tqcq/small-package
0
0
Fork 0
mirror of https://github.com/kenzok8/small-package.git synced 2026-02-08 07:37:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

update 2023-02-05 22:37:08

Browse Source
This commit is contained in:
github-actions[bot]
2023-02-05 22:37:08 +08:00
parent 58ea8e24eb
commit 2517cc91eb
48 changed files with 2821 additions and 1427 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
luci-app-openclash/Makefile
View File

@@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-openclash
PKG_VERSION:=0.45.78
PKG_VERSION:=0.45.87
PKG_RELEASE:=beta
PKG_MAINTAINER:=vernesong <https://github.com/vernesong/OpenClash>
@@ -63,12 +63,13 @@ define Build/Prepare
cp -f "$(PKG_BUILD_DIR)/root/etc/openclash/custom/openclash_custom_netflix_domains.list" "$(PKG_BUILD_DIR)/root/usr/share/openclash/backup/openclash_custom_netflix_domains.list" >/dev/null 2>&1
cp -f "$(PKG_BUILD_DIR)/root/etc/openclash/custom/openclash_force_sniffing_domain.yaml" "$(PKG_BUILD_DIR)/root/usr/share/openclash/backup/openclash_force_sniffing_domain.yaml" >/dev/null 2>&1
cp -f "$(PKG_BUILD_DIR)/root/etc/openclash/custom/openclash_sniffing_domain_filter.yaml" "$(PKG_BUILD_DIR)/root/usr/share/openclash/backup/openclash_sniffing_domain_filter.yaml" >/dev/null 2>&1
cp -f "$(PKG_BUILD_DIR)/root/etc/openclash/custom/openclash_sniffing_port_filter.yaml" "$(PKG_BUILD_DIR)/root/usr/share/openclash/backup/openclash_sniffing_port_filter.yaml" >/dev/null 2>&1
cp -f "$(PKG_BUILD_DIR)/root/etc/openclash/custom/openclash_sniffing_ports_filter.yaml" "$(PKG_BUILD_DIR)/root/usr/share/openclash/backup/openclash_sniffing_ports_filter.yaml" >/dev/null 2>&1
cp -f "$(PKG_BUILD_DIR)/root/etc/openclash/custom/openclash_custom_localnetwork_ipv4.list" "$(PKG_BUILD_DIR)/root/usr/share/openclash/backup/openclash_custom_localnetwork_ipv4.list" >/dev/null 2>&1
cp -f "$(PKG_BUILD_DIR)/root/etc/openclash/custom/openclash_custom_localnetwork_ipv6.list" "$(PKG_BUILD_DIR)/root/usr/share/openclash/backup/openclash_custom_localnetwork_ipv6.list" >/dev/null 2>&1
cp -f "$(PKG_BUILD_DIR)/root/etc/openclash/custom/openclash_custom_chnroute_pass.list" "$(PKG_BUILD_DIR)/root/usr/share/openclash/backup/openclash_custom_chnroute_pass.list" >/dev/null 2>&1
cp -f "$(PKG_BUILD_DIR)/root/etc/openclash/custom/openclash_custom_chnroute6_pass.list" "$(PKG_BUILD_DIR)/root/usr/share/openclash/backup/openclash_custom_chnroute6_pass.list" >/dev/null 2>&1
cp -f "$(PKG_BUILD_DIR)/root/etc/openclash/custom/openclash_custom_firewall_rules.sh" "$(PKG_BUILD_DIR)/root/usr/share/openclash/backup/openclash_custom_firewall_rules.sh" >/dev/null 2>&1
cp -f "$(PKG_BUILD_DIR)/root/usr/share/openclash/yml_change.sh" "$(PKG_BUILD_DIR)/root/usr/share/openclash/backup/yml_change.sh" >/dev/null 2>&1
exit 0
endef
@@ -108,6 +109,8 @@ endef
define Package/$(PKG_NAME)/postrm
#!/bin/sh
dnsmasqconfdir="$(uci -q get dhcp.@dnsmasq[0].confdir || echo '/tmp/dnsmasq.d')"
dnsmasqconfdir="${dnsmasqconfdir%*/}"
rm -rf /etc/openclash >/dev/null 2>&1
rm -rf /tmp/openclash.log >/dev/null 2>&1
rm -rf /tmp/openclash_start.log >/dev/null 2>&1
@@ -119,11 +122,10 @@ define Package/$(PKG_NAME)/postrm
rm -rf /tmp/rule_providers_name >/dev/null 2>&1
rm -rf /tmp/clash_last_version >/dev/null 2>&1
rm -rf /usr/share/openclash/backup >/dev/null 2>&1
rm -rf /tmp/dnsmasq.d/dnsmasq_openclash.conf >/dev/null 2>&1
rm -rf /tmp/dnsmasq.d/dnsmasq_openclash_custom_domain.conf >/dev/null 2>&1
rm -rf /tmp/dnsmasq.d/dnsmasq_openclash_chnroute_pass.conf >/dev/null 2>&1
rm -rf /tmp/dnsmasq.d/dnsmasq_openclash_chnroute6_pass.conf >/dev/null 2>&1
rm -rf /tmp/dnsmasq.d/dnsmasq_accelerated-domains.china.conf >/dev/null 2>&1
rm -rf ${dnsmasqconfdir}/dnsmasq_openclash_custom_domain.conf >/dev/null 2>&1
rm -rf ${dnsmasqconfdir}/dnsmasq_openclash_chnroute_pass.conf >/dev/null 2>&1
rm -rf ${dnsmasqconfdir}/dnsmasq_openclash_chnroute6_pass.conf >/dev/null 2>&1
rm -rf ${dnsmasqconfdir}/dnsmasq_accelerated-domains.china.conf >/dev/null 2>&1
rm -rf /tmp/dler* >/dev/null 2>&1
rm -rf /tmp/etc/openclash >/dev/null 2>&1
rm -rf /tmp/openclash_edit_file_name >/dev/null 2>&1

33
luci-app-openclash/luasrc/controller/openclash.lua
View File

@@ -30,7 +30,6 @@ function index()
entry({"admin", "services", "openclash", "update_ma"},call("action_update_ma"))
entry({"admin", "services", "openclash", "opupdate"},call("action_opupdate"))
entry({"admin", "services", "openclash", "coreupdate"},call("action_coreupdate"))
entry({"admin", "services", "openclash", "ping"}, call("act_ping"))
entry({"admin", "services", "openclash", "flush_fakeip_cache"}, call("action_flush_fakeip_cache"))
entry({"admin", "services", "openclash", "download_rule"}, call("action_download_rule"))
entry({"admin", "services", "openclash", "download_netflix_domains"}, call("action_download_netflix_domains"))
@@ -60,6 +59,7 @@ function index()
entry({"admin", "services", "openclash", "toolbar_show"}, call("action_toolbar_show"))
entry({"admin", "services", "openclash", "toolbar_show_sys"}, call("action_toolbar_show_sys"))
entry({"admin", "services", "openclash", "diag_connection"}, call("action_diag_connection"))
entry({"admin", "services", "openclash", "diag_dns"}, call("action_diag_dns"))
entry({"admin", "services", "openclash", "gen_debug_logs"}, call("action_gen_debug_logs"))
entry({"admin", "services", "openclash", "log_level"}, call("action_log_level"))
entry({"admin", "services", "openclash", "switch_log"}, call("action_switch_log"))
@@ -369,6 +369,9 @@ function action_restore_config()
luci.sys.call("/etc/init.d/openclash stop >/dev/null 2>&1")
luci.sys.call("cp '/usr/share/openclash/backup/openclash' '/etc/config/openclash' >/dev/null 2>&1 &")
luci.sys.call("cp /usr/share/openclash/backup/openclash_custom* /etc/openclash/custom/ >/dev/null 2>&1 &")
luci.sys.call("cp /usr/share/openclash/backup/openclash_force_sniffing* /etc/openclash/custom/ >/dev/null 2>&1 &")
luci.sys.call("cp /usr/share/openclash/backup/openclash_sniffing* /etc/openclash/custom/ >/dev/null 2>&1 &")
luci.sys.call("cp /usr/share/openclash/backup/yml_change.sh /usr/share/openclash/yml_change.sh >/dev/null 2>&1 &")
luci.sys.call("rm -rf /etc/openclash/history/* >/dev/null 2>&1 &")
luci.http.redirect(luci.dispatcher.build_url('admin/services/openclash/settings'))
end
@@ -1088,14 +1091,6 @@ function action_update_geosite()
return luci.sys.call("/usr/share/openclash/openclash_geosite.sh >/dev/null 2>&1")
end
function act_ping()
local e={}
e.index=luci.http.formvalue("index")
e.ping=luci.sys.exec("ping -c 1 -W 1 %q 2>&1 | grep -o 'time=[0-9]*.[0-9]' | awk -F '=' '{print$2}'"%luci.http.formvalue("domain"))
luci.http.prepare_content("application/json")
luci.http.write_json(e)
end
function action_download_rule()
luci.http.prepare_content("application/json")
luci.http.write_json({
@@ -1283,6 +1278,26 @@ function action_diag_connection()
luci.http.status(500, "Bad address")
end
function action_diag_dns()
local addr = luci.http.formvalue("addr")
if addr and datatype.hostname(addr)then
local cmd = string.format("/usr/share/openclash/openclash_debug_dns.lua %s", addr)
luci.http.prepare_content("text/plain")
local util = io.popen(cmd)
if util and util ~= "" then
while true do
local ln = util:read("*l")
if not ln then break end
luci.http.write(ln)
luci.http.write("\n")
end
util:close()
end
return
end
luci.http.status(500, "Bad address")
end
function action_gen_debug_logs()
local gen_log = luci.sys.call("/usr/share/openclash/openclash_debug.sh")
if not gen_log then return end

3
luci-app-openclash/luasrc/model/cbi/openclash/game-rules-manage.lua
View File

@@ -24,7 +24,8 @@ o = a:option(Button, "Refresh", " ")
o.inputtitle = translate("Refresh Page")
o.inputstyle = "apply"
o.write = function()
HTTP.redirect(DISP.build_url("admin", "services", "openclash", "game-rules-manage"))
SYS.call("rm -rf /tmp/rules_name 2>/dev/null")
HTTP.redirect(DISP.build_url("admin", "services", "openclash", "game-rules-manage"))
end
o = a:option(Button, "Apply", " ")

3
luci-app-openclash/luasrc/model/cbi/openclash/rule-providers-manage.lua
View File

@@ -26,7 +26,8 @@ o = a:option(Button, "Refresh", " ")
o.inputtitle = translate("Refresh Page")
o.inputstyle = "apply"
o.write = function()
HTTP.redirect(DISP.build_url("admin", "services", "openclash", "rule-providers-manage"))
SYS.call("rm -rf /tmp/rule_providers_name 2>/dev/null")
HTTP.redirect(DISP.build_url("admin", "services", "openclash", "rule-providers-manage"))
end
o = a:option(Button, "Apply", " ")

101
luci-app-openclash/luasrc/model/cbi/openclash/servers-config.lua
View File

@@ -61,6 +61,7 @@ local encrypt_methods_ssr = {
local securitys = {
"auto",
"none",
"zero",
"aes-128-gcm",
"chacha20-poly1305"
}
@@ -362,28 +363,11 @@ o:depends("type", "wireguard")
o = s:option(ListValue, "xudp", translate("XUDP Enable")..translate("(Only Meta Core)"))
o.rmempty = true
o.default = "false"
o.default = "true"
o:value("true")
o:value("false")
o:depends({type = "vmess", udp = "true"})
o = s:option(Value, "packet_encoding", translate("Packet-Encoding")..translate("(Only Meta Core)"))
o.rmempty = true
o:depends("type", "vmess")
o = s:option(ListValue, "global_padding", translate("Global-Padding")..translate("(Only Meta Core)"))
o.rmempty = true
o.default = "false"
o:value("true")
o:value("false")
o:depends("type", "vmess")
o = s:option(ListValue, "authenticated_length", translate("Authenticated-Length")..translate("(Only Meta Core)"))
o.rmempty = true
o.default = "false"
o:value("true")
o:value("false")
o:depends("type", "vmess")
o:depends({type = "vless", udp = "true"})
o = s:option(ListValue, "obfs", translate("obfs-mode"))
o.rmempty = true
@@ -392,6 +376,7 @@ o:value("none")
o:value("tls")
o:value("http")
o:value("websocket", translate("websocket (ws)"))
o:value("shadow-tls", translate("shadow-tls")..translate("(Only Meta Core)"))
o:depends("type", "ss")
o = s:option(ListValue, "obfs_snell", translate("obfs-mode"))
@@ -435,9 +420,14 @@ o.rmempty = true
o:depends("obfs", "tls")
o:depends("obfs", "http")
o:depends("obfs", "websocket")
o:depends("obfs", "shadow-tls")
o:depends("obfs_snell", "tls")
o:depends("obfs_snell", "http")
o = s:option(Value, "obfs_password", translate("obfs-password"))
o.rmempty = true
o:depends("obfs", "shadow-tls")
-- vmess路径
o = s:option(Value, "path", translate("path"))
o.rmempty = true
@@ -514,7 +504,7 @@ o:depends("type", "hysteria")
o:depends("type", "tuic")
-- [[ TLS ]]--
o = s:option(ListValue, "tls", translate("tls"))
o = s:option(ListValue, "tls", translate("TLS"))
o.rmempty = true
o.default = "false"
o:value("true")
@@ -671,16 +661,76 @@ o:value("false")
o.default = "false"
o:depends("type", "hysteria")
-- [[ fingerprint ]]--
o = s:option(Value, "fingerprint", translate("Fingerprint"))
o.rmempty = true
o:depends("type", "hysteria")
-- [[ hop_interval ]]--
o = s:option(Value, "hop_interval", translate("Hop Interval"))
o.rmempty = true
o.default = "10"
o:depends("type", "hysteria")
o = s:option(ListValue, "packet-addr", translate("Packet-Addr")..translate("(Only Meta Core)"))
o.rmempty = true
o.default = "true"
o:value("true")
o:value("false")
o:depends({type = "vless", xudp = "false"})
o = s:option(Value, "packet_encoding", translate("Packet-Encoding")..translate("(Only Meta Core)"))
o.rmempty = true
o:depends("type", "vmess")
o:depends("type", "vless")
o = s:option(ListValue, "global_padding", translate("Global-Padding")..translate("(Only Meta Core)"))
o.rmempty = true
o.default = "false"
o:value("true")
o:value("false")
o:depends("type", "vmess")
o = s:option(ListValue, "authenticated_length", translate("Authenticated-Length")..translate("(Only Meta Core)"))
o.rmempty = true
o.default = "false"
o:value("true")
o:value("false")
o:depends("type", "vmess")
-- [[ fingerprint ]]--
o = s:option(Value, "fingerprint", translate("Fingerprint")..translate("(Only Meta Core)"))
o.rmempty = true
o:depends("type", "hysteria")
o:depends("type", "socks5")
o:depends("type", "trojan")
o:depends("type", "vless")
o:depends({type = "ss", obfs = "websocket"})
o:depends({type = "ss", obfs = "shadow-tls"})
o:depends({type = "vmess", obfs_vmess = "websocket"})
o:depends({type = "vmess", obfs_vmess = "h2"})
o:depends({type = "vmess", obfs_vmess = "grpc"})
-- [[ client-fingerprint ]]--
o = s:option(ListValue, "client_fingerprint", translate("Client Fingerprint")..translate("(Only Meta Core)"))
o.rmempty = true
o:value("random")
o:value("chrome")
o:value("firefox")
o:value("safari")
o.default = "random"
o:depends("type", "vless")
o:depends({type = "trojan", obfs_vmess = "grpc"})
o:depends({type = "vmess", obfs_vmess = "websocket"})
o:depends({type = "vmess", obfs_vmess = "http"})
o:depends({type = "vmess", obfs_vmess = "h2"})
o:depends({type = "vmess", obfs_vmess = "grpc"})
-- [[ client-fingerprint ]]--
o = s:option(ListValue, "ip_version", translate("IP Version")..translate("(Only Meta Core)"))
o.rmempty = true
o:value("dual")
o:value("ipv4")
o:value("ipv4-prefer")
o:value("ipv6")
o:value("ipv6-prefer")
o.default = "dual"
-- [[ interface-name ]]--
o = s:option(Value, "interface_name", translate("interface-name"))
o.rmempty = true
@@ -712,7 +762,6 @@ o.inputtitle = translate("Commit Settings")
o.inputstyle = "apply"
o.write = function()
m.uci:commit(openclash)
sys.call("/usr/share/openclash/cfg_servers_address_fake_filter.sh &")
luci.http.redirect(m.redirect)
end

5
luci-app-openclash/luasrc/model/cbi/openclash/servers.lua
View File

@@ -198,10 +198,6 @@ function o.cfgvalue(...)
end
end
o = s:option(DummyValue,"server",translate("Ping Latency"))
o.template="openclash/ping"
o.width="10%"
local tt = {
{Delete_Unused_Servers, Delete_Servers, Delete_Proxy_Provider, Delete_Groups}
}
@@ -284,7 +280,6 @@ o.write = function()
luci.http.redirect(luci.dispatcher.build_url("admin", "services", "openclash"))
end
m:append(Template("openclash/server_list"))
m:append(Template("openclash/toolbar_show"))
return m

