diff --git a/config/Config-build.in b/config/Config-build.in index e3cf68e5de..5540720c37 100644 --- a/config/Config-build.in +++ b/config/Config-build.in @@ -206,9 +206,6 @@ menu "Global build settings" config USE_UCLIBCXX bool "uClibc++" - config USE_LIBCXX - bool "libc++" - config USE_LIBSTDCXX bool "libstdc++" endchoice diff --git a/include/uclibc++.mk b/include/uclibc++.mk index 27533279c9..a1a61f26d4 100644 --- a/include/uclibc++.mk +++ b/include/uclibc++.mk @@ -4,8 +4,8 @@ ifndef DUMP endif endif -PKG_PREPARED_DEPENDS += CONFIG_USE_UCLIBCXX CONFIG_USE_LIBCXX -CXX_DEPENDS = +USE_UCLIBCXX:uclibcxx +USE_LIBCXX:libcxx +USE_LIBSTDCXX:libstdcpp +PKG_PREPARED_DEPENDS += CONFIG_USE_UCLIBCXX +CXX_DEPENDS = +USE_UCLIBCXX:uclibcxx +USE_LIBSTDCXX:libstdcpp ifneq ($(CONFIG_USE_UCLIBCXX),) ifneq ($(CONFIG_CCACHE),) @@ -14,11 +14,3 @@ ifneq ($(CONFIG_USE_UCLIBCXX),) TARGET_CXX=g++-uc endif endif - -ifneq ($(CONFIG_USE_LIBCXX),) - ifneq ($(CONFIG_CCACHE),) - TARGET_CXX_NOCACHE=g++-libcxx - else - TARGET_CXX=g++-libcxx - endif -endif diff --git a/package/ctcgfw/luci-app-diskman/luasrc/model/diskman.lua b/package/ctcgfw/luci-app-diskman/luasrc/model/diskman.lua index dd10876585..bfde90e496 100644 --- a/package/ctcgfw/luci-app-diskman/luasrc/model/diskman.lua +++ b/package/ctcgfw/luci-app-diskman/luasrc/model/diskman.lua @@ -216,7 +216,7 @@ local get_parted_info = function(device) table.insert(partitions_temp, partition_temp) end end - if disk_temp["p_table"] == "MBR" then + if disk_temp and disk_temp["p_table"] == "MBR" then for i, p in ipairs(partitions_temp) do if disk_temp["extended_partition_index"] and p["number"] > 4 then if tonumber(p["sec_end"]) <= tonumber(partitions_temp[disk_temp["extended_partition_index"]]["sec_end"]) and tonumber(p["sec_start"]) >= tonumber(partitions_temp[disk_temp["extended_partition_index"]]["sec_start"]) then diff --git a/package/ctcgfw/luci-app-vssr/Makefile b/package/ctcgfw/luci-app-vssr/Makefile index afcb160070..972d59d106 100644 --- a/package/ctcgfw/luci-app-vssr/Makefile +++ b/package/ctcgfw/luci-app-vssr/Makefile @@ -1,8 +1,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-vssr -PKG_VERSION:=1.19 -PKG_RELEASE:=20201205 +PKG_VERSION:=1.20 +PKG_RELEASE:=20201209 include $(INCLUDE_DIR)/package.mk diff --git a/package/ctcgfw/luci-app-vssr/luasrc/controller/vssr.lua b/package/ctcgfw/luci-app-vssr/luasrc/controller/vssr.lua index 662cbfc169..55c4eef4fe 100644 --- a/package/ctcgfw/luci-app-vssr/luasrc/controller/vssr.lua +++ b/package/ctcgfw/luci-app-vssr/luasrc/controller/vssr.lua @@ -13,10 +13,11 @@ function index() entry({'admin', 'services', 'vssr', 'servers'}, cbi('vssr/servers'), _('Severs Nodes'), 11).leaf = true -- 服务器节点 entry({'admin', 'services', 'vssr', 'servers'}, arcombine(cbi('vssr/servers'), cbi('vssr/client-config')), _('Severs Nodes'), 11).leaf = true -- 编辑节点 entry({'admin', 'services', 'vssr', 'control'}, cbi('vssr/control'), _('Access Control'), 12).leaf = true -- 访问控制 - if nixio.fs.access('/usr/bin/v2ray/v2ray') then - entry({'admin', 'services', 'vssr', 'socks5'}, cbi('vssr/socks5'), _('Socks5'), 13).leaf = true -- Socks5代理 + entry({'admin', 'services', 'vssr', 'router'}, cbi('vssr/router'), _('Router Config'), 13).leaf = true -- 访问控制 + if nixio.fs.access('/usr/bin/v2ray/v2ray') or nixio.fs.access('/usr/bin/v2ray') or nixio.fs.access('/usr/bin/xray') or nixio.fs.access('/usr/bin/xray/xray') then + entry({'admin', 'services', 'vssr', 'socks5'}, cbi('vssr/socks5'), _('Socks5'), 14).leaf = true -- Socks5代理 end - entry({'admin', 'services', 'vssr', 'advanced'}, cbi('vssr/advanced'), _('Advanced Settings'), 14).leaf = true -- 高级设置 + entry({'admin', 'services', 'vssr', 'advanced'}, cbi('vssr/advanced'), _('Advanced Settings'), 15).leaf = true -- 高级设置 elseif nixio.fs.access('/usr/bin/ssr-server') then entry({'admin', 'services', 'vssr'}, alias('admin', 'services', 'vssr', 'server'), _('vssr'), 10).dependent = true else @@ -39,6 +40,7 @@ function index() entry({'admin', 'services', 'vssr', 'flag'}, call('get_flag')) -- 获取节点国旗 iso code entry({'admin', 'services', 'vssr', 'ip'}, call('check_ip')) -- 获取ip情况 entry({'admin', 'services', 'vssr', 'switch'}, call('switch')) -- 设置节点为自动切换 + entry({'admin', 'services', 'vssr', 'delnode'}, call('del_node')) -- 删除某个节点 end -- 执行订阅 @@ -86,6 +88,23 @@ function get_servers() luci.http.write_json(server_table) end +-- 删除指定节点 +function del_node() + local e = {} + local uci = luci.model.uci.cursor() + local node = luci.http.formvalue('node') + e.status = false + e.node = node + if node ~= '' then + uci:delete('vssr', node) + uci:save('vssr') + uci:commit('vssr') + e.status = true + end + luci.http.prepare_content('application/json') + luci.http.write_json(e) +end + -- 切换节点 function change_node() local sockets = require 'socket' @@ -246,7 +265,7 @@ function refresh_data() retstring = '-1' end elseif set == 'ip_data' then - refresh_cmd = "wget -O- 'https://ispip.clang.cn/all_cn.txt' > /tmp/china_ssr.txt" + refresh_cmd ="wget -O- 'https://ispip.clang.cn/all_cn.txt' > /tmp/china_ssr.txt 2>/dev/null" sret = luci.sys.call(refresh_cmd) icount = luci.sys.exec('cat /tmp/china_ssr.txt | wc -l') if sret == 0 and tonumber(icount) > 1000 then @@ -300,4 +319,4 @@ function refresh_data() end luci.http.prepare_content('application/json') luci.http.write_json({ret = retstring, retcount = icount}) -end +end \ No newline at end of file diff --git a/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/client-config.lua b/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/client-config.lua index 33aec5600b..f5452ecd3e 100644 --- a/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/client-config.lua +++ b/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/client-config.lua @@ -129,7 +129,7 @@ o:value('ssr', translate('ShadowsocksR')) if nixio.fs.access('/usr/bin/ss-redir') then o:value('ss', translate('Shadowsocks New Version')) end -if nixio.fs.access('/usr/bin/v2ray/v2ray') or nixio.fs.access('/usr/bin/v2ray') then +if nixio.fs.access('/usr/bin/v2ray/v2ray') or nixio.fs.access('/usr/bin/v2ray') or nixio.fs.access('/usr/bin/xray') or nixio.fs.access('/usr/bin/xray/xray') then o:value('v2ray', translate('V2Ray')) o:value('vless', translate('VLESS')) end diff --git a/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/client.lua b/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/client.lua index 0c016becd4..9d77400f59 100644 --- a/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/client.lua +++ b/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/client.lua @@ -6,7 +6,7 @@ local vssr = 'vssr' local gfwmode = 0 -if nixio.fs.access('/etc/dnsmasq.ssr/gfw_list.conf') then +if nixio.fs.access('/etc/vssr/gfw_list.conf') then gfwmode = 1 end @@ -26,9 +26,12 @@ uci:foreach( 'vssr', 'servers', function(s) - s['name'] = s['.name'] - s['gname'] = '[%s]:%s' % {string.upper(s.type), s.alias} - table.insert(server_table, s) + if s.type ~= nil then + s['name'] = s['.name'] + local alias = (s.alias ~= nil) and s.alias or "未命名节点" + s['gname'] = '[%s]:%s' % {string.upper(s.type), alias} + table.insert(server_table, s) + end end ) function my_sort(a,b) @@ -52,7 +55,7 @@ local route_label = { 'Youtube Proxy', 'TaiWan Video Proxy', 'Netflix Proxy', - 'Diseny+ Proxy', + 'Disney+ Proxy', 'Prime Video Proxy', 'TVB Video Proxy', 'Custom Proxy' @@ -119,7 +122,6 @@ o:value('router', translate('IP Route Mode')) o:value('all', translate('Global Mode')) o:value('oversea', translate('Oversea Mode')) o.default = 'router' - o = s:option(ListValue, 'dports', translate('Proxy Ports')) o:value('1', translate('All Ports')) o:value('2', translate('Only Common Ports')) diff --git a/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/control.lua b/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/control.lua index e537fd5596..2ee6581431 100644 --- a/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/control.lua +++ b/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/control.lua @@ -18,16 +18,21 @@ o.datatype = 'ip4addr' -- Part of LAN s:tab('lan_ac', translate('LAN IP AC')) -o = s:taboption('lan_ac', DynamicList, 'lan_ac_ips', translate('LAN Bypassed Host List')) -o.datatype = 'ipaddr' -luci.ip.neighbors( - {family = 4}, - function(entry) - if entry.reachable then - o:value(entry.dest:string()) - end - end -) +o = s:taboption("lan_ac", ListValue, "lan_ac_mode", translate("LAN Access Control")) +o:value("0", translate("Disable")) +o:value("w", translate("Allow listed only")) +o:value("b", translate("Allow all except listed")) +o.rmempty = false + +o = s:taboption("lan_ac", DynamicList, "lan_ac_ips", translate("LAN Host List")) +o.datatype = "ipaddr" +luci.ip.neighbors({ family = 4 }, function(entry) + if entry.reachable then + o:value(entry.dest:string()) + end +end) +o:depends("lan_ac_mode", "w") +o:depends("lan_ac_mode", "b") o = s:taboption('lan_ac', DynamicList, 'lan_fp_ips', translate('LAN Force Proxy Host List')) o.datatype = 'ipaddr' @@ -93,9 +98,4 @@ o.remove = function(self, section, value) NXFS.writefile(blockconf, '') end -s:tab('proxy', translate('Custom Proxy Domain Name')) - -o = s:taboption('proxy', DynamicList, 'proxy_domain_name', translate('Proxy Domain Name')) -o.datatype = 'hostname' - -return m +return m \ No newline at end of file diff --git a/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/router.lua b/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/router.lua new file mode 100644 index 0000000000..3ac396f22b --- /dev/null +++ b/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/router.lua @@ -0,0 +1,55 @@ +local m, s, o +local NXFS = require 'nixio.fs' +local router_table = { + yotube = { + name = 'youtube', + des = 'Youtube Domain' + }, + tw_video = { + name = 'tw_video', + des = 'Tw Video Domain' + }, + netflix = { + name = 'netflix', + des = 'Netflix Domain' + }, + disney = { + name = 'disney', + des = 'Disney+ Domain' + }, + prime = { + name = 'prime', + des = 'Prime Video Domain' + }, + tvb = { + name = 'tvb', + des = 'TVB Domain' + }, + custom = { + name = 'custom', + des = 'Custom Domain' + } +} + +m = Map('vssr', translate('Router domain config')) +s = m:section(TypedSection, 'access_control') +s.anonymous = true +for _, v in pairs(router_table) do + s:tab(v.name, translate(v.des)) + local conf = '/etc/vssr/'.. v.name ..'_domain.list' + o = s:taboption(v.name, TextValue, v.name ..'conf') + o.rows = 13 + o.wrap = 'off' + o.rmempty = true + o.cfgvalue = function(self, section) + return NXFS.readfile(conf) or ' ' + end + o.write = function(self, section, value) + NXFS.writefile(conf, value:gsub('\r\n', '\n')) + end + o.remove = function(self, section, value) + NXFS.writefile(conf, '') + end +end + +return m diff --git a/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/servers.lua b/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/servers.lua index 93e82b575c..5d2b0c6d50 100644 --- a/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/servers.lua +++ b/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/servers.lua @@ -12,6 +12,9 @@ uci:foreach( function(s) server_count = server_count + 1 s['name'] = s['.name'] + if(s.alias == nil) then + s.alias = "未命名节点" + end table.insert(server_table, s) end ) diff --git a/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/socks5.lua b/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/socks5.lua index 7f82219bbb..d477e3adc1 100644 --- a/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/socks5.lua +++ b/package/ctcgfw/luci-app-vssr/luasrc/model/cbi/vssr/socks5.lua @@ -7,7 +7,7 @@ local sys = require 'luci.sys' m = Map(vssr) -- [[ SOCKS5 Proxy ]]-- -if nixio.fs.access('/usr/bin/v2ray/v2ray') then +if nixio.fs.access('/usr/bin/v2ray/v2ray') or nixio.fs.access('/usr/bin/v2ray') or nixio.fs.access('/usr/bin/xray') or nixio.fs.access('/usr/bin/xray/xray') then s = m:section(TypedSection, 'socks5_proxy', translate('V2ray SOCKS5 Proxy')) s.anonymous = true diff --git a/package/ctcgfw/luci-app-vssr/luasrc/view/vssr/ssrurl.htm b/package/ctcgfw/luci-app-vssr/luasrc/view/vssr/ssrurl.htm index 9d8075c515..f6b5bff640 100644 --- a/package/ctcgfw/luci-app-vssr/luasrc/view/vssr/ssrurl.htm +++ b/package/ctcgfw/luci-app-vssr/luasrc/view/vssr/ssrurl.htm @@ -219,7 +219,7 @@ } el('.server').value = part2[0]; el('.server_port').value = others[0]; - el('.password').value = part1[1]; + el('.password').value = part1[0]; if (queryParam.peer || queryParam.sni) { el('.tls').checked = true; el('.peer').value = queryParam.peer || queryParam.sni; diff --git a/package/ctcgfw/luci-app-vssr/luasrc/view/vssr/tblsection.htm b/package/ctcgfw/luci-app-vssr/luasrc/view/vssr/tblsection.htm index 527055d268..c77c412093 100644 --- a/package/ctcgfw/luci-app-vssr/luasrc/view/vssr/tblsection.htm +++ b/package/ctcgfw/luci-app-vssr/luasrc/view/vssr/tblsection.htm @@ -1,7 +1,6 @@ -
总计 @@ -39,10 +38,9 @@ %> onclick="location.href='<%=self:extedit(section.name)%>'" <%- end %> alt="<%:Edit%>" title="<%:Edit%>"> <%:Edit%> <%- end; if self.addremove then %> - + <%:Delete%> <%- end -%> <%- end -%> @@ -93,6 +91,7 @@ const CONFIG = '<%=self.config%>'; const CURRENT = '<%=self.current%>'; const CHANGE_NODE_URL = '<%=luci.dispatcher.build_url("admin", "services", "vssr","change")%>'; + const DELETE_NODE_URL = '<%=luci.dispatcher.build_url("admin", "services", "vssr","delnode")%>'; const CHECK_PING_URL = '<%=luci.dispatcher.build_url("admin", "services", "vssr","checkport")%>'; const SWITCH_NODE_URL = '<%=luci.dispatcher.build_url("admin", "services", "vssr","switch")%>'; @@ -166,6 +165,21 @@ } }) } + + //删除节点 + function delete_node(node){ + XHR.halt(); + $.each(ajaxArray, function (n, value) { value.abort(); }) //中断所有的ajax请求 + $.get(DELETE_NODE_URL, { node: node }, + function (data, status) { + if (data.status) { + var id = '#cbi-<%=self.config%>-' + node; + $(id).parent().remove(); + XHR.run(); + check() + } + }); + } //设定自动切换 $(".incon").click(function () { diff --git a/package/ctcgfw/luci-app-vssr/po/zh-cn/vssr.po b/package/ctcgfw/luci-app-vssr/po/zh-cn/vssr.po index 002061e298..ba0b7b14e2 100644 --- a/package/ctcgfw/luci-app-vssr/po/zh-cn/vssr.po +++ b/package/ctcgfw/luci-app-vssr/po/zh-cn/vssr.po @@ -630,8 +630,8 @@ msgstr "台湾视频服务代理" msgid "Netflix Proxy" msgstr "Netflix 代理" -msgid "Diseny+ Proxy" -msgstr "Diseny+ 代理" +msgid "Disney+ Proxy" +msgstr "Disney+ 代理" msgid "Prime Video Proxy" msgstr "Prime Video 代理" @@ -674,3 +674,30 @@ msgstr "VLESS 加密" msgid "You can manually add group names in front of the URL, splited by ," msgstr "你可以在URL前面手动添加组名,使用 , 分隔" + +msgid "Router Config" +msgstr "分流设置" + +msgid "Router domain config" +msgstr "分流域名设置" + +msgid "Youtube Domain" +msgstr "YouTube 域名" + +msgid "Tw Video Domain" +msgstr "台湾视频域名" + +msgid "Netflix Domain" +msgstr "Netflix 域名" + +msgid "Disney+ Domain" +msgstr "Disney+ 域名" + +msgid "Prime Video Domain" +msgstr "Prime Video 域名" + +msgid "TVB Domain" +msgstr "TVB 域名" + +msgid "Custom Domain" +msgstr "自定义域名" diff --git a/package/ctcgfw/luci-app-vssr/root/etc/config/vssr b/package/ctcgfw/luci-app-vssr/root/etc/config/vssr old mode 100644 new mode 100755 index b53257cdfa..088a72a5c5 --- a/package/ctcgfw/luci-app-vssr/root/etc/config/vssr +++ b/package/ctcgfw/luci-app-vssr/root/etc/config/vssr @@ -2,7 +2,7 @@ config global option tunnel_forward '8.8.4.4:53' option tunnel_address '0.0.0.0' - option run_mode 'gfw' + option run_mode 'router' option pdnsd_enable '1' option monitor_enable '1' option global_server 'nil' @@ -11,7 +11,7 @@ config global option switch_time '667' option switch_try_count '3' option adblock '0' - option dports '2' + option dports '1' config socks5_proxy option enable_server '0' @@ -38,6 +38,7 @@ config server_subscribe option proxy '0' option auto_update_time '2' option auto_update '1' + option filter_words '过期时间/剩余流量' diff --git a/package/ctcgfw/luci-app-vssr/root/etc/init.d/vssr b/package/ctcgfw/luci-app-vssr/root/etc/init.d/vssr index 015b8da63d..028f6c1df1 100755 --- a/package/ctcgfw/luci-app-vssr/root/etc/init.d/vssr +++ b/package/ctcgfw/luci-app-vssr/root/etc/init.d/vssr @@ -1,4 +1,4 @@ -#!/bin/bash /etc/rc.common +#!/bin/sh /etc/rc.common # # Copyright (C) 2017 openwrt-ssr # Copyright (C) 2017 yushi studio @@ -8,13 +8,12 @@ # See /LICENSE for more information. # -START=90 +START=99 STOP=15 -extra_command "rules" - SERVICE_DAEMONIZE=1 NAME=vssr +EXTRA_COMMANDS=rules #定义配置文件名称 CONFIG_FILE=/var/etc/${NAME}_t.json @@ -35,9 +34,6 @@ switch_server=$1 MAXFD=32768 CRON_FILE=/etc/crontabs/root threads=1 -shunt_type=("global" "youtube" "tw_video" "netflix" "disney" "prime" "tvb" "custom") -shunt_port=(2080 2081 2082 2083 2084 2085 2086 2087) -shunt_array=("youtube" "tw_video" "netflix" "disney" "prime" "tvb" "custom") scount=0 uci_get_by_name() { local ret=$(uci get $NAME.$1.$2 2>/dev/null) @@ -63,14 +59,23 @@ del_cron() { } count_shunt() { scount=0 - for ((i = 0; i < ${#shunt_array[@]}; i++)); do - local server_index=$(uci_get_by_type global ${shunt_array[i]}_server) + eval shunt_array1="youtube" + eval shunt_array2="tw_video" + eval shunt_array3="netflix" + eval shunt_array4="disney" + eval shunt_array5="prime" + eval shunt_array6="tvb" + eval shunt_array7="custom" + for i in 1 2 3 4 5 6 7; do + a=$(eval echo "\$shunt_array$i") + local server_index=$(uci_get_by_type global ${a}_server) local server_type=$(uci_get_by_name $server_index type) if [ "$server_type" != "" ]; then scount=$(($scount + 1)) fi done } + count_shunt run_mode=$(uci_get_by_type global run_mode) is_xray=$(uci_get_by_type global use_xray) @@ -149,7 +154,7 @@ start_rules() { local local_port=$(uci_get_by_name $GLOBAL_SERVER local_port) local lan_ac_ips=$(uci_get_by_type access_control lan_ac_ips) - local lan_ac_mode="b" + local lan_ac_mode=$(uci_get_by_type access_control lan_ac_mode) local router_proxy=$(uci_get_by_type access_control router_proxy) if [ "$GLOBAL_SERVER" == "$UDP_RELAY_SERVER" -a $kcp_flag == 0 ]; then ARG_UDP="-u" @@ -228,43 +233,34 @@ start_pdnsd() { chown -R nobody:nogroup /var/pdnsd fi - cat >/var/etc/pdnsd.conf </var/etc/pdnsd.conf + global{ + perm_cache=1024; + cache_dir="/var/pdnsd"; + pid_file="/var/run/pdnsd.pid"; + run_as="nobody"; + server_ip=127.0.0.1; + server_port=5335; + status_ctl=on; + query_method=tcp_only; + min_ttl=1h; + max_ttl=1w; + timeout=10; + neg_domain_pol=on; + proc_limit=2; + procq_limit=8; + par_queries=1; + } + server{ + label="ssr-usrdns"; + ip=$usr_dns; + port=$usr_port; + timeout=6; + uptest=none; + interval=10m; + purge_cache=off; + } + EOF /usr/sbin/pdnsd -c /var/etc/pdnsd.conf -d } @@ -275,30 +271,47 @@ find_bin() { ssr) ret="/usr/bin/ssr-redir" ;; ssr-local) ret="/usr/bin/ssr-local" ;; ssr-server) ret="/usr/bin/ssr-server" ;; - v2ray | vless) - ret="/usr/bin/v2ray/v2ray" && [ ! -f "$ret" ] && ret="/usr/bin/v2ray" + v2ray | vless) + ret="/usr/bin/v2ray/v2ray" && [ ! -f "$ret" ] && ret="/usr/bin/v2ray" if [ $is_xray = "1" ]; then - ret="/usr/bin/xray" && [ ! -f "$ret" ] && ret="/usr/bin/xray/xray" + ret="/usr/bin/xray" && [ ! -f "$ret" ] && ret="/usr/bin/xray/xray" fi ;; trojan) ret="/usr/sbin/trojan" ;; - socks5 | tun) ret="/usr/sbin/redsocks2" ;; esac echo $ret } #分流节点 start_shunt() { - for ((i = 0; i < ${#shunt_type[@]}; i++)); do - local server_index=$(uci_get_by_type global ${shunt_type[i]}_server) - local server_port=${shunt_port[i]} + eval shunt_type1="global" + eval shunt_type2="youtube" + eval shunt_type3="tw_video" + eval shunt_type4="netflix" + eval shunt_type5="disney" + eval shunt_type6="prime" + eval shunt_type7="tvb" + eval shunt_type8="custom" + eval shunt_port1=2080 + eval shunt_port2=2081 + eval shunt_port3=2082 + eval shunt_port4=2083 + eval shunt_port5=2084 + eval shunt_port6=2085 + eval shunt_port7=2086 + eval shunt_port8=2087 + for i in 1 2 3 4 5 6 7 8; do + shunt_type=$(eval echo "\$shunt_type$i") + shunt_port=$(eval echo "\$shunt_port$i") + local server_index=$(uci_get_by_type global ${shunt_type}_server) + local server_port=${shunt_port} local server_type=$(uci_get_by_name $server_index type) local server_ip=$(uci_get_by_name $server_index server) - if ["$server_type" == "vless"]; then + if [ "$server_type" = "vless" ]; then server_type="v2ray" fi - [ "$server_type" == "trojan" ] && re_type="client" || re_type="tcp" + [ "$server_type" = "trojan" ] && re_type="client" || re_type="tcp" if [ "$server_type" != "v2ray" -a "$server_type" != "" ]; then - local config_file=/var/etc/${NAME}_${shunt_type[i]}.json + local config_file=/var/etc/${NAME}_${shunt_type}.json local bin=$(find_bin $server_type) lua /usr/share/vssr/genconfig_${server_type}.lua ${server_index} ${re_type} ${server_port} ${server_ip} >${config_file} sed -i 's/\\//g' $config_file @@ -306,13 +319,13 @@ start_shunt() { ss | ssr) bin=$(find_bin "ss-local") [ "$server_type" == "ssr" ] && bin=$(find_bin "ssr-local") - $bin -c $config_file $ARG_OTA -f /var/run/vssr-${shunt_type[i]}.pid1 >/dev/null 2>&1 + $bin -c $config_file $ARG_OTA -f /var/run/vssr-${shunt_type}.pid1 >/dev/null 2>&1 ;; trojan) $bin --config $config_file >/dev/null 2>&1 & ;; esac - echo "$(date "+%Y-%m-%d %H:%M:%S") ${shunt_type[i]}: $server_type 分流服务已启动!" >>/tmp/vssr.log + echo "$(date "+%Y-%m-%d %H:%M:%S") ${shunt_type}: $server_type 分流服务已启动!" >>/tmp/vssr.log fi done return $? @@ -370,7 +383,6 @@ start_redir() { ;; v2ray | vless) $sscmd -config $last_config_file >/dev/null 2>&1 & - echo $sscmd echo "$(date "+%Y-%m-%d %H:%M:%S") $($sscmd -version | head -1) 已启动!" >>/tmp/vssr.log ;; trojan) @@ -479,8 +491,10 @@ start_service() { [ $(uci_get_by_name $1 enable) = "0" ] && return 1 let server_count=server_count+1 if [ $server_count = 1 ]; then - iptables -N SSR-SERVER-RULE && + if ! (iptables-save -t filter | grep SSR-SERVER-RULE >/dev/null); then + iptables -N SSR-SERVER-RULE && \ iptables -t filter -I INPUT -j SSR-SERVER-RULE + fi fi gen_service_file $1 /var/etc/${NAME}_${server_count}.json @@ -527,8 +541,9 @@ start_local() { lua /usr/share/vssr/genconfig_v2ray_s.lua >$CONFIG_SOCK5_FILE sed -i 's/\\//g' $config_file - - /usr/bin/v2ray/v2ray -config $CONFIG_SOCK5_FILE >/dev/null 2>&1 & + socksbin=$(find_bin "v2ray") + echo $socksbin + $socksbin -config $CONFIG_SOCK5_FILE >/dev/null 2>&1 & local_enable=1 } @@ -551,34 +566,39 @@ start() { GLOBAL_SERVER=$switch_server switch_enable=1 fi - if rules; then - start_redir - - mkdir -p /tmp/dnsmasq.d \ - && cp -a /etc/vssr/gfw_list.conf /tmp/dnsmasq.ssr \ - && cp -a /etc/vssr/gfw_base.conf /tmp/dnsmasq.ssr \ - && cp -a /etc/vssr/ad.conf /tmp/dnsmasq.ssr \ - && cp -a /etc/vssr/oversea_list.conf /tmp/dnsmasq.oversea - - if ! [ "$run_mode" = "oversea" ]; then - cat >/tmp/dnsmasq.d/dnsmasq-ssr.conf </tmp/dnsmasq.d/dnsmasq-ssr.conf </tmp/dnsmasq.d/dnsmasq-ssr.conf </tmp/dnsmasq.d/dnsmasq-ssr.conf </dev/null 2>&1 - fi + /etc/init.d/dnsmasq restart >/dev/null 2>&1 start_server start_local if [ $scount != "0" ]; then @@ -615,10 +635,10 @@ stop() { if [ $(uci_get_by_type global monitor_enable) = 1 ]; then kill -9 $(busybox ps -w | grep vssr-monitor | grep -v grep | awk '{print $1}') >/dev/null 2>&1 fi - killall -q -9 ss-redir ss-local obfs-local ssr-redir ssr-local ssr-server v2ray v2ray-plugin trojan microsocks ipt2socks dns2socks redsocks2 pdnsd xray + killall -q -9 ss-redir ss-local obfs-local ssr-redir ssr-local ssr-server v2ray v2ray-plugin xray trojan microsocks ipt2socks dns2socks pdnsd if [ -f "/tmp/dnsmasq.d/dnsmasq-ssr.conf" ]; then - rm -f /tmp/dnsmasq.d/dnsmasq-ssr.conf + rm -f /tmp/dnsmasq.d/dnsmasq-ssr.conf /tmp/dnsmasq.ssr /tmp/dnsmasq.oversea /etc/init.d/dnsmasq restart >/dev/null 2>&1 fi del_cron diff --git a/package/ctcgfw/luci-app-vssr/root/etc/vssr/black.list b/package/ctcgfw/luci-app-vssr/root/etc/vssr/black.list index cb58ecb1db..dd852d6fb5 100644 --- a/package/ctcgfw/luci-app-vssr/root/etc/vssr/black.list +++ b/package/ctcgfw/luci-app-vssr/root/etc/vssr/black.list @@ -1,25 +1,4 @@ api.ipify.org -fast.com -netflix.ca -netflix.com -netflix.net -netflixinvestor.com -netflixtechblog.com -nflxext.com -nflximg.com -nflximg.net -nflxsearch.net -nflxso.net -nflxvideo.net -amazonprimevideos.com -amazonvideo.cc -amazonvideo.com -prime-video.com -primevideo.cc -primevideo.com -primevideo.info -primevideo.org -primevideo.tv v2fly.org github.com -raw.githubusercontent.com +raw.githubusercontent.com \ No newline at end of file diff --git a/package/ctcgfw/luci-app-vssr/root/etc/vssr/custom_domain.list b/package/ctcgfw/luci-app-vssr/root/etc/vssr/custom_domain.list new file mode 100644 index 0000000000..e69de29bb2 diff --git a/package/ctcgfw/luci-app-vssr/root/etc/vssr/disney_domain.list b/package/ctcgfw/luci-app-vssr/root/etc/vssr/disney_domain.list new file mode 100644 index 0000000000..08a6f52dcd --- /dev/null +++ b/package/ctcgfw/luci-app-vssr/root/etc/vssr/disney_domain.list @@ -0,0 +1,6 @@ +cdn.registerdisney.go.com +disneyplus.com +disney-plus.net +dssott.com +bamgrid.com +execute-api.us-east-1.amazonaws.com \ No newline at end of file diff --git a/package/ctcgfw/luci-app-vssr/root/etc/vssr/netflix_domain.list b/package/ctcgfw/luci-app-vssr/root/etc/vssr/netflix_domain.list new file mode 100644 index 0000000000..40ad124b30 --- /dev/null +++ b/package/ctcgfw/luci-app-vssr/root/etc/vssr/netflix_domain.list @@ -0,0 +1,22 @@ +fast.com +netflix.ca +netflix.com +netflix.net +netflixinvestor.com +netflixtechblog.com +nflxext.com +nflximg.com +nflximg.net +nflxsearch.net +nflxso.net +nflxvideo.net +netflixdnstest0.com +netflixdnstest1.com +netflixdnstest2.com +netflixdnstest3.com +netflixdnstest4.com +netflixdnstest5.com +netflixdnstest6.com +netflixdnstest7.com +netflixdnstest8.com +netflixdnstest9.com \ No newline at end of file diff --git a/package/ctcgfw/luci-app-vssr/root/etc/vssr/prime_domain.list b/package/ctcgfw/luci-app-vssr/root/etc/vssr/prime_domain.list new file mode 100644 index 0000000000..a5d1446e6c --- /dev/null +++ b/package/ctcgfw/luci-app-vssr/root/etc/vssr/prime_domain.list @@ -0,0 +1,12 @@ +aiv-cdn.net +amazonaws.com +amazonvideo.com +llnwd.net +amazonprimevideos.com +amazonvideo.cc +prime-video.com +primevideo.cc +primevideo.com +primevideo.info +primevideo.org +primevideo.tv \ No newline at end of file diff --git a/package/ctcgfw/luci-app-vssr/root/etc/vssr/tvb_domain.list b/package/ctcgfw/luci-app-vssr/root/etc/vssr/tvb_domain.list new file mode 100644 index 0000000000..7e7accf408 --- /dev/null +++ b/package/ctcgfw/luci-app-vssr/root/etc/vssr/tvb_domain.list @@ -0,0 +1,2 @@ +tvsuper.com +tvb.com \ No newline at end of file diff --git a/package/ctcgfw/luci-app-vssr/root/etc/vssr/tw_video_domain.list b/package/ctcgfw/luci-app-vssr/root/etc/vssr/tw_video_domain.list new file mode 100644 index 0000000000..854bf3a531 --- /dev/null +++ b/package/ctcgfw/luci-app-vssr/root/etc/vssr/tw_video_domain.list @@ -0,0 +1,12 @@ +vidol.tv +hinet.net +books.com +litv.tv +pstatic.net +app-measurement.com +kktv.com.tw +gamer.com.tw +wetv.vip +kktv.me +myvideo.net.tw +kk.stream \ No newline at end of file diff --git a/package/ctcgfw/luci-app-vssr/root/etc/vssr/youtube_domain.list b/package/ctcgfw/luci-app-vssr/root/etc/vssr/youtube_domain.list new file mode 100644 index 0000000000..4b309748e5 --- /dev/null +++ b/package/ctcgfw/luci-app-vssr/root/etc/vssr/youtube_domain.list @@ -0,0 +1,14 @@ +youtube +ggpht.com +googlevideo.com +withyoutube.com +youtu.be +youtube-nocookie.com +youtube.com +youtubeeducation.com +youtubegaming.com +youtubei.googleapis.com +youtubekids.com +youtubemobilesupport.com +yt.be +ytimg.com \ No newline at end of file diff --git a/package/ctcgfw/luci-app-vssr/root/usr/bin/vssr-rules b/package/ctcgfw/luci-app-vssr/root/usr/bin/vssr-rules index c11cc1430e..ddf79f2206 100755 --- a/package/ctcgfw/luci-app-vssr/root/usr/bin/vssr-rules +++ b/package/ctcgfw/luci-app-vssr/root/usr/bin/vssr-rules @@ -75,6 +75,8 @@ flush_r() { ipset_r() { ipset -N gmlan hash:net 2>/dev/null + $IPT -N SS_SPEC_WAN_AC + $IPT -I SS_SPEC_WAN_AC -p tcp ! --dport 53 -d $server -j RETURN for ip in $LAN_GM_IP; do ipset -! add gmlan $ip; done case "$RUNMODE" in router) @@ -83,31 +85,25 @@ ipset_r() { $(gen_iplist | sed -e "s/^/add ss_spec_wan_ac /") EOF ipset -N gfwlist hash:net 2>/dev/null - $IPT -N SS_SPEC_WAN_AC - $IPT -I SS_SPEC_WAN_AC -p tcp ! --dport 53 -d $server -j RETURN $IPT -A SS_SPEC_WAN_AC -m set --match-set ss_spec_wan_ac dst -j RETURN - $IPT -A SS_SPEC_WAN_AC -j SS_SPEC_WAN_FW + $IPT -A SS_SPEC_WAN_AC -m set --match-set gmlan src -m set ! --match-set china dst -j SS_SPEC_WAN_FW + $IPT -A SS_SPEC_WAN_AC -m set --match-set china dst -j RETURN + $IPT -A SS_SPEC_WAN_AC -j SS_SPEC_WAN_FW ;; gfw) ipset -N gfwlist hash:net 2>/dev/null - $IPT -N SS_SPEC_WAN_AC $IPT -A SS_SPEC_WAN_AC -m set --match-set gfwlist dst -j SS_SPEC_WAN_FW $IPT -A SS_SPEC_WAN_AC -m set --match-set gmlan src -m set ! --match-set china dst -j SS_SPEC_WAN_FW $IPT -A SS_SPEC_WAN_AC -m set --match-set china dst -j RETURN - $IPT -I SS_SPEC_WAN_AC -p tcp ! --dport 53 -d $server -j RETURN ;; oversea) ipset -N oversea hash:net 2>/dev/null - $IPT -N SS_SPEC_WAN_AC - ipset -N gmlan hash:net 2>/dev/null - for ip in $LAN_GM_IP; do ipset -! add gmlan $ip; done + $IPT -I SS_SPEC_WAN_AC -m set --match-set oversea dst -j SS_SPEC_WAN_FW + $IPT -A SS_SPEC_WAN_AC -m set --match-set gmlan src -j SS_SPEC_WAN_FW $IPT -A SS_SPEC_WAN_AC -m set --match-set china dst -j SS_SPEC_WAN_FW - $IPT -I SS_SPEC_WAN_AC -p tcp ! --dport 53 -d $server -j RETURN ;; all) - $IPT -N SS_SPEC_WAN_AC $IPT -A SS_SPEC_WAN_AC -j SS_SPEC_WAN_FW - $IPT -I SS_SPEC_WAN_AC -p tcp ! --dport 53 -d $server -j RETURN ;; esac diff --git a/package/ctcgfw/luci-app-vssr/root/usr/share/vssr/genconfig_trojan.lua b/package/ctcgfw/luci-app-vssr/root/usr/share/vssr/genconfig_trojan.lua index e8a8223b5a..875813dc08 100644 --- a/package/ctcgfw/luci-app-vssr/root/usr/share/vssr/genconfig_trojan.lua +++ b/package/ctcgfw/luci-app-vssr/root/usr/share/vssr/genconfig_trojan.lua @@ -19,7 +19,7 @@ local trojan = { -- 传出连接 ssl = { verify = (server.insecure == '0') and true or false, - verify_hostname = (server.tls == '1') and false or true, + verify_hostname = (server.tls == '1') and true or false, cert = '', cipher = 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA', cipher_tls13 = 'TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384', diff --git a/package/ctcgfw/luci-app-vssr/root/usr/share/vssr/genconfig_v2ray.lua b/package/ctcgfw/luci-app-vssr/root/usr/share/vssr/genconfig_v2ray.lua index 2ad6641823..c1c8ccdc1b 100755 --- a/package/ctcgfw/luci-app-vssr/root/usr/share/vssr/genconfig_v2ray.lua +++ b/package/ctcgfw/luci-app-vssr/root/usr/share/vssr/genconfig_v2ray.lua @@ -7,31 +7,34 @@ local local_port = arg[3] local outbounds_table = {} local rules_table = {} +function read_conf(file) + local rfile = io.open(file, "r") + local ltable = {} + for line in rfile:lines() do + local re = string.gsub(line, "\r", "") + table.insert(ltable,re) + end + local rtable = next(ltable) ~= nil and ltable or nil + return rtable +end local v2ray_flow = ucursor:get_first(name, 'global', 'v2ray_flow', '0') -local proxy_domain_name = ucursor:get_list(name, '@access_control[0]', 'proxy_domain_name') + +local custom_domain = read_conf("/etc/vssr/custom_domain.list") +local youtube_domain = read_conf("/etc/vssr/youtube_domain.list") +local tw_video_domain = read_conf("/etc/vssr/tw_video_domain.list") +local netflix_domain = read_conf("/etc/vssr/netflix_domain.list") +local disney_domain = read_conf("/etc/vssr/disney_domain.list") +local prime_domain = read_conf("/etc/vssr/prime_domain.list") +local tvb_domain = read_conf("/etc/vssr/tvb_domain.list") + local flow_table = { yotube = { name = 'youtube', port = 2081, rules = { type = 'field', - domain = { - 'youtube', - 'ggpht.com', - 'googlevideo.com', - 'withyoutube.com', - 'youtu.be', - 'youtube-nocookie.com', - 'youtube.com', - 'youtubeeducation.com', - 'youtubegaming.com', - 'youtubei.googleapis.com', - 'youtubekids.com', - 'youtubemobilesupport.com', - 'yt.be', - 'ytimg.com' - }, + domain = youtube_domain, outboundTag = 'youtube' } }, @@ -40,19 +43,7 @@ local flow_table = { port = 2082, rules = { type = 'field', - domain = { - 'vidol.tv', - 'hinet.net', - 'books.com', - 'litv.tv', - 'pstatic.net', - 'app-measurement.com', - 'kktv.com.tw', - 'gamer.com.tw', - 'wetv.vip', - 'kktv.me', - 'myvideo.net.tw' - }, + domain = tw_video_domain, outboundTag = 'tw_video' } }, @@ -61,30 +52,7 @@ local flow_table = { port = 2083, rules = { type = 'field', - domain = { - 'fast.com', - 'netflix.ca', - 'netflix.com', - 'netflix.net', - 'netflixinvestor.com', - 'netflixtechblog.com', - 'nflxext.com', - 'nflximg.com', - 'nflximg.net', - 'nflxsearch.net', - 'nflxso.net', - 'nflxvideo.net', - 'netflixdnstest0.com', - 'netflixdnstest1.com', - 'netflixdnstest2.com', - 'netflixdnstest3.com', - 'netflixdnstest4.com', - 'netflixdnstest5.com', - 'netflixdnstest6.com', - 'netflixdnstest7.com', - 'netflixdnstest8.com', - 'netflixdnstest9.com' - }, + domain = netflix_domain, outboundTag = 'netflix' } }, @@ -93,14 +61,7 @@ local flow_table = { port = 2084, rules = { type = 'field', - domain = { - 'cdn.registerdisney.go.com', - 'disneyplus.com', - 'disney-plus.net', - 'dssott.com', - 'bamgrid.com', - 'execute-api.us-east-1.amazonaws.com' - }, + domain = disney_domain, outboundTag = 'disney' } }, @@ -109,20 +70,7 @@ local flow_table = { port = 2085, rules = { type = 'field', - domain = { - 'aiv-cdn.net', - 'amazonaws.com', - 'amazonvideo.com', - 'llnwd.net', - 'amazonprimevideos.com', - 'amazonvideo.cc', - 'prime-video.com', - 'primevideo.cc', - 'primevideo.com', - 'primevideo.info', - 'primevideo.org', - 'primevideo.tv' - }, + domain = prime_domain, outboundTag = 'prime' } }, @@ -131,7 +79,7 @@ local flow_table = { port = 2086, rules = { type = 'field', - domain = {'tvsuper.com', 'tvb.com'}, + domain = tvb_domain, outboundTag = 'tvb' } }, @@ -140,7 +88,7 @@ local flow_table = { port = 2087, rules = { type = 'field', - domain = proxy_domain_name, + domain = custom_domain, outboundTag = 'custom' } } @@ -174,14 +122,6 @@ function gen_outbound(server_node, tags, local_ports) bound = nil else local server = ucursor:get_all(name, server_node) - local outbound_security = "none" - if (server.xtls == '1') then - outbound_security = "xtls" - elseif (server.tls == '1') then - outbound_security = "tls" - elseif (server.tls == "0") then - outbound_security = "none" - end local node_type = server.type == "vless" and "vless" or "vmess" if server.type ~= 'v2ray' and server.type ~= 'vless' then @@ -218,9 +158,9 @@ function gen_outbound(server_node, tags, local_ports) -- 底层传输配置 streamSettings = { network = server.transport, - security = outbound_security, - tlsSettings = (outbound_security == "tls") and {allowInsecure = (server.insecure ~= "0") and true or false,serverName=server.tls_host,} or nil, - xtlsSettings = (outbound_security == "xtls") and {allowInsecure = (server.insecure ~= "0") and true or false,serverName=server.tls_host,} or nil, + security = (server.tls == '1') and ((server.xtls == '1') and "xtls" or "tls") or "none", + tlsSettings = (server.tls == '1' and server.xtls ~= '1') and {allowInsecure = (server.insecure ~= "0") and true or false,serverName=server.tls_host,} or nil, + xtlsSettings = (server.xtls == '1') and {allowInsecure = (server.insecure ~= "0") and true or false,serverName=server.tls_host,} or nil, kcpSettings = (server.transport == 'kcp') and { mtu = tonumber(server.mtu), @@ -271,10 +211,12 @@ end if v2ray_flow == '1' then table.insert(outbounds_table, gen_outbound(server_section, 'global', 2080)) - for i, v in pairs(flow_table) do - local server = ucursor:get_first(name, 'global', v.name .. '_server') - table.insert(outbounds_table, gen_outbound(server, v.name, v.port)) - table.insert(rules_table, (server ~= nil and server ~= 'nil') and v.rules or nil) + for _, v in pairs(flow_table) do + if(v.rules.domain ~= nil) then + local server = ucursor:get_first(name, 'global', v.name .. '_server') + table.insert(outbounds_table, gen_outbound(server, v.name, v.port)) + table.insert(rules_table, (server ~= nil and server ~= 'nil' ) and v.rules or nil) + end end else table.insert(outbounds_table, gen_outbound(server_section, 'main', local_port)) diff --git a/package/ctcgfw/luci-app-vssr/root/usr/share/vssr/gfw2ipset.sh b/package/ctcgfw/luci-app-vssr/root/usr/share/vssr/gfw2ipset.sh index 642ce61630..cce3006da1 100755 --- a/package/ctcgfw/luci-app-vssr/root/usr/share/vssr/gfw2ipset.sh +++ b/package/ctcgfw/luci-app-vssr/root/usr/share/vssr/gfw2ipset.sh @@ -1,6 +1,12 @@ #!/bin/sh . /lib/functions.sh +uci_get_by_type() { + local ret=$(uci get vssr.@$1[0].$2 2>/dev/null) + echo ${ret:=$3} +} +v2ray_flow=$(uci_get_by_type global v2ray_flow) + mkdir -p /tmp/dnsmasq.ssr awk '!/^$/&&!/^#/{printf("ipset=/.%s/'"gfwlist"'\n",$0)}' /etc/vssr/gfw.list >/tmp/dnsmasq.ssr/custom_forward.conf @@ -11,6 +17,27 @@ awk '!/^$/&&!/^#/{printf("server=/.%s/'"127.0.0.1#5335"'\n",$0)}' /etc/vssr/blac awk '!/^$/&&!/^#/{printf("ipset=/.%s/'"whitelist"'\n",$0)}' /etc/vssr/white.list >/tmp/dnsmasq.ssr/whitelist_forward.conf +if [ "$v2ray_flow" = "1" ]; then + + awk '!/^$/&&!/^#/{printf("ipset=/.%s/'"blacklist"'\n",$0)}' /etc/vssr/tw_video_domain.list >>/tmp/dnsmasq.ssr/blacklist_forward.conf + awk '!/^$/&&!/^#/{printf("server=/.%s/'"127.0.0.1#5335"'\n",$0)}' /etc/vssr/tw_video_domain.list >>/tmp/dnsmasq.ssr/blacklist_forward.conf + + awk '!/^$/&&!/^#/{printf("ipset=/.%s/'"blacklist"'\n",$0)}' /etc/vssr/netflix_domain.list >>/tmp/dnsmasq.ssr/blacklist_forward.conf + awk '!/^$/&&!/^#/{printf("server=/.%s/'"127.0.0.1#5335"'\n",$0)}' /etc/vssr/netflix_domain.list >>/tmp/dnsmasq.ssr/blacklist_forward.conf + + awk '!/^$/&&!/^#/{printf("ipset=/.%s/'"blacklist"'\n",$0)}' /etc/vssr/disney_domain.list >>/tmp/dnsmasq.ssr/blacklist_forward.conf + awk '!/^$/&&!/^#/{printf("server=/.%s/'"127.0.0.1#5335"'\n",$0)}' /etc/vssr/disney_domain.list >>/tmp/dnsmasq.ssr/blacklist_forward.conf + + awk '!/^$/&&!/^#/{printf("ipset=/.%s/'"blacklist"'\n",$0)}' /etc/vssr/prime_domain.list >>/tmp/dnsmasq.ssr/blacklist_forward.conf + awk '!/^$/&&!/^#/{printf("server=/.%s/'"127.0.0.1#5335"'\n",$0)}' /etc/vssr/prime_domain.list >>/tmp/dnsmasq.ssr/blacklist_forward.conf + + awk '!/^$/&&!/^#/{printf("ipset=/.%s/'"blacklist"'\n",$0)}' /etc/vssr/tvb_domain.list >>/tmp/dnsmasq.ssr/blacklist_forward.conf + awk '!/^$/&&!/^#/{printf("server=/.%s/'"127.0.0.1#5335"'\n",$0)}' /etc/vssr/tvb_domain.list >>/tmp/dnsmasq.ssr/blacklist_forward.conf + + awk '!/^$/&&!/^#/{printf("ipset=/.%s/'"blacklist"'\n",$0)}' /etc/vssr/custom_domain.list >>/tmp/dnsmasq.ssr/blacklist_forward.conf + awk '!/^$/&&!/^#/{printf("server=/.%s/'"127.0.0.1#5335"'\n",$0)}' /etc/vssr/custom_domain.list >>/tmp/dnsmasq.ssr/blacklist_forward.conf +fi + function valid_ip() { ip=$1 read_ip=$(echo $ip | awk -F. '$1<=255&&$2<=255&&$3<=255&&$4<=255{print "yes"}') diff --git a/package/lean/xray/Makefile b/package/lean/xray/Makefile index 6bdbabb998..71ed3ad709 100644 --- a/package/lean/xray/Makefile +++ b/package/lean/xray/Makefile @@ -9,13 +9,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=xray -PKG_VERSION:=1.1.2 +PKG_VERSION:=1.1.3 PKG_RELEASE:=1 PKG_BUILD_DIR:=$(BUILD_DIR)/Xray-core-$(PKG_VERSION) PKG_SOURCE:=xray-core-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/XTLS/xray-core/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=6ec14856fe9966a118fc0854696ec54c08ce478cb937a75fae74072c945dcb42 +PKG_HASH:=cc6d2e25dcd710e26092bf84cd9ce65d5c6efd0e60014210fa03cf0297b83eb0 PKG_LICENSE:=MPL PKG_LICENSE_FILES:=LICENSE diff --git a/package/libs/libcxx/Makefile b/package/libs/libcxx/Makefile deleted file mode 100644 index 3809bea651..0000000000 --- a/package/libs/libcxx/Makefile +++ /dev/null @@ -1,66 +0,0 @@ - -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -include $(TOPDIR)/rules.mk - -PKG_NAME:=libcxx -PKG_VERSION:=10.0.0 -PKG_RELEASE:=1 - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).src.tar.xz -PKG_SOURCE_URL:=https://github.com/llvm/llvm-project/releases/download/llvmorg-$(PKG_VERSION) -PKG_HASH:=270f8a3f176f1981b0f6ab8aa556720988872ec2b48ed3b605d0ced8d09156c7 -PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION).src - -PKG_MAINTAINER:=Rosen Penev -PKG_LICENSE:=MIT -PKG_LICENSE_FILES:=LICENSE.txt - -PKG_BUILD_PARALLEL:=1 -PKG_BUILD_DEPENDS:=libcxxabi -CMAKE_BINARY_SUBDIR:=build - -include $(INCLUDE_DIR)/package.mk -include $(INCLUDE_DIR)/cmake.mk - -define Package/libcxx - SECTION:=libs - CATEGORY:=Libraries - TITLE:=LLVM libstdc++ - URL:=https://libcxx.llvm.org/ - DEPENDS:=+libatomic +libpthread -endef - -define Package/libcxx/description - libc++ is an implementation of the C++ standard library, targeting C++11, C++14 and above. -endef - -CMAKE_OPTIONS += \ - -DLIBCXX_CXX_ABI="libcxxabi" \ - -DLIBCXX_ENABLE_ASSERTIONS=OFF \ - -DLIBCXX_ENABLE_EXPERIMENTAL_LIBRARY=OFF \ - -DLIBCXX_INCLUDE_BENCHMARKS=OFF \ - -DLIBCXX_INCLUDE_DOCS=OFF \ - -DLIBCXX_INCLUDE_TESTS=OFF \ - -DLIBCXX_LIBDIR_SUFFIX="" \ - -DLIBCXX_STANDALONE_BUILD=ON \ - -DLIBCXX_HAS_MUSL_LIBC=$(if $(CONFIG_USE_MUSL),ON,OFF) - -TARGET_CXXFLAGS += -D_LIBCPP_DISABLE_DEPRECATION_WARNINGS -Wno-attributes -flto -TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed - -define Build/InstallDev - $(call Build/InstallDev/cmake,$(1)) - $(CP) files/g++-libcxx $(TOOLCHAIN_DIR)/bin/ - $(SED) 's,CXX,$(TARGET_CXX),g' $(TOOLCHAIN_DIR)/bin/g++-libcxx -endef - -define Package/libcxx/install - $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/libc++.so.* $(1)/usr/lib/ -endef - -$(eval $(call BuildPackage,libcxx)) diff --git a/package/libs/libcxx/files/g++-libcxx b/package/libs/libcxx/files/g++-libcxx deleted file mode 100755 index 88b3e7da01..0000000000 --- a/package/libs/libcxx/files/g++-libcxx +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh - -WRAPPER_INCLUDEDIR="-I$STAGING_DIR/usr/include/c++/v1" -WRAPPER_LIBDIR="-L$STAGING_DIR/usr/lib" -WRAPPER_LIBS="-lc -lgcc_s -lssp_nonshared" - -WRAPPER_OPTIONS="" -WRAPPER_INCLIB="Y" -for arg -do - case "$arg" in - -c|-E|-S) WRAPPER_INCLIB="N" ;; - -static) [ "$WRAPPER_LIBS" != "-lc -lgcc_s -lssp_nonshared -lgcc_eh" ] && WRAPPER_LIBS="-lc -lgcc_s -lssp_nonshared -lgcc_eh" ;; - esac -done -[ "$WRAPPER_INCLIB" = "Y" ] && WRAPPER_OPTIONS="-nodefaultlibs $WRAPPER_LIBDIR -lc++ -lc++abi $WRAPPER_LIBS" - -exec CXX -nostdinc++ -DGCC_HASCLASSVISIBILITY "$WRAPPER_INCLUDEDIR" "$@" $WRAPPER_OPTIONS - diff --git a/package/libs/libcxx/patches/010-ssp.patch b/package/libs/libcxx/patches/010-ssp.patch deleted file mode 100644 index f83c7b9b56..0000000000 --- a/package/libs/libcxx/patches/010-ssp.