolog " 为 udp 或 brook 启用 TPROXY 模式"
|
||||
fi
|
||||
}
|
||||
else
|
||||
echolog " 节点配置不正常,略过"
|
||||
return 0
|
||||
fi
|
||||
|
||||
local ADD_INDEX=$(RULE_LAST_INDEX "$ipt_tmp" PSW_OUT_PUT "$IPSET_VPSIPLIST" 2)
|
||||
$ipt_tmp -n -L PSW_OUTPUT | grep -q "${address}:${port}"
|
||||
if [ $? -ne 0 ]; then
|
||||
local dst_rule=$(REDIRECT 1 MARK)
|
||||
msg="按规则路由"
|
||||
[ "$ipt_tmp" == "$ipt_m" ] || {
|
||||
dst_rule=$(REDIRECT $_port)
|
||||
msg="套娃使用"
|
||||
}
|
||||
[ -n "$_proxy" ] && [ "$_proxy" == "1" ] && [ -n "$_port" ] || {
|
||||
dst_rule=" -j RETURN"
|
||||
msg="直连代理"
|
||||
}
|
||||
$ipt_tmp -I PSW_OUTPUT $ADD_INDEX $(comment "${address}:${port}") -p $stream -d $address --dport $port $dst_rule
|
||||
else
|
||||
msg="转发条目已存在,略过"
|
||||
fi
|
||||
msg="${msg}[$?],节点(${type}):${address}:${port}"
|
||||
echolog " $msg"
|
||||
}
|
||||
local v2ray_protocol=$(config_n_get $1 protocol)
|
||||
if [ "$v2ray_protocol" == "_shunt" ]; then
|
||||
local default_node=$(config_n_get $1 default_node nil)
|
||||
filter_rules $default_node $2
|
||||
local proxy_protocol=$(config_n_get $proxy_node protocol)
|
||||
local proxy_type=$(echo $(config_n_get $proxy_node type nil) | tr 'A-Z' 'a-z')
|
||||
[ "$proxy_type" == "nil" ] && echolog " 节点配置不正常,略过!:${proxy_node}" && return 0
|
||||
if [ "$proxy_protocol" == "_shunt" ]; then
|
||||
echolog " 按请求目的地址分流(${proxy_type})..."
|
||||
local default_node=$(config_n_get $proxy_node default_node nil)
|
||||
filter_rules $default_node $stream
|
||||
local default_node_address=$(get_host_ip ipv4 $(config_n_get $default_node address) 1)
|
||||
local default_node_port=$(config_n_get $default_node port)
|
||||
|
||||
local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
|
||||
for shunt_id in $shunt_ids; do
|
||||
local _proxy=$(config_n_get $1 "${shunt_id}_proxy" 0)
|
||||
local _node=$(config_n_get $1 "${shunt_id}" nil)
|
||||
[ "$_proxy" == 1 ] && {
|
||||
local _node_address=$(get_host_ip ipv4 $(config_n_get $_node address) 1)
|
||||
local _node_port=$(config_n_get $_node port)
|
||||
[ "$_node_address" == "$default_node_address" ] && [ "$_node_port" == "$default_node_port" ] && {
|
||||
_proxy=0
|
||||
local shunt_proxy=$(config_n_get $proxy_node "${shunt_id}_proxy" 0)
|
||||
local shunt_node=$(config_n_get $proxy_node "${shunt_id}" nil)
|
||||
[ "$shunt_proxy" == 1 ] && {
|
||||
local shunt_node_address=$(get_host_ip ipv4 $(config_n_get $shunt_node address) 1)
|
||||
local shunt_node_port=$(config_n_get $shunt_node port)
|
||||
[ "$shunt_node_address" == "$default_node_address" ] && [ "$shunt_node_port" == "$default_node_port" ] && {
|
||||
shunt_proxy=0
|
||||
}
|
||||
}
|
||||
filter_rules $(config_n_get $1 $shunt_id) $2 $_proxy $3
|
||||
filter_rules "$(config_n_get $proxy_node $shunt_id)" "$stream" "$shunt_proxy" "$proxy_port"
|
||||
done
|
||||
elif [ "$v2ray_protocol" == "_balancing" ]; then
|
||||
local balancing_node=$(config_n_get $1 balancing_node)
|
||||
for node_id in $balancing_node
|
||||
do
|
||||
filter_rules $node_id $2
|
||||
elif [ "$proxy_protocol" == "_balancing" ]; then
|
||||
echolog " 多节点负载均衡(${proxy_type})..."