222
luci-app-openclash/luasrc/model/cbi/openclash/settings.lua
View File

@@ -43,11 +43,13 @@ else
s:tab("rules", translate("Rules Setting"))
end
s:tab("dashboard", translate("Dashboard Settings"))
s:tab("ipv6", translate("IPv6 Settings"))
s:tab("rules_update", translate("Rules Update"))
s:tab("geo_update", translate("GEO Update"))
s:tab("chnr_update", translate("Chnroute Update"))
s:tab("auto_restart", translate("Auto Restart"))
s:tab("version_update", translate("Version Update"))
s:tab("developer", translate("Developer Settings"))
s:tab("debug", translate("Debug Logs"))
s:tab("dlercloud", translate("Dler Cloud"))
@@ -94,15 +96,6 @@ o.description = translate("Only Supported for Rule Mode")..", "..font_red..bold_
o.default = 1
o:depends("proxy_mode", "rule")
o = s:taboption("op_mode", Flag, "ipv6_enable", font_red..bold_on..translate("Proxy IPv6 Traffic")..bold_off..font_off)
o.description = font_red..bold_on..translate("The Gateway and DNS of The Connected Device Must be The Router IP, Disable IPv6 DHCP To Avoid Abnormal Connection If You Do Not Use")..bold_off..font_off
o.default = 0
o = s:taboption("op_mode", Flag, "china_ip6_route", translate("China IPv6 Route"))
o.description = translate("Bypass The China Network Flows, Improve Performance")
o.default = 0
o:depends("ipv6_enable", "1")
o = s:taboption("op_mode", Flag, "disable_udp_quic", font_red..bold_on..translate("Disable QUIC")..bold_off..font_off)
o.description = translate("Prevent YouTube and Others To Use QUIC Transmission")..", "..font_red..bold_on..translate("REJECT UDP Traffic(Not Include CN) On Port 443")..bold_off..font_off
o.default = 1
@@ -126,6 +119,7 @@ else
o = s:taboption("op_mode", Flag, "china_ip_route", translate("China IP Route"))
o.description = translate("Bypass The China Network Flows, Improve Performance, Depend on Dnsmasq")
o.default = 0
o:depends("enable_redirect_dns", "1")
o = s:taboption("op_mode", Value, "custom_china_domain_dns_server", translate("Specify CN DNS Server"))
o.description = translate("Specify DNS Server For CN Domain Lists, Only One IP Server Address Support")
@@ -248,21 +242,17 @@ o.rmempty = false
o.description = translate("Please Make Sure Ports Available")
---- DNS Settings
o = s:taboption("dns", Flag, "enable_redirect_dns", font_red..bold_on..translate("Redirect Local DNS Setting")..bold_off..font_off)
o = s:taboption("dns", ListValue, "enable_redirect_dns", font_red..bold_on..translate("Redirect Local DNS Setting")..bold_off..font_off)
o.description = translate("Set Local DNS Redirect")
o.default = 1
o:value("0", translate("Disable"))
o:value("1", translate("Dnsmasq Redirect"))
o:value("2", translate("Firewall Redirect"))
o = s:taboption("dns", Flag, "enable_custom_dns", font_red..bold_on..translate("Custom DNS Setting")..bold_off..font_off)
o.description = font_red..bold_on..translate("Set OpenClash Upstream DNS Resolve Server")..bold_off..font_off
o.default = 0
if op_mode == "redir-host" then
o = s:taboption("dns", Flag, "dns_remote", font_red..bold_on..translate("DNS Remote")..bold_off..font_off)
o.description = font_red..bold_on..translate("Add DNS Remote Support For Redir-Host")..bold_off..font_off
o.default = 1
o:depends("enable_meta_core", 0)
end
o = s:taboption("dns", Flag, "append_wan_dns", translate("Append Upstream DNS"))
o.description = translate("Append The Upstream Assigned DNS And Gateway IP To The Nameserver")
o.default = 1
@@ -272,6 +262,12 @@ o.description = translate("Automatically Append Compliant DNS to default-nameser
o.default = 1
if op_mode == "fake-ip" then
o = s:taboption("dns", Value, "fakeip_range", translate("Fake-ip Range (IPv4 Cidr)"))
o.description = translate("Set Fake-ip Range (IPv4 Cidr)")
o.datatype = "cidr4"
o.default = "198.18.0.1/16"
o.placeholder = "198.18.0.1/16"
o = s:taboption("dns", Flag, "store_fakeip", font_red..bold_on..translate("Persistence Fake-IP")..bold_off..font_off)
o.description = font_red..bold_on..translate("Cache Fake-IP DNS Resolution Records To File, Improve The Response Speed After Startup")..bold_off..font_off
o.default = 1
@@ -280,13 +276,10 @@ o = s:taboption("dns", DummyValue, "flush_fakeip_cache", translate("Flush Fake-I
o.template = "openclash/flush_fakeip_cache"
end
o = s:taboption("dns", Flag, "ipv6_dns", translate("IPv6 DNS Resolve"))
o.description = font_red..bold_on..translate("Enable Clash to Resolve IPv6 DNS Requests")..bold_off..font_off
o.default = 0
o = s:taboption("dns", Flag, "disable_masq_cache", translate("Disable Dnsmasq's DNS Cache"))
o.description = translate("Recommended Enabled For Avoiding Some Connection Errors")..font_red..bold_on..translate("(Maybe Incompatible For Your Firmware)")..bold_off..font_off
o.default = 0
o:depends("enable_redirect_dns", "1")
o = s:taboption("dns", Flag, "custom_fallback_filter", translate("Custom Fallback-Filter"))
o.description = translate("Take Effect If Fallback DNS Setted, Prevent DNS Pollution")
@@ -342,14 +335,14 @@ o = s:taboption("dns", Value, "custom_domain_dns_server", translate("Specify DNS
o.description = translate("Specify DNS Server For List and Server Nodes With Fake-IP Mode, Only One IP Server Address Support")
o.default = "114.114.114.114"
o.placeholder = translate("114.114.114.114 or 127.0.0.1#5300")
o:depends("dns_advanced_setting", "1")
o:depends({dns_advanced_setting = "1", enable_redirect_dns = "1"})
custom_domain_dns = s:taboption("dns", Value, "custom_domain_dns")
custom_domain_dns.template = "cbi/tvalue"
custom_domain_dns.description = translate("Domain Names In The List Use The Custom DNS Server, One rule per line, Depend on Dnsmasq")
custom_domain_dns.rows = 20
custom_domain_dns.wrap = "off"
custom_domain_dns:depends("dns_advanced_setting", "1")
custom_domain_dns:depends({dns_advanced_setting = "1", enable_redirect_dns = "1"})
function custom_domain_dns.cfgvalue(self, section)
return NXFS.readfile("/etc/openclash/custom/openclash_custom_domain_dns.list") or ""
@@ -394,6 +387,25 @@ o.description = font_red..bold_on..translate("TCP Concurrent Request IPs, Choose
o.default = 1
o:depends("enable_meta_core", "1")
o = s:taboption("meta", ListValue, "find_process_mode", translate("Enable Process Rule"))
o.description = translate("Whether to Enable Process Rules, If You Are Not Sure, Please Choose off Which Useful in Router Environment")
o:value("always")
o:value("strict")
o:value("off", translate("off "))
o.default = "off"
o:depends("enable_meta_core", "1")
o = s:taboption("meta", ListValue, "client_fingerprint", translate("Client Fingerprint"))
o.description = translate("Change The Client Fingerprint, Only Support TLS Transport in TCP/GRPC/WS/HTTP For Vless/Vmess and Trojan")
o:value("0", translate("Disable"))
o:value("random", translate("Random"))
o:value("chrome", translate("Chrome"))
o:value("firefox", translate("Firefox"))
o:value("safari", translate("Safari"))
o:value("ios", translate("IOS"))
o.default = "0"
o:depends("enable_meta_core", "1")
o = s:taboption("meta", Flag, "enable_meta_sniffer", font_red..bold_on..translate("Enable Sniffer")..bold_off..font_off)
o.description = font_red..bold_on..translate("Sniffer Will Prevent Domain Name Proxy and DNS Hijack Failure")..bold_off..font_off
o.default = 1
@@ -437,14 +449,14 @@ sniffing_port_filter.rows = 20
sniffing_port_filter.wrap = "off"
function sniffing_port_filter.cfgvalue(self, section)
return NXFS.readfile("/etc/openclash/custom/openclash_sniffing_port_filter.yaml") or ""
return NXFS.readfile("/etc/openclash/custom/openclash_sniffing_ports_filter.yaml") or ""
end
function sniffing_port_filter.write(self, section, value)
if value then
value = value:gsub("\r\n?", "\n")
local old_value = NXFS.readfile("/etc/openclash/custom/openclash_sniffing_port_filter.yaml")
local old_value = NXFS.readfile("/etc/openclash/custom/openclash_sniffing_ports_filter.yaml")
if value ~= old_value then
NXFS.writefile("/etc/openclash/custom/openclash_sniffing_port_filter.yaml", value)
NXFS.writefile("/etc/openclash/custom/openclash_sniffing_ports_filter.yaml", value)
end
end
end
@@ -571,15 +583,21 @@ end
o:depends("geosite_auto_update", "1")
---- Access Control
if op_mode == "redir-host" then
o = s:taboption("lan_ac", ListValue, "lan_ac_mode", translate("LAN Access Control Mode"))
o:value("0", translate("Black List Mode"))
o:value("1", translate("White List Mode"))
o.default = "0"
o:depends("enable_redirect_dns", "2")
o:depends({en_mode = "redir-host", enable_redirect_dns = "1"})
o:depends({en_mode = "redir-host-tun", enable_redirect_dns = "1"})
o:depends({en_mode = "redir-host-mix", enable_redirect_dns = "1"})
ip_b = s:taboption("lan_ac", DynamicList, "lan_ac_black_ips", translate("LAN Bypassed Host List"))
ip_b:depends("lan_ac_mode", "0")
ip_b.datatype = "ipaddr"
ip_b:depends({lan_ac_mode = "0", enable_redirect_dns = "2"})
ip_b:depends({lan_ac_mode = "0", en_mode = "redir-host", enable_redirect_dns = "1"})
ip_b:depends({lan_ac_mode = "0", en_mode = "redir-host-tun", enable_redirect_dns = "1"})
ip_b:depends({lan_ac_mode = "0", en_mode = "redir-host-mix", enable_redirect_dns = "1"})
mac_b = s:taboption("lan_ac", DynamicList, "lan_ac_black_macs", translate("LAN Bypassed Mac List"))
mac_b.datatype = "list(macaddr)"
@@ -587,8 +605,11 @@ mac_b.rmempty = true
mac_b:depends("lan_ac_mode", "0")
ip_w = s:taboption("lan_ac", DynamicList, "lan_ac_white_ips", translate("LAN Proxied Host List"))
ip_w:depends("lan_ac_mode", "1")
ip_w.datatype = "ipaddr"
ip_w:depends({lan_ac_mode = "1", enable_redirect_dns = "2"})
ip_w:depends({lan_ac_mode = "1", en_mode = "redir-host", enable_redirect_dns = "1"})
ip_w:depends({lan_ac_mode = "1", en_mode = "redir-host-tun", enable_redirect_dns = "1"})
ip_w:depends({lan_ac_mode = "1", en_mode = "redir-host-mix", enable_redirect_dns = "1"})
mac_w = s:taboption("lan_ac", DynamicList, "lan_ac_white_macs", translate("LAN Proxied Mac List"))
mac_w.datatype = "list(macaddr)"
@@ -614,7 +635,6 @@ luci.ip.neighbors({ family = 6 }, function(n)
end
end)
end
end
o = s:taboption("lan_ac", DynamicList, "wan_ac_black_ips", translate("WAN Bypassed Host List"))
o.datatype = "ipaddr"
@@ -622,6 +642,7 @@ o.description = translate("In The Fake-IP Mode, Only Pure IP Requests Are Suppor
o = s:taboption("lan_ac", DynamicList, "lan_ac_black_ports", translate("Lan Bypassed Port List"))
o.datatype = "port"
o.placeholder = translate("5000 or 1234-2345")
o:value("5000", translate("5000(NAS)"))
o.description = "1."..translate("The Traffic From The Local Specified Port Will Not Pass The Core, Try To Set When The Bypass Gateway Forwarding Fails").."<br>".."2."..translate("In The Fake-IP Mode, Only Pure IP Requests Are Supported")
@@ -644,30 +665,12 @@ function o.write(self, section, value)
end
end
o = s:taboption("lan_ac", Value, "local_network6_pass", translate("Local IPv6 Network Bypassed List"))
o.template = "cbi/tvalue"
o.description = translate("The Traffic of The Destination For The Specified Address Will Not Pass The Core")
o.rows = 20
o.wrap = "off"
function o.cfgvalue(self, section)
return NXFS.readfile("/etc/openclash/custom/openclash_custom_localnetwork_ipv6.list") or ""
end
function o.write(self, section, value)
if value then
value = value:gsub("\r\n?", "\n")
local old_value = NXFS.readfile("/etc/openclash/custom/openclash_custom_localnetwork_ipv6.list")
if value ~= old_value then
NXFS.writefile("/etc/openclash/custom/openclash_custom_localnetwork_ipv6.list", value)
end
end
end
o = s:taboption("lan_ac", Value, "chnroute_pass", translate("Chnroute Bypassed List"))
o.template = "cbi/tvalue"
o.description = translate("Domains or IPs in The List Will Not be Affected by The China IP Route Option, Depend on Dnsmasq")
o.rows = 20
o.wrap = "off"
o:depends("enable_redirect_dns", "1")
function o.cfgvalue(self, section)
return NXFS.readfile("/etc/openclash/custom/openclash_custom_chnroute_pass.list") or ""
@@ -682,25 +685,6 @@ function o.write(self, section, value)
end
end
o = s:taboption("lan_ac", Value, "chnroute6_pass", translate("Chnroute6 Bypassed List"))
o.template = "cbi/tvalue"
o.description = translate("Domains or IPs in The List Will Not be Affected by The China IP Route Option, Depend on Dnsmasq")
o.rows = 20
o.wrap = "off"
function o.cfgvalue(self, section)
return NXFS.readfile("/etc/openclash/custom/openclash_custom_chnroute6_pass.list") or ""
end
function o.write(self, section, value)
if value then
value = value:gsub("\r\n?", "\n")
local old_value = NXFS.readfile("/etc/openclash/custom/openclash_custom_chnroute6_pass.list")
if value ~= old_value then
NXFS.writefile("/etc/openclash/custom/openclash_custom_chnroute6_pass.list", value)
end
end
end
---- Rules Settings
o = s:taboption("rules", Flag, "rule_source", translate("Enable Other Rules"))
o.description = translate("Use Other Rules")
@@ -1455,10 +1439,112 @@ o = s:taboption("dashboard", DummyValue, "Yacd", translate("Switch(Update) Yacd
o.template="openclash/switch_dashboard"
o.rawhtml = true
---- ipv6
o = s:taboption("ipv6", Flag, "ipv6_enable", font_red..bold_on..translate("Proxy IPv6 Traffic")..bold_off..font_off)
o.description = font_red..bold_on..translate("The Gateway and DNS of The Connected Device Must be The Router IP, Disable IPv6 DHCP To Avoid Abnormal Connection If You Do Not Use")..bold_off..font_off
o.default = 0
o = s:taboption("ipv6", Flag, "ipv6_dns", translate("IPv6 DNS Resolve"))
o.description = font_red..bold_on..translate("Enable to Resolve IPv6 DNS Requests, When Using The Meta Core, Enabling This Alone is Not Valid")..bold_off..font_off
o.default = 0
o = s:taboption("ipv6", Flag, "china_ip6_route", translate("China IPv6 Route"))
o.description = translate("Bypass The China Network Flows, Improve Performance")
o.default = 0
o:depends("ipv6_enable", "1")
o = s:taboption("ipv6", Value, "local_network6_pass", translate("Local IPv6 Network Bypassed List"))
o.template = "cbi/tvalue"
o.description = translate("The Traffic of The Destination For The Specified Address Will Not Pass The Core")
o.rows = 20
o.wrap = "off"
o:depends("ipv6_enable", "1")
function o.cfgvalue(self, section)
return NXFS.readfile("/etc/openclash/custom/openclash_custom_localnetwork_ipv6.list") or ""
end
function o.write(self, section, value)
if value then
value = value:gsub("\r\n?", "\n")
local old_value = NXFS.readfile("/etc/openclash/custom/openclash_custom_localnetwork_ipv6.list")
if value ~= old_value then
NXFS.writefile("/etc/openclash/custom/openclash_custom_localnetwork_ipv6.list", value)
end
end
end
o = s:taboption("ipv6", Value, "chnroute6_pass", translate("Chnroute6 Bypassed List"))
o.template = "cbi/tvalue"
o.description = translate("Domains or IPs in The List Will Not be Affected by The China IP Route Option, Depend on Dnsmasq")
o.rows = 20
o.wrap = "off"
o:depends({ipv6_enable = "1", enable_redirect_dns = "1"})
function o.cfgvalue(self, section)
return NXFS.readfile("/etc/openclash/custom/openclash_custom_chnroute6_pass.list") or ""
end
function o.write(self, section, value)
if value then
value = value:gsub("\r\n?", "\n")
local old_value = NXFS.readfile("/etc/openclash/custom/openclash_custom_chnroute6_pass.list")
if value ~= old_value then
NXFS.writefile("/etc/openclash/custom/openclash_custom_chnroute6_pass.list", value)
end
end
end
---- version update
core_update = s:taboption("version_update", DummyValue, "", nil)
core_update.template = "openclash/update"
---- developer
o = s:taboption("developer", Value, "firewall_custom")
o.template = "cbi/tvalue"
o.description = translate("Custom Firewall Rules, Support IPv4 and IPv6, All Rules Will Be Added After The OpenClash Rules Completely")
o.rows = 30
o.wrap = "off"
function o.cfgvalue(self, section)
return NXFS.readfile("/etc/openclash/custom/openclash_custom_firewall_rules.sh") or ""
end
function o.write(self, section, value)
if value then
value = value:gsub("\r\n?", "\n")
local old_value = NXFS.readfile("/etc/openclash/custom/openclash_custom_firewall_rules.sh")
if value ~= old_value then
NXFS.writefile("/etc/openclash/custom/openclash_custom_firewall_rules.sh", value)
end
end
end
o = s:taboption("developer", Value, "ymchange_custom")
o.template = "cbi/tvalue"
o.description = translate("Custom Config Override Script, Any Changes Will Be Restored After The Install of the OC, Please Be Careful, The Wrong Changes May Lead to Exceptions")
o.rows = 30
o.wrap = "off"
function o.cfgvalue(self, section)
return NXFS.readfile("/usr/share/openclash/yml_change.sh") or ""
end
function o.write(self, section, value)
if value then
value = value:gsub("\r\n?", "\n")
local old_value = NXFS.readfile("/usr/share/openclash/yml_change.sh")
if value ~= old_value then
NXFS.writefile("/usr/share/openclash/yml_change.sh", value)
end
end
end
o = s:taboption("developer", Button, translate("Restore Override Script"))
o.title = translate("Restore Override Script")
o.inputtitle = translate("Restore")
o.inputstyle = "reload"
o.write = function()
SYS.call("cp /usr/share/openclash/backup/yml_change.sh /usr/share/openclash/yml_change.sh >/dev/null 2>&1")
HTTP.redirect(DISP.build_url("admin", "services", "openclash", "settings"))
end
---- debug
o = s:taboption("debug", DummyValue, "", nil)
o.template = "openclash/debug"

44
luci-app-openclash/luasrc/view/openclash/config_editor.htm
View File

@@ -17,6 +17,7 @@
<script src="/luci-static/resources/openclash/lib/codemirror.js"></script>
<script src="/luci-static/resources/openclash/mode/yaml/yaml.js"></script>
<script src="/luci-static/resources/openclash/mode/lua/lua.js"></script>
<script src="/luci-static/resources/openclash/mode/shell/shell.js"></script>
<script src="/luci-static/resources/openclash/addon/fold/foldcode.js"></script>
<script src="/luci-static/resources/openclash/addon/fold/foldgutter.js"></script>
<script src="/luci-static/resources/openclash/addon/fold/indent-fold.js"></script>
@@ -75,6 +76,37 @@ function editor(id, readOnly, wid, height)
};
};
function shell_editor(id, readOnly)
{
var editor = CodeMirror.fromTextArea(id, {
mode: "shell",
autoRefresh: true,
styleActiveLine: true,
lineNumbers: true,
theme: "material",
lineWrapping: true,
matchBrackets: true,
foldGutter: true,
gutters: ["CodeMirror-linenumbers", "CodeMirror-foldgutter"],
extraKeys: {
"F11": function(cm) {
cm.setOption("fullScreen", !cm.getOption("fullScreen"));
},
"Esc": function(cm) {
if (cm.getOption("fullScreen")) cm.setOption("fullScreen", false);
},
"Tab": function(cm) {
if (cm.somethingSelected()) {
cm.indentSelection('add')
} else {
var spaces = Array(cm.getOption("indentUnit") + 1).join(" ")
cm.replaceSelection(spaces)
}
}
}
});
};
function other_editor(id, readOnly)
{
var editor = CodeMirror.fromTextArea(id, {
@@ -139,6 +171,16 @@ function other_log_area(id, readOnly, wid, height)
other_log_area.markText({line:0,ch:0},{line:9999,ch:9999}, {css: 'font-size:13px'});
};
var custom_firewall = document.getElementById("cbid.openclash.config.firewall_custom");
var custom_ymchange = document.getElementById("cbid.openclash.config.ymchange_custom");
if (custom_firewall) {
shell_editor(custom_firewall, 'false');
};
if (custom_ymchange) {
shell_editor(custom_ymchange, 'false');
};
var myEditor_use = document.getElementById("cbid.table.1.user");
var myEditor_def = document.getElementById("cbid.table.1.default");
@@ -257,7 +299,7 @@ if (proxy_mg) {
rule_mg.style.textAlign="center";
game_mg.style.textAlign="center";
Commit.style.textAlign="center";
Apply.style.textAlign="center";
Apply.style.textAlign="center";
};
//]]>
</script>

83
luci-app-openclash/luasrc/view/openclash/debug.htm
View File

@@ -5,8 +5,39 @@
<%
local diag_host = "www.instagram.com"
local dns_host = "www.instagram.com"
%>
<style>
#diag-rc-output > pre {
background-color: #f5f5f5;
display: block;
padding: 8.5px;
margin: 0 0 18px;
line-height: 1.5rem;
-moz-border-radius: 3px;
white-space: pre-wrap;
word-wrap: break-word;
font-size: 1.4rem;
color: #404040;
}
#dns-rc-output > pre {
background-color: #f5f5f5;
display: block;
padding: 8.5px;
margin: 0 0 18px;
line-height: 1.5rem;
-moz-border-radius: 3px;
white-space: pre-wrap;
word-wrap: break-word;
font-size: 1.4rem;
color: #404040;
}
</style>
<script type="text/javascript">//<![CDATA[
function show_diag_info(addr)
@@ -80,6 +111,43 @@ local diag_host = "www.instagram.com"
HTTP.runcheck();
}
function diag_dns(field)
{
var addr = field.value;
var legend = document.getElementById('dns-rc-legend');
var output = document.getElementById('dns-rc-output');
if (legend && output)
{
output.innerHTML =
'<img src="<%=resource%>/icons/loading.gif" alt="<%:Loading%>" style="vertical-align:middle" /> ' +
'<%:Waiting for command to complete...%>';
legend.parentNode.style.display = 'block';
legend.style.display = 'inline';
}
if (legend && output)
{
XHR.get('<%=luci.dispatcher.build_url("admin", "services", "openclash", "diag_dns")%>', {addr: addr}, function(x, status) {
if (x && x.status == 200 && x.responseText != "")
{
legend.style.display = 'none';
output.innerHTML = String.format('<pre>%h</pre>', x.responseText);
}
else if (x.status == 500)
{
legend.style.display = 'none';
output.innerHTML = '<span class="error"><%:Bad address specified!%></span>';
}
else
{
legend.style.display = 'none';
output.innerHTML = '<span class="error"><%:No Response Found!%></span>';
}
});
}
}
function gen_debug_logs()
{
@@ -114,12 +182,17 @@ local diag_host = "www.instagram.com"
<form>
<fieldset>
<div style="width:50%; float: left; text-align: center;">
<div style="width:33%; float: left; text-align: center;">
<%:Connection Test (Current Browser)%>&nbsp;&nbsp;&nbsp;&nbsp;
<input type="text" value="<%=diag_host%>" name="diag" />
<input type="button" value="<%:Click to Test%>" class="btn cbi-button cbi-button-apply" onclick="update_status(this.form.diag)" />
</div>
<div style="width:50%; float: left; text-align: center;">
<div style="width:33%; float: left; text-align: center;">
<%:DNS Test (Clash Response)%>&nbsp;&nbsp;&nbsp;&nbsp;
<input type="text" value="<%=dns_host%>" name="dns_host" />
<input type="button" value="<%:Click to Test%>" class="btn cbi-button cbi-button-apply" onclick="diag_dns(this.form.dns_host)" />
</div>
<div style="width:33%; float: left; text-align: center;">
<%:Generate Logs%>&nbsp;&nbsp;&nbsp;&nbsp;
<input type="button" value="<%:Click to Generate%>" class="btn cbi-button cbi-button-apply" onclick="gen_debug_logs(this)" />
</div>
@@ -130,6 +203,12 @@ local diag_host = "www.instagram.com"
<br />
<span id="diag-rc-output"></span>
</fieldset>
<fieldset style="display:none">
<legend id="dns-rc-legend"><%:Collecting data...%></legend>
<br />
<span id="dns-rc-output"></span>
</fieldset>
<fieldset style="display:none">
<legend id="debug-rc-legend"><%:Collecting data...%></legend>

3
luci-app-openclash/luasrc/view/openclash/ping.htm
View File

@@ -1,3 +0,0 @@
<%+cbi/valueheader%>
<span class="pingtime" hint="<%=self:cfgvalue(section)%>">-- ms</span>
<%+cbi/valuefooter%>

32
luci-app-openclash/luasrc/view/openclash/server_list.htm
View File

@@ -1,32 +0,0 @@
<%#
Copyright 2018-2019 Lienol <lawlienol@gmail.com>
Licensed to the public under the Apache License 2.0.
-%>
<%
local dsp = require "luci.dispatcher"
-%>
<script type="text/javascript">
//<![CDATA[
var pings = document.getElementsByClassName('pingtime');
for(var i = 0; i < pings.length; i++) {
XHR.get('<%=dsp.build_url("admin", "services", "openclash", "ping")%>', {
index: i,
domain: pings[i].getAttribute("hint")
},
function(x, result) {
pings[result.index].innerHTML = (result.ping ? "<b style=color:green>"+result.ping+"</b> ms" : "<b style=color:red><%:Test failed%></b>");
}
);
XHR.poll(10,'<%=dsp.build_url("admin", "services", "openclash", "ping")%>',{
index: i,
domain: pings[i].getAttribute("hint")
},
function(x, result) {
pings[result.index].innerHTML = (result.ping ? "<b style=color:green>"+result.ping+"</b> ms" : "<b style=color:red><%:Test failed%></b>");
}
);
}
//]]>
</script>

