fish/immortalwrt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

luci-app-passwall: update

Browse Source
This commit is contained in:
CN_SZTL 2019-11-16 08:31:55 +08:00
parent 3249c311c5
commit ad464a0ca3
No known key found for this signature in database
GPG Key ID: 6850B6345C862176
25 changed files with 864 additions and 741 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
package/jsda/openwrt-redsocks2/README.md
View File

@ -1,46 +0,0 @@
RedSocks2 for OpenWrt
===
简介
---
本项目是 [RedSocks2][1] 在 OpenWrt 上的移植
当前版本: 0.60-2
[预编译 IPK 下载][2]
编译
---
- 从 OpenWrt 的 [SDK][S] 编译
```bash
# 以 ar71xx 平台为例
tar xjf OpenWrt-SDK-ar71xx-for-linux-x86_64-gcc-4.8-linaro_uClibc-0.9.33.2.tar.bz2
cd OpenWrt-SDK-ar71xx-*
# 获取 Makefile
git clone https://github.com/aa65535/openwrt-redsocks2.git package/redsocks2
# 选择要编译的包 Network -> redsocks2
make menuconfig
# 开始编译
make package/redsocks2/compile V=99
```
----------
Name | Description
-------------------------|-----------------------------------
[openwrt-chinadns][5] | ChinaDNS-C for OpenWrt
[openwrt-dnsmasq][6] | Dnsmasq Patch & Makefile for OpenWrt
[openwrt-shadowsocks][7] | Shadowsocks-libev for OpenWrt
[openwrt-shadowvpn][8] | ShadowVPN for OpenWrt
[openwrt-dist-luci][L] | LuCI Applications for OpenWrt-dist
[1]: https://github.com/semigodking/redsocks
[2]: http://sourceforge.net/projects/openwrt-dist/files/redsocks2/
[5]: https://github.com/aa65535/openwrt-chinadns
[6]: https://github.com/aa65535/openwrt-dnsmasq
[7]: https://github.com/shadowsocks/openwrt-shadowsocks
[8]: https://github.com/aa65535/openwrt-shadowvpn
[S]: http://wiki.openwrt.org/doc/howto/obtain.firmware.sdk
[L]: https://github.com/aa65535/openwrt-dist-luci

9
package/jsda/openwrt-redsocks2/files/redsocks2.config
View File

@ -1,9 +0,0 @@
config redsocks2
option enable '1'
option local_port '12345'
option proxy_type 'socks5'
option proxy_ip '127.0.0.1'
option proxy_port '1080'
option auto_proxy '1'
option timeout '5'

78
package/jsda/openwrt-redsocks2/files/redsocks2.init
View File

@ -1,78 +0,0 @@
#!/bin/sh /etc/rc.common
START=90
STOP=15
SERVICE_USE_PID=1
SERVICE_WRITE_PID=1
SERVICE_DAEMONIZE=1
CONFIG=/var/etc/redsocks2.conf
TPL=/etc/redsocks2/config.template
get_args() {
config_get_bool enable $1 enable
config_get local_port $1 local_port
config_get proxy_type $1 proxy_type
config_get proxy_ip $1 proxy_ip
config_get proxy_port $1 proxy_port
config_get_bool auto_proxy $1 auto_proxy
config_get timeout $1 timeout
}
start_redsocks2() {
mkdir -p $(dirname $CONFIG)
sed -e "s#|LOCAL_PORT|#$local_port#" \
-e "s#|PROXY_TYPE|#$proxy_type#" \
-e "s#|PROXY_IP|#$proxy_ip#" \
-e "s#|PROXY_PORT|#$proxy_port#" \
-e "s#|AUTO_PROXY|#$auto_proxy#" \
-e "s#|TIMEOUT|#${timeout:-5}#" \
$TPL >$CONFIG
service_start /usr/bin/redsocks2 -c $CONFIG || exit 1
iptables-restore -n <<-EOF
*nat
:REDSOCKS2 - [0:0]
-A REDSOCKS2 -d $proxy_ip -j RETURN
-A REDSOCKS2 -d 0.0.0.0/8 -j RETURN
-A REDSOCKS2 -d 10.0.0.0/8 -j RETURN
-A REDSOCKS2 -d 100.64.0.0/10 -j RETURN
-A REDSOCKS2 -d 127.0.0.0/8 -j RETURN
-A REDSOCKS2 -d 169.254.0.0/16 -j RETURN
-A REDSOCKS2 -d 172.16.0.0/12 -j RETURN
-A REDSOCKS2 -d 192.0.0.0/24 -j RETURN
-A REDSOCKS2 -d 192.0.2.0/24 -j RETURN
-A REDSOCKS2 -d 192.88.99.0/24 -j RETURN
-A REDSOCKS2 -d 192.168.0.0/16 -j RETURN
-A REDSOCKS2 -d 198.18.0.0/15 -j RETURN
-A REDSOCKS2 -d 198.51.100.0/24 -j RETURN
-A REDSOCKS2 -d 203.0.113.0/24 -j RETURN
-A REDSOCKS2 -d 224.0.0.0/4 -j RETURN
-A REDSOCKS2 -d 240.0.0.0/4 -j RETURN
-A REDSOCKS2 -d 255.255.255.255 -j RETURN
-A REDSOCKS2 -p tcp -j REDIRECT --to-ports $local_port
-A zone_lan_prerouting -p tcp -j REDSOCKS2
COMMIT
EOF
}
boot() {
until iptables-save -t nat | grep -q "^:zone_lan_prerouting"; do
sleep 1
done
start
}
start() {
config_load redsocks2
config_foreach get_args redsocks2
[ "$enable" = 1 ] && start_redsocks2
}
stop() {
service_stop /usr/bin/redsocks2
iptables -t nat -D zone_lan_prerouting -p tcp -j REDSOCKS2 2>/dev/null
iptables -t nat -F REDSOCKS2 2>/dev/null && \
iptables -t nat -X REDSOCKS2
}

17
package/jsda/openwrt-redsocks2/files/redsocks2.template
View File

@ -1,17 +0,0 @@
base {
log_debug = off;
log_info = off;
log = "file:/dev/null";
daemon = off;
redirector = iptables;
}
redsocks {
local_ip = 0.0.0.0;
local_port = |LOCAL_PORT|;
ip = |PROXY_IP|;
port = |PROXY_PORT|;
type = |PROXY_TYPE|;
autoproxy = |AUTO_PROXY|;
timeout = |TIMEOUT|;
}

18
package/lienol/luci-app-passwall/Makefile
View File

@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-passwall
PKG_VERSION:=2.0
PKG_RELEASE:=90-20191103
PKG_RELEASE:=99-20191114
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
PO2LMO:=./po2lmo
@ -16,6 +16,10 @@ include $(INCLUDE_DIR)/package.mk
define Package/$(PKG_NAME)/config
menu "Configuration"
config PACKAGE_$(PKG_NAME)_INCLUDE_redsocks2
bool "Include RedSocks2"
default y
config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks
bool "Include Shadowsocks Redir (ss-redir)"
@ -35,6 +39,10 @@ config PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_socks
config PACKAGE_$(PKG_NAME)_INCLUDE_V2ray
bool "Include V2ray"
default y
config PACKAGE_$(PKG_NAME)_INCLUDE_Trojan
bool "Include Trojan"
default n
config PACKAGE_$(PKG_NAME)_INCLUDE_Brook
@ -47,7 +55,7 @@ config PACKAGE_$(PKG_NAME)_INCLUDE_kcptun
config PACKAGE_$(PKG_NAME)_INCLUDE_haproxy
bool "Include haproxy"
default y
default n
config PACKAGE_$(PKG_NAME)_INCLUDE_ChinaDNS
bool "Include ChinaDNS"
@ -69,17 +77,19 @@ endmenu
endef
define Package/$(PKG_NAME)
CATEGORY:=LuCI
CATEGORY:=LuCI for Lienol
SUBMENU:=3. Applications
TITLE:=LuCI support for PassWall(fanqiang) By Lienol
TITLE:=LuCI support for PassWall By Lienol
PKGARCH:=all
DEPENDS:=+curl +libcurl +libmbedtls +ca-bundle +ca-certificates +resolveip +iptables-mod-tproxy +kmod-ipt-tproxy +iptables-mod-ipopt +kmod-ipt-ipopt +ip +ipset +coreutils +coreutils-base64 +coreutils-nohup +luci-lib-jsonc +unzip \
+dnsmasq-full \
+PACKAGE_$(PKG_NAME)_INCLUDE_redsocks2:redsocks2 \
+PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks:shadowsocks-libev-ss-redir \
+PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR:shadowsocksr-libev-alt \
+PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_socks:shadowsocks-libev-ss-local \
+PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_socks:shadowsocksr-libev-ssr-local \
+PACKAGE_$(PKG_NAME)_INCLUDE_V2ray:v2ray \
+PACKAGE_$(PKG_NAME)_INCLUDE_Trojan:trojan +redsocks2 \
+PACKAGE_$(PKG_NAME)_INCLUDE_Brook:brook \
+PACKAGE_$(PKG_NAME)_INCLUDE_kcptun:kcptun-client \
+PACKAGE_$(PKG_NAME)_INCLUDE_haproxy:haproxy \

76
package/lienol/luci-app-passwall/luasrc/controller/passwall.lua
View File

@ -21,8 +21,8 @@ function index()
_("Basic Settings"), 1).dependent = true
entry({"admin", "vpn", "passwall", "server_list"},
cbi("passwall/server_list"), _("Server List"), 2).dependent = true
entry({"admin", "vpn", "passwall", "auto_switch"},
cbi("passwall/auto_switch"), _("Auto Switch"), 3).leaf = true
-- entry({"admin", "vpn", "passwall", "auto_switch"},
-- cbi("passwall/auto_switch"), _("Auto Switch"), 3).leaf = true
entry({"admin", "vpn", "passwall", "other"}, cbi("passwall/other"),
_("Other Settings"), 94).leaf = true
if nixio.fs.access("/usr/sbin/haproxy") then
@ -106,27 +106,8 @@ end
function clear_log() luci.sys.call("echo '' > /var/log/passwall.log") end
function server_status()
local tcp_redir_port = luci.sys.exec(
"echo -n `uci get " .. appname ..
".@global_proxy[0].tcp_redir_port`")
local udp_redir_port = luci.sys.exec(
"echo -n `uci get " .. appname ..
".@global_proxy[0].udp_redir_port`")
-- local dns_mode = luci.sys.exec("echo -n `uci get " .. appname .. ".@global[0].dns_mode`")
local e = {}
e.tcp_redir_status = luci.sys.call("ps -w | grep -v grep | grep -i -E '" ..
appname ..
"/TCP|brook tproxy -l 0.0.0.0:" ..
tcp_redir_port .. "' >/dev/null") ==
0
e.udp_redir_status = luci.sys.call("ps -w | grep -v grep | grep -i -E '" ..
appname ..
"/UDP|brook tproxy -l 0.0.0.0:" ..
udp_redir_port .. "' >/dev/null") ==
0
e.socks5_proxy_status = luci.sys.call(
"ps -w | grep -v grep | grep -i -E '" .. appname ..
"/SOCKS5|brook client' >/dev/null") == 0
e.dns_mode_status = luci.sys.call("netstat -apn | grep 7913 >/dev/null") ==
0
e.haproxy_status = luci.sys.call(
@ -135,6 +116,48 @@ function server_status()
e.kcptun_status = luci.sys.call(
"ps -w | grep -v grep | grep -i 'log /var/etc/" ..
appname .. "/kcptun' >/dev/null") == 0
local tcp_redir_server_num = luci.sys.exec(
"echo -n `uci get %s.@global_other[0].tcp_redir_server_num`" %
appname)
for i = 1, tcp_redir_server_num, 1 do
local listen_port = luci.sys.exec(
string.format(
"[ -f '/var/etc/passwall/port/TCP_%s' ] && echo -n `cat /var/etc/passwall/port/TCP_%s`",
i, i))
e["tcp_redir_server%s_status" % i] =
luci.sys.call(string.format(
"ps -w | grep -v grep | grep -i -E '%s/TCP_%s|brook tproxy -l 0.0.0.0:%s' >/dev/null",
appname, i, listen_port)) == 0
end
local udp_redir_server_num = luci.sys.exec(
"echo -n `uci get %s.@global_other[0].udp_redir_server_num`" %
appname)
for i = 1, udp_redir_server_num, 1 do
local listen_port = luci.sys.exec(
string.format(
"[ -f '/var/etc/passwall/port/UDP_%s' ] && echo -n `cat /var/etc/passwall/port/UDP_%s`",
i, i))
e["udp_redir_server%s_status" % i] =
luci.sys.call(string.format(
"ps -w | grep -v grep | grep -i -E '%s/UDP_%s|brook tproxy -l 0.0.0.0:%s' >/dev/null",
appname, i, listen_port)) == 0
end
local socks5_proxy_server_num = luci.sys.exec(
"echo -n `uci get %s.@global_other[0].socks5_proxy_server_num`" %
appname)
for i = 1, socks5_proxy_server_num, 1 do
local listen_port = luci.sys.exec(
string.format(
"[ -f '/var/etc/passwall/port/Socks5_%s' ] && echo -n `cat /var/etc/passwall/port/Socks5_%s`",
i, i))
e["socks5_proxy_server%s_status" % i] =
luci.sys.call(string.format(
"ps -w | grep -v grep | grep -i -E '%s/Socks5_%s|brook client -l 0.0.0.0:%s' >/dev/null",
appname, i, listen_port)) == 0
end
luci.http.prepare_content("application/json")
luci.http.write_json(e)
end
@ -177,15 +200,22 @@ end
function set_server()
local e = {}
local protocol = luci.http.formvalue("protocol")
local number = luci.http.formvalue("number")
local section = luci.http.formvalue("section")
if protocol == "tcp" then
luci.sys.call(
"uci set passwall.@global[0].tcp_redir_server=" .. section ..
"uci set passwall.@global[0].tcp_redir_server" .. number .. "=" ..
section ..
" && uci commit passwall && /etc/init.d/passwall restart")
elseif protocol == "udp" then
luci.sys.call(
"uci set passwall.@global[0].udp_redir_server=" .. section ..
"uci set passwall.@global[0].udp_redir_server" .. number .. "=" ..
section ..
" && uci commit passwall && /etc/init.d/passwall restart")
elseif protocol == "socks5" then
luci.sys.call("uci set passwall.@global[0].socks5_proxy_server" ..
number .. "=" .. section ..
" && uci commit passwall && /etc/init.d/passwall restart")
end
luci.http.prepare_content("application/json")
luci.http.write_json(e)

