Merge Lean's source

package/lean/luci-app-flowoffload/Makefile

@@ -9,7 +9,7 @@ LUCI_TITLE:=LuCI support for Flow Offload
 LUCI_DEPENDS:=+kmod-ipt-offload +pdnsd-alt +kmod-tcp-bbr @!LINUX_4_9
 LUCI_PKGARCH:=all
 PKG_VERSION:=1.0
-PKG_RELEASE:=13
+PKG_RELEASE:=15
 
 include $(TOPDIR)/feeds/luci/luci.mk
 

package/lean/luci-app-flowoffload/root/etc/init.d/flowoffload

@@ -252,7 +252,7 @@ start_service(){
 
 	if [ "$DNSMASQ_RESTART" = N ]; then
 		/etc/init.d/dnsmasq restart && echo "DNSMASQ change"
-		/etc/init.d/firewall restart
+		/etc/init.d/firewall restart >/dev/null 2>&1
 	fi
 }
 
@@ -265,7 +265,7 @@ stop_service(){
     uci commit firewall
 	if [ "$DNSMASQ_RESTART" = N ]; then
 		/etc/init.d/dnsmasq restart && echo "DNSMASQ revert"
-		/etc/init.d/firewall restart
+		/etc/init.d/firewall restart >/dev/null 2>&1
 	fi
 }
 
@@ -274,6 +274,5 @@ restart(){
     stop
     start
 	/etc/init.d/dnsmasq restart && echo "DNSMASQ restart"
-	/etc/init.d/firewall restart
+	/etc/init.d/firewall restart >/dev/null 2>&1
 }
-

package/lean/luci-app-ssr-plus/Makefile

@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-ssr-plus
 PKG_VERSION:=171
-PKG_RELEASE:=3
+PKG_RELEASE:=6
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
 

package/lean/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/advanced.lua

@@ -32,15 +32,15 @@ o.default = "https://ispip.clang.cn/all_cn.txt"
 o = s:option(Flag, "adblock", translate("Enable adblock"))
 o.rmempty = false
 
+o = s:option(Value, "nfip_url", translate("nfip_url"))
+o.default = "https://raw.githubusercontent.com/QiuSimons/Netflix_IP/master/NF_only.txt"
+o.description = translate("Customize Netflix IP Url")
+
 o = s:option(Value, "adblock_url", translate("adblock_url"))
 o.default = "https://gitee.com/privacy-protection-tools/anti-ad/raw/master/anti-ad-for-dnsmasq.conf"
 o:depends("adblock", "1")
 o.description = translate("Support AdGuardHome and DNSMASQ format list")
 
-o = s:option(Value, "nfip_url", translate("nfip_url"))
-o.default = "https://raw.githubusercontent.com/QiuSimons/Netflix_IP/master/NF_only.txt"
-o.description = translate("Customize Netflix IP Url")
-
 -- [[ SOCKS Proxy ]]--
 if nixio.fs.access("/usr/bin/microsocks") then
 s = m:section(TypedSection, "socks5_proxy", translate("SOCKS5 Proxy Server Settings"))

package/lean/luci-app-ssr-plus/luasrc/view/shadowsocksr/server_list.htm

@@ -49,8 +49,7 @@ local dsp = require "luci.dispatcher"
 		thread()
 	}
 	
-	// move
-	function cbi_row_drop(fromId, toId, store) {
+	function cbi_row_drop(fromId, toId, store, isToBottom) {
 		var fromNode = document.getElementById(fromId);
 		var toNode = document.getElementById(toId);
 		if (!fromNode || !toNode) return false;
@@ -61,13 +60,13 @@ local dsp = require "luci.dispatcher"
 		if (!table) return false;
 
 		var ids = [];
-		for (var idx = 2; idx < table.rows.length; idx++) {
-			if (table.rows[idx] === fromNode) {
-				toNode.parentNode.insertBefore(toNode, fromNode);
-			} else if (table.rows[idx] === toNode) {
-				fromNode.parentNode.insertBefore(fromNode, toNode);
-			}
+		if (isToBottom) {
+			toNode.parentNode.appendChild(fromNode);
+		} else {
+			fromNode.parentNode.insertBefore(fromNode, toNode);
+		}
 