107
luci-app-openclash/po/zh-cn/openclash.zh-cn.po
View File

@@ -204,7 +204,13 @@ msgid "Redirect Local DNS Setting"
msgstr "*本地 DNS 劫持"
msgid "Set Local DNS Redirect"
msgstr "默认启用,将自动设置 Dnsmasq 的上游服务器,如和其他插件冲突可停用,但须将 OpenClash 作为冲突插件的唯一上游服务器"
msgstr "推荐使用 Dnsmasq 转发,兼容性更好,如和其他 DNS 插件冲突可停用,但须保证客户端获取的查询结果与 Clash 给出的一致"
msgid "Dnsmasq Redirect"
msgstr "使用 Dnsmasq 转发"
msgid "Firewall Redirect"
msgstr "使用防火墙转发"
msgid "Disable Dnsmasq's DNS Cache"
msgstr "禁止 Dnsmasq 缓存 DNS"
@@ -288,8 +294,8 @@ msgstr "连接设备的网关和 DNS 须为路由器 IP如果您不使用
msgid "IPv6 DNS Resolve"
msgstr "允许 IPv6 类型 DNS 解析"
msgid "Enable Clash to Resolve IPv6 DNS Requests"
msgstr "允许解析 IPv6 类型的 DNS 请求"
msgid "Enable to Resolve IPv6 DNS Requests, When Using The Meta Core, Enabling This Alone is Not Valid"
msgstr "允许解析 IPv6 类型的 DNS 请求,当使用 meta 内核时,单独启用此项无效"
msgid "Rules Setting"
msgstr "规则设置"
@@ -700,9 +706,6 @@ msgstr "服务器端口"
msgid "UDP Support"
msgstr "UDP支持"
msgid "Ping Latency"
msgstr "服务器延迟"
msgid "Edit Server"
msgstr "编辑服务器配置"
@@ -2413,6 +2416,9 @@ msgstr "内存占用:"
msgid "CPU:"
msgstr "CPU占用:"
msgid "Bad address specified!"
msgstr "输入的地址不合法!"
msgid "Could not find any connection logs!"
msgstr "找不到任何连接日志!"
@@ -2752,12 +2758,6 @@ msgstr "解锁检测完成,无完整解锁节点,回退到"
msgid "no nodes name match the regex!"
msgstr "未找到名称匹配的节点!"
msgid "DNS Remote"
msgstr "*远程域名解析"
msgid "Add DNS Remote Support For Redir-Host"
msgstr "Redir-Host 模式强制进行远程域名解析"
msgid "Bypass Gateway Compatible"
msgstr "旁路网关(旁路由)兼容"
@@ -2987,13 +2987,13 @@ msgid "Sniffing Ports Filter"
msgstr "指定探测(嗅探)的端口列表"
msgid "Will Override Dns Queries If Domains in The List"
msgstr "列表中的域名将会使用探测(嗅探)的结果进行连接"
msgstr "列表中的域名将会强制进行探测(嗅探)"
msgid "Will Disable Sniffing If Domains(sni) in The List"
msgstr "列表中的域名sni不会使用探测(嗅探)的结果进行连接"
msgstr "列表中的域名sni不会进行探测(嗅探)"
msgid "Will Only Sniffing If Ports in The List"
msgstr "仅列表中的端口将会使用探测(嗅探)的结果进行连接"
msgstr "仅探测(嗅探)列表中指定的协议端口"
msgid "Custom Sniffer Settings"
msgstr "自定义流量探测(嗅探)设置"
@@ -3242,4 +3242,79 @@ msgid "Url-Test Address Modify"
msgstr "测速(连通性)地址修改"
msgid "Modify The Url-Test Address In The Config"
msgstr "修改配置文件中的测速(连通性)地址"
msgstr "修改配置文件中的测速(连通性)地址"
msgid "Whether to Enable Process Rules, If You Are Not Sure, Please Choose off Which Useful in Router Environment"
msgstr "是否启用进程规则,在路由环境下保持关闭可以提升性能"
msgid "Enable Process Rule"
msgstr "启用进程规则"
msgid "Warning: Because there is a port range"
msgstr "警告:因为端口范围"
msgid "in the firewall rule settings"
msgstr "存在于防火墙规则设置"
msgid "auto bypassing may cause the normal connection of the client not to reach the core, if necessary, please add your own in the access control!"
msgstr "自动绕过后可能造成客户端的正常连接无法到达内核,如有需要,请在访问控制中自行添加!"
msgid "Tip: Start Add Port Bypassing Rules For Firewall Redirect and Firewall Rules..."
msgstr "提示:正在根据防火墙端口转发和防火墙通信规则添加端口绕过规则..."
msgid "Tip: DNS Hijacking Mode is Dnsmasq Redirect..."
msgstr "提示DNS 劫持模式为 Dnsmasq 转发..."
msgid "Tip: DNS Hijacking Mode is Firewall Redirect..."
msgstr "提示DNS 劫持模式为防火墙转发..."
msgid "Tip: DNS Hijacking is Disabled..."
msgstr "提示DNS 劫持未开启..."
msgid "Fake-ip Range (IPv4 Cidr)"
msgstr "Fake-ip 地址范围 (IPv4 Cidr)"
msgid "Set Fake-ip Range (IPv4 Cidr)"
msgstr "设置 Fake-ip 地址范围 (IPv4 Cidr)"
msgid "IPv6 Settings"
msgstr "IPv6 设置"
msgid "IPv6 Settings"
msgstr "IPv6 设置"
msgid "Custom Config Override Script, Any Changes Will Be Restored After The Install of the OC, Please Be Careful, The Wrong Changes May Lead to Exceptions"
msgstr "自定义配置文件的覆写脚本,任何修改都将在插件重新安装后还原,请谨慎修改,错误的修改可能会导致异常"
msgid "Custom Firewall Rules, Support IPv4 and IPv6, All Rules Will Be Added After The OpenClash Rules Completely"
msgstr "自定义防火墙规则,支持 IPv4 和 IPv6此脚本规则将在 OpenClash 的内置规则完成后执行"
msgid "Tip: Start Add Custom Firewall Rules..."
msgstr "提示:开始添加自定义防火墙规则..."
msgid "Developer Settings"
msgstr "开发者选项"
msgid "Restore Override Script"
msgstr "还原覆写脚本"
msgid "Restore"
msgstr "还原"
msgid "DNS Test (Clash Response)"
msgstr "DNS 测试Clash 查询结果)"
msgid "No Response Found!"
msgstr "结果获取失败!"
msgid "Client Fingerprint"
msgstr "客户端指纹"
msgid "Change The Client Fingerprint, Only Support TLS Transport in TCP/GRPC/WS/HTTP For Vless/Vmess and Trojan"
msgstr "自动修改客户端 TLS 指纹,目前仅支持 Vless/Vmess(TCP/GRPC/WS/HTTP) 和 Trojan"
msgid "Watchdog: Edit Client-fingerprint Failed,"
msgstr "守护程序:修改 Client-fingerprint 失败,"
msgid "Error: Edit Client-fingerprint Failed,"
msgstr "错误:修改 Client-fingerprint 失败,"

1
luci-app-openclash/root/etc/config/openclash
View File

@@ -48,7 +48,6 @@ config openclash 'config'
option append_wan_dns '1'
option stream_domains_prefetch '0'
option stream_auto_select '0'
option dns_remote '1'
option bypass_gateway_compatible '0'
option github_address_mod 'https://testingcf.jsdelivr.net/'
option urltest_address_mod '0'

1027
luci-app-openclash/root/etc/init.d/openclash
View File

File diff suppressed because it is too large Load Diff

9
luci-app-openclash/root/etc/openclash/custom/openclash_custom_fake_filter.list
View File

@@ -65,11 +65,11 @@ music.migu.cn
#win10本地连接检测
+.msftconnecttest.com
+.msftncsi.com
msftconnecttest.com
msftncsi.com
#QQ快捷登录
#QQ登录
localhost.ptlogin2.qq.com
localhost.sec.qq.com
+.qq.com
+.tencent.com
#Game
#Nintendo Switch
+.srv.nintendo.net
@@ -133,3 +133,6 @@ Mijia Cloud
+.cmbimg.com
#AdGuard
local.adguard.org
#迅雷
+.sandai.net
+.n0808.com

4
luci-app-openclash/root/etc/openclash/custom/openclash_custom_fallback_filter.yaml
View File

@@ -37,6 +37,4 @@ fallback-filter:
- "+.githubusercontent.com"
- "+.googlevideo.com"
- "+.msftconnecttest.com"
- "+.msftncsi.com"
- msftconnecttest.com
- msftncsi.com
- "+.msftncsi.com"

10
luci-app-openclash/root/etc/openclash/custom/openclash_custom_firewall_rules.sh Normal file
View File

@@ -0,0 +1,10 @@
#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh
# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules
LOG_OUT "Tip: Start Add Custom Firewall Rules..."
exit 0

4
luci-app-openclash/root/etc/openclash/custom/openclash_sniffing_port_filter.yaml
View File

@@ -1,4 +0,0 @@
port-whitelist:
- 443
- 80
# - 8080-9090

12
luci-app-openclash/root/etc/openclash/custom/openclash_sniffing_ports_filter.yaml Normal file
View File

@@ -0,0 +1,12 @@
sniff:
# TLS 默认如果不配置 ports 默认嗅探 443
TLS:
# ports: [443, 8443]
# 默认嗅探 80
HTTP:
# 需要嗅探的端口
ports: [80, 8080-8880]
# 是否使用嗅探结果作为实际访问
override-destination: true

4
luci-app-openclash/root/etc/uci-defaults/luci-openclash
View File

@@ -30,11 +30,13 @@ cp -f "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "/usr/share/
cp -f "/etc/openclash/custom/openclash_custom_netflix_domains.list" "/usr/share/openclash/backup/openclash_custom_netflix_domains.list" >/dev/null 2>&1
cp -f "/etc/openclash/custom/openclash_force_sniffing_domain.yaml" "/usr/share/openclash/backup/openclash_force_sniffing_domain.yaml" >/dev/null 2>&1
cp -f "/etc/openclash/custom/openclash_sniffing_domain_filter.yaml" "/usr/share/openclash/backup/openclash_sniffing_domain_filter.yaml" >/dev/null 2>&1
cp -f "/etc/openclash/custom/openclash_sniffing_port_filter.yaml" "/usr/share/openclash/backup/openclash_sniffing_port_filter.yaml" >/dev/null 2>&1
cp -f "/etc/openclash/custom/openclash_sniffing_ports_filter.yaml" "/usr/share/openclash/backup/openclash_sniffing_ports_filter.yaml" >/dev/null 2>&1
cp -f "/etc/openclash/custom/openclash_custom_localnetwork_ipv4.list" "/usr/share/openclash/backup/openclash_custom_localnetwork_ipv4.list" >/dev/null 2>&1
cp -f "/etc/openclash/custom/openclash_custom_localnetwork_ipv6.list" "/usr/share/openclash/backup/openclash_custom_localnetwork_ipv6.list" >/dev/null 2>&1
cp -f "/etc/openclash/custom/openclash_custom_chnroute_pass.list" "/usr/share/openclash/backup/openclash_custom_chnroute_pass.list" >/dev/null 2>&1
cp -f "/etc/openclash/custom/openclash_custom_chnroute6_pass.list" "/usr/share/openclash/backup/openclash_custom_chnroute6_pass.list" >/dev/null 2>&1
cp -f "/etc/openclash/custom/openclash_custom_firewall_rules.sh" "/usr/share/openclash/backup/openclash_custom_firewall_rules.sh" >/dev/null 2>&1
cp -f "/usr/share/openclash/yml_change.sh" "/usr/share/openclash/backup/yml_change.sh" >/dev/null 2>&1
mkdir -p /lib/upgrade/keep.d
cat > "/lib/upgrade/keep.d/luci-app-openclash" <<-EOF

13
luci-app-openclash/root/usr/share/openclash/cfg_servers_address_fake_filter.sh
View File

@@ -1,13 +0,0 @@
#!/bin/sh
START_LOG="/tmp/openclash_start.log"
en_mode=$(uci -q get openclash.config.en_mode)
if pidof clash >/dev/null && [ -z "$(echo "$en_mode" |grep "redir-host")" ]; then
rm -rf /tmp/dnsmasq.d/dnsmasq_openclash.conf >/dev/null 2>&1
/usr/share/openclash/openclash_server_fake_filter.sh
if [ -s "/tmp/dnsmasq.d/dnsmasq_openclash.conf" ]; then
/etc/init.d/dnsmasq restart >/dev/null 2>&1
fi
echo "" >$START_LOG
fi

69
luci-app-openclash/root/usr/share/openclash/openclash.sh
View File

@@ -26,9 +26,12 @@ disable_masq_cache=$(uci -q get openclash.config.disable_masq_cache)
default_resolvfile=$(uci -q get openclash.config.default_resolvfile)
en_mode=$(uci -q get openclash.config.en_mode)
china_ip_route=$(uci -q get openclash.config.china_ip_route)
disable_udp_quic=$(uci -q get openclash.config.disable_udp_quic)
ipv6_enable=$(uci -q get openclash.config.ipv6_enable)
FW4="$(command -v fw4)"
router_self_proxy=$(uci -q get openclash.config.router_self_proxy || echo 1)
DNSPORT=$(uci -q get dhcp.@dnsmasq[0].port)
FW4=$(command -v fw4)
if [ -z "$DNSPORT" ]; then
DNSPORT=$(netstat -nlp |grep -E '127.0.0.1:.*dnsmasq' |awk -F '127.0.0.1:' '{print $2}' |awk '{print $1}' |head -1 || echo 53)
fi
@@ -227,7 +230,7 @@ config_error()
change_dns()
{
if pidof clash >/dev/null; then
if [ "$enable_redirect_dns" -ne 0 ]; then
if [ "$enable_redirect_dns" = "1" ]; then
uci -q del dhcp.@dnsmasq[-1].server
uci -q add_list dhcp.@dnsmasq[0].server=127.0.0.1#"$dns_port"
uci -q delete dhcp.@dnsmasq[0].resolvfile
@@ -254,6 +257,18 @@ change_dns()
do
nft add rule inet fw4 mangle_output ${line}
done >/dev/null 2>&1
if [ "$enable_redirect_dns" = "2" ]; then
if [ "$router_self_proxy" = 1 ]; then
nft add rule inet fw4 nat_output position 0 tcp dport 53 ip daddr {127.0.0.1} meta skuid != 65534 counter redirect to "$dns_port" comment \"OpenClash DNS Hijack\" 2>/dev/null
nft add rule inet fw4 nat_output position 0 udp dport 53 ip daddr {127.0.0.1} meta skuid != 65534 counter redirect to "$dns_port" comment \"OpenClash DNS Hijack\" 2>/dev/null
fi
if [ "$ipv6_enable" -eq 1 ]; then
if [ "$router_self_proxy" = 1 ]; then
nft add rule inet fw4 nat_output position 0 meta nfproto {ipv6} tcp dport 53 ip daddr {::/0} meta skuid != 65534 counter redirect to "$dns_port" comment \"OpenClash DNS Hijack\" 2>/dev/null
nft add rule inet fw4 nat_output position 0 meta nfproto {ipv6} udp dport 53 ip daddr {::/0} meta skuid != 65534 counter redirect to "$dns_port" comment \"OpenClash DNS Hijack\" 2>/dev/null
fi
fi
fi
else
iptables -t nat -D OUTPUT -j openclash_output >/dev/null 2>&1
iptables -t mangle -D OUTPUT -j openclash_output >/dev/null 2>&1
@@ -261,6 +276,18 @@ change_dns()
iptables -t nat -A OUTPUT -j openclash_output >/dev/null 2>&1
iptables -t mangle -A OUTPUT -j openclash_output >/dev/null 2>&1
ip6tables -t mangle -A OUTPUT -j openclash_output >/dev/null 2>&1
if [ "$enable_redirect_dns" = "2" ]; then
if [ "$router_self_proxy" = 1 ]; then
iptables -t nat -I OUTPUT -p udp --dport 53 -d 127.0.0.1 -m owner ! --uid-owner 65534 -j REDIRECT --to-ports "$dns_port" -m comment --comment "OpenClash DNS Hijack" 2>/dev/null
iptables -t nat -I OUTPUT -p tcp --dport 53 -d 127.0.0.1 -m owner ! --uid-owner 65534 -j REDIRECT --to-ports "$dns_port" -m comment --comment "OpenClash DNS Hijack" 2>/dev/null
fi
if [ "$ipv6_enable" -eq 1 ]; then
if [ "$router_self_proxy" = 1 ]; then
ip6tables -t nat -I OUTPUT -p udp --dport 53 -d ::/0 -m owner ! --uid-owner 65534 -j REDIRECT --to-ports "$dns_port" -m comment --comment "OpenClash DNS Hijack" 2>/dev/null
ip6tables -t nat -I OUTPUT -p tcp --dport 53 -d ::/0 -m owner ! --uid-owner 65534 -j REDIRECT --to-ports "$dns_port" -m comment --comment "OpenClash DNS Hijack" 2>/dev/null
fi
fi
fi
fi
[ "$(unify_ps_status "openclash_watchdog.sh")" -eq 0 ] && [ "$(unify_ps_prevent)" -eq 0 ] && nohup /usr/share/openclash/openclash_watchdog.sh &
fi
@@ -302,7 +329,7 @@ config_download_direct()
if pidof clash >/dev/null; then
kill_watchdog
if [ "$enable_redirect_dns" -ne 0 ]; then
if [ "$enable_redirect_dns" -eq 1 ]; then
uci -q del_list dhcp.@dnsmasq[0].server=127.0.0.1#"$dns_port"
if [ -n "$default_resolvfile" ]; then
uci -q set dhcp.@dnsmasq[0].resolvfile="$default_resolvfile"
@@ -334,43 +361,45 @@ EOF
nft delete rule inet fw4 ${nft} handle ${handle}
done
done >/dev/null 2>&1
if [ -z "$(echo "$en_mode" |grep "redir-host")" ] && [ "$china_ip_route" -eq 1 ]; then
if [ -z "$(echo "$en_mode" |grep "redir-host")" ] && [ "$china_ip_route" -eq 1 ] && [ "$enable_redirect_dns" = "1" ]; then
LOG_OUT "Tip: Bypass the China IP May Cause the Dnsmasq Load For a Long Time After Restart in FAKE-IP Mode, Hijack the DNS to Core Untill the Dnsmasq Works Well..."
handles=$(nft -a list chain inet fw4 dstnat |grep "OpenClash DNS Hijack" |awk -F '# handle ' '{print$2}')
for handle in $handles; do
nft delete rule inet fw4 dstnat handle ${handle}
done >/dev/null 2>&1
position=$(nft list chain inet fw4 dstnat |grep "OpenClash" |grep "DNS" |awk -F '# handle ' '{print$2}' |sort -rn |head -1 || ehco 0)
nft add rule inet fw4 dstnat position "$position" tcp dport 53 redirect to "$dns_port" comment \"OpenClash DNS Hijack\" 2>/dev/null
nft add rule inet fw4 dstnat position "$position" udp dport 53 redirect to "$dns_port" comment \"OpenClash DNS Hijack\" 2>/dev/null
nft insert rule inet fw4 dstnat position "$position" tcp dport 53 redirect to "$dns_port" comment \"OpenClash DNS Hijack\" 2>/dev/null
nft insert rule inet fw4 dstnat position "$position" udp dport 53 redirect to "$dns_port" comment \"OpenClash DNS Hijack\" 2>/dev/null
nft 'add chain inet fw4 nat_output { type nat hook output priority -1; }' 2>/dev/null
nft add rule inet fw4 nat_output position 0 tcp dport 53 meta skuid != 65534 counter redirect to "$dns_port" comment \"OpenClash DNS Hijack\" 2>/dev/null
nft add rule inet fw4 nat_output position 0 udp dport 53 meta skuid != 65534 counter redirect to "$dns_port" comment \"OpenClash DNS Hijack\" 2>/dev/null
nft add rule inet fw4 nat_output position 0 tcp dport 12353 meta skuid != 65534 counter redirect to "$DNSPORT" comment \"OpenClash DNS Hijack\" 2>/dev/null
nft add rule inet fw4 nat_output position 0 udp dport 12353 meta skuid != 65534 counter redirect to "$DNSPORT" comment \"OpenClash DNS Hijack\" 2>/dev/null
if [ "$ipv6_enable" -eq 1 ]; then
nft add rule inet fw4 dstnat position "$position" meta nfproto {ipv6} tcp dport 53 counter redirect to "$dns_port" comment \"OpenClash DNS Hijack\" 2>/dev/null
nft add rule inet fw4 dstnat position "$position" meta nfproto {ipv6} udp dport 53 counter redirect to "$dns_port" comment \"OpenClash DNS Hijack\" 2>/dev/null
nft insert rule inet fw4 dstnat position "$position" meta nfproto {ipv6} tcp dport 53 counter redirect to "$dns_port" comment \"OpenClash DNS Hijack\" 2>/dev/null
nft insert rule inet fw4 dstnat position "$position" meta nfproto {ipv6} udp dport 53 counter redirect to "$dns_port" comment \"OpenClash DNS Hijack\" 2>/dev/null
nft add rule inet fw4 nat_output position 0 meta nfproto {ipv6} tcp dport 53 meta skuid != 65534 counter redirect to "$dns_port" comment \"OpenClash DNS Hijack\" 2>/dev/null
nft add rule inet fw4 nat_output position 0 meta nfproto {ipv6} udp dport 53 meta skuid != 65534 counter redirect to "$dns_port" comment \"OpenClash DNS Hijack\" 2>/dev/null
nft add rule inet fw4 nat_output position 0 meta nfproto {ipv6} tcp dport 12353 meta skuid != 65534 counter redirect to "$DNSPORT" comment \"OpenClash DNS Hijack\" 2>/dev/null
nft add rule inet fw4 nat_output position 0 meta nfproto {ipv6} udp dport 12353 meta skuid != 65534 counter redirect to "$DNSPORT" comment \"OpenClash DNS Hijack\" 2>/dev/null
fi
fi
else
iptables -t nat -D OUTPUT -j openclash_output >/dev/null 2>&1
iptables -t mangle -D OUTPUT -j openclash_output >/dev/null 2>&1
ip6tables -t mangle -D OUTPUT -j openclash_output >/dev/null 2>&1
if [ -z "$(echo "$en_mode" |grep "redir-host")" ] && [ "$china_ip_route" -eq 1 ]; then
for ipt in "iptables -nvL OUTPUT -t nat" "iptables -nvL PREROUTING -t nat" "ip6tables -nvL PREROUTING -t nat" "ip6tables -nvL OUTPUT -t nat"; do
for comment in "OpenClash DNS Hijack"; do
local lines=$($ipt |sed 1,2d |sed -n "/${comment}/=" 2>/dev/null |sort -rn)
if [ -n "$lines" ]; then
for line in $lines; do
$(echo "$ipt" |awk -v OFS=" " '{print $1,$4,$5}' |sed 's/[ ]*$//g') -D $(echo "$ipt" |awk '{print $3}') $line
done
fi
done
done >/dev/null 2>&1
if [ -z "$(echo "$en_mode" |grep "redir-host")" ] && [ "$china_ip_route" -eq 1 ] && [ "$enable_redirect_dns" = "1" ]; then
LOG_OUT "Tip: Bypass the China IP May Cause the Dnsmasq Load For a Long Time After Restart in FAKE-IP Mode, Hijack the DNS to Core Untill the Dnsmasq Works Well..."
for ipt in "iptables -nvL OUTPUT -t nat" "iptables -nvL PREROUTING -t nat" "ip6tables -nvL PREROUTING -t nat" "ip6tables -nvL OUTPUT -t nat"; do
for comment in "OpenClash DNS Hijack"; do
local lines=$($ipt |sed 1,2d |sed -n "/${comment}/=" 2>/dev/null |sort -rn)
if [ -n "$lines" ]; then
for line in $lines; do
$(echo "$ipt" |awk -v OFS=" " '{print $1,$4,$5}' |sed 's/[ ]*$//g') -D $(echo "$ipt" |awk '{print $3}') $line
done
fi
done
done >/dev/null 2>&1
position=$(iptables -nvL PREROUTING -t nat |sed 1,2d |grep "OpenClash" |sed -n "/DNS/=" 2>/dev/null |sort -rn |head -1 || ehco 0)
[ "$position" -ne 0 ] && let position++
iptables -t nat -I PREROUTING "$position" -p udp --dport 53 -j REDIRECT --to-ports "$dns_port" -m comment --comment "OpenClash DNS Hijack" 2>/dev/null
@@ -386,6 +415,8 @@ EOF
ip6tables -t nat -I PREROUTING "$position" -p tcp --dport 53 -j REDIRECT --to-ports "$dns_port" -m comment --comment "OpenClash DNS Hijack" 2>/dev/null
ip6tables -t nat -I OUTPUT -p udp --dport 53 -m owner ! --uid-owner 65534 -j REDIRECT --to-ports "$dns_port" -m comment --comment "OpenClash DNS Hijack" 2>/dev/null
ip6tables -t nat -I OUTPUT -p tcp --dport 53 -m owner ! --uid-owner 65534 -j REDIRECT --to-ports "$dns_port" -m comment --comment "OpenClash DNS Hijack" 2>/dev/null
ip6tables -t nat -I OUTPUT -p udp --dport 12353 -m owner ! --uid-owner 65534 -j REDIRECT --to-ports "$DNSPORT" -m comment --comment "OpenClash DNS Hijack" 2>/dev/null
ip6tables -t nat -I OUTPUT -p tcp --dport 12353 -m owner ! --uid-owner 65534 -j REDIRECT --to-ports "$DNSPORT" -m comment --comment "OpenClash DNS Hijack" 2>/dev/null
fi
fi
fi

2
luci-app-openclash/root/usr/share/openclash/openclash_chnroute.sh
View File

@@ -2,7 +2,7 @@
. /usr/share/openclash/openclash_ps.sh
. /usr/share/openclash/log.sh
FW4="$(command -v fw4)"
FW4=$(command -v fw4)
set_lock() {
exec 879>"/tmp/lock/openclash_chn.lock" 2>/dev/null

