diff --git a/dockerd/Makefile b/dockerd/Makefile index 25efc66a2..a991e6416 100644 --- a/dockerd/Makefile +++ b/dockerd/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dockerd -PKG_VERSION:=29.1.4 +PKG_VERSION:=29.1.5 PKG_RELEASE:=1 PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE diff --git a/luci-app-fchomo/root/usr/share/fchomo/firewall_post.ut b/luci-app-fchomo/root/usr/share/fchomo/firewall_post.ut index 666818d0e..dc607f2fe 100644 --- a/luci-app-fchomo/root/usr/share/fchomo/firewall_post.ut +++ b/luci-app-fchomo/root/usr/share/fchomo/firewall_post.ut @@ -134,7 +134,7 @@ {# Common function START #} {%- function render_acl_src(inchain, outchain): %} chain {{ inchain }} { - {% if (control_info.listen_interfaces): %} + {% if (!isEmpty(control_info.listen_interfaces)): %} meta iifname != {{ array_to_nftarr(uniq([...control_info.listen_interfaces, ...['lo']])) }} counter return {% endif %} meta mark {{ self_mark }} counter return @@ -164,6 +164,10 @@ chain {{ inchain }} { {% if (control_info.lan_filter !== 'white_list'): %} counter goto {{ outchain }} {% endif %} + + {% if (proxy_router === '1' && match(inchain, /tproxy/)): %} + iifname lo meta mark {{ tproxy_mark }} counter goto {{ outchain }} + {% endif %} } {% endfunction %} @@ -400,10 +404,7 @@ table inet fchomo { type nat hook prerouting priority dstnat + 5; policy accept; {#- DNS hijack #} {% if (dnsmasq_hijacked !== '1'): %} - {% if (control_info.listen_interfaces): %} - meta iifname {{ array_to_nftarr(control_info.listen_interfaces) }} - {% endif %} - meta iifname != lo meta nfproto { {{ (global_ipv6 === '1') ? 'ipv4, ipv6' : 'ipv4' }} } meta l4proto { tcp, udp } th dport 53 counter redirect to :{{ dnsmasq_port }} comment "!{{ cfgname }}: DNS hijack (subnet)" + meta iifname != lo meta nfproto { {{ (global_ipv6 === '1') ? 'ipv4, ipv6' : 'ipv4' }} } th dport 53 jump pre_acl_src {% endif /* dnsmasq_hijacked */ %} {#- TCP redirect entrypoint #} {% if (match(proxy_mode, /redir/)): %} @@ -448,6 +449,14 @@ table inet fchomo { {% endif /* proxy_router */ %} {# Main entrypoint END #} + {#- DNS hijack #} + {% if (dnsmasq_hijacked !== '1'): %} + {{ render_acl_src('pre_acl_src', 'pre_dns_hijack') }} + chain pre_dns_hijack { + meta l4proto { tcp, udp } counter redirect to :{{ dnsmasq_port }} comment "!{{ cfgname }}: DNS hijack (subnet)" + } + {% endif %} + {# TCP redirect START #} {% if (match(proxy_mode, /redir/)): %} {{ render_acl_src('redir_acl_src', 'redir_acl_dst') }} @@ -478,9 +487,7 @@ table inet fchomo { {{ render_acl_dst('tproxy_acl_dst_reroute', 'tproxy_acl_dport_reroute') }} {{ render_acl_dport('tproxy_acl_dport_reroute', 'tproxy_mark', 'udp') }} chain tproxy_mark { - {#- DNS hijack (router udp) #} {# tproxy_mark --> route_table_id --reroute-to--> lo --> prerouting --> tproxy_port --> DST-PORT,53,dns-out #} - meta l4proto udp meta mark set {{ tproxy_mark }} counter accept } {% endif /* proxy_router */ %} @@ -493,6 +500,7 @@ table inet fchomo { {{ render_acl_dst('tun_acl_dst', 'tun_acl_dport') }} {{ render_acl_dport('tun_acl_dport', 'tun_mark', (proxy_mode === 'tun') ? '' : 'udp') }} chain tun_mark { + {# tun_mark --> route_table_id --reroute-to--> tun_iface --> DST-PORT,53,dns-out #} meta mark set {{ tun_mark }} counter accept } {% endif /* proxy_mode */ %} diff --git a/luci-app-fchomo/root/usr/share/ucode/fchomo.uc b/luci-app-fchomo/root/usr/share/ucode/fchomo.uc index 90a35a479..dcc997cba 100644 --- a/luci-app-fchomo/root/usr/share/ucode/fchomo.uc +++ b/luci-app-fchomo/root/usr/share/ucode/fchomo.uc @@ -92,7 +92,7 @@ export function yqReadFile(flags, command, filepath) { /* String helper start */ export function isEmpty(res) { // no false, 0, NaN - if (res == null || res in ['', 'nil']) return true; // null, '', 'nil' + if (res == null || res in ['']) return true; // null, '' if (type(res) in ['array', 'object']) return length(res) === 0; // empty Array/Object return false; }; diff --git a/luci-app-passwall/Makefile b/luci-app-passwall/Makefile index 7075d6d5e..0f2b71346 100644 --- a/luci-app-passwall/Makefile +++ b/luci-app-passwall/Makefile @@ -1,5 +1,6 @@ # Copyright (C) 2018-2020 L-WRT Team # Copyright (C) 2021-2025 xiaorouji +# Copyright (C) 2026 Openwrt-Passwall Organization # # This is free software, licensed under the GNU General Public License v3. diff --git a/luci-app-passwall/luasrc/controller/passwall.lua b/luci-app-passwall/luasrc/controller/passwall.lua index 308e4efeb..a052e2963 100644 --- a/luci-app-passwall/luasrc/controller/passwall.lua +++ b/luci-app-passwall/luasrc/controller/passwall.lua @@ -1,5 +1,6 @@ -- Copyright (C) 2018-2020 L-WRT Team -- Copyright (C) 2021-2025 xiaorouji +-- Copyright (C) 2026 Openwrt-Passwall Organization module("luci.controller.passwall", package.seeall) local api = require "luci.passwall.api" diff --git a/luci-app-passwall/luasrc/passwall/api.lua b/luci-app-passwall/luasrc/passwall/api.lua index 384f9c74a..a878d8f89 100644 --- a/luci-app-passwall/luasrc/passwall/api.lua +++ b/luci-app-passwall/luasrc/passwall/api.lua @@ -85,11 +85,11 @@ function sh_uci_commit(config) end function