11
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_trojan_client_config_file.lua
View File

@ -1,15 +1,14 @@
local ucursor = require"luci.model.uci".cursor()
local json = require "luci.jsonc"
local server_section = arg[1]
local proto = arg[2]
local redir_port = arg[3]
local socks5_proxy_port = arg[4]
local run_type = arg[2]
local proxy_port = arg[3]
local server = ucursor:get_all("passwall", server_section)
local trojan = {
run_type = "client",
run_type = run_type,
local_addr = "0.0.0.0",
local_port = socks5_proxy_port,
local_port = proxy_port,
remote_addr = server.server,
remote_port = tonumber(server.server_port),
password = {server.password},
@ -28,7 +27,7 @@ local trojan = {
tcp = {
no_delay = true,
keep_alive = true,
fast_open = false,
fast_open = (server.fast_open == "true") and true or false,
fast_open_qlen = 20
}
}

26
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/global.lua
View File

@ -43,7 +43,7 @@ s.anonymous = true
s.addremove = false
---- TCP Redir Server
o = s:option(ListValue, "tcp_redir_server", translate("TCP Redir Server"),
o = s:option(ListValue, "tcp_redir_server1", translate("TCP Redir Server"),
translate("For used to surf the Internet."))
o:value("nil", translate("Close"))
for _, key in pairs(key_table) do o:value(key, n[key]) end
@ -61,7 +61,7 @@ end
---- UDP Redir Server
if has_udp_relay() then
o = s:option(ListValue, "udp_redir_server", translate("UDP Redir Server"),
o = s:option(ListValue, "udp_redir_server1", translate("UDP Redir Server"),
translate("For Game Mode or DNS resolution and more.") ..
translate("The selected server will not use Kcptun."))
o:value("nil", translate("Close"))
@ -81,22 +81,32 @@ if has_udp_relay() then
end
---- Socks5 Proxy Server
o = s:option(ListValue, "socks5_proxy_server", translate("Socks5 Proxy Server"),
o = s:option(ListValue, "socks5_proxy_server1",
translate("Socks5 Proxy Server"),
translate("The client can use the router's Socks5 proxy"))
o:value("nil", translate("Close"))
for _, key in pairs(key_table) do o:value(key, n[key]) end
local socks5_proxy_server_num = uci:get(appname, "@global_other[0]",
"socks5_proxy_server_num")
if socks5_proxy_server_num and tonumber(socks5_proxy_server_num) >= 2 then
for i = 2, socks5_proxy_server_num, 1 do
o = s:option(ListValue, "socks5_proxy_server" .. i,
translate("Socks5 Proxy Server") .. " " .. i)
o:value("nil", translate("Close"))
for _, key in pairs(key_table) do o:value(key, n[key]) end
end
end
---- DNS Forward Mode
o = s:option(ListValue, "dns_mode", translate("DNS Forward Mode"))
o.rmempty = false
o:reset_values()
if is_installed("ChinaDNS") or is_finded("chinadns") then
if is_installed("openwrt_chinadns") or is_finded("chinadns") then
o:value("chinadns", "ChinaDNS")
end
if (is_installed("dns2socks") or is_finded("dns2socks")) and
(is_finded("ss-local") or is_finded("ssr-local")) then
o:value("dns2socks",
"dns2socks " .. translate("Only SS/R servers are supported"))
if is_installed("dns2socks") or is_finded("dns2socks") then
o:value("dns2socks", "dns2socks " .. translate("Need Socks5 server"))
end
if is_installed("pcap-dnsproxy") or is_finded("Pcap_DNSProxy") then
o:value("Pcap_DNSProxy", "Pcap_DNSProxy")

35
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/other.lua
View File

@ -168,19 +168,20 @@ s.addremove = false
---- TCP Redir Port
o = s:option(Value, "tcp_redir_port", translate("TCP Redir Port"))
o.datatype = "port"
o.default = 1031
o.default = 1041
o.rmempty = true
---- UDP Redir Port
o = s:option(Value, "udp_redir_port", translate("UDP Redir Port"))
o.datatype = "port"
o.default = 1032
o.default = 1051
o.rmempty = true
---- Socks5 Proxy Port
o = s:option(Value, "socks5_port", translate("Socks5 Proxy Port"))
o = s:option(Value, "socks5_proxy_port", translate("Socks5 Proxy Port"))
o.datatype = "port"
o.default = 1033
o.default = 1061
o.rmempty = true
---- Kcptun Port
o = s:option(Value, "kcptun_port", translate("Kcptun Port"))
@ -200,8 +201,10 @@ s.addremove = false
---- TCP Servers Number Option
o = s:option(ListValue, "tcp_redir_server_num",
translate("TCP Redir Server Number"), translate(
"You can only set up a maximum of 3 servers for the time being"))
translate("TCP Redir Server Number"),
translatef(
"You can only set up a maximum of %s servers for the time being",
"3"))
o.default = "1"
o.rmempty = false
o:value("1")
@ -210,14 +213,30 @@ o:value("3")
---- UDP Servers Number Option
o = s:option(ListValue, "udp_redir_server_num",
translate("UDP Redir Server Number"), translate(
"You can only set up a maximum of 3 servers for the time being"))
translate("UDP Redir Server Number"),
translatef(
"You can only set up a maximum of %s servers for the time being",
"3"))
o.default = "1"
o.rmempty = false
o:value("1")
o:value("2")
o:value("3")
---- Socks5 Servers Number Option
o = s:option(ListValue, "socks5_proxy_server_num",
translate("Socks5 Proxy Server Number"),
translatef(
"You can only set up a maximum of %s servers for the time being",
"5"))
o.default = "1"
o.rmempty = false
o:value("1")
o:value("2")
o:value("3")
o:value("4")
o:value("5")
---- Hide Menu
o = s:option(Button, "hide", translate("Hide Menu"), translate(
"After the hidden to the display, type in the address bar enter the admin/vpn/passwall/show, such as: http://192.168.1.1/cgi-bin/luci/admin/vpn/passwall/show"))

407
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/serverconfig.lua
View File