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -760,6 +760,10 @@ function(cxx_link_system_libraries targe - target_link_libraries(${target} PRIVATE atomic) - endif() - -+ if (LIBCXX_HAS_MUSL_LIBC) -+ target_link_libraries(${target} PRIVATE ssp_nonshared) -+ endif() -+ - if (MINGW) - target_link_libraries(${target} PRIVATE "${MINGW_LIBRARIES}") - endif() diff --git a/package/libs/libcxxabi/Makefile b/package/libs/libcxxabi/Makefile deleted file mode 100644 index 90547561b2..0000000000 --- a/package/libs/libcxxabi/Makefile +++ /dev/null @@ -1,71 +0,0 @@ - -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -include $(TOPDIR)/rules.mk - -PKG_NAME:=libcxxabi -PKG_VERSION:=10.0.0 -PKG_RELEASE:=1 - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).src.tar.xz -PKG_SOURCE_URL:=https://github.com/llvm/llvm-project/releases/download/llvmorg-$(PKG_VERSION) -PKG_HASH:=e71bac75a88c9dde455ad3f2a2b449bf745eafd41d2d8432253b2964e0ca14e1 -PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION).src - -PKG_MAINTAINER:=Rosen Penev -PKG_LICENSE:=MIT -PKG_LICENSE_FILES:=LICENSE.txt - -PKG_BUILD_PARALLEL:=1 -CMAKE_BINARY_SUBDIR:=build - -include $(INCLUDE_DIR)/package.mk -include $(INCLUDE_DIR)/cmake.mk - -define Package/libcxxabi - SECTION:=libs - CATEGORY:=Libraries - TITLE:=LLVM lib++abi - URL:=https://libcxxabi.llvm.org/ - DEPENDS:=+libpthread - BUILDONLY:=1 -endef - -define Package/libcxxabi/description - libc++abi is a new implementation of low level support for a standard C++ library. -endef - -CMAKE_OPTIONS += \ - -DLIBCXXABI_ENABLE_EXCEPTIONS=ON \ - -DLIBCXXABI_ENABLE_PEDANTIC=OFF \ - -DLIBCXXABI_ENABLE_PIC=ON \ - -DLIBCXXABI_ENABLE_WERROR=OFF \ - -DLIBCXXABI_USE_LLVM_UNWINDER=OFF \ - -DLIBCXXABI_USE_COMPILER_RT=OFF \ - -DLIBCXXABI_ENABLE_THREADS=ON \ - -DLIBCXXABI_HAS_PTHREAD_API=ON \ - -DLIBCXXABI_INCLUDE_TESTS=OFF \ - -DLIBCXXABI_LIBDIR_SUFFIX="" \ - -DLIBCXXABI_INSTALL_LIBRARY=ON \ - -DLIBCXXABI_ENABLE_SHARED=OFF \ - -DLIBCXXABI_LIBCXX_SRC_DIR=$(BUILD_DIR)/libcxx-$(PKG_VERSION).src \ - -DLIBCXXABI_LIBCXX_INCLUDES=$(BUILD_DIR)/libcxx-$(PKG_VERSION).src/include - -TARGET_CXXFLAGS += -flto -TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed - -define Build/Prepare - $(MAKE) -C $(TOPDIR)/package/libs/libcxx prepare - $(call Build/Prepare/Default) -endef - -define Build/InstallDev - $(call Build/InstallDev/cmake,$(1)) - $(INSTALL_DIR) $(1)/usr/include/ - $(INSTALL_DATA) $(PKG_BUILD_DIR)/include/*.h $(1)/usr/include/ -endef - -$(eval $(call BuildPackage,libcxxabi)) diff --git a/package/libs/libcxxabi/patches/010-arm.patch b/package/libs/libcxxabi/patches/010-arm.patch deleted file mode 100644 index b14609dc62..0000000000 --- a/package/libs/libcxxabi/patches/010-arm.patch +++ /dev/null @@ -1,27 +0,0 @@ ---- a/src/cxa_exception.h -+++ b/src/cxa_exception.h -@@ -27,6 +27,13 @@ _LIBCXXABI_HIDDEN uint64_t __getExceptio - _LIBCXXABI_HIDDEN void __setExceptionClass ( _Unwind_Exception*, uint64_t); - _LIBCXXABI_HIDDEN bool __isOurExceptionClass(const _Unwind_Exception*); - -+#if defined(__arm__) && defined(__GNUC__) -+// missing values from _Unwind_Reason_Code enum -+#define _URC_FATAL_PHASE2_ERROR ((_Unwind_Reason_Code)2) -+#define _URC_FATAL_PHASE1_ERROR ((_Unwind_Reason_Code)3) -+#define _URC_NORMAL_STOP ((_Unwind_Reason_Code)4) -+#endif -+ - struct _LIBCXXABI_HIDDEN __cxa_exception { - #if defined(__LP64__) || defined(_WIN64) || defined(_LIBCXXABI_ARM_EHABI) - // Now _Unwind_Exception is marked with __attribute__((aligned)), ---- a/src/cxa_personality.cpp -+++ b/src/cxa_personality.cpp -@@ -1108,7 +1108,7 @@ __gxx_personality_v0(_Unwind_State state - - // Check the undocumented force unwinding behavior - bool is_force_unwinding = state & _US_FORCE_UNWIND; -- state &= ~_US_FORCE_UNWIND; -+ state = (_Unwind_State)(state & ~_US_FORCE_UNWIND); - - scan_results results; - switch (state) { diff --git a/package/libs/lzo/Makefile b/package/libs/lzo/Makefile deleted file mode 100644 index 09885e8d9b..0000000000 --- a/package/libs/lzo/Makefile +++ /dev/null @@ -1,61 +0,0 @@ -# -# Copyright (C) 2006-2016 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -include $(TOPDIR)/rules.mk - -PKG_NAME:=lzo -PKG_VERSION:=2.10 -PKG_RELEASE:=4 - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=http://www.oberhumer.com/opensource/lzo/download/ -PKG_HASH:=c0f892943208266f9b6543b3ae308fab6284c5c90e627931446fb49b4221a072 - -PKG_LICENSE:=GPL-2.0-or-later -PKG_LICENSE_FILES:=COPYING - -PKG_BUILD_PARALLEL:=1 -CMAKE_BINARY_SUBDIR:=openwrt-build - -include $(INCLUDE_DIR)/package.mk -include $(INCLUDE_DIR)/cmake.mk - -define Package/liblzo - SECTION:=libs - CATEGORY:=Libraries - TITLE:=A real-time data compression library - URL:=http://www.oberhumer.com/opensource/lzo/ - ABI_VERSION:=2 -endef - -define Package/liblzo/description - LZO is a data compression library which is suitable for data de-/compression - in real-time. This means it favours speed over compression ratio. -endef - -CMAKE_OPTIONS += \ - -DENABLE_SHARED=ON \ - -DENABLE_STATIC=ON \ - \ - -DBUILD_TESTING=OFF \ - -DCMAKE_SKIP_INSTALL_RPATH=ON - -define Build/InstallDev - $(INSTALL_DIR) $(1)/usr/include $(1)/usr/lib $(1)/usr/lib/pkgconfig - $(CP) $(PKG_INSTALL_DIR)/usr/include/lzo $(1)/usr/include/ - $(CP) $(PKG_INSTALL_DIR)/usr/lib/liblzo2.{a,so*} $(1)/usr/lib/ - $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/lzo2.pc $(1)/usr/lib/pkgconfig - $(SED) 's,/usr/include,$$$${prefix}/include,g' $(1)/usr/lib/pkgconfig/lzo2.pc - $(SED) 's,/usr/lib,$$$${exec_prefix}/lib,g' $(1)/usr/lib/pkgconfig/lzo2.pc -endef - -define Package/liblzo/install - $(INSTALL_DIR) $(1)/usr/lib - $(CP) $(PKG_INSTALL_DIR)/usr/lib/liblzo2.so.* $(1)/usr/lib/ -endef - -$(eval $(call BuildPackage,liblzo)) diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile index dc8ca2b262..6758f7dd08 100644 --- a/package/libs/wolfssl/Makefile +++ b/package/libs/wolfssl/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=wolfssl PKG_VERSION:=4.5.0-stable -PKG_RELEASE:=2 +PKG_RELEASE:=5 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION) @@ -61,9 +61,12 @@ TARGET_LDFLAGS += -flto # --enable-stunnel needed for OpenSSL API compatibility bits CONFIGURE_ARGS += \ + --enable-lighty \ + --enable-opensslall \ --enable-opensslextra \ --enable-sni \ --enable-stunnel \ + --disable-crypttests \ --disable-examples \ --disable-jobserver \ --$(if $(CONFIG_IPV6),enable,disable)-ipv6 \ diff --git a/package/libs/wolfssl/patches/200-fix-checkhostname-matching.patch b/package/libs/wolfssl/patches/200-fix-checkhostname-matching.patch new file mode 100644 index 0000000000..aaf14e46d9 --- /dev/null +++ b/package/libs/wolfssl/patches/200-fix-checkhostname-matching.patch @@ -0,0 +1,123 @@ +From ea5c290d605b2af7b10d6e5ce69aa3534f52385f Mon Sep 17 00:00:00 2001 +From: Eric Blankenhorn +Date: Fri, 17 Jul 2020 08:37:02 -0500 +Subject: [PATCH] Fix CheckHostName matching + +--- + src/internal.c | 18 ++++++++++++------ + src/ssl.c | 5 +++++ + tests/api.c | 30 ++++++++++++++++++++++++++++++ + 3 files changed, 47 insertions(+), 6 deletions(-) + +diff --git a/src/internal.c b/src/internal.c +index dc57df0242..cda815d875 100644 +--- a/src/internal.c ++++ b/src/internal.c +@@ -9346,7 +9346,7 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN) + altName = dCert->altNames; + + if (checkCN != NULL) { +- *checkCN = altName == NULL; ++ *checkCN = (altName == NULL) ? 1 : 0; + } + + while (altName) { +@@ -9415,23 +9415,29 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, int* checkCN) + int CheckHostName(DecodedCert* dCert, const char *domainName, size_t domainNameLen) + { + int checkCN; ++ int ret = DOMAIN_NAME_MISMATCH; + + /* Assume name is NUL terminated. */ + (void)domainNameLen; + + if (CheckForAltNames(dCert, domainName, &checkCN) != 1) { +- WOLFSSL_MSG("DomainName match on alt names failed too"); +- return DOMAIN_NAME_MISMATCH; ++ WOLFSSL_MSG("DomainName match on alt names failed"); + } ++ else { ++ ret = 0; ++ } ++ + if (checkCN == 1) { + if (MatchDomainName(dCert->subjectCN, dCert->subjectCNLen, +- domainName) == 0) { ++ domainName) == 1) { ++ ret = 0; ++ } ++ else { + WOLFSSL_MSG("DomainName match on common name failed"); +- return DOMAIN_NAME_MISMATCH; + } + } + +- return 0; ++ return ret; + } + + int CheckIPAddr(DecodedCert* dCert, const char* ipasc) +diff --git a/src/ssl.c b/src/ssl.c +index 11bc08a3cb..59ad9bae60 100644 +--- a/src/ssl.c ++++ b/src/ssl.c +@@ -43661,6 +43661,11 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen, + (void)flags; + (void)peername; + ++ if ((x == NULL) || (chk == NULL)) { ++ WOLFSSL_MSG("Invalid parameter"); ++ return WOLFSSL_FAILURE; ++ } ++ + if (flags == WOLFSSL_NO_WILDCARDS) { + WOLFSSL_MSG("X509_CHECK_FLAG_NO_WILDCARDS not yet implemented"); + return WOLFSSL_FAILURE; +diff --git a/tests/api.c b/tests/api.c +index 774a332968..db888952d4 100644 +--- a/tests/api.c ++++ b/tests/api.c +@@ -23875,6 +23875,35 @@ static void test_wolfSSL_X509_issuer_name_hash(void) + #endif + } + ++static void test_wolfSSL_X509_check_host(void) ++{ ++#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ ++ && !defined(NO_SHA) && !defined(NO_RSA) ++ ++ X509* x509; ++ const char altName[] = "example.com"; ++ ++ printf(testingFmt, "wolfSSL_X509_check_host()"); ++ ++ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, ++ SSL_FILETYPE_PEM)); ++ ++ AssertIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), 0, NULL), ++ WOLFSSL_SUCCESS); ++ ++ AssertIntEQ(X509_check_host(x509, NULL, 0, 0, NULL), ++ WOLFSSL_FAILURE); ++ ++ X509_free(x509); ++ ++ AssertIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), 0, NULL), ++ WOLFSSL_FAILURE); ++ ++ printf(resultFmt, passed); ++ ++#endif ++} ++ + static void test_wolfSSL_DES(void) + { + #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) +@@ -36407,6 +36436,7 @@ void ApiTest(void) + test_wolfSSL_X509_INFO(); + test_wolfSSL_X509_subject_name_hash(); + test_wolfSSL_X509_issuer_name_hash(); ++ test_wolfSSL_X509_check_host(); + test_wolfSSL_DES(); + test_wolfSSL_certs(); + test_wolfSSL_ASN1_TIME_print(); diff --git a/package/lienol/luci-app-passwall/Makefile b/package/lienol/luci-app-passwall/Makefile index 12a45a5609..40aa9e835a 100644 --- a/package/lienol/luci-app-passwall/Makefile +++ b/package/lienol/luci-app-passwall/Makefile @@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-passwall PKG_VERSION:=4 -PKG_RELEASE:=1 -PKG_DATE:=20201204 +PKG_RELEASE:=3 +PKG_DATE:=20201211 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) @@ -16,15 +16,15 @@ include $(INCLUDE_DIR)/package.mk define Package/$(PKG_NAME)/config menu "Configuration" - + config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks bool "Include Shadowsocks" default y - + config PACKAGE_$(PKG_NAME)_INCLUDE_Shadowsocks_Server bool "Include Shadowsocks Server" default y - + config PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR bool "Include ShadowsocksR" default y @@ -32,7 +32,7 @@ config PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR config PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Server bool "Include ShadowsocksR Server" default y - + config PACKAGE_$(PKG_NAME)_INCLUDE_Xray bool "Include Xray" default y if i386||x86_64||arm||aarch64 @@ -44,11 +44,11 @@ config PACKAGE_$(PKG_NAME)_INCLUDE_V2ray config PACKAGE_$(PKG_NAME)_INCLUDE_Trojan_Plus bool "Include Trojan_Plus" default y - + config PACKAGE_$(PKG_NAME)_INCLUDE_Trojan_GO bool "Include Trojan_GO" default y if i386||x86_64||arm||aarch64 - + config PACKAGE_$(PKG_NAME)_INCLUDE_Brook bool "Include Brook" default n @@ -132,6 +132,8 @@ endef define Package/$(PKG_NAME)/conffiles /etc/config/passwall /etc/config/passwall_server +/usr/share/passwall/rules/direct_host +/usr/share/passwall/rules/direct_ip /usr/share/passwall/rules/proxy_host /usr/share/passwall/rules/proxy_ip /usr/share/passwall/rules/proxy_host2 @@ -155,6 +157,7 @@ define Package/$(PKG_NAME)/install $(INSTALL_DIR) $(1)/usr/share/passwall cp -pR ./root/usr/share/passwall/* $(1)/usr/share/passwall $(INSTALL_CONF) ./root/etc/config/passwall $(1)/usr/share/passwall/config.default + $(INSTALL_DIR) $(1)/usr/lib/lua/luci cp -pR ./luasrc/* $(1)/usr/lib/lua/luci/ diff --git a/package/lienol/luci-app-passwall/luasrc/controller/passwall.lua b/package/lienol/luci-app-passwall/luasrc/controller/passwall.lua index c1b2f7482d..bbc2204201 100644 --- a/package/lienol/luci-app-passwall/luasrc/controller/passwall.lua +++ b/package/lienol/luci-app-passwall/luasrc/controller/passwall.lua @@ -44,6 +44,7 @@ function index() --[[ API ]] entry({"admin", "services", appname, "server_user_status"}, call("server_user_status")).leaf = true + entry({"admin", "services", appname, "server_user_log"}, call("server_user_log")).leaf = true entry({"admin", "services", appname, "server_get_log"}, call("server_get_log")).leaf = true entry({"admin", "services", appname, "server_clear_log"}, call("server_clear_log")).leaf = true entry({"admin", "services", appname, "link_append_temp"}, call("link_append_temp")).leaf = true @@ -51,6 +52,7 @@ function index() entry({"admin", "services", appname, "link_clear_temp"}, call("link_clear_temp")).leaf = true entry({"admin", "services", appname, "link_add_node"}, call("link_add_node")).leaf = true entry({"admin", "services", appname, "get_now_use_node"}, call("get_now_use_node")).leaf = true + entry({"admin", "services", appname, "get_redir_log"}, call("get_redir_log")).leaf = true entry({"admin", "services", appname, "get_log"}, call("get_log")).leaf = true entry({"admin", "services", appname, "clear_log"}, call("clear_log")).leaf = true entry({"admin", "services", appname, "status"}, call("status")).leaf = true @@ -152,6 +154,20 @@ function get_now_use_node() luci.http.write_json(e) end +function get_redir_log() + local e = {} + local proto = luci.http.formvalue("proto") + local index = luci.http.formvalue("index") + local filename = proto .. "_" .. index + if nixio.fs.access("/var/etc/passwall/" .. filename .. ".log") then + e.code = 200 + else + e.code = 400 + end + e.data = luci.sys.exec("cat /var/etc/passwall/" .. filename .. ".log") + http_write_json(e) +end + function get_log() -- luci.sys.exec("[ -f /var/log/passwall.log ] && sed '1!G;h;$!d' /var/log/passwall.log > /var/log/passwall_show.log") luci.http.write(luci.sys.exec("[ -f '/var/log/passwall.log' ] && cat /var/log/passwall.log")) @@ -338,6 +354,18 @@ function server_user_status() http_write_json(e) end +function server_user_log() + local e = {} + local id = luci.http.formvalue("id") + if nixio.fs.access("/var/etc/passwall_server/" .. id .. ".log") then + e.code = 200 + else + e.code = 400 + end + e.data = luci.sys.exec("cat /var/etc/passwall_server/" .. id .. ".log") + http_write_json(e) +end + function server_get_log() luci.http.write(luci.sys.exec("[ -f '/var/log/passwall_server.log' ] && cat /var/log/passwall_server.log")) end diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/api.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/api.lua index a408a69f6b..c2bb2a8a88 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/api.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/api.lua @@ -15,6 +15,32 @@ command_timeout = 300 LEDE_BOARD = nil DISTRIB_TARGET = nil +function is_exist(table, value) + for index, k in ipairs(table) do + if k == value then + return true + end + end + return false +end + +function get_args(arg, myarg) + local var = {} + for i, arg_k in pairs(arg) do + if i > 0 then + if is_exist(myarg, arg_k) == true then + local v = arg[i + 1] + if v then + if is_exist(myarg, v) == false then + var[arg_k] = v + end + end + end + end + end + return var +end + function get_valid_nodes() local nodes = {} uci:foreach(appname, "nodes", function(e) @@ -42,6 +68,22 @@ function get_valid_nodes() return nodes end +function get_full_node_remarks(n) + local remarks = "" + if n then + if n.protocol and (n.protocol == "_balancing" or n.protocol == "_shunt") then + remarks = "%s:[%s] " % {i18n.translatef(n.type .. n.protocol), n.remarks} + else + if n.use_kcp and n.use_kcp == "1" then + remarks = "%s+%s:[%s] %s" % {n.type, "Kcptun", n.remarks, n.address} + else + remarks = "%s:[%s] %s:%s" % {n.type, n.remarks, n.address, n.port} + end + end + end + return remarks +end + function gen_uuid(format) local uuid = sys.exec("echo -n $(cat /proc/sys/kernel/random/uuid)") if format == nil then diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_naiveproxy.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_naiveproxy.lua index c6650b41c4..91c9e9b00e 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_naiveproxy.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_naiveproxy.lua @@ -1,11 +1,23 @@ +local api = require "luci.model.cbi.passwall.api.api" local ucursor = require "luci.model.uci".cursor() local jsonc = require "luci.jsonc" -local node_section = arg[1] -local run_type = arg[2] -local local_addr = arg[3] -local local_port = arg[4] -local server_host = arg[5] -local server_port = arg[6] + +local myarg = { + "-node", "-run_type", "-local_addr", "-local_port", "-server_host", "-server_port" +} + +local var = api.get_args(arg, myarg) + +local node_section = var["-node"] +if not node_section then + print("-node 不能为空") + return +end +local run_type = var["-run_type"] +local local_addr = var["-local_addr"] +local local_port = var["-local_port"] +local server_host = var["-server_host"] +local server_port = var["-server_port"] local node = ucursor:get_all("passwall", node_section) local config = { diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_shadowsocks.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_shadowsocks.lua index 7ab2b32ac2..d88e5c09c1 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_shadowsocks.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_shadowsocks.lua @@ -1,10 +1,22 @@ +local api = require "luci.model.cbi.passwall.api.api" local ucursor = require "luci.model.uci".cursor() local jsonc = require "luci.jsonc" -local node_section = arg[1] -local local_addr = arg[2] -local local_port = arg[3] -local server_host = arg[4] -local server_port = arg[5] + +local myarg = { + "-node", "-local_addr", "-local_port", "-server_host", "-server_port" +} + +local var = api.get_args(arg, myarg) + +local node_section = var["-node"] +if not node_section then + print("-node 不能为空") + return +end +local local_addr = var["-local_addr"] +local local_port = var["-local_port"] +local server_host = var["-server_host"] +local server_port = var["-server_port"] local node = ucursor:get_all("passwall", node_section) local config = { diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_trojan.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_trojan.lua index 6940ce8af3..7df4d3bdaf 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_trojan.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_trojan.lua @@ -1,11 +1,24 @@ +local api = require "luci.model.cbi.passwall.api.api" local ucursor = require"luci.model.uci".cursor() local json = require "luci.jsonc" -local node_section = arg[1] -local run_type = arg[2] -local local_addr = arg[3] -local local_port = arg[4] -local server_host = arg[5] -local server_port = arg[6] + +local myarg = { + "-node", "-run_type", "-local_addr", "-local_port", "-server_host", "-server_port", "-loglevel" +} + +local var = api.get_args(arg, myarg) + +local node_section = var["-node"] +if not node_section then + print("-node 不能为空") + return +end +local run_type = var["-run_type"] +local local_addr = var["-local_addr"] +local local_port = var["-local_port"] +local server_host = var["-server_host"] +local server_port = var["-server_port"] +local loglevel = var["-loglevel"] or 2 local node = ucursor:get_all("passwall", node_section) local cipher = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA" @@ -17,7 +30,7 @@ local trojan = { remote_addr = server_host or node.address, remote_port = tonumber(server_port) or tonumber(node.port), password = {node.password}, - log_level = 1, + log_level = tonumber(loglevel), ssl = { verify = (node.tls_allowInsecure ~= "1") and true or false, verify_hostname = true, diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray.lua deleted file mode 100644 index 0b06599d2f..0000000000 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray.lua +++ /dev/null @@ -1,311 +0,0 @@ -module("luci.model.cbi.passwall.api.gen_v2ray", package.seeall) -local ucursor = require"luci.model.uci".cursor() -local sys = require "luci.sys" -local json = require "luci.jsonc" -local appname = "passwall" -local inbounds = {} -local outbounds = {} -local routing = nil - -local node_section = arg[1] or "nil" -local proto = arg[2] -local redir_port = arg[3] -local socks_proxy_port = arg[4] -local node = ucursor:get_all(appname, node_section) -local network = proto -local new_port - -local function get_new_port() - if new_port then - new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port %s tcp)", appname, new_port + 1))) - else - new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port auto tcp)", appname))) - end - return new_port -end - -function gen_outbound(node, tag, relay_port) - local result = nil - if node then - local node_id = node[".name"] - if tag == nil then - tag = node_id - end - if node.type ~= "V2ray" then - if node.type == "Socks" then - node.protocol = "socks" - node.transport = "tcp" - else - local node_type = (proto and proto ~= "nil") and proto or "socks" - new_port = get_new_port() - node.port = new_port - sys.call(string.format('/usr/share/%s/app.sh run_socks "%s" "%s" "%s" "%s" "%s" "%s" "%s" "%s"> /dev/null', - appname, - node_id, - "127.0.0.1", - new_port, - string.format("/var/etc/%s/v2_%s_%s.json", appname, node_type, node_id), - "0", - "nil", - "4", - relay_port and tostring(relay_port) or "" - ) - ) - node.protocol = "socks" - node.transport = "tcp" - node.address = "127.0.0.1" - end - node.stream_security = "none" - else - if node.tls and node.tls == "1" then - node.stream_security = "tls" - end - - if node.transport == "mkcp" or node.transport == "quic" then - node.stream_security = "none" - end - end - - result = { - tag = tag, - protocol = node.protocol, - mux = { - enabled = (node.mux == "1") and true or false, - concurrency = (node.mux_concurrency) and tonumber(node.mux_concurrency) or 8 - }, - -- 底层传输配置 - streamSettings = (node.protocol == "vmess" or node.protocol == "vless" or node.protocol == "socks" or node.protocol == "shadowsocks" or node.protocol == "trojan") and { - network = node.transport, - security = node.stream_security, - tlsSettings = (node.stream_security == "tls") and { - serverName = node.tls_serverName, - allowInsecure = (node.tls_allowInsecure == "1") and true or false - } or nil, - tcpSettings = (node.transport == "tcp" and node.protocol ~= "socks") and { - header = { - type = node.tcp_guise, - request = (node.tcp_guise == "http") and { - path = node.tcp_guise_http_path or {"/"}, - headers = { - Host = node.tcp_guise_http_host or {} - } - } or nil - } - } or nil, - kcpSettings = (node.transport == "mkcp") and { - mtu = tonumber(node.mkcp_mtu), - tti = tonumber(node.mkcp_tti), - uplinkCapacity = tonumber(node.mkcp_uplinkCapacity), - downlinkCapacity = tonumber(node.mkcp_downlinkCapacity), - congestion = (node.mkcp_congestion == "1") and true or false, - readBufferSize = tonumber(node.mkcp_readBufferSize), - writeBufferSize = tonumber(node.mkcp_writeBufferSize), - seed = (node.mkcp_seed and node.mkcp_seed ~= "") and node.mkcp_seed or nil, - header = {type = node.mkcp_guise} - } or nil, - wsSettings = (node.transport == "ws") and { - path = node.ws_path or "", - headers = (node.ws_host ~= nil) and - {Host = node.ws_host} or nil - } or nil, - httpSettings = (node.transport == "h2") and - {path = node.h2_path, host = node.h2_host} or - nil, - dsSettings = (node.transport == "ds") and - {path = node.ds_path} or nil, - quicSettings = (node.transport == "quic") and { - security = node.quic_security, - key = node.quic_key, - header = {type = node.quic_guise} - } or nil - } or nil, - settings = { - vnext = (node.protocol == "vmess" or node.protocol == "vless") and { - { - address = node.address, - port = tonumber(node.port), - users = { - { - id = node.uuid, - alterId = tonumber(node.alter_id), - level = node.level and tonumber(node.level) or 0, - security = (node.protocol == "vmess") and node.security or nil, - encryption = node.encryption or "none", - flow = node.flow or nil - } - } - } - } or nil, - servers = (node.protocol == "socks" or node.protocol == "http" or node.protocol == "shadowsocks" or node.protocol == "trojan") and { - { - address = node.address, - port = tonumber(node.port), - method = node.method or nil, - password = node.password or "", - users = (node.username and node.password) and - {{user = node.username, pass = node.password}} or nil - } - } or nil - } - } - end - return result -end - -if node then - if socks_proxy_port ~= "nil" then - table.insert(inbounds, { - listen = "0.0.0.0", - port = tonumber(socks_proxy_port), - protocol = "socks", - settings = {auth = "noauth", udp = true, ip = "127.0.0.1"} - }) - network = "tcp,udp" - end - - if redir_port ~= "nil" then - table.insert(inbounds, { - port = tonumber(redir_port), - protocol = "dokodemo-door", - settings = {network = proto, followRedirect = true}, - sniffing = {enabled = true, destOverride = {"http", "tls"}} - }) - if proto == "tcp" and node.tcp_socks == "1" then - table.insert(inbounds, { - listen = "0.0.0.0", - port = tonumber(node.tcp_socks_port), - protocol = "socks", - settings = { - auth = node.tcp_socks_auth, - accounts = (node.tcp_socks_auth == "password") and { - { - user = node.tcp_socks_auth_username, - pass = node.tcp_socks_auth_password - } - } or nil, - udp = true - } - }) - end - end - - if node.protocol == "_shunt" then - local rules = {} - ucursor:foreach(appname, "shunt_rules", function(e) - local name = e[".name"] - local _node_id = node[name] or nil - if _node_id and _node_id ~= "nil" then - local _node = ucursor:get_all(appname, _node_id) - local is_proxy = node[name .. "_proxy"] - local relay_port - if is_proxy and is_proxy == "1" then - new_port = get_new_port() - relay_port = new_port - table.insert(inbounds, { - tag = "proxy_" .. name, - listen = "127.0.0.1", - port = new_port, - protocol = "dokodemo-door", - settings = {network = "tcp,udp", address = _node.address, port = tonumber(_node.port)} - }) - if _node.tls_serverName == nil then - _node.tls_serverName = _node.address - end - _node.address = "127.0.0.1" - _node.port = new_port - end - local _outbound = gen_outbound(_node, name, relay_port) - if _outbound then - table.insert(outbounds, _outbound) - if is_proxy and is_proxy == "1" then - table.insert(rules, { - type = "field", - inboundTag = {"proxy_" .. name}, - outboundTag = "default" - }) - end - if e.domain_list then - local _domain = {} - string.gsub(e.domain_list, '[^' .. "\r\n" .. ']+', function(w) - table.insert(_domain, w) - end) - table.insert(rules, { - type = "field", - outboundTag = name, - domain = _domain - }) - end - if e.ip_list then - local _ip = {} - string.gsub(e.ip_list, '[^' .. "\r\n" .. ']+', function(w) - table.insert(_ip, w) - end) - table.insert(rules, { - type = "field", - outboundTag = name, - ip = _ip - }) - end - end - end - end) - - local default_node_id = node.default_node or nil - if default_node_id and default_node_id ~= "nil" then - local default_node = ucursor:get_all(appname, default_node_id) - local default_outbound = gen_outbound(default_node, "default") - if default_outbound then - table.insert(outbounds, default_outbound) - local rule = { - type = "field", - outboundTag = "default", - network = network - } - table.insert(rules, rule) - end - end - - routing = { - domainStrategy = node.domainStrategy or "AsIs", - rules = rules - } - - elseif node.protocol == "_balancing" then - if node.balancing_node then - local nodes = node.balancing_node - local length = #nodes - for i = 1, length do - local node = ucursor:get_all(appname, nodes[i]) - local outbound = gen_outbound(node) - if outbound then table.insert(outbounds, outbound) end - end - routing = { - domainStrategy = node.domainStrategy or "AsIs", - balancers = {{tag = "balancer", selector = nodes}}, - rules = { - {type = "field", network = "tcp,udp", balancerTag = "balancer"} - } - } - end - else - local outbound = gen_outbound(node) - if outbound then table.insert(outbounds, outbound) end - end - - -- 额外传出连接 - table.insert(outbounds, {protocol = "freedom", tag = "direct", settings = {keep = ""}}) - - local v2ray = { - log = { - -- error = string.format("/var/etc/passwall/%s.log", node[".name"]), - loglevel = "warning" - }, - -- 传入连接 - inbounds = inbounds, - -- 传出连接 - outbounds = outbounds, - -- 路由 - routing = routing - } - print(json.stringify(v2ray, 1)) -end diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray_proto.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray_proto.lua deleted file mode 100644 index 2f26f3fd2b..0000000000 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_v2ray_proto.lua +++ /dev/null @@ -1,80 +0,0 @@ -local json = require "luci.jsonc" -local inbounds = {} -local outbounds = {} -local routing = nil - -local local_proto = arg[1] -local local_address = arg[2] -local local_port = arg[3] -local server_proto = arg[4] -local server_address = arg[5] -local server_port = arg[6] -local server_username = arg[7] or "nil" -local server_password = arg[8] or "nil" - -function gen_outbound(proto, address, port, username, password) - local result = { - protocol = proto, - streamSettings = { - network = "tcp", - security = "none" - }, - settings = { - servers = { - { - address = address, - port = tonumber(port), - users = (username ~= "nil" and password ~= "nil") and { - { - user = username, - pass = password - } - } or nil - } - } - } - } - return result -end - -if local_proto ~= "nil" and local_address ~= "nil" and local_port ~= "nil" then - local inbound = { - listen = local_address, - port = tonumber(local_port), - protocol = local_proto, - settings = { - accounts = nil - } - } - if local_proto == "socks" then - inbound.settings.auth = "noauth" - inbound.settings.udp = true - elseif local_proto == "http" then - inbound.settings.allowTransparent = false - end - table.insert(inbounds, inbound) -end - -if server_proto ~= "nil" and server_address ~= "nil" and server_port ~= "nil" then - local outbound = gen_outbound(server_proto, server_address, server_port, server_username, server_password) - if outbound then table.insert(outbounds, outbound) end -end - --- 额外传出连接 -table.insert(outbounds, { - protocol = "freedom", tag = "direct", settings = {keep = ""} -}) - -local v2ray = { - log = { - -- error = string.format("/var/etc/passwall/%s.log", node[".name"]), - loglevel = "warning" - }, - -- 传入连接 - inbounds = inbounds, - -- 传出连接 - outbounds = outbounds, - -- 路由 - routing = routing -} -print(json.stringify(v2ray, 1)) diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_xray.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_xray.lua index 24653d59fd..7759a0a7c0 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_xray.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_xray.lua @@ -1,4 +1,5 @@ module("luci.model.cbi.passwall.api.gen_xray", package.seeall) +local api = require "luci.model.cbi.passwall.api.api" local ucursor = require"luci.model.uci".cursor() local sys = require "luci.sys" local json = require "luci.jsonc" @@ -7,11 +8,17 @@ local inbounds = {} local outbounds = {} local routing = nil -local node_section = arg[1] or "nil" -local proto = arg[2] -local redir_port = arg[3] -local socks_proxy_port = arg[4] -local node = ucursor:get_all(appname, node_section) +local myarg = { + "-node", "-proto", "-redir_port", "-socks_proxy_port", "-loglevel" +} + +local var = api.get_args(arg, myarg) + +local node_section = var["-node"] +local proto = var["-proto"] +local redir_port = var["-redir_port"] +local socks_proxy_port = var["-socks_proxy_port"] +local loglevel = var["-loglevel"] or "warning" local network = proto local new_port @@ -31,12 +38,12 @@ function gen_outbound(node, tag, relay_port) if tag == nil then tag = node_id end - if node.type ~= "Xray" then + if node.type ~= "Xray" and node.type ~= "V2ray" then if node.type == "Socks" then node.protocol = "socks" node.transport = "tcp" else - local node_type = (proto and proto ~= "nil") and proto or "socks" + local node_type = proto or "socks" new_port = get_new_port() node.port = new_port sys.call(string.format('/usr/share/%s/app.sh run_socks "%s" "%s" "%s" "%s" "%s" "%s" "%s" "%s"> /dev/null', @@ -159,8 +166,9 @@ function gen_outbound(node, tag, relay_port) return result end -if node then - if socks_proxy_port ~= "nil" then +if node_section then + local node = ucursor:get_all(appname, node_section) + if socks_proxy_port then table.insert(inbounds, { listen = "0.0.0.0", port = tonumber(socks_proxy_port), @@ -170,7 +178,7 @@ if node then network = "tcp,udp" end - if redir_port ~= "nil" then + if redir_port then table.insert(inbounds, { port = tonumber(redir_port), protocol = "dokodemo-door", @@ -305,7 +313,7 @@ if node then local xray = { log = { -- error = string.format("/var/etc/passwall/%s.log", node[".name"]), - loglevel = "warning" + loglevel = loglevel }, -- 传入连接 inbounds = inbounds, diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_xray_proto.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_xray_proto.lua index 6d6582f61c..7baed80b38 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_xray_proto.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_xray_proto.lua @@ -1,16 +1,23 @@ +local api = require "luci.model.cbi.passwall.api.api" local json = require "luci.jsonc" local inbounds = {} local outbounds = {} local routing = nil -local local_proto = arg[1] -local local_address = arg[2] -local local_port = arg[3] -local server_proto = arg[4] -local server_address = arg[5] -local server_port = arg[6] -local server_username = arg[7] or "nil" -local server_password = arg[8] or "nil" +local myarg = { + "-local_proto", "-local_address", "-local_port", "-server_proto", "-server_address", "-server_port", "-server_username", "-server_password" +} + +local var = api.get_args(arg, myarg) + +local local_proto = var["-local_proto"] +local local_address = var["-local_address"] +local local_port = var["-local_port"] +local server_proto = var["-server_proto"] +local server_address = var["-server_address"] +local server_port = var["-server_port"] +local server_username = var["-server_username"] +local server_password = var["-server_password"] function gen_outbound(proto, address, port, username, password) local result = { @@ -24,7 +31,7 @@ function gen_outbound(proto, address, port, username, password) { address = address, port = tonumber(port), - users = (username ~= "nil" and password ~= "nil") and { + users = (username and password) and { { user = username, pass = password diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua index 9788ef6dbd..27990677d6 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua @@ -1,4 +1,4 @@ -local o = require "luci.dispatcher" +local d = require "luci.dispatcher" local uci = require"luci.model.uci".cursor() local api = require "luci.model.cbi.passwall.api.api" local appname = "passwall" @@ -79,23 +79,35 @@ for i = 1, tcp_node_num, 1 do o = s:taboption("Main", ListValue, "tcp_node" .. i, translate("TCP Node") .. " " .. i) if i == 1 then o.title = translate("TCP Node") - o.description = translate("For proxy specific list.") .. o.description - if tonumber(m:get("@auto_switch[0]", "enable") or 0) == 1 then - local current_node = luci.sys.exec(string.format("[ -f '/var/etc/%s/id/TCP_%s' ] && echo -n $(cat /var/etc/%s/id/TCP_%s)", appname, i, appname, i)) - if current_node and current_node ~= "" and current_node ~= "nil" then - local e = uci:get_all(appname, current_node) - if e then - local remarks = "" - if e.protocol and (e.protocol == "_balancing" or e.protocol == "_shunt") then - remarks = "%s:[%s] " % {translatef(e.type .. e.protocol), e.remarks} - else - if e.use_kcp and e.use_kcp == "1" then - remarks = "%s+%s:[%s] %s" % {e.type, "Kcptun", e.remarks, e.address} - else - remarks = "%s:[%s] %s:%s" % {e.type, e.remarks, e.address, e.port} + o.description = "" + --o.description = translate("For proxy specific list.") + --o.description = o.description .. "
" + local current_node = luci.sys.exec(string.format("[ -f '/var/etc/%s/id/TCP_%s' ] && echo -n $(cat /var/etc/%s/id/TCP_%s)", appname, i, appname, i)) + if current_node and current_node ~= "" and current_node ~= "nil" then + local n = uci:get_all(appname, current_node) + if n then + if tonumber(m:get("@auto_switch[0]", "enable") or 0) == 1 then + local remarks = api.get_full_node_remarks(n) + local url = d.build_url("admin", "services", appname, "node_config", current_node) + o.description = o.description .. translatef("Current node: %s", string.format('%s', url, remarks)) .. "
" + end + if n.protocol and n.protocol == "_shunt" then + uci:foreach(appname, "shunt_rules", function(e) + local id = e[".name"] + local remarks = translate(e.remarks) + if n[id] and n[id] ~= "nil" then + local url = d.build_url("admin", "services", appname, "node_config", n[id]) + local r = api.get_full_node_remarks(uci:get_all(appname, n[id])) + o.description = o.description .. remarks .. ":" .. string.format('%s', url, r) .. "
" end + end) + local id = "default_node" + local remarks = translate("Default") + if n[id] and n[id] ~= "nil" then + local url = d.build_url("admin", "services", appname, "node_config", n[id]) + local r = api.get_full_node_remarks(uci:get_all(appname, n[id])) + o.description = o.description .. remarks .. ":" .. string.format('%s', url, r) .. "
" end - o.description = translate("For proxy specific list.") .. "
" .. translatef("Current node: %s", '' .. remarks .. '') end end end @@ -111,7 +123,7 @@ for i = 1, udp_node_num, 1 do o:value("nil", translate("Close")) if i == 1 then o.title = translate("UDP Node") - o.description = translate("For proxy game network, DNS hijack etc.") .. o.description .. "
" .. translate("The selected server will not use Kcptun.") + --o.description = translate("For proxy game network, DNS hijack etc.") .. "
" .. translate("The selected server will not use Kcptun.") o:value("tcp_", translate("Same as the tcp node")) --o:value("tcp", translate("Same as the tcp node")) --o:value("tcp_", translate("Same as the tcp node") .. "(" .. translate("New process") .. ")") @@ -293,6 +305,30 @@ o:value("disable", translate("No Proxy")) o.default = "default" o.rmempty = false +s:tab("log", translate("Log")) +for i = 1, tcp_node_num, 1 do + o = s:taboption("log", Flag, "close_log_tcp_" .. i , translate("Close") .. translate("Log") .. " " .. translate("TCP Node") .. " " .. i) + o.rmempty = false +end +for i = 1, udp_node_num, 1 do + o = s:taboption("log", Flag, "close_log_udp_" .. i, translate("Close") .. translate("Log") .. " " .. translate("UDP Node") .. " " .. i) + o.rmempty = false +end +loglevel = s:taboption("log", ListValue, "loglevel", "X/V2ray" .. translate("Log Level")) +loglevel.default = "warning" +loglevel:value("debug") +loglevel:value("info") +loglevel:value("warning") +loglevel:value("error") + +trojan_loglevel = s:taboption("log", ListValue, "trojan_loglevel", "Trojan" .. translate("Log Level")) +trojan_loglevel.default = "2" +trojan_loglevel:value("0", "all") +trojan_loglevel:value("1", "info") +trojan_loglevel:value("2", "warn") +trojan_loglevel:value("3", "error") +trojan_loglevel:value("4", "fatal") + s:tab("tips", translate("Tips")) o = s:taboption("tips", DummyValue, "") diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/haproxy.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/haproxy.lua index 69a3c8af89..fc4c4ae011 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/haproxy.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/haproxy.lua @@ -1,6 +1,5 @@ local e = require "luci.sys" local net = require "luci.model.network".init() -local uci = require "luci.model.uci".cursor() local api = require "luci.model.cbi.passwall.api.api" local appname = "passwall" @@ -83,6 +82,7 @@ o.default = "5" o.rmempty = false ---- Export +--[[ o = s:option(ListValue, "export", translate("Export Of Multi WAN")) o:value(0, translate("Auto")) local ifaces = e.net:devices() @@ -97,6 +97,7 @@ for _, iface in ipairs(ifaces) do end o.default = 0 o.rmempty = false +]]-- ---- Mode o = s:option(ListValue, "backup", translate("Mode")) diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua index cab85d501d..a44744fbcf 100755 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/app.lua @@ -24,10 +24,13 @@ local function cmd(cmd) sys.call(cmd) end -local function ln_start(s, d, command) +local function ln_start(s, d, command, output) + if not output then + output = "/dev/null" + end d = TMP_BIN_PATH .. "/" .. d cmd(string.format('[ ! -f "%s" ] && ln -s %s %s 2>/dev/null', d, s, d)) - return string.format("%s >/dev/null 2>&1 &", d .. " " ..command) + return string.format("%s >%s 2>&1 &", d .. " " ..command, output) end local function gen_include() @@ -61,6 +64,13 @@ local function start() local id = user[".name"] local enable = user.enable if enable and tonumber(enable) == 1 then + local enable_log = user.log + local log_path = nil + if enable_log and enable_log == "1" then + log_path = CONFIG_PATH .. "/" .. id .. ".log" + else + log_path = nil + end local remarks = user.remarks local port = tonumber(user.port) local bin @@ -79,7 +89,7 @@ local function start() auth = username .. " " .. password end end - bin = ln_start("/usr/bin/microsocks", "microsocks_" .. id, string.format("-i :: -p %s %s", port, auth)) + bin = ln_start("/usr/bin/microsocks", "microsocks_" .. id, string.format("-i :: -p %s %s", port, auth), log_path) elseif type == "SS" or type == "SSR" then config = require("luci.model.cbi.passwall.server.api.shadowsocks").gen_config(user) local udp_param = "" @@ -88,26 +98,26 @@ local function start() udp_param = "-u" end type = type:lower() - bin = ln_start("/usr/bin/" .. type .. "-server", type .. "-server", "-c " .. config_file .. " " .. udp_param) + bin = ln_start("/usr/bin/" .. type .. "-server", type .. "-server", "-c " .. config_file .. " " .. udp_param, log_path) elseif type == "Xray" then config = require("luci.model.cbi.passwall.server.api.xray").gen_config(user) - bin = ln_start(_api.get_xray_path(), "xray", "-config=" .. config_file) + bin = ln_start(_api.get_xray_path(), "xray", "-config=" .. config_file, log_path) elseif type == "V2ray" then config = require("luci.model.cbi.passwall.server.api.v2ray").gen_config(user) - bin = ln_start(_api.get_v2ray_path(), "v2ray", "-config=" .. config_file) + bin = ln_start(_api.get_v2ray_path(), "v2ray", "-config=" .. config_file, log_path) elseif type == "Trojan" then config = require("luci.model.cbi.passwall.server.api.trojan").gen_config(user) - bin = ln_start("/usr/sbin/trojan", "trojan", "-c " .. config_file) + bin = ln_start("/usr/sbin/trojan", "trojan", "-c " .. config_file, log_path) elseif type == "Trojan-Plus" then config = require("luci.model.cbi.passwall.server.api.trojan").gen_config(user) - bin = ln_start("/usr/sbin/trojan-plus", "trojan-plus", "-c " .. config_file) + bin = ln_start("/usr/sbin/trojan-plus", "trojan-plus", "-c " .. config_file, log_path) elseif type == "Trojan-Go" then config = require("luci.model.cbi.passwall.server.api.trojan").gen_config(user) - bin = ln_start(_api.get_trojan_go_path(), "trojan-go", "-config " .. config_file) + bin = ln_start(_api.get_trojan_go_path(), "trojan-go", "-config " .. config_file, log_path) elseif type == "Brook" then local brook_protocol = user.protocol local brook_password = user.password - bin = ln_start(_api.get_brook_path(), "brook_" .. id, string.format("%s -l :%s -p %s", brook_protocol, port, brook_password)) + bin = ln_start(_api.get_brook_path(), "brook_" .. id, string.format("%s -l :%s -p %s", brook_protocol, port, brook_password), log_path) end if next(config) then diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/trojan.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/trojan.lua index 6ad664f588..469a5c82dd 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/trojan.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/trojan.lua @@ -9,7 +9,7 @@ function gen_config(user) remote_addr = (user.remote_enable == "1" and user.remote_address) and user.remote_address or nil, remote_port = (user.remote_enable == "1" and user.remote_port) and tonumber(user.remote_port) or nil, password = user.uuid, - log_level = 1, + log_level = (user.log and user.log == "1") and tonumber(user.loglevel) or 5, ssl = { cert = user.tls_certificateFile, key = user.tls_keyFile, diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/v2ray.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/v2ray.lua index 519700fc2b..d4da4ab8fa 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/v2ray.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/v2ray.lua @@ -97,7 +97,7 @@ function gen_config(user) local config = { log = { -- error = "/var/etc/passwall_server/log/" .. user[".name"] .. ".log", - loglevel = "warning" + loglevel = (user.log and user.log == "1") and user.loglevel or "none" }, -- 传入连接 inbounds = { diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/xray.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/xray.lua index 0132ab03c2..4d38285ebf 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/xray.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/api/xray.lua @@ -97,7 +97,7 @@ function gen_config(user) local config = { log = { -- error = "/var/etc/passwall_server/log/" .. user[".name"] .. ".log", - loglevel = "warning" + loglevel = (user.log and user.log == "1") and user.loglevel or "none" }, -- 传入连接 inbounds = { diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/index.