set_cache_var(key, val) - sys.call(string.format('/usr/share/passwall/app.sh set_cache_var %s "%s"', key, val)) + sys.call(string.format('. /usr/share/passwall/utils.sh ; set_cache_var %s "%s"', key, val)) end function get_cache_var(key) - local val = sys.exec(string.format('echo -n $(/usr/share/passwall/app.sh get_cache_var %s)', key)) + local val = sys.exec(string.format('. /usr/share/passwall/utils.sh ; echo -n $(get_cache_var %s)', key)) if val == "" then val = nil end return val end diff --git a/luci-app-passwall/luasrc/passwall/util_sing-box.lua b/luci-app-passwall/luasrc/passwall/util_sing-box.lua index d09303371..a8e43ad09 100644 --- a/luci-app-passwall/luasrc/passwall/util_sing-box.lua +++ b/luci-app-passwall/luasrc/passwall/util_sing-box.lua @@ -64,11 +64,12 @@ end local new_port local function get_new_port() - if new_port then - new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port %s tcp)", appname, new_port + 1))) - else - new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port auto tcp)", appname))) + local cmd_format = ". /usr/share/passwall/utils.sh ; echo -n $(get_new_port %s tcp)" + local set_port = 0 + if new_port and tonumber(new_port) then + set_port = tonumber(new_port) + 1 end + new_port = tonumber(sys.exec(string.format(cmd_format, set_port == 0 and "auto" or set_port))) return new_port end diff --git a/luci-app-passwall/luasrc/passwall/util_xray.lua b/luci-app-passwall/luasrc/passwall/util_xray.lua index 56e3ad6dc..042d642c0 100644 --- a/luci-app-passwall/luasrc/passwall/util_xray.lua +++ b/luci-app-passwall/luasrc/passwall/util_xray.lua @@ -9,11 +9,12 @@ local fs = api.fs local new_port local function get_new_port() - if new_port then - new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port %s tcp)", appname, new_port + 1))) - else - new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port auto tcp)", appname))) + local cmd_format = ". /usr/share/passwall/utils.sh ; echo -n $(get_new_port %s tcp)" + local set_port = 0 + if new_port and tonumber(new_port) then + set_port = tonumber(new_port) + 1 end + new_port = tonumber(sys.exec(string.format(cmd_format, set_port == 0 and "auto" or set_port))) return new_port end diff --git a/luci-app-passwall/luasrc/view/passwall/haproxy/js.htm b/luci-app-passwall/luasrc/view/passwall/haproxy/js.htm index 2820630ec..6ba2b26e2 100644 --- a/luci-app-passwall/luasrc/view/passwall/haproxy/js.htm +++ b/luci-app-passwall/luasrc/view/passwall/haproxy/js.htm @@ -76,7 +76,7 @@ table .cbi-button-down { }); //节点列表添加拖拽排序 - (function () { + document.addEventListener("DOMContentLoaded", function () { function initSortableForTable() { var section = document.getElementById("cbi-<%=api.appname%>-haproxy_config"); if (!section) return; @@ -191,12 +191,12 @@ table .cbi-button-down { last = count; if (stable >= THRESHOLD) - initSortableForTable(); + setTimeout(initSortableForTable, 200); else requestAnimationFrame(tick); } tick(); })(); - })(); + }); //]]> diff --git a/luci-app-passwall/luasrc/view/passwall/node_subscribe/js.htm b/luci-app-passwall/luasrc/view/passwall/node_subscribe/js.htm index a767b0d83..cfc5101c0 100644 --- a/luci-app-passwall/luasrc/view/passwall/node_subscribe/js.htm +++ b/luci-app-passwall/luasrc/view/passwall/node_subscribe/js.htm @@ -137,7 +137,7 @@ table .cbi-button-down { } //订阅列表添加拖拽排序 - (function () { + document.addEventListener("DOMContentLoaded", function () { function initSortableForTable() { var section = document.getElementById("cbi-<%=api.appname%>-subscribe_list"); if (!section) return; @@ -252,12 +252,12 @@ table .cbi-button-down { last = count; if (stable >= THRESHOLD) - initSortableForTable(); + setTimeout(initSortableForTable, 200); else requestAnimationFrame(tick); } tick(); })(); - })(); + }); //]]> diff --git a/luci-app-passwall/luasrc/view/passwall/rule/rule_version.htm b/luci-app-passwall/luasrc/view/passwall/rule/rule_version.htm index 69dcf360c..4cd704890 100644 --- a/luci-app-passwall/luasrc/view/passwall/rule/rule_version.htm +++ b/luci-app-passwall/luasrc/view/passwall/rule/rule_version.htm @@ -143,7 +143,7 @@ local api = require "luci.passwall.api" } //分流规则添加拖拽排序 - (function () { + document.addEventListener("DOMContentLoaded", function () { function initSortableForTable() { var section = document.getElementById("cbi-<%=api.appname%>-shunt_rules"); if (!section) return; @@ -249,12 +249,12 @@ local api = require "luci.passwall.api" last = count; if (stable >= THRESHOLD) - initSortableForTable(); + setTimeout(initSortableForTable, 200); else requestAnimationFrame(tick); } tick(); })(); - })(); + }); //]]> diff --git a/luci-app-passwall/root/etc/init.d/passwall b/luci-app-passwall/root/etc/init.d/passwall index a41b87d3f..e347f873d 100755 --- a/luci-app-passwall/root/etc/init.d/passwall +++ b/luci-app-passwall/root/etc/init.d/passwall @@ -3,8 +3,8 @@ START=99 STOP=15 -CONFIG=passwall -APP_FILE=/usr/share/${CONFIG}/app.sh +. /usr/share/passwall/utils.sh +APP_FILE=${APP_PATH}/app.sh LOCK_FILE_DIR=/var/lock LOCK_FILE=${LOCK_FILE_DIR}/${CONFIG}.lock diff --git a/luci-app-passwall/root/usr/share/passwall/app.sh b/luci-app-passwall/root/usr/share/passwall/app.sh index 49bb159cf..0b4ea5307 100755 --- a/luci-app-passwall/root/usr/share/passwall/app.sh +++ b/luci-app-passwall/root/usr/share/passwall/app.sh @@ -1,22 +1,14 @@ #!