+		for (var idx = 2; idx < table.rows.length; idx++) {
 			table.rows[idx].className = table.rows[idx].className.replace(
 				/cbi-rowstyle-[12]/,
 				"cbi-rowstyle-" + (1 + (idx % 2))
@@ -82,10 +81,13 @@ local dsp = require "luci.dispatcher"
 
 		return false;
 	}
-	
+
 	// set tr draggable
 	function enableDragForTable(table_selecter, store) {
 		var trs = document.querySelectorAll(table_selecter + " tr");
+		if (!trs || trs.length.length < 3) {
+			return;
+		}
 
 		function ondragstart(ev) {
 			ev.dataTransfer.setData("Text", ev.target.id);
@@ -101,14 +103,46 @@ local dsp = require "luci.dispatcher"
 			ev.dataTransfer.dropEffect = "move";
 		}
 
+		function moveToTop(id) {
+			var top = document.querySelectorAll(table_selecter + " tr")[2];
+			cbi_row_drop(id, top.id, store);
+		}
+
+		function moveToBottom(id) {
+			console.log('moveToBottom:', id);
+			var trList = document.querySelectorAll(table_selecter + " tr");
+			var bottom = trList[trList.length - 1];
+			cbi_row_drop(id, bottom.id, store, true);
+		}
+
 		for (let index = 2; index < trs.length; index++) {
 			const el = trs[index];
 			el.setAttribute("draggable", true);
 			el.ondragstart = ondragstart;
 			el.ondrop = ondrop;
 			el.ondragover = ondragover;
+
+			// reset the behaviors of the btns
+			var upBtns = el.querySelectorAll(".cbi-button.cbi-button-up");
+			if (upBtns && upBtns.length > 0) {
+				upBtns.forEach(function (_el) {
+					_el.onclick = function () {
+						moveToTop(el.id);
+					};
+				});
+			}
+
+			var downBtns = el.querySelectorAll(".cbi-button.cbi-button-down");
+			if (downBtns && downBtns.length > 0) {
+				downBtns.forEach(function (_el) {
+					_el.onclick = function () {
+						moveToBottom(el.id);
+					};
+				});
+			}
 		}
 	}
+
 	// enable
 	enableDragForTable(
 		"#cbi-shadowsocksr-servers table",

package/lean/luci-app-ssr-plus/root/etc/init.d/shadowsocksr

@@ -409,7 +409,7 @@ start_redir() {
         dns2socks 127.0.0.1:1088 8.8.8.8:53 127.0.0.1:5555 -q >/dev/null 2>&1 &
         $ncmd -c /var/etc/shadowsocksr_n.json $ARG_OTA -f /var/run/ssr-netflix.pid >/dev/null 2>&1
     elif [ "$ntype" == "v2ray" ]; then
-        lua /usr/share/shadowsocksr/genv2nfconfig.lua $NETFLIX_SERVER tcp 4321 >/var/etc/v2-ssr-netflix.json
+        lua /usr/share/shadowsocksr/genv2config.lua $NETFLIX_SERVER tcp 4321 1088 >/var/etc/v2-ssr-netflix.json
         $ncmd -config /var/etc/v2-ssr-netflix.json >/dev/null 2>&1 &
         dns2socks 127.0.0.1:1088 8.8.8.8:53 127.0.0.1:5555 -q >/dev/null 2>&1 &
     elif [ "$ntype" == "trojan" ]; then

package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/genv2config.lua

@@ -3,6 +3,7 @@ local json = require "luci.jsonc"
 local server_section = arg[1]
 local proto = arg[2]
 local local_port = arg[3]
+local socks_port = arg[4] or "0"
 
 local server = ucursor:get_all("shadowsocksr", server_section)
 
@@ -11,20 +12,31 @@ log = {
 	-- error = "/var/ssrplus.log",
 	loglevel = "warning"
 },
-	-- 传入连接
-	inbound = {
-		port = local_port,
-		protocol = "dokodemo-door",
-		settings = {
-			network = proto,
-			followRedirect = true
-		},
-		sniffing = {
-			enabled = true,
-			destOverride = { "http", "tls" }
-		}
-	},
-	-- 传出连接
+ -- 传入连接
+ inbound = {
+     port = local_port,
+     protocol = "dokodemo-door",
+     settings = {
+         network = proto,
+         followRedirect = true
+     },
+     sniffing = {
+         enabled = true,
+         destOverride = { "http", "tls" }
+     }
+ },
+ -- 同时开启 socks 代理 
+ inboundDetour = (proto == "tcp" and socks_port ~= "0") and {
+   {
+     protocol = "socks",
+     port = 1088,
+     settings = {
+       auth = "noauth",
+       udp = true
+     }
+   }
+ } or nil,
+ -- 传出连接
 	outbound = {
 		protocol = "vmess",
 		settings = {