12
luci-app-openclash/root/usr/share/openclash/openclash_custom_domain_dns.sh
View File

@@ -13,18 +13,20 @@ del_lock() {
set_lock
rm -rf /tmp/dnsmasq.d/dnsmasq_openclash_custom_domain.conf >/dev/null 2>&1
if [ "$(uci get openclash.config.dns_advanced_setting 2>/dev/null)" -eq 1 ]; then
DNSMASQ_CONF_DIR=$(uci -q get dhcp.@dnsmasq[0].confdir || echo '/tmp/dnsmasq.d')
DNSMASQ_CONF_DIR=${DNSMASQ_CONF_DIR%*/}
rm -rf ${DNSMASQ_CONF_DIR}/dnsmasq_openclash_custom_domain.conf >/dev/null 2>&1
if [ "$(uci get openclash.config.dns_advanced_setting 2>/dev/null)" = "1" ] && [ "$(uci get openclash.config.enable_redirect_dns 2>/dev/null)" = "1" ]; then
LOG_OUT "Setting Secondary DNS Server List..."
custom_domain_dns_server=$(uci get openclash.config.custom_domain_dns_server 2>/dev/null)
[ -z "$custom_domain_dns_server" ] && {
custom_domain_dns_server="114.114.114.114"
}
}
if [ -s "/etc/openclash/custom/openclash_custom_domain_dns.list" ]; then
mkdir -p /tmp/dnsmasq.d
awk -v tag="$custom_domain_dns_server" '!/^$/&&!/^#/{printf("server=/%s/"'tag'"\n",$0)}' /etc/openclash/custom/openclash_custom_domain_dns.list >>/tmp/dnsmasq.d/dnsmasq_openclash_custom_domain.conf 2>/dev/null
mkdir -p ${DNSMASQ_CONF_DIR}
awk -v tag="$custom_domain_dns_server" '!/^$/&&!/^#/{printf("server=/%s/"'tag'"\n",$0)}' /etc/openclash/custom/openclash_custom_domain_dns.list >>${DNSMASQ_CONF_DIR}/dnsmasq_openclash_custom_domain.conf 2>/dev/null
fi
fi

36
luci-app-openclash/root/usr/share/openclash/openclash_debug.sh
View File

@@ -41,7 +41,6 @@ mix_proxies=$(uci -q get openclash.config.mix_proxies)
op_version=$(opkg status luci-app-openclash 2>/dev/null |grep 'Version' |awk -F 'Version: ' '{print "v"$2}')
china_ip_route=$(uci -q get openclash.config.china_ip_route)
common_ports=$(uci -q get openclash.config.common_ports)
dns_remote=$(uci -q -q get openclash.config.dns_remote)
router_self_proxy=$(uci -q get openclash.config.router_self_proxy)
if [ -z "$RAW_CONFIG_FILE" ] || [ ! -f "$RAW_CONFIG_FILE" ]; then
@@ -70,6 +69,17 @@ ts_re()
fi
}
dns_re()
{
if [ "$1" = "1" ]; then
echo "Dnsmasq 转发"
elif [ "$1" = "2" ]; then
echo "Firewall 转发"
else
echo "停用"
fi
}
echo "OpenClash 调试日志" > "$DEBUG_LOG"
cat >> "$DEBUG_LOG" <<-EOF
@@ -241,7 +251,7 @@ cat >> "$DEBUG_LOG" <<-EOF
运行模式: $en_mode
默认代理模式: $proxy_mode
UDP流量转发(tproxy): $(ts_cf "$enable_udp_proxy")
DNS劫持: $(ts_cf "$enable_redirect_dns")
DNS劫持: $(dns_re "$enable_redirect_dns")
自定义DNS: $(ts_cf "$enable_custom_dns")
IPV6代理: $(ts_cf "$ipv6_enable")
IPV6-DNS解析: $(ts_cf "$ipv6_dns")
@@ -251,7 +261,6 @@ IPV6-DNS解析: $(ts_cf "$ipv6_dns")
仅代理命中规则流量: $(ts_cf "$enable_rule_proxy")
仅允许常用端口流量: $(ts_cf "$common_ports")
绕过中国大陆IP: $(ts_cf "$china_ip_route")
DNS远程解析: $(ts_cf "$dns_remote")
路由本机代理: $(ts_cf "$router_self_proxy")
#启动异常时建议关闭此项后重试
@@ -296,6 +305,14 @@ sed -i '/^ \{0,\}secret:/d' "$DEBUG_LOG" 2>/dev/null
#firewall
cat >> "$DEBUG_LOG" <<-EOF
#===================== 自定义防火墙设置 =====================#
EOF
cat /etc/openclash/custom/openclash_custom_firewall_rules.sh >> "$DEBUG_LOG" 2>/dev/null
cat >> "$DEBUG_LOG" <<-EOF
#===================== IPTABLES 防火墙设置 =====================#
#IPv4 NAT chain
@@ -389,11 +406,18 @@ netstat -nlp |grep clash >> "$DEBUG_LOG" 2>/dev/null
cat >> "$DEBUG_LOG" <<-EOF
#===================== 测试本机DNS查询 =====================#
#===================== 测试本机DNS查询(www.baidu.com) =====================#
EOF
nslookup www.baidu.com >> "$DEBUG_LOG" 2>/dev/null
cat >> "$DEBUG_LOG" <<-EOF
#===================== 测试内核DNS查询(www.instagram.com) =====================#
EOF
/usr/share/openclash/openclash_debug_dns.lua "www.instagram.com" >> "$DEBUG_LOG" 2>/dev/null
if [ -s "/tmp/resolv.conf.auto" ]; then
cat >> "$DEBUG_LOG" <<-EOF
@@ -414,14 +438,14 @@ fi
cat >> "$DEBUG_LOG" <<-EOF
#===================== 测试本机网络连接 =====================#
#===================== 测试本机网络连接(www.baidu.com) =====================#
EOF
curl -SsI -m 5 www.baidu.com >> "$DEBUG_LOG" 2>/dev/null
cat >> "$DEBUG_LOG" <<-EOF
#===================== 测试本机网络下载 =====================#
#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#
EOF
VERSION_URL="https://raw.githubusercontent.com/vernesong/OpenClash/master/version"

78
luci-app-openclash/root/usr/share/openclash/openclash_debug_dns.lua Normal file
View File

@@ -0,0 +1,78 @@
#!/usr/bin/lua
require "nixio"
require "luci.util"
require "luci.sys"
local uci = require("luci.model.uci").cursor()
local json = require "luci.jsonc"
local datatype = require "luci.cbi.datatypes"
local addr = arg[1]
local function debug_dns()
local info, ip, host
ip = luci.sys.exec("uci -q get network.lan.ipaddr |awk -F '/' '{print $1}' 2>/dev/null |tr -d '\n'")
if not ip or ip == "" then
ip = luci.sys.exec("ip address show $(uci -q -p /tmp/state get network.lan.ifname) | grep -w 'inet' 2>/dev/null |grep -Eo 'inet [0-9\.]+' | awk '{print $2}' | tr -d '\n'")
end
if not ip or ip == "" then
ip = luci.sys.exec("ip addr show 2>/dev/null | grep -w 'inet' | grep 'global' | grep 'brd' | grep -Eo 'inet [0-9\.]+' | awk '{print $2}' | head -n 1 | tr -d '\n'")
end
local port = uci:get("openclash", "config", "cn_port")
local passwd = uci:get("openclash", "config", "dashboard_password") or ""
if datatype.hostname(addr) and ip and port then
info = luci.sys.exec(string.format('curl -sL -m 3 -H "Content-Type: application/json" -H "Authorization: Bearer %s" -XGET http://"%s":"%s"/dns/query?name="%s"', passwd, ip, port, addr))
if info then
info = json.parse(info)
end
if info then
print("Status: "..(info.Status))
print("TC: "..tostring(info.TC))
print("RD: "..tostring(info.RD))
print("RA: "..tostring(info.RA))
print("AD: "..tostring(info.AD))
print("CD: "..tostring(info.CD))
print("")
print("Question: ")
for _, v in pairs(info.Question) do
print(" Name: "..(v.Name))
print(" Qtype: "..(v.Qtype))
print(" Qclass: "..(v.Qclass))
print("")
end
if info.Answer then
print("Answer: ")
for _, v in pairs(info.Answer) do
print(" TTL: "..(v.TTL))
print(" data: "..(v.data:gsub("\n?", "")))
print(" name: "..(v.name))
print(" type: "..(v.type))
print("")
end
end
if info.Additional then
print("Additional: ")
for _, v in pairs(info.Additional) do
print(" TTL: "..(v.TTL))
print(" data: "..(v.data:gsub("\n?", "")))
print(" name: "..(v.name))
print(" type: "..(v.type))
print("")
end
end
if info.Authority then
print("Authority: ")
for _, v in pairs(info.Authority) do
print(" TTL: "..(v.TTL))
print(" data: "..(v.data:gsub("\n?", "")))
print(" name: "..(v.name))
print(" type: "..(v.type))
print("")
end
end
end
end
os.exit(0)
end
debug_dns()

32
luci-app-openclash/root/usr/share/openclash/openclash_server_fake_filter.sh
View File

@@ -1,32 +0,0 @@
#!/bin/bash
. /lib/functions.sh
. /usr/share/openclash/log.sh
SER_FAKE_FILTER_FILE="/tmp/dnsmasq.d/dnsmasq_openclash.conf"
en_mode=$(uci get openclash.config.en_mode 2>/dev/null)
cfg_server_address()
{
local section="$1"
config_get "server" "$section" "server" ""
IFIP=$(echo "$server" |grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$" 2>/dev/null)
IFIP6=$(echo "$server" |grep -E "^([\da-fA-F]{1,4}:){7}[\da-fA-F]{1,4}|:((:[\dafAF]1,4)1,6|:)|:((:[\dafAF]1,4)1,6|:)|^[\da-fA-F]{1,4}:((:[\da-fA-F]{1,4}){1,5}|:)|([\dafAF]1,4:)2((:[\dafAF]1,4)1,4|:)|([\dafAF]1,4:)2((:[\dafAF]1,4)1,4|:)|^([\da-fA-F]{1,4}:){3}((:[\da-fA-F]{1,4}){1,3}|:)|([\dafAF]1,4:)4((:[\dafAF]1,4)1,2|:)|([\dafAF]1,4:)4((:[\dafAF]1,4)1,2|:)|^([\da-fA-F]{1,4}:){5}:([\da-fA-F]{1,4})?|([\dafAF]1,4:)6:|([\dafAF]1,4:)6:" 2>/dev/null)
if [ -z "$IFIP" ] && [ -z "$IFIP6" ] && [ -n "$server" ] && [ -z "$(grep "/$server/" "$SER_FAKE_FILTER_FILE" 2>/dev/null)" ]; then
echo "server=/$server/$custom_domain_dns_server" >> "$SER_FAKE_FILTER_FILE"
else
return
fi
}
#Fake下正确检测节点延迟及获取真实地址
if [ -z "$(echo "$en_mode" |grep "redir-host")" ]; then
rm -rf "$SER_FAKE_FILTER_FILE" 2>/dev/null
mkdir -p /tmp/dnsmasq.d
custom_domain_dns_server=$(uci get openclash.config.custom_domain_dns_server 2>/dev/null)
[ -z "$custom_domain_dns_server" ] && {
custom_domain_dns_server="114.114.114.114"
}
config_load "openclash"
config_foreach cfg_server_address "servers"
fi

128
luci-app-openclash/root/usr/share/openclash/openclash_watchdog.sh
View File

@@ -6,6 +6,8 @@ CLASH_CONFIG="/etc/openclash"
LOG_FILE="/tmp/openclash.log"
PROXY_FWMARK="0x162"
PROXY_ROUTE_TABLE="0x162"
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
CONFIG_FILE="/etc/openclash/$(uci -q get openclash.config.config_path |awk -F '/' '{print $5}' 2>/dev/null)"
ipv6_enable=$(uci -q get openclash.config.ipv6_enable)
enable_redirect_dns=$(uci -q get openclash.config.enable_redirect_dns)
dns_port=$(uci -q get openclash.config.dns_port)
@@ -19,17 +21,18 @@ stream_auto_select_interval=$(uci -q get openclash.config.stream_auto_select_int
NETFLIX_DOMAINS_LIST="/usr/share/openclash/res/Netflix_Domains.list"
NETFLIX_DOMAINS_CUSTOM_LIST="/etc/openclash/custom/openclash_custom_netflix_domains.list"
DISNEY_DOMAINS_LIST="/usr/share/openclash/res/Disney_Plus_Domains.list"
_koolshare=$(cat /usr/lib/os-release 2>/dev/null |grep OPENWRT_RELEASE 2>/dev/null |grep -i koolshare 2>/dev/null)
china_ip_route=$(uci -q get openclash.config.china_ip_route)
en_mode=$(uci -q get openclash.config.en_mode)
fakeip_range=$(uci -q get openclash.config.fakeip_range || echo "198.18.0.1/16")
client_fingerprint=$(uci -q get openclash.config.client_fingerprint || echo 0)
CRASH_NUM=0
CFG_UPDATE_INT=1
STREAM_DOMAINS_PREFETCH=1
STREAM_AUTO_SELECT=1
FW4="$(command -v fw4)"
FW4=$(command -v fw4)
check_dnsmasq() {
if [ -z "$(echo "$en_mode" |grep "redir-host")" ] && [ "$china_ip_route" -eq 1 ]; then
if [ -z "$(echo "$en_mode" |grep "redir-host")" ] && [ "$china_ip_route" -eq 1 ] && [ "$enable_redirect_dns" = "1" ]; then
if [ "$(nslookup www.baidu.com 127.0.0.1:12353 >/dev/null 2>&1 || echo $?)" != "1" ]; then
DNSPORT=$(uci -q get dhcp.@dnsmasq[0].port)
if [ -z "$DNSPORT" ]; then
@@ -104,6 +107,7 @@ do
stream_auto_select_discovery_plus=$(uci -q get openclash.config.stream_auto_select_discovery_plus || echo 0)
stream_auto_select_bilibili=$(uci -q get openclash.config.stream_auto_select_bilibili || echo 0)
stream_auto_select_google_not_cn=$(uci -q get openclash.config.stream_auto_select_google_not_cn || echo 0)
upnp_lease_file=$(uci -q get upnpd.config.upnp_lease_file)
enable=$(uci -q get openclash.config.enable)
@@ -111,6 +115,7 @@ if [ "$enable" -eq 1 ]; then
clash_pids=$(pidof clash |sed 's/$//g' |wc -l)
if [ "$clash_pids" -gt 1 ]; then
LOG_OUT "Watchdog: Multiple Clash Processes, Kill All..."
clash_pids=$(pidof clash |sed 's/$//g')
for clash_pid in $clash_pids; do
kill -9 "$clash_pid" 2>/dev/null
done >/dev/null 2>&1
@@ -119,27 +124,20 @@ if [ "$enable" -eq 1 ]; then
if ! pidof clash >/dev/null; then
CRASH_NUM=$(expr "$CRASH_NUM" + 1)
if [ "$CRASH_NUM" -le 3 ]; then
RAW_CONFIG_FILE=$(uci -q get openclash.config.config_path)
CONFIG_FILE="/etc/openclash/$(uci -q get openclash.config.config_path |awk -F '/' '{print $5}' 2>/dev/null)"
LOG_OUT "Watchdog: Clash Core Problem, Restart..."
if [ -z "$_koolshare" ]; then
touch /tmp/openclash.log 2>/dev/null
chmod o+w /etc/openclash/proxy_provider/* 2>/dev/null
chmod o+w /etc/openclash/rule_provider/* 2>/dev/null
chmod o+w /etc/openclash/history/* 2>/dev/null
chmod o+w /tmp/openclash.log 2>/dev/null
chmod o+w /etc/openclash/cache.db 2>/dev/null
chown nobody:nogroup /etc/openclash/core/* 2>/dev/null
capabilties="cap_sys_resource,cap_dac_override,cap_net_raw,cap_net_bind_service,cap_net_admin,cap_sys_ptrace"
capsh --caps="${capabilties}+eip" -- -c "capsh --user=nobody --addamb='${capabilties}' -- -c 'nohup $CLASH -d $CLASH_CONFIG -f \"$CONFIG_FILE\" >> $LOG_FILE 2>&1 &'" >> $LOG_FILE 2>&1
else
nohup $CLASH -d $CLASH_CONFIG -f "$CONFIG_FILE" >> $LOG_FILE 2>&1 &
fi
LOG_OUT "Watchdog: Clash Core Problem, Restart..."
touch /tmp/openclash.log 2>/dev/null
chmod o+w /etc/openclash/proxy_provider/* 2>/dev/null
chmod o+w /etc/openclash/rule_provider/* 2>/dev/null
chmod o+w /etc/openclash/history/* 2>/dev/null
chmod o+w /tmp/openclash.log 2>/dev/null
chmod o+w /etc/openclash/cache.db 2>/dev/null
chown nobody:nogroup /etc/openclash/core/* 2>/dev/null
capabilties="cap_sys_resource,cap_dac_override,cap_net_raw,cap_net_bind_service,cap_net_admin,cap_sys_ptrace"
capsh --caps="${capabilties}+eip" -- -c "capsh --user=nobody --addamb='${capabilties}' -- -c 'nohup $CLASH -d $CLASH_CONFIG -f \"$CONFIG_FILE\" >> $LOG_FILE 2>&1 &'" >> $LOG_FILE 2>&1
sleep 3
if [ "$core_type" == "TUN" ] || [ "$core_type" == "Meta" ]; then
ip route replace default dev utun table "$PROXY_ROUTE_TABLE" 2>/dev/null
ip rule add fwmark "$PROXY_FWMARK" table "$PROXY_ROUTE_TABLE" 2>/dev/null
ifconfig utun mtu 65535 >/dev/null 2>&1
fi
sleep 60
continue
@@ -153,6 +151,38 @@ if [ "$enable" -eq 1 ]; then
fi
fi
##client-fingerprint
if [ "$client_fingerprint" != "0" ] && [ "$core_type" == "Meta" ]; then
ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
begin
Value = YAML.load_file('$CONFIG_FILE');
if Value.key?('proxy-providers') and not Value['proxy-providers'].nil? then
Value['proxy-providers'].values.each{
|x,p,v|
if x.key?('path') and not x['path'].empty? then
p = '/etc/openclash/proxy_provider/'+File.basename(x['path']);
if File::exist?(p) then
v = YAML.load_file(p);
if v.key?('proxies') and not v['proxies'].nil? then
v['proxies'].each{
|z|
if z['type'] == 'vmess' or z['type'] == 'vless' or z['type'] == 'trojan' then
if z['client-fingerprint'] != '${client_fingerprint}' then
z['client-fingerprint'] = '${client_fingerprint}';
end;
end;
};
end;
File.open(p,'w') {|f| YAML.dump(v, f)};
end;
end;
};
end;
rescue Exception => e
puts '${LOGTIME} Watchdog: Edit Client-fingerprint Failed,【' + e.message + '】';
end" 2>/dev/null >> $LOG_FILE
fi
## Porxy history
/usr/share/openclash/openclash_history_get.sh
@@ -179,9 +209,9 @@ fi
check_dnsmasq
## Localnetwork 刷新
lan_ip_cidrs=$(ip route | grep "/" | awk '{print $1}' | grep -vE "^198.18" 2>/dev/null)
lan_ip_cidrs=$(ip route | grep "/" | awk '{print $1}' | grep -vE "^$(echo "$fakeip_range"|awk -F '.' '{print $1"."$2}')" 2>/dev/null)
lan_ip6_cidrs=$(ip -6 route | grep "/" | awk '{print $1}' | grep -vE "^unreachable" 2>/dev/null)
wan_ip4s=$(ifconfig | grep 'inet addr' | awk '{print $2}' | cut -d: -f2 | grep -vE "(^198.18|^192.168|^127.0)" 2>/dev/null)
wan_ip4s=$(ifconfig | grep 'inet addr' | awk '{print $2}' | cut -d: -f2 | grep -vE "(^$(echo "$fakeip_range"|awk -F '.' '{print $1"."$2}')|^192.168|^127.0)" 2>/dev/null)
if [ -n "$FW4" ]; then
if [ -n "$lan_ip_cidrs" ]; then
for lan_ip_cidr in $lan_ip_cidrs; do
@@ -235,8 +265,60 @@ fi
fi
fi
## UPNP
if [ -f "$upnp_lease_file" ]; then
#del
if [ -n "$FW4" ]; then
for i in `$(nft list chain inet fw4 openclash_upnp |grep "return")`
do
upnp_ip=$(echo "$i" |awk -F 'ip saddr \\{ ' '{print $2}' |awk '{print $1}')
upnp_dp=$(echo "$i" |awk -F 'udp sport ' '{print $2}' |awk '{print $1}')
if [ -n "$upnp_ip" ] && [ -n "$upnp_dp" ]; then
if [ -z "$(cat "$upnp_lease_file" |grep "$upnp_ip" |grep "$upnp_dp")" ]; then
handles=$(nft list chain inet fw4 openclash_upnp |grep "$i" |awk -F '# handle ' '{print$2}')
for handle in $handles; do
nft delete rule inet fw4 openclash_upnp handle ${handle}
done
fi
fi
done >/dev/null 2>&1
else
for i in `$(iptables -t mangle -nL openclash_upnp |grep "RETURN")`
do
upnp_ip=$(echo "$i" |awk '{print $4}')
upnp_dp=$(echo "$i" |awk -F 'udp spt:' '{print $2}')
if [ -n "$upnp_ip" ] && [ -n "$upnp_dp" ]; then
if [ -z "$(cat "$upnp_lease_file" |grep "$upnp_ip" |grep "$upnp_dp")" ]; then
iptables -t mangle -D openclash_upnp -p udp -s "$upnp_ip" --sport "$upnp_dp" -j RETURN 2>/dev/null
fi
fi
done >/dev/null 2>&1
fi
#add
if [ -s "$upnp_lease_file" ] && [ -n "$(iptables --line-numbers -t nat -xnvL openclash_upnp 2>/dev/null)"] || [ -n "$(nft list chain inet fw4 openclash_upnp 2>/dev/null)"]; then
cat "$upnp_lease_file" |while read -r line
do
if [ -n "$line" ]; then
upnp_ip=$(echo "$line" |awk -F ':' '{print $3}')
upnp_dp=$(echo "$line" |awk -F ':' '{print $4}')
if [ -n "$upnp_ip" ] && [ -n "$upnp_dp" ]; then
if [ -n "$FW4" ]; then
if [ -z "$(nft list chain inet fw4 openclash_upnp |grep "$upnp_ip" |grep "$upnp_dp")" ]; then
nft add rule inet fw4 openclash_upnp ip saddr { "$upnp_ip" } udp sport "$upnp_dp" counter return 2>/dev/null
fi
else
if [ -z "$(iptables -t mangle -nL openclash_upnp |grep "$upnp_ip" |grep "$upnp_dp")" ]; then
iptables -t mangle -A openclash_upnp -p udp -s "$upnp_ip" --sport "$upnp_dp" -j RETURN 2>/dev/null
fi
fi
fi
fi
done >/dev/null 2>&1
fi
fi
## DNS转发劫持
if [ "$enable_redirect_dns" -ne 0 ]; then
if [ "$enable_redirect_dns" = "1" ]; then
if [ -z "$(uci -q get dhcp.@dnsmasq[0].server |grep "$dns_port")" ] || [ ! -z "$(uci -q get dhcp.@dnsmasq[0].server |awk -F ' ' '{print $2}')" ]; then
LOG_OUT "Watchdog: Force Reset DNS Hijack..."
uci -q del dhcp.@dnsmasq[-1].server