@ -10,7 +10,7 @@ end
local function is_installed(e) return ipkg.installed(e) end
local ss_encrypt_method = {
local ss_encrypt_method_list = {
"rc4-md5", "aes-128-cfb", "aes-192-cfb", "aes-256-cfb", "aes-128-ctr",
"aes-192-ctr", "aes-256-ctr", "bf-cfb", "camellia-128-cfb",
"camellia-192-cfb", "camellia-256-cfb", "salsa20", "chacha20",
@ -19,7 +19,7 @@ local ss_encrypt_method = {
"xchacha20-ietf-poly1305"
}
local ssr_encrypt_method = {
local ssr_encrypt_method_list = {
"none", "table", "rc2-cfb", "rc4", "rc4-md5", "rc4-md5-6", "aes-128-cfb",
"aes-192-cfb", "aes-256-cfb", "aes-128-ctr", "aes-192-ctr", "aes-256-ctr",
"bf-cfb", "camellia-128-cfb", "camellia-192-cfb", "camellia-256-cfb",
@ -27,20 +27,20 @@ local ssr_encrypt_method = {
"chacha20-ietf"
}
local ssr_protocol = {
local ssr_protocol_list = {
"origin", "verify_simple", "verify_deflate", "verify_sha1", "auth_simple",
"auth_sha1", "auth_sha1_v2", "auth_sha1_v4", "auth_aes128_md5",
"auth_aes128_sha1", "auth_chain_a", "auth_chain_b", "auth_chain_c",
"auth_chain_d", "auth_chain_e", "auth_chain_f"
}
local ssr_obfs = {
local ssr_obfs_list = {
"plain", "http_simple", "http_post", "random_head", "tls_simple",
"tls1.0_session_auth", "tls1.2_ticket_auth"
}
local v2ray_security = {"none", "auto", "aes-128-gcm", "chacha20-poly1305"}
local v2ray_security_list = {"none", "auto", "aes-128-gcm", "chacha20-poly1305"}
local v2ray_header_type = {
local v2ray_header_type_list = {
"none", "srtp", "utp", "wechat-video", "dtls", "wireguard"
}
@ -53,252 +53,307 @@ s = m:section(NamedSection, arg[1], "servers", "")
s.addremove = false
s.dynamic = false
o = s:option(Value, "remarks", translate("Node Remarks"))
o.default = translate("Node Remarks")
o.rmempty = false
remarks = s:option(Value, "remarks", translate("Node Remarks"))
remarks.default = translate("Node Remarks")
remarks.rmempty = false
serverType = s:option(ListValue, "server_type", translate("Server Type"))
server_type = s:option(ListValue, "server_type", translate("Server Type"))
if is_installed("redsocks2") or is_finded("redsocks2") then
server_type:value("Socks5", translate("Socks5 Server"))
end
if is_finded("ss-redir") then
serverType:value("SS", translate("Shadowsocks Server"))
server_type:value("SS", translate("Shadowsocks Server"))
end
if is_finded("ssr-redir") then
serverType:value("SSR", translate("ShadowsocksR Server"))
server_type:value("SSR", translate("ShadowsocksR Server"))
end
if is_installed("v2ray") then
serverType:value("V2ray", translate("V2ray Server"))
server_type:value("V2ray", translate("V2ray Server"))
end
if is_installed("brook") or is_finded("brook") then
serverType:value("Brook", translate("Brook Server"))
server_type:value("Brook", translate("Brook Server"))
end
if is_installed("trojan") or is_finded("trojan") then
serverType:value("Trojan", translate("Trojan Server"))
server_type:value("Trojan", translate("Trojan Server"))
end
o = s:option(ListValue, "v2ray_protocol", translate("V2ray Protocol"))
o:value("vmess", translate("Vmess"))
o:depends("server_type", "V2ray")
v2ray_protocol = s:option(ListValue, "v2ray_protocol",
translate("V2ray Protocol"))
v2ray_protocol:value("vmess", translate("Vmess"))
v2ray_protocol:depends("server_type", "V2ray")
o.rmempty = false
o = s:option(Value, "server", translate("Server Address (Support Domain Name)"))
o.rmempty = false
server = s:option(Value, "server",
translate("Server Address (Support Domain Name)"))
server.rmempty = false
o = s:option(Flag, "use_ipv6", translate("Use IPv6"))
o.default = 0
use_ipv6 = s:option(Flag, "use_ipv6", translate("Use IPv6"))
use_ipv6.default = 0
o = s:option(Value, "server_port", translate("Server Port"))
o.datatype = "port"
o.rmempty = false
server_port = s:option(Value, "server_port", translate("Server Port"))
server_port.datatype = "port"
server_port.rmempty = false
o = s:option(Value, "password", translate("Password"))
o.password = true
o.rmempty = false
o:depends("server_type", "SS")
o:depends("server_type", "SSR")
o:depends("server_type", "Brook")
o:depends("server_type", "Trojan")
username = s:option(Value, "username", translate("Username"))
username:depends("server_type", "Socks5")
o = s:option(ListValue, "ss_encrypt_method", translate("Encrypt Method"))
for a, t in ipairs(ss_encrypt_method) do o:value(t) end
o:depends("server_type", "SS")
password = s:option(Value, "password", translate("Password"))
password.password = true
password:depends("server_type", "Socks5")
password:depends("server_type", "SS")
password:depends("server_type", "SSR")
password:depends("server_type", "Brook")
password:depends("server_type", "Trojan")
o = s:option(ListValue, "ssr_encrypt_method", translate("Encrypt Method"))
for a, t in ipairs(ssr_encrypt_method) do o:value(t) end
o:depends("server_type", "SSR")
ss_encrypt_method = s:option(ListValue, "ss_encrypt_method",
translate("Encrypt Method"))
for a, t in ipairs(ss_encrypt_method_list) do ss_encrypt_method:value(t) end
ss_encrypt_method:depends("server_type", "SS")
o = s:option(ListValue, "v2ray_security", translate("Encrypt Method"))
for a, t in ipairs(v2ray_security) do o:value(t) end
o:depends("server_type", "V2ray")
ssr_encrypt_method = s:option(ListValue, "ssr_encrypt_method",
translate("Encrypt Method"))
for a, t in ipairs(ssr_encrypt_method_list) do ssr_encrypt_method:value(t) end
ssr_encrypt_method:depends("server_type", "SSR")
o = s:option(ListValue, "protocol", translate("Protocol"))
for a, t in ipairs(ssr_protocol) do o:value(t) end
o:depends("server_type", "SSR")
v2ray_security = s:option(ListValue, "v2ray_security",
translate("Encrypt Method"))
for a, t in ipairs(v2ray_security_list) do v2ray_security:value(t) end
v2ray_security:depends("server_type", "V2ray")
o = s:option(Value, "protocol_param", translate("Protocol_param"))
o:depends("server_type", "SSR")
protocol = s:option(ListValue, "protocol", translate("Protocol"))
for a, t in ipairs(ssr_protocol_list) do protocol:value(t) end
protocol:depends("server_type", "SSR")
o = s:option(ListValue, "obfs", translate("Obfs"))
for a, t in ipairs(ssr_obfs) do o:value(t) end
o:depends("server_type", "SSR")
protocol_param = s:option(Value, "protocol_param", translate("Protocol_param"))
protocol_param:depends("server_type", "SSR")
o = s:option(Value, "obfs_param", translate("Obfs_param"))
o:depends("server_type", "SSR")
obfs = s:option(ListValue, "obfs", translate("Obfs"))
for a, t in ipairs(ssr_obfs_list) do obfs:value(t) end
obfs:depends("server_type", "SSR")
o = s:option(Value, "timeout", translate("Connection Timeout"))
o.datatype = "uinteger"
o.default = 300
o.rmempty = false
o:depends("server_type", "SS")
o:depends("server_type", "SSR")
obfs_param = s:option(Value, "obfs_param", translate("Obfs_param"))
obfs_param:depends("server_type", "SSR")
o = s:option(ListValue, "fast_open", translate("Fast_open"))
o:value("false")
o:value("true")
o.rmempty = false
o:depends("server_type", "SS")
o:depends("server_type", "SSR")
timeout = s:option(Value, "timeout", translate("Connection Timeout"))
timeout.datatype = "uinteger"
timeout.default = 300
timeout:depends("server_type", "SS")
timeout:depends("server_type", "SSR")
o = s:option(Flag, "use_kcp", translate("Use Kcptun"),
"<span style='color:red'>" .. translate(
"Please confirm whether the Kcptun is installed. If not, please go to Rule Update download installation.") ..
"</span>")
o.default = 0
o:depends("server_type", "SS")
o:depends("server_type", "SSR")
o:depends("server_type", "Brook")
fast_open = s:option(ListValue, "fast_open", translate("Fast_open"))
fast_open:value("false")
fast_open:value("true")
fast_open:depends("server_type", "SS")
fast_open:depends("server_type", "SSR")
fast_open:depends("server_type", "Trojan")
o = s:option(Value, "kcp_server", translate("Kcptun Server"))
o.placeholder = translate("Default:Current Server")
o:depends("use_kcp", "1")
use_kcp = s:option(Flag, "use_kcp", translate("Use Kcptun"),
"<span style='color:red'>" .. translate(
"Please confirm whether the Kcptun is installed. If not, please go to Rule Update download installation.") ..
"</span>")
use_kcp.default = 0
use_kcp:depends("server_type", "SS")
use_kcp:depends("server_type", "SSR")
use_kcp:depends("server_type", "Brook")
o = s:option(Flag, "kcp_use_ipv6", translate("Use IPv6"))
o.default = 0
o:depends("use_kcp", "1")
kcp_server = s:option(Value, "kcp_server", translate("Kcptun Server"))
kcp_server.placeholder = translate("Default:Current Server")
kcp_server:depends("use_kcp", "1")
o = s:option(Value, "kcp_port", translate("Kcptun Port"))
o.datatype = "port"
o:depends("use_kcp", "1")
kcp_use_ipv6 = s:option(Flag, "kcp_use_ipv6", translate("Use IPv6"))
kcp_use_ipv6.default = 0
kcp_use_ipv6:depends("use_kcp", "1")
o = s:option(TextValue, "kcp_opts", translate("Kcptun Config"), translate(
"--crypt aes192 --key abc123 --mtu 1350 --sndwnd 128 --rcvwnd 1024 --mode fast"))
o.placeholder =
kcp_port = s:option(Value, "kcp_port", translate("Kcptun Port"))
kcp_port.datatype = "port"
kcp_port:depends("use_kcp", "1")
kcp_opts = s:option(TextValue, "kcp_opts", translate("Kcptun Config"),
translate(
"--crypt aes192 --key abc123 --mtu 1350 --sndwnd 128 --rcvwnd 1024 --mode fast"))
kcp_opts.placeholder =
"--crypt aes192 --key abc123 --mtu 1350 --sndwnd 128 --rcvwnd 1024 --mode fast"
o:depends("use_kcp", "1")
kcp_opts:depends("use_kcp", "1")
o = s:option(Value, "v2ray_VMess_id", translate("ID"))
o.password = true
o.rmempty = false
o:depends("v2ray_protocol", "vmess")
v2ray_VMess_id = s:option(Value, "v2ray_VMess_id", translate("ID"))
v2ray_VMess_id.password = true
v2ray_VMess_id:depends("v2ray_protocol", "vmess")
o = s:option(Value, "v2ray_VMess_alterId", translate("Alter ID"))
o.rmempty = false
o:depends("v2ray_protocol", "vmess")
v2ray_VMess_alterId = s:option(Value, "v2ray_VMess_alterId",
translate("Alter ID"))
v2ray_VMess_alterId:depends("v2ray_protocol", "vmess")
o = s:option(Value, "v2ray_VMess_level", translate("User Level"))
o.default = 1
o:depends("server_type", "V2ray")
v2ray_VMess_level =
s:option(Value, "v2ray_VMess_level", translate("User Level"))
v2ray_VMess_level.default = 1
v2ray_VMess_level:depends("server_type", "V2ray")
o = s:option(ListValue, "v2ray_stream_security",
translate("Transport Layer Encryption"), translate(
'Whether or not transport layer encryption is enabled, the supported options are "none" for unencrypted (default) and "TLS" for using TLS.'))
o:value("none", "none")
o:value("tls", "tls")
o:depends("server_type", "V2ray")
v2ray_stream_security = s:option(ListValue, "v2ray_stream_security",
translate("Transport Layer Encryption"),
translate(
'Whether or not transport layer encryption is enabled, the supported options are "none" for unencrypted (default) and "TLS" for using TLS.'))
v2ray_stream_security:value("none", "none")
v2ray_stream_security:value("tls", "tls")
v2ray_stream_security:depends("server_type", "V2ray")
-- [[ TLS部分 ]] --
o = s:option(Value, "tls_serverName", translate("Domain"))
o:depends("v2ray_stream_security", "tls")
tls_serverName = s:option(Value, "tls_serverName", translate("Domain"))
tls_serverName:depends("v2ray_stream_security", "tls")
o = s:option(Flag, "tls_allowInsecure", translate("allowInsecure"), translate(
"Whether unsafe connections are allowed. When checked, V2Ray does not check the validity of the TLS certificate provided by the remote host."))
o.default = "0"
o.rmempty = false
o:depends("v2ray_stream_security", "tls")
tls_allowInsecure = s:option(Flag, "tls_allowInsecure",
translate("allowInsecure"), translate(
"Whether unsafe connections are allowed. When checked, V2Ray does not check the validity of the TLS certificate provided by the remote host."))
tls_allowInsecure.default = "0"
tls_allowInsecure.rmempty = false
tls_allowInsecure:depends("v2ray_stream_security", "tls")
o = s:option(ListValue, "v2ray_transport", translate("Transport"))
o:value("tcp", "TCP")
o:value("mkcp", "mKCP")
o:value("ws", "WebSocket")
o:value("h2", "HTTP/2")
o:value("ds", "DomainSocket")
o:value("quic", "QUIC")
o:depends("server_type", "V2ray")
v2ray_transport = s:option(ListValue, "v2ray_transport", translate("Transport"))
v2ray_transport:value("tcp", "TCP")
v2ray_transport:value("mkcp", "mKCP")
v2ray_transport:value("ws", "WebSocket")
v2ray_transport:value("h2", "HTTP/2")
v2ray_transport:value("ds", "DomainSocket")
v2ray_transport:value("quic", "QUIC")
v2ray_transport:depends("server_type", "V2ray")
-- [[ TCP部分 ]]--
-- TCP伪装
o = s:option(ListValue, "v2ray_tcp_guise", translate("Camouflage Type"))
o:depends("v2ray_transport", "tcp")
o:value("none", "none")
o:value("http", "http")
v2ray_tcp_guise = s:option(ListValue, "v2ray_tcp_guise",
translate("Camouflage Type"))
v2ray_tcp_guise:depends("v2ray_transport", "tcp")
v2ray_tcp_guise:value("none", "none")
v2ray_tcp_guise:value("http", "http")
-- HTTP域名
o = s:option(DynamicList, "v2ray_tcp_guise_http_host", translate("HTTP Host"))
o:depends("v2ray_tcp_guise", "http")
v2ray_tcp_guise_http_host = s:option(DynamicList, "v2ray_tcp_guise_http_host",
translate("HTTP Host"))
v2ray_tcp_guise_http_host:depends("v2ray_tcp_guise", "http")
-- HTTP路径
o = s:option(DynamicList, "v2ray_tcp_guise_http_path", translate("HTTP Path"))
o:depends("v2ray_tcp_guise", "http")
v2ray_tcp_guise_http_path = s:option(DynamicList, "v2ray_tcp_guise_http_path",
translate("HTTP Path"))
v2ray_tcp_guise_http_path:depends("v2ray_tcp_guise", "http")
-- [[ mKCP部分 ]]--
o = s:option(ListValue, "v2ray_mkcp_guise", translate("Camouflage Type"),
translate(
'<br>none: default, no masquerade, data sent is packets with no characteristics.<br>srtp: disguised as an SRTP packet, it will be recognized as video call data (such as FaceTime).<br>utp: packets disguised as uTP will be recognized as bittorrent downloaded data.<br>wechat-video: packets disguised as WeChat video calls.<br>dtls: disguised as DTLS 1.2 packet.<br>wireguard: disguised as a WireGuard packet. (not really WireGuard protocol)'))
for a, t in ipairs(v2ray_header_type) do o:value(t) end
o:depends("v2ray_transport", "mkcp")
v2ray_mkcp_guise = s:option(ListValue, "v2ray_mkcp_guise",
translate("Camouflage Type"), translate(
'<br>none: default, no masquerade, data sent is packets with no characteristics.<br>srtp: disguised as an SRTP packet, it will be recognized as video call data (such as FaceTime).<br>utp: packets disguised as uTP will be recognized as bittorrent downloaded data.<br>wechat-video: packets disguised as WeChat video calls.<br>dtls: disguised as DTLS 1.2 packet.<br>wireguard: disguised as a WireGuard packet. (not really WireGuard protocol)'))
for a, t in ipairs(v2ray_header_type_list) do v2ray_mkcp_guise:value(t) end
v2ray_mkcp_guise:depends("v2ray_transport", "mkcp")
o = s:option(Value, "v2ray_mkcp_mtu", translate("KCP MTU"))
o:depends("v2ray_transport", "mkcp")
v2ray_mkcp_mtu = s:option(Value, "v2ray_mkcp_mtu", translate("KCP MTU"))
v2ray_mkcp_mtu:depends("v2ray_transport", "mkcp")
o = s:option(Value, "v2ray_mkcp_tti", translate("KCP TTI"))
o:depends("v2ray_transport", "mkcp")
v2ray_mkcp_tti = s:option(Value, "v2ray_mkcp_tti", translate("KCP TTI"))
v2ray_mkcp_tti:depends("v2ray_transport", "mkcp")
o =
s:option(Value, "v2ray_mkcp_uplinkCapacity", translate("KCP uplinkCapacity"))
o:depends("v2ray_transport", "mkcp")
v2ray_mkcp_uplinkCapacity = s:option(Value, "v2ray_mkcp_uplinkCapacity",
translate("KCP uplinkCapacity"))
v2ray_mkcp_uplinkCapacity:depends("v2ray_transport", "mkcp")
o = s:option(Value, "v2ray_mkcp_downlinkCapacity",
translate("KCP downlinkCapacity"))
o:depends("v2ray_transport", "mkcp")
v2ray_mkcp_downlinkCapacity = s:option(Value, "v2ray_mkcp_downlinkCapacity",
translate("KCP downlinkCapacity"))
v2ray_mkcp_downlinkCapacity:depends("v2ray_transport", "mkcp")
o = s:option(Flag, "v2ray_mkcp_congestion", translate("KCP Congestion"))
o:depends("v2ray_transport", "mkcp")
v2ray_mkcp_congestion = s:option(Flag, "v2ray_mkcp_congestion",
translate("KCP Congestion"))
v2ray_mkcp_congestion:depends("v2ray_transport", "mkcp")
o =
s:option(Value, "v2ray_mkcp_readBufferSize", translate("KCP readBufferSize"))
o:depends("v2ray_transport", "mkcp")
v2ray_mkcp_readBufferSize = s:option(Value, "v2ray_mkcp_readBufferSize",
translate("KCP readBufferSize"))
v2ray_mkcp_readBufferSize:depends("v2ray_transport", "mkcp")
o = s:option(Value, "v2ray_mkcp_writeBufferSize",
translate("KCP writeBufferSize"))
o:depends("v2ray_transport", "mkcp")
v2ray_mkcp_writeBufferSize = s:option(Value, "v2ray_mkcp_writeBufferSize",
translate("KCP writeBufferSize"))
v2ray_mkcp_writeBufferSize:depends("v2ray_transport", "mkcp")
-- [[ WebSocket部分 ]]--
o = s:option(Value, "v2ray_ws_host", translate("WebSocket Host"))
o:depends("v2ray_transport", "ws")
v2ray_ws_host = s:option(Value, "v2ray_ws_host", translate("WebSocket Host"))
v2ray_ws_host:depends("v2ray_transport", "ws")
o = s:option(Value, "v2ray_ws_path", translate("WebSocket Path"))
o:depends("v2ray_transport", "ws")
v2ray_ws_path = s:option(Value, "v2ray_ws_path", translate("WebSocket Path"))
v2ray_ws_path:depends("v2ray_transport", "ws")
-- [[ HTTP/2部分 ]]--
o = s:option(DynamicList, "v2ray_h2_host", translate("HTTP/2 Host"))
o:depends("v2ray_transport", "h2")
v2ray_h2_host = s:option(DynamicList, "v2ray_h2_host", translate("HTTP/2 Host"))
v2ray_h2_host:depends("v2ray_transport", "h2")
o = s:option(Value, "v2ray_h2_path", translate("HTTP/2 Path"))
o:depends("v2ray_transport", "h2")
v2ray_h2_path = s:option(Value, "v2ray_h2_path", translate("HTTP/2 Path"))
v2ray_h2_path:depends("v2ray_transport", "h2")
-- [[ DomainSocket部分 ]]--
o = s:option(Value, "v2ray_ds_path", "Path", translate(
"A legal file path. This file must not exist before running V2Ray."))
o:depends("v2ray_transport", "ds")
v2ray_ds_path = s:option(Value, "v2ray_ds_path", "Path", translate(
"A legal file path. This file must not exist before running V2Ray."))
v2ray_ds_path:depends("v2ray_transport", "ds")
-- [[ QUIC部分 ]]--
o = s:option(ListValue, "v2ray_quic_security", translate("Encrypt Method"))
o:value("none")
o:value("aes-128-gcm")
o:value("chacha20-poly1305")
o:depends("v2ray_transport", "quic")
v2ray_quic_security = s:option(ListValue, "v2ray_quic_security",
translate("Encrypt Method"))
v2ray_quic_security:value("none")
v2ray_quic_security:value("aes-128-gcm")
v2ray_quic_security:value("chacha20-poly1305")
v2ray_quic_security:depends("v2ray_transport", "quic")
o = s:option(Value, "v2ray_quic_key",
translate("Encrypt Method") .. translate("Key"))
o:depends("v2ray_transport", "quic")
v2ray_quic_key = s:option(Value, "v2ray_quic_key",
translate("Encrypt Method") .. translate("Key"))
v2ray_quic_key:depends("v2ray_transport", "quic")
o = s:option(ListValue, "v2ray_quic_guise", translate("Camouflage Type"))
for a, t in ipairs(v2ray_header_type) do o:value(t) end
o:depends("v2ray_transport", "quic")
v2ray_quic_guise = s:option(ListValue, "v2ray_quic_guise",
translate("Camouflage Type"))
for a, t in ipairs(v2ray_header_type_list) do v2ray_quic_guise:value(t) end
v2ray_quic_guise:depends("v2ray_transport", "quic")
-- [[ 其它 ]]--
o = s:option(Flag, "v2ray_mux", translate("Mux"))
o:depends("server_type", "V2ray")
v2ray_mux = s:option(Flag, "v2ray_mux", translate("Mux"))
v2ray_mux:depends("server_type", "V2ray")
o = s:option(Value, "v2ray_mux_concurrency", translate("Mux Concurrency"))
o.default = 8
o:depends("v2ray_mux", "1")
v2ray_mux_concurrency = s:option(Value, "v2ray_mux_concurrency",
translate("Mux Concurrency"))
v2ray_mux_concurrency.default = 8
v2ray_mux_concurrency:depends("v2ray_mux", "1")
-- o = s:option(Flag, "v2ray_insecure", translate("allowInsecure"))
-- o:depends("server_type", "V2ray")
-- v2ray_insecure = s:option(Flag, "v2ray_insecure", translate("allowInsecure"))
-- v2ray_insecure:depends("server_type", "V2ray")
function rmempty_restore()
password.rmempty = true
timeout.rmempty = true
fast_open.rmempty = true
v2ray_protocol.rmempty = true
v2ray_VMess_id.rmempty = true
v2ray_VMess_alterId.rmempty = true
end
server_type.validate = function(self, value)
rmempty_restore()
if value == "SS" then
password.rmempty = false
timeout.rmempty = false
fast_open.rmempty = false
elseif value == "SSR" then
password.rmempty = false
timeout.rmempty = false
fast_open.rmempty = false
elseif value == "V2ray" then
v2ray_protocol.rmempty = false
v2ray_VMess_id.rmempty = false
v2ray_VMess_alterId.rmempty = false
elseif value == "Brook" then
password.rmempty = false
elseif value == "Trojan" then
password.rmempty = false
fast_open.rmempty = false
end
return value
end
v2ray_transport.validate = function(self, value)
return value
end
return m