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/index.lua index 81e0f5e27e..21020bced7 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/index.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/index.lua @@ -57,6 +57,10 @@ end e = t:option(DummyValue, "port", translate("Port")) +e = t:option(Flag, "log", translate("Enable") .. translate("Log")) +e.default = "1" +e.rmempty = false + m:append(Template("passwall/server/log")) m:append(Template("passwall/server/users_list_status")) diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/user.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/user.lua index 8ee9626432..8d9c6212e8 100644 --- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/user.lua +++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/server/user.lua @@ -594,4 +594,34 @@ transit_node.default = "nil" transit_node:depends("type", "Xray") transit_node:depends("type", "V2ray") +log = s:option(Flag, "log", translate("Enable") .. translate("Log")) +log.default = "1" +log.rmempty = false + +loglevel = s:option(ListValue, "loglevel", translate("Log Level")) +loglevel.default = "warning" +loglevel:value("debug") +loglevel:value("info") +loglevel:value("warning") +loglevel:value("error") +loglevel:depends({ type = "Xray", log = true }) +loglevel:depends({ type = "V2ray", log = true }) + +trojan_loglevel = s:option(ListValue, "trojan_loglevel", translate("Log Level")) +trojan_loglevel.default = "2" +trojan_loglevel:value("0", "all") +trojan_loglevel:value("1", "info") +trojan_loglevel:value("2", "warn") +trojan_loglevel:value("3", "error") +trojan_loglevel:value("4", "fatal") +function trojan_loglevel.cfgvalue(self, section) + return m:get(section, "loglevel") +end +function trojan_loglevel.write(self, section, value) + m:set(section, "loglevel", value) +end +trojan_loglevel:depends({ type = "Trojan", log = true }) +trojan_loglevel:depends({ type = "Trojan-Plus", log = true }) +trojan_loglevel:depends({ type = "Trojan-Go", log = true }) + return m diff --git a/package/lienol/luci-app-passwall/luasrc/view/passwall/global/footer.htm b/package/lienol/luci-app-passwall/luasrc/view/passwall/global/footer.htm index 2a0d0b482d..17fc33d071 100644 --- a/package/lienol/luci-app-passwall/luasrc/view/passwall/global/footer.htm +++ b/package/lienol/luci-app-passwall/luasrc/view/passwall/global/footer.htm @@ -6,6 +6,29 @@ local auto_switch = api.uci_get_type("auto_switch", "enable", 0) -%> \ No newline at end of file diff --git a/package/lienol/luci-app-passwall/luasrc/view/passwall/server/users_list_status.htm b/package/lienol/luci-app-passwall/luasrc/view/passwall/server/users_list_status.htm index e6616c4bd5..ba5c5a7f9a 100644 --- a/package/lienol/luci-app-passwall/luasrc/view/passwall/server/users_list_status.htm +++ b/package/lienol/luci-app-passwall/luasrc/view/passwall/server/users_list_status.htm @@ -1,10 +1,31 @@ \ No newline at end of file diff --git a/package/lienol/luci-app-passwall/po/zh-cn/passwall.po b/package/lienol/luci-app-passwall/po/zh-cn/passwall.po index c3428b81e2..f0d7c9862d 100644 --- a/package/lienol/luci-app-passwall/po/zh-cn/passwall.po +++ b/package/lienol/luci-app-passwall/po/zh-cn/passwall.po @@ -1132,6 +1132,15 @@ msgstr "用户管理" msgid "Logs" msgstr "日志" +msgid "Log" +msgstr "日志" + +msgid "Log Level" +msgstr "日志等级" + +msgid "Not enabled log" +msgstr "未启用日志" + msgid "UDP Forward" msgstr "UDP转发" diff --git a/package/lienol/luci-app-passwall/root/etc/config/passwall b/package/lienol/luci-app-passwall/root/etc/config/passwall index 8d8401e160..064112b711 100644 --- a/package/lienol/luci-app-passwall/root/etc/config/passwall +++ b/package/lienol/luci-app-passwall/root/etc/config/passwall @@ -13,6 +13,10 @@ config global option localhost_tcp_proxy_mode 'gfwlist' option localhost_udp_proxy_mode 'gfwlist' option socks_server '0.0.0.0:1080' + option close_log_tcp_1 '1' + option close_log_udp_1 '1' + option loglevel 'warning' + option trojan_loglevel '2' config global_haproxy option balancing_enable '0' @@ -48,8 +52,8 @@ config global_rules option chnroute6_url 'https://ispip.clang.cn/all_cn_ipv6.txt' config global_app - option xray_file '/usr/bin/xray/' - option v2ray_file '/usr/bin/v2ray/' + option xray_file '/usr/bin/xray' + option v2ray_file '/usr/bin/v2ray' option trojan_go_file '/usr/bin/trojan-go' option kcptun_client_file '/usr/bin/kcptun-client' option brook_file '/usr/bin/brook' diff --git a/package/lienol/luci-app-passwall/root/etc/uci-defaults/luci-app-passwall b/package/lienol/luci-app-passwall/root/etc/uci-defaults/luci-app-passwall index 4eb5ac2dd8..ea37185409 100755 --- a/package/lienol/luci-app-passwall/root/etc/uci-defaults/luci-app-passwall +++ b/package/lienol/luci-app-passwall/root/etc/uci-defaults/luci-app-passwall @@ -26,24 +26,10 @@ uci -q batch <<-EOF >/dev/null EOF tmp=$(uci -q get passwall.@global_app[0].xray_file) -if [ -z "$tmp" ]; then - uci set passwall.@global_app[0].xray_file="/usr/bin/xray" -else - [ -n "$(echo $tmp | grep -E "^.*/xray/$")" ] && { - uci set passwall.@global_app[0].xray_file="${tmp%?}" - } -fi +[ -z "$tmp" ] && uci set passwall.@global_app[0].xray_file="/usr/bin/xray" tmp=$(uci -q get passwall.@global_app[0].v2ray_file) -if [ -z "$tmp" ]; then - uci set passwall.@global_app[0].v2ray_file="/usr/bin/v2ray" -else - [ -n "$(echo $tmp | grep -E "^.*/v2ray/$")" ] && { - uci set passwall.@global_app[0].v2ray_file="${tmp%?}" - } -fi +[ -z "$tmp" ] && uci set passwall.@global_app[0].v2ray_file="/usr/bin/v2ray" uci commit passwall -/etc/init.d/https-dns-proxy stop >/dev/null 2>&1 & -/etc/init.d/https-dns-proxy disable >/dev/null 2>&1 & rm -rf /tmp/luci-*cache exit 0 diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh b/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh index 39d6ec6d8f..d5e9729e29 100755 --- a/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh +++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh @@ -29,8 +29,6 @@ LUA_API_PATH=/usr/lib/lua/luci/model/cbi/$CONFIG/api API_GEN_SS=$LUA_API_PATH/gen_shadowsocks.lua API_GEN_XRAY=$LUA_API_PATH/gen_xray.lua API_GEN_XRAY_PROTO=$LUA_API_PATH/gen_xray_proto.lua -API_GEN_V2RAY=$LUA_API_PATH/gen_v2ray.lua -API_GEN_V2RAY_PROTO=$LUA_API_PATH/gen_v2ray_proto.lua API_GEN_TROJAN=$LUA_API_PATH/gen_trojan.lua API_GEN_NAIVE=$LUA_API_PATH/gen_naiveproxy.lua echolog() { @@ -250,8 +248,9 @@ first_type() { ln_start_bin() { local file_func=${1} local ln_name=${2} + local output=${3} - shift 2; + shift 3; if [ "${file_func%%/*}" != "${file_func}" ]; then [ ! -L "${file_func}" ] && { ln -s "${file_func}" "${TMP_BIN_PATH}/${ln_name}" >/dev/null 2>&1 @@ -261,26 +260,32 @@ ln_start_bin() { fi #echo "${file_func} $*" >&2 [ -n "${file_func}" ] || echolog " - 找不到 ${ln_name},无法启动..." - ${file_func:-echolog " - ${ln_name}"} "$@" >/dev/null 2>&1 & + ${file_func:-echolog " - ${ln_name}"} "$@" >${output} 2>&1 & } ENABLED=$(config_t_get global enabled 0) +TCP_REDIR_PORT1=$(config_t_get global_forwarding tcp_redir_port 1041) TCP_NODE_NUM=$(config_t_get global_other tcp_node_num 1) for i in $(seq 1 $TCP_NODE_NUM); do eval TCP_NODE$i=$(config_t_get global tcp_node$i nil) + [ $i -gt 1 ] && { + _k=$(expr $i - 1) + eval p=\$TCP_REDIR_PORT${_k} + eval TCP_REDIR_PORT$i=$(expr $p + 1) + } done -TCP_REDIR_PORT1=$(config_t_get global_forwarding tcp_redir_port 1041) -TCP_REDIR_PORT2=$(expr $TCP_REDIR_PORT1 + 1) -TCP_REDIR_PORT3=$(expr $TCP_REDIR_PORT2 + 1) +UDP_REDIR_PORT1=$(config_t_get global_forwarding udp_redir_port 1051) UDP_NODE_NUM=$(config_t_get global_other udp_node_num 1) for i in $(seq 1 $UDP_NODE_NUM); do eval UDP_NODE$i=$(config_t_get global udp_node$i nil) + [ $i -gt 1 ] && { + _k=$(expr $i - 1) + eval p=\$UDP_REDIR_PORT${_k} + eval UDP_REDIR_PORT$i=$(expr $p + 1) + } done -UDP_REDIR_PORT1=$(config_t_get global_forwarding udp_redir_port 1051) -UDP_REDIR_PORT2=$(expr $UDP_REDIR_PORT1 + 1) -UDP_REDIR_PORT3=$(expr $UDP_REDIR_PORT2 + 1) [ "$UDP_NODE1" == "tcp_" ] && UDP_NODE1=$TCP_NODE1 [ "$UDP_NODE1" == "tcp" ] && UDP_REDIR_PORT1=$TCP_REDIR_PORT1 @@ -301,17 +306,6 @@ LOCALHOST_UDP_PROXY_MODE=$(config_t_get global localhost_udp_proxy_mode default) [ "$LOCALHOST_UDP_PROXY_MODE" == "default" ] && LOCALHOST_UDP_PROXY_MODE=$UDP_PROXY_MODE load_config() { - local auto_switch_list=$(config_t_get auto_switch tcp_node1 nil) - [ -n "$auto_switch_list" -a "$auto_switch_list" != "nil" ] && { - for tmp in $auto_switch_list; do - tmp_id=$(config_n_get $tmp address nil) - [ "$tmp_id" == "nil" ] && { - uci -q del_list $CONFIG.@auto_switch[0].tcp_node1=$tmp - uci commit $CONFIG - } - done - } - [ "$ENABLED" != 1 ] && NO_PROXY=1 [ "$TCP_NODE1" == "nil" -a "$UDP_NODE1" == "nil" ] && { echolog "没有选择节点!" @@ -350,6 +344,7 @@ run_socks() { local http_config_file=$6 local id=$7 local relay_port=$8 + local log_file="/dev/null" local type=$(echo $(config_n_get $node type) | tr 'A-Z' 'a-z') local remarks=$(config_n_get $node remarks) local server_host=$(config_n_get $node address) @@ -383,27 +378,27 @@ run_socks() { _username=$(config_n_get $node username) _password=$(config_n_get $node password) [ -n "$_username" ] && [ -n "$_password" ] && local _auth="--uname $_username --passwd $_password" - ln_start_bin "$(first_type ssocks)" ssocks_SOCKS_$id --listen $socks_port --socks $server_host:$port $_auth + ln_start_bin "$(first_type ssocks)" ssocks_SOCKS_$id $log_file --listen $socks_port --socks $server_host:$port $_auth ;; xray) - lua $API_GEN_XRAY $node nil nil $socks_port > $config_file - ln_start_bin "$(first_type $(config_t_get global_app xray_file notset)/xray xray)" xray -config="$config_file" + lua $API_GEN_XRAY -node $node -socks_proxy_port $socks_port > $config_file + ln_start_bin "$(first_type $(config_t_get global_app xray_file notset)/xray xray)" xray $log_file -config="$config_file" ;; v2ray) - lua $API_GEN_V2RAY $node nil nil $socks_port > $config_file - ln_start_bin "$(first_type $(config_t_get global_app v2ray_file notset)/v2ray v2ray)" v2ray -config="$config_file" + lua $API_GEN_XRAY -node $node -socks_proxy_port $socks_port > $config_file + ln_start_bin "$(first_type $(config_t_get global_app v2ray_file notset)/v2ray v2ray)" v2ray $log_file -config="$config_file" ;; trojan-go) - lua $API_GEN_TROJAN $node client $bind $socks_port $server_host $port > $config_file - ln_start_bin "$(first_type $(config_t_get global_app trojan_go_file notset) trojan-go)" trojan-go -config "$config_file" + lua $API_GEN_TROJAN -node $node -run_type client -local_addr $bind -local_port $socks_port -server_host $server_host -server_port $port > $config_file + ln_start_bin "$(first_type $(config_t_get global_app trojan_go_file notset) trojan-go)" trojan-go $log_file -config "$config_file" ;; trojan*) - lua $API_GEN_TROJAN $node client $bind $socks_port $server_host $port > $config_file - ln_start_bin "$(first_type ${type})" "${type}" -c "$config_file" + lua $API_GEN_TROJAN -node $node -run_type client -local_addr $bind -local_port $socks_port -server_host $server_host -server_port $port > $config_file + ln_start_bin "$(first_type ${type})" "${type}" $log_file -c "$config_file" ;; naiveproxy) - lua $API_GEN_NAIVE $node socks $bind $socks_port $server_host $port > $config_file - ln_start_bin "$(first_type naive)" naive "$config_file" + lua $API_GEN_NAIVE -node $node -run_type socks -local_addr $bind -local_port $socks_port -server_host $server_host -server_port $port > $config_file + ln_start_bin "$(first_type naive)" naive $log_file "$config_file" ;; brook) local protocol=$(config_n_get $node protocol client) @@ -411,18 +406,19 @@ run_socks() { [ "$protocol" == "wsclient" ] && { [ "$brook_tls" == "1" ] && server_host="wss://${server_host}" || server_host="ws://${server_host}" } - ln_start_bin "$(first_type $(config_t_get global_app brook_file notset) brook)" "brook_SOCKS_$id" "$protocol" --socks5 "$bind:$socks_port" -s "$server_host:$port" -p "$(config_n_get $node password)" + ln_start_bin "$(first_type $(config_t_get global_app brook_file notset) brook)" "brook_SOCKS_$id" $log_file "$protocol" --socks5 "$bind:$socks_port" -s "$server_host:$port" -p "$(config_n_get $node password)" ;; ss|ssr) - lua $API_GEN_SS $node "0.0.0.0" $socks_port $server_host $port > $config_file - ln_start_bin "$(first_type ${type}-local)" "${type}-local" -c "$config_file" -b "$bind" -u + lua $API_GEN_SS -node $node -local_addr "0.0.0.0" -local_port $socks_port -server_host $server_host -server_port $port > $config_file + ln_start_bin "$(first_type ${type}-local)" "${type}-local" $log_file -c "$config_file" -b "$bind" -u ;; esac # socks to http [ "$http_port" != "0" ] && [ "$http_config_file" != "nil" ] && { - lua $API_GEN_V2RAY_PROTO http "0.0.0.0" $http_port socks "127.0.0.1" $socks_port $_username $_password > $http_config_file - ln_start_bin "$(first_type $(config_t_get global_app v2ray_file notset)/v2ray v2ray)" v2ray -config="$http_config_file" + lua $API_GEN_XRAY_PROTO -local_proto http -local_address "0.0.0.0" -local_port $http_port -server_proto socks -server_address "127.0.0.1" -server_port $socks_port -server_username $_username -server_password $_password > $http_config_file + echo lua $API_GEN_XRAY_PROTO -local_proto http -local_address "0.0.0.0" -local_port $http_port -server_proto socks -server_address "127.0.0.1" -server_port $socks_port -server_username $_username -server_password $_password + ln_start_bin "$(first_type $(config_t_get global_app xray_file notset)/xray xray)" xray $log_file -config="$http_config_file" } unset _username _password _auth } @@ -432,8 +428,14 @@ run_redir() { local bind=$2 local local_port=$3 local config_file=$4 - local redir_type=$5 + local REDIR_TYPE=$5 + local index=$6 + local log_file=$7 + [ -z "$log_file" ] && log_file="/dev/null" + local redir_type=$(echo $REDIR_TYPE | tr 'A-Z' 'a-z') local type=$(echo $(config_n_get $node type) | tr 'A-Z' 'a-z') + local close_log=$(config_t_get global close_log_${redir_type}_${index} 1) + [ "$close_log" = "1" ] && log_file="/dev/null" local remarks=$(config_n_get $node remarks) local server_host=$(config_n_get $node address) local port=$(config_n_get $node port) @@ -447,11 +449,11 @@ run_redir() { return 1 } [ "$server_host" == "127.0.0.1" ] && process=1 - [ "$bind" != "127.0.0.1" ] && echolog "${redir_type}_${6}节点:$remarks,节点:${server_host}:${port},监听端口:$local_port" + [ "$bind" != "127.0.0.1" ] && echolog "${REDIR_TYPE}_${index}节点:$remarks,节点:${server_host}:${port},监听端口:$local_port" } - eval ${redir_type}_NODE${6}_PORT=$port + eval ${REDIR_TYPE}_NODE${index}_PORT=$port - case "$redir_type" in + case "$REDIR_TYPE" in UDP) case "$type" in socks) @@ -459,24 +461,28 @@ run_redir() { local node_port=$(config_n_get $node port) local server_username=$(config_n_get $node username) local server_password=$(config_n_get $node password) - eval port=\$UDP_REDIR_PORT$6 - ln_start_bin "$(first_type ipt2socks)" "ipt2socks_udp_$6" -U -l "$port" -b 0.0.0.0 -s "$node_address" -p "$node_port" -R + eval port=\$UDP_REDIR_PORT${index} + ln_start_bin "$(first_type ipt2socks)" "ipt2socks_udp_${index}" $log_file -U -l "$port" -b 0.0.0.0 -s "$node_address" -p "$node_port" -R ;; xray) - lua $API_GEN_XRAY $node udp $local_port nil > $config_file - ln_start_bin "$(first_type $(config_t_get global_app xray_file notset)/xray xray)" xray -config="$config_file" + local loglevel=$(config_t_get global loglevel "warning") + lua $API_GEN_XRAY -node $node -proto udp -redir_port $local_port -loglevel $loglevel > $config_file + ln_start_bin "$(first_type $(config_t_get global_app xray_file notset)/xray xray)" xray $log_file -config="$config_file" ;; v2ray) - lua $API_GEN_V2RAY $node udp $local_port nil > $config_file - ln_start_bin "$(first_type $(config_t_get global_app v2ray_file notset)/v2ray v2ray)" v2ray -config="$config_file" + local loglevel=$(config_t_get global loglevel "warning") + lua $API_GEN_XRAY -node $node -proto udp -redir_port $local_port -loglevel $loglevel > $config_file + ln_start_bin "$(first_type $(config_t_get global_app v2ray_file notset)/v2ray v2ray)" v2ray $log_file -config="$config_file" ;; trojan-go) - lua $API_GEN_TROJAN $node nat "0.0.0.0" $local_port >$config_file - ln_start_bin "$(first_type $(config_t_get global_app trojan_go_file notset) trojan-go)" trojan-go -config "$config_file" + local loglevel=$(config_t_get global trojan_loglevel "2") + lua $API_GEN_TROJAN -node $node -run_type nat -local_addr "0.0.0.0" -local_port $local_port -loglevel $loglevel > $config_file + ln_start_bin "$(first_type $(config_t_get global_app trojan_go_file notset) trojan-go)" trojan-go $log_file -config "$config_file" ;; trojan*) - lua $API_GEN_TROJAN $node nat "0.0.0.0" $local_port >$config_file - ln_start_bin "$(first_type ${type})" "${type}" -c "$config_file" + local loglevel=$(config_t_get global trojan_loglevel "2") + lua $API_GEN_TROJAN -node $node -run_type nat -local_addr "0.0.0.0" -local_port $local_port -loglevel $loglevel > $config_file + ln_start_bin "$(first_type ${type})" "${type}" $log_file -c "$config_file" ;; naiveproxy) echolog "Naiveproxy不支持UDP转发!" @@ -486,12 +492,12 @@ run_redir() { if [ "$protocol" == "wsclient" ]; then echolog "Brook的WebSocket不支持UDP转发!" else - ln_start_bin "$(first_type $(config_t_get global_app brook_file notset) brook)" "brook_udp_$6" tproxy -l ":$local_port" -s "$server_host:$port" -p "$(config_n_get $node password)" + ln_start_bin "$(first_type $(config_t_get global_app brook_file notset) brook)" "brook_udp_${index}" $log_file tproxy -l ":$local_port" -s "$server_host:$port" -p "$(config_n_get $node password)" fi ;; ss|ssr) - lua $API_GEN_SS $node "0.0.0.0" $local_port > $config_file - ln_start_bin "$(first_type ${type}-redir)" "${type}-redir" -c "$config_file" -U + lua $API_GEN_SS -node $node -local_addr "0.0.0.0" -local_port $local_port > $config_file + ln_start_bin "$(first_type ${type}-redir)" "${type}-redir" $log_file -c "$config_file" -U ;; esac ;; @@ -511,7 +517,7 @@ run_redir() { [ -n "$kcptun_server_host" ] && run_kcptun_ip=$(get_host_ip $network_type $kcptun_server_host) KCPTUN_REDIR_PORT=$(get_new_port $KCPTUN_REDIR_PORT tcp) kcptun_params="-l 0.0.0.0:$KCPTUN_REDIR_PORT -r $run_kcptun_ip:$kcptun_port $kcptun_config" - ln_start_bin "$(first_type $(config_t_get global_app kcptun_client_file notset) kcptun-client)" "kcptun_tcp_$6" $kcptun_params + ln_start_bin "$(first_type $(config_t_get global_app kcptun_client_file notset) kcptun-client)" "kcptun_tcp_${index}" $log_file $kcptun_params fi fi local _socks_flag _socks_address _socks_port _socks_username _socks_password @@ -524,30 +530,34 @@ run_redir() { _socks_password=$(config_n_get $node password) ;; xray) + local loglevel=$(config_t_get global loglevel "warning") local extra_param="tcp" - [ "$6" == 1 ] && [ "$UDP_NODE1" == "tcp" ] && extra_param="tcp,udp" - lua $API_GEN_XRAY $node $extra_param $local_port nil > $config_file - ln_start_bin "$(first_type $(config_t_get global_app xray_file notset)/xray xray)" xray -config="$config_file" + [ "${index}" == 1 ] && [ "$UDP_NODE1" == "tcp" ] && extra_param="tcp,udp" + lua $API_GEN_XRAY -node $node -proto $extra_param -redir_port $local_port -loglevel $loglevel > $config_file + ln_start_bin "$(first_type $(config_t_get global_app xray_file notset)/xray xray)" xray $log_file -config="$config_file" ;; v2ray) + local loglevel=$(config_t_get global loglevel "warning") local extra_param="tcp" - [ "$6" == 1 ] && [ "$UDP_NODE1" == "tcp" ] && extra_param="tcp,udp" - lua $API_GEN_V2RAY $node $extra_param $local_port nil > $config_file - ln_start_bin "$(first_type $(config_t_get global_app v2ray_file notset)/v2ray v2ray)" v2ray -config="$config_file" + [ "${index}" == 1 ] && [ "$UDP_NODE1" == "tcp" ] && extra_param="tcp,udp" + lua $API_GEN_XRAY -node $node -proto $extra_param -redir_port $local_port -loglevel $loglevel > $config_file + ln_start_bin "$(first_type $(config_t_get global_app v2ray_file notset)/v2ray v2ray)" v2ray $log_file -config="$config_file" ;; trojan-go) - lua $API_GEN_TROJAN $node nat "0.0.0.0" $local_port > $config_file - ln_start_bin "$(first_type $(config_t_get global_app trojan_go_file notset) trojan-go)" trojan-go -config "$config_file" + local loglevel=$(config_t_get global trojan_loglevel "2") + lua $API_GEN_TROJAN -node $node -run_type nat -local_addr "0.0.0.0" -local_port $local_port -loglevel $loglevel > $config_file + ln_start_bin "$(first_type $(config_t_get global_app trojan_go_file notset) trojan-go)" trojan-go $log_file -config "$config_file" ;; trojan*) - lua $API_GEN_TROJAN $node nat "0.0.0.0" $local_port > $config_file + local loglevel=$(config_t_get global trojan_loglevel "2") + lua $API_GEN_TROJAN -node $node -run_type nat -local_addr "0.0.0.0" -local_port $local_port -loglevel $loglevel > $config_file for k in $(seq 1 $process); do - ln_start_bin "$(first_type ${type})" "${type}" -c "$config_file" + ln_start_bin "$(first_type ${type})" "${type}" $log_file -c "$config_file" done ;; naiveproxy) - lua $API_GEN_NAIVE $node redir "0.0.0.0" $local_port > $config_file - ln_start_bin "$(first_type naive)" naive "$config_file" + lua $API_GEN_NAIVE -node $node -run_type redir -local_addr "0.0.0.0" -local_port $local_port > $config_file + ln_start_bin "$(first_type naive)" naive $log_file "$config_file" ;; brook) local server_ip=$server_host @@ -556,38 +566,38 @@ run_redir() { if [ "$protocol" == "wsclient" ]; then [ "$brook_tls" == "1" ] && server_ip="wss://${server_ip}" || server_ip="ws://${server_ip}" socks_port=$(get_new_port 2081 tcp) - ln_start_bin "$(first_type $(config_t_get global_app brook_file notset) brook)" "brook_tcp_$6" wsclient --socks5 "127.0.0.1:$socks_port" -s "$server_ip:$port" -p "$(config_n_get $node password)" + ln_start_bin "$(first_type $(config_t_get global_app brook_file notset) brook)" "brook_tcp_${index}" $log_file wsclient --socks5 "127.0.0.1:$socks_port" -s "$server_ip:$port" -p "$(config_n_get $node password)" _socks_flag=1 _socks_address="127.0.0.1" _socks_port=$socks_port echolog "Brook的WebSocket不支持透明代理,将使用ipt2socks转换透明代理!" - [ "$6" == 1 ] && [ "$UDP_NODE1" == "tcp" ] && echolog "Brook的WebSocket不支持UDP转发!" + [ "${index}" == 1 ] && [ "$UDP_NODE1" == "tcp" ] && echolog "Brook的WebSocket不支持UDP转发!" else [ "$kcptun_use" == "1" ] && { server_ip=127.0.0.1 port=$KCPTUN_REDIR_PORT } - ln_start_bin "$(first_type $(config_t_get global_app brook_file notset) brook)" "brook_tcp_$6" tproxy -l ":$local_port" -s "$server_ip:$port" -p "$(config_n_get $node password)" + ln_start_bin "$(first_type $(config_t_get global_app brook_file notset) brook)" "brook_tcp_${index}" $log_file tproxy -l ":$local_port" -s "$server_ip:$port" -p "$(config_n_get $node password)" fi ;; ss|ssr) if [ "$kcptun_use" == "1" ]; then - lua $API_GEN_SS $node "0.0.0.0" $local_port "127.0.0.1" $KCPTUN_REDIR_PORT > $config_file + lua $API_GEN_SS -node $node -local_addr "0.0.0.0" -local_port $socks_port -server_host "127.0.0.1" -server_port $KCPTUN_REDIR_PORT > $config_file process=1 - [ "$6" == 1 ] && [ "$UDP_NODE1" == "tcp" ] && echolog "Kcptun不支持UDP转发!" + [ "${index}" == 1 ] && [ "$UDP_NODE1" == "tcp" ] && echolog "Kcptun不支持UDP转发!" else - lua $API_GEN_SS $node "0.0.0.0" $local_port > $config_file - [ "$6" == 1 ] && [ "$UDP_NODE1" == "tcp" ] && extra_param="-u" + lua $API_GEN_SS -node $node -local_addr "0.0.0.0" -local_port $local_port > $config_file + [ "${index}" == 1 ] && [ "$UDP_NODE1" == "tcp" ] && extra_param="-u" fi for k in $(seq 1 $process); do - ln_start_bin "$(first_type ${type}-redir)" "${type}-redir" -c "$config_file" $extra_param + ln_start_bin "$(first_type ${type}-redir)" "${type}-redir" $log_file -c "$config_file" $extra_param done ;; esac if [ -n "$_socks_flag" ]; then local extra_param="-T" - [ "$6" == 1 ] && [ "$UDP_NODE1" == "tcp" ] && extra_param="" - ln_start_bin "$(first_type ipt2socks)" "ipt2socks_tcp_$6" -l "$local_port" -b 0.0.0.0 -s "$_socks_address" -p "$_socks_port" -R $extra_param + [ "${index}" == 1 ] && [ "$UDP_NODE1" == "tcp" ] && extra_param="" + ln_start_bin "$(first_type ipt2socks)" "ipt2socks_tcp_${index}" $log_file -l "$local_port" -b 0.0.0.0 -s "$_socks_address" -p "$_socks_port" -R $extra_param fi unset _socks_flag _socks_address _socks_port _socks_username _socks_password ;; @@ -601,9 +611,10 @@ node_switch() { [ -n "$1" -a -n "$2" -a -n "$3" -a -n "$4" ] && { ps -w | grep -E "$TMP_PATH" | grep -i "${1}_${i}" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 & local config_file=$TMP_PATH/${1}_${i}.json + local log_file=$TMP_PATH/${1}_${i}.log eval current_port=\$${1}_REDIR_PORT${i} local port=$(cat $TMP_PORT_PATH/${1}_${i}) - run_redir $node "0.0.0.0" $port $config_file $1 $i + run_redir $node "0.0.0.0" $port $config_file $1 $i $log_file echo $node > $TMP_ID_PATH/${1}_${i} #local node_net=$(echo $1 | tr 'A-Z' 'a-z') #uci set $CONFIG.