716
luci-app-openclash/root/usr/share/openclash/res/default.yaml
View File

@@ -1,85 +1,70 @@
# Copyright (c) 2018 Dreamacro
# 接管:不支持在此页面直接修改,请到全局设置页面进行修改
# 官方配置模板https://github.com/Dreamacro/clash/wiki/Configuration
# Meta配置模板https://github.com/MetaCubeX/Clash.Meta/blob/Alpha/docs/config.yaml
# 接管:部分参数不支持在此页面直接修改,请到全局设置页面进行修改
# Port of HTTP(S) proxy server on the local end
# 此项将被接管
port: 7890
# Port of SOCKS5 proxy server on the local end
# 此项将被接管
socks-port: 7891
# Transparent proxy server port for Linux and macOS
# 此项将被接管
# Transparent proxy server port for Linux and macOS (Redirect TCP and TProxy UDP)
redir-port: 7892
# HTTP(S) and SOCKS5 server on the same port
mixed-port: 7890
# Transparent proxy server port for Linux (TProxy TCP and TProxy UDP)
tproxy-port: 7893
# HTTP(S) and SOCKS4(A)/SOCKS5 server on the same port
mixed-port: 7893
# authentication of local SOCKS5/HTTP(S) server
# authentication:
# - "user1:pass1"
# - "user2:pass2"
# Set to true to allow connections to the local-end server from
# other LAN IP addresses
# 此项将被接管为true
allow-lan: true
# This is only applicable when `allow-lan` is `true`
# '*': bind all IP addresses
# 192.168.122.11: bind a single IPv4 address
# "[aaaa::a8aa:ff:fe09:57d8]": bind a single IPv6 address
# HTTP(S)\SOCKS5 监听地址此项将被接管为all
bind-address: "*"
bind-address: '*'
# Clash router working mode
# rule: rule-based packet routing
# global: all packets will be forwarded to a single endpoint
# direct: directly forward the packets to the Internet
# 此项将被接管
mode: rule
# Clash by default prints logs to STDOUT
# info / warning / error / debug / silent
# 此项将被接管
log-level: info
# log-level: info
# When set to false, resolver won't translate hostnames to IPv6 addresses
# 此项将被接管
ipv6: false
# ipv6: false
# RESTful web API listening address
# 此项将被接管
external-controller: 0.0.0.0:9090
external-controller: 127.0.0.1:9090
# A relative path to the configuration directory or an absolute path to a
# directory in which you put some static web resource. Clash core will then
# serve it at `http://{{external-controller}}/ui`.
# 此项将被接管
external-ui: "/usr/share/openclash/ui"
# external-ui: folder
# Secret for the RESTful API (optional)
# Authenticate by spedifying HTTP header `Authorization: Bearer ${secret}`
# ALWAYS set a secret if RESTful API is listening on 0.0.0.0
# 此项将被接管
secret: '123456'
# secret: ""
# authentication of local SOCKS5/HTTP(S) server
# 此项将被接管
authentication:
- "user1:pass1"
- "user2:pass2"
# Outbound interface name
interface-name: br-lan
# interface-name: en0
# tun option
# 此项将被接管
tun:
# enable: false
# stack: system
# dns-hijack:
# - tcp://8.8.8.8:53
# - tcp://8.8.4.4:53
# fwmark on Linux only
# routing-mark: 6666
# Static hosts for DNS server and connection establishment, only works
# when `dns.enhanced-mode` is `redir-host`.
# Static hosts for DNS server and connection establishment (like /etc/hosts)
#
# Wildcard hostnames are supported (e.g. *.clash.dev, *.foo.*.example.com)
# Non-wildcard domain names have a higher priority than wildcard domain names
@@ -89,30 +74,32 @@ hosts:
# '*.clash.dev': 127.0.0.1
# '.dev': 127.0.0.1
# 'alpha.clash.dev': '::1'
profile:
# store the `select` results in $HOME/.config/clash/.cache
# Store the `select` results in $HOME/.config/clash/.cache
# set false If you don't want this behavior
# when two different configurations have groups with the same name, the selected values are shared
# set false if you don't want this behavior
store-selected: true
# open tracing exporter API
tracing: true
# persistence fakeip
store-fake-ip: true
# DNS server settings
# This section is optional. When not present, the DNS server will be disabled.
# 如订阅配置无包括此项的所有DNS设置OpenClash将自动添加
dns:
enable: true # set true to enable dns (default is false) # 此项将被接管为true
ipv6: false # default is false # 此项将被接管
listen: 0.0.0.0:53 # 端口为53时将被接管为7874
enable: true
listen: 0.0.0.0:53
# ipv6: false # when the false, response to AAAA questions will be empty
# These nameservers are used to resolve the DNS nameserver hostnames below.
# Specify IP addresses only
default-nameserver:
- 114.114.114.114
- 8.8.8.8
enhanced-mode: redir-host # or fake-ip # 此项将被接管
fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR # 此项将被接管
use-hosts: true # lookup hosts and return IP record # 此项将被接管
enhanced-mode: fake-ip # or redir-host (not recommended)
fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR
# use-hosts: true # lookup hosts and return IP record
# Hostnames in this list will not be resolved with fake IPs
# i.e. questions to these domain names will always be answered with their
# real IP addresses
@@ -124,287 +111,362 @@ dns:
# All DNS questions are sent directly to the nameserver, without proxies
# involved. Clash answers the DNS question with the first result gathered.
nameserver:
- 114.114.114.114
- https://1.1.1.1/dns-query # dns over https
fallback: # concurrent request with nameserver, fallback used when GEOIP country isn't CN
- tcp://1.1.1.1
fallback-filter:
geoip: true # default
ipcidr: # ips in these subnets will be considered polluted
- 240.0.0.0/4
- 114.114.114.114 # default value
#- 8.8.8.8 # default value
#- tls://dns.rubyfish.cn:853 # DNS over TLS
#- https://1.1.1.1/dns-query # DNS over HTTPS
#- dhcp://en0 # dns from dhcp
# - '8.8.8.8#en0'
# When `fallback` is present, the DNS server will send concurrent requests
# to the servers in this section along with servers in `nameservers`.
# The answers from fallback servers are used when the GEOIP country
# is not `CN`.
# fallback:
# - tcp://1.1.1.1
# - 'tcp://1.1.1.1#en0'
# If IP addresses resolved with servers in `nameservers` are in the specified
# subnets below, they are considered invalid and results from `fallback`
# servers are used instead.
#
# IP address resolved with servers in `nameserver` is used when
# `fallback-filter.geoip` is true and when GEOIP of the IP address is `CN`.
#
# If `fallback-filter.geoip` is false, results from `nameserver` nameservers
# are always used if not match `fallback-filter.ipcidr`.
#
# This is a countermeasure against DNS pollution attacks.
# fallback-filter:
# geoip: true
# geoip-code: CN
# ipcidr:
# - 240.0.0.0/4
# domain:
# - '+.google.com'
# - '+.facebook.com'
# - '+.youtube.com'
# 以上设置您可直接覆盖到配置文件,无需更改
# Openclash 不会对下方服务器设置进行任何更改,请确保设置正确
# Lookup domains via specific nameservers
# nameserver-policy:
# 'www.baidu.com': '114.114.114.114'
# '+.internal.crop.com': '10.0.0.1'
#proxy-providers: # 代理集设置此部分与Proxy两者不能同时删除
# pro:
# type: http
# path: ./proxy_provider/pro.yaml
# url: https://xxx
# interval: 3600
# health-check:
# enable: true
# url: http://www.gstatic.com/generate_204
# interval: 300
# iplc:
# type: file
# path: ./proxy_provider/iplc.yaml
# health-check:
# enable: true
# url: http://www.gstatic.com/generate_204
# interval: 300
proxies: # 节点设置此部分与proxy-provider两者不能同时删除
proxies:
# Shadowsocks
# The supported ciphers (encryption methods):
# aes-128-gcm aes-192-gcm aes-256-gcm
# aes-128-cfb aes-192-cfb aes-256-cfb
# aes-128-ctr aes-192-ctr aes-256-ctr
# rc4-md5 chacha20-ietf xchacha20
# chacha20-ietf-poly1305 xchacha20-ietf-poly1305
- name: "ss1"
type: ss
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
# udp: true
# shadowsocks
# The supported ciphers(encrypt methods):
# aes-128-gcm aes-192-gcm aes-256-gcm
# aes-128-cfb aes-192-cfb aes-256-cfb
# aes-128-ctr aes-192-ctr aes-256-ctr
# rc4-md5 chacha20-ietf xchacha20
# chacha20-ietf-poly1305 xchacha20-ietf-poly1305
- name: "ss1"
type: ss
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
# udp: true
- name: "ss2"
type: ss
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
plugin: obfs
plugin-opts:
mode: tls # or http
# host: bing.com
# old obfs configuration remove after prerelease
- name: "ss2"
type: ss
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
plugin: obfs
plugin-opts:
mode: tls # or http
# host: bing.com
- name: "ss3"
type: ss
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
plugin: v2ray-plugin
plugin-opts:
mode: websocket # no QUIC now
# tls: true # wss
# skip-cert-verify: true
# host: bing.com
# path: "/"
# mux: true
# headers:
# custom: value
- name: "ss3"
type: ss
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
plugin: v2ray-plugin
plugin-opts:
mode: websocket # no QUIC now
# tls: true # wss
# skip-cert-verify: true
# host: bing.com
# path: "/"
# headers:
# custom: value
# vmess
# cipher support auto/aes-128-gcm/chacha20-poly1305/none
- name: "vmess"
type: vmess
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
# udp: true
# tls: true
# skip-cert-verify: true
# servername: example.com # priority over wss host
# network: ws
# ws-opts:
# path: /path
# headers:
# Host: v2ray.com
# max-early-data: 2048
# early-data-header-name: Sec-WebSocket-Protocol
# shadowsocksR
#The supported shadowsocksR ciphers(encrypt methods):
#aes-128-cfb aes-192-cfb aes-256-cfb
#aes-128-ctr aes-192-ctr aes-256-ctr
#rc4-md5 chacha20-ietf xchacha20
#The supported shadowsocksR obfses:
#plain http_simple http_post
#random_head tls1.2_ticket_auth tls1.2_ticket_fastauth
#The supported shadowsocksR protocols:
#origin auth_sha1_v4 auth_aes128_md5
#auth_aes128_sha1 auth_chain_a auth_chain_b
- name: "ssr"
type: ssr
server: server
port: 443
cipher: chacha20-ietf
password: "password"
obfs: tls1.2_ticket_auth
protocol: auth_sha1_v4
# obfs-param: domain.tld
# protocol-param: "#"
# udp: true
# vmess
# cipher support auto/aes-128-gcm/chacha20-poly1305/none
- name: "vmess"
type: vmess
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
# udp: true
# tls: true
# skip-cert-verify: true
# servername: example.com # priority over wss host
# network: ws
# ws-opts:
# path: /path
# headers:
# Host: v2ray.com
# max-early-data: 2048
# early-data-header-name: Sec-WebSocket-Protocol
- name: "vmess-http"
type: vmess
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
# udp: true
# network: http
# http-opts:
# # method: "GET"
# # path:
# # - '/'
# # - '/video'
# # headers:
# # Connection:
# # - keep-alive
# socks5
- name: "socks"
type: socks5
server: server
port: 443
# username: username
# password: password
# tls: true
# skip-cert-verify: true
# udp: true
# http
- name: "http"
type: http
server: server
port: 443
# username: username
# password: password
# tls: true # https
# skip-cert-verify: true
# snell
- name: "snell"
type: snell
server: server
port: 44046
psk: yourpsk
# obfs-opts:
# mode: http # or tls
# host: bing.com
# trojan
- name: "trojan"
type: trojan
server: server
port: 443
password: yourpsk
# udp: true
# sni: example.com # aka server name
# alpn:
# - h2
# - http/1.1
# skip-cert-verify: true
# Openclash 不会对下方策略组设置进行任何更改,请确保设置正确
proxy-groups: # 此参数必须保留,不能删除
# relay chains the proxies. proxies shall not contain a proxy-group. No UDP support.
# Traffic: clash <-> http <-> vmess <-> ss1 <-> ss2 <-> Internet
- name: "relay"
type: relay
proxies:
- http
- vmess
- ss1
- ss2
# url-test select which proxy will be used by benchmarking speed to a URL.
- name: "auto"
type: url-test
proxies:
- ss1
- ss2
- vmess1
url: 'http://www.gstatic.com/generate_204'
interval: 300
# fallback select an available policy by priority. The availability is tested by accessing an URL, just like an auto url-test group.
- name: "fallback-auto"
type: fallback
proxies:
- ss1
- ss2
- vmess1
url: 'http://www.gstatic.com/generate_204'
interval: 300
# load-balance: The request of the same eTLD will be dial on the same proxy.
- name: "load-balance"
type: load-balance
strategy: consistent-hashing # or round-robin
proxies:
- ss1
- ss2
- vmess1
url: 'http://www.gstatic.com/generate_204'
interval: 300
# select is used for selecting proxy or proxy group
# you can use RESTful API to switch proxy, is recommended for use in GUI.
- name: Proxy
type: select
proxies:
- ss1
- ss2
- vmess1
- auto
- name: "vmess-h2"
type: vmess
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
network: h2
tls: true
h2-opts:
host:
- http.example.com
- http-alt.example.com
path: /
- name: UseProvider
type: select
use:
- provider1
proxies:
- Proxy
- DIRECT
- name: "vmess-http"
type: vmess
server: server
port: 443
uuid: uuid
alterId: 32
cipher: auto
# udp: true
# network: http
# http-opts:
# # method: "GET"
# # path:
# # - '/'
# # - '/video'
# # headers:
# # Connection:
# # - keep-alive
# https://lancellc.gitbook.io/clash/clash-config-file/rule-provider
#rule-providers:
# name: # name of the provider
# type: http # type of the provider, it can be a HTTP or a File
# behavior: classical # or ipcidr、domain
# path: # where is the file, ./ relative to clash home
# url: # only available when type is HTTP, where to download a file. You don't need to create a new file in local space.
# interval: # auto-update interval, only available when type is HTTP
- name: vmess-grpc
server: server
port: 443
type: vmess
uuid: uuid
alterId: 32
cipher: auto
network: grpc
tls: true
servername: example.com
# skip-cert-verify: true
grpc-opts:
grpc-service-name: "example"
# https://lancellc.gitbook.io/clash/clash-config-file/script
#script:
# code: |
# def main(ctx, metadata):
# ip = metadata["dst_ip"] = ctx.resolve_ip(metadata["host"])
# if ip == "":
# return "DIRECT"
#
# code = ctx.geoip(ip)
# if code == "LAN" or code == "CN":
# return "DIRECT"
#
# return "Proxy" # default policy for requests which are not matched by any other script
rules: # 此参数必须保留,不能删除
# 如果您将一直使用第三方规则,下方可以留空。
- DOMAIN-SUFFIX,google.com,auto
- DOMAIN-KEYWORD,google,auto
- DOMAIN,google.com,auto
- DOMAIN-SUFFIX,ad.com,REJECT
- IP-CIDR,127.0.0.0/8,DIRECT
# rename SOURCE-IP-CIDR and would remove after prerelease
- SRC-IP-CIDR,192.168.1.201/32,DIRECT
- GEOIP,CN,DIRECT
- DST-PORT,80,DIRECT
- SRC-PORT,7777,DIRECT
# or use rule with provider
- RULE-SET,name,Proxy
- MATCH,auto
# socks5
- name: "socks"
type: socks5
server: server
port: 443
# username: username
# password: password
# tls: true
# skip-cert-verify: true
# udp: true
# http
- name: "http"
type: http
server: server
port: 443
# username: username
# password: password
# tls: true # https
# skip-cert-verify: true
# sni: custom.com
# Snell
# Beware that there's currently no UDP support yet
- name: "snell"
type: snell
server: server
port: 44046
psk: yourpsk
# version: 2
# obfs-opts:
# mode: http # or tls
# host: bing.com
# Trojan
- name: "trojan"
type: trojan
server: server
port: 443
password: yourpsk
# udp: true
# sni: example.com # aka server name
# alpn:
# - h2
# - http/1.1
# skip-cert-verify: true
- name: trojan-grpc
server: server
port: 443
type: trojan
password: "example"
network: grpc
sni: example.com
# skip-cert-verify: true
udp: true
grpc-opts:
grpc-service-name: "example"
- name: trojan-ws
server: server
port: 443
type: trojan
password: "example"
network: ws
sni: example.com
# skip-cert-verify: true
udp: true
# ws-opts:
# path: /path
# headers:
# Host: example.com
# ShadowsocksR
# The supported ciphers (encryption methods): all stream ciphers in ss
# The supported obfses:
# plain http_simple http_post
# random_head tls1.2_ticket_auth tls1.2_ticket_fastauth
# The supported supported protocols:
# origin auth_sha1_v4 auth_aes128_md5
# auth_aes128_sha1 auth_chain_a auth_chain_b
- name: "ssr"
type: ssr
server: server
port: 443
cipher: chacha20-ietf
password: "password"
obfs: tls1.2_ticket_auth
protocol: auth_sha1_v4
# obfs-param: domain.tld
# protocol-param: "#"
# udp: true
proxy-groups:
# relay chains the proxies. proxies shall not contain a relay. No UDP support.
# Traffic: clash <-> http <-> vmess <-> ss1 <-> ss2 <-> Internet
- name: "relay"
type: relay
proxies:
- http
- vmess
- ss1
- ss2
# url-test select which proxy will be used by benchmarking speed to a URL.
- name: "auto"
type: url-test
proxies:
- ss1
- ss2
- vmess1
# tolerance: 150
# lazy: true
url: 'http://www.gstatic.com/generate_204'
interval: 300
# fallback selects an available policy by priority. The availability is tested by accessing an URL, just like an auto url-test group.
- name: "fallback-auto"
type: fallback
proxies:
- ss1
- ss2
- vmess1
url: 'http://www.gstatic.com/generate_204'
interval: 300
# load-balance: The request of the same eTLD+1 will be dial to the same proxy.
- name: "load-balance"
type: load-balance
proxies:
- ss1
- ss2
- vmess1
url: 'http://www.gstatic.com/generate_204'
interval: 300
# strategy: consistent-hashing # or round-robin
# select is used for selecting proxy or proxy group
# you can use RESTful API to switch proxy is recommended for use in GUI.
- name: Proxy
type: select
# disable-udp: true
proxies:
- ss1
- ss2
- vmess1
- auto
# direct to another infacename or fwmark, also supported on proxy
- name: en1
type: select
interface-name: en1
routing-mark: 6667
proxies:
- DIRECT
- name: UseProvider
type: select
use:
- provider1
proxies:
- Proxy
- DIRECT
proxy-providers:
provider1:
type: http
url: "url"
interval: 3600
path: ./provider1.yaml
health-check:
enable: true
interval: 600
# lazy: true
url: http://www.gstatic.com/generate_204
test:
type: file
path: /test.yaml
health-check:
enable: true
interval: 36000
url: http://www.gstatic.com/generate_204
tunnels:
# one line config
#- tcp/udp,127.0.0.1:6553,114.114.114.114:53,proxy
#- tcp,127.0.0.1:6666,rds.mysql.com:3306,vpn
# full yaml config
#- network: [tcp, udp]
# address: 127.0.0.1:7777
# target: target.com
# proxy: proxy
rules:
- DOMAIN-SUFFIX,google.com,auto
- DOMAIN-KEYWORD,google,auto
- DOMAIN,google.com,auto
- DOMAIN-SUFFIX,ad.com,REJECT
- SRC-IP-CIDR,192.168.1.201/32,DIRECT
# optional param "no-resolve" for IP rules (GEOIP, IP-CIDR, IP-CIDR6)
- IP-CIDR,127.0.0.0/8,DIRECT
- GEOIP,CN,DIRECT
- DST-PORT,80,DIRECT
- SRC-PORT,7777,DIRECT
- RULE-SET,apple,REJECT # Premium only
- MATCH,auto