97
package/lienol/luci-app-passwall/luasrc/view/passwall/global/status.htm
View File

@ -12,6 +12,10 @@ end
local function has_udp_relay()
return luci.sys.call("lsmod | grep TPROXY >/dev/null") == 0
end
local tcp_redir_server_num = luci.sys.exec("echo -n `uci get passwall.@global_other[0].tcp_redir_server_num`")
local udp_redir_server_num = luci.sys.exec("echo -n `uci get passwall.@global_other[0].udp_redir_server_num`")
local socks5_proxy_num = luci.sys.exec("echo -n `uci get passwall.@global_other[0].socks5_proxy_server_num`")
-%>
<style>
@ -59,32 +63,47 @@ end
<%:Running Status%>
</legend>
<fieldset class="cbi-section">
<div class="cbi-value">
<label class="cbi-value-title">TCP
<%:Status%>
</label>
<div class="cbi-value-field" id="_tcp_redir_status">
<%:Collecting data...%>
<% if tcp_redir_server_num and tonumber(tcp_redir_server_num) >= 1 then %>
<% for i = 1, tcp_redir_server_num, 1 do %>
<div class="cbi-value">
<label class="cbi-value-title">TCP_<%=i%>
<%:Status%>
</label>
<div class="cbi-value-field" id="_tcp_redir_server<%=i%>_status">
<%:Collecting data...%>
</div>
</div>
</div>
<% if has_udp_relay() then %>
<div class="cbi-value">
<label class="cbi-value-title">UDP
<%:Status%>
</label>
<div class="cbi-value-field" id="_udp_redir_status">
<%:Collecting data...%>
</div>
</div>
<% end %>
<% end %>
<div class="cbi-value">
<label class="cbi-value-title">Socks5
<%:Status%>
</label>
<div class="cbi-value-field" id="_socks5_proxy_status">
<%:Collecting data...%>
<% if has_udp_relay() then %>
<% if udp_redir_server_num and tonumber(udp_redir_server_num) >= 1 then %>
<% for i = 1, udp_redir_server_num, 1 do %>
<div class="cbi-value">
<label class="cbi-value-title">UDP_<%=i%>
<%:Status%>
</label>
<div class="cbi-value-field" id="_udp_redir_server<%=i%>_status">
<%:Collecting data...%>
</div>
</div>
<% end %>
<% end %>
<% end %>
<% if socks5_proxy_num and tonumber(socks5_proxy_num) >= 1 then %>
<% for i = 1, socks5_proxy_num, 1 do %>
<div class="cbi-value">
<label class="cbi-value-title">Socks5_<%=i%>
<%:Status%>
</label>
<div class="cbi-value-field" id="_socks5_proxy_server<%=i%>_status">
<%:Collecting data...%>
</div>
</div>
</div>
<% end %>
<% end %>
<div class="cbi-value">
<label class="cbi-value-title">DNS
<%:Status%>
@ -152,9 +171,6 @@ end
<script type="text/javascript">
//<![CDATA[
var tcp_redir_status = document.getElementById('_tcp_redir_status');
var udp_redir_status = document.getElementById('_udp_redir_status');
var socks5_proxy_status = document.getElementById('_socks5_proxy_status');
var dns_mode_status = document.getElementById('_dns_mode_status');
var haproxy_status = document.getElementById('_haproxy_status');
var kcptun_status = document.getElementById('_kcptun_status');
@ -163,12 +179,29 @@ end
XHR.poll(3, '<%=dsp.build_url("admin/vpn/passwall/server_status")%>', null,
function(x, json) {
if(x && x.status == 200) {
if(tcp_redir_status)
tcp_redir_status.innerHTML = json.tcp_redir_status ? '<font color=green><%:RUNNING%> ✓</font>' : '<font color=red><%:NOT RUNNING%> X</font>';
if(udp_redir_status)
udp_redir_status.innerHTML = json.udp_redir_status ? '<font color=green><%:RUNNING%> ✓</font>' : '<font color=red><%:NOT RUNNING%> X</font>';
if(socks5_proxy_status)
socks5_proxy_status.innerHTML = json.socks5_proxy_status ? '<font color=green><%:RUNNING%> ✓</font>' : '<font color=red><%:NOT RUNNING%> X</font>';
<% if tcp_redir_server_num and tonumber(tcp_redir_server_num) >= 1 then %>
<% for i = 1, tcp_redir_server_num, 1 do %>
var tcp_redir_server<%=i%>_status = document.getElementById('_tcp_redir_server<%=i%>_status');
if(tcp_redir_server<%=i%>_status)
tcp_redir_server<%=i%>_status.innerHTML = json.tcp_redir_server<%=i%>_status ? '<font color=green><%:RUNNING%> ✓</font>' : '<font color=red><%:NOT RUNNING%> X</font>';
<% end %>
<% end %>
<% if has_udp_relay() then %>
<% if udp_redir_server_num and tonumber(udp_redir_server_num) >= 1 then %>
<% for i = 1, udp_redir_server_num, 1 do %>
var udp_redir_server<%=i%>_status = document.getElementById('_udp_redir_server<%=i%>_status');
if(udp_redir_server<%=i%>_status)
udp_redir_server<%=i%>_status.innerHTML = json.udp_redir_server<%=i%>_status ? '<font color=green><%:RUNNING%> ✓</font>' : '<font color=red><%:NOT RUNNING%> X</font>';
<% end %>
<% end %>
<% end %>
<% if socks5_proxy_num and tonumber(socks5_proxy_num) >= 1 then %>
<% for i = 1, socks5_proxy_num, 1 do %>
var socks5_proxy_server<%=i%>_status = document.getElementById('_socks5_proxy_server<%=i%>_status');
if(socks5_proxy_server<%=i%>_status)
socks5_proxy_server<%=i%>_status.innerHTML = json.socks5_proxy_server<%=i%>_status ? '<font color=green><%:RUNNING%> ✓</font>' : '<font color=red><%:NOT RUNNING%> X</font>';
<% end %>
<% end %>
if(dns_mode_status)
dns_mode_status.innerHTML = json.dns_mode_status ? '<font color=green><%:RUNNING%> ✓</font>' : '<font color=red><%:NOT RUNNING%> X</font>';
if(haproxy_status)

24
package/lienol/luci-app-passwall/luasrc/view/passwall/server_list/apply.htm
View File

@ -1,3 +1,8 @@
<%
local tcp_redir_server_num = luci.sys.exec("echo -n `uci get passwall.@global_other[0].tcp_redir_server_num`")
local udp_redir_server_num = luci.sys.exec("echo -n `uci get passwall.@global_other[0].udp_redir_server_num`")
local socks5_proxy_num = luci.sys.exec("echo -n `uci get passwall.@global_other[0].socks5_proxy_server_num`")
-%>
<style>
.apply a:hover{
text-decoration : underline;
@ -6,8 +11,23 @@
<%+cbi/valueheader%>
<span class="apply" hint="<%=self:cfgvalue(section)%>">
<a href="javascript:set_server('tcp','<%=section%>')">TCP</a>
<a href="javascript:set_server('udp','<%=section%>')">UDP</a>
<% if tcp_redir_server_num and tonumber(tcp_redir_server_num) >= 1 then %>
<% for i = 1, tcp_redir_server_num, 1 do %>
<a href="javascript:set_server('tcp',<%=i%>,'<%=section%>')">TCP<%=i%></a>
<% end %>
<% end %>
<% if udp_redir_server_num and tonumber(udp_redir_server_num) >= 1 then %>
<% for i = 1, udp_redir_server_num, 1 do %>
<a href="javascript:set_server('udp',<%=i%>,'<%=section%>')">UDP<%=i%></a>
<% end %>
<% end %>
<% if socks5_proxy_num and tonumber(socks5_proxy_num) >= 1 then %>
<% for i = 1, socks5_proxy_num, 1 do %>
<a href="javascript:set_server('socks5',<%=i%>,'<%=section%>')">Socks5_<%=i%></a>
<% end %>
<% end %>
<!-- <a href="javascript:copy_server('<%=section%>')">Copy</a> -->
</span>
<%+cbi/valuefooter%>

6
package/lienol/luci-app-passwall/luasrc/view/passwall/server_list/server_list.htm
View File

@ -16,9 +16,9 @@ local dsp = require "luci.dispatcher"
);
}
function set_server(protocol,section) {
if (confirm('<%:Are you sure set to%> '+protocol.toUpperCase()+' <%:the server?%>')==true){
XHR.get('<%=dsp.build_url("admin/vpn/passwall/set_server")%>', { "protocol" : protocol , "section" : section },
function set_server(protocol,number,section) {
if (confirm('<%:Are you sure set to%> ' + protocol.toUpperCase() + "_" + number + '<%:the server?%>')==true){
XHR.get('<%=dsp.build_url("admin/vpn/passwall/set_server")%>', { "protocol" : protocol , "number" : number , "section" : section },
function(x, result) {
if(x && x.status == 200) {
window.location.href = '<%=dsp.build_url("admin/vpn/passwall/log")%>'

14
package/lienol/luci-app-passwall/po/zh-cn/passwall.po
View File

@ -7,6 +7,9 @@ msgstr "ShadowSocks 服务器"
msgid "ShadowsocksR Server"
msgstr "ShadowSocksR 服务器"
msgid "Socks5 Server"
msgstr "Socks5 服务器"
msgid "V2ray Server"
msgstr "V2ray 服务器"
@ -148,8 +151,8 @@ msgstr "DNS服务器"
msgid "example: 114.114.114.114,208.67.222.222:443,8.8.8.8<br>Need at least one,Other DNS services can be used as upstream, such as smartdns."
msgstr "例114.114.114.114,208.67.222.222:443,8.8.8.8<br>需要至少一个服务器其他DNS服务可以作为上游使用比如smartdns。"
msgid "Only SS/R servers are supported"
msgstr "仅支持SS/R服务器"
msgid "Need Socks5 server"
msgstr "需要Socks5"
msgid "Multi Process Option"
msgstr "多进程并发转发"
@ -682,8 +685,11 @@ msgstr "TCP转发服务器数量"
msgid "UDP Redir Server Number"
msgstr "UDP转发服务器数量"
msgid "You can only set up a maximum of 3 servers for the time being"
msgstr "目前最多只能设置3个服务器"
msgid "Socks5 Proxy Server Number"
msgstr "Socks5代理服务器数量"
msgid "You can only set up a maximum of %s servers for the time being"
msgstr "目前最多只能设置%s个服务器"
msgid "Hide Menu"
msgstr "隐藏菜单"

11
package/lienol/luci-app-passwall/root/etc/config/passwall
View File

@ -3,9 +3,9 @@ config global
option proxy_mode 'chnroute'
option dns_mode 'chinadns'
option up_chinadns_mode 'OpenDNS_1'
option socks5_proxy_server 'nil'
option udp_redir_server 'nil'
option tcp_redir_server 'nil'
option socks5_proxy_server1 'nil'
option udp_redir_server1 'nil'
option tcp_redir_server1 'nil'
option localhost_proxy_mode 'default'
config global_haproxy
@ -32,8 +32,8 @@ config global_forwarding
config global_proxy
option tcp_redir_port '1041'
option udp_redir_port '1041'
option socks5_port '1051'
option udp_redir_port '1051'
option socks5_proxy_port '1061'
option kcptun_port '11183'
option proxy_ipv6 '0'
@ -41,6 +41,7 @@ config global_other
option auto_ping '1'
option tcp_redir_server_num '1'
option udp_redir_server_num '1'
option socks5_proxy_server_num '1'
config global_rules
option gfwlist_update '1'

0
package/lienol/luci-app-passwall/root/etc/init.d/passwall Executable file → Normal file
View File

0
package/lienol/luci-app-passwall/root/etc/uci-defaults/luci-app-passwall Executable file → Normal file
View File

488
package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh Executable file → Normal file
View File