|
||||
proxy_node=$(config_n_get $proxy_node balancing_node)
|
||||
for _node in $proxy_node; do
|
||||
filter_rules "$_node" "$stream"
|
||||
done
|
||||
else
|
||||
filter_rules $1 $2
|
||||
echolog " 普通节点(${proxy_type})..."
|
||||
filter_rules "$proxy_node" "$stream"
|
||||
fi
|
||||
}
|
||||
|
||||
dns_hijack() {
|
||||
$ipt_n -I PSW -p udp --dport 53 -j REDIRECT --to-ports 53
|
||||
echolog "强制转发本机DNS端口 UDP/53 的请求[$?]"
|
||||
}
|
||||
|
||||
add_firewall_rule() {
|
||||
@ -272,16 +313,20 @@ add_firewall_rule() {
|
||||
EOF
|
||||
|
||||
# 忽略特殊IP段
|
||||
local lan_ifname lan_ip
|
||||
lan_ifname=$(uci -q -p /var/state get network.lan.ifname)
|
||||
[ -n "$lan_ifname" ] && {
|
||||
lan_ip=$(ip address show $lan_ifname | grep -w "inet" | awk '{print $2}')
|
||||
echolog "本机网段互访直连:${lan_ip}"
|
||||
[ -n "$lan_ip" ] && ipset -! add $IPSET_LANIPLIST $lan_ip >/dev/null 2>&1 &
|
||||
}
|
||||
|
||||
ISP_DNS=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort -u | grep -v 0.0.0.0 | grep -v 127.0.0.1)
|
||||
local ISP_DNS=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort -u | grep -v 0.0.0.0 | grep -v 127.0.0.1)
|
||||
[ -n "$ISP_DNS" ] && {
|
||||
echolog "处理 ISP DNS 例外..."
|
||||
for ispip in $ISP_DNS; do
|
||||
ipset -! add $IPSET_WHITELIST $ispip >/dev/null 2>&1 &
|
||||
echolog " 追加到白名单:${ispip}"
|
||||
done
|
||||
}
|
||||
|
||||
@ -311,27 +356,6 @@ add_firewall_rule() {
|
||||
ip rule add fwmark 1 lookup 100
|
||||
ip route add local 0.0.0.0/0 dev lo table 100
|
||||
|
||||
# 过滤Socks节点
|
||||
local ids=$(uci show $CONFIG | grep "=socks" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
|
||||
for id in $ids; do
|
||||
local enabled=$(config_n_get $id enabled 0)
|
||||
[ "$enabled" == "0" ] && continue
|
||||
local node=$(config_n_get $id node nil)
|
||||
if [ "$(echo $node | grep ^tcp)" ]; then
|
||||
local num=$(echo $node | sed "s/tcp//g")
|
||||
eval node=\$TCP_NODE$num
|
||||
fi
|
||||
[ "$node" == "nil" ] && continue
|
||||
filter_node $node tcp
|
||||
filter_node $node udp
|
||||
done
|
||||
|
||||
for i in $(seq 1 $TCP_NODE_NUM); do
|
||||
eval node=\$TCP_NODE$i
|
||||
eval port=\$TCP_REDIR_PORT$i
|
||||
[ "$node" != "nil" ] && filter_node $node tcp $port
|
||||
done
|
||||
|
||||
# 加载路由器自身代理 TCP
|
||||
if [ "$TCP_NODE1" != "nil" ]; then
|
||||
local ipt_tmp=$ipt_n
|
||||
@ -340,7 +364,9 @@ add_firewall_rule() {
|
||||
local blist_r=$(REDIRECT $TCP_REDIR_PORT1)
|
||||
local p_r=$(get_redirect_ipt $LOCALHOST_TCP_PROXY_MODE $TCP_REDIR_PORT1)
|
||||
TCP_NODE1_TYPE=$(echo $(config_n_get $TCP_NODE1 type) | tr 'A-Z' 'a-z')
|
||||
echolog "加载路由器自身 TCP 代理..."
