From ce10c8d633df2add85f7be0706083d974fc152d9 Mon Sep 17 00:00:00 2001 From: xiaorouji <60100640+xiaorouji@users.noreply.github.com> Date: Thu, 18 Feb 2021 19:59:17 +0800 Subject: [PATCH] luci-app-passwall: sync with upstream source Signed-off-by: CN_SZTL --- .../model/cbi/passwall/api/gen_xray.lua | 149 +++++++++--------- .../model/cbi/passwall/client/global.lua | 25 +-- .../model/cbi/passwall/client/node_config.lua | 3 +- .../root/usr/share/passwall/app.sh | 17 +- .../root/usr/share/passwall/iptables.sh | 8 +- 5 files changed, 91 insertions(+), 111 deletions(-) diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_xray.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_xray.lua index 3af06fd3b2..e18006e11c 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_xray.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_xray.lua @@ -260,77 +260,12 @@ if node_section then if node.protocol == "_shunt" then local rules = {} - ucursor:foreach(appname, "shunt_rules", function(e) - local name = e[".name"] - local _node_id = node[name] or "nil" - local is_proxy = node[name .. "_proxy"] or "0" - local outboundTag - if _node_id == "_direct" then - outboundTag = "direct" - elseif _node_id == "_blackhole" then - outboundTag = "blackhole" - else - if _node_id ~= "nil" then - local has_outbound - for index, value in ipairs(outbounds) do - if value["_flag_tag"] == _node_id and value["_flag_is_proxy"] == is_proxy then - has_outbound = api.clone(value) - break - end - end - if has_outbound then - has_outbound["tag"] = name - table.insert(outbounds, has_outbound) - outboundTag = name - else - local _node = ucursor:get_all(appname, _node_id) - local _outbound = gen_outbound(_node, name, is_proxy) - if _outbound then - if is_proxy == "1" then - table.insert(rules, 1, { - type = "field", - inboundTag = {"proxy_" .. name}, - outboundTag = "default" - }) - end - table.insert(outbounds, _outbound) - outboundTag = name - end - end - end - end - if outboundTag then - if e.domain_list then - local _domain = {} - string.gsub(e.domain_list, '[^' .. "\r\n" .. ']+', function(w) - table.insert(_domain, w) - end) - table.insert(rules, { - type = "field", - outboundTag = outboundTag, - domain = _domain - }) - end - if e.ip_list then - local _ip = {} - string.gsub(e.ip_list, '[^' .. "\r\n" .. ']+', function(w) - table.insert(_ip, w) - end) - table.insert(rules, { - type = "field", - outboundTag = outboundTag, - ip = _ip - }) - end - end - end) - local default_node_id = node.default_node or "_direct" - local outboundTag + local default_outboundTag if default_node_id == "_direct" then - outboundTag = "direct" + default_outboundTag = "direct" elseif default_node_id == "_blackhole" then - outboundTag = "blackhole" + default_outboundTag = "blackhole" else local default_node = ucursor:get_all(appname, default_node_id) local main_node_id = node.main_node or "nil" @@ -365,13 +300,85 @@ if node_section then local default_outbound = gen_outbound(default_node, "default") if default_outbound then table.insert(outbounds, default_outbound) - outboundTag = "default" + default_outboundTag = "default" end end - if outboundTag then + + ucursor:foreach(appname, "shunt_rules", function(e) + local name = e[".name"] + local _node_id = node[name] or "nil" + local is_proxy = node[name .. "_proxy"] or "0" + local outboundTag + if _node_id == "_direct" then + outboundTag = "direct" + elseif _node_id == "_blackhole" then + outboundTag = "blackhole" + elseif _node_id == "_default" then + outboundTag = "default" + else + if _node_id ~= "nil" then + local has_outbound + for index, value in ipairs(outbounds) do + if value["_flag_tag"] == _node_id and value["_flag_is_proxy"] == is_proxy then + has_outbound = api.clone(value) + break + end + end + if has_outbound then + has_outbound["tag"] = name + table.insert(outbounds, has_outbound) + outboundTag = name + else + local _node = ucursor:get_all(appname, _node_id) + local _outbound = gen_outbound(_node, name, is_proxy) + if _outbound then + if is_proxy == "1" then + table.insert(rules, 1, { + type = "field", + inboundTag = {"proxy_" .. name}, + outboundTag = "default" + }) + end + table.insert(outbounds, _outbound) + outboundTag = name + end + end + end + end + if outboundTag then + if outboundTag == "default" then + outboundTag = default_outboundTag + end + if e.domain_list then + local _domain = {} + string.gsub(e.domain_list, '[^' .. "\r\n" .. ']+', function(w) + table.insert(_domain, w) + end) + + table.insert(rules, { + type = "field", + outboundTag = outboundTag, + domain = _domain + }) + end + if e.ip_list then + local _ip = {} + string.gsub(e.ip_list, '[^' .. "\r\n" .. ']+', function(w) + table.insert(_ip, w) + end) + table.insert(rules, { + type = "field", + outboundTag = outboundTag, + ip = _ip + }) + end + end + end) + + if default_outboundTag then table.insert(rules, { type = "field", - outboundTag = outboundTag, + outboundTag = default_outboundTag, network = network }) end diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua index 2cfab4bd10..23e3754980 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua @@ -120,7 +120,8 @@ if has_xray and #nodes_table > 0 then local id = e[".name"] o = s:taboption("Main", ListValue, v.id .. "." .. id .. "_node", string.format('* %s', api.url("shunt_rules", id), translate(e.remarks))) o:depends("tcp_node", v.id) - o:value("nil", translate("Default")) + o:value("nil", translate("Close")) + o:value("_default", translate("Default")) o:value("_direct", translate("Direct Connection")) o:value("_blackhole", translate("Blackhole")) for k1, v1 in pairs(normal_list) do @@ -174,26 +175,6 @@ udp_node:value("tcp_", translate("Same as the tcp node")) s:tab("DNS", translate("DNS")) -o = s:taboption("DNS", Value, "up_china_dns", translate("Local DNS") .. "(UDP)") -o.description = translate("IP:Port mode acceptable, multi value split with english comma.") .. "
" .. translate("When the selection is not the default, this DNS is forced to be set to dnsmasq upstream DNS.") -o.default = "default" -o:value("default", translate("Default")) -if has_xray then - o:value("xray_doh", "Xray DNS(DoH)") -end -o:value("223.5.5.5", "223.5.5.5 (" .. translate("Ali") .. "DNS)") -o:value("114.114.114.114", "114.114.114.114 (114DNS)") -o:value("119.29.29.29", "119.29.29.29 (DNSPOD DNS)") -o:value("180.76.76.76", "180.76.76.76 (" .. translate("Baidu") .. "DNS)") - ----- DoH -o = s:taboption("DNS", Value, "up_china_dns_doh", translate("DoH request address")) -o:value("https://dns.alidns.com/dns-query,223.5.5.5", "AliDNS") -o:value("https://doh.pub/dns-query,119.29.29.29", "DNSPod") -o.default = "https://dns.alidns.com/dns-query,223.5.5.5" -o.validate = doh_validate -o:depends("up_china_dns", "xray_doh") - ---- DNS Forward Mode o = s:taboption("DNS", ListValue, "dns_mode", translate("Filter Mode")) o.rmempty = false @@ -209,8 +190,8 @@ if has_xray then o:value("xray_doh", "Xray DNS(DoH)") end o:value("udp", translatef("Requery DNS By %s", translate("UDP Node"))) +o:value("custom", translate("Custom DNS") .. "(UDP)") o:value("nonuse", translate("No Filter")) -o:value("custom", translate("Custom DNS")) ---- Custom DNS o = s:taboption("DNS", Value, "custom_dns", translate("Custom DNS")) diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua index b8c933e995..783d9a6f33 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua @@ -129,7 +129,8 @@ balancing_node:depends("protocol", "_balancing") -- 分流 uci:foreach(appname, "shunt_rules", function(e) o = s:option(ListValue, e[".name"], string.format('* %s', api.url("shunt_rules", e[".name"]), translate(e.remarks))) - o:value("nil", translate("Default")) + o:value("nil", translate("Close")) + o:value("_default", translate("Default")) o:value("_direct", translate("Direct Connection")) o:value("_blackhole", translate("Blackhole")) o:depends("protocol", "_shunt") diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh b/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh index 9cfca3ff48..79ea5f1d66 100755 --- a/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh +++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh @@ -324,7 +324,7 @@ load_config() { DNS_MODE=$(config_t_get global dns_mode pdnsd) DNS_FORWARD=$(config_t_get global dns_forward 8.8.4.4:53 | sed 's/:/#/g') DNS_CACHE=$(config_t_get global dns_cache 0) - LOCAL_DNS=$(config_t_get global up_china_dns default | sed 's/:/#/g') + LOCAL_DNS="default" if [ "${LOCAL_DNS}" = "default" ]; then DEFAULT_DNS=$(uci show dhcp | grep "@dnsmasq" | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' ',') if [ -z "${DEFAULT_DNS}" ]; then @@ -776,19 +776,6 @@ stop_crontab() { } start_dns() { - if [ "${LOCAL_DNS}" = "xray_doh" ]; then - _doh=$(config_t_get global up_china_dns_doh "https://dns.alidns.com/dns-query,223.5.5.5") - _doh_url=$(echo $_doh | awk -F ',' '{print $1}') - _doh_host_port=$(echo $_doh_url | sed "s/https:\/\///g" | awk -F '/' '{print $1}') - _doh_host=$(echo $_doh_host_port | awk -F ':' '{print $1}') - _doh_port=$(echo $_doh_host_port | awk -F ':' '{print $2}') - _doh_bootstrap=$(echo $_doh | cut -d ',' -sf 2-) - lua $API_GEN_XRAY -dns_listen_port "${LOCAL_DOH_PORT}" -dns_server "${_doh_bootstrap}" -doh_url "${_doh_url}" -doh_host "${_doh_host}" > $TMP_PATH/DNS1.json - ln_start_bin "$(first_type $(config_t_get global_app xray_file) xray)" xray $TMP_PATH/DNS1.log -config="$TMP_PATH/DNS1.json" - LOCAL_DNS="127.0.0.1#${LOCAL_DOH_PORT}" - unset _doh _doh_url _doh_bootstrap - fi - local pdnsd_forward other_port msg dns_listen_port=${DNS_PORT} pdnsd_forward=${DNS_FORWARD} @@ -974,7 +961,7 @@ add_dnsmasq() { local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}') for shunt_id in $shunt_ids; do local shunt_node_id=$(config_n_get $TCP_NODE ${shunt_id} nil) - if [ "$shunt_node_id" = "nil" ] || [ "$shunt_node_id" = "_direct" ] || [ "$shunt_node_id" = "_blackhole" ]; then + if [ "$shunt_node_id" = "nil" ] || [ "$shunt_node_id" = "_default" ] || [ "$shunt_node_id" = "_direct" ] || [ "$shunt_node_id" = "_blackhole" ]; then continue fi local shunt_node=$(config_n_get $shunt_node_id address nil) diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh b/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh index c14fd0826c..ea939ac8d5 100755 --- a/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh +++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh @@ -208,6 +208,7 @@ load_acl() { msg2="${msg2}[$?]除${tcp_no_redir_ports}外的" } msg2="${msg2}所有端口" + $ipt_tmp -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -d 1.2.3.4 $(REDIRECT $tcp_port $is_tproxy) $ipt_tmp -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $tcp_port $is_tproxy) $ipt_tmp -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $tcp_port $is_tproxy) $ipt_tmp -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(get_redirect_ipt $tcp_proxy_mode $tcp_port $is_tproxy) @@ -234,6 +235,7 @@ load_acl() { msg2="${msg2}[$?]除${udp_no_redir_ports}外的" } msg2="${msg2}所有端口" + $ipt_m -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -d 1.2.3.4 $(REDIRECT $udp_port TPROXY) $ipt_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $udp_port TPROXY) $ipt_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $udp_port TPROXY) $ipt_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") $(get_redirect_ipt $udp_proxy_mode $udp_port TPROXY) @@ -275,6 +277,7 @@ load_acl() { fi [ "$TCP_NO_REDIR_PORTS" != "disable" ] && msg="${msg}除${TCP_NO_REDIR_PORTS}外的" msg="${msg}所有端口" + $ipt_tmp -A PSW $(comment "默认") -p tcp -d 1.2.3.4 $(REDIRECT $TCP_REDIR_PORT $is_tproxy) $ipt_tmp -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $TCP_REDIR_PORT $is_tproxy) $ipt_tmp -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $TCP_REDIR_PORT $is_tproxy) $ipt_tmp -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $TCP_PROXY_MODE $TCP_REDIR_PORT $is_tproxy) @@ -303,6 +306,7 @@ load_acl() { msg="UDP默认代理:使用UDP节点 [$(get_action_chain_name $UDP_PROXY_MODE)](TPROXY:${UDP_REDIR_PORT})代理" [ "$UDP_NO_REDIR_PORTS" != "disable" ] && msg="${msg}除${UDP_NO_REDIR_PORTS}外的" msg="${msg}所有端口" + $ipt_m -A PSW $(comment "默认") -p udp -d 1.2.3.4 $(REDIRECT $UDP_REDIR_PORT TPROXY) $ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $UDP_REDIR_PORT TPROXY) $ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $UDP_REDIR_PORT TPROXY) $ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $UDP_PROXY_MODE $UDP_REDIR_PORT TPROXY) @@ -638,12 +642,12 @@ add_firewall_rule() { } [ "$use_tcp_node_resolve_dns" == 1 ] && hosts_foreach DNS_FORWARD _proxy_tcp_access 53 $ipt_tmp -A OUTPUT -p tcp -j PSW_OUTPUT - $ipt_tmp -I PSW_OUTPUT -p tcp -d 1.2.3.4 $blist_r [ "$TCP_NO_REDIR_PORTS" != "disable" ] && { $ipt_tmp -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN $ip6t_m -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN echolog " - [$?]不代理TCP 端口:$TCP_NO_REDIR_PORTS" } + $ipt_tmp -A PSW_OUTPUT -p tcp -d 1.2.3.4 $blist_r $ipt_tmp -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $blist_r $ipt_tmp -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $blist_r $ipt_tmp -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $p_r @@ -731,12 +735,12 @@ add_firewall_rule() { } [ "$use_udp_node_resolve_dns" == 1 ] && hosts_foreach DNS_FORWARD _proxy_udp_access 53 $ipt_m -A OUTPUT -p udp -j PSW_OUTPUT - $ipt_m -I PSW_OUTPUT -p udp -d 1.2.3.4 $(REDIRECT 1 MARK) [ "$UDP_NO_REDIR_PORTS" != "disable" ] && { $ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN $ip6t_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN echolog " - [$?]不代理 UDP 端口:$UDP_NO_REDIR_PORTS" } + $ipt_m -A PSW_OUTPUT -p udp -d 1.2.3.4 $(REDIRECT 1 MARK) $ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT 1 MARK) $ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT 1 MARK) $ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $LOCALHOST_UDP_PROXY_MODE 1 MARK)