/bin/sh # Copyright (C) 2018-2020 L-WRT Team # Copyright (C) 2021-2025 xiaorouji +# Copyright (C) 2026 Openwrt-Passwall Organization . $IPKG_INSTROOT/lib/functions.sh . $IPKG_INSTROOT/lib/functions/service.sh -CONFIG=passwall -TMP_PATH=/tmp/etc/$CONFIG -TMP_BIN_PATH=$TMP_PATH/bin -TMP_SCRIPT_FUNC_PATH=$TMP_PATH/script_func -TMP_ROUTE_PATH=$TMP_PATH/route -TMP_ACL_PATH=$TMP_PATH/acl -TMP_IFACE_PATH=$TMP_PATH/iface -TMP_PATH2=/tmp/etc/${CONFIG}_tmp +. /usr/share/passwall/utils.sh + GLOBAL_ACL_PATH=${TMP_ACL_PATH}/default -LOG_FILE=/tmp/log/$CONFIG.log -APP_PATH=/usr/share/$CONFIG -RULES_PATH=/usr/share/${CONFIG}/rules LUA_UTIL_PATH=/usr/lib/lua/luci/passwall UTIL_SINGBOX=$LUA_UTIL_PATH/util_sing-box.lua UTIL_SS=$LUA_UTIL_PATH/util_shadowsocks.lua @@ -26,192 +18,6 @@ UTIL_NAIVE=$LUA_UTIL_PATH/util_naiveproxy.lua UTIL_HYSTERIA2=$LUA_UTIL_PATH/util_hysteria2.lua UTIL_TUIC=$LUA_UTIL_PATH/util_tuic.lua -echolog() { - local d="$(date "+%Y-%m-%d %H:%M:%S")" - echo -e "$d: $*" >>$LOG_FILE -} - -config_get_type() { - local ret=$(uci -q get "${CONFIG}.${1}" 2>/dev/null) - echo "${ret:=$2}" -} - -config_n_get() { - local ret=$(uci -q get "${CONFIG}.${1}.${2}" 2>/dev/null) - echo "${ret:=$3}" -} - -config_t_get() { - local index=${4:-0} - local ret=$(uci -q get "${CONFIG}.@${1}[${index}].${2}" 2>/dev/null) - echo "${ret:=${3}}" -} - -config_t_set() { - local index=${4:-0} - local ret=$(uci -q set "${CONFIG}.@${1}[${index}].${2}=${3}" 2>/dev/null) -} - -get_enabled_anonymous_secs() { - uci -q show "${CONFIG}" | grep "${1}\[.*\.enabled='1'" | cut -d '.' -sf2 -} - -get_host_ip() { - local host=$2 - local count=$3 - [ -z "$count" ] && count=3 - local isip="" - local ip=$host - if [ "$1" == "ipv6" ]; then - isip=$(echo $host | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") - if [ -n "$isip" ]; then - isip=$(echo $host | cut -d '[' -f2 | cut -d ']' -f1) - fi - else - isip=$(echo $host | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}") - fi - [ -z "$isip" ] && { - local t=4 - [ "$1" == "ipv6" ] && t=6 - local vpsrip=$(resolveip -$t -t $count $host | awk 'NR==1{print}') - ip=$vpsrip - } - echo $ip -} - -get_node_host_ip() { - local ip - local address=$(config_n_get $1 address) - [ -n "$address" ] && { - local use_ipv6=$(config_n_get $1 use_ipv6) - local network_type="ipv4" - [ "$use_ipv6" == "1" ] && network_type="ipv6" - ip=$(get_host_ip $network_type $address) - } - echo $ip -} - -get_ip_port_from() { - local __host=${1}; shift 1 - local __ipv=${1}; shift 1 - local __portv=${1}; shift 1 - local __ucipriority=${1}; shift 1 - - local val1 val2 - val2=$(echo "$__host" | sed -n ' - s/^[^#]*[#]\([0-9]*\)$/\1/p; t; - s/^\(\[[^]]*\]\)[:]\([0-9]*\)$/\2/p; t; - s/^.*[:#]\([0-9]*\)$/\1/p - ') - if [ -n "${__ucipriority}" ]; then - val2=$(config_n_get ${__host} port "${val2}") - val1=$(config_n_get ${__host} address "${__host%%${val2:+[:#]${val2}*}}") - else - val1="${__host%%${val2:+[:#]${val2}*}}" - fi - eval "${__ipv}=\"$val1\"; ${__portv}=\"$val2\"" -} - -host_from_url(){ - local f=${1} - - ## Remove protocol part of url ## - f="${f##http://}" - f="${f##https://}" - f="${f##ftp://}" - f="${f##sftp://}" - - ## Remove username and/or username:password part of URL ## - f="${f##*:*@}" - f="${f##*@}" - - ## Remove rest of urls ## - f="${f%%/*}" - echo "${f%%:*}" -} - -hosts_foreach() { - local __hosts - eval "__hosts=\$${1}"; shift 1 - local __func=${1}; shift 1 - local __default_port=${1}; shift 1 - local __ret=1 - - [ -z "${__hosts}" ] && return 0 - local __ip __port - for __host in $(echo $__hosts | sed 's/[ ,]/\n/g'); do - get_ip_port_from "$__host" "__ip" "__port" - eval "$__func \"${__host}\" \"\${__ip}\" \"\${__port:-${__default_port}}\" \"$@\"" - __ret=$? - [ ${__ret} -ge ${ERROR_NO_CATCH:-1} ] && return ${__ret} - done -} - -check_host() { - local f=${1} - a=$(echo $f | grep "\/") - [ -n "$a" ] && return 1 - # 判断是否包含汉字~ - local tmp=$(echo -n $f | awk '{print gensub(/[!-~]/,"","g",$0)}') - [ -n "$tmp" ] && return 1 - return 0 -} - -get_first_dns() { - local __hosts_val=${1}; shift 1 - __first() { - [ -z "${2}" ] && return 0 - echo "${2}#${3}" - return 1 - } - eval "hosts_foreach \"${__hosts_val}\" __first \"$@\"" -} - -get_last_dns() { - local __hosts_val=${1}; shift 1 - local __first __last - __every() { - [ -z "${2}" ] && return 0 - __last="${2}#${3}" - __first=${__first:-${__last}} - } - eval "hosts_foreach \"${__hosts_val}\" __every \"$@\"" - [ "${__first}" == "${__last}" ] || echo "${__last}" -} - -check_port_exists() { - local port=$1 - local protocol=$2 - [ -n "$protocol" ] || protocol="tcp,udp" - local result= - if [ "$protocol" = "tcp" ]; then - result=$(netstat -tln | grep -c ":$port ") - elif [ "$protocol" = "udp" ]; then - result=$(netstat -uln | grep -c ":$port ") - elif [ "$protocol" = "tcp,udp" ]; then - result=$(netstat -tuln | grep -c ":$port ") - fi - echo "${result}" -} - -get_new_port() { - local port=$1 - [ "$port" == "auto" ] && port=2082 - local protocol=$(echo $2 | tr 'A-Z' 'a-z') - local result=$(check_port_exists $port $protocol) - if [ "$result" != 0 ]; then - local temp= - if [ "$port" -lt 65535 ]; then - temp=$(expr $port + 1) - elif [ "$port" -gt 1 ]; then - temp=$(expr $port - 1) - fi - get_new_port $temp $protocol - else - echo $port - fi -} - check_run_environment() { local prefer_nft=$(config_t_get global_forwarding prefer_nft 1) local dnsmasq_info=$(dnsmasq -v 2>/dev/null) @@ -265,29 +71,7 @@ check_run_environment() { fi } -check_ver() { - local version1="$1" - local version2="$2" - local i v1 v1_1 v1_2 v1_3 v2 v2_1 v2_2 v2_3 - IFS='.'; set -- $version1; v1_1=${1:-0}; v1_2=${2:-0}; v1_3=${3:-0} - IFS='.'; set -- $version2; v2_1=${1:-0}; v2_2=${2:-0}; v2_3=${3:-0} - IFS= - for i in 1 2 3; do - eval v1=\$v1_$i - eval v2=\$v2_$i - if [ "$v1" -gt "$v2" ]; then - # $1 大于 $2 - echo 0 - return - elif [ "$v1" -lt "$v2" ]; then - # $1 小于 $2 - echo 1 - return - fi - done - # $1 等于 $2 - echo 255 -} + first_type() { [ "${1#/}" != "$1" ] && [ -x "$1" ] && echo "$1" && return @@ -297,22 +81,6 @@ first_type() { command -v "$1" 2>/dev/null || command -v "$2" 2>/dev/null } -eval_set_val() { - for i in $@; do - for j in $i; do - eval $j - done - done -} - -eval_unset_val() { - for i in $@; do - for j in $i; do - eval unset j - done - done -} - is_socks_wrap() { case "$1" in Socks_*) return 0 ;; @@ -361,15 +129,6 @@ ln_run() { echo "${file_func:-echolog " - ${ln_name}"} $@ >${output}" > $TMP_SCRIPT_FUNC_PATH/$process_count } -lua_api() { - local func=${1} - [ -z "${func}" ] && { - echo "nil" - return - } - echo $(lua -e "local api = require 'luci.passwall.api' print(api.${func})") -} - parse_doh() { local __doh=$1 __url_var=$2 __host_var=$3 __port_var=$4 __bootstrap_var=$5 __doh=$(echo -e "$__doh" | tr -d ' \t\n') @@ -415,37 +174,6 @@ get_geoip() { fi } -set_cache_var() { - local key="${1}" - shift 1 - local val="$@" - [ -n "${key}" ] && [ -n "${val}" ] && { - sed -i "/${key}=/d" $TMP_PATH/var >/dev/null 2>&1 - echo "${key}=\"${val}\"" >> $TMP_PATH/var - eval ${key}=\"${val}\" - } -} - -get_cache_var() { - local key="${1}" - [ -n "${key}" ] && [ -s "$TMP_PATH/var" ] && { - echo $(cat $TMP_PATH/var | grep "^${key}=" | awk -F '=' '{print $2}' | tail -n 1 | awk -F'"' '{print $2}') - } -} - -eval_cache_var() { - [ -s "$TMP_PATH/var" ] && eval $(cat "$TMP_PATH/var") -} - -has_1_65535() { - local val="$1" - val=${val//:/-} - case ",$val," in - *,1-65535,*) return 0 ;; - *) return 1 ;; - esac -} - run_ipt2socks() { local flag proto tcp_tproxy local_port socks_address socks_port socks_username socks_password log_file local _extra_param="" @@ -1812,41 +1540,6 @@ start_dns() { fi } -add_ip2route() { - local ip=$(get_host_ip "ipv4" $1) - [ -z "$ip" ] && { - echolog " - 无法解析[${1}],路由表添加失败!" - return 1 - } - local remarks="${1}" - [ "$remarks" != "$ip" ] && remarks="${1}(${ip})" - - . /lib/functions/network.sh - local gateway device - network_get_gateway gateway "$2" - network_get_device device "$2" - [ -z "${device}" ] && device="$2" - - if [ -n "${gateway}" ]; then - route add -host ${ip} gw ${gateway} dev ${device} >/dev/null 2>&1 - echo "$ip" >> $TMP_ROUTE_PATH/${device} - echolog " - [${remarks}]添加到接口[${device}]路由表成功!" - else - echolog " - [${remarks}]添加到接口[${device}]路由表失功!原因是找不到[${device}]网关。" - fi -} - -delete_ip2route() { - [ -d "${TMP_ROUTE_PATH}" ] && { - local interface - for interface in $(ls ${TMP_ROUTE_PATH}); do - for ip in $(cat ${TMP_ROUTE_PATH}/${interface}); do - route del -host ${ip} dev ${interface} >/dev/null 2>&1 - done - done - } -} - start_haproxy() { [ "$(config_t_get global_haproxy balancing_enable 0)" != "1" ] && return haproxy_path=$TMP_PATH/haproxy @@ -2339,21 +2032,6 @@ get_config() { arg1=$1 shift case $arg1 in -add_ip2route) - add_ip2route $@ - ;; -echolog) - echolog $@ - ;; -get_new_port) - get_new_port $@ - ;; -get_cache_var) - get_cache_var $@ - ;; -set_cache_var) - set_cache_var $@ - ;; run_socks) run_socks $@ ;; diff --git a/luci-app-passwall/root/usr/share/passwall/haproxy.lua b/luci-app-passwall/root/usr/share/passwall/haproxy.lua index 08ba532bd..05943eec9 100644 --- a/luci-app-passwall/root/usr/share/passwall/haproxy.lua +++ b/luci-app-passwall/root/usr/share/passwall/haproxy.lua @@ -19,11 +19,12 @@ end local new_port local function get_new_port() - if new_port then - new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port %s tcp)", appname, new_port + 1))) - else - new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port auto tcp)", appname))) + local cmd_format = ". /usr/share/passwall/utils.sh ; echo -n $(get_new_port %s tcp)" + local set_port = 0 + if new_port and tonumber(new_port) then + set_port = tonumber(new_port) + 1 end + new_port = tonumber(sys.exec(string.format(cmd_format, set_port == 0 and "auto" or set_port))) return new_port end @@ -207,7 +208,7 @@ listen %s f_out:write(" " .. server_conf .. "\n") if o.export ~= "0" then - sys.call(string.format("/usr/share/passwall/app.sh add_ip2route %s %s", o.origin_address, o.export)) + sys.call(string.format(". /usr/share/passwall2/utils.sh ; add_ip2route %s %s", o.origin_address, o.export)) end log(string.format(" | - 出口节点:%s:%s,权重:%s", o.origin_address, o.origin_port, o.lbweight)) diff --git a/luci-app-passwall/root/usr/share/passwall/iptables.sh b/luci-app-passwall/root/usr/share/passwall/iptables.sh index 84b556f05..ef4a31a5e 100755 --- a/luci-app-passwall/root/usr/share/passwall/iptables.sh +++ b/luci-app-passwall/root/usr/share/passwall/iptables.sh @@ -1401,11 +1401,11 @@ del_firewall_rule() { destroy_ipset $IPSET_BLOCK6 destroy_ipset $IPSET_WHITE6 - $DIR/app.sh echolog "删除 iptables 规则完成。" + echolog "删除 iptables 规则完成。" } flush_ipset() { - $DIR/app.sh echolog "清空 IPSet。" + echolog "清空 IPSet。" for _name in $(ipset list | grep "Name: " | grep "passwall_" | awk '{print $2}'); do destroy_ipset ${_name} done @@ -1511,6 +1511,7 @@ start() { } stop() { + [ -z "$(command -v echolog)" ] && . /usr/share/passwall/utils.sh del_firewall_rule [ $(config_t_get global flush_set_on_reboot "0") = "1" -o $(config_t_get global flush_set "0") = "1" ] && { uci -q delete ${CONFIG}.@global[0].flush_set diff --git a/luci-app-passwall/root/usr/share/passwall/lease2hosts.sh b/luci-app-passwall/root/usr/share/passwall/lease2hosts.sh index db3b98b93..d81de5076 100755 --- a/luci-app-passwall/root/usr/share/passwall/lease2hosts.sh +++ b/luci-app-passwall/root/usr/share/passwall/lease2hosts.sh @@ -2,10 +2,8 @@ # dhcp.leases to hosts -CONFIG=passwall -TMP_PATH=/tmp/etc/${CONFIG} -TMP_PATH2=/tmp/etc/${CONFIG}_tmp -LOCK_FILE=/tmp/lock/${CONFIG}_lease2hosts.lock +. /usr/share/passwall/utils.sh +LOCK_FILE=${LOCK_PATH}/${CONFIG}_lease2hosts.lock LEASE_FILE="/tmp/dhcp.leases" HOSTS_FILE="$TMP_PATH2/dhcp-hosts" TMP_FILE="/tmp/dhcp-hosts.tmp" diff --git a/luci-app-passwall/root/usr/share/passwall/monitor.sh b/luci-app-passwall/root/usr/share/passwall/monitor.sh index e18ecdb3c..74a40b225 100755 --- a/luci-app-passwall/root/usr/share/passwall/monitor.sh +++ b/luci-app-passwall/root/usr/share/passwall/monitor.sh @@ -1,22 +1,7 @@ #!/bin/sh -CONFIG=passwall -TMP_PATH=/tmp/etc/$CONFIG -TMP_SCRIPT_FUNC_PATH=$TMP_PATH/script_func -LOCK_FILE_DIR=/tmp/lock -LOCK_FILE=${LOCK_FILE_DIR}/${CONFIG}_script.lock - -config_n_get() { - local ret=$(uci -q get $CONFIG.$1.$2 2>/dev/null) - echo ${ret:=$3} -} - -config_t_get() { - local index=0 - [ -n "$4" ] && index=$4 - local ret=$(uci -q get $CONFIG.@$1[$index].$2 2>/dev/null) - echo ${ret:=$3} -} +. /usr/share/passwall/utils.sh +LOCK_FILE=${LOCK_PATH}/${CONFIG}_monitor.lock ENABLED=$(config_t_get global enabled 0) [ "$ENABLED" != 1 ] && return 1 diff --git a/luci-app-passwall/root/usr/share/passwall/nftables.sh b/luci-app-passwall/root/usr/share/passwall/nftables.sh index 86a486aea..9f367d1c9 100755 --- a/luci-app-passwall/root/usr/share/passwall/nftables.sh +++ b/luci-app-passwall/root/usr/share/passwall/nftables.sh @@ -1428,11 +1428,11 @@ del_firewall_rule() { destroy_nftset $NFTSET_BLOCK6 destroy_nftset $NFTSET_WHITE6 - $DIR/app.sh echolog "删除 nftables 规则完成。" + echolog "删除 nftables 规则完成。" } flush_nftset() { - $DIR/app.sh echolog "清空 NFTSet。" + echolog "清空 NFTSet。" for _name in $(nft -a list sets | grep -E "passwall_" | awk -F 'set ' '{print $2}' | awk '{print $1}'); do destroy_nftset ${_name} done @@ -1486,6 +1486,7 @@ start() { } stop() { + [ -z "$(command -v echolog)" ] && . /usr/share/passwall/utils.sh del_firewall_rule [ $(config_t_get global flush_set_on_reboot "0") = "1" -o $(config_t_get global flush_set "0") = "1" ] && { uci -q delete ${CONFIG}.@global[0].flush_set diff --git a/luci-app-passwall/root/usr/share/passwall/socks_auto_switch.sh b/luci-app-passwall/root/usr/share/passwall/socks_auto_switch.sh index ef4733d2a..08bf95ac0 100755 --- a/luci-app-passwall/root/usr/share/passwall/socks_auto_switch.sh +++ b/luci-app-passwall/root/usr/share/passwall/socks_auto_switch.sh @@ -1,26 +1,10 @@ #!/bin/sh -CONFIG=passwall -LOG_FILE=/tmp/log/$CONFIG.log -LOCK_FILE_DIR=/tmp/lock -LOG_EVENT_FILTER= -LOG_EVENT_CMD= +. /usr/share/passwall/utils.sh +APP_FILE=${APP_PATH}/app.sh + flag=0 -echolog() { - local d="$(date "+%Y-%m-%d %H:%M:%S")" - local c="$1" - echo -e "$d: $c" >> $LOG_FILE - [ -n "$LOG_EVENT_CMD" ] && [ -n "$(echo -n $c |grep -E "$LOG_EVENT_FILTER")" ] && { - $(echo -n $LOG_EVENT_CMD |sed "s/%s/$c/g") - } -} - -config_n_get() { - local ret=$(uci -q get "${CONFIG}.${1}.${2}" 2>/dev/null) - echo "${ret:=$3}" -} - test_url() { local url=$1 local try=1 @@ -161,7 +145,7 @@ test_auto_switch() { start() { id=$1 - LOCK_FILE=${LOCK_FILE_DIR}/${CONFIG}_socks_auto_switch_${id}.lock + LOCK_FILE=${LOCK_PATH}/${CONFIG}_socks_auto_switch_${id}.lock LOG_EVENT_FILTER=$(uci -q get "${CONFIG}.global[0].log_event_filter" 2>/dev/null) LOG_EVENT_CMD=$(uci -q get "${CONFIG}.global[0].log_event_cmd" 2>/dev/null) main_node=$(config_n_get $id node) diff --git a/luci-app-passwall/root/usr/share/passwall/tasks.sh b/luci-app-passwall/root/usr/share/passwall/tasks.sh index 49760e9ff..3cfc5444f 100755 --- a/luci-app-passwall/root/usr/share/passwall/tasks.sh +++ b/luci-app-passwall/root/usr/share/passwall/tasks.sh @@ -2,23 +2,11 @@ ## 循环更新脚本 -CONFIG=passwall -APP_PATH=/usr/share/$CONFIG -TMP_PATH=/tmp/etc/$CONFIG -LOCK_FILE=/tmp/lock/${CONFIG}_tasks.lock +. /usr/share/passwall/utils.sh +LOCK_FILE=${LOCK_PATH}/${CONFIG}_tasks.lock + CFG_UPDATE_INT=0 -config_n_get() { - local ret=$(uci -q get "${CONFIG}.