@ -7,7 +7,10 @@
CONFIG=passwall
CONFIG_PATH=/var/etc/$CONFIG
RUN_PID_PATH=$CONFIG_PATH/pid
RUN_PORT_PATH=$CONFIG_PATH/port
HAPROXY_FILE=$CONFIG_PATH/haproxy.cfg
REDSOCKS_CONFIG_TCP_FILE=$CONFIG_PATH/redsocks_TCP.conf
REDSOCKS_CONFIG_UDP_FILE=$CONFIG_PATH/redsocks_UDP.conf
CONFIG_TCP_FILE=$CONFIG_PATH/TCP.json
CONFIG_UDP_FILE=$CONFIG_PATH/UDP.json
CONFIG_SOCKS5_FILE=$CONFIG_PATH/SOCKS5.json
@ -114,42 +117,35 @@ get_not_exists_port_after() {
fi
}
SOCKS5_PROXY_SERVER=$(config_t_get global socks5_proxy_server nil)
TCP_REDIR_SERVER=$(config_t_get global tcp_redir_server nil)
UDP_REDIR_SERVER=$(config_t_get global udp_redir_server nil)
[ "$UDP_REDIR_SERVER" == "default" ] && UDP_REDIR_SERVER=$TCP_REDIR_SERVER
TCP_REDIR_SERVER2=
TCP_REDIR_SERVER3=
UDP_REDIR_SERVER2=
UDP_REDIR_SERVER3=
TCP_REDIR_SERVER_NUM=$(config_t_get global_other tcp_redir_server_num 1)
for i in $(seq 1 $TCP_REDIR_SERVER_NUM); do
eval TCP_REDIR_SERVER$i=$(config_t_get global tcp_redir_server$i nil)
done
UDP_REDIR_SERVER_NUM=$(config_t_get global_other udp_redir_server_num 1)
for i in $(seq 1 $UDP_REDIR_SERVER_NUM); do
eval UDP_REDIR_SERVER$i=$(config_t_get global udp_redir_server$i nil)
done
if [ "$TCP_REDIR_SERVER_NUM" -ge 2 ]; then
for i in $(seq 2 $TCP_REDIR_SERVER_NUM); do
eval TCP_REDIR_SERVER$i=$(config_t_get global tcp_redir_server$i nil)
done
fi
SOCKS5_PROXY_SERVER_NUM=$(config_t_get global_other socks5_proxy_server_num 1)
for i in $(seq 1 $SOCKS5_PROXY_SERVER_NUM); do
eval SOCKS5_PROXY_SERVER$i=$(config_t_get global socks5_proxy_server$i nil)
done
if [ "$UDP_REDIR_SERVER_NUM" -ge 2 ]; then
for i in $(seq 2 $UDP_REDIR_SERVER_NUM); do
eval UDP_REDIR_SERVER$i=$(config_t_get global udp_redir_server$i nil)
done
fi
[ "$UDP_REDIR_SERVER1" == "default" ] && UDP_REDIR_SERVER1=$TCP_REDIR_SERVER1
TCP_REDIR_SERVER_IP=""
UDP_REDIR_SERVER_IP=""
SOCKS5_PROXY_SERVER_IP=""
TCP_REDIR_SERVER_IPV6=""
UDP_REDIR_SERVER_IPV6=""
SOCKS5_PROXY_SERVER_IPV6=""
TCP_REDIR_SERVER_PORT=""
UDP_REDIR_SERVER_PORT=""
SOCKS5_PROXY_SERVER_PORT=""
TCP_REDIR_SERVER_TYPE=""
UDP_REDIR_SERVER_TYPE=""
SOCKS5_PROXY_SERVER_TYPE=""
TCP_REDIR_SERVER1_IP=""
UDP_REDIR_SERVER1_IP=""
SOCKS5_PROXY_SERVER1_IP=""
TCP_REDIR_SERVER1_IPV6=""
UDP_REDIR_SERVER1_IPV6=""
SOCKS5_PROXY_SERVER1_IPV6=""
TCP_REDIR_SERVER1_PORT=""
UDP_REDIR_SERVER1_PORT=""
SOCKS5_PROXY_SERVER1_PORT=""
TCP_REDIR_SERVER1_TYPE=""
UDP_REDIR_SERVER1_TYPE=""
SOCKS5_PROXY_SERVER1_TYPE=""
BROOK_SOCKS5_CMD=""
BROOK_TCP_CMD=""
@ -161,7 +157,7 @@ KCPTUN_REDIR_PORT=$(config_t_get global_proxy kcptun_port 11183)
PROXY_MODE=$(config_t_get global proxy_mode gfwlist)
load_config() {
[ "$TCP_REDIR_SERVER" == "nil" -a "$UDP_REDIR_SERVER" == "nil" -a "$SOCKS5_PROXY_SERVER" == "nil" ] && {
[ "$TCP_REDIR_SERVER1" == "nil" -a "$UDP_REDIR_SERVER1" == "nil" -a "$SOCKS5_PROXY_SERVER1" == "nil" ] && {
echolog "没有选择服务器!"
return 1
}
@ -179,32 +175,18 @@ load_config() {
DNS_FORWARD_PORT=$(echo "$DNS_FORWARD" | awk -F':' '{print $2}')
DNS1=$(config_t_get global_dns dns_1)
DNS2=$(config_t_get global_dns dns_2)
TCP_REDIR_PORT=$(config_t_get global_proxy tcp_redir_port 1041)
UDP_REDIR_PORT=$(config_t_get global_proxy udp_redir_port 1042)
TCP_REDIR_PORT2=
UDP_REDIR_PORT2=
TCP_REDIR_PORT3=
UDP_REDIR_PORT3=
SOCKS5_PROXY_PORT=$(config_t_get global_proxy socks5_proxy_port 1043)
TCP_REDIR_PORT1=$(config_t_get global_proxy tcp_redir_port 1041)
TCP_REDIR_PORT2=$(expr $TCP_REDIR_PORT1 + 1)
TCP_REDIR_PORT3=$(expr $TCP_REDIR_PORT2 + 1)
UDP_REDIR_PORT1=$(config_t_get global_proxy udp_redir_port 1051)
UDP_REDIR_PORT2=$(expr $UDP_REDIR_PORT1 + 1)
UDP_REDIR_PORT3=$(expr $UDP_REDIR_PORT2 + 1)
SOCKS5_PROXY_PORT1=$(config_t_get global_proxy socks5_proxy_port 1061)
SOCKS5_PROXY_PORT2=$(expr $SOCKS5_PROXY_PORT1 + 1)
SOCKS5_PROXY_PORT3=$(expr $SOCKS5_PROXY_PORT2 + 1)
PROXY_IPV6=$(config_t_get global_proxy proxy_ipv6 0)
mkdir -p /var/etc $CONFIG_PATH $RUN_PID_PATH
mkdir -p /var/etc $CONFIG_PATH $RUN_PID_PATH $RUN_PORT_PATH
config_load $CONFIG
[ "$TCP_REDIR_SERVER" != "nil" ] && {
TCP_REDIR_SERVER_TYPE=$(echo $(config_get $TCP_REDIR_SERVER server_type) | tr 'A-Z' 'a-z')
gen_config_file $TCP_REDIR_SERVER $TCP_REDIR_PORT TCP $CONFIG_TCP_FILE
echo "$TCP_REDIR_SERVER" >$CONFIG_PATH/tcp_server_id
}
[ "$UDP_REDIR_SERVER" != "nil" ] && {
UDP_REDIR_SERVER_TYPE=$(echo $(config_get $UDP_REDIR_SERVER server_type) | tr 'A-Z' 'a-z')
gen_config_file $UDP_REDIR_SERVER $UDP_REDIR_PORT UDP $CONFIG_UDP_FILE
echo "$UDP_REDIR_SERVER" >$CONFIG_PATH/udp_server_id
}
[ "$SOCKS5_PROXY_SERVER" != "nil" ] && {
SOCKS5_PROXY_SERVER_TYPE=$(echo $(config_get $SOCKS5_PROXY_SERVER server_type) | tr 'A-Z' 'a-z')
gen_config_file $SOCKS5_PROXY_SERVER $SOCKS5_PROXY_PORT Socks5 $CONFIG_SOCKS5_FILE
echo "$SOCKS5_PROXY_SERVER" >$CONFIG_PATH/socks5_server_id
}
return 0
}
@ -265,11 +247,11 @@ gen_config_file() {
if [ "$redir_type" == "Socks5" ]; then
if [ "$network_type" == "ipv6" ]; then
SOCKS5_PROXY_SERVER_IPV6=$server_ip
SOCKS5_PROXY_SERVER1_IPV6=$server_ip
else
SOCKS5_PROXY_SERVER_IP=$server_ip
SOCKS5_PROXY_SERVER1_IP=$server_ip
fi
SOCKS5_PROXY_SERVER_PORT=$server_port
SOCKS5_PROXY_SERVER1_PORT=$server_port
if [ "$server_type" == "ss" -o "$server_type" == "ssr" ]; then
gen_ss_ssr_config_file $server_type $local_port 0 $server $config_file_path
elif [ "$server_type" == "v2ray" ]; then
@ -277,35 +259,41 @@ gen_config_file() {
elif [ "$server_type" == "brook" ]; then
BROOK_SOCKS5_CMD="client -l 0.0.0.0:$local_port -i 0.0.0.0 -s $server_ip:$server_port -p $(config_get $server password)"
elif [ "$server_type" == "trojan" ]; then
lua /usr/lib/lua/luci/model/cbi/passwall/api/gen_trojan_client_config_file.lua $server nil nil $local_port >$config_file_path
lua /usr/lib/lua/luci/model/cbi/passwall/api/gen_trojan_client_config_file.lua $server client $local_port >$config_file_path
fi
fi
if [ "$redir_type" == "UDP" ]; then
if [ "$network_type" == "ipv6" ]; then
UDP_REDIR_SERVER_IPV6=$server_ip
UDP_REDIR_SERVER1_IPV6=$server_ip
else
UDP_REDIR_SERVER_IP=$server_ip
UDP_REDIR_SERVER1_IP=$server_ip
fi
UDP_REDIR_SERVER_PORT=$server_port
UDP_REDIR_SERVER1_PORT=$server_port
if [ "$server_type" == "ss" -o "$server_type" == "ssr" ]; then
gen_ss_ssr_config_file $server_type $local_port 0 $server $config_file_path
elif [ "$server_type" == "v2ray" ]; then
lua /usr/lib/lua/luci/model/cbi/passwall/api/gen_v2ray_client_config_file.lua $server udp $local_port nil >$config_file_path
elif [ "$server_type" == "brook" ]; then
BROOK_UDP_CMD="tproxy -l 0.0.0.0:$local_port -s $server_ip:$server_port -p $(config_get $server password)"
elif [ "$server_type" == "trojan" ]; then
local_port=$(get_not_exists_port_after $SOCKS5_PROXY_PORT1 tcp)
socks5_port=$local_port
lua /usr/lib/lua/luci/model/cbi/passwall/api/gen_trojan_client_config_file.lua $server client $socks5_port >$config_file_path
fi
fi
if [ "$redir_type" == "TCP" ]; then
if [ "$network_type" == "ipv6" ]; then
TCP_REDIR_SERVER_IPV6=$server_ip
TCP_REDIR_SERVER1_IPV6=$server_ip
else
TCP_REDIR_SERVER_IP=$server_ip
TCP_REDIR_SERVER1_IP=$server_ip
fi
TCP_REDIR_SERVER_PORT=$server_port
TCP_REDIR_SERVER1_PORT=$server_port
if [ "$server_type" == "v2ray" ]; then
lua /usr/lib/lua/luci/model/cbi/passwall/api/gen_v2ray_client_config_file.lua $server tcp $local_port nil >$config_file_path
elif [ "$server_type" == "trojan" ]; then
lua /usr/lib/lua/luci/model/cbi/passwall/api/gen_trojan_client_config_file.lua $server nat $local_port >$config_file_path
else
local kcptun_use kcptun_server_host kcptun_port kcptun_config
kcptun_use=$(config_get $server use_kcp)
@ -343,7 +331,7 @@ gen_config_file() {
[ "$kcptun_use_ipv6" == "1" ] && network_type="ipv6"
kcptun_server_ip=$(get_host_ip $network_type $kcptun_server_host)
echolog "KCP服务器IP地址:$kcptun_server_ip"
TCP_REDIR_SERVER_IP=$kcptun_server_ip
TCP_REDIR_SERVER1_IP=$kcptun_server_ip
start_kcptun "$kcptun_path" $kcptun_server_ip $kcptun_port "$kcptun_config"
fi
echolog "运行Kcptun..."
@ -374,157 +362,140 @@ start_kcptun() {
fi
}
start_tcp_redir_other() {
if [ "$TCP_REDIR_SERVER_NUM" -ge 2 ]; then
for i in $(seq 2 $TCP_REDIR_SERVER_NUM); do
eval temp_server=\$TCP_REDIR_SERVER$i
[ "$temp_server" != "nil" ] && {
TYPE=$(echo $(config_get $temp_server server_type) | tr 'A-Z' 'a-z')
local config_file=$CONFIG_PATH/TCP$i.json
local port_temp=$(expr $TCP_REDIR_PORT + 1)
local port=$(echo $(get_not_exists_port_after $port_temp tcp))
eval TCP_REDIR_PORT$i=$port
gen_config_file $temp_server $port TCP $config_file
if [ "$TYPE" == "v2ray" ]; then
v2ray_path=$(config_t_get global_v2ray v2ray_client_file)
if [ -f "${v2ray_path}/v2ray" ]; then
${v2ray_path}/v2ray -config=$config_file >/dev/null &
else
v2ray_bin=$(find_bin V2ray)
[ -n "$v2ray_bin" ] && $v2ray_bin -config=$config_file >/dev/null &
fi
elif [ "$TYPE" == "brook" ]; then
brook_bin=$(find_bin Brook)
[ -n "$brook_bin" ] && $brook_bin $BROOK_TCP_CMD &>/dev/null &
elif [ "$TYPE" == "trojan" ]; then
#trojan_bin=$(find_bin trojan)
#[ -n "$trojan_bin" ] && $trojan_bin -c $config_file >/dev/null &
echolog "目前暂不支持Trojan透明代理请使用Socks5代理"
else
ss_bin=$(find_bin "$TYPE"-redir)
[ -n "$ss_bin" ] && {
for k in $(seq 1 $process); do
$ss_bin -c $config_file -f $RUN_PID_PATH/tcp_${TYPE}_$k_$i >/dev/null 2>&1 &
done
}
fi
}
done
fi
}
start_udp_redir_other() {
if [ "$UDP_REDIR_SERVER_NUM" -ge 2 ]; then
for i in $(seq 2 $UDP_REDIR_SERVER_NUM); do
eval temp_server=\$UDP_REDIR_SERVER$i
[ "$temp_server" != "nil" ] && {
TYPE=$(echo $(config_get $temp_server server_type) | tr 'A-Z' 'a-z')
local config_file=$CONFIG_PATH/UDP$i.json
local port_temp=$(expr $TCP_REDIR_PORT + 1)
local port=$(echo $(get_not_exists_port_after $port_temp udp))
eval UDP_REDIR_PORT$i=$port
gen_config_file $temp_server $port UDP $config_file
if [ "$TYPE" == "v2ray" ]; then
v2ray_path=$(config_t_get global_v2ray v2ray_client_file)
if [ -f "${v2ray_path}/v2ray" ]; then
${v2ray_path}/v2ray -config=$config_file >/dev/null &
else
v2ray_bin=$(find_bin V2ray)
[ -n "$v2ray_bin" ] && $v2ray_bin -config=$config_file >/dev/null &
fi
elif [ "$TYPE" == "brook" ]; then
brook_bin=$(find_bin brook)
[ -n "$brook_bin" ] && $brook_bin $BROOK_UDP_CMD &>/dev/null &
elif [ "$TYPE" == "trojan" ]; then
#trojan_bin=$(find_bin trojan)
#[ -n "$trojan_bin" ] && $trojan_bin -c $config_file >/dev/null &
echolog "目前暂不支持Trojan透明代理请使用Socks5代理"
else
ss_bin=$(find_bin "$TYPE"-redir)
[ -n "$ss_bin" ] && {
$ss_bin -c $config_file -f $RUN_PID_PATH/udp_${TYPE}_1_$i -U >/dev/null 2>&1 &
}
fi
}
done
fi
}
start_tcp_redir() {
if [ "$TCP_REDIR_SERVER" != "nil" ]; then
if [ "$TCP_REDIR_SERVER_TYPE" == "v2ray" ]; then
v2ray_path=$(config_t_get global_v2ray v2ray_client_file)
if [ -f "${v2ray_path}/v2ray" ]; then
${v2ray_path}/v2ray -config=$CONFIG_TCP_FILE >/dev/null &
else
v2ray_bin=$(find_bin V2ray)
[ -n "$v2ray_bin" ] && $v2ray_bin -config=$CONFIG_TCP_FILE >/dev/null &
for i in $(seq 1 $TCP_REDIR_SERVER_NUM); do
eval temp_server=\$TCP_REDIR_SERVER$i
[ "$temp_server" != "nil" ] && {
TYPE=$(echo $(config_get $temp_server server_type) | tr 'A-Z' 'a-z')
local config_file=$CONFIG_PATH/TCP_$i.json
#local redsocks_config_file=$CONFIG_PATH/redsocks_TCP_$i.conf
eval current_port=\$TCP_REDIR_PORT$i
local port=$(echo $(get_not_exists_port_after $current_port tcp))
eval TCP_REDIR_PORT$i=$port