|
||||
if [ "$TCP_NODE1_TYPE" == "brook" ] && [ "$(config_n_get $TCP_NODE1 brook_protocol client)" == "client" ]; then
|
||||
echolog " 为 brook 启用 TCP TPROXY 模式"
|
||||
ipt_tmp=$ipt_m
|
||||
dns_l="PSW"
|
||||
dns_r="$(REDIRECT $TCP_REDIR_PORT1 TPROXY)"
|
||||
@ -350,66 +376,122 @@ add_firewall_rule() {
|
||||
_proxy_tcp_access() {
|
||||
[ -n "${2}" ] || return 0
|
||||
ipset test $IPSET_LANIPLIST ${2} 2>/dev/null
|
||||
[ $? == 0 ] && return 0
|
||||
$ipt_tmp -I $dns_l 2 -p tcp -d ${2} --dport ${3} $dns_r
|
||||
[ "$ipt_tmp" == "$ipt_m" ] && $ipt_tmp -I PSW_OUTPUT 2 -p tcp -d ${2} --dport ${3} $(REDIRECT 1 MARK)
|
||||
[ $? -eq 0 ] && {
|
||||
echolog " 上游 DNS 服务器 ${2} 已在直接访问的列表中,不强制向 TCP 代理转发对该服务器 TCP/${3} 端口的访问"
|
||||
return 0
|
||||
}
|
||||
local ADD_INDEX=$(RULE_LAST_INDEX "$ipt_tmp" "$dns_l" "$IPSET_VPSIPLIST" 2)
|
||||
$ipt_tmp -I $dns_l $ADD_INDEX -p tcp -d ${2} --dport ${3} $dns_r
|
||||
[ "$ipt_tmp" == "$ipt_m" ] && $ipt_tmp -I PSW_OUTPUT $ADD_INDEX -p tcp -d ${2} --dport ${3} $(REDIRECT 1 MARK)
|
||||
echolog " 将上游 DNS 服务器 ${2}:${3} 加入到路由器自身代理的 TCP 转发链${ADD_INDEX}[$?]"
|
||||
}
|
||||
[ "$use_tcp_node_resolve_dns" == 1 ] && hosts_foreach DNS_FORWARD _proxy_tcp_access 53
|
||||
$ipt_tmp -A OUTPUT -p tcp -j PSW_OUTPUT
|
||||
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_tmp -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
|
||||
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && {
|
||||
$ipt_tmp -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
|
||||
echolog " 按要求设置全局例外 TCP 端口[$?]:$TCP_NO_REDIR_PORTS"
|
||||
}
|
||||
$ipt_tmp -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $blist_r
|
||||
$ipt_tmp -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $p_r
|
||||
fi
|
||||
|
||||
local PRE_INDEX=1
|
||||
ADBYBY_INDEX=$($ipt_n -L PREROUTING --line-numbers | grep "ADBYBY" | sed -n '$p' | awk '{print $1}')
|
||||
if [ -n "$ADBYBY_INDEX" ]; then
|
||||
PRE_INDEX=$(expr $ADBYBY_INDEX + 1)
|
||||
|
||||
local PR_INDEX=$(RULE_LAST_INDEX "$ipt_n" PREROUTING ADBYBY)
|
||||
if [ "$PR_INDEX" == "0" ]; then
|
||||
PR_INDEX=$(RULE_LAST_INDEX "$ipt_n" PREROUTING prerouting_rule)
|
||||
else
|
||||
PR_INDEX=$($ipt_n -L PREROUTING --line-numbers | grep "prerouting_rule" | sed -n '$p' | awk '{print $1}')
|
||||
[ -n "$PR_INDEX" ] && PRE_INDEX=$(expr $PR_INDEX + 1)
|
||||
echolog "发现 adbyby 规则链,adbyby 规则优先..."