@global[0].${node_net}_node${i}=$node @@ -619,10 +630,11 @@ start_redir() { [ "$node" != "nil" ] && { TYPE=$(echo $(config_n_get $node type) | tr 'A-Z' 'a-z') local config_file=$TMP_PATH/${1}_${i}.json + local log_file=$TMP_PATH/${1}_${i}.log eval current_port=\$${1}_REDIR_PORT$i local port=$(echo $(get_new_port $current_port $2)) eval ${1}_REDIR${i}=$port - run_redir $node "0.0.0.0" $port $config_file $1 $i + run_redir $node "0.0.0.0" $port $config_file $1 $i $log_file #eval ip=\$${1}_NODE${i}_IP echo $node > $TMP_ID_PATH/${1}_${i} echo $port > $TMP_PORT_PATH/${1}_${i} @@ -644,6 +656,7 @@ start_socks() { [ "$node" == "nil" ] && continue local port=$(config_n_get $id port) local config_file=$TMP_PATH/SOCKS_${id}.json + local log_file=$TMP_PATH/SOCKS_${id}.log local http_port=$(config_n_get $id http_port 0) local http_config_file=$TMP_PATH/SOCKS2HTTP_${id}.json run_socks $node "0.0.0.0" $port $config_file $http_port $http_config_file $id @@ -733,7 +746,7 @@ start_dns() { _doh=$(config_t_get global up_china_dns_doh "https://dns.alidns.com/dns-query,223.5.5.5,223.6.6.6,2400:3200::1,2400:3200:baba::1") _doh_url=$(echo $_doh | awk -F ',' '{print $1}') _doh_bootstrap=$(echo $_doh | cut -d ',' -sf 2-) - ln_start_bin "$(first_type https-dns-proxy)" https-dns-proxy -a 127.0.0.1 -p "${LOCAL_DOH_PORT}" -b "${_doh_bootstrap}" -r "${_doh_url}" -4 + ln_start_bin "$(first_type https-dns-proxy)" https-dns-proxy "/dev/null" -a 127.0.0.1 -p "${LOCAL_DOH_PORT}" -b "${_doh_bootstrap}" -r "${_doh_url}" -4 LOCAL_DNS="127.0.0.1#${LOCAL_DOH_PORT}" unset _doh _doh_url _doh_bootstrap fi @@ -800,7 +813,7 @@ start_dns() { chnlist_param=${chnlist_param:+-m "${chnlist_param}" -M} } [ "$(config_t_get global fair_mode 1)" = "1" ] && extra_mode="-f" - ln_start_bin "$(first_type chinadns-ng)" chinadns-ng -l "${dns_listen_port}" ${china_ng_chn:+-c "${china_ng_chn}"} ${chnlist_param} ${china_ng_gfw:+-t "${china_ng_gfw}"} ${gfwlist_param:+-g "${gfwlist_param}"} $extra_mode + ln_start_bin "$(first_type chinadns-ng)" chinadns-ng "/dev/null" -l "${dns_listen_port}" ${china_ng_chn:+-c "${china_ng_chn}"} ${chnlist_param} ${china_ng_gfw:+-t "${china_ng_gfw}"} ${gfwlist_param:+-g "${gfwlist_param}"} $extra_mode echolog " + 过滤服务:ChinaDNS-NG(:${dns_listen_port}${extra_mode}) + ${msg}:中国域名列表:${china_ng_chn:-D114.114.114.114},防火墙域名列表:${china_ng_gfw:-D8.8.8.8}" #[ -n "${global}${chnlist}" ] && [ -z "${returnhome}" ] && TUN_DNS="${china_ng_gfw}" dns_listen_port=${other_port} @@ -850,7 +863,7 @@ start_dns() { esac if [ -n "$(echo ${DNS_MODE} | grep pdnsd)" ]; then gen_pdnsd_config "${dns_listen_port}" "${pdnsd_forward}" - ln_start_bin "$(first_type pdnsd)" pdnsd --daemon -c "${TMP_PATH}/pdnsd/pdnsd.conf" -d + ln_start_bin "$(first_type pdnsd)" pdnsd "/dev/null" --daemon -c "${TMP_PATH}/pdnsd/pdnsd.conf" -d fi if [ -n "$(echo ${DNS_MODE} | grep 'https-dns-proxy')" ]; then up_trust_doh=$(config_t_get global up_trust_doh "https://dns.google/dns-query,8.8.8.8,8.8.4.4") @@ -861,7 +874,7 @@ start_dns() { up_trust_doh_dns=$(config_t_get global up_trust_doh_dns "tcp") if [ "$up_trust_doh_dns" = "socks" ]; then socks_server=$(echo $(config_t_get global socks_server 127.0.0.1:9050) | sed "s/#/:/g") - ln_start_bin "$(first_type https-dns-proxy)" https-dns-proxy -a 127.0.0.1 -p "${dns_listen_port}" -b "${_doh_bootstrap}" -r "${_doh_url}" -4 -t socks5h://${socks_server} + ln_start_bin "$(first_type https-dns-proxy)" https-dns-proxy "/dev/null" -a 127.0.0.1 -p "${dns_listen_port}" -b "${_doh_bootstrap}" -r "${_doh_url}" -4 -t socks5h://${socks_server} elif [ "${up_trust_doh_dns}" = "tcp" ]; then DNS_FORWARD="" _doh_bootstrap_dns=$(echo $_doh_bootstrap | sed "s/,/ /g") @@ -869,7 +882,7 @@ start_dns() { _dns=$(echo $_dns | awk -F ':' '{print $1}'):${_doh_port:-443} [ -n "$DNS_FORWARD" ] && DNS_FORWARD=${DNS_FORWARD},${_dns} || DNS_FORWARD=${_dns} done - ln_start_bin "$(first_type https-dns-proxy)" https-dns-proxy -a 127.0.0.1 -p "${dns_listen_port}" -b "${_doh_bootstrap}" -r "${_doh_url}" -4 + ln_start_bin "$(first_type https-dns-proxy)" https-dns-proxy "/dev/null" -a 127.0.0.1 -p "${dns_listen_port}" -b "${_doh_bootstrap}" -r "${_doh_url}" -4 unset _dns _doh_bootstrap_dns fi unset _doh_url _doh_port _doh_bootstrap @@ -878,7 +891,7 @@ start_dns() { local dns2socks_socks_server=$(echo $(config_t_get global socks_server 127.0.0.1:9050) | sed "s/#/:/g") local dns2socks_forward=$(get_first_dns DNS_FORWARD 53 | sed 's/#/:/g') [ "$DNS_CACHE" == "0" ] && local dns2sock_cache="/d" - ln_start_bin "$(first_type dns2socks)" dns2socks "$dns2socks_socks_server" "$dns2socks_forward" "127.0.0.1:$dns_listen_port" $dns2sock_cache + ln_start_bin "$(first_type dns2socks)" dns2socks "/dev/null" "$dns2socks_socks_server" "$dns2socks_forward" "127.0.0.1:$dns_listen_port" $dns2sock_cache echolog " - dns2sock(127.0.0.1:${dns_listen_port}${dns2sock_cache}),${dns2socks_socks_server:-127.0.0.1:9050} -> ${dns2socks_forward-D46.182.19.48:53}" #[ "$CHINADNS_NG" = "1" ] && [ -n "${global}${chnlist}" ] && [ -z "${returnhome}" ] && TUN_DNS=$(echo "${dns_listen_port}" | sed 's/:/#/g') fi @@ -1169,6 +1182,8 @@ start_haproxy() { server $bip:$bport $bip:$bport weight $lbweight check inter 1500 rise 1 fall 3 $bbackup EOF + #暂时不开启此功能,以后抽时间改成后台执行,防止卡luci。 +:<> $(PKG_BUILD_DIR)/localoptions.h +db_opt_replace =$(ESED) 's,^(\#define $(1)) .*$$$$,\1 $(2),g' $(PKG_BUILD_DIR)/sysoptions.h + +define Build/Configure/dropbear_headers + $(strip $(foreach s,$(DB_OPT_COMMON), \ + $(if $(filter !!%,$(word 1,$(subst |, ,$(s)))), \ + $(call db_opt_replace,$(patsubst !!%,%,$(word 1,$(subst |, ,$(s)))),$(word 2,$(subst |, ,$(s)))), \ + $(call db_opt_add,$(word 1,$(subst |, ,$(s))),$(word 2,$(subst |, ,$(s)))) \ + ) ; \ + )) + + $(strip $(foreach s,$(DB_OPT_CONFIG), \ + $(if $(filter !!%,$(word 1,$(subst |, ,$(s)))), \ + $(call db_opt_replace,$(patsubst !!%,%,$(word 1,$(subst |, ,$(s)))),$(if $($(word 2,$(subst |, ,$(s)))),$(word 3,$(subst |, ,$(s))),$(word 4,$(subst |, ,$(s))))), \ + $(call db_opt_add,$(word 1,$(subst |, ,$(s))),$(if $($(word 2,$(subst |, ,$(s)))),$(word 3,$(subst |, ,$(s))),$(word 4,$(subst |, ,$(s))))) \ + ) ; \ + )) +endef + define Build/Configure : > $(PKG_BUILD_DIR)/localoptions.h $(Build/Configure/Default) - echo '#define DEFAULT_PATH "$(TARGET_INIT_PATH)"' >> \ - $(PKG_BUILD_DIR)/localoptions.h - - echo '#define DROPBEAR_CURVE25519 $(if $(CONFIG_DROPBEAR_CURVE25519),1,0)' >> \ - $(PKG_BUILD_DIR)/localoptions.h - - for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH; do \ - echo "#define $$$$OPTION $(if $(CONFIG_DROPBEAR_ECC),1,0)" >> \ - $(PKG_BUILD_DIR)/localoptions.h; \ - done - - echo '#define DROPBEAR_ED25519 $(if $(CONFIG_DROPBEAR_ED25519),1,0)' >> \ - $(PKG_BUILD_DIR)/localoptions.h - - echo '#define DROPBEAR_CHACHA20POLY1305 $(if $(CONFIG_DROPBEAR_CHACHA20POLY1305),1,0)' >> \ - $(PKG_BUILD_DIR)/localoptions.h - - # remove protocol idented software version number - $(ESED) 's,^(#define LOCAL_IDENT) .*$$$$,\1 "SSH-2.0-dropbear",g' \ - $(PKG_BUILD_DIR)/sysoptions.h - - # disable legacy/unsafe methods and unused functionality - for OPTION in INETD_MODE DROPBEAR_CLI_NETCAT \ - DROPBEAR_DSS DROPBEAR_USE_PASSWORD_ENV DO_MOTD ; do \ - echo "#define $$$$OPTION 0" >> \ - $(PKG_BUILD_DIR)/localoptions.h; \ - done - - # enable nistp384 and nistp521 only if full ECC support was requested - for OPTION in DROPBEAR_ECC_384 DROPBEAR_ECC_521; do \ - $(ESED) 's,^(#define '$$$$OPTION') .*$$$$,\1 $(if $(CONFIG_DROPBEAR_ECC_FULL),1,0),g' \ - $(PKG_BUILD_DIR)/sysoptions.h; \ - done + $(Build/Configure/dropbear_headers) # Enforce rebuild of svr-chansession.c rm -f $(PKG_BUILD_DIR)/svr-chansession.o diff --git a/package/network/services/openvpn-easy-rsa/Makefile b/package/network/services/openvpn-easy-rsa/Makefile deleted file mode 100644 index 0cf73950a6..0000000000 --- a/package/network/services/openvpn-easy-rsa/Makefile +++ /dev/null @@ -1,69 +0,0 @@ -# -# Copyright (C) 2010-2013 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -include $(TOPDIR)/rules.mk - -PKG_NAME:=openvpn-easy-rsa - -PKG_VERSION:=3.0.4 -PKG_RELEASE:=1 -PKG_SOURCE_URL:=https://github.com/OpenVPN/easy-rsa/releases/download/v$(PKG_VERSION)/ -PKG_SOURCE:=EasyRSA-$(PKG_VERSION).tgz -PKG_HASH:=472167f976c6cb7c860cec6150a5616e163ae20365c81f179811d6ee0779ec5a -PKG_LICENSE:=GPL-2.0 -PKG_BUILD_DIR:=$(BUILD_DIR)/EasyRSA-$(PKG_VERSION) -PKGARCH:=all - -include $(INCLUDE_DIR)/package.mk - -define Package/openvpn-easy-rsa - TITLE:=CLI utility to build and manage a PKI CA. - SECTION:=net - CATEGORY:=Network - URL:=http://openvpn.net - SUBMENU:=VPN - DEPENDS:=+openssl-util -endef - -define Package/openvpn-easy-rsa/conffiles -/etc/easy-rsa/vars -/etc/easy-rsa/openssl-1.0.cnf -/etc/easy-rsa/openssl-easyrsa.cnf -endef - -define Build/Configure - -endef - -define Build/Compile - -endef - -define Package/openvpn-easy-rsa/install - $(INSTALL_DIR) $(1)/usr/bin - - $(INSTALL_BIN) $(PKG_BUILD_DIR)/easyrsa $(1)/usr/bin/ - $(INSTALL_DIR) $(1)/etc/easy-rsa - $(INSTALL_DATA) $(PKG_BUILD_DIR)/openssl-easyrsa.cnf $(1)/etc/easy-rsa/openssl-1.0.cnf - $(LN) /etc/easy-rsa/openssl-1.0.cnf $(1)/etc/easy-rsa/openssl-easyrsa.cnf - $(INSTALL_DATA) $(PKG_BUILD_DIR)/vars.example $(1)/etc/easy-rsa/vars - - $(INSTALL_DIR) $(1)/etc/easy-rsa/pki - chmod 700 $(1)/etc/easy-rsa/pki - $(INSTALL_DIR) $(1)/etc/easy-rsa/pki/private - chmod 700 $(1)/etc/easy-rsa/pki/private - $(INSTALL_DIR) $(1)/etc/easy-rsa/pki/reqs - chmod 700 $(1)/etc/easy-rsa/pki/reqs - - $(INSTALL_DIR) $(1)/etc/easy-rsa/x509-types - $(INSTALL_DATA) $(PKG_BUILD_DIR)/x509-types/* $(1)/etc/easy-rsa/x509-types/ - - $(INSTALL_DIR) $(1)/lib/upgrade/keep.d - $(INSTALL_DATA) files/openvpn-easy-rsa.upgrade $(1)/lib/upgrade/keep.d/$(PKG_NAME) -endef - -$(eval $(call BuildPackage,openvpn-easy-rsa)) diff --git a/package/network/services/openvpn-easy-rsa/files/openvpn-easy-rsa.upgrade b/package/network/services/openvpn-easy-rsa/files/openvpn-easy-rsa.upgrade deleted file mode 100644 index 8110b81a46..0000000000 --- a/package/network/services/openvpn-easy-rsa/files/openvpn-easy-rsa.upgrade +++ /dev/null @@ -1 +0,0 @@ -/etc/easy-rsa/pki/ diff --git a/package/network/services/openvpn-easy-rsa/patches/101-static_EASYRSA.patch b/package/network/services/openvpn-easy-rsa/patches/101-static_EASYRSA.patch deleted file mode 100644 index b81366c60b..0000000000 --- a/package/network/services/openvpn-easy-rsa/patches/101-static_EASYRSA.patch +++ /dev/null @@ -1,22 +0,0 @@ -Index: EasyRSA-3.0.4/easyrsa -=================================================================== ---- EasyRSA-3.0.4.orig/easyrsa -+++ EasyRSA-3.0.4/easyrsa -@@ -1033,7 +1033,7 @@ vars_setup() { - vars= - - # set up program path -- prog_vars="${0%/*}/vars" -+ prog_vars="/etc/easy-rsa/vars" - # set up PKI path - pki_vars="${EASYRSA_PKI:-$PWD/pki}/vars" - -@@ -1060,7 +1060,7 @@ Note: using Easy-RSA configuration from: - fi - - # Set defaults, preferring existing env-vars if present -- set_var EASYRSA "${0%/*}" -+ set_var EASYRSA "/etc/easy-rsa" - set_var EASYRSA_OPENSSL openssl - set_var EASYRSA_PKI "$PWD/pki" - set_var EASYRSA_DN cn_only diff --git a/package/network/services/openvpn/Config-mbedtls.in b/package/network/services/openvpn/Config-mbedtls.in deleted file mode 100644 index beac492022..0000000000 --- a/package/network/services/openvpn/Config-mbedtls.in +++ /dev/null @@ -1,58 +0,0 @@ -if PACKAGE_openvpn-mbedtls - -config OPENVPN_mbedtls_ENABLE_LZO - bool "Enable LZO compression support" - default y - -config OPENVPN_mbedtls_ENABLE_LZ4 - bool "Enable LZ4 compression support" - default y - -config OPENVPN_mbedtls_ENABLE_SERVER - bool "Enable server support (otherwise only client mode is support)" - default y - -#config OPENVPN_mbedtls_ENABLE_EUREPHIA -# bool "Enable support for the eurephia plug-in" -# default n - -config OPENVPN_mbedtls_ENABLE_MANAGEMENT - bool "Enable management server support" - default n - -#config OPENVPN_mbedtls_ENABLE_PKCS11 -# bool "Enable pkcs11 support" -# default n - -config OPENVPN_mbedtls_ENABLE_FRAGMENT - bool "Enable internal fragmentation support (--fragment)" - default y - -config OPENVPN_mbedtls_ENABLE_MULTIHOME - bool "Enable multi-homed UDP server support (--multihome)" - default y - -config OPENVPN_mbedtls_ENABLE_PORT_SHARE - bool "Enable TCP server port-share support (--port-share)" - default y - -config OPENVPN_mbedtls_ENABLE_DEF_AUTH - bool "Enable deferred authentication" - default y - -config OPENVPN_mbedtls_ENABLE_PF - bool "Enable internal packet filter" - default y - -config OPENVPN_mbedtls_ENABLE_IPROUTE2 - bool "Enable support for iproute2" - default n - -config OPENVPN_mbedtls_ENABLE_SMALL - bool "Enable size optimization" - default y - help - enable smaller executable size (disable OCC, usage - message, and verb 4 parm list) - -endif diff --git a/package/network/services/openvpn/Config-nossl.in b/package/network/services/openvpn/Config-nossl.in deleted file mode 100644 index 79140ad5d1..0000000000 --- a/package/network/services/openvpn/Config-nossl.in +++ /dev/null @@ -1,50 +0,0 @@ -if PACKAGE_openvpn-nossl - -config OPENVPN_nossl_ENABLE_LZO - bool "Enable LZO compression support" - default y - -config OPENVPN_nossl_ENABLE_LZ4 - bool "Enable LZ4 compression support" - default y - -config OPENVPN_nossl_ENABLE_SERVER - bool "Enable server support (otherwise only client mode is support)" - default y - -config OPENVPN_nossl_ENABLE_MANAGEMENT - bool "Enable management server support" - default n - -config OPENVPN_nossl_ENABLE_FRAGMENT - bool "Enable internal fragmentation support (--fragment)" - default y - -config OPENVPN_nossl_ENABLE_MULTIHOME - bool "Enable multi-homed UDP server support (--multihome)" - default y - -config OPENVPN_nossl_ENABLE_PORT_SHARE - bool "Enable TCP server port-share support (--port-share)" - default y - -config OPENVPN_nossl_ENABLE_DEF_AUTH - bool "Enable deferred authentication" - default y - -config OPENVPN_nossl_ENABLE_PF - bool "Enable internal packet filter" - default y - -config OPENVPN_nossl_ENABLE_IPROUTE2 - bool "Enable support for iproute2" - default n - -config OPENVPN_nossl_ENABLE_SMALL - bool "Enable size optimization" - default y - help - enable smaller executable size (disable OCC, usage - message, and verb 4 parm list) - -endif diff --git a/package/network/services/openvpn/Config-openssl.in b/package/network/services/openvpn/Config-openssl.in deleted file mode 100644 index f2b618eff1..0000000000 --- a/package/network/services/openvpn/Config-openssl.in +++ /dev/null @@ -1,62 +0,0 @@ -if PACKAGE_openvpn-openssl - -config OPENVPN_openssl_ENABLE_LZO - bool "Enable LZO compression support" - default y - -config OPENVPN_openssl_ENABLE_LZ4 - bool "Enable LZ4 compression support" - default y - -config OPENVPN_openssl_ENABLE_X509_ALT_USERNAME - bool "Enable the --x509-username-field feature" - default n - -config OPENVPN_openssl_ENABLE_SERVER - bool "Enable server support (otherwise only client mode is support)" - default y - -#config OPENVPN_openssl_ENABLE_EUREPHIA -# bool "Enable support for the eurephia plug-in" -# default n - -config OPENVPN_openssl_ENABLE_MANAGEMENT - bool "Enable management server support" - default n - -#config OPENVPN_openssl_ENABLE_PKCS11 -# bool "Enable pkcs11 support" -# default n - -config OPENVPN_openssl_ENABLE_FRAGMENT - bool "Enable internal fragmentation support (--fragment)" - default y - -config OPENVPN_openssl_ENABLE_MULTIHOME - bool "Enable multi-homed UDP server support (--multihome)" - default y - -config OPENVPN_openssl_ENABLE_PORT_SHARE - bool "Enable TCP server port-share support (--port-share)" - default y - -config OPENVPN_openssl_ENABLE_DEF_AUTH - bool "Enable deferred authentication" - default y - -config OPENVPN_openssl_ENABLE_PF - bool "Enable internal packet filter" - default y - -config OPENVPN_openssl_ENABLE_IPROUTE2 - bool "Enable support for iproute2" - default n - -config OPENVPN_openssl_ENABLE_SMALL - bool "Enable size optimization" - default y - help - enable smaller executable size (disable OCC, usage - message, and verb 4 parm list) - -endif diff --git a/package/network/services/openvpn/Makefile b/package/network/services/openvpn/Makefile deleted file mode 100644 index 40570fbdb6..0000000000 --- a/package/network/services/openvpn/Makefile +++ /dev/null @@ -1,158 +0,0 @@ -# -# Copyright (C) 2010-2015 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -include $(TOPDIR)/rules.mk - -PKG_NAME:=openvpn - -PKG_VERSION:=2.4.9 -PKG_RELEASE:=5 - -PKG_SOURCE_URL:=\ - https://build.openvpn.net/downloads/releases/ \ - https://swupdate.openvpn.net/community/releases/ -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_HASH:=641f3add8694b2ccc39fd4fd92554e4f089ad16a8db6d2b473ec284839a5ebe2 - -PKG_MAINTAINER:=Felix Fietkau - -PKG_INSTALL:=1 -PKG_FIXUP:=autoreconf -PKG_BUILD_PARALLEL:=1 -PKG_LICENSE:=GPL-2.0 -PKG_CPE_ID:=cpe:/a:openvpn:openvpn - -include $(INCLUDE_DIR)/package.mk - -define Package/openvpn/Default - TITLE:=Open source VPN solution using $(2) - SECTION:=net - CATEGORY:=Network - URL:=http://openvpn.net - SUBMENU:=VPN - MENU:=1 - DEPENDS:=+kmod-tun +OPENVPN_$(1)_ENABLE_LZO:liblzo +OPENVPN_$(1)_ENABLE_IPROUTE2:ip $(3) - VARIANT:=$(1) -ifeq ($(1),nossl) - PROVIDES:=openvpn -else - PROVIDES:=openvpn openvpn-crypto -endif -endef - -Package/openvpn-openssl=$(call Package/openvpn/Default,openssl,OpenSSL,+PACKAGE_openvpn-openssl:libopenssl) -Package/openvpn-mbedtls=$(call Package/openvpn/Default,mbedtls,mbedTLS,+PACKAGE_openvpn-mbedtls:libmbedtls) -Package/openvpn-nossl=$(call Package/openvpn/Default,nossl,plaintext (no SSL)) - -define Package/openvpn/config/Default - source "$(SOURCE)/Config-$(1).in" -endef - -Package/openvpn-openssl/config=$(call Package/openvpn/config/Default,openssl) -Package/openvpn-mbedtls/config=$(call Package/openvpn/config/Default,mbedtls) -Package/openvpn-nossl/config=$(call Package/openvpn/config/Default,nossl) - -ifeq ($(BUILD_VARIANT),mbedtls) -CONFIG_OPENVPN_MBEDTLS:=y -endif -ifeq ($(BUILD_VARIANT),openssl) -CONFIG_OPENVPN_OPENSSL:=y -endif -ifeq ($(BUILD_VARIANT),nossl) -CONFIG_OPENVPN_NOSSL:=y -endif - -CONFIGURE_VARS += \ - IFCONFIG=/sbin/ifconfig \ - ROUTE=/sbin/route \ - IPROUTE=/sbin/ip \ - NETSTAT=/sbin/netstat - -TARGET_CFLAGS += -ffunction-sections -fdata-sections -TARGET_LDFLAGS += -Wl,--gc-sections - -define Build/Configure - $(call Build/Configure/Default, \ - $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_SMALL),--enable-small) \ - --disable-selinux \ - --disable-systemd \ - --disable-plugins \ - --disable-debug \ - --disable-pkcs11 \ - $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_LZO),--enable,--disable)-lzo \ - $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_LZ4),--enable,--disable)-lz4 \ - $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_X509_ALT_USERNAME),--enable,--disable)-x509-alt-username \ - $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_SERVER),--enable,--disable)-server \ - $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_MANAGEMENT),--enable,--disable)-management \ - $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_FRAGMENT),--enable,--disable)-fragment \ - $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_MULTIHOME),--enable,--disable)-multihome \ - $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_IPROUTE2),--enable,--disable)-iproute2 \ - $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_DEF_AUTH),--enable,--disable)-def-auth \ - $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_PF),--enable,--disable)-pf \ - $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_PORT_SHARE),--enable,--disable)-port-share \ - $(if $(CONFIG_OPENVPN_NOSSL),--disable-crypto,--enable-crypto) \ - $(if $(CONFIG_OPENVPN_OPENSSL),--with-crypto-library=openssl) \ - $(if $(CONFIG_OPENVPN_MBEDTLS),--with-crypto-library=mbedtls) \ - ) -endef - -define Package/openvpn-$(BUILD_VARIANT)/conffiles -/etc/config/openvpn -/etc/openvpn.user -endef - -define Package/openvpn-$(BUILD_VARIANT)/install - $(INSTALL_DIR) \ - $(1)/usr/sbin \ - $(1)/usr/share/openvpn \ - $(1)/etc/init.d \ - $(1)/etc/config \ - $(1)/etc/openvpn \ - $(1)/lib/functions \ - $(1)/lib/upgrade/keep.d \ - $(1)/usr/libexec \ - $(1)/etc/hotplug.d/openvpn - - $(INSTALL_BIN) \ - $(PKG_INSTALL_DIR)/usr/sbin/openvpn \ - $(1)/usr/sbin/ - - $(INSTALL_BIN) \ - files/openvpn.init \ - $(1)/etc/init.d/openvpn - - $(INSTALL_BIN) \ - files/usr/libexec/openvpn-hotplug \ - $(1)/usr/libexec/openvpn-hotplug - - $(INSTALL_DATA) \ - files/lib/functions/openvpn.sh \ - $(1)/lib/functions/openvpn.sh - - $(INSTALL_DATA) \ - files/etc/hotplug.d/openvpn/01-user \ - $(1)/etc/hotplug.d/openvpn/01-user - - $(INSTALL_DATA) \ - files/etc/openvpn.user \ - $(1)/etc/openvpn.user - - $(INSTALL_DATA) \ - files/openvpn.options \ - $(1)/usr/share/openvpn/openvpn.options - - $(INSTALL_CONF) files/openvpn.config \ - $(1)/etc/config/openvpn - - $(INSTALL_DATA) \ - files/openvpn.upgrade \ - $(1)/lib/upgrade/keep.d/openvpn -endef - -$(eval $(call BuildPackage,openvpn-openssl)) -$(eval $(call BuildPackage,openvpn-mbedtls)) -$(eval $(call BuildPackage,openvpn-nossl)) diff --git a/package/network/services/openvpn/files/etc/hotplug.d/openvpn/01-user b/package/network/services/openvpn/files/etc/hotplug.d/openvpn/01-user deleted file mode 100644 index f93823e5c5..0000000000 --- a/package/network/services/openvpn/files/etc/hotplug.d/openvpn/01-user +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/sh - -. /lib/functions/openvpn.sh - -[ -e "/etc/openvpn.user" ] && { - env -i ACTION="$ACTION" INSTANCE="$INSTANCE" \ - /bin/sh \ - /etc/openvpn.user \ - $* -} - -# Wrap user defined scripts on up/down events -case "$ACTION" in - up|down) - if get_openvpn_option "$config" command "$ACTION"; then - shift - exec /bin/sh -c "$command $*" - fi - ;; -esac - -exit 0 diff --git a/package/network/services/openvpn/files/etc/openvpn.user b/package/network/services/openvpn/files/etc/openvpn.user deleted file mode 100644 index a77566556a..0000000000 --- a/package/network/services/openvpn/files/etc/openvpn.user +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh -# -# This file is interpreted as shell script. -# Put your custom openvpn action here, they will -# be executed with each opevnp event. -# -# $ACTION -# down action is generated after the TUN/TAP device is closed -# up action is generated after the TUN/TAP device is opened -# $INSTANCE Name of the openvpn instance which went up or down - diff --git a/package/network/services/openvpn/files/lib/functions/openvpn.sh b/package/network/services/openvpn/files/lib/functions/openvpn.sh deleted file mode 100644 index 83fb1bb453..0000000000 --- a/package/network/services/openvpn/files/lib/functions/openvpn.