${1}.${2}" 2>/dev/null) - echo "${ret:=$3}" -} - -config_t_get() { - local index=${4:-0} - local ret=$(uci -q get "${CONFIG}.@${1}[${index}].${2}" 2>/dev/null) - echo "${ret:=${3}}" -} - exec 99>"$LOCK_FILE" flock -n 99 if [ "$?" != 0 ]; then diff --git a/luci-app-passwall/root/usr/share/passwall/test.sh b/luci-app-passwall/root/usr/share/passwall/test.sh index c589f8909..e7d0da229 100755 --- a/luci-app-passwall/root/usr/share/passwall/test.sh +++ b/luci-app-passwall/root/usr/share/passwall/test.sh @@ -1,18 +1,6 @@ #!/bin/sh -CONFIG=passwall - -config_n_get() { - local ret=$(uci -q get "${CONFIG}.${1}.${2}" 2>/dev/null) - echo "${ret:=$3}" -} - -config_t_get() { - local index=0 - [ -n "$4" ] && index=$4 - local ret=$(uci -q get $CONFIG.@$1[$index].$2 2>/dev/null) - echo ${ret:=$3} -} +. /usr/share/passwall/utils.sh test_url() { local url=$1 @@ -68,7 +56,7 @@ url_test_node() { [ -n "${_username}" ] && [ -n "${_password}" ] && curlx="socks5h://${_username}:${_password}@${_address}:${_port}" } else - local _tmp_port=$(/usr/share/${CONFIG}/app.sh get_new_port 61080 tcp) + local _tmp_port=$(get_new_port 61080 tcp) /usr/share/${CONFIG}/app.sh run_socks flag="url_test_${node_id}" node=${node_id} bind=127.0.0.1 socks_port=${_tmp_port} config_file=url_test_${node_id}.json local curlx="socks5h://127.0.0.1:${_tmp_port}" fi diff --git a/luci-app-passwall/root/usr/share/passwall/utils.sh b/luci-app-passwall/root/usr/share/passwall/utils.sh new file mode 100755 index 000000000..a11f5c5f0 --- /dev/null +++ b/luci-app-passwall/root/usr/share/passwall/utils.sh @@ -0,0 +1,317 @@ +#!/bin/sh +# Copyright (C) 2022-2025 xiaorouji +# Copyright (C) 2026 Openwrt-Passwall Organization + +CONFIG=passwall +APP_PATH=/usr/share/${CONFIG} +TMP_PATH=/tmp/etc/${CONFIG} +TMP_PATH2=${TMP_PATH}_tmp +LOCK_PATH=/tmp/lock +LOG_FILE=/tmp/log/${CONFIG}.log +TMP_ACL_PATH=${TMP_PATH}/acl +TMP_BIN_PATH=${TMP_PATH}/bin +TMP_IFACE_PATH=${TMP_PATH}/iface +TMP_ROUTE_PATH=${TMP_PATH}/route +TMP_SCRIPT_FUNC_PATH=${TMP_PATH}/script_func +RULES_PATH=/usr/share/${CONFIG}/rules + +echolog() { + local d="$(date "+%Y-%m-%d %H:%M:%S")" + echo -e "$d: $*" >>$LOG_FILE +} + +config_get_type() { + local ret=$(uci -q get "${CONFIG}.${1}" 2>/dev/null) + echo "${ret:=$2}" +} + +config_n_get() { + local ret=$(uci -q get "${CONFIG}.${1}.${2}" 2>/dev/null) + echo "${ret:=$3}" +} + +config_t_get() { + local index=${4:-0} + local ret=$(uci -q get "${CONFIG}.@${1}[${index}].${2}" 2>/dev/null) + echo "${ret:=${3}}" +} + +config_t_set() { + local index=${4:-0} + local ret=$(uci -q set "${CONFIG}.@${1}[${index}].${2}=${3}" 2>/dev/null) +} + +get_enabled_anonymous_secs() { + uci -q show "${CONFIG}" | grep "${1}\[.*\.enabled='1'" | cut -d '.' -sf2 +} + +get_host_ip() { + local host=$2 + local count=$3 + [ -z "$count" ] && count=3 + local isip="" + local ip=$host + if [ "$1" == "ipv6" ]; then + isip=$(echo $host | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") + if [ -n "$isip" ]; then + isip=$(echo $host | cut -d '[' -f2 | cut -d ']' -f1) + fi + else + isip=$(echo $host | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}") + fi + [ -z "$isip" ] && { + local t=4 + [ "$1" == "ipv6" ] && t=6 + local vpsrip=$(resolveip -$t -t $count $host | awk 'NR==1{print}') + ip=$vpsrip + } + echo $ip +} + +get_node_host_ip() { + local ip + local address=$(config_n_get $1 address) + [ -n "$address" ] && { + local use_ipv6=$(config_n_get $1 use_ipv6) + local network_type="ipv4" + [ "$use_ipv6" == "1" ] && network_type="ipv6" + ip=$(get_host_ip $network_type $address) + } + echo $ip +} + +get_ip_port_from() { + local __host=${1}; shift 1 + local __ipv=${1}; shift 1 + local __portv=${1}; shift 1 + local __ucipriority=${1}; shift 1 + + local val1 val2 + val2=$(echo "$__host" | sed -n ' + s/^[^#]*[#]\([0-9]*\)$/\1/p; t; + s/^\(\[[^]]*\]\)[:]\([0-9]*\)$/\2/p; t; + s/^.*[:#]\([0-9]*\)$/\1/p + ') + if [ -n "${__ucipriority}" ]; then + val2=$(config_n_get ${__host} port "${val2}") + val1=$(config_n_get ${__host} address "${__host%%${val2:+[:#]${val2}*}}") + else + val1="${__host%%${val2:+[:#]${val2}*}}" + fi + eval "${__ipv}=\"$val1\"; ${__portv}=\"$val2\"" +} + +host_from_url(){ + local f=${1} + + ## Remove protocol part of url ## + f="${f##http://}" + f="${f##https://}" + f="${f##ftp://}" + f="${f##sftp://}" + + ## Remove username and/or username:password part of URL ## + f="${f##*:*@}" + f="${f##*@}" + + ## Remove rest of urls ## + f="${f%%/*}" + echo "${f%%:*}" +} + +hosts_foreach() { + local __hosts + eval "__hosts=\$${1}"; shift 1 + local __func=${1}; shift 1 + local __default_port=${1}; shift 1 + local __ret=1 + + [ -z "${__hosts}" ] && return 0 + local __ip __port + for __host in $(echo $__hosts | sed 's/[ ,]/\n/g'); do + get_ip_port_from "$__host" "__ip" "__port" + eval "$__func \"${__host}\" \"\${__ip}\" \"\${__port:-${__default_port}}\" \"$@\"" + __ret=$? + [ ${__ret} -ge ${ERROR_NO_CATCH:-1} ] && return ${__ret} + done +} + +check_host() { + local f=${1} + a=$(echo $f | grep "\/") + [ -n "$a" ] && return 1 + # 判断是否包含汉字~ + local tmp=$(echo -n $f | awk '{print gensub(/[!