package/lean/luci-app-ssr-plus/root/usr/share/shadowsocksr/genv2nfconfig.lua

@@ -1,106 +0,0 @@
-local ucursor = require "luci.model.uci".cursor()
-local json = require "luci.jsonc"
-local server_section = arg[1]
-local proto = arg[2]
-local local_port = arg[3]
-
-local server = ucursor:get_all("shadowsocksr", server_section)
-
-local v2ray = {
-log = {
-	-- error = "/var/ssrplus.log",
-	loglevel = "warning"
-},
- -- 传入连接
- inbound = {
-     port = local_port,
-     protocol = "dokodemo-door",
-     settings = {
-         network = proto,
-         followRedirect = true
-     },
-     sniffing = {
-         enabled = true,
-         destOverride = { "http", "tls" }
-     }
- },
- -- 同时开启 socks 代理 
- inboundDetour = (proto == "tcp") and {
-   {
-     protocol = "socks",
-     port = 1088,
-     settings = {
-       auth = "noauth",
-       udp = true
-     }
-   }
- } or nil,
- -- 传出连接
-	outbound = {
-		protocol = "vmess",
-		settings = {
-			vnext = {
-				{
-					address = server.server,
-					port = tonumber(server.server_port),
-					users = {
-						{
-							id = server.vmess_id,
-							alterId = tonumber(server.alter_id),
-							security = server.security
-						}
-					}
-				}
-			}
-		},
-	-- 底层传输配置
-		streamSettings = {
-			network = server.transport,
-			security = (server.tls == '1') and "tls" or "none",
-			tlsSettings = {allowInsecure = (server.insecure ~= "0") and true or false,serverName=server.tls_host,},
-			kcpSettings = (server.transport == "kcp") and {
-				mtu = tonumber(server.mtu),
-				tti = tonumber(server.tti),
-				uplinkCapacity = tonumber(server.uplink_capacity),
-				downlinkCapacity = tonumber(server.downlink_capacity),
-				congestion = (server.congestion == "1") and true or false,
-				readBufferSize = tonumber(server.read_buffer_size),
-				writeBufferSize = tonumber(server.write_buffer_size),
-				header = {
-					type = server.kcp_guise
-				}
-			} or nil,
-			wsSettings = (server.transport == "ws") and (server.ws_path ~= nil or server.ws_host ~= nil) and {
-				path = server.ws_path,
-				headers = (server.ws_host ~= nil) and {
-					Host = server.ws_host
-				} or nil,
-			} or nil,
-			httpSettings = (server.transport == "h2") and {
-				path = server.h2_path,
-				host = server.h2_host,
-			} or nil,
-			quicSettings = (server.transport == "quic") and {
-				security = server.quic_security,
-				key = server.quic_key,
-				header = {
-					type = server.quic_guise
-				}
-			} or nil
-		},
-		mux = {
-			enabled = (server.mux == "1") and true or false,
-			concurrency = tonumber(server.concurrency)
-		}
-	},
-
-	-- 额外传出连接
-	outboundDetour = {
-		{
-			protocol = "freedom",
-			tag = "direct",
-			settings = { keep = "" }
-		}
-	}
-}
-print(json.stringify(v2ray, 1))

target/linux/generic/pending-4.14/647-netfilter-nf_flow_table_hw-fix-incorrect-ethernet-ds.patch