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -get_openvpn_option() { - local config="$1" - local variable="$2" - local option="$3" - - local value="$(sed -rne 's/^[ \t]*'"$option"'[ \t]+(([^ \t\\]|\\.)+)[ \t]*$/\1/p' "$config" | tail -n1 | sed -re 's/\\(.)/\1/g')" - [ -n "$value" ] || value="$(sed -rne 's/^[ \t]*'"$option"'[ \t]+'"'([^']+)'"'[ \t]*$/\1/p' "$config" | tail -n1)" - [ -n "$value" ] || value="$(sed -rne 's/^[ \t]*'"$option"'[ \t]+"(([^"\\]|\\.)+)"[ \t]*$/\1/p' "$config" | tail -n1 | sed -re 's/\\(.)/\1/g')" - [ -n "$value" ] || return 1 - - export -n "$variable=$value" - return 0 -} - diff --git a/package/network/services/openvpn/files/openvpn.config b/package/network/services/openvpn/files/openvpn.config deleted file mode 100644 index 3de1881e35..0000000000 --- a/package/network/services/openvpn/files/openvpn.config +++ /dev/null @@ -1,474 +0,0 @@ -package openvpn - -################################################# -# Sample to include a custom config file. # -################################################# - -config openvpn custom_config - - # Set to 1 to enable this instance: - option enabled 0 - - # Include OpenVPN configuration - option config /etc/openvpn/my-vpn.conf - - -################################################# -# Sample OpenVPN 2.0 uci config for # -# multi-client server. # -################################################# - -config openvpn sample_server - - # Set to 1 to enable this instance: - option enabled 0 - - # Which local IP address should OpenVPN - # listen on? (optional) -# option local 0.0.0.0 - - # Which TCP/UDP port should OpenVPN listen on? - # If you want to run multiple OpenVPN instances - # on the same machine, use a different port - # number for each one. You will need to - # open up this port on your firewall. - option port 1194 - - # TCP or UDP server? -# option proto tcp - option proto udp - - # "dev tun" will create a routed IP tunnel, - # "dev tap" will create an ethernet tunnel. - # Use "dev tap0" if you are ethernet bridging - # and have precreated a tap0 virtual interface - # and bridged it with your ethernet interface. - # If you want to control access policies - # over the VPN, you must create firewall - # rules for the the TUN/TAP interface. - # On non-Windows systems, you can give - # an explicit unit number, such as tun0. - # On Windows, use "dev-node" for this. - # On most systems, the VPN will not function - # unless you partially or fully disable - # the firewall for the TUN/TAP interface. -# option dev tap - option dev tun - - # SSL/TLS root certificate (ca), certificate - # (cert), and private key (key). Each client - # and the server must have their own cert and - # key file. The server and all clients will - # use the same ca file. - # - # See the "easy-rsa" directory for a series - # of scripts for generating RSA certificates - # and private keys. Remember to use - # a unique Common Name for the server - # and each of the client certificates. - # - # Any X509 key management system can be used. - # OpenVPN can also use a PKCS #12 formatted key file - # (see "pkcs12" directive in man page). - option ca /etc/openvpn/ca.crt - option cert /etc/openvpn/server.crt - # This file should be kept secret: - option key /etc/openvpn/server.key - - # Diffie hellman parameters. - # Generate your own with: - # openssl dhparam -out dh2048.pem 2048 - # Substitute 2048 for 1024 if you are using - # 1024 bit keys. - option dh /etc/openvpn/dh2048.pem - - # Configure server mode and supply a VPN subnet - # for OpenVPN to draw client addresses from. - # The server will take 10.8.0.1 for itself, - # the rest will be made available to clients. - # Each client will be able to reach the server - # on 10.8.0.1. Comment this line out if you are - # ethernet bridging. See the man page for more info. - option server "10.8.0.0 255.255.255.0" - - # Maintain a record of client <-> virtual IP address - # associations in this file. If OpenVPN goes down or - # is restarted, reconnecting clients can be assigned - # the same virtual IP address from the pool that was - # previously assigned. - option ifconfig_pool_persist /tmp/ipp.txt - - # Configure server mode for ethernet bridging. - # You must first use your OS's bridging capability - # to bridge the TAP interface with the ethernet - # NIC interface. Then you must manually set the - # IP/netmask on the bridge interface, here we - # assume 10.8.0.4/255.255.255.0. Finally we - # must set aside an IP range in this subnet - # (start=10.8.0.50 end=10.8.0.100) to allocate - # to connecting clients. Leave this line commented - # out unless you are ethernet bridging. -# option server_bridge "10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100" - - # Push routes to the client to allow it - # to reach other private subnets behind - # the server. Remember that these - # private subnets will also need - # to know to route the OpenVPN client - # address pool (10.8.0.0/255.255.255.0) - # back to the OpenVPN server. -# list push "route 192.168.10.0 255.255.255.0" -# list push "route 192.168.20.0 255.255.255.0" - - # To assign specific IP addresses to specific - # clients or if a connecting client has a private - # subnet behind it that should also have VPN access, - # use the subdirectory "ccd" for client-specific - # configuration files (see man page for more info). - - # EXAMPLE: Suppose the client - # having the certificate common name "Thelonious" - # also has a small subnet behind his connecting - # machine, such as 192.168.40.128/255.255.255.248. - # First, uncomment out these lines: -# option client_config_dir /etc/openvpn/ccd -# list route "192.168.40.128 255.255.255.248" - # Then create a file ccd/Thelonious with this line: - # iroute 192.168.40.128 255.255.255.248 - # This will allow Thelonious' private subnet to - # access the VPN. This example will only work - # if you are routing, not bridging, i.e. you are - # using "dev tun" and "server" directives. - - # EXAMPLE: Suppose you want to give - # Thelonious a fixed VPN IP address of 10.9.0.1. - # First uncomment out these lines: -# option client_config_dir /etc/openvpn/ccd -# list route "10.9.0.0 255.255.255.252" -# list route "192.168.100.0 255.255.255.0" - # Then add this line to ccd/Thelonious: - # ifconfig-push "10.9.0.1 10.9.0.2" - - # Suppose that you want to enable different - # firewall access policies for different groups - # of clients. There are two methods: - # (1) Run multiple OpenVPN daemons, one for each - # group, and firewall the TUN/TAP interface - # for each group/daemon appropriately. - # (2) (Advanced) Create a script to dynamically - # modify the firewall in response to access - # from different clients. See man - # page for more info on learn-address script. -# option learn_address /etc/openvpn/script - - # If enabled, this directive will configure - # all clients to redirect their default - # network gateway through the VPN, causing - # all IP traffic such as web browsing and - # and DNS lookups to go through the VPN - # (The OpenVPN server machine may need to NAT - # the TUN/TAP interface to the internet in - # order for this to work properly). - # CAVEAT: May break client's network config if - # client's local DHCP server packets get routed - # through the tunnel. Solution: make sure - # client's local DHCP server is reachable via - # a more specific route than the default route - # of 0.0.0.0/0.0.0.0. -# list push "redirect-gateway" - - # Certain Windows-specific network settings - # can be pushed to clients, such as DNS - # or WINS server addresses. CAVEAT: - # http://openvpn.net/faq.html#dhcpcaveats -# list push "dhcp-option DNS 10.8.0.1" -# list push "dhcp-option WINS 10.8.0.1" - - # Uncomment this directive to allow different - # clients to be able to "see" each other. - # By default, clients will only see the server. - # To force clients to only see the server, you - # will also need to appropriately firewall the - # server's TUN/TAP interface. -# option client_to_client 1 - - # Uncomment this directive if multiple clients - # might connect with the same certificate/key - # files or common names. This is recommended - # only for testing purposes. For production use, - # each client should have its own certificate/key - # pair. - # - # IF YOU HAVE NOT GENERATED INDIVIDUAL - # CERTIFICATE/KEY PAIRS FOR EACH CLIENT, - # EACH HAVING ITS OWN UNIQUE "COMMON NAME", - # UNCOMMENT THIS LINE OUT. -# option duplicate_cn 1 - - # The keepalive directive causes ping-like - # messages to be sent back and forth over - # the link so that each side knows when - # the other side has gone down. - # Ping every 10 seconds, assume that remote - # peer is down if no ping received during - # a 120 second time period. - option keepalive "10 120" - - # For extra security beyond that provided - # by SSL/TLS, create an "HMAC firewall" - # to help block DoS attacks and UDP port flooding. - # - # Generate with: - # openvpn --genkey --secret ta.key - # - # The server and each client must have - # a copy of this key. - # The second parameter should be '0' - # on the server and '1' on the clients. - # This file is secret: -# option tls_auth "/etc/openvpn/ta.key 0" - - # For additional privacy, a shared secret key - # can be used for both authentication (as in tls_auth) - # and encryption of the TLS control channel. - # - # Generate a shared secret with: - # openvpn --genkey --secret ta.key - # - # The server and each client must have - # a copy of this key. - # - # tls_auth and tls_crypt should NOT - # be combined, as tls_crypt implies tls_auth. - # Use EITHER tls_crypt, tls_auth, or neither option. -# option tls_crypt "/etc/openvpn/ta.key" - - # Set the minimum required TLS protocol version - # for all connections. - # - # Require at least TLS 1.1 -# option tls_version_min "1.1" - # Require at least TLS 1.2 -# option tls_version_min "1.2" - # Require TLS 1.2, or the highest version supported - # on the system -# option tls_version_min "1.2 'or-highest'" - - # OpenVPN versions 2.4 and later will attempt to - # automatically negotiate the most secure cipher - # between the client and server, regardless of a - # configured "option cipher" (see below). - # Automatic negotiation is recommended. - # - # Uncomment this option to disable this behavior, - # and force all OpenVPN peers to use the configured - # cipher option instead (not recommended). -# option ncp_disable - - # Select a cryptographic cipher. - # This config item must be copied to - # the client config file as well. - # - # To see all supported ciphers, run: - # openvpn --show-ciphers - # - # Blowfish (default for backwards compatibility, - # but not recommended due to weaknesses): -# option cipher BF-CBC - # AES: -# option cipher AES-128-CBC - # Triple-DES: -# option cipher DES-EDE3-CBC - - # Enable compression on the VPN link. - # If you enable it here, you must also - # enable it in the client config file. - # - # Compression is not recommended, as compression and - # encryption in combination can weaken the security - # of the connection. - # - # LZ4 requires OpenVPN 2.4+ client and server -# option compress lz4 - # LZO is compatible with most OpenVPN versions - # (set "compress lzo" on 2.4+ clients, and "comp-lzo yes" on older clients) -# option compress lzo - - # The maximum number of concurrently connected - # clients we want to allow. -# option max_clients 100 - - # The persist options will try to avoid - # accessing certain resources on restart - # that may no longer be accessible because - # of the privilege downgrade. - option persist_key 1 - option persist_tun 1 - option user nobody - - # Output a short status file showing - # current connections, truncated - # and rewritten every minute. - option status /tmp/openvpn-status.log - - # By default, log messages will go to the syslog (or - # on Windows, if running as a service, they will go to - # the "\Program Files\OpenVPN\log" directory). - # Use log or log-append to override this default. - # "log" will truncate the log file on OpenVPN startup, - # while "log-append" will append to it. Use one - # or the other (but not both). -# option log /tmp/openvpn.log -# option log_append /tmp/openvpn.log - - # Set the appropriate level of log - # file verbosity. - # - # 0 is silent, except for fatal errors - # 4 is reasonable for general usage - # 5 and 6 can help to debug connection problems - # 9 is extremely verbose - option verb 3 - - # Silence repeating messages. At most 20 - # sequential messages of the same message - # category will be output to the log. -# option mute 20 - - -############################################## -# Sample client-side OpenVPN 2.0 uci config # -# for connecting to multi-client server. # -############################################## - -config openvpn sample_client - - # Set to 1 to enable this instance: - option enabled 0 - - # Specify that we are a client and that we - # will be pulling certain config file directives - # from the server. - option client 1 - - # Use the same setting as you are using on - # the server. - # On most systems, the VPN will not function - # unless you partially or fully disable - # the firewall for the TUN/TAP interface. -# option dev tap - option dev tun - - # Are we connecting to a TCP or - # UDP server? Use the same setting as - # on the server. -# option proto tcp - option proto udp - - # The hostname/IP and port of the server. - # You can have multiple remote entries - # to load balance between the servers. - list remote "my_server_1 1194" -# list remote "my_server_2 1194" - - # Choose a random host from the remote - # list for load_balancing. Otherwise - # try hosts in the order specified. -# option remote_random 1 - - # Keep trying indefinitely to resolve the - # host name of the OpenVPN server. Very useful - # on machines which are not permanently connected - # to the internet such as laptops. - option resolv_retry infinite - - # Most clients don't need to bind to - # a specific local port number. - option nobind 1 - - # Try to preserve some state across restarts. - option persist_key 1 - option persist_tun 1 - option user nobody - - # If you are connecting through an - # HTTP proxy to reach the actual OpenVPN - # server, put the proxy server/IP and - # port number here. See the man page - # if your proxy server requires - # authentication. - # retry on connection failures: -# option http_proxy_retry 1 - # specify http proxy address and port: -# option http_proxy "192.168.1.100 8080" - - # Wireless networks often produce a lot - # of duplicate packets. Set this flag - # to silence duplicate packet warnings. -# option mute_replay_warnings 1 - - # SSL/TLS parms. - # See the server config file for more - # description. It's best to use - # a separate .crt/.key file pair - # for each client. A single ca - # file can be used for all clients. - option ca /etc/openvpn/ca.crt - option cert /etc/openvpn/client.crt - option key /etc/openvpn/client.key - - # Verify server certificate by checking - # that the certicate has the key usage - # field set to "server". This is an - # important precaution to protect against - # a potential attack discussed here: - # http://openvpn.net/howto.html#mitm - # - # To use this feature, you will need to generate - # your server certificates with the nsCertType - # field set to "server". The build_key_server - # script in the easy_rsa folder will do this. -# option remote_cert_tls server - - # If a tls_auth key is used on the server - # then every client must also have the key. -# option tls_auth "/etc/openvpn/ta.key 1" - - # If a tls_crypt key is used on the server - # every client must also have the key. -# option tls_crypt "/etc/openvpn/ta.key" - - # Set the minimum required TLS protocol version - # for all connections. - # - # Require at least TLS 1.1 -# option tls_version_min "1.1" - # Require at least TLS 1.2 -# option tls_version_min "1.2" - # Require TLS 1.2, or the highest version supported - # on the system -# option tls_version_min "1.2 'or-highest'" - - # Select a cryptographic cipher. - # If the cipher option is used on the server - # then you must also specify it here. -# option cipher x - - # Enable compression on the VPN link. - # Don't enable this unless it is also - # enabled in the server config file. - # - # Compression is not recommended, as compression and - # encryption in combination can weaken the security - # of the connection. - # - # LZ4 requires OpenVPN 2.4+ on server and client -# option compress lz4 - # LZO is compatible with most OpenVPN versions -# option compress lzo - - # Set log file verbosity. - option verb 3 - - # Silence repeating messages -# option mute 20 diff --git a/package/network/services/openvpn/files/openvpn.init b/package/network/services/openvpn/files/openvpn.init deleted file mode 100644 index 487a2269e2..0000000000 --- a/package/network/services/openvpn/files/openvpn.init +++ /dev/null @@ -1,209 +0,0 @@ -#!/bin/sh /etc/rc.common -# Copyright (C) 2008-2013 OpenWrt.org -# Copyright (C) 2008 Jo-Philipp Wich -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. - -START=90 -STOP=10 - -USE_PROCD=1 -PROG=/usr/sbin/openvpn - -LIST_SEP=" -" - -UCI_STARTED= -UCI_DISABLED= - -append_param() { - local s="$1" - local v="$2" - case "$v" in - *_*_*_*) v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_} ;; - *_*_*) v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_} ;; - *_*) v=${v%%_*}-${v#*_} ;; - esac - echo -n "$v" >> "/var/etc/openvpn-$s.conf" - return 0 -} - -append_bools() { - local p; local v; local s="$1"; shift - for p in $*; do - config_get_bool v "$s" "$p" - [ "$v" = 1 ] && append_param "$s" "$p" && echo >> "/var/etc/openvpn-$s.conf" - done -} - -append_params() { - local p; local v; local s="$1"; shift - for p in $*; do - config_get v "$s" "$p" - IFS="$LIST_SEP" - for v in $v; do - [ -n "$v" ] && [ "$p" != "push" ] && append_param "$s" "$p" && echo " $v" >> "/var/etc/openvpn-$s.conf" - [ -n "$v" ] && [ "$p" = "push" ] && append_param "$s" "$p" && echo " \"$v\"" >> "/var/etc/openvpn-$s.conf" - done - unset IFS - done -} - -append_list() { - local p; local v; local s="$1"; shift - - list_cb_append() { - v="${v}:$1" - } - - for p in $*; do - unset v - config_list_foreach "$s" "$p" list_cb_append - [ -n "$v" ] && append_param "$s" "$p" && echo " ${v:1}" >> "/var/etc/openvpn-$s.conf" - done -} - -section_enabled() { - config_get_bool enable "$1" 'enable' 0 - config_get_bool enabled "$1" 'enabled' 0 - [ $enable -gt 0 ] || [ $enabled -gt 0 ] -} - -openvpn_get_dev() { - local dev dev_type - local name="$1" - local conf="$2" - - # Do override only for configurations with config_file - config_get config_file "$name" config - [ -n "$config_file" ] || return - - # Check there is someething to override - config_get dev "$name" dev - config_get dev_type "$name" dev_type - [ -n "$dev" ] || return - - # If there is a no dev_type, try to guess it - if [ -z "$dev_type" ]; then - . /lib/functions/openvpn.sh - - local odev odev_type - get_openvpn_option "$conf" odev dev - get_openvpn_option "$conf" odev_type dev-type - [ -n "$odev_type" ] || odev_type="$odev" - - case "$odev_type" in - tun*) dev_type="tun" ;; - tap*) dev_type="tap" ;; - *) return;; - esac - fi - - # Return overrides - echo "--dev-type $dev_type --dev $dev" -} - -openvpn_add_instance() { - local name="$1" - local dir="$2" - local conf="$3" - local security="$4" - - procd_open_instance "$name" - procd_set_param command "$PROG" \ - --syslog "openvpn($name)" \ - --status "/var/run/openvpn.