gen_config_file $temp_server $port TCP $config_file
if [ "$TYPE" == "v2ray" ]; then
v2ray_path=$(config_t_get global_v2ray v2ray_client_file)
if [ -f "${v2ray_path}/v2ray" ]; then
${v2ray_path}/v2ray -config=$config_file >/dev/null &
else
v2ray_bin=$(find_bin V2ray)
[ -n "$v2ray_bin" ] && $v2ray_bin -config=$config_file >/dev/null &
fi
elif [ "$TYPE" == "brook" ]; then
brook_bin=$(find_bin Brook)
[ -n "$brook_bin" ] && $brook_bin $BROOK_TCP_CMD &>/dev/null &
elif [ "$TYPE" == "trojan" ]; then
trojan_bin=$(find_bin trojan)
[ -n "$trojan_bin" ] && $trojan_bin -c $config_file >/dev/null 2>&1 &
elif [ "$TYPE" == "socks5" ]; then
redsocks_bin=$(find_bin redsocks2)
[ -n "$redsocks_bin" ] && {
local server=$(config_get $temp_server server)
local server_port=$(config_get $temp_server server_port)
local server_username=$(config_get $temp_server username)
local server_password=$(config_get $temp_server password)
local redsocks_config_file=$CONFIG_PATH/TCP_$i.conf
gen_redsocks_config $redsocks_config_file tcp $port $server $server_port $server_username $server_password
$redsocks_bin -c $redsocks_config_file >/dev/null &
}
elif [ "$TYPE" == "ss" -o "$TYPE" == "ssr" ]; then
ss_bin=$(find_bin "$TYPE"-redir)
[ -n "$ss_bin" ] && {
for k in $(seq 1 $process); do
$ss_bin -c $config_file -f $RUN_PID_PATH/tcp_${TYPE}_$k_$i >/dev/null 2>&1 &
done
}
fi
elif [ "$TCP_REDIR_SERVER_TYPE" == "brook" ]; then
brook_bin=$(find_bin Brook)
[ -n "$brook_bin" ] && $brook_bin $BROOK_TCP_CMD &>/dev/null &
elif [ "$TCP_REDIR_SERVER_TYPE" == "trojan" ]; then
#trojan_bin=$(find_bin trojan)
#[ -n "$trojan_bin" ] && $trojan_bin -c $CONFIG_TCP_FILE >/dev/null &
echolog "目前暂不支持Trojan透明代理请使用Socks5代理"
else
ss_bin=$(find_bin "$TCP_REDIR_SERVER_TYPE"-redir)
[ -n "$ss_bin" ] && {
for i in $(seq 1 $process); do
$ss_bin -c $CONFIG_TCP_FILE -f $RUN_PID_PATH/tcp_${TCP_REDIR_SERVER_TYPE}_$i >/dev/null 2>&1 &
done
}
fi
fi
echo $port > $CONFIG_PATH/port/TCP_${i}
}
done
}
start_udp_redir() {
if [ "$UDP_REDIR_SERVER" != "nil" ]; then
if [ "$UDP_REDIR_SERVER_TYPE" == "v2ray" ]; then
v2ray_path=$(config_t_get global_v2ray v2ray_client_file)
if [ -f "${v2ray_path}/v2ray" ]; then
${v2ray_path}/v2ray -config=$CONFIG_UDP_FILE >/dev/null &
else
v2ray_bin=$(find_bin V2ray)
[ -n "$v2ray_bin" ] && $v2ray_bin -config=$CONFIG_UDP_FILE >/dev/null &
for i in $(seq 1 $UDP_REDIR_SERVER_NUM); do
eval temp_server=\$UDP_REDIR_SERVER$i
[ "$temp_server" != "nil" ] && {
TYPE=$(echo $(config_get $temp_server server_type) | tr 'A-Z' 'a-z')
local config_file=$CONFIG_PATH/UDP_$i.json
eval current_port=\$UDP_REDIR_PORT$i
local port=$(echo $(get_not_exists_port_after $current_port udp))
eval UDP_REDIR_PORT$i=$port
gen_config_file $temp_server $port UDP $config_file
if [ "$TYPE" == "v2ray" ]; then
v2ray_path=$(config_t_get global_v2ray v2ray_client_file)
if [ -f "${v2ray_path}/v2ray" ]; then
${v2ray_path}/v2ray -config=$config_file >/dev/null &
else
v2ray_bin=$(find_bin V2ray)
[ -n "$v2ray_bin" ] && $v2ray_bin -config=$config_file >/dev/null &
fi
elif [ "$TYPE" == "brook" ]; then
brook_bin=$(find_bin brook)
[ -n "$brook_bin" ] && $brook_bin $BROOK_UDP_CMD >/dev/null &
elif [ "$TYPE" == "trojan" ]; then
trojan_bin=$(find_bin trojan)
[ -n "$trojan_bin" ] && $trojan_bin -c $config_file >/dev/null 2>&1 &
redsocks_bin=$(find_bin redsocks2)
[ -n "$redsocks_bin" ] && {
local redsocks_config_file=$CONFIG_PATH/redsocks_UDP_$i.conf
gen_redsocks_config $redsocks_config_file udp $port "127.0.0.1" $socks5_port
$redsocks_bin -c $redsocks_config_file >/dev/null &
}
elif [ "$TYPE" == "socks5" ]; then
redsocks_bin=$(find_bin redsocks2)
[ -n "$redsocks_bin" ] && {
local server=$(config_get $temp_server server)
local server_port=$(config_get $temp_server server_port)
local server_username=$(config_get $temp_server username)
local server_password=$(config_get $temp_server password)
local redsocks_config_file=$CONFIG_PATH/UDP_$i.conf
gen_redsocks_config $redsocks_config_file udp $port $server $server_port $server_username $server_password
$redsocks_bin -c $redsocks_config_file >/dev/null &
}
elif [ "$TYPE" == "ss" -o "$TYPE" == "ssr" ]; then
ss_bin=$(find_bin "$TYPE"-redir)
[ -n "$ss_bin" ] && {
$ss_bin -c $config_file -f $RUN_PID_PATH/udp_${TYPE}_1_$i -U >/dev/null 2>&1 &
}
fi
elif [ "$UDP_REDIR_SERVER_TYPE" == "brook" ]; then
brook_bin=$(find_bin brook)
[ -n "$brook_bin" ] && $brook_bin $BROOK_UDP_CMD &>/dev/null &
elif [ "$UDP_REDIR_SERVER_TYPE" == "trojan" ]; then
#trojan_bin=$(find_bin trojan)
#[ -n "$trojan_bin" ] && $trojan_bin -c $CONFIG_UDP_FILE >/dev/null &
echolog "目前暂不支持Trojan透明代理请使用Socks5代理"
else
ss_bin=$(find_bin "$UDP_REDIR_SERVER_TYPE"-redir)
[ -n "$ss_bin" ] && {
$ss_bin -c $CONFIG_UDP_FILE -f $RUN_PID_PATH/udp_${UDP_REDIR_SERVER_TYPE}_1 -U >/dev/null 2>&1 &
}
fi
fi
echo $port > $CONFIG_PATH/port/UDP_${i}
}
done
}
start_socks5_proxy() {
if [ "$SOCKS5_PROXY_SERVER" != "nil" ]; then
if [ "$SOCKS5_PROXY_SERVER_TYPE" == "v2ray" ]; then
v2ray_path=$(config_t_get global_v2ray v2ray_client_file)
if [ -f "${v2ray_path}/v2ray" ]; then
${v2ray_path}/v2ray -config=$CONFIG_SOCKS5_FILE >/dev/null &
else
v2ray_bin=$(find_bin V2ray)
[ -n "$v2ray_bin" ] && $v2ray_bin -config=$CONFIG_SOCKS5_FILE >/dev/null &
for i in $(seq 1 $SOCKS5_PROXY_SERVER_NUM); do
eval temp_server=\$SOCKS5_PROXY_SERVER$i
if [ "$temp_server" != "nil" ]; then
TYPE=$(echo $(config_get $temp_server server_type) | tr 'A-Z' 'a-z')
local config_file=$CONFIG_PATH/Socks5_$i.json
eval current_port=\$SOCKS5_PROXY_PORT$i
local port=$(get_not_exists_port_after $current_port tcp)
eval SOCKS5_PROXY_PORT$i=$port
gen_config_file $temp_server $port Socks5 $config_file
if [ "$TYPE" == "v2ray" ]; then
v2ray_path=$(config_t_get global_v2ray v2ray_client_file)
if [ -f "${v2ray_path}/v2ray" ]; then
${v2ray_path}/v2ray -config=$config_file >/dev/null &
else
v2ray_bin=$(find_bin V2ray)
[ -n "$v2ray_bin" ] && $v2ray_bin -config=$config_file >/dev/null &
fi
elif [ "$TYPE" == "brook" ]; then
brook_bin=$(find_bin brook)
[ -n "$brook_bin" ] && $brook_bin $BROOK_SOCKS5_CMD >/dev/null &
elif [ "$TYPE" == "trojan" ]; then
trojan_bin=$(find_bin trojan)
[ -n "$trojan_bin" ] && $trojan_bin -c $config_file >/dev/null 2>&1 &
elif [ "$TYPE" == "socks5" ]; then
echolog "Socks5服务器不能使用Socks5代理服务器"
elif [ "$TYPE" == "ss" -o "$TYPE" == "ssr" ]; then
ss_bin=$(find_bin "$TYPE"-local)
[ -n "$ss_bin" ] && $ss_bin -c $config_file -b 0.0.0.0 >/dev/null 2>&1 &
fi
elif [ "$SOCKS5_PROXY_SERVER_TYPE" == "brook" ]; then
brook_bin=$(find_bin brook)
[ -n "$brook_bin" ] && $brook_bin $BROOK_SOCKS5_CMD &>/dev/null &
elif [ "$SOCKS5_PROXY_SERVER_TYPE" == "trojan" ]; then
trojan_bin=$(find_bin trojan)
[ -n "$trojan_bin" ] && $trojan_bin -c $CONFIG_SOCKS5_FILE >/dev/null &
else
ss_bin=$(find_bin "$SOCKS5_PROXY_SERVER_TYPE"-local)
[ -n "$ss_bin" ] && $ss_bin -c $CONFIG_SOCKS5_FILE -b 0.0.0.0 >/dev/null 2>&1 &
echo $port > $CONFIG_PATH/port/Socks5_${i}
fi
fi
done
}
clean_log() {
@ -615,13 +586,15 @@ stop_crontab() {
start_dns() {
case "$DNS_MODE" in
dns2socks)
dns2socks_bin=$(find_bin dns2socks)
sslocal_bin=$(find_bin "$TCP_REDIR_SERVER_TYPE"-local)
[ -n "$dns2socks_bin" -a -n "$sslocal_bin" ] && {
nohup $sslocal_bin -c $CONFIG_TCP_FILE -l 3080 -f $RUN_PID_PATH/$TCP_REDIR_SERVER_TYPE-local.pid >/dev/null 2>&1 &
nohup $dns2socks_bin 127.0.0.1:3080 $DNS_FORWARD 127.0.0.1:7913 >/dev/null 2>&1 &
echolog "运行DNS转发模式dns2socks+$TCP_REDIR_SERVER_TYPE-local..."
}
if [ -n "$SOCKS5_PROXY_SERVER1" -a "$SOCKS5_PROXY_SERVER1" != "nil" ]; then
dns2socks_bin=$(find_bin dns2socks)
[ -n "$dns2socks_bin" ] && {
nohup $dns2socks_bin 127.0.0.1:$SOCKS5_PROXY_PORT1 $DNS_FORWARD 127.0.0.1:7913 >/dev/null 2>&1 &
echolog "运行DNS转发模式dns2socks..."
}
else
echolog "dns2socks模式需要使用Socks5代理服务器请开启"
fi
;;
Pcap_DNSProxy)
Pcap_DNSProxy_bin=$(find_bin Pcap_DNSProxy)
@ -856,6 +829,71 @@ EOF
fi
}
gen_redsocks_config() {
protocol=$2
local_port=$3
proxy_server=$4
proxy_port=$5
proxy_username=$6
[ -n "$proxy_username" ] && proxy_username="login = $proxy_username;"
proxy_password=$7
[ -n "$proxy_password" ] && proxy_password="password = $proxy_password;"
[ -n "$1" ] && {
cat >$1 <<-EOF
base {
log_debug = off;
log_info = off;
log = "file:/dev/null";
daemon = on;
redirector = iptables;
}
EOF
if [ "$protocol" == "tcp" ]; then
cat >>$1 <<-EOF
redsocks {
local_ip = 0.0.0.0;
local_port = $local_port;
type = socks5;
autoproxy = 0;
ip = $proxy_server;
port = $proxy_port;
$proxy_username
$proxy_password
}
autoproxy {
no_quick_check_seconds = 300;
quick_connect_timeout = 2;
}
ipcache {
cache_size = 4;
stale_time = 7200;
autosave_interval = 3600;
port_check = 0;
}
EOF
elif [ "$protocol" == "udp" ]; then
cat >>$1 <<-EOF
redudp {
local_ip = 0.0.0.0;
local_port = $local_port;
type = socks5;
ip = $proxy_server;
port = $proxy_port;
$proxy_username
$proxy_password
udp_timeout = 60;
udp_timeout_stream = 360;
}
EOF
fi
}
}
gen_pdnsd_config() {
CACHEDIR=/var/pdnsd
CACHE=$CACHEDIR/pdnsd.cache
@ -902,7 +940,7 @@ gen_pdnsd_config() {
}
stop_dnsmasq() {
if [ "$TCP_REDIR_SERVER" == "nil" ]; then
if [ "$TCP_REDIR_SERVER1" == "nil" ]; then
rm -rf /var/dnsmasq.d/dnsmasq-$CONFIG.conf
rm -rf $DNSMASQ_PATH/dnsmasq-$CONFIG.conf
rm -rf $TMP_DNSMASQ_PATH
@ -917,7 +955,7 @@ start_haproxy() {
haproxy_bin=$(find_bin haproxy)
[ -n "$haproxy_bin" ] && {
bport=$(config_t_get global_haproxy haproxy_port)
cat <<-EOF > $HAPROXY_FILE
cat <<-EOF >$HAPROXY_FILE
global
log 127.0.0.1 local2
chroot /usr/bin
@ -973,7 +1011,7 @@ start_haproxy() {
# fi
# echolog "负载均衡${i} IP为$bips"
#fi
echo " server server_$i $bips:$bports weight $bweight check inter 1500 rise 1 fall 3 $bbackup" >> $HAPROXY_FILE
echo " server server_$i $bips:$bports weight $bweight check inter 1500 rise 1 fall 3 $bbackup" >>$HAPROXY_FILE
if [ "$exports" != "0" ]; then
failcount=0
while [ "$failcount" -lt "10" ]; do
@ -998,7 +1036,7 @@ start_haproxy() {
adminport=$(config_t_get global_haproxy admin_port)
adminuser=$(config_t_get global_haproxy admin_user)
adminpassword=$(config_t_get global_haproxy admin_password)
cat <<-EOF >> $HAPROXY_FILE
cat <<-EOF >>$HAPROXY_FILE
listen status
bind 0.0.0.0:$adminport
@ -1028,11 +1066,11 @@ add_vps_port() {
[ "$failcount" -ge 10 ] && exit 0
sleep 1m
else
route add -host ${TCP_REDIR_SERVER_IP} dev ${multiwan}
route add -host ${UDP_REDIR_SERVER_IP} dev ${multiwan}
route add -host ${TCP_REDIR_SERVER1_IP} dev ${multiwan}
route add -host ${UDP_REDIR_SERVER1_IP} dev ${multiwan}
echolog "添加SS出口路由表$multiwan"
echo "$TCP_REDIR_SERVER_IP" >$CONFIG_PATH/tcp_ip
echo "$UDP_REDIR_SERVER_IP" >$CONFIG_PATH/udp_ip
echo "$TCP_REDIR_SERVER1_IP" >$CONFIG_PATH/tcp_ip
echo "$UDP_REDIR_SERVER1_IP" >$CONFIG_PATH/udp_ip
break
fi
done
@ -1053,7 +1091,7 @@ kill_all() {
boot() {
local delay=$(config_t_get global_delay start_delay 0)
if [ "$delay" -gt 0 ]; then
[ "$TCP_REDIR_SERVER" != "nil" -o "$UDP_REDIR_SERVER" != "nil" ] && {
[ "$TCP_REDIR_SERVER1" != "nil" -o "$UDP_REDIR_SERVER1" != "nil" ] && {
echolog "执行启动延时 $delay 秒后再启动!"
sleep $delay && start >/dev/null 2>&1 &
}
@ -1071,11 +1109,9 @@ start() {
#防止并发开启服务
[ -f "$LOCK_FILE" ] && return 3
touch "$LOCK_FILE"
start_socks5_proxy
start_tcp_redir
start_udp_redir
start_socks5_proxy
start_tcp_redir_other
start_udp_redir_other
start_dns
add_dnsmasq
source $APP_PATH/iptables.sh start