@@ -1,87 +0,0 @@
-From: Konstantin Vasin <tempest921@gmail.com>
-Date: Mon, 9 Mar 2020 18:38:54 +0300
-Subject: [PATCH] netfilter: nf_flow_table_hw: fix incorrect ethernet dst
- address
-
-Ethernet destination for original traffic takes the source ethernet
-address in the reply direction. For reply traffic, this takes
-the source ethernet address of the original destination.
-
-This fix is based on the upstream commit 1b67e506:
-("netfilter: nf_flow_table_offload: fix incorrect ethernet dst address")
-from wenxu <wenxu@ucloud.cn>
-
-Signed-off-by: Konstantin Vasin <tempest921@gmail.com>
----
-
---- a/net/netfilter/nf_flow_table_hw.c
-+++ b/net/netfilter/nf_flow_table_hw.c
-@@ -24,17 +24,23 @@ struct flow_offload_hw {
- 	struct flow_offload_hw_path dest;
- };
- 
--static void flow_offload_check_ethernet(struct flow_offload_tuple *tuple,
-+static void flow_offload_check_ethernet(struct flow_offload *flow,
-+					enum flow_offload_tuple_dir dir,
- 					struct flow_offload_hw_path *path)
- {
- 	struct net_device *dev = path->dev;
- 	struct neighbour *n;
-+	const void *daddr;
-+	const struct dst_entry *dst_cache;
- 
- 	if (dev->type != ARPHRD_ETHER)
- 		return;
- 
- 	memcpy(path->eth_src, path->dev->dev_addr, ETH_ALEN);
--	n = dst_neigh_lookup(tuple->dst_cache, &tuple->src_v4);
-+
-+	daddr = &flow->tuplehash[dir].tuple.src_v4;
-+	dst_cache = flow->tuplehash[!dir].tuple.dst_cache;
-+	n = dst_neigh_lookup(dst_cache, daddr);
- 	if (!n)
- 		return;
- 
-@@ -44,17 +50,18 @@ static void flow_offload_check_ethernet(struct flow_offload_tuple *tuple,
- }
- 
- static int flow_offload_check_path(struct net *net,
--				   struct flow_offload_tuple *tuple,
-+				   struct flow_offload *flow,
-+				   enum flow_offload_tuple_dir dir,
- 				   struct flow_offload_hw_path *path)
- {
- 	struct net_device *dev;
- 
--	dev = dev_get_by_index_rcu(net, tuple->iifidx);
-+	dev = dev_get_by_index_rcu(net, flow->tuplehash[dir].tuple.iifidx);
- 	if (!dev)
- 		return -ENOENT;
- 
- 	path->dev = dev;
--	flow_offload_check_ethernet(tuple, path);
-+	flow_offload_check_ethernet(flow, dir, path);
- 
- 	if (dev->netdev_ops->ndo_flow_offload_check)
- 		return dev->netdev_ops->ndo_flow_offload_check(path);
-@@ -133,17 +140,14 @@ flow_offload_hw_prepare(struct net *net, struct flow_offload *flow)
- {
- 	struct flow_offload_hw_path src = {};
- 	struct flow_offload_hw_path dest = {};
--	struct flow_offload_tuple *tuple;
- 	struct flow_offload_hw *offload = NULL;
- 
- 	rcu_read_lock_bh();
- 
--	tuple = &flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].tuple;
--	if (flow_offload_check_path(net, tuple, &src))
-+	if (flow_offload_check_path(net, flow, FLOW_OFFLOAD_DIR_ORIGINAL, &src))
- 		goto out;
- 
--	tuple = &flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].tuple;
--	if (flow_offload_check_path(net, tuple, &dest))
-+	if (flow_offload_check_path(net, flow, FLOW_OFFLOAD_DIR_REPLY, &dest))
- 		goto out;
- 
- 	if (!src.dev->netdev_ops->ndo_flow_offload)
-

target/linux/generic/pending-4.14/648-netfilter-nf_flow_table_hw-check-the-status-of-dst_n.patch

@@ -1,32 +0,0 @@
-From: Konstantin Vasin <tempest921@gmail.com>
-Date: Mon, 9 Mar 2020 17:41:22 +0300
-Subject: [PATCH] netfilter: nf_flow_table_hw: check the status of
- dst_neigh
-
-It's better to check the nud_state is VALID.
-If there is not neigh previos, the lookup will
-create a non NUD_VALID with 00:00:00:00:00:00 mac.
-
-This fix is based on the upstream commit f31ad71c44
-("netfilter: nf_flow_table_offload: check the status of dst_neigh")
-from wenxu <wenxu@ucloud.cn>
-
-Signed-off-by: Konstantin Vasin <tempest921@gmail.com>
----
-
-index e831c8830e91..1238d675a316 100644
---- a/net/netfilter/nf_flow_table_hw.c
-+++ b/net/netfilter/nf_flow_table_hw.c
-@@ -44,8 +44,10 @@ static void flow_offload_check_ethernet(struct flow_offload *flow,
- 	if (!n)
- 		return;
- 
--	memcpy(path->eth_dest, n->ha, ETH_ALEN);
--	path->flags |= FLOW_OFFLOAD_PATH_ETHERNET;
-+	if (n->nud_state & NUD_VALID) {
-+		memcpy(path->eth_dest, n->ha, ETH_ALEN);
-+		path->flags |= FLOW_OFFLOAD_PATH_ETHERNET;
-+	}
- 	neigh_release(n);
- }
-