From 32f4bb1b24dde28f212125f29b09d6058de90faf Mon Sep 17 00:00:00 2001 From: actions-user Date: Fri, 22 Aug 2025 09:19:55 +0800 Subject: [PATCH] update 2025-08-22 09:19:55 --- chinadns-ng/Makefile | 24 +++++----- .../luci-static/resources/tools/nikki.js | 9 +++- .../passwall/client/node_subscribe_config.lua | 6 +-- .../cbi/passwall/client/type/hysteria2.lua | 8 ++-- .../model/cbi/passwall/client/type/ray.lua | 13 +++++- .../cbi/passwall/client/type/sing-box.lua | 40 +++++++++++------ .../luasrc/passwall/util_sing-box.lua | 12 ++++- .../luasrc/passwall/util_xray.lua | 3 +- .../passwall/node_list/link_share_man.htm | 24 ++++------ luci-app-passwall/po/zh-cn/passwall.po | 6 +++ .../root/usr/share/passwall/app.sh | 24 ++++++---- .../root/usr/share/passwall/iptables.sh | 12 ++--- .../root/usr/share/passwall/nftables.sh | 12 ++--- .../root/usr/share/passwall/subscribe.lua | 7 ++- naiveproxy/Makefile | 44 +++++++++---------- nikki/files/nikki.conf | 2 + sing-box/Makefile | 4 +- 17 files changed, 149 insertions(+), 101 deletions(-) diff --git a/chinadns-ng/Makefile b/chinadns-ng/Makefile index 7140196..26b32ce 100644 --- a/chinadns-ng/Makefile +++ b/chinadns-ng/Makefile @@ -1,50 +1,50 @@ include $(TOPDIR)/rules.mk PKG_NAME:=chinadns-ng -PKG_VERSION:=2025.06.20 +PKG_VERSION:=2025.08.09 PKG_RELEASE:=1 ifeq ($(ARCH),aarch64) ifeq ($(BOARD),rockchip) PKG_ARCH:=chinadns-ng+wolfssl@aarch64-linux-musl@generic+v8a@fast+lto - PKG_HASH:=224494b4505ac8dd347a70b298b853b677c0e247887d6edcf46b08bb153de017 + PKG_HASH:=3fe0217615dd7060b7287d2b6b31d2a0b364137398bfb335a03bead322eac716 else PKG_ARCH:=chinadns-ng+wolfssl_noasm@aarch64-linux-musl@generic+v8a@fast+lto - PKG_HASH:=7639fae8e77ea36e377352179acb19e2fdf9010c2c373a9e02f03f637e99140c + PKG_HASH:=42ddd494200ec6d88b35902927688d316bc23e06e6c08d9e01eb2412196ab845 endif else ifeq ($(ARCH),arm) ifeq ($(CONFIG_arm_v6),y) PKG_ARCH:=chinadns-ng+wolfssl@arm-linux-musleabi@generic+v6+soft_float@fast+lto - PKG_HASH:=00fe09cf6309377a4bc90f3a5b909c5266c63181cc268912b4e32f92f58ec6cd + PKG_HASH:=0a401d1dc11129481b2baf86f847d55d66bd7e725cba4bf57875fdad27ef0052 else ifeq ($(CONFIG_arm_v7),y) ifeq ($(CONFIG_HAS_FPU),y) PKG_ARCH:=chinadns-ng+wolfssl@arm-linux-musleabihf@generic+v7a@fast+lto - PKG_HASH:=1acd9129d7efd99bf9952ac6dd932e10108fb27a2a059f03e80bf520300b3741 + PKG_HASH:=dfa1f6ba80fb0925613822f4c4e00df8da68e7b8b772048d26a0d1a9d07d346b else PKG_ARCH:=chinadns-ng+wolfssl@arm-linux-musleabi@generic+v6+soft_float@fast+lto - PKG_HASH:=00fe09cf6309377a4bc90f3a5b909c5266c63181cc268912b4e32f92f58ec6cd + PKG_HASH:=0a401d1dc11129481b2baf86f847d55d66bd7e725cba4bf57875fdad27ef0052 endif else PKG_ARCH:=chinadns-ng+wolfssl@arm-linux-musleabi@generic+v5te+soft_float@fast+lto - PKG_HASH:=01b5209a662824bd1c7586dccd95c9999e703cbb4704c623211e09c98becdce4 + PKG_HASH:=dc104953fcd95c1c98b7b2b54b0b6731565e0650f81230e6de127a486803f42f endif else ifeq ($(ARCH),mips) PKG_ARCH:=chinadns-ng+wolfssl@mips-linux-musl@mips32+soft_float@fast+lto - PKG_HASH:=fa468c04e58b47d7f6bb893ed6bdc41f9929d5a2e500c768e82e0f4a459b047c + PKG_HASH:=b610821a8f61b0ed3c8c7e82e10d401348a9de17f900988589024a37c4099c8e else ifeq ($(ARCH),mipsel) ifeq ($(CONFIG_HAS_FPU),) PKG_ARCH:=chinadns-ng+wolfssl@mipsel-linux-musl@mips32+soft_float@fast+lto - PKG_HASH:=294917a5009a315cf5ad04cdda8f66714c60c928e2186a6846323e04aa4a798f + PKG_HASH:=760544a88724e3b1b9eac79c9400231e81aa8786f8f00a979229e175811ffe6d else PKG_ARCH:=chinadns-ng+wolfssl@mipsel-linux-musl@mips32@fast+lto - PKG_HASH:=23c40248c3aa301a26c37cdb66e2141d2d73d4f0c5c03c066324263510d959ac + PKG_HASH:=ec547c31a884e0967437ceb90a5c270864efe81b0e40939e0ec2810c7bfd6653 endif else ifeq ($(ARCH),mips64) PKG_ARCH:=chinadns-ng+wolfssl@mips64-linux-musl@mips64+soft_float@fast+lto - PKG_HASH:=f65bf9e495384afaf8aadd35395a2b9cdb2eedecb2602a0c522039dc4707350d + PKG_HASH:=2d0fce18a7ef1d74fdc12738767e66998a52c2b30d8790da760933853fe8726e else ifeq ($(ARCH),mips64el) PKG_ARCH:=chinadns-ng+wolfssl@mips64el-linux-musl@mips64+soft_float@fast+lto - PKG_HASH:=44bd1a96d5a0ce02b8c5c5d941339958af2bf2d1c5e5d90ed87214ac0d900543 + PKG_HASH:=a301d8d200d06582c60bbe0e487a28f5b41e6f0997a548cf882a7b078dab089c else ifeq ($(ARCH),i386) ifneq ($(CONFIG_TARGET_x86_geode)$(CONFIG_TARGET_x86_legacy),) PKG_ARCH:=chinadns-ng+wolfssl@i386-linux-musl@i686@fast+lto diff --git a/luci-app-nikki/htdocs/luci-static/resources/tools/nikki.js b/luci-app-nikki/htdocs/luci-static/resources/tools/nikki.js index 57d8e39..9e5ea4d 100644 --- a/luci-app-nikki/htdocs/luci-static/resources/tools/nikki.js +++ b/luci-app-nikki/htdocs/luci-static/resources/tools/nikki.js @@ -107,6 +107,9 @@ return baseclass.extend({ const profile = await callNikkiProfile({ 'external-controller': null, 'secret': null }); const apiListen = profile['external-controller']; const apiSecret = profile['secret'] ?? ''; + if (!apiListen) { + return Promise.reject('API has not been configured'); + } const apiPort = apiListen.substring(apiListen.lastIndexOf(':') + 1); const url = `http://${window.location.hostname}:${apiPort}${path}`; return request.request(url, { @@ -114,7 +117,7 @@ return baseclass.extend({ headers: { 'Authorization': `Bearer ${apiSecret}` }, query: query, content: body - }) + }); }, openDashboard: async function () { @@ -122,6 +125,9 @@ return baseclass.extend({ const uiName = profile['external-ui-name']; const apiListen = profile['external-controller']; const apiSecret = profile['secret'] ?? ''; + if (!apiListen) { + return Promise.reject('API has not been configured'); + } const apiPort = apiListen.substring(apiListen.lastIndexOf(':') + 1); const params = { host: window.location.hostname, @@ -137,6 +143,7 @@ return baseclass.extend({ url = `http://${window.location.hostname}:${apiPort}/ui/?${query}`; } setTimeout(function () { window.open(url, '_blank') }, 0); + return Promise.resolve(); }, updateDashboard: function () { diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/node_subscribe_config.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/node_subscribe_config.lua index 67e8456..c4c57a3 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/node_subscribe_config.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/node_subscribe_config.lua @@ -203,11 +203,11 @@ o:value("direct", translate("Direct Connection")) o:value("proxy", translate("Proxy")) o = s:option(Value, "user_agent", translate("User-Agent")) -o.default = "v2rayN/9.99" +o.default = "passwall" +o:value("passwall", "PassWall") +o:value("v2rayN/9.99", "v2rayN") o:value("curl", "Curl") o:value("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0", "Edge for Linux") o:value("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 Edg/122.0.0.0", "Edge for Windows") -o:value("Passwall/OpenWrt", "PassWall") -o:value("v2rayN/9.99", "v2rayN") return m diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/type/hysteria2.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/type/hysteria2.lua index d8a2236..bdda6e5 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/type/hysteria2.