63
package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh Executable file → Normal file
View File

@ -121,6 +121,8 @@ load_acl() {
[ -z "$proxy_mode" -o "$proxy_mode" = "default" ] && proxy_mode=$PROXY_MODE
[ -z "$tcp_redir_ports" -o "$tcp_redir_ports" = "default" ] && tcp_redir_ports=$TCP_REDIR_PORTS
[ -z "$udp_redir_ports" -o "$udp_redir_ports" = "default" ] && udp_redir_ports=$UDP_REDIR_PORTS
eval TCP_REDIR_SERVER=\$TCP_REDIR_SERVER$tcp_redir_server
eval UDP_REDIR_SERVER=\$UDP_REDIR_SERVER$tcp_redir_server
local ip_mark=$(get_ip_mark $ipaddr)
[ "$enabled" == "1" -a -n "$proxy_mode" ] && {
if [ -n "$ipaddr" ] || [ -n "$macaddr" ]; then
@ -130,12 +132,15 @@ load_acl() {
[ -n "$ipaddr" ] && echolog "访问控制IP$ipaddr,代理模式:$(get_action_chain_name $proxy_mode)"
[ -n "$macaddr" ] && echolog "访问控制MAC$macaddr,代理模式:$(get_action_chain_name $proxy_mode)"
fi
[ "$tcp_redir_server" != "nil" ] && {
[ "$TCP_REDIR_SERVER" != "nil" ] && {
#local TCP_REDIR_SERVER_TYPE=$(echo $(config_get $TCP_REDIR_SERVER server_type) | tr 'A-Z' 'a-z')
$iptables_mangle -A SS_ACL $(factor $ipaddr "-s") -p tcp -m set --match-set $IPSET_BLACKLIST dst -m comment --comment "$aclremarks" -j TTL --ttl-set 14$tcp_redir_server
$iptables_mangle -A SS_ACL $(factor $ipaddr "-s") -p tcp $(factor $macaddr "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") -m comment --comment "$aclremarks" -$(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode)$tcp_redir_server
}
[ "$udp_redir_server" != "nil" ] && {
$iptables_mangle -A SS_ACL $(factor $ipaddr "-s") -p udp -m set --match-set $IPSET_BLACKLIST dst -m comment --comment "$aclremarks" -j TPROXY --on-port 104$udp_redir_server --tproxy-mark 0x1/0x1
[ "$UDP_REDIR_SERVER" != "nil" ] && {
#local UDP_REDIR_SERVER_TYPE=$(echo $(config_get $UDP_REDIR_SERVER server_type) | tr 'A-Z' 'a-z')
eval udp_redir_port=\$UDP_REDIR_PORT$udp_redir_server
$iptables_mangle -A SS_ACL $(factor $ipaddr "-s") -p udp -m set --match-set $IPSET_BLACKLIST dst -m comment --comment "$aclremarks" -j TPROXY --on-port $udp_redir_port --tproxy-mark 0x1/0x1
$iptables_mangle -A SS_ACL $(factor $ipaddr "-s") -p udp $(factor $macaddr "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") -m comment --comment "$aclremarks" -$(get_jump_mode $proxy_mode) $(get_action_chain $proxy_mode)$udp_redir_server
}
[ -z "$ipaddr" ] && {
@ -241,6 +246,19 @@ add_firewall_rule() {
fi
fi
if [ "$SOCKS5_PROXY_SERVER_NUM" -ge 1 ]; then
for i in $(seq 1 $SOCKS5_PROXY_SERVER_NUM); do
local k=$i
eval temp_server=\$SOCKS5_PROXY_SERVER$k
if [ "$temp_server" != "nil" ]; then
local server_host=$(config_get $temp_server server)
local SOCKS5_PROXY_SERVER_PORT=$(config_get $temp_server server_port)
local SOCKS5_PROXY_SERVER_IP=$(get_host_ip "ipv4" $server_host)
[ -n "$SOCKS5_PROXY_SERVER_IP" -a -n "$SOCKS5_PROXY_SERVER_PORT" ] && $iptables_mangle -A SS -p tcp -d $SOCKS5_PROXY_SERVER_IP -m multiport --dports $SOCKS5_PROXY_SERVER_PORT -j RETURN
fi
done
fi
if [ "$TCP_REDIR_SERVER_NUM" -ge 1 ]; then
for i in $(seq 1 $TCP_REDIR_SERVER_NUM); do
local k=$i
@ -248,22 +266,17 @@ add_firewall_rule() {
local ttl=14$k
eval temp_server=\$TCP_REDIR_SERVER$k
eval local_port=\$TCP_REDIR_PORT$k
[ "$k" == 1 ] && {
local_port=$TCP_REDIR_PORT
temp_server=$TCP_REDIR_SERVER
}
# 生成TCP转发规则
if [ "$temp_server" != "nil" ]; then
local server_host=$(config_get $temp_server server)
local TCP_REDIR_SERVER_PORT=$(config_get $temp_server server_port)
local TCP_REDIR_SERVER_IP=$(get_host_ip "ipv4" $server_host)
[ -n "$SOCKS5_PROXY_SERVER_IP" -a -n "$SOCKS5_PROXY_SERVER_PORT" ] && $iptables_mangle -A SS -p tcp -d $SOCKS5_PROXY_SERVER_IP -m multiport --dports $SOCKS5_PROXY_SERVER_PORT -j RETURN
local TCP_REDIR_SERVER_TYPE=$(echo $(config_get $temp_server server_type) | tr 'A-Z' 'a-z')
[ -n "$TCP_REDIR_SERVER_IP" -a -n "$TCP_REDIR_SERVER_PORT" ] && $iptables_mangle -A SS -p tcp -d $TCP_REDIR_SERVER_IP -m multiport --dports $TCP_REDIR_SERVER_PORT -j RETURN
if [ "$TCP_REDIR_SERVER_TYPE" == "brook" ]; then
$iptables_mangle -A PREROUTING -p tcp -m socket -j MARK --set-mark 1
$iptables_mangle -A PREROUTING -p tcp -j SS$k
$iptables_mangle -A SS_ACL -p tcp -m socket -j MARK --set-mark 1
$iptables_mangle -A SS$k -p tcp -m set --match-set $IPSET_BLACKLIST dst -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
# $iptables_mangle -A SS$k -p tcp -m set --match-set $IPSET_BLACKLIST dst -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
# 全局模式
$iptables_mangle -A SS_GLO$k -p tcp -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port
@ -282,10 +295,9 @@ add_firewall_rule() {
$iptables_mangle -A SS_GAME$k -p tcp -m set --match-set $IPSET_CHN dst -j RETURN
# 用于本机流量转发默认只走router
$iptables_mangle -A SS$k -s $lan_ip -p tcp -m set --match-set $IPSET_ROUTER dst -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
$iptables_mangle -A SS -s $lan_ip -p tcp -m set --match-set $IPSET_ROUTER dst -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
$iptables_mangle -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -m set --match-set $IPSET_ROUTER dst -j MARK --set-mark 1
else
#$iptables_mangle -I SS_ACL 1 -p tcp -m set --match-set $IPSET_BLACKLIST dst -j TTL --ttl-set $ttl
# 全局模式
$iptables_mangle -A SS_GLO$k -p tcp -j TTL --ttl-set $ttl
@ -341,13 +353,13 @@ add_firewall_rule() {
$iptables_nat -A OUTPUT -m set --match-set $IPSET_LANIPLIST dst -m comment --comment "PassWall" -j RETURN
$iptables_nat -A OUTPUT -m set --match-set $IPSET_VPSIPLIST dst -m comment --comment "PassWall" -j RETURN
$iptables_nat -A OUTPUT -m set --match-set $IPSET_WHITELIST dst -m comment --comment "PassWall" -j RETURN
$iptables_nat -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -m set --match-set $IPSET_ROUTER dst -m comment --comment "PassWall" -j REDIRECT --to-ports $TCP_REDIR_PORT
$iptables_nat -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -m set --match-set $IPSET_BLACKLIST dst -m comment --comment "PassWall" -j REDIRECT --to-ports $TCP_REDIR_PORT
$iptables_nat -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -m set --match-set $IPSET_ROUTER dst -m comment --comment "PassWall" -j REDIRECT --to-ports $TCP_REDIR_PORT1
$iptables_nat -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -m set --match-set $IPSET_BLACKLIST dst -m comment --comment "PassWall" -j REDIRECT --to-ports $TCP_REDIR_PORT1
[ "$LOCALHOST_PROXY_MODE" == "global" ] && $iptables_nat -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -m comment --comment "PassWall" -j REDIRECT --to-ports $TCP_REDIR_PORT
[ "$LOCALHOST_PROXY_MODE" == "gfwlist" ] && $iptables_nat -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -m set --match-set $IPSET_GFW dst -m comment --comment "PassWall" -j REDIRECT --to-ports $TCP_REDIR_PORT
[ "$LOCALHOST_PROXY_MODE" == "global" ] && $iptables_nat -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -m comment --comment "PassWall" -j REDIRECT --to-ports $TCP_REDIR_PORT1
[ "$LOCALHOST_PROXY_MODE" == "gfwlist" ] && $iptables_nat -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -m set --match-set $IPSET_GFW dst -m comment --comment "PassWall" -j REDIRECT --to-ports $TCP_REDIR_PORT1
[ "$LOCALHOST_PROXY_MODE" == "chnroute" ] && {
$iptables_nat -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -m set ! --match-set $IPSET_CHN dst -m comment --comment "PassWall" -j REDIRECT --to-ports $TCP_REDIR_PORT
$iptables_nat -A OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -m set ! --match-set $IPSET_CHN dst -m comment --comment "PassWall" -j REDIRECT --to-ports $TCP_REDIR_PORT1
}
}
# 重定所有流量到透明代理端口
@ -364,24 +376,16 @@ add_firewall_rule() {
for i in $(seq 1 $UDP_REDIR_SERVER_NUM); do
local k=$i
local local_port=104$k
local ttl=14$k
eval temp_server=\$UDP_REDIR_SERVER$k
eval local_port=\$UDP_REDIR_PORT$k
[ "$k" == 1 ] && {
local_port=$UDP_REDIR_PORT
temp_server=$UDP_REDIR_SERVER
}
# 生成UDP转发规则
if [ "$temp_server" != "nil" ]; then
local server_host=$(config_get $temp_server server)
local UDP_REDIR_SERVER_PORT=$(config_get $temp_server server_port)
local UDP_REDIR_SERVER_IP=$(get_host_ip "ipv4" $server_host)
local UDP_REDIR_SERVER_TYPE=$(echo $(config_get $temp_server server_type) | tr 'A-Z' 'a-z')
[ -n "$UDP_REDIR_SERVER_IP" -a -n "$UDP_REDIR_SERVER_PORT" ] && $iptables_mangle -A SS -p udp -d $UDP_REDIR_SERVER_IP -m multiport --dports $UDP_REDIR_SERVER_PORT -j RETURN
if [ "$UDP_REDIR_SERVER_TYPE" == "brook" ]; then
$iptables_mangle -A PREROUTING -p udp -m socket -j MARK --set-mark 1
$iptables_mangle -A PREROUTING -p udp -j SS
fi
#$iptables_mangle -I SS_ACL$k 1 -p udp -m set --match-set $IPSET_BLACKLIST dst -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
[ "$UDP_REDIR_SERVER_TYPE" == "brook" ] && $iptables_mangle -A SS_ACL -p udp -m socket -j MARK --set-mark 1
# 全局模式
$iptables_mangle -A SS_GLO$k -p udp -j TPROXY --on-port $local_port --tproxy-mark 0x1/0x1
@ -494,8 +498,7 @@ del_firewall_rule() {
$ip6tables_nat -F SS 2>/dev/null && $ip6tables_nat -X SS 2>/dev/null
$ip6tables_nat -F SS_ACL 2>/dev/null && $ip6tables_nat -X SS_ACL 2>/dev/null
local max_num=1
[ "$TCP_REDIR_SERVER_NUM" -ge "$UDP_REDIR_SERVER_NUM" ] && max_num=$TCP_REDIR_SERVER_NUM
local max_num=10
if [ "$max_num" -ge 1 ]; then
for i in $(seq 1 $max_num); do
local k=$i