35
luci-app-openclash/root/usr/share/openclash/res/game_rules.list
View File

@@ -1,11 +1,12 @@
300英雄,300hero-cn.rules
永恒之塔-台服,Aion-TW.rules
美国卡车模拟国际服,American-Truck-Simulator.rules
太空狼人杀,Among Us.rules
圣歌,Anthem.rules
Apex-uu,Apex-uu.rules
Apex英雄,Apex.rules
武装突袭(Codefourgaming和官服),Arma3.rules
Apex英雄-uu策略,Apex-uu.rules
方舟:生存进化,ARK--Survival-Evolved.rules
武装突袭(Codefourgaming和官服),Arma3.rules
刺客信条:奥德赛,Assassin's-Creed-Odyssey.rules,Assassins-Creed-Odyssey.rules
刺客信条:起源,Assassin's-Creed-Origins.rules,Assassins-Creed-Origins.rules
Atlas-全区,Atlas.rules
@@ -16,14 +17,17 @@ Atlas-全区,Atlas.rules
黑色幸存者,BlackSurvivor.rules
剑灵台服,Blade&Soul TW.rules
剑灵-日服,Blade-&-Soul-jp.rules
剑灵-国服全部区服UU规则,Blood-&-Soul-CN-TestServer-NantianGuo-Alpha.rules
剑灵-国服-南天国(测试版),Blood-&-Soul-CN.rules
剑灵-国服全部区服UU规则,Blood-&-Soul-CN.rules
剑灵-国服-南天国(测试版),Blood-&-Soul-CN-TestServer-NantianGuo-Alpha.rules
无主之地3,Borderlands3-asia.rules
泡泡战士-跑跑卡丁车-韩服,BubbleFighter-KartRider-KR.rules
使命召唤4现代战争重置版,Call-Of-Duty-4-Modern-Warfare.rules
使命召唤15亚服,Call-Of-Duty15-Asia.rules
使命召唤16&19现代战争I&II,Call-Of-Duty-Modern-Warfare.rules
使命召唤17冷战,Call-Of-Duty17-ColdWar.rules
英雄连2,Company-Of-Heroes-2.rules
反恐精英:全球攻势,CS-GO.rules
反恐精英:全球攻势-港服(uu),CSGO-HKuu.rules
反恐精英:全球攻势-港服(tx),CSGO-HKtx.rules
反恐精英:全球攻势-日服(tx),CSGO-JPtx.rules
反恐精英:全球攻势-美服(tx),CSGO-UStx.rules
@@ -37,27 +41,31 @@ DayZ-steam,DayZ.rules
天命2-欧服/命运2-欧服,Destiny2-EU.rules
命运2-steam,Destiny2-steam.rules
天命2-美服/命运2-美服,Destiny2-US.rules
暗黑破坏神2重制版-亚服,Diablo-2-Resurrected.rules
暗黑破坏神3-亚服,Diablo3-Asia.rules
暗黑破坏神3-美服,Diablo3-US.rules
脏弹-Steam,Dirty-Bomb.rules
Discord,Discord-All.rules
饥荒-steam,Don't-Starve-steam.rules,Dont-Starve-steam.rules
刀塔霸业,Dota-Underlords.rules
DOTA2-日服,Dota2-jp.rules
刀塔霸业,Dota-Underlords.rules
逃离塔科夫,Escape-from-Tarkov.rules
欧卡2所有分区-UU,Euro-Truck-Simulator-2.rules
Eve-online欧服,Eve-online.rules
FIFA19,FiFa19-INT.rules
FIFA20,FIFA20.rules
最终幻想14国服,FINAL-FANTASY-XIV-cn.rules
糖豆人,Fall-Guys.rules
最终幻想14,Final-Fantasy-XIV.rules
最终幻想14国服,FINAL-FANTASY-XIV-cn.rules
荣耀战魂,For-Honour.rules
堡垒之夜-亚服,Fortnite-AS.rules
堡垒之夜-国服,Fortnite-cn.rules
极限竞速地平线4,Forza-Horizon-4.rules
极限竞速地平线5,Forza-Horizon-5.rules
极限竞速7,Forza-Motorsport-7.rules
基佬大乱斗Gang-Beasts,Gang-Beasts.rules
GTA5,GTA-5.rules
鹅鸭杀-港服,Goose-Goose-Duck-HK.rules
Grand Theft Auto V(GTA5),Grand Theft Auto V.rules
激战2,Guild-Wars-2.rules
巫师昆特牌国际服,Gwent_The-Witcher-Card-game.rules
杀手2外服,HITMAN2.rules
@@ -77,10 +85,15 @@ Kurtzpel,Kurtzpel.rules
失落的方舟韩服,Lost-Ark.rules
失落的方舟俄服,Lostark-RU.rules
冒险岛,Maplestory-us.rules
心灵终结,MentalOmega.rules
微软模拟飞行年度版,Microsoft-Flight-Simulator-Game-Of-The-Year-Edition.rules
微软商店,Microsoft-Srote.rules
我的世界-地下城,Minecraft-Dungeons.rules
传奇4,MIR4-asia.rules
误造,Miscreated.rules
怪兽世界猎人steam版,Monster-Hunter-World.rules
万智牌:竞技场-国际服,MTG-Arena.rules
奇迹传奇MU2,MU2.rules
我的世界-地下城,Minecraft-Dungeons.rules
NBA-2K19,NBA-2K19.rules
NBA2K20,NBA2K20.rules
仁王,NIOH.rules
@@ -114,7 +127,7 @@ Roblox,Roblox.rules
星球大战2前线,Star-Wars-BattlefrontII.rules
StarCraft-亚服,StarCraft-2-asia.rules
星际争霸2-国服,StarCraftⅡ-cn.rules,StarCraft2-cn.rules
Steam-社区(Beta),Steam.rules
Steam-社区,Steam.rules
极限巅峰,Steep.rules
街头霸王5,Street-Fighter-V.rules
神谕之战,TERA.rules
@@ -127,6 +140,7 @@ Steam-社区(Beta),Steam.rules
幽灵行动:荒野,Tom-Clancy's-Ghost-Recon-Wildlands.rules,Tom-Clancys-Ghost-Recon-Wildlands.rules
彩虹六号-围攻-全部,Tom-Clancy's-Rainbow-Six-Siege-all.rules,Tom-Clancys-Rainbow-Six-Siege-all.rules
彩虹六号-围攻-EAS,Tom-Clancy's-Rainbow-Six-Siege-EAS.rules,Tom-Clancys-Rainbow-Six-Siege-EAS.rules
彩虹六号-异种-全部,Tom-Clancy's-Rainbow-Six-Extraction-all.rules,Tom-Clancys-Rainbow-Six-Extraction-all.rules
全境封锁,Tom-clancy's-The-Division-2.rules,Tom-clancys-The-Division-2.rules
全境封锁2,Tom-clancy's-The-Division.rules,Tom-clancys-The-Division.rules
未转变者Unturned,Unturned.rules
@@ -136,12 +150,15 @@ Steam-社区(Beta),Steam.rules
看门狗,Watch-Dogs.rules
看门狗2,Watch-Dogs2.rules
求生意志OL,Will-To-Live-Online.rules
第三次世界大战-欧服,World-War-3.rules
坦克世界-亚服,World-of-Tanks-Asia.rules
坦克世界-国服,World-of-Tanks-cn.rules
坦克世界闪电战,World-of-Tanks-Blitz.rules
魔兽世界台服,World-of-warcraft-tw.rules
战舰世界-亚服,World-of-Warships-US.rules
战舰世界-欧服,World-of-warships-EU.rules
战舰世界-美服,World-of-Warships.rules
战舰世界国服UU,World-of-Warships-CN.rules
僵尸世界大战,Worldwar-Z.rules
魔兽世界-欧服,WoW-EU.rules
游戏王决斗链接,YO-GI-HO delulinks.rules

1
luci-app-openclash/root/usr/share/openclash/ui/dashboard/assets/index-6ac9f125.js Normal file
View File

File diff suppressed because one or more lines are too long

0
luci-app-openclash/root/usr/share/openclash/ui/dashboard/assets/index.7e15a32d.css → luci-app-openclash/root/usr/share/openclash/ui/dashboard/assets/index-7e15a32d.css
View File

1
luci-app-openclash/root/usr/share/openclash/ui/dashboard/assets/index.4e943808.js
View File

File diff suppressed because one or more lines are too long

0
luci-app-openclash/root/usr/share/openclash/ui/dashboard/assets/logo.b453e72f.png → luci-app-openclash/root/usr/share/openclash/ui/dashboard/assets/logo-b453e72f.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 12 KiB

After

Width:  |  Height:  |  Size: 12 KiB

102
luci-app-openclash/root/usr/share/openclash/ui/dashboard/assets/vendor-076c6210.js Normal file
View File

File diff suppressed because one or more lines are too long

98
luci-app-openclash/root/usr/share/openclash/ui/dashboard/assets/vendor.df6254b9.js
View File

File diff suppressed because one or more lines are too long

6
luci-app-openclash/root/usr/share/openclash/ui/dashboard/index.html
View File

@@ -8,9 +8,9 @@
<meta name="description" content="Clash web port" />
<!--meta name="external-controller" content="http://secret@example.com:9090"-->
<title>Clash</title>
<script type="module" crossorigin src="./assets/index.4e943808.js"></script>
<link rel="modulepreload" crossorigin href="./assets/vendor.df6254b9.js">
<link rel="stylesheet" href="./assets/index.7e15a32d.css">
<script type="module" crossorigin src="./assets/index-6ac9f125.js"></script>
<link rel="modulepreload" crossorigin href="./assets/vendor-076c6210.js">
<link rel="stylesheet" href="./assets/index-7e15a32d.css">
<link rel="manifest" href="./manifest.webmanifest"><script id="vite-plugin-pwa:inline-sw">if('serviceWorker' in navigator) {window.addEventListener('load', () => {navigator.serviceWorker.register('./sw.js', { scope: './' })})}</script></head>
<body>
<noscript>You need to enable JavaScript to run this app.</noscript>

2
luci-app-openclash/root/usr/share/openclash/ui/dashboard/sw.js
View File

@@ -1 +1 @@
if(!self.define){let e,s={};const n=(n,i)=>(n=new URL(n+".js",i).href,s[n]||new Promise((s=>{if("document"in self){const e=document.createElement("script");e.src=n,e.onload=s,document.head.appendChild(e)}else e=n,importScripts(n),s()})).then((()=>{let e=s[n];if(!e)throw new Error(`Module ${n} didnt register its module`);return e})));self.define=(i,t)=>{const r=e||("document"in self?document.currentScript.src:"")||location.href;if(s[r])return;let o={};const l=e=>n(e,r),d={module:{uri:r},exports:o,require:l};s[r]=Promise.all(i.map((e=>d[e]||l(e)))).then((e=>(t(...e),o)))}}define(["./workbox-e0782b83"],(function(e){"use strict";self.addEventListener("message",(e=>{e.data&&"SKIP_WAITING"===e.data.type&&self.skipWaiting()})),e.precacheAndRoute([{url:"assets/index.4e943808.js",revision:null},{url:"assets/index.7e15a32d.css",revision:null},{url:"assets/vendor.df6254b9.js",revision:null},{url:"index.html",revision:"691c61e1c61e56c669b5ef67e4b11e33"},{url:"manifest.webmanifest",revision:"d3dd1da0aa7614180924343e65244285"}],{}),e.cleanupOutdatedCaches(),e.registerRoute(new e.NavigationRoute(e.createHandlerBoundToURL("index.html")))}));
if(!self.define){let e,s={};const n=(n,i)=>(n=new URL(n+".js",i).href,s[n]||new Promise((s=>{if("document"in self){const e=document.createElement("script");e.src=n,e.onload=s,document.head.appendChild(e)}else e=n,importScripts(n),s()})).then((()=>{let e=s[n];if(!e)throw new Error(`Module ${n} didnt register its module`);return e})));self.define=(i,t)=>{const r=e||("document"in self?document.currentScript.src:"")||location.href;if(s[r])return;let o={};const l=e=>n(e,r),d={module:{uri:r},exports:o,require:l};s[r]=Promise.all(i.map((e=>d[e]||l(e)))).then((e=>(t(...e),o)))}}define(["./workbox-e0782b83"],(function(e){"use strict";self.addEventListener("message",(e=>{e.data&&"SKIP_WAITING"===e.data.type&&self.skipWaiting()})),e.precacheAndRoute([{url:"assets/index-6ac9f125.js",revision:null},{url:"assets/index-7e15a32d.css",revision:null},{url:"assets/vendor-076c6210.js",revision:null},{url:"index.html",revision:"5ec6a3429b8a0efec76ec9e1f172bdf7"},{url:"manifest.webmanifest",revision:"d3dd1da0aa7614180924343e65244285"}],{}),e.cleanupOutdatedCaches(),e.registerRoute(new e.NavigationRoute(e.createHandlerBoundToURL("index.html")))}));

171
luci-app-openclash/root/usr/share/openclash/yml_change.sh
View File

@@ -37,13 +37,13 @@ else
stack_type=${12}
fi
if [ "${22}" != "1" ]; then
if [ "${21}" != "1" ]; then
enable_geoip_dat="false"
else
enable_geoip_dat="true"
fi
if [ "${26}" != "1" ]; then
if [ "${25}" != "1" ]; then
enable_tcp_concurrent="false"
else
enable_tcp_concurrent="true"
@@ -110,7 +110,7 @@ yml_dns_custom()
sys_dns_append()
{
if [ "$1" = 1 ]; then
wan_dns=$(/usr/share/openclash/openclash_get_network.lua "dns")
wan_dns=$(/usr/share/openclash/openclash_get_network.lua "dns")
wan6_dns=$(/usr/share/openclash/openclash_get_network.lua "dns6")
wan_gate=$(/usr/share/openclash/openclash_get_network.lua "gateway")
wan6_gate=$(/usr/share/openclash/openclash_get_network.lua "gateway6")
@@ -314,6 +314,7 @@ config_load "openclash"
config_foreach yml_auth_get "authentication"
yml_dns_custom "$enable_custom_dns" "$5" "$append_wan_dns" "${16}"
#配置文件覆写部分
ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
begin
Value = YAML.load_file('$5');
@@ -348,6 +349,8 @@ Thread.new{
end;
}.join;
end;
#General
begin
Thread.new{
Value['redir-port']=$4;
@@ -367,15 +370,16 @@ Thread.new{
else
Value['ipv6']=false;
end;
if '${25}' != '0' then
Value['interface-name']='${25}';
if '${24}' != '0' then
Value['interface-name']='${24}';
else
Value.delete('interface-name');
end;
if ${20} == 1 then
if ${19} == 1 then
Value['geodata-mode']=$enable_geoip_dat;
Value['geodata-loader']='${23}';
Value['geodata-loader']='${22}';
Value['tcp-concurrent']=$enable_tcp_concurrent;
Value['find-process-mode']='${29}';
else
if Value.key?('geodata-mode') then
Value.delete('geodata-mode');
@@ -386,6 +390,9 @@ Thread.new{
if Value.key?('tcp-concurrent') then
Value.delete('tcp-concurrent');
end
if Value.key?('find-process-mode') then
Value.delete('find-process-mode');
end
end;
if not Value.key?('dns') then
Value_1={'dns'=>{'enable'=>true}};
@@ -398,63 +405,92 @@ Thread.new{
else
Value['dns']['ipv6']=false;
end;
if ${19} != 1 then
Value['dns']['enhanced-mode']='$1';
#dev&tun core force fake-ip
if ${19} == 1 and '$1' == 'redir-host' then
Value['dns']['enhanced-mode']='redir-host';
Value['dns'].delete('fake-ip-range');
else
Value['dns']['enhanced-mode']='fake-ip';
Value['dns']['fake-ip-range']='${30}';
end;
if '$1' == 'fake-ip' or ${19} == 1 then
Value['dns']['fake-ip-range']='198.18.0.1/16';
else
Value['dns'].delete('fake-ip-range');
end;
Value['dns']['listen']='0.0.0.0:${13}';
#meta only
if ${20} == 1 and ${21} == 1 then
if ${19} == 1 and ${20} == 1 then
Value_sniffer={'sniffer'=>{'enable'=>true}};
Value['sniffer']=Value_sniffer['sniffer'];
Value_sniffer={'sniffing'=>['tls','http']};
Value['sniffer'].merge!(Value_sniffer);
if '$1' == 'redir-host' then
Value['sniffer']['ForceDnsMapping']=true;
else
Value['sniffer']['ForceDnsMapping']=false;
end;
if ${29} == 1 then
if ${28} == 1 then
Value['sniffer']['ParsePureIp']=true;
else
Value['sniffer']['ParsePureIp']=false;
end;
if File::exist?('/etc/openclash/custom/openclash_force_sniffing_domain.yaml') and ${24} == 1 then
Value_7 = YAML.load_file('/etc/openclash/custom/openclash_force_sniffing_domain.yaml');
if Value_7 != false and not Value_7['force-domain'].to_a.empty? then
Value['sniffer']['force-domain']=Value_7['force-domain'];
Value['sniffer']['force-domain']=Value['sniffer']['force-domain'].uniq;
end
if File::exist?('/etc/openclash/custom/openclash_force_sniffing_domain.yaml') then
if ${23} == 1 then
Value_7 = YAML.load_file('/etc/openclash/custom/openclash_force_sniffing_domain.yaml');
if Value_7 != false and not Value_7['force-domain'].to_a.empty? then
Value['sniffer']['force-domain']=Value_7['force-domain'];
Value['sniffer']['force-domain']=Value['sniffer']['force-domain'].uniq;
end;
else
if not Value['sniffer'].key?('force-domain') then
Value_force_domain={'force-domain'=>['+.netflix.com', '+.nflxvideo.net', '+.amazonaws.com', '+.media.dssott.com']};
Value['sniffer'].merge!(Value_force_domain);
end;
end;
end;
if File::exist?('/etc/openclash/custom/openclash_sniffing_domain_filter.yaml') and ${24} == 1 then
Value_7 = YAML.load_file('/etc/openclash/custom/openclash_sniffing_domain_filter.yaml');
if Value_7 != false and not Value_7['skip-sni'].to_a.empty? then
Value['sniffer']['skip-domain']=Value_7['skip-sni'];
Value['sniffer']['skip-domain']=Value['sniffer']['skip-domain'].uniq;
end
if Value_7 != false and not Value_7['skip-domain'].to_a.empty? then
Value['sniffer']['skip-domain']=Value_7['skip-domain'];
Value['sniffer']['skip-domain']=Value['sniffer']['skip-domain'].uniq;
end
if File::exist?('/etc/openclash/custom/openclash_sniffing_domain_filter.yaml') then
if ${23} == 1 then
Value_7 = YAML.load_file('/etc/openclash/custom/openclash_sniffing_domain_filter.yaml');
if Value_7 != false and not Value_7['skip-sni'].to_a.empty? then
Value['sniffer']['skip-domain']=Value_7['skip-sni'];
Value['sniffer']['skip-domain']=Value['sniffer']['skip-domain'].uniq;
end;
if Value_7 != false and not Value_7['skip-domain'].to_a.empty? then
Value['sniffer']['skip-domain']=Value_7['skip-domain'];
Value['sniffer']['skip-domain']=Value['sniffer']['skip-domain'].uniq;
end;
else
if not Value['sniffer'].key?('skip-domain') then
Value_skip_domain={'skip-domain'=>['+.apple.com', 'Mijia Cloud', '+.jd.com']};
Value['sniffer'].merge!(Value_skip_domain);
end;
end;
end;
if File::exist?('/etc/openclash/custom/openclash_sniffing_port_filter.yaml') and ${24} == 1 then
Value_7 = YAML.load_file('/etc/openclash/custom/openclash_sniffing_port_filter.yaml');
if Value_7 != false and not Value_7['port-whitelist'].to_a.empty? then
Value['sniffer']['port-whitelist']=Value_7['port-whitelist'];
Value['sniffer']['port-whitelist']=Value['sniffer']['port-whitelist'].uniq;
end
if File::exist?('/etc/openclash/custom/openclash_sniffing_ports_filter.yaml') then
if ${23} == 1 then
Value_7 = YAML.load_file('/etc/openclash/custom/openclash_sniffing_ports_filter.yaml');
if Value_7 != false and not Value_7['sniff'].to_a.empty? then
Value['sniffer']['sniff']=Value_7['sniff'];
end;
else
if not Value['sniffer'].key?('sniff') then
Value_sniff={'sniff'=>{'TLS'=>nil, 'HTTP'=>{'ports'=>[80, '8080-8880'], 'override-destination'=>true}}};
Value['sniffer'].merge!(Value_sniff);
end;
end;
else
if File::exist?('/etc/openclash/custom/openclash_sniffing_port_filter.yaml') and ${23} == 1 then
Value_7 = YAML.load_file('/etc/openclash/custom/openclash_sniffing_port_filter.yaml');
if Value_7 != false and not Value_7['port-whitelist'].to_a.empty? then
Value['sniffer']['port-whitelist']=Value_7['port-whitelist'];
Value['sniffer']['port-whitelist']=Value['sniffer']['port-whitelist'].uniq;
end;
end;
Value_sniffer={'sniffing'=>['tls','http']};
Value['sniffer'].merge!(Value_sniffer);
end;
else
if Value.key?('sniffer') then
Value.delete('sniffer');
end;
if '${27}' == 'TUN' then
if '${26}' == 'TUN' then
Value_tun_sniff={'experimental'=>{'sniff-tls-sni'=>true}};
Value['experimental'] = Value_tun_sniff['experimental'];
else
@@ -467,7 +503,7 @@ Thread.new{
if $en_mode_tun != 0 then
Value['tun']=Value_2['tun'];
Value['tun']['stack']='$stack_type';
if ${20} == 1 then
if ${19} == 1 then
Value['tun']['device']='utun';
Value['tun']['mtu']=65535;
end;
@@ -508,7 +544,7 @@ rescue Exception => e
puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
end;
#custom dns
#Custom dns
begin
Thread.new{
if '$enable_custom_dns' == '1' or '$append_wan_dns' == '1' then
@@ -560,8 +596,8 @@ Thread.new{
end;
end;
end;
if ${28} == 1 then
if ${20} == 1 then
if ${27} == 1 then
if ${19} == 1 then
reg = /(^https:\/\/|^tls:\/\/|^quic:\/\/)?((\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])\.){3}(\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])(?::(?:[0-9]|[1-9][0-9]{1,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]))?/;
reg6 = /(^https:\/\/|^tls:\/\/|^quic:\/\/)?(?:(?:(?:[0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))|\[(?:(?:(?:[0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))\](?::(?:[0-9]|[1-9][0-9]{1,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]))?/i;
else
@@ -681,7 +717,7 @@ Thread.new{
Value['dns'].merge!({'fake-ip-filter'=>['+.dns.google']});
end;
end;
elsif ${19} == 1 then
elsif ${19} != 1 then
if Value['dns'].has_key?('fake-ip-filter') and not Value['dns']['fake-ip-filter'].to_a.empty? then
Value['dns']['fake-ip-filter'].insert(-1,'+.*');
Value['dns']['fake-ip-filter']=Value['dns']['fake-ip-filter'].uniq;
@@ -730,6 +766,7 @@ rescue Exception => e
puts '${LOGTIME} Error: Set Hosts Rules Failed,【' + e.message + '】';
end;
#tolerance
begin
Thread.new{
if '$tolerance' != '0' then
@@ -802,6 +839,48 @@ Thread.new{
}.join;
rescue Exception => e
puts '${LOGTIME} Error: Edit Vmess Compatible Failed,【' + e.message + '】';
end;
#client-fingerprint
begin
Thread.new{
if '${31}' != '0' and ${19} == 1 then
if Value.key?('proxies') and not Value['proxies'].nil? then
Value['proxies'].each{
|x|
if x['type'] == 'vmess' or x['type'] == 'vless' or x['type'] == 'trojan' then
if x['client-fingerprint'] != '${31}' then
x['client-fingerprint'] = '${31}';
end;
end;
};
end;
if Value.key?('proxy-providers') and not Value['proxy-providers'].nil? then
Value['proxy-providers'].values.each{
|x,p,v|
if x.key?('path') and not x['path'].empty? then
p = '/etc/openclash/proxy_provider/'+File.basename(x['path']);
if File::exist?(p) then
v = YAML.load_file(p);
if v.key?('proxies') and not v['proxies'].nil? then
v['proxies'].each{
|z|
if z['type'] == 'vmess' or z['type'] == 'vless' or z['type'] == 'trojan' then
if z['client-fingerprint'] != '${31}' then
z['client-fingerprint'] = '${31}';
end;
end;
};
end;
File.open(p,'w') {|f| YAML.dump(v, f)};
end;
end;
};
end;
end;
}.join;
rescue Exception => e
puts '${LOGTIME} Error: Edit Client-fingerprint Failed,【' + e.message + '】';
ensure
File.open('$5','w') {|f| YAML.dump(Value, f)};
end" 2>/dev/null >> $LOG_FILE