|
||||
fi
|
||||
$ipt_n -I PREROUTING $PRE_INDEX -p tcp -j PSW
|
||||
PR_INDEX=$((PR_INDEX + 1))
|
||||
$ipt_n -I PREROUTING $PR_INDEX -p tcp -j PSW
|
||||
echolog "使用链表 PREROUTING 排列索引${PR_INDEX}[$?]"
|
||||
|
||||
if [ "$PROXY_IPV6" == "1" ]; then
|
||||
local msg="IPv6 配置不当,无法代理"
|
||||
[ -n "$lan_ifname" ] && {
|
||||
lan_ipv6=$(ip address show $lan_ifname | grep -w "inet6" | awk '{print $2}') #当前LAN IPv6段
|
||||
[ -n "$lan_ipv6" ] && {
|
||||
$ip6t_n -N PSW
|
||||
$ip6t_n -A PREROUTING -j PSW
|
||||
msg="接管 IPv6 流量[$?]"
|
||||
[ -n "$lan_ipv6" ] && {
|
||||
for ip in $lan_ipv6; do
|
||||
$ip6t_n -A PSW -d $ip -j RETURN
|
||||
done
|
||||
}
|
||||
[ "$use_ipv6" == "1" -a -n "$server_ip" ] && $ip6t_n -A PSW -d $server_ip -j RETURN
|
||||
[ "$use_ipv6" == "1" ] && [ -n "$server_ip" ] && $ip6t_n -A PSW -d $server_ip -j RETURN
|
||||
$ip6t_n -A PSW -p tcp $(REDIRECT $TCP_REDIR_PORT1)
|
||||
#$ip6t_n -I OUTPUT -p tcp -j PSW
|
||||
msg="${msg},转发 IPv6 TCP 流量到节点1[$?]"
|
||||
}
|
||||
}
|
||||
echolog "$msg"
|
||||
fi
|
||||
|
||||
for i in $(seq 1 $UDP_NODE_NUM); do
|
||||
eval node=\$UDP_NODE$i
|
||||
eval port=\$UDP_REDIR_PORT$i
|
||||
[ "$node" == "tcp" ] && eval node=\$TCP_NODE$i && eval port=\$TCP_REDIR_PORT$i
|
||||
[ "$node" != "nil" ] && filter_node $node udp $port
|
||||
|
||||
# 过滤Socks节点
|
||||
local ids=$(uci show $CONFIG | grep "=socks" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
|
||||
echolog "分析 Socks 服务所使用节点..."
|
||||
for id in $ids; do
|
||||
local enabled=$(config_n_get $id enabled 0)
|
||||
[ "$enabled" == "1" ] || continue
|
||||
local node=$(config_n_get $id node nil)
|
||||
local port=$(config_n_get $id port 0)
|
||||
local msg="Socks 服务 [:${port}]"
|
||||
if [ "$node" == "nil" ] || [ "$port" == "0" ]; then
|
||||
msg="${msg} 未配置完全,略过"
|
||||
elif [ "$(echo $node | grep ^tcp)" ]; then
|
||||
local num=$(echo $node | sed "s/tcp//g")
|
||||
eval "node=\${TCP_NODE$num}"
|
||||
msg="${msg} 使用与 TCP 代理自动切换${num} 相同的节点,延后处理"
|
||||
else
|
||||
filter_node $node tcp
|
||||
filter_node $node udp
|
||||
fi
|
||||
echolog " $msg[$?]"