104
package/lienol/luci-app-passwall/root/usr/share/passwall/monitor.sh Executable file → Normal file
View File

@ -3,53 +3,86 @@
CONFIG=passwall
CONFIG_PATH=/var/etc/$CONFIG
uci_get_by_name() {
config_n_get() {
local ret=$(uci get $CONFIG.$1.$2 2>/dev/null)
echo ${ret:=$3}
}
uci_get_by_type() {
local ret=$(uci get $CONFIG.@$1[0].$2 2>/dev/null)
config_t_get() {
local index=0
[ -n "$4" ] && index=$4
local ret=$(uci get $CONFIG.@$1[$index].$2 2>/dev/null)
echo ${ret:=$3}
}
TCP_REDIR_SERVER=$(uci_get_by_type global tcp_redir_server nil)
TCP_REDIR_PORT=$(uci_get_by_type global_proxy tcp_redir_port nil)
UDP_REDIR_SERVER=$(uci_get_by_type global udp_redir_server nil)
UDP_REDIR_PORT=$(uci_get_by_type global_proxy udp_redir_port nil)
[ "$UDP_REDIR_SERVER" == "default" ] && UDP_REDIR_SERVER=$TCP_REDIR_SERVER
SOCKS5_PROXY_SERVER=$(uci_get_by_type global socks5_proxy_server nil)
dns_mode=$(uci_get_by_type global dns_mode)
use_haproxy=$(uci_get_by_type global_haproxy balancing_enable 0)
use_kcp=$(uci_get_by_name $TCP_REDIR_SERVER use_kcp 0)
kcp_port=$(uci_get_by_type global_proxy kcptun_port 11183)
TCP_REDIR_SERVER_NUM=$(config_t_get global_other tcp_redir_server_num 1)
for i in $(seq 1 $TCP_REDIR_SERVER_NUM); do
eval TCP_REDIR_SERVER$i=$(config_t_get global tcp_redir_server$i nil)
done
UDP_REDIR_SERVER_NUM=$(config_t_get global_other udp_redir_server_num 1)
for i in $(seq 1 $UDP_REDIR_SERVER_NUM); do
eval UDP_REDIR_SERVER$i=$(config_t_get global udp_redir_server$i nil)
done
SOCKS5_PROXY_SERVER_NUM=$(config_t_get global_other socks5_proxy_server_num 1)
for i in $(seq 1 $SOCKS5_PROXY_SERVER_NUM); do
eval SOCKS5_PROXY_SERVER$i=$(config_t_get global socks5_proxy_server$i nil)
done
dns_mode=$(config_t_get global dns_mode)
use_haproxy=$(config_t_get global_haproxy balancing_enable 0)
#tcp
if [ $TCP_REDIR_SERVER != "nil" ]; then
icount=$(ps -w | grep -i -E "ss-redir|ssr-redir|v2ray|brook tproxy -l 0.0.0.0:$TCP_REDIR_PORT" | grep $CONFIG_PATH/TCP.json | grep -v grep | wc -l)
if [ $icount = 0 ]; then
/etc/init.d/passwall restart
exit 0
for i in $(seq 1 $TCP_REDIR_SERVER_NUM); do
eval temp_server=\$TCP_REDIR_SERVER$i
if [ "$temp_server" != "nil" ]; then
#kcptun
use_kcp=$(config_n_get $temp_server use_kcp 0)
if [ $use_kcp -gt 0 ]; then
kcp_port=$(config_t_get global_proxy kcptun_port 11183)
icount=$(ps -w | grep kcptun-client | grep $kcp_port | grep -v grep | wc -l)
if [ $icount = 0 ]; then
/etc/init.d/passwall restart
exit 0
fi
fi
[ -f "/var/etc/passwall/port/TCP_$i" ] && listen_port=$(echo -n `cat /var/etc/passwall/port/TCP_$i`)
icount=$(ps -w | grep -v grep | grep -i -E "${CONFIG}/TCP_${i}|brook tproxy -l 0.0.0.0:${listen_port}" | wc -l)
if [ $icount = 0 ]; then
/etc/init.d/passwall restart
exit 0
fi
fi
fi
done
#udp
if [ $UDP_REDIR_SERVER != "nil" ]; then
icount=$(ps -w | grep -i -E "ss-redir|ssr-redir|v2ray|brook tproxy -l 0.0.0.0:$UDP_REDIR_PORT" | grep $CONFIG_PATH/UDP.json | grep -v grep | wc -l)
if [ $icount = 0 ]; then
/etc/init.d/passwall restart
exit 0
for i in $(seq 1 $UDP_REDIR_SERVER_NUM); do
eval temp_server=\$UDP_REDIR_SERVER$i
if [ "$temp_server" != "nil" ]; then
[ "$temp_server" == "default" ] && temp_server=$TCP_REDIR_SERVER1
[ -f "/var/etc/passwall/port/UDP_$i" ] && listen_port=$(echo -n `cat /var/etc/passwall/port/UDP_$i`)
icount=$(ps -w | grep -v grep | grep -i -E "${CONFIG}/UDP_${i}|brook tproxy -l 0.0.0.0:${listen_port}" | wc -l)
if [ $icount = 0 ]; then
/etc/init.d/passwall restart
exit 0
fi
fi
fi
done
#socks5
if [ $SOCKS5_PROXY_SERVER != "nil" ]; then
icount=$(ps -w | grep -i -E "ss-redir|ssr-redir|v2ray|brook client" | grep $CONFIG_PATH/SOCKS5.json | grep -v grep | wc -l)
if [ $icount = 0 ]; then
/etc/init.d/passwall restart
exit 0
for i in $(seq 1 $SOCKS5_PROXY_SERVER_NUM); do
eval temp_server=\$SOCKS5_PROXY_SERVER$i
if [ "$temp_server" != "nil" ]; then
[ -f "/var/etc/passwall/port/Socks5_$i" ] && listen_port=$(echo -n `cat /var/etc/passwall/port/Socks5_$i`)
icount=$(ps -w | grep -v grep | grep -i -E "${CONFIG}/Socks5_${i}|brook client -l 0.0.0.0:${listen_port}" | wc -l)
if [ $icount = 0 ]; then
/etc/init.d/passwall restart
exit 0
fi
fi
fi
done
#dns
icount=$(netstat -apn | grep 7913 | wc -l)
@ -58,15 +91,6 @@ if [ $icount = 0 ]; then
exit 0
fi
#kcptun
if [ $use_kcp -gt 0 ]; then
icount=$(ps -w | grep kcptun_client | grep $kcp_port | grep -v grep | wc -l)
if [ $icount = 0 ]; then
/etc/init.d/passwall restart
exit 0
fi
fi
#haproxy
if [ $use_haproxy -gt 0 ]; then
icount=$(ps -w | grep haproxy | grep $CONFIG_PATH/haproxy.cfg | grep -v grep | wc -l)

0
package/lienol/luci-app-passwall/root/usr/share/passwall/rule_update.sh Executable file → Normal file
View File

6
package/lienol/luci-app-passwall/root/usr/share/passwall/subscription.sh Executable file → Normal file
View File

@ -207,14 +207,14 @@ del_config(){
del_all_config(){
get_server_index
[ "`uci show $CONFIG | grep -c 'sub_server'`" -eq 0 ] && exit 0
current_tcp_redir_server=$(config_t_get global tcp_redir_server)
is_sub_server=`uci -q get $CONFIG.$current_tcp_redir_server.group`
current_tcp_redir_server1=$(config_t_get global tcp_redir_server1)
is_sub_server=`uci -q get $CONFIG.$current_tcp_redir_server1.group`
for i in `seq $servers_index -1 1`
do
[ "$(uci show $CONFIG.@servers[$(($i-1))] | grep -c 'sub_server')" -eq 1 ] && uci delete $CONFIG.@servers[$(($i-1))] && uci commit $CONFIG
done
[ -n "$is_sub_server" ] && {
uci set $CONFIG.global[0].tcp_redir_server="nil"
uci set $CONFIG.global[0].tcp_redir_server1="nil"
uci commit $CONFIG && /etc/init.d/$CONFIG stop
}
}

8
package/lienol/luci-app-passwall/root/usr/share/passwall/test.sh Executable file → Normal file
View File

@ -30,7 +30,7 @@ test_proxy() {
test_auto_switch() {
if [ -f "/var/etc/passwall/tcp_server_id" ]; then
TCP_REDIR_SERVER=$(cat /var/etc/passwall/tcp_server_id)
TCP_REDIR_SERVER1=$(cat /var/etc/passwall/tcp_server_id)
else
rm -f $LOCK_FILE
exit 1
@ -48,16 +48,16 @@ test_auto_switch() {
[ "$failcount" -ge 6 ] && {
echo "$(get_date): 自动切换检测:检测异常,切换节点" >>/var/log/passwall.log
TCP_REDIR_SERVERS=$(uci get passwall.@auto_switch[0].tcp_redir_server)
has_backup_server=$(echo $TCP_REDIR_SERVERS | grep $TCP_REDIR_SERVER)
has_backup_server=$(echo $TCP_REDIR_SERVERS | grep $TCP_REDIR_SERVER1)
setserver=
if [ -z "$has_backup_server" ]; then
setserver=$(echo $TCP_REDIR_SERVERS | awk -F ' ' '{print $1}')
else
setserver=$TCP_REDIR_SERVER
setserver=$TCP_REDIR_SERVER1
flag=0
for server in $has_backup_server; do
if [ "$flag" == 0 ]; then
if [ "$TCP_REDIR_SERVER" == "$server" ]; then
if [ "$TCP_REDIR_SERVER1" == "$server" ]; then
flag=1
continue
fi

33
package/jsda/openwrt-redsocks2/Makefile → package/lienol/redsocks2/Makefile
View File

@ -7,18 +7,17 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=redsocks2
PKG_VERSION:=0.60
PKG_RELEASE=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/aa65535/openwrt-redsocks2/releases/download/v$(PKG_VERSION)
PKG_MD5SUM:=b88bf23bf75fa7642f8d230db21f73b9
PKG_LICENSE:=GPLv2
PKG_LICENSE_FILES:=LICENSE
PKG_MAINTAINER:=Zhuofei Wang <SemigodKing@gmail.com>
PKG_VERSION:=0.67
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/semigodking/redsocks.git
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE_VERSION:=3052eeab75ff1ebd20c22334fbbecd808525bca7
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
PKG_MAINTAINER:=semigodking <semigodking@gmail.com>
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)/$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
include $(INCLUDE_DIR)/package.mk
@ -28,7 +27,7 @@ define Package/redsocks2
CATEGORY:=Network
TITLE:=Redirect any TCP connection to a SOCKS or HTTPS proxy server
URL:=https://github.com/semigodking/redsocks
DEPENDS:=+libevent2
DEPENDS:=+libevent2 +libopenssl
endef
define Package/redsocks2/description
@ -41,13 +40,13 @@ define Package/redsocks2/conffiles
/etc/config/redsocks2
endef
#define Build/Compile
# $(call Build/Compile/Default,ENABLE_HTTPS_PROXY=true)
#endef
define Package/redsocks2/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/redsocks2 $(1)/usr/bin
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_DATA) ./files/redsocks2.config $(1)/etc/config/redsocks2
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/redsocks2.init $(1)/etc/init.d/redsocks2
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/redsocks2 $(1)/usr/sbin
$(INSTALL_DIR) $(1)/etc/redsocks2
$(INSTALL_DATA) ./files/redsocks2.template $(1)/etc/redsocks2/config.template
endef

28
package/lienol/redsocks2/files/redsocks2.template Normal file
View File

@ -0,0 +1,28 @@
redsocks {
local_ip = 192.168.1.1;
local_port = 1081;
ip = 192.168.1.1;
port = 9050;
type = socks5; // I use socks5 proxy for GFW'ed IP
autoproxy = 1; // I want autoproxy feature enabled on this section.
// timeout is meaningful when 'autoproxy' is non-zero.
// It specified timeout value when trying to connect to destination
// directly. Default is 10 seconds. When it is set to 0, default
// timeout value will be used.
// NOTE: decreasing the timeout value may lead increase of chance for
// normal IP to be misjudged.
timeout = 13;
//type = http-connect;
//login = username;
//password = passwd;
}
tcpdns {
// Transform UDP DNS requests into TCP DNS requests.
// You can also redirect connections to external TCP DNS server to
// REDSOCKS transparent proxy via iptables.
local_ip = 192.168.1.1; // Local server to act as DNS server
local_port = 1053; // UDP port to receive UDP DNS requests
tcpdns1 = 8.8.4.4; // DNS server that supports TCP DNS requests
tcpdns2 = 8.8.8.8; // DNS server that supports TCP DNS requests
timeout = 4; // Timeout value for TCP DNS requests
}