-~]/,"","g",$0)}') + [ -n "$tmp" ] && return 1 + return 0 +} + +get_first_dns() { + local __hosts_val=${1}; shift 1 + __first() { + [ -z "${2}" ] && return 0 + echo "${2}#${3}" + return 1 + } + eval "hosts_foreach \"${__hosts_val}\" __first \"$@\"" +} + +get_last_dns() { + local __hosts_val=${1}; shift 1 + local __first __last + __every() { + [ -z "${2}" ] && return 0 + __last="${2}#${3}" + __first=${__first:-${__last}} + } + eval "hosts_foreach \"${__hosts_val}\" __every \"$@\"" + [ "${__first}" == "${__last}" ] || echo "${__last}" +} + +check_port_exists() { + local port=$1 + local protocol=$2 + [ -n "$protocol" ] || protocol="tcp,udp" + local result= + if [ "$protocol" = "tcp" ]; then + result=$(netstat -tln | grep -c ":$port ") + elif [ "$protocol" = "udp" ]; then + result=$(netstat -uln | grep -c ":$port ") + elif [ "$protocol" = "tcp,udp" ]; then + result=$(netstat -tuln | grep -c ":$port ") + fi + echo "${result}" +} + +get_new_port() { + local port=$1 + [ "$port" == "auto" ] && port=2082 + local protocol=$(echo $2 | tr 'A-Z' 'a-z') + local result=$(check_port_exists $port $protocol) + if [ "$result" != 0 ]; then + local temp= + if [ "$port" -lt 65535 ]; then + temp=$(expr $port + 1) + elif [ "$port" -gt 1 ]; then + temp=$(expr $port - 1) + fi + get_new_port $temp $protocol + else + echo $port + fi +} + +check_ver() { + local version1="$1" + local version2="$2" + local i v1 v1_1 v1_2 v1_3 v2 v2_1 v2_2 v2_3 + IFS='.'; set -- $version1; v1_1=${1:-0}; v1_2=${2:-0}; v1_3=${3:-0} + IFS='.'; set -- $version2; v2_1=${1:-0}; v2_2=${2:-0}; v2_3=${3:-0} + IFS= + for i in 1 2 3; do + eval v1=\$v1_$i + eval v2=\$v2_$i + if [ "$v1" -gt "$v2" ]; then + # $1 大于 $2 + echo 0 + return + elif [ "$v1" -lt "$v2" ]; then + # $1 小于 $2 + echo 1 + return + fi + done + # $1 等于 $2 + echo 255 +} + +eval_set_val() { + for i in $@; do + for j in $i; do + eval $j + done + done +} + +eval_unset_val() { + for i in $@; do + for j in $i; do + eval unset j + done + done +} + +lua_api() { + local func=${1} + [ -z "${func}" ] && { + echo "nil" + return + } + echo $(lua -e "local api = require 'luci.passwall.api' print(api.${func})") +} + +set_cache_var() { + local key="${1}" + shift 1 + local val="$@" + [ -n "${key}" ] && [ -n "${val}" ] && { + sed -i "/${key}=/d" $TMP_PATH/var >/dev/null 2>&1 + echo "${key}=\"${val}\"" >> $TMP_PATH/var + eval ${key}=\"${val}\" + } +} + +get_cache_var() { + local key="${1}" + [ -n "${key}" ] && [ -s "$TMP_PATH/var" ] && { + echo $(cat $TMP_PATH/var | grep "^${key}=" | awk -F '=' '{print $2}' | tail -n 1 | awk -F'"' '{print $2}') + } +} + +eval_cache_var() { + [ -s "$TMP_PATH/var" ] && eval $(cat "$TMP_PATH/var") +} + +has_1_65535() { + local val="$1" + val=${val//:/-} + case ",$val," in + *,1-65535,*) return 0 ;; + *) return 1 ;; + esac +} + +add_ip2route() { + local ip=$(get_host_ip "ipv4" $1) + [ -z "$ip" ] && { + echolog " - 无法解析[${1}],路由表添加失败!" + return 1 + } + local remarks="${1}" + [ "$remarks" != "$ip" ] && remarks="${1}(${ip})" + + . /lib/functions/network.sh + local gateway device + network_get_gateway gateway "$2" + network_get_device device "$2" + [ -z "${device}" ] && device="$2" + + if [ -n "${gateway}" ]; then + route add -host ${ip} gw ${gateway} dev ${device} >/dev/null 2>&1 + echo "$ip" >> $TMP_ROUTE_PATH/${device} + echolog " - [${remarks}]添加到接口[${device}]路由表成功!" + else + echolog " - [${remarks}]添加到接口[${device}]路由表失功!原因是找不到[${device}]网关。" + fi +} + +delete_ip2route() { + [ -d "${TMP_ROUTE_PATH}" ] && { + local interface + for interface in $(ls ${TMP_ROUTE_PATH}); do + for ip in $(cat ${TMP_ROUTE_PATH}/${interface}); do + route del -host ${ip} dev ${interface} >/dev/null 2>&1 + done + done + } +} diff --git a/luci-app-passwall2/root/usr/share/passwall2/utils.sh b/luci-app-passwall2/root/usr/share/passwall2/utils.sh index 841a879fb..c18c8de71 100755 --- a/luci-app-passwall2/root/usr/share/passwall2/utils.sh +++ b/luci-app-passwall2/root/usr/share/passwall2/utils.sh @@ -6,7 +6,7 @@ CONFIG=passwall2 APP_PATH=/usr/share/${CONFIG} TMP_PATH=/tmp/etc/${CONFIG} TMP_PATH2=${TMP_PATH}_tmp -LOCK_PATH=/tmp/lock/${CONFIG} +LOCK_PATH=/tmp/lock LOG_FILE=/tmp/log/${CONFIG}.log TMP_ACL_PATH=${TMP_PATH}/acl TMP_BIN_PATH=${TMP_PATH}/bin diff --git a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/status.lua b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/status.lua index 2598c5093..639486a92 100644 --- a/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/status.lua +++ b/luci-app-ssr-plus/luasrc/model/cbi/shadowsocksr/status.lua @@ -60,9 +60,15 @@ if Process_list:find("udp.only.ssr.reudp") then reudp_run = 1 end +--[[ if Process_list:find("tcp.udp.dual.ssr.retcp") then redir_run = 1 end +]]-- + +if Process_list:find("tcp.only.ssr.retcp") then + redir_run = 1 +end if Process_list:find("tcp.udp.ssr.local") then sock5_run = 1 @@ -73,19 +79,23 @@ if Process_list:find("tcp.udp.ssr.retcp") then reudp_run = 1 end +--[[ if