$name.status" \ - --cd "$dir" \ - --config "$conf" \ - --up "/usr/libexec/openvpn-hotplug up $name" \ - --down "/usr/libexec/openvpn-hotplug down $name" \ - --script-security "${security:-2}" \ - $(openvpn_get_dev "$name" "$conf") - procd_set_param file "$dir/$conf" - procd_set_param term_timeout 15 - procd_set_param respawn - procd_append_param respawn 3600 - procd_append_param respawn 5 - procd_append_param respawn -1 - procd_close_instance -} - -start_instance() { - local s="$1" - - config_get config "$s" config - config="${config:+$(readlink -f "$config")}" - - section_enabled "$s" || { - append UCI_DISABLED "$config" "$LIST_SEP" - return 1 - } - - local script_security - config_get script_security "$s" script_security - - [ ! -d "/var/run" ] && mkdir -p "/var/run" - - if [ ! -z "$config" ]; then - append UCI_STARTED "$config" "$LIST_SEP" - openvpn_add_instance "$s" "${config%/*}" "$config" "$script_security" - return - fi - - [ ! -d "/var/etc" ] && mkdir -p "/var/etc" - [ -f "/var/etc/openvpn-$s.conf" ] && rm "/var/etc/openvpn-$s.conf" - - append_bools "$s" $OPENVPN_BOOLS - append_params "$s" $OPENVPN_PARAMS - append_list "$s" $OPENVPN_LIST - - openvpn_add_instance "$s" "/var/etc" "openvpn-$s.conf" "$script_security" -} - -start_service() { - local instance="$1" - local instance_found=0 - - config_cb() { - local type="$1" - local name="$2" - if [ "$type" = "openvpn" ]; then - if [ -n "$instance" -a "$instance" = "$name" ]; then - instance_found=1 - fi - fi - } - - . /usr/share/openvpn/openvpn.options - config_load 'openvpn' - - if [ -n "$instance" ]; then - [ "$instance_found" -gt 0 ] || return - start_instance "$instance" - else - config_foreach start_instance 'openvpn' - - local path name - for path in /etc/openvpn/*.conf; do - if [ -f "$path" ]; then - name="${path##*/}"; name="${name%.conf}" - - # don't start configs again that are already started by uci - if echo "$UCI_STARTED" | grep -qxF "$path"; then - continue - - # don't start configs which are set to disabled in uci - elif echo "$UCI_DISABLED" | grep -qxF "$path"; then - logger -t openvpn "$name.conf is disabled in /etc/config/openvpn" - continue - fi - - openvpn_add_instance "$name" "${path%/*}" "$path" - fi - done - fi -} - -service_triggers() { - procd_add_reload_trigger openvpn -} diff --git a/package/network/services/openvpn/files/openvpn.options b/package/network/services/openvpn/files/openvpn.options deleted file mode 100644 index 5d7a387cd3..0000000000 --- a/package/network/services/openvpn/files/openvpn.options +++ /dev/null @@ -1,194 +0,0 @@ -OPENVPN_PARAMS=' -askpass -auth -auth_retry -auth_user_pass -auth_user_pass_verify -bcast_buffers -ca -capath -cd -cert -chroot -cipher -client_config_dir -client_connect -client_disconnect -comp_lzo -compress -connect_freq -connect_retry -connect_retry_max -connect_timeout -crl_verify -dev -dev_node -dev_type -dh -ecdh_curve -echo -engine -explicit_exit_notify -extra_certs -fragment -group -hand_window -hash_size -http_proxy -http_proxy_option -http_proxy_timeout -ifconfig -ifconfig_ipv6 -ifconfig_ipv6_pool -ifconfig_ipv6_push -ifconfig_pool -ifconfig_pool_persist -ifconfig_push -inactive -ipchange -iroute -iroute_ipv6 -keepalive -key -key_direction -key_method -keysize -learn_address -link_mtu -lladdr -local -log -log_append -lport -management -management_log_cache -max_clients -max_routes_per_client -mode -mssfix -mtu_disc -mute -nice -ns_cert_type -ping -ping_exit -ping_restart -pkcs12 -plugin -port -port_share -prng -proto -pull_filter -push -rcvbuf -redirect_gateway -remap_usr1 -remote -remote_cert_eku -remote_cert_ku -remote_cert_tls -reneg_bytes -reneg_pkts -reneg_sec -replay_persist -replay_window -resolv_retry -route -route_delay -route_gateway -route_ipv6 -route_metric -route_pre_down -route_up -rport -secret -server -server_bridge -server_ipv6 -setenv -shaper -sndbuf -socks_proxy -status -status_version -syslog -tcp_queue_limit -tls_auth -tls_crypt -tls_timeout -tls_verify -tls_version_min -tmp_dir -topology -tran_window -tun_mtu -tun_mtu_extra -txqueuelen -user -verb -verify_client_cert -verify_x509_name -x509_username_field -' - -OPENVPN_BOOLS=' -allow_recursive_routing -auth_nocache -auth_user_pass_optional -bind -ccd_exclusive -client -client_to_client -comp_noadapt -disable -disable_occ -down_pre -duplicate_cn -fast_io -float -http_proxy_retry -ifconfig_noexec -ifconfig_nowarn -management_forget_disconnect -management_hold -management_query_passwords -management_signal -mktun -mlock -mtu_test -multihome -mute_replay_warnings -ncp_disable -nobind -opt_verify -passtos -persist_key -persist_local_ip -persist_remote_ip -persist_tun -ping_timer_rem -pull -push_reset -remote_random -rmtun -route_noexec -route_nopull -single_session -socks_proxy_retry -suppress_timestamps -tcp_nodelay -test_crypto -tls_client -tls_exit -tls_server -up_delay -up_restart -username_as_common_name -' - -OPENVPN_LIST=' -ncp_ciphers -tls_cipher -tls_ciphersuites -' diff --git a/package/network/services/openvpn/files/openvpn.upgrade b/package/network/services/openvpn/files/openvpn.upgrade deleted file mode 100644 index 6ae49d22d0..0000000000 --- a/package/network/services/openvpn/files/openvpn.upgrade +++ /dev/null @@ -1 +0,0 @@ -/etc/openvpn/ diff --git a/package/network/services/openvpn/files/usr/libexec/openvpn-hotplug b/package/network/services/openvpn/files/usr/libexec/openvpn-hotplug deleted file mode 100644 index 9235fbacfe..0000000000 --- a/package/network/services/openvpn/files/usr/libexec/openvpn-hotplug +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - -ACTION=$1 -shift -INSTANCE=$1 -shift - -export ACTION=$ACTION -export INSTANCE=$INSTANCE -exec /sbin/hotplug-call openvpn "$@" diff --git a/package/network/services/openvpn/patches/001-reproducible-remove_DATE.patch b/package/network/services/openvpn/patches/001-reproducible-remove_DATE.patch deleted file mode 100644 index 101fa12ba2..0000000000 --- a/package/network/services/openvpn/patches/001-reproducible-remove_DATE.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- a/src/openvpn/options.c -+++ b/src/openvpn/options.c -@@ -106,7 +106,6 @@ const char title_string[] = - #ifdef HAVE_AEAD_CIPHER_MODES - " [AEAD]" - #endif -- " built on " __DATE__ - ; - - #ifndef ENABLE_SMALL diff --git a/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch b/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch deleted file mode 100644 index cb16a906fe..0000000000 --- a/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/src/openvpn/ssl_mbedtls.c -+++ b/src/openvpn/ssl_mbedtls.c -@@ -1415,7 +1415,7 @@ const char * - get_ssl_library_version(void) - { - static char mbedtls_version[30]; -- unsigned int pv = mbedtls_version_get_number(); -+ unsigned int pv = MBEDTLS_VERSION_NUMBER; - sprintf( mbedtls_version, "mbed TLS %d.%d.%d", - (pv>>24)&0xff, (pv>>16)&0xff, (pv>>8)&0xff ); - return mbedtls_version; diff --git a/package/network/services/openvpn/patches/110-openssl-dont-use-deprecated-ssleay-symbols.patch b/package/network/services/openvpn/patches/110-openssl-dont-use-deprecated-ssleay-symbols.patch deleted file mode 100644 index c7faf7c0c0..0000000000 --- a/package/network/services/openvpn/patches/110-openssl-dont-use-deprecated-ssleay-symbols.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 17a476fd5c8cc49f1d103a50199e87ede76b1b67 Mon Sep 17 00:00:00 2001 -From: Steffan Karger -Date: Sun, 26 Nov 2017 16:04:00 +0100 -Subject: [PATCH] openssl: don't use deprecated SSLEAY/SSLeay symbols - -Compiling our current master against OpenSSL 1.1 with --DOPENSSL_API_COMPAT=0x10100000L screams bloody murder. This patch fixes -the errors about the deprecated SSLEAY/SSLeay symbols and defines. - -Signed-off-by: Steffan Karger -Acked-by: Gert Doering -Message-Id: <20171126150401.28565-1-steffan@karger.me> -URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15934.html -Signed-off-by: Gert Doering ---- - configure.ac | 1 + - src/openvpn/openssl_compat.h | 8 ++++++++ - src/openvpn/ssl_openssl.c | 2 +- - 3 files changed, 10 insertions(+), 1 deletion(-) - ---- a/configure.ac -+++ b/configure.ac -@@ -904,6 +904,7 @@ if test "${enable_crypto}" = "yes" -a "$ - EVP_MD_CTX_free \ - EVP_MD_CTX_reset \ - EVP_CIPHER_CTX_reset \ -+ OpenSSL_version \ - SSL_CTX_get_default_passwd_cb \ - SSL_CTX_get_default_passwd_cb_userdata \ - SSL_CTX_set_security_level \ ---- a/src/openvpn/openssl_compat.h -+++ b/src/openvpn/openssl_compat.h -@@ -689,6 +689,14 @@ EC_GROUP_order_bits(const EC_GROUP *grou - #endif - - /* SSLeay symbols have been renamed in OpenSSL 1.1 */ -+#ifndef OPENSSL_VERSION -+#define OPENSSL_VERSION SSLEAY_VERSION -+#endif -+ -+#ifndef HAVE_OPENSSL_VERSION -+#define OpenSSL_version SSLeay_version -+#endif -+ - #if !defined(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT) - #define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT RSA_F_RSA_EAY_PRIVATE_ENCRYPT - #endif ---- a/src/openvpn/ssl_openssl.c -+++ b/src/openvpn/ssl_openssl.c -@@ -2008,7 +2008,7 @@ get_highest_preference_tls_cipher(char * - const char * - get_ssl_library_version(void) - { -- return SSLeay_version(SSLEAY_VERSION); -+ return OpenSSL_version(OPENSSL_VERSION); - } - - #endif /* defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_OPENSSL) */ diff --git a/package/network/services/openvpn/patches/111-openssl-add-missing-include-statements.patch b/package/network/services/openvpn/patches/111-openssl-add-missing-include-statements.patch deleted file mode 100644 index 6a62b16500..0000000000 --- a/package/network/services/openvpn/patches/111-openssl-add-missing-include-statements.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 1987498271abadf042d8bb3feee1fe0d877a9d55 Mon Sep 17 00:00:00 2001 -From: Steffan Karger -Date: Sun, 26 Nov 2017 16:49:12 +0100 -Subject: [PATCH] openssl: add missing #include statements - -Compiling our current master against OpenSSL 1.1 with --DOPENSSL_API_COMPAT=0x10100000L screams bloody murder. This patch fixes -the errors caused by missing includes. Previous openssl versions would -usually include 'the rest of the world', but they're fixing that. So we -should no longer rely on it. - -(And sneaking in alphabetic ordering of the includes while touching them.) - -Signed-off-by: Steffan Karger -Acked-by: Gert Doering -Message-Id: <20171126154912.13283-1-steffan@karger.me> -URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15936.html -Signed-off-by: Gert Doering ---- - src/openvpn/openssl_compat.h | 1 + - src/openvpn/ssl_openssl.c | 6 +++++- - src/openvpn/ssl_verify_openssl.c | 3 ++- - 3 files changed, 8 insertions(+), 2 deletions(-) - ---- a/src/openvpn/openssl_compat.h -+++ b/src/openvpn/openssl_compat.h -@@ -42,6 +42,7 @@ - - #include "buffer.h" - -+#include - #include - #include - ---- a/src/openvpn/ssl_openssl.c -+++ b/src/openvpn/ssl_openssl.c -@@ -52,10 +52,14 @@ - - #include "ssl_verify_openssl.h" - -+#include -+#include -+#include -+#include - #include - #include -+#include - #include --#include - #ifndef OPENSSL_NO_EC - #include - #endif ---- a/src/openvpn/ssl_verify_openssl.c -+++ b/src/openvpn/ssl_verify_openssl.c -@@ -44,8 +44,9 @@ - #include "ssl_verify_backend.h" - #include "openssl_compat.h" - --#include -+#include - #include -+#include - - int - verify_callback(int preverify_ok, X509_STORE_CTX *ctx) diff --git a/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch b/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch deleted file mode 100644 index 5cf5174a9d..0000000000 --- a/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch +++ /dev/null @@ -1,74 +0,0 @@ ---- a/configure.ac -+++ b/configure.ac -@@ -1080,68 +1080,15 @@ dnl - AC_ARG_VAR([LZ4_CFLAGS], [C compiler flags for lz4]) - AC_ARG_VAR([LZ4_LIBS], [linker flags for lz4]) - if test "$enable_lz4" = "yes" && test "$enable_comp_stub" = "no"; then -- if test -z "${LZ4_CFLAGS}" -a -z "${LZ4_LIBS}"; then -- # if the user did not explicitly specify flags, try to autodetect -- PKG_CHECK_MODULES([LZ4], -- [liblz4 >= 1.7.1 liblz4 < 100], -- [have_lz4="yes"], -- [LZ4_LIBS="-llz4"] # If this fails, we will do another test next. -- # We also add set LZ4_LIBS otherwise the -- # linker will not know about the lz4 library -- ) -- fi - - saved_CFLAGS="${CFLAGS}" - saved_LIBS="${LIBS}" - CFLAGS="${CFLAGS} ${LZ4_CFLAGS}" - LIBS="${LIBS} ${LZ4_LIBS}" - -- # If pkgconfig check failed or LZ4_CFLAGS/LZ4_LIBS env vars -- # are used, check the version directly in the LZ4 include file -- if test "${have_lz4}" != "yes"; then -- AC_CHECK_HEADERS([lz4.h], -- [have_lz4h="yes"], -- []) -- -- if test "${have_lz4h}" = "yes" ; then -- AC_MSG_CHECKING([additionally if system LZ4 version >= 1.7.1]) -- AC_COMPILE_IFELSE( -- [AC_LANG_PROGRAM([[ --#include -- ]], -- [[ --/* Version encoding: MMNNPP (Major miNor Patch) - see lz4.h for details */ --#if LZ4_VERSION_NUMBER < 10701L --#error LZ4 is too old --#endif -- ]] -- )], -- [ -- AC_MSG_RESULT([ok]) -- have_lz4="yes" -- ], -- [AC_MSG_RESULT([system LZ4 library is too old])] -- ) -- fi -- fi -- -- # Double check we have a few needed functions -- if test "${have_lz4}" = "yes" ; then -- AC_CHECK_LIB([lz4], -- [LZ4_compress_default], -- [], -- [have_lz4="no"]) -- AC_CHECK_LIB([lz4], -- [LZ4_decompress_safe], -- [], -- [have_lz4="no"]) -- fi -- -- if test "${have_lz4}" != "yes" ; then -- AC_MSG_RESULT([ usable LZ4 library or header not found, using version in src/compat/compat-lz4.*]) -- AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/]) -- LZ4_LIBS="" -- fi -+ AC_MSG_RESULT([ usable LZ4 library or header not found, using version in src/compat/compat-lz4.*]) -+ AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/]) -+ LZ4_LIBS="" - OPTIONAL_LZ4_CFLAGS="${LZ4_CFLAGS}" - OPTIONAL_LZ4_LIBS="${LZ4_LIBS}" - AC_DEFINE(ENABLE_LZ4, [1], [Enable LZ4 compression library]) diff --git a/package/network/services/openvpn/patches/220-disable_des.patch b/package/network/services/openvpn/patches/220-disable_des.patch deleted file mode 100644 index 2b8f47a802..0000000000 --- a/package/network/services/openvpn/patches/220-disable_des.patch +++ /dev/null @@ -1,81 +0,0 @@ ---- a/src/openvpn/syshead.h -+++ b/src/openvpn/syshead.h -@@ -597,11 +597,11 @@ socket_defined(const socket_descriptor_t - /* - * Should we include NTLM proxy functionality - */ --#if defined(ENABLE_CRYPTO) --#define NTLM 1 --#else -+//#if defined(ENABLE_CRYPTO) -+//#define NTLM 1 -+//#else - #define NTLM 0 --#endif -+//#endif - - /* - * Should we include proxy digest auth functionality ---- a/src/openvpn/crypto_mbedtls.c -+++ b/src/openvpn/crypto_mbedtls.c -@@ -319,6 +319,7 @@ int - key_des_num_cblocks(const mbedtls_cipher_info_t *kt) - { - int ret = 0; -+#ifdef MBEDTLS_DES_C - if (kt->type == MBEDTLS_CIPHER_DES_CBC) - { - ret = 1; -@@ -331,6 +332,7 @@ key_des_num_cblocks(const mbedtls_cipher - { - ret = 3; - } -+#endif - - dmsg(D_CRYPTO_DEBUG, "CRYPTO INFO: n_DES_cblocks=%d", ret); - return ret; -@@ -339,6 +341,7 @@ key_des_num_cblocks(const mbedtls_cipher - bool - key_des_check(uint8_t *key, int key_len, int ndc) - { -+#ifdef MBEDTLS_DES_C - int i; - struct buffer b; - -@@ -367,11 +370,15 @@ key_des_check(uint8_t *key, int key_len, - - err: - return false; -+#else -+ return true; -+#endif - } - - void - key_des_fixup(uint8_t *key, int key_len, int ndc) - { -+#ifdef MBEDTLS_DES_C - int i; - struct buffer b; - -@@ -386,6 +393,7 @@ key_des_fixup(uint8_t *key, int key_len, - } - mbedtls_des_key_set_parity(key); - } -+#endif - } - - /* -@@ -705,10 +713,12 @@ cipher_des_encrypt_ecb(const unsigned ch - unsigned char *src, - unsigned char *dst) - { -+#ifdef MBEDTLS_DES_C - mbedtls_des_context ctx; - - ASSERT(mbed_ok(mbedtls_des_setkey_enc(&ctx, key))); - ASSERT(mbed_ok(mbedtls_des_crypt_ecb(&ctx, src, dst))); -+#endif - } - - diff --git a/package/network/utils/iftop/Makefile b/package/network/utils/iftop/Makefile deleted file mode 100644 index 98fe15c8f5..0000000000 --- a/package/network/utils/iftop/Makefile +++ /dev/null @@ -1,45 +0,0 @@ -# -# Copyright (C) 2006 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -include $(TOPDIR)/rules.mk - -PKG_NAME:=iftop -PKG_RELEASE:=1 - -PKG_SOURCE_PROTO:=git -PKG_SOURCE_URL:=https://code.blinkace.com/pdw/iftop.git -PKG_SOURCE_DATE:=2018-10-03 -PKG_SOURCE_VERSION:=77901c8c53e01359d83b8090aacfe62214658183 -PKG_MIRROR_HASH:=219231541a437f5aecd497796be0202d337e13f141359a93595bf2cd8c5c5544 -PKG_MAINTAINER:=Jo-Philipp Wich -PKG_LICENSE:=GPL-2.0 - -PKG_FIXUP:=autoreconf - -include $(INCLUDE_DIR)/package.mk - -define Package/iftop - SECTION:=net - CATEGORY:=Network - DEPENDS:=+libpcap +libncurses +libpthread - TITLE:=display bandwith usage on an interface - URL:=http://www.ex-parrot.com/~pdw/iftop/ -endef - -define Package/iftop/description - iftop does for network usage what top(1) does for CPU usage. It - listens to network traffic on a named interface and displays a - table of current bandwidth usage by pairs of hosts. Handy for - answering the question 'why is our ADSL link so slow?'. -endef - -define Package/iftop/install - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/iftop $(1)/usr/bin/ -endef - -$(eval $(call BuildPackage,iftop)) diff --git a/package/system/opkg/Makefile b/package/system/opkg/Makefile index c29dcb891e..4a7288d2e4 100644 --- a/package/system/opkg/Makefile +++ b/package/system/opkg/Makefile @@ -14,9 +14,9 @@ PKG_FLAGS:=essential PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://git.openwrt.org/project/opkg-lede.git -PKG_SOURCE_DATE:=2020-11-25 -PKG_SOURCE_VERSION:=66f458decf9fd2839d77bf420e93d9c78025488a -PKG_MIRROR_HASH:=932cf0002fd05e8a231df6d3e2c807b2c62501aa36ac2a3e20665622872e262d +PKG_SOURCE_DATE:=2020-12-05 +PKG_SOURCE_VERSION:=efb26a35e4e5446f135307c4ff7df9e9563c23a9 +PKG_MIRROR_HASH:=9294140567f1b122a7229fc80ab1b70e167b478c1a3062e0b64631c189beeda5 PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING diff --git a/package/system/selinux-policy/Makefile b/package/system/selinux-policy/Makefile index c2cef3a270..dad57e16b8 100644 --- a/package/system/selinux-policy/Makefile +++ b/package/system/selinux-policy/Makefile @@ -8,8 +8,8 @@ include $(TOPDIR)/rules.mk PKG_NAME:=selinux-policy PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://git.defensec.nl/selinux-policy.git -PKG_VERSION:=0.3 -PKG_MIRROR_HASH:=8f224e4e0ecb459648563862e26fcd5d4d113de5daa277363fc4316da5a05360 +PKG_VERSION:=0.4 +PKG_MIRROR_HASH:=6bf4df7df2e1a4f641e4068ec79b1f4921e29e531d5b76843f39c79470e646f8 PKG_SOURCE_VERSION:=v$(PKG_VERSION) PKG_BUILD_DEPENDS:=secilc/host policycoreutils/host @@ -44,6 +44,7 @@ endef define Package/selinux-policy/install $(INSTALL_DIR) $(1)/etc/selinux/$(PKG_NAME)/contexts/files/ $(INSTALL_DIR) $(1)/etc/selinux/$(PKG_NAME)/policy/ + $(INSTALL_DATA) $(PKG_BUILD_DIR)/customizable_types $(1)/etc/selinux/$(PKG_NAME)/contexts/ $(INSTALL_DATA) $(PKG_BUILD_DIR)/file_contexts.subs_dist $(1)/etc/selinux/$(PKG_NAME)/contexts/files/ $(INSTALL_DATA) $(PKG_BUILD_DIR)/file_contexts $(1)/etc/selinux/$(PKG_NAME)/contexts/files/ $(INSTALL_CONF) $(PKG_BUILD_DIR)/policy.* $(1)/etc/selinux/$(PKG_NAME)/policy/ diff --git a/scripts/feeds b/scripts/feeds index e402200194..122f8568cb 100755 --- a/scripts/feeds +++ b/scripts/feeds @@ -517,19 +517,19 @@ sub install_src { my $force = shift; my $ret = 0; - $feed = lookup_src($feed, $name); - unless ($feed) { + my $select_feed = lookup_src($feed, $name); + unless ($select_feed) { $installed{$name} and return 0; $feed_src->{$name} or warn "WARNING: No feed for source package '$name' found\n"; return 0; } # switch to the metadata for the selected feed - get_feed($feed->[1]); + get_feed($select_feed->[1]); my $src = $feed_src->{$name} or return 1; # enable force flag if feed src line was declared with --force - if (exists($feed->[3]{force})) { + if (exists($select_feed->[3]{force})) { $force = 1; } @@ -557,12 +557,12 @@ sub install_src { } if ($override) { - warn "Overriding core package '$name' with version from $feed->[1]\n"; + warn "Overriding core package '$name' with version from $select_feed->[1]\n"; } else { - warn "Installing package '$name' from $feed->[1]\n"; + warn "Installing package '$name' from $select_feed->[1]\n"; } - do_install_src($feed, $src) == 0 or do { + do_install_src($select_feed, $src) == 0 or do { warn "failed.\n"; return 1; }; @@ -597,15 +597,15 @@ sub install_package { my $name = shift; my $force = shift; - $feed = lookup_package($feed, $name); - unless ($feed) { + my $select_feed = lookup_package($feed, $name); + unless ($select_feed) { $installed_pkg{$name} and return 0; $feed_vpackage->{$name} or warn "WARNING: No feed for package '$name' found\n"; return 0; } # switch to the metadata for the selected feed - get_feed($feed->[1]); + get_feed($select_feed->[1]); my $pkg = $feed_vpackage->{$name} or return 1; return install_src($feed, $pkg->[0]{src}{name}, $force); } @@ -615,14 +615,12 @@ sub install_target_or_package { my $name = shift; my $force = shift; - my $this_feed_target = lookup_target($feed, $name); - $this_feed_target and do { - return install_target($this_feed_target, $name); + lookup_target($feed, $name) and do { + return install_target($feed, $name); }; - my $this_feed_src = lookup_src($feed, $name); - $this_feed_src and do { - return install_src($this_feed_src, $name, $force); + lookup_src($feed, $name) and do { + return install_src($feed, $name, $force); }; return install_package($feed, $name, $force);