110
luci-app-openclash/root/usr/share/openclash/yml_proxys_get.sh
View File

@@ -453,6 +453,14 @@ do
system(routing_mark)
end
}.join;
Thread.new{
#ip_version
if Value['proxies'][$count].key?('ip-version') then
ip_version = '${uci_set}ip_version=' + Value['proxies'][$count]['ip-version'].to_s
system(ip_version)
end
}.join
if '$server_type' == 'ss' then
Thread.new{
@@ -479,6 +487,11 @@ do
host = '${uci_set}host=\"' + Value['proxies'][$count]['plugin-opts']['host'].to_s + '\"'
system(host)
end
#fingerprint
if Value['proxies'][$count]['plugin-opts'].key?('fingerprint') then
fingerprint = '${uci_set}fingerprint=' + Value['proxies'][$count]['plugin-opts']['fingerprint'].to_s
system(fingerprint)
end
if Value['proxies'][$count]['plugin'].to_s == 'v2ray-plugin' then
#path
if Value['proxies'][$count]['plugin-opts'].key?('path') then
@@ -508,6 +521,15 @@ do
system(skip_cert_verify)
end
end
if Value['proxies'][$count]['plugin'].to_s == 'shadow-tls' then
mode = '${uci_set}obfs=' + Value['proxies'][$count]['plugin'].to_s
system(mode)
#password
if Value['proxies'][$count]['plugin-opts'].key?('password') then
obfs_password = '${uci_set}obfs_password=\"' + Value['proxies'][$count]['plugin-opts']['password'].to_s + '\"'
system(obfs_password)
end
end;
end
}.join
end;
@@ -636,6 +658,22 @@ do
system(servername)
end
}.join
Thread.new{
#fingerprint
if Value['proxies'][$count].key?('fingerprint') then
fingerprint = '${uci_set}fingerprint=' + Value['proxies'][$count]['fingerprint'].to_s
system(fingerprint)
end
}.join
Thread.new{
#client_fingerprint
if Value['proxies'][$count].key?('client-fingerprint') then
client_fingerprint = '${uci_set}client_fingerprint=' + Value['proxies'][$count]['client-fingerprint'].to_s
system(client_fingerprint)
end
}.join
Thread.new{
#network:
@@ -1133,6 +1171,46 @@ do
end
end
}.join
Thread.new{
#xudp
if Value['proxies'][$count].key?('xudp') then
xudp = '${uci_set}xudp=' + Value['proxies'][$count]['xudp'].to_s
system(xudp)
end
}.join;
Thread.new{
#packet-addr
if Value['proxies'][$count].key?('packet-addr') then
packet_addr = '${uci_set}packet_addr=' + Value['proxies'][$count]['packet-addr'].to_s
system(packet_addr)
end
}.join;
Thread.new{
#packet_encoding
if Value['proxies'][$count].key?('packet-encoding') then
packet_encoding = '${uci_set}packet_encoding=' + Value['proxies'][$count]['packet-encoding'].to_s
system(packet_encoding)
end
}.join;
Thread.new{
#fingerprint
if Value['proxies'][$count].key?('fingerprint') then
fingerprint = '${uci_set}fingerprint=' + Value['proxies'][$count]['fingerprint'].to_s
system(fingerprint)
end
}.join
Thread.new{
#client_fingerprint
if Value['proxies'][$count].key?('client-fingerprint') then
client_fingerprint = '${uci_set}client_fingerprint=' + Value['proxies'][$count]['client-fingerprint'].to_s
system(client_fingerprint)
end
}.join
end;
if '$server_type' == 'snell' then
@@ -1165,6 +1243,7 @@ do
end
}.join
end;
if '$server_type' == 'socks5' or '$server_type' == 'http' then
Thread.new{
if Value['proxies'][$count].key?('username') then
@@ -1207,6 +1286,14 @@ do
}
end
}.join
Thread.new{
#fingerprint
if Value['proxies'][$count].key?('fingerprint') then
fingerprint = '${uci_set}fingerprint=' + Value['proxies'][$count]['fingerprint'].to_s
system(fingerprint)
end
}.join
else
Thread.new{
if Value['proxies'][$count].key?('password') then
@@ -1249,13 +1336,13 @@ do
Thread.new{
if Value['proxies'][$count].key?('ws-opts') then
system '${uci_set}obfs_trojan=ws'
#trojan_ws_path
system '${uci_set}obfs_trojan=ws'
#trojan_ws_path
if Value['proxies'][$count]['ws-opts'].key?('path') then
trojan_ws_path = '${uci_set}trojan_ws_path=\"' + Value['proxies'][$count]['ws-opts']['path'].to_s + '\"'
system(trojan_ws_path)
end
#trojan_ws_headers
#trojan_ws_headers
if Value['proxies'][$count]['ws-opts'].key?('headers') then
system '${uci_del}trojan_ws_headers >/dev/null 2>&1'
Value['proxies'][$count]['ws-opts']['headers'].keys.each{
@@ -1274,6 +1361,22 @@ do
system(skip_cert_verify)
end
}.join
Thread.new{
#fingerprint
if Value['proxies'][$count].key?('fingerprint') then
fingerprint = '${uci_set}fingerprint=' + Value['proxies'][$count]['fingerprint'].to_s
system(fingerprint)
end
}.join
Thread.new{
#client_fingerprint
if Value['proxies'][$count].key?('client-fingerprint') then
client_fingerprint = '${uci_set}client_fingerprint=' + Value['proxies'][$count]['client-fingerprint'].to_s
system(client_fingerprint)
end
}.join
end;
rescue Exception => e
@@ -1349,7 +1452,6 @@ fi
uci set openclash.config.servers_if_update=0
wait
uci commit openclash
/usr/share/openclash/cfg_servers_address_fake_filter.sh
LOG_OUT "Config File【$CONFIG_NAME】Read Successful!"
sleep 3
SLOG_CLEAN

89
luci-app-openclash/root/usr/share/openclash/yml_proxys_set.sh
View File

@@ -277,6 +277,11 @@ yml_servers_set()
config_get "ports" "$section" "ports" ""
config_get "hop_interval" "$section" "hop_interval" ""
config_get "max_open_streams" "$section" "max_open_streams" ""
config_get "obfs_password" "$section" "obfs_password" ""
config_get "packet_addr" "$section" "packet_addr" ""
config_get "client_fingerprint" "$section" "client_fingerprint" ""
config_get "ip_version" "$section" "ip_version" ""
if [ "$enabled" = "0" ]; then
return
@@ -336,6 +341,8 @@ yml_servers_set()
if [ "$obfs" != "none" ] && [ -n "$obfs" ]; then
if [ "$obfs" = "websocket" ]; then
obfss="plugin: v2ray-plugin"
elif [ "$obfs" = "shadow-tls" ]; then
obfss="plugin: shadow-tls"
else
obfss="plugin: obfs"
fi
@@ -398,13 +405,29 @@ EOF
cat >> "$SERVER_FILE" <<-EOF
$obfss
plugin-opts:
EOF
if [ "$obfs" != "shadow-tls" ]; then
cat >> "$SERVER_FILE" <<-EOF
mode: $obfs
EOF
fi
if [ ! -z "$host" ]; then
cat >> "$SERVER_FILE" <<-EOF
host: "$host"
EOF
fi
if [ "$obfss" = "plugin: shadow-tls" ]; then
if [ ! -z "$obfs_password" ]; then
cat >> "$SERVER_FILE" <<-EOF
password: $obfs_password
EOF
fi
if [ ! -z "$fingerprint" ]; then
cat >> "$SERVER_FILE" <<-EOF
fingerprint: "$fingerprint"
EOF
fi
fi
if [ "$obfss" = "plugin: v2ray-plugin" ]; then
if [ ! -z "$tls" ]; then
cat >> "$SERVER_FILE" <<-EOF
@@ -430,6 +453,11 @@ EOF
cat >> "$SERVER_FILE" <<-EOF
headers:
custom: $custom
EOF
fi
if [ ! -z "$fingerprint" ]; then
cat >> "$SERVER_FILE" <<-EOF
fingerprint: "$fingerprint"
EOF
fi
fi
@@ -509,6 +537,16 @@ EOF
if [ ! -z "$tls" ]; then
cat >> "$SERVER_FILE" <<-EOF
tls: $tls
EOF
fi
if [ ! -z "$fingerprint" ]; then
cat >> "$SERVER_FILE" <<-EOF
fingerprint: "$fingerprint"
EOF
fi
if [ ! -z "$client_fingerprint" ]; then
cat >> "$SERVER_FILE" <<-EOF
client-fingerprint: "$client_fingerprint"
EOF
fi
if [ ! -z "$servername" ] && [ "$tls" = "true" ]; then
@@ -636,7 +674,7 @@ EOF
fi
if [ -n "$disable_sni" ]; then
cat >> "$SERVER_FILE" <<-EOF
disable-sni: "$disable_sni"
disable-sni: $disable_sni
EOF
fi
if [ -n "$reduce_rtt" ]; then
@@ -811,7 +849,7 @@ EOF
fi
if [ -n "$fingerprint" ]; then
cat >> "$SERVER_FILE" <<-EOF
fingerprint: $fingerprint
fingerprint: "$fingerprint"
EOF
fi
if [ -n "$ports" ]; then
@@ -838,6 +876,21 @@ EOF
if [ ! -z "$udp" ]; then
cat >> "$SERVER_FILE" <<-EOF
udp: $udp
EOF
fi
if [ ! -z "$xudp" ]; then
cat >> "$SERVER_FILE" <<-EOF
xudp: $xudp
EOF
fi
if [ ! -z "$packet_addr" ]; then
cat >> "$SERVER_FILE" <<-EOF
packet-addr: $packet_addr
EOF
fi
if [ ! -z "$packet_encoding" ]; then
cat >> "$SERVER_FILE" <<-EOF
packet-encoding: "$packet_encoding"
EOF
fi
if [ ! -z "$skip_cert_verify" ]; then
@@ -848,6 +901,16 @@ EOF
if [ ! -z "$tls" ]; then
cat >> "$SERVER_FILE" <<-EOF
tls: $tls
EOF
fi
if [ ! -z "$fingerprint" ]; then
cat >> "$SERVER_FILE" <<-EOF
fingerprint: "$fingerprint"
EOF
fi
if [ ! -z "$client_fingerprint" ]; then
cat >> "$SERVER_FILE" <<-EOF
client-fingerprint: "$client_fingerprint"
EOF
fi
if [ ! -z "$servername" ]; then
@@ -923,6 +986,11 @@ EOF
if [ ! -z "$tls" ]; then
cat >> "$SERVER_FILE" <<-EOF
tls: $tls
EOF
fi
if [ ! -z "$fingerprint" ]; then
cat >> "$SERVER_FILE" <<-EOF
fingerprint: "$fingerprint"
EOF
fi
fi
@@ -996,6 +1064,16 @@ EOF
if [ ! -z "$skip_cert_verify" ]; then
cat >> "$SERVER_FILE" <<-EOF
skip-cert-verify: $skip_cert_verify
EOF
fi
if [ ! -z "$fingerprint" ]; then
cat >> "$SERVER_FILE" <<-EOF
fingerprint: "$fingerprint"
EOF
fi
if [ ! -z "$client_fingerprint" ]; then
cat >> "$SERVER_FILE" <<-EOF
client-fingerprint: "$client_fingerprint"
EOF
fi
if [ ! -z "$grpc_service_name" ]; then
@@ -1048,6 +1126,13 @@ cat >> "$SERVER_FILE" <<-EOF
EOF
fi
fi
#ip_version
if [ ! -z "$ip_version" ]; then
cat >> "$SERVER_FILE" <<-EOF
ip-version: "$ip_version"
EOF
fi
#interface-name
if [ -n "$interface_name" ]; then

33
luci-app-openclash/root/usr/share/openclash/yml_rules_change.sh
View File

@@ -268,6 +268,7 @@ yml_other_set()
config_foreach yml_rule_group_get "rule_provider_config" "$3"
config_foreach yml_rule_group_get "rule_providers" "$3"
config_foreach yml_rule_group_get "game_config" "$3"
local fake_ip="$(echo "${12}" |awk -F '/' '{print $1}')"
ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
begin
Value = YAML.load_file('$3');
@@ -361,19 +362,19 @@ yml_other_set()
begin
Thread.new{
if $6 == 0 then
if $6 == 0 and ${10} != 2 then
if Value.has_key?('rules') and not Value['rules'].to_a.empty? then
if Value['rules'].to_a.grep(/(?=.*SRC-IP-CIDR,198.18.0.1)/).empty? then
Value['rules']=Value['rules'].to_a.insert(0,'SRC-IP-CIDR,198.18.0.1/32,DIRECT');
if Value['rules'].to_a.grep(/(?=.*SRC-IP-CIDR,'${fake_ip}')/).empty? then
Value['rules']=Value['rules'].to_a.insert(0,'SRC-IP-CIDR,${12},DIRECT');
end
if Value['rules'].to_a.grep(/(?=.*SRC-IP-CIDR,'$7')/).empty? and not '$7'.empty? then
Value['rules']=Value['rules'].to_a.insert(0,'SRC-IP-CIDR,$7/32,DIRECT');
end;
else
Value['rules']=%w('SRC-IP-CIDR,198.18.0.1/32,DIRECT','SRC-IP-CIDR,$7/32,DIRECT');
Value['rules']=%w('SRC-IP-CIDR,${12},DIRECT','SRC-IP-CIDR,$7/32,DIRECT');
end;
elsif Value.has_key?('rules') and not Value['rules'].to_a.empty? then
Value['rules'].delete('SRC-IP-CIDR,198.18.0.1/32,DIRECT');
Value['rules'].delete('SRC-IP-CIDR,${12},DIRECT');
Value['rules'].delete('SRC-IP-CIDR,$7/32,DIRECT');
end;
}.join;
@@ -421,10 +422,10 @@ yml_other_set()
end;
if File::exist?('/tmp/yaml_rule_set_top_custom.yaml') then
Value_1 = YAML.load_file('/tmp/yaml_rule_set_top_custom.yaml');
if Value['rules'].to_a.grep(/(?=.*198.18.0)(?=.*REJECT)/).empty? then
if Value['rules'].to_a.grep(/(?=.*'${fake_ip}')(?=.*REJECT)/).empty? then
Value_1['rules'].uniq.reverse.each{|x| Value['rules'].insert(0,x)};
else
ruby_add_index = Value['rules'].index(Value['rules'].grep(/(?=.*198.18.0)(?=.*REJECT)/).first);
ruby_add_index = Value['rules'].index(Value['rules'].grep(/(?=.*'${fake_ip}')(?=.*REJECT)/).first);
Value_1['rules'].uniq.reverse.each{|x| Value['rules'].insert(ruby_add_index + 1,x)};
end;
end;
@@ -759,8 +760,8 @@ yml_other_set()
begin
Thread.new{
if Value.has_key?('rules') and not Value['rules'].to_a.empty? then
if Value['rules'].to_a.grep(/(?=.*198.18.0)(?=.*REJECT)/).empty? then
Value['rules']=Value['rules'].to_a.insert(0,'IP-CIDR,198.18.0.1/16,REJECT,no-resolve');
if Value['rules'].to_a.grep(/(?=.*'${fake_ip}')(?=.*REJECT)/).empty? then
Value['rules']=Value['rules'].to_a.insert(0,'IP-CIDR,${12},REJECT,no-resolve');
end;
if Value['rules'].to_a.grep(/(?=.*DST-PORT,'$8',REJECT)/).empty? then
Value['rules']=Value['rules'].to_a.insert(0,'DST-PORT,$8,REJECT');
@@ -769,7 +770,7 @@ yml_other_set()
Value['rules']=Value['rules'].to_a.insert(0,'DST-PORT,$9,REJECT');
end;
else
Value['rules']=['IP-CIDR,198.18.0.1/16,REJECT,no-resolve','DST-PORT,$8,REJECT','DST-PORT,$9,REJECT'];
Value['rules']=['IP-CIDR,${12},REJECT,no-resolve','DST-PORT,$8,REJECT','DST-PORT,$9,REJECT'];
end;
}.join;
rescue Exception => e
@@ -897,14 +898,14 @@ if [ "$1" != "0" ]; then
config_load "openclash"
config_foreach yml_other_rules_get "other_rules" "$5"
if [ -z "$rule_name" ]; then
yml_other_set "$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "${10}"
yml_other_set "$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "${10}" "${11}" "${12}"
exit 0
#判断策略组是否存在
elif [ "$rule_name" = "ConnersHua_return" ]; then
if [ -z "$(grep -F "$Proxy" /tmp/Proxy_Group)" ]\
|| [ -z "$(grep -F "$Others" /tmp/Proxy_Group)" ];then
LOG_OUT "Warning: Because of The Different Porxy-Group's Name, Stop Setting The Other Rules!"
yml_other_set "$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "${10}"
yml_other_set "$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "${10}" "${11}" "${12}"
exit 0
fi
elif [ "$rule_name" = "ConnersHua" ]; then
@@ -914,7 +915,7 @@ if [ "$1" != "0" ]; then
|| [ -z "$(grep -F "$Others" /tmp/Proxy_Group)" ]\
|| [ -z "$(grep -F "$Domestic" /tmp/Proxy_Group)" ]; then
LOG_OUT "Warning: Because of The Different Porxy-Group's Name, Stop Setting The Other Rules!"
yml_other_set "$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "${10}"
yml_other_set "$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "${10}" "${11}" "${12}"
exit 0
fi
elif [ "$rule_name" = "lhie1" ]; then
@@ -946,13 +947,13 @@ if [ "$1" != "0" ]; then
|| [ -z "$(grep -F "$GoogleFCM" /tmp/Proxy_Group)" ]\
|| [ -z "$(grep -F "$Domestic" /tmp/Proxy_Group)" ]; then
LOG_OUT "Warning: Because of The Different Porxy-Group's Name, Stop Setting The Other Rules!"
yml_other_set "$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "${10}"
yml_other_set "$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "${10}" "${11}" "${12}"
exit 0
fi
fi
if [ -z "$Proxy" ]; then
LOG_OUT "Error: Missing Porxy-Group's Name, Stop Setting The Other Rules!"
yml_other_set "$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "${10}"
yml_other_set "$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "${10}" "${11}" "${12}"
exit 0
else
if [ "$rule_name" = "lhie1" ]; then
@@ -1096,4 +1097,4 @@ if [ "$1" != "0" ]; then
fi
fi
yml_other_set "$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "${10}"
yml_other_set "$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8" "$9" "${10}" "${11}" "${12}"

2
luci-app-openclash/root/www/luci-static/resources/openclash/img/version.svg
View File

@@ -1 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="186" height="20" role="img" aria-label="Current Version: v0.45.78-beta"><title>Current Version: v0.45.78-beta</title><linearGradient id="s" x2="0" y2="100%"><stop offset="0" stop-color="#bbb" stop-opacity=".1"/><stop offset="1" stop-opacity=".1"/></linearGradient><clipPath id="r"><rect width="186" height="20" rx="3" fill="#fff"/></clipPath><g clip-path="url(#r)"><rect width="97" height="20" fill="#555"/><rect x="97" width="89" height="20" fill="#007ec6"/><rect width="186" height="20" fill="url(#s)"/></g><g fill="#fff" text-anchor="middle" font-family="Verdana,Geneva,DejaVu Sans,sans-serif" text-rendering="geometricPrecision" font-size="110"><text aria-hidden="true" x="495" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="870">Current Version</text><text x="495" y="140" transform="scale(.1)" fill="#fff" textLength="870">Current Version</text><text aria-hidden="true" x="1405" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="790">v0.45.78-beta</text><text x="1405" y="140" transform="scale(.1)" fill="#fff" textLength="790">v0.45.78-beta</text></g></svg>
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="186" height="20" role="img" aria-label="Current Version: v0.45.87-beta"><title>Current Version: v0.45.87-beta</title><linearGradient id="s" x2="0" y2="100%"><stop offset="0" stop-color="#bbb" stop-opacity=".1"/><stop offset="1" stop-opacity=".1"/></linearGradient><clipPath id="r"><rect width="186" height="20" rx="3" fill="#fff"/></clipPath><g clip-path="url(#r)"><rect width="97" height="20" fill="#555"/><rect x="97" width="89" height="20" fill="#007ec6"/><rect width="186" height="20" fill="url(#s)"/></g><g fill="#fff" text-anchor="middle" font-family="Verdana,Geneva,DejaVu Sans,sans-serif" text-rendering="geometricPrecision" font-size="110"><text aria-hidden="true" x="495" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="870">Current Version</text><text x="495" y="140" transform="scale(.1)" fill="#fff" textLength="870">Current Version</text><text aria-hidden="true" x="1405" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="790">v0.45.87-beta</text><text x="1405" y="140" transform="scale(.1)" fill="#fff" textLength="790">v0.45.87-beta</text></g></svg>
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.2 KiB

After

Width:  |  Height:  |  Size: 1.2 KiB

168
luci-app-openclash/root/www/luci-static/resources/openclash/mode/shell/shell.js Normal file
View File

@@ -0,0 +1,168 @@
// CodeMirror, copyright (c) by Marijn Haverbeke and others
// Distributed under an MIT license: https://codemirror.net/5/LICENSE
(function(mod) {
if (typeof exports == "object" && typeof module == "object") // CommonJS
mod(require("../../lib/codemirror"));
else if (typeof define == "function" && define.amd) // AMD
define(["../../lib/codemirror"], mod);
else // Plain browser env
mod(CodeMirror);
})(function(CodeMirror) {
"use strict";
CodeMirror.defineMode('shell', function() {
var words = {};
function define(style, dict) {
for(var i = 0; i < dict.length; i++) {
words[dict[i]] = style;
}
};
var commonAtoms = ["true", "false"];
var commonKeywords = ["if", "then", "do", "else", "elif", "while", "until", "for", "in", "esac", "fi",
"fin", "fil", "done", "exit", "set", "unset", "export", "function"];
var commonCommands = ["ab", "awk", "bash", "beep", "cat", "cc", "cd", "chown", "chmod", "chroot", "clear",
"cp", "curl", "cut", "diff", "echo", "find", "gawk", "gcc", "get", "git", "grep", "hg", "kill", "killall",
"ln", "ls", "make", "mkdir", "openssl", "mv", "nc", "nl", "node", "npm", "ping", "ps", "restart", "rm",
"rmdir", "sed", "service", "sh", "shopt", "shred", "source", "sort", "sleep", "ssh", "start", "stop",
"su", "sudo", "svn", "tee", "telnet", "top", "touch", "vi", "vim", "wall", "wc", "wget", "who", "write",
"yes", "zsh"];
CodeMirror.registerHelper("hintWords", "shell", commonAtoms.concat(commonKeywords, commonCommands));
define('atom', commonAtoms);
define('keyword', commonKeywords);
define('builtin', commonCommands);
function tokenBase(stream, state) {
if (stream.eatSpace()) return null;
var sol = stream.sol();
var ch = stream.next();
if (ch === '\\') {
stream.next();
return null;
}
if (ch === '\'' || ch === '"' || ch === '`') {
state.tokens.unshift(tokenString(ch, ch === "`" ? "quote" : "string"));
return tokenize(stream, state);
}
if (ch === '#') {
if (sol && stream.eat('!')) {
stream.skipToEnd();
return 'meta'; // 'comment'?
}
stream.skipToEnd();
return 'comment';
}
if (ch === '$') {
state.tokens.unshift(tokenDollar);
return tokenize(stream, state);
}
if (ch === '+' || ch === '=') {
return 'operator';
}
if (ch === '-') {
stream.eat('-');
stream.eatWhile(/\w/);
return 'attribute';
}
if (ch == "<") {
if (stream.match("<<")) return "operator"
var heredoc = stream.match(/^<-?\s*['"]?([^'"]*)['"]?/)
if (heredoc) {
state.tokens.unshift(tokenHeredoc(heredoc[1]))
return 'string-2'
}
}
if (/\d/.test(ch)) {
stream.eatWhile(/\d/);
if(stream.eol() || !/\w/.test(stream.peek())) {
return 'number';
}
}
stream.eatWhile(/[\w-]/);
var cur = stream.current();
if (stream.peek() === '=' && /\w+/.test(cur)) return 'def';
return words.hasOwnProperty(cur) ? words[cur] : null;
}
function tokenString(quote, style) {
var close = quote == "(" ? ")" : quote == "{" ? "}" : quote
return function(stream, state) {
var next, escaped = false;
while ((next = stream.next()) != null) {
if (next === close && !escaped) {
state.tokens.shift();
break;
} else if (next === '$' && !escaped && quote !== "'" && stream.peek() != close) {
escaped = true;
stream.backUp(1);
state.tokens.unshift(tokenDollar);
break;
} else if (!escaped && quote !== close && next === quote) {
state.tokens.unshift(tokenString(quote, style))
return tokenize(stream, state)
} else if (!escaped && /['"]/.test(next) && !/['"]/.test(quote)) {
state.tokens.unshift(tokenStringStart(next, "string"));
stream.backUp(1);
break;
}
escaped = !escaped && next === '\\';
}
return style;
};
};
function tokenStringStart(quote, style) {
return function(stream, state) {
state.tokens[0] = tokenString(quote, style)
stream.next()
return tokenize(stream, state)
}
}
var tokenDollar = function(stream, state) {
if (state.tokens.length > 1) stream.eat('$');
var ch = stream.next()
if (/['"({]/.test(ch)) {
state.tokens[0] = tokenString(ch, ch == "(" ? "quote" : ch == "{" ? "def" : "string");
return tokenize(stream, state);
}
if (!/\d/.test(ch)) stream.eatWhile(/\w/);
state.tokens.shift();
return 'def';
};
function tokenHeredoc(delim) {
return function(stream, state) {
if (stream.sol() && stream.string == delim) state.tokens.shift()
stream.skipToEnd()
return "string-2"
}
}
function tokenize(stream, state) {
return (state.tokens[0] || tokenBase) (stream, state);
};
return {
startState: function() {return {tokens:[]};},
token: function(stream, state) {
return tokenize(stream, state);
},
closeBrackets: "()[]{}''\"\"``",
lineComment: '#',
fold: "brace"
};
});
CodeMirror.defineMIME('text/x-sh', 'shell');
// Apache uses a slightly different Media Type for Shell scripts
// http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
CodeMirror.defineMIME('application/x-sh', 'shell');
});