Process_list:find("nft.ssr.retcp") then redir_run = 1 end +]]-- if Process_list:find("local.ssr.retcp") then redir_run = 1 sock5_run = 1 end +--[[ if Process_list:find("local.nft.ssr.retcp") then redir_run = 1 sock5_run = 1 end +]]-- if Process_list:find("local.udp.ssr.retcp") then reudp_run = 1 diff --git a/luci-app-ssr-plus/root/etc/init.d/shadowsocksr b/luci-app-ssr-plus/root/etc/init.d/shadowsocksr index 3c43d7f56..740888fab 100755 --- a/luci-app-ssr-plus/root/etc/init.d/shadowsocksr +++ b/luci-app-ssr-plus/root/etc/init.d/shadowsocksr @@ -1040,15 +1040,16 @@ Start_Run() { if [ "$_local" == "1" ]; then local socks_port=$(uci_get_by_type socks5_proxy local_port) tcp_config_file=$TMP_PATH/local-ssr-retcp.json - [ "$mode" == "tcp,udp" ] && { - if command -v nft >/dev/null 2>&1; then - # nftables / fw4 - tcp_config_file=$TMP_PATH/local-nft-ssr-retcp.json - else - # iptables / fw3 - tcp_config_file=$TMP_PATH/local-udp-ssr-retcp.json - fi - } + [ "$mode" == "tcp,udp" ] && tcp_config_file=$TMP_PATH/local-udp-ssr-retcp.json + #[ "$mode" == "tcp,udp" ] && { + # if command -v nft >/dev/null 2>&1; then + # # nftables / fw4 + # tcp_config_file=$TMP_PATH/local-nft-ssr-retcp.json + # else + # # iptables / fw3 + # tcp_config_file=$TMP_PATH/local-udp-ssr-retcp.json + # fi + #} fi local tcp_port=$(uci_get_by_name $GLOBAL_SERVER local_port) local type=$(uci_get_by_name $GLOBAL_SERVER type) @@ -1181,10 +1182,12 @@ load_config() { # 没有开启 设置为 nil SHUNT_SERVER=nil fi - tcp_config_file=$TMP_PATH/tcp-udp-dual-ssr-retcp.json + #tcp_config_file=$TMP_PATH/tcp-udp-dual-ssr-retcp.json + tcp_config_file=$TMP_PATH/tcp-only-ssr-retcp.json case "$UDP_RELAY_SERVER" in nil) - mode="tcp,udp" + #mode="tcp,udp" + mode="tcp" ARG_UDP="" udp_config_file="" ;; @@ -1199,7 +1202,8 @@ load_config() { udp_config_file=$TMP_PATH/udp-only-ssr-reudp.json ARG_UDP="-U" start_udp - mode="tcp,udp" + #mode="tcp,udp" + mode="tcp" ;; esac case "$LOCAL_SERVER" in diff --git a/luci-app-ssr-plus/root/usr/bin/ssr-rules b/luci-app-ssr-plus/root/usr/bin/ssr-rules index 89153b5a0..f5e924e2f 100755 --- a/luci-app-ssr-plus/root/usr/bin/ssr-rules +++ b/luci-app-ssr-plus/root/usr/bin/ssr-rules @@ -291,7 +291,7 @@ flush_iptables_legacy() { flush_iptables mangle ip rule del fwmark 0x01/0x01 table 100 2>/dev/null ip route del local 0.0.0.0/0 dev lo table 100 2>/dev/null - for setname in ss_spec_lan_ac ss_spec_wan_ac ss_spec_wan_ac_tcp ss_spec_wan_ac_udp ssr_gen_router \ + for setname in ss_spec_lan_ac ss_spec_lan_ac_udp ss_spec_wan_ac ss_spec_wan_ac_tcp ss_spec_wan_ac_udp ssr_gen_router \ china fplan bplan gmlan oversea whitelist blacklist netflix; do ipset -X $setname 2>/dev/null done @@ -886,6 +886,7 @@ ac_rule_nft() { } ac_rule_iptables() { + local MATCH_SET="" if [ -n "$LAN_AC_IP" ]; then case "${LAN_AC_IP%${LAN_AC_IP#?}}" in w | W) @@ -1147,21 +1148,30 @@ tp_rule_iptables() { fi $ipt -N SS_SPEC_TPROXY 2>/dev/null $ipt -F SS_SPEC_TPROXY + $ipt -N PREROUTING_UDP 2>/dev/null + $ipt -F PREROUTING_UDP + $ipt -A SS_SPEC_TPROXY -p udp --dport 53 -j RETURN - # 添加排除 LAN_AC_IP 规则 + local MATCH_SET_UDP="" if [ -n "$LAN_AC_IP" ]; then case "${LAN_AC_IP%${LAN_AC_IP#?}}" in w | W) - # 白名单模式:集合中的IP跳过透明代理 - $ipt -A SS_SPEC_TPROXY -m set --match-set ss_spec_lan_ac src -j RETURN + MATCH_SET_UDP="-m set --match-set ss_spec_lan_ac_udp src" ;; b | B) - # 黑名单模式:集合中的IP走透明代理,其他IP跳过 - $ipt -A SS_SPEC_TPROXY -m set ! --match-set ss_spec_lan_ac src -j RETURN + MATCH_SET_UDP="-m set ! --match-set ss_spec_lan_ac_udp src" + ;; + *) + loger 3 "Bad argument \`-a $LAN_AC_IP\`." + return 2 ;; esac fi + ipset -! -R <<-EOF || return 1 + create ss_spec_lan_ac_udp hash:net + $(for ip in ${LAN_AC_IP#?}; do echo "add ss_spec_lan_ac_udp $ip"; done) + EOF for net in \ 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \ @@ -1206,12 +1216,12 @@ tp_rule_iptables() { ;; esac if [ -z "$Interface" ]; then - $ipt -I PREROUTING 1 -p udp $EXT_ARGS $MATCH_SET -m comment --comment "$TAG" -j SS_SPEC_TPROXY + $ipt -I PREROUTING_UDP 1 -p udp $EXT_ARGS $MATCH_SET_UDP -m comment --comment "$TAG" -j SS_SPEC_TPROXY else for name in $Interface; do local IFNAME=$(uci -P /var/state get network."$name".ifname 2>/dev/null) [ -z "$IFNAME" ] && IFNAME=$(uci -P /var/state get network."$name".device 2>/dev/null) - [ -n "$IFNAME" ] && $ipt -I PREROUTING 1 ${IFNAME:+-i $IFNAME} -p udp $EXT_ARGS $MATCH_SET -m comment --comment "$TAG" -j SS_SPEC_TPROXY + [ -n "$IFNAME" ] && $ipt -I PREROUTING_UDP 1 ${IFNAME:+-i $IFNAME} -p udp $EXT_ARGS $MATCH_SET_UDP -m comment --comment "$TAG" -j SS_SPEC_TPROXY done fi return $? diff --git a/openwrt-fastfetch/Makefile b/openwrt-fastfetch/Makefile index dcb123081..31b71cc03 100644 --- a/openwrt-fastfetch/Makefile +++ b/openwrt-fastfetch/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fastfetch -PKG_VERSION:=2.56.1 +PKG_VERSION:=2.57.1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/fastfetch-cli/fastfetch/tar.gz/$(PKG_VERSION)? -PKG_HASH:=6ffd75c32b2a885fd8497867645ac837ed37d588c94e0df05408cdaa0c8fd2c7 +PKG_HASH:=ab09e4954d99377b5ba15d74cb2d7c9efb82af12788b3a009c40c804371af588 PKG_MAINTAINER:=Anya Lin PKG_LICENSE:=MIT