|
||||
done
|
||||
|
||||
# 处理轮换节点的分流或套娃
|
||||
local node port stream
|
||||
for stream in TCP UDP; do
|
||||
for switch in $(eval "seq 1 \${${stream}_NODE_NUM}"); do
|
||||
eval "node=\${${stream}_NODE$switch}"
|
||||
eval "port=\${${stream}_REDIR_PORT$switch}"
|
||||
echolog "分析 $stream 代理自动切换$switch..."
|
||||
[ "$node" == "tcp" ] && [ "$stream" == "UDP" ] && {
|
||||
eval "node=\${TCP_NODE$switch}"
|
||||
eval "port=\${TCP_REDIR_PORT$switch}"
|
||||
echolog " 采用 TCP 代理的配置"
|
||||
}
|
||||
|
||||
if [ "$node" != "nil" ]; then
|
||||
filter_node $node $stream $port
|
||||
else
|
||||
echolog " 忽略无效的 $stream 代理自动切换$switch"
|
||||
fi
|
||||
done
|
||||
done
|
||||
|
||||
# 加载路由器自身代理 UDP
|
||||
if [ "$UDP_NODE1" != "nil" ]; then
|
||||
echolog "加载路由器自身 UDP 代理..."
|
||||
local UDP_NODE1_TYPE=$(echo $(config_n_get $UDP_NODE1 type) | tr 'A-Z' 'a-z')
|
||||
_proxy_udp_access() {
|
||||
[ -n "${2}" ] || return 0
|
||||
ipset test $IPSET_LANIPLIST ${2} 2>/dev/null
|
||||
[ $? == 0 ] && return 0
|
||||
local ADD_INDEX=2
|
||||
[ $? == 0 ] && {
|
||||
echolog " 上游 DNS 服务器 ${2} 已在直接访问的列表中,不强制向 UDP 代理转发对该服务器 UDP/${3} 端口的访问"
|
||||
return 0
|
||||
}
|
||||
local ADD_INDEX=$(RULE_LAST_INDEX "$ipt_tmp" "$dns_l" "$IPSET_VPSIPLIST" 2)
|
||||
$ipt_m -I PSW $ADD_INDEX -p udp -d ${2} --dport ${3} $(REDIRECT $UDP_REDIR_PORT1 TPROXY)
|
||||
$ipt_m -I PSW_OUTPUT $ADD_INDEX -p udp -d ${2} --dport ${3} $(REDIRECT 1 MARK)
|
||||
echolog " 将上游 DNS 服务器 ${2}:${3} 加入到路由器自身代理的 UDP 转发链${ADD_INDEX}[$?]"
|
||||
}
|
||||
[ "$use_udp_node_resolve_dns" == 1 ] && hosts_foreach DNS_FORWARD _proxy_udp_access 53
|
||||
$ipt_m -A OUTPUT -p udp -j PSW_OUTPUT
|
||||
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
|
||||
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && {
|
||||
$ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
|
||||
echolog " 按要求配置例外 UDP 端口[$?]:$UDP_NO_REDIR_PORTS"
|
||||
}
|
||||
$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT 1 MARK)
|
||||
$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $LOCALHOST_UDP_PROXY_MODE 1 MARK)
|
||||
fi
|
||||
|
||||
@ -49,6 +49,8 @@ fox.com
|
||||
gamer.com.tw
|
||||
ggpht.com
|
||||
github-production-release-asset-2e65be.s3.amazonaws.com
|
||||
githubapp.com
|
||||
githubassets.com
|
||||
github.com
|
||||
github.io
|
||||
githubusercontent.com
|
||||
|
||||
Loading…
Reference in New Issue
Block a user