90
mosdns/Makefile Normal file
View File

@@ -0,0 +1,90 @@
# SPDX-License-Identifier: GPL-3.0-only
#
# Copyright (C) 2021 ImmortalWrt.org
include $(TOPDIR)/rules.mk
PKG_NAME:=mosdns
PKG_VERSION:=1d985e2
PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE:=mosdns-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/IrineSistiana/mosdns/tar.gz/$(PKG_VERSION)?
PKG_HASH:=skip
PKG_LICENSE:=GPL-3.0
PKG_LICENSE_FILE:=LICENSE
PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
PKG_CONFIG_DEPENDS:= \
CONFIG_MOSDNS_COMPRESS_GOPROXY \
CONFIG_MOSDNS_COMPRESS_UPX
PKG_BUILD_DEPENDS:=golang/host upx/host
PKG_BUILD_PARALLEL:=1
PKG_USE_MIPS16:=0
GO_PKG:=github.com/IrineSistiana/mosdns
GO_PKG_LDFLAGS:=-s -w
GO_PKG_LDFLAGS_X:=main.version=$(PKG_VERSION)
include $(INCLUDE_DIR)/package.mk
include $(TOPDIR)/feeds/packages/lang/golang/golang-package.mk
define Package/mosdns/Default
SECTION:=net
CATEGORY:=Network
SUBMENU:=IP Addresses and Names
TITLE:=A plug-in DNS forwarder/splitter
URL:=https://github.com/IrineSistiana/mosdns
endef
define Package/mosdns
$(call Package/mosdns/Default)
DEPENDS:=$(GO_ARCH_DEPENDS)
endef
define Package/mosdns-v5
$(call Package/mosdns/Default)
DEPENDS:=$(GO_ARCH_DEPENDS)
endef
define Package/mosdns/config
config MOSDNS_COMPRESS_GOPROXY
bool "Compiling with GOPROXY proxy"
default n
config MOSDNS_COMPRESS_UPX
bool "Compress executable files with UPX"
default y
endef
ifeq ($(CONFIG_MOSDNS_COMPRESS_GOPROXY),y)
export GO111MODULE=on
export GOPROXY=https://mirrors.aliyun.com/goproxy/
endif
define Build/Prepare
$(call Build/Prepare/Default)
endef
GO_PKG_TARGET_VARS:=$(filter-out CGO_ENABLED=%,$(GO_PKG_TARGET_VARS)) CGO_ENABLED=0
define Build/Compile
$(call GoPackage/Build/Compile)
ifneq ($(CONFIG_MOSDNS_COMPRESS_UPX),)
$(STAGING_DIR_HOST)/bin/upx --lzma --best $(GO_PKG_BUILD_BIN_DIR)/mosdns
endif
endef
define Package/mosdns/install
$(call GoPackage/Package/Install/Bin,$(1))
endef
define Package/mosdns-v5/install
$(call GoPackage/Package/Install/Bin,$(1))
endef
$(eval $(call GoBinPackage,mosdns))
$(eval $(call BuildPackage,mosdns))
$(eval $(call BuildPackage,mosdns-v5))

254
naiveproxy/Makefile
View File

@@ -1,127 +1,127 @@
# SPDX-License-Identifier: GPL-3.0-only
#
# Copyright (C) 2021 ImmortalWrt.org
include $(TOPDIR)/rules.mk
PKG_NAME:=naiveproxy
PKG_VERSION:=109.0.5414.74-2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/klzgrad/naiveproxy/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=3c1e9e276e4ae79c8192c25a15df2f564741602ae403712565c48aa6db9d78e7
PKG_LICENSE:=BSD 3-Clause
PKG_LICENSE_FILES:=LICENSE
PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
ifneq ($(wildcard $(TOPDIR)/feeds/packages/devel/ninja/ninja.mk),)
PKG_BUILD_DEPENDS+= ninja/host
endif
PKG_USE_MIPS16:=0
PKG_BUILD_PARALLEL:=1
ifneq ($(CONFIG_CPU_TYPE)," ")
CPU_TYPE:=$(word 1, $(subst +," ,$(CONFIG_CPU_TYPE)))
CPU_SUBTYPE:=$(word 2, $(subst +, ",$(CONFIG_CPU_TYPE)))
ifeq ($(CPU_SUBTYPE),)
CPU_SUBTYPE:=""
endif
else
CPU_TYPE:=""
CPU_SUBTYPE:=""
endif
include $(INCLUDE_DIR)/package.mk
define Package/naiveproxy
SECTION:=net
CATEGORY:=Network
SUBMENU:=Web Servers/Proxies
TITLE:=Make a fortune quietly
URL:=https://github.com/klzgrad/naiveproxy
DEPENDS:=@!(arc||armeb||mips||mips64||powerpc||TARGET_gemini) +libatomic
endef
define Package/naiveproxy/description
NaïveProxy uses Chrome's network stack to camouflage traffic with strong
censorship resistance and low detectability. Reusing Chrome's stack also
ensures best practices in performance and security.
endef
ifneq ($(CONFIG_CCACHE),)
export CCACHE_SLOPPINESS=time_macros
export CCACHE_BASEDIR=$(PKG_BUILD_DIR)/src
export CCACHE_CPP2=yes
export naive_ccache_flags=cc_wrapper="$(CCACHE)"
endif
CLANG_VER:=16-init-8697-g60809cd2-1
CLANG_FILE:=clang-llvmorg-$(CLANG_VER).tgz
define Download/CLANG
URL:=https://commondatastorage.googleapis.com/chromium-browser-clang/Linux_x64
URL_FILE:=$(CLANG_FILE)
FILE:=$(CLANG_FILE)
HASH:=5ae35f85e0d32136795c6b223bf64263d46678dd4a24fea4e9039e58a32670de
endef
GN_VER:=1c4151ff5c1d6fbf7fa800b8d4bb34d3abc03a41
GN_FILE:=gn-git_revision-$(GN_VER).zip
define Download/GN_TOOL
URL:=https://chrome-infra-packages.appspot.com/dl/gn/gn/linux-amd64/+
URL_FILE:=git_revision:$(GN_VER)
FILE:=$(GN_FILE)
HASH:=7195291488d08f3a10e85b85d8c4816e077015f1c5f196f770003a97aa42caf8
endef
PGO_VER:=5414-1672766927-26b17aa1745606599e619feccfe46371e879e7c4
PGO_FILE:=chrome-linux-$(PGO_VER).profdata
define Download/PGO_PROF
URL:=https://storage.googleapis.com/chromium-optimization-profiles/pgo_profiles
URL_FILE:=$(PGO_FILE)
FILE:=$(PGO_FILE)
HASH:=e9a52f7a60d46fd6e682b0e908b1363faeb6f96bc2e95d5d95095b33fa67e34a
endef
define Build/Prepare
$(call Build/Prepare/Default)
( \
pushd $(PKG_BUILD_DIR)/src ; \
mkdir -p "chrome/build/pgo_profiles" ; \
$(CP) "$(DL_DIR)/$(PGO_FILE)" "chrome/build/pgo_profiles" ; \
mkdir -p "third_party/llvm-build/Release+Asserts" ; \
$(TAR) -xzf "$(DL_DIR)/$(CLANG_FILE)" -C "third_party/llvm-build/Release+Asserts" ; \
echo -e "llvmorg-$(CLANG_VER)" > "third_party/llvm-build/Release+Asserts/cr_build_revision" ; \
mkdir -p "gn/out" ; \
unzip -o "$(DL_DIR)/$(GN_FILE)" -d "gn/out" ; \
popd ; \
)
endef
define Build/Configure
( \
pushd "$(PKG_BUILD_DIR)/src" ; \
. ../init_env.sh "$(ARCH)" $(CPU_TYPE) $(CPU_SUBTYPE) "$(TOOLCHAIN_DIR)" ; \
export naive_flags+=" $$$${naive_ccache_flags}" ; \
mkdir -p "out" ; \
./gn/out/gn gen "out/Release" --args="$$$${naive_flags}" --script-executable="python3" ; \
popd ; \
)
endef
define Build/Compile
ninja -C "$(PKG_BUILD_DIR)/src/out/Release" naive
endef
define Package/naiveproxy/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/out/Release/naive $(1)/usr/bin/naive
endef
$(eval $(call Download,CLANG))
$(eval $(call Download,GN_TOOL))
$(eval $(call Download,PGO_PROF))
$(eval $(call BuildPackage,naiveproxy))
# SPDX-License-Identifier: GPL-3.0-only
#
# Copyright (C) 2021 ImmortalWrt.org
include $(TOPDIR)/rules.mk
PKG_NAME:=naiveproxy
PKG_VERSION:=109.0.5414.74-1
PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/klzgrad/naiveproxy/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=eb0b7d4ee7e34aff5bd9f7ff662a707c059e3739da47cd52e6d5edfff988123a
PKG_LICENSE:=BSD 3-Clause
PKG_LICENSE_FILES:=LICENSE
PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
ifneq ($(wildcard $(TOPDIR)/feeds/packages/devel/ninja/ninja.mk),)
PKG_BUILD_DEPENDS+= ninja/host
endif
PKG_USE_MIPS16:=0
PKG_BUILD_PARALLEL:=1
ifneq ($(CONFIG_CPU_TYPE)," ")
CPU_TYPE:=$(word 1, $(subst +," ,$(CONFIG_CPU_TYPE)))
CPU_SUBTYPE:=$(word 2, $(subst +, ",$(CONFIG_CPU_TYPE)))
ifeq ($(CPU_SUBTYPE),)
CPU_SUBTYPE:=""
endif
else
CPU_TYPE:=""
CPU_SUBTYPE:=""
endif
include $(INCLUDE_DIR)/package.mk
define Package/naiveproxy
SECTION:=net
CATEGORY:=Network
SUBMENU:=Web Servers/Proxies
TITLE:=Make a fortune quietly
URL:=https://github.com/klzgrad/naiveproxy
DEPENDS:=@!(arc||armeb||mips||mips64||powerpc||TARGET_gemini) +libatomic
endef
define Package/naiveproxy/description
NaïveProxy uses Chrome's network stack to camouflage traffic with strong
censorship resistance and low detectability. Reusing Chrome's stack also
ensures best practices in performance and security.
endef
ifneq ($(CONFIG_CCACHE),)
export CCACHE_SLOPPINESS=time_macros
export CCACHE_BASEDIR=$(PKG_BUILD_DIR)/src
export CCACHE_CPP2=yes
export naive_ccache_flags=cc_wrapper="$(CCACHE)"
endif
CLANG_VER:=16-init-8697-g60809cd2-1
CLANG_FILE:=clang-llvmorg-$(CLANG_VER).tgz
define Download/CLANG
URL:=https://commondatastorage.googleapis.com/chromium-browser-clang/Linux_x64
URL_FILE:=$(CLANG_FILE)
FILE:=$(CLANG_FILE)
HASH:=5ae35f85e0d32136795c6b223bf64263d46678dd4a24fea4e9039e58a32670de
endef
GN_VER:=1c4151ff5c1d6fbf7fa800b8d4bb34d3abc03a41
GN_FILE:=gn-git_revision-$(GN_VER).zip
define Download/GN_TOOL
URL:=https://chrome-infra-packages.appspot.com/dl/gn/gn/linux-amd64/+
URL_FILE:=git_revision:$(GN_VER)
FILE:=$(GN_FILE)
HASH:=7195291488d08f3a10e85b85d8c4816e077015f1c5f196f770003a97aa42caf8
endef
PGO_VER:=5414-1672766927-26b17aa1745606599e619feccfe46371e879e7c4
PGO_FILE:=chrome-linux-$(PGO_VER).profdata
define Download/PGO_PROF
URL:=https://storage.googleapis.com/chromium-optimization-profiles/pgo_profiles
URL_FILE:=$(PGO_FILE)
FILE:=$(PGO_FILE)
HASH:=e9a52f7a60d46fd6e682b0e908b1363faeb6f96bc2e95d5d95095b33fa67e34a
endef
define Build/Prepare
$(call Build/Prepare/Default)
( \
pushd $(PKG_BUILD_DIR)/src ; \
mkdir -p "chrome/build/pgo_profiles" ; \
$(CP) "$(DL_DIR)/$(PGO_FILE)" "chrome/build/pgo_profiles" ; \
mkdir -p "third_party/llvm-build/Release+Asserts" ; \
$(TAR) -xzf "$(DL_DIR)/$(CLANG_FILE)" -C "third_party/llvm-build/Release+Asserts" ; \
echo -e "llvmorg-$(CLANG_VER)" > "third_party/llvm-build/Release+Asserts/cr_build_revision" ; \
mkdir -p "gn/out" ; \
unzip -o "$(DL_DIR)/$(GN_FILE)" -d "gn/out" ; \
popd ; \
)
endef
define Build/Configure
( \
pushd "$(PKG_BUILD_DIR)/src" ; \
. ../init_env.sh "$(ARCH)" $(CPU_TYPE) $(CPU_SUBTYPE) "$(TOOLCHAIN_DIR)" ; \
export naive_flags+=" $$$${naive_ccache_flags}" ; \
mkdir -p "out" ; \
./gn/out/gn gen "out/Release" --args="$$$${naive_flags}" --script-executable="$(PYTHON)" ; \
popd ; \
)
endef
define Build/Compile
+$(NINJA) -C "$(PKG_BUILD_DIR)/src/out/Release" naive
endef
define Package/naiveproxy/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/out/Release/naive $(1)/usr/bin/naive
endef
$(eval $(call Download,CLANG))
$(eval $(call Download,GN_TOOL))
$(eval $(call Download,PGO_PROF))
$(eval $(call BuildPackage,naiveproxy))

76
naiveproxy/patches/100-macros.patch
View File

@@ -1,38 +1,38 @@
--- a/src/base/allocator/partition_allocator/tagging.cc
+++ b/src/base/allocator/partition_allocator/tagging.cc
@@ -18,22 +18,25 @@
#define PR_GET_TAGGED_ADDR_CTRL 56
#define PR_TAGGED_ADDR_ENABLE (1UL << 0)
-#if BUILDFLAG(IS_LINUX)
-#include <linux/version.h>
-
-// Linux headers already provide these since v5.10.
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 0)
-#define HAS_PR_MTE_MACROS
-#endif
-#endif
-
-#ifndef HAS_PR_MTE_MACROS
+#ifndef PR_MTE_TCF_SHIFT
#define PR_MTE_TCF_SHIFT 1
+#endif
+#ifndef PR_MTE_TCF_NONE
#define PR_MTE_TCF_NONE (0UL << PR_MTE_TCF_SHIFT)
+#endif
+#ifndef PR_MTE_TCF_SYNC
#define PR_MTE_TCF_SYNC (1UL << PR_MTE_TCF_SHIFT)
+#endif
+#ifndef PR_MTE_TCF_ASYNC
#define PR_MTE_TCF_ASYNC (2UL << PR_MTE_TCF_SHIFT)
+#endif
+#ifndef PR_MTE_TCF_MASK
#define PR_MTE_TCF_MASK (3UL << PR_MTE_TCF_SHIFT)
+#endif
+#ifndef PR_MTE_TAG_SHIFT
#define PR_MTE_TAG_SHIFT 3
+#endif
+#ifndef PR_MTE_TAG_MASK
#define PR_MTE_TAG_MASK (0xffffUL << PR_MTE_TAG_SHIFT)
#endif
#endif
--- a/src/base/allocator/partition_allocator/tagging.cc
+++ b/src/base/allocator/partition_allocator/tagging.cc
@@ -18,22 +18,25 @@
#define PR_GET_TAGGED_ADDR_CTRL 56
#define PR_TAGGED_ADDR_ENABLE (1UL << 0)
-#if BUILDFLAG(IS_LINUX)
-#include <linux/version.h>
-
-// Linux headers already provide these since v5.10.
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 0)
-#define HAS_PR_MTE_MACROS
-#endif
-#endif
-
-#ifndef HAS_PR_MTE_MACROS
+#ifndef PR_MTE_TCF_SHIFT
#define PR_MTE_TCF_SHIFT 1
+#endif
+#ifndef PR_MTE_TCF_NONE
#define PR_MTE_TCF_NONE (0UL << PR_MTE_TCF_SHIFT)
+#endif
+#ifndef PR_MTE_TCF_SYNC
#define PR_MTE_TCF_SYNC (1UL << PR_MTE_TCF_SHIFT)
+#endif
+#ifndef PR_MTE_TCF_ASYNC
#define PR_MTE_TCF_ASYNC (2UL << PR_MTE_TCF_SHIFT)
+#endif
+#ifndef PR_MTE_TCF_MASK
#define PR_MTE_TCF_MASK (3UL << PR_MTE_TCF_SHIFT)
+#endif
+#ifndef PR_MTE_TAG_SHIFT
#define PR_MTE_TAG_SHIFT 3
+#endif
+#ifndef PR_MTE_TAG_MASK
#define PR_MTE_TAG_MASK (0xffffUL << PR_MTE_TAG_SHIFT)
#endif
#endif

199
naiveproxy/src/init_env.sh Executable file → Normal file
View File

@@ -1,99 +1,100 @@
#!/bin/bash
# SPDX-License-Identifier: GPL-3.0-only
#
# Copyright (C) 2021 ImmortalWrt.org
# --------------------------------------------------------
# Init build dependencies for naiveproxy
# Read args from shell
target_arch="$1"
cpu_type="$2"
cpu_subtype="$3"
toolchain_dir="$4"
# Set arch info
case "${target_arch}" in
"aarch64")
naive_arch="arm64"
;;
"i386")
naive_arch="x86"
;;
"x86_64")
naive_arch="x64"
;;
*)
naive_arch="${target_arch}"
;;
esac
# OS detection
[ "$(uname)" != "Linux" -o "$(uname -m)" != "x86_64" ] && { echo -e "Support Linux AMD64 only."; exit 1; }
# Create TMP dir
mkdir -p "$PWD/tmp"
export TMPDIR="$PWD/tmp"
# Set ENV
export DEPOT_TOOLS_WIN_TOOLCHAIN=0
export naive_flags="
is_official_build=true
exclude_unwind_tables=true
enable_resource_allowlist_generation=false
symbol_level=1
is_clang=true
use_sysroot=false
fatal_linker_warnings=false
treat_warnings_as_errors=false
enable_base_tracing=false
use_udev=false
use_aura=false
use_ozone=false
use_gio=false
use_gtk=false
use_platform_icu_alternatives=true
use_glib=false
disable_file_support=true
enable_websockets=false
use_kerberos=false
enable_mdns=false
enable_reporting=false
include_transport_security_state_preload_list=false
use_nss_certs=false
target_os=\"openwrt\"
target_cpu=\"${naive_arch}\"
target_sysroot=\"${toolchain_dir}\""
case "${target_arch}" in
"arm")
naive_flags+=" arm_version=0 arm_cpu=\"${cpu_type}\""
case "${cpu_type}" in "arm1176jzf-s"|"arm926ej-s"|"mpcore"|"xscale") naive_flags+=" arm_use_thumb=false" ;; esac
if [ -n "${cpu_subtype}" ]; then
if grep -q "neon" <<< "${cpu_subtype}"; then
neon_flag="arm_use_neon=true"
else
neon_flag="arm_use_neon=false"
fi
naive_flags+=" arm_fpu=\"${cpu_subtype}\" arm_float_abi=\"hard\" ${neon_flag}"
else
naive_flags+=" arm_float_abi=\"soft\" arm_use_neon=false"
fi
;;
"arm64")
[ -n "${cpu_type}" ] && naive_flags+=" arm_cpu=\"${cpu_type}\""
;;
"mipsel"|"mips64el")
naive_flags+=" use_thin_lto=false chrome_pgo_phase=0 mips_arch_variant=\"r2\""
if [ "${target_arch}" == "mipsel" ]; then
if [ "${cpu_subtype}" == "24kf" ]; then
naive_flags+=" mips_float_abi=\"hard\""
else
naive_flags+=" mips_float_abi=\"soft\""
fi
fi
;;
esac
#!/bin/bash
# SPDX-License-Identifier: GPL-3.0-only
#
# Copyright (C) 2021 ImmortalWrt.org
# --------------------------------------------------------
# Init build dependencies for naiveproxy
# Read args from shell
target_arch="$1"
cpu_type="$2"
cpu_subtype="$3"
toolchain_dir="$4"
# Set arch info
case "${target_arch}" in
"aarch64")
naive_arch="arm64"
;;
"i386")
naive_arch="x86"
;;
"x86_64")
naive_arch="x64"
;;
*)
naive_arch="${target_arch}"
;;
esac
# OS detection
[ "$(uname)" != "Linux" -o "$(uname -m)" != "x86_64" ] && { echo -e "Support Linux AMD64 only."; exit 1; }
# Create TMP dir
mkdir -p "$PWD/tmp"
export TMPDIR="$PWD/tmp"
# Set ENV
export DEPOT_TOOLS_WIN_TOOLCHAIN=0
export naive_flags="
is_official_build=true
exclude_unwind_tables=true
enable_resource_allowlist_generation=false
symbol_level=1
is_clang=true
use_sysroot=false
fatal_linker_warnings=false
treat_warnings_as_errors=false
enable_base_tracing=false
use_udev=false
use_aura=false
use_ozone=false
use_gio=false
use_gtk=false
use_platform_icu_alternatives=true
use_glib=false
disable_file_support=true
enable_websockets=false
use_kerberos=false
enable_mdns=false
enable_reporting=false
include_transport_security_state_preload_list=false
use_nss_certs=false
target_os=\"openwrt\"
target_cpu=\"${naive_arch}\"
target_sysroot=\"${toolchain_dir}\""
case "${target_arch}" in
"arm")
naive_flags+=" arm_version=0 arm_cpu=\"${cpu_type}\""
if [ -n "${cpu_subtype}" ]; then
if grep -q "neon" <<< "${cpu_subtype}"; then
neon_flag="arm_use_neon=true"
else
neon_flag="arm_use_neon=false"
fi
naive_flags+=" arm_fpu=\"${cpu_subtype}\" arm_float_abi=\"hard\" ${neon_flag}"
else
naive_flags+=" arm_float_abi=\"soft\" arm_use_neon=false"
fi
case "${cpu_type}" in
"arm1176jzf-s"|"arm926ej-s"|"mpcore"|"xscale")
naive_flags+=" arm_use_thumb=false"
;;
esac
;;
"mipsel"|"mips64el")
naive_flags+=" use_thin_lto=false chrome_pgo_phase=0 mips_arch_variant=\"r2\""
if [ "${target_arch}" == "mipsel" ]; then
if [ "${cpu_subtype}" == "24kf" ]; then
naive_flags+=" mips_float_abi=\"hard\""
else
naive_flags+=" mips_float_abi=\"soft\""
fi
fi
;;
esac