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/type/hysteria2.lua @@ -30,6 +30,11 @@ o = s:option(Value, _n("hop"), translate("Port hopping range")) o.description = translate("Format as 1000:2000 or 1000-2000 Multiple groups are separated by commas (,).") o.rewrite_option = o.option +o = s:option(Value, _n("hop_interval"), translate("Hop Interval"), translate("Example:") .. "30s (≥5s)") +o.placeholder = "30s" +o.default = "30s" +o.rewrite_option = o.option + o = s:option(Value, _n("obfs"), translate("Obfs Password")) o.rewrite_option = o.option @@ -54,9 +59,6 @@ o.rewrite_option = o.option o = s:option(Value, _n("down_mbps"), translate("Max download Mbps")) o.rewrite_option = o.option -o = s:option(Value, _n("hop_interval"), translate("Hop Interval"), translate("Example:") .. "30s (≥5s)") -o.rewrite_option = o.option - o = s:option(Value, _n("recv_window"), translate("QUIC stream receive window")) o.rewrite_option = o.option diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/type/ray.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/type/ray.lua index 7e53d2d..2834eda 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/type/ray.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/type/ray.lua @@ -58,7 +58,8 @@ for k, e in ipairs(api.get_valid_nodes()) do nodes_table[#nodes_table + 1] = { id = e[".name"], remark = e["remark"], - type = e["type"] + type = e["type"], + chain_proxy = e["chain_proxy"] } end if e.protocol == "_balancing" then @@ -331,6 +332,7 @@ o.default = "" o:value("", translate("Disable")) o:value("xtls-rprx-vision") o:depends({ [_n("protocol")] = "vless", [_n("tls")] = true, [_n("transport")] = "raw" }) +o:depends({ [_n("protocol")] = "trojan", [_n("tls")] = true, [_n("transport")] = "raw" }) o = s:option(Flag, _n("tls"), translate("TLS")) o.default = 0 @@ -386,6 +388,13 @@ o.validate = function(self, value) return api.trim(value:gsub("[\r\n]", "")) end +o = s:option(ListValue, _n("ech_ForceQuery"), translate("ECH Query Policy"), translate("Controls the policy used when performing DNS queries for ECH configuration.")) +o.default = "none" +o:value("none") +o:value("half") +o:value("full") +o:depends({ [_n("ech")] = true }) + -- [[ REALITY部分 ]] -- o = s:option(Value, _n("reality_publicKey"), translate("Public Key")) o:depends({ [_n("tls")] = true, [_n("reality")] = true }) @@ -688,7 +697,7 @@ o = s:option(ListValue, _n("to_node"), translate("Landing Node"), translate("Onl o:depends({ [_n("chain_proxy")] = "2" }) for k, v in pairs(nodes_table) do - if v.type == "Xray" and v.id ~= arg[1] then + if v.type == "Xray" and v.id ~= arg[1] and (not v.chain_proxy or v.chain_proxy == "") then s.fields[_n("preproxy_node")]:value(v.id, v.remark) s.fields[_n("to_node")]:value(v.id, v.remark) end diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/type/sing-box.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/type/sing-box.lua index eed90f6..86d9be4 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/type/sing-box.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/type/sing-box.lua @@ -75,7 +75,8 @@ for k, e in ipairs(api.get_valid_nodes()) do nodes_table[#nodes_table + 1] = { id = e[".name"], remark = e["remark"], - type = e["type"] + type = e["type"], + chain_proxy = e["chain_proxy"] } end if e.protocol == "_iface" then @@ -296,12 +297,18 @@ o.default = "" o:value("", translate("Disable")) o:value("xtls-rprx-vision") o:depends({ [_n("protocol")] = "vless", [_n("tls")] = true }) +o:depends({ [_n("protocol")] = "trojan", [_n("tls")] = true }) if singbox_tags:find("with_quic") then o = s:option(Value, _n("hysteria_hop"), translate("Port hopping range")) o.description = translate("Format as 1000:2000 or 1000-2000 Multiple groups are separated by commas (,).") o:depends({ [_n("protocol")] = "hysteria" }) + o = s:option(Value, _n("hysteria_hop_interval"), translate("Hop Interval"), translate("Example:") .. "30s (≥5s)") + o.placeholder = "30s" + o.default = "30s" + o:depends({ [_n("protocol")] = "hysteria" }) + o = s:option(Value, _n("hysteria_obfs"), translate("Obfs Password")) o:depends({ [_n("protocol")] = "hysteria" }) @@ -382,6 +389,11 @@ if singbox_tags:find("with_quic") then o.description = translate("Format as 1000:2000 or 1000-2000 Multiple groups are separated by commas (,).") o:depends({ [_n("protocol")] = "hysteria2" }) + o = s:option(Value, _n("hysteria2_hop_interval"), translate("Hop Interval"), translate("Example:") .. "30s (≥5s)") + o.placeholder = "30s" + o.default = "30s" + o:depends({ [_n("protocol")] = "hysteria2" }) + o = s:option(Value, _n("hysteria2_up_mbps"), translate("Max upload Mbps")) o:depends({ [_n("protocol")] = "hysteria2" }) @@ -475,30 +487,30 @@ if singbox_tags:find("with_utls") then o:value("firefox") o:value("edge") o:value("safari") - -- o:value("360") + o:value("360") o:value("qq") o:value("ios") - -- o:value("android") + o:value("android") o:value("random") - -- o:value("randomized") + o:value("randomized") o.default = "chrome" - o:depends({ [_n("tls")] = true, [_n("utls")] = true }) + o:depends({ [_n("utls")] = true }) -- [[ REALITY部分 ]] -- o = s:option(Flag, _n("reality"), translate("REALITY")) o.default = 0 - o:depends({ [_n("protocol")] = "vless", [_n("utls")] = true }) - o:depends({ [_n("protocol")] = "vmess", [_n("utls")] = true }) - o:depends({ [_n("protocol")] = "shadowsocks", [_n("utls")] = true }) - o:depends({ [_n("protocol")] = "socks", [_n("utls")] = true }) - o:depends({ [_n("protocol")] = "trojan", [_n("utls")] = true }) - o:depends({ [_n("protocol")] = "anytls", [_n("utls")] = true }) + o:depends({ [_n("protocol")] = "vless", [_n("tls")] = true }) + o:depends({ [_n("protocol")] = "vmess", [_n("tls")] = true }) + o:depends({ [_n("protocol")] = "shadowsocks", [_n("tls")] = true }) + o:depends({ [_n("protocol")] = "socks", [_n("tls")] = true }) + o:depends({ [_n("protocol")] = "trojan", [_n("tls")] = true }) + o:depends({ [_n("protocol")] = "anytls", [_n("tls")] = true }) o = s:option(Value, _n("reality_publicKey"), translate("Public Key")) - o:depends({ [_n("utls")] = true, [_n("reality")] = true }) + o:depends({ [_n("reality")] = true }) o = s:option(Value, _n("reality_shortId"), translate("Short Id")) - o:depends({ [_n("utls")] = true, [_n("reality")] = true }) + o:depends({ [_n("reality")] = true }) end o = s:option(ListValue, _n("transport"), translate("Transport")) @@ -742,7 +754,7 @@ o = s:option(ListValue, _n("to_node"), translate("Landing Node"), translate("Onl o:depends({ [_n("chain_proxy")] = "2" }) for k, v in pairs(nodes_table) do - if v.type == "sing-box" and v.id ~= arg[1] then + if v.type == "sing-box" and v.id ~= arg[1] and (not v.chain_proxy or v.chain_proxy == "") then s.fields[_n("preproxy_node")]:value(v.id, v.remark) s.fields[_n("to_node")]:value(v.id, v.remark) end diff --git a/luci-app-passwall/luasrc/passwall/util_sing-box.lua b/luci-app-passwall/luasrc/passwall/util_sing-box.lua index 8e8f988..f19e023 100644 --- a/luci-app-passwall/luasrc/passwall/util_sing-box.lua +++ b/luci-app-passwall/luasrc/passwall/util_sing-box.lua @@ -366,7 +366,11 @@ function gen_outbound(flag, node, tag, proxy_table) end protocol_table = { server_ports = next(server_ports) and server_ports or nil, - hop_interval = next(server_ports) and "30s" or nil, + hop_interval = (function() + if not next(server_ports) then return nil end + local v = tonumber((node.hysteria_hop_interval or "30s"):match("^%d+")) + return (v and v >= 5) and (v .. "s") or "30s" + end)(), up_mbps = tonumber(node.hysteria_up_mbps), down_mbps = tonumber(node.hysteria_down_mbps), obfs = node.hysteria_obfs, @@ -438,7 +442,11 @@ function gen_outbound(flag, node, tag, proxy_table) end protocol_table = { server_ports = next(server_ports) and server_ports or nil, - hop_interval = next(server_ports) and "30s" or nil, + hop_interval = (function() + if not next(server_ports) then return nil end + local v = tonumber((node.hysteria2_hop_interval or "30s"):match("^%d+")) + return (v and v >= 5) and (v .. "s") or "30s" + end)(), up_mbps = (node.hysteria2_up_mbps and tonumber(node.hysteria2_up_mbps)) and tonumber(node.hysteria2_up_mbps) or nil, down_mbps = (node.hysteria2_down_mbps and tonumber(node.hysteria2_down_mbps)) and tonumber(node.hysteria2_down_mbps) or nil, obfs = { diff --git a/luci-app-passwall/luasrc/passwall/util_xray.lua b/luci-app-passwall/luasrc/passwall/util_xray.lua index 2fba587..7152ad0 100644 --- a/luci-app-passwall/luasrc/passwall/util_xray.lua +++ b/luci-app-passwall/luasrc/passwall/util_xray.lua @@ -158,7 +158,8 @@ function gen_outbound(flag, node, tag, proxy_table) serverName = node.tls_serverName, allowInsecure = (node.tls_allowInsecure == "1") and true or false, fingerprint = (node.type == "Xray" and node.utls == "1" and node.fingerprint and node.fingerprint ~= "") and node.fingerprint or nil, - echConfigList = (node.ech == "1") and node.ech_config or nil + echConfigList = (node.ech == "1") and node.ech_config or nil, + echForceQuery = (node.ech == "1") and (node.ech_ForceQuery or "none") or nil } or nil, realitySettings = (node.stream_security == "reality") and { serverName = node.tls_serverName, diff --git a/luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm b/luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm index 586c40d..373372c 100644 --- a/luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm +++ b/luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm @@ -288,10 +288,6 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin params += opt.query("spx", dom_prefix + "reality_spiderX"); params += opt.query("pqv", dom_prefix + "reality_mldsa65Verify"); } - if (opt.get(dom_prefix + "flow") && opt.get(dom_prefix + "flow").value) { - let v_flow = opt.get(dom_prefix + "flow").value; - params += "&flow=" + v_flow; - } params += "&security=" + v_security; params += opt.query("alpn", dom_prefix + "alpn"); params += opt.query("sni", dom_prefix + "tls_serverName"); @@ -964,11 +960,10 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin if (queryParam.security == "tls") { opt.set(dom_prefix + 'tls', true); opt.set(dom_prefix + 'reality', false); - opt.set(dom_prefix + 'flow', queryParam.flow || ''); opt.set(dom_prefix + 'alpn', queryParam.alpn || 'default'); opt.set(dom_prefix + 'tls_serverName', queryParam.sni || ''); opt.set(dom_prefix + 'tls_allowInsecure', true); - if (queryParam.allowinsecure === '0' || queryParam.insecure === '0') { + if ((queryParam.allowinsecure ?? '0') === '0' && (queryParam.insecure ?? '0') === '0') { opt.set(dom_prefix + 'tls_allowInsecure', false); } if (queryParam.fp && queryParam.fp.trim() != "") { @@ -982,7 +977,6 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin if (queryParam.security == "reality") { opt.set(dom_prefix + 'tls', true); opt.set(dom_prefix + 'reality', true); - opt.set(dom_prefix + 'flow', queryParam.flow || ''); opt.set(dom_prefix + 'alpn', queryParam.alpn || 'default'); opt.set(dom_prefix + 'tls_serverName', queryParam.sni || ''); if (queryParam.fp && queryParam.fp.trim() != "") { @@ -1211,9 +1205,11 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin } tls_serverName = tls_serverName || ""; opt.set(dom_prefix + 'tls_serverName', tls_serverName); + opt.set(dom_prefix + 'flow', (queryParam.flow || '').replace('-udp443', '')); + opt.set(dom_prefix + 'alpn', queryParam.alpn || 'default'); } opt.set(dom_prefix + 'tls_allowInsecure', true); - if (queryParam.allowinsecure === '0' || queryParam.insecure === '0') { + if ((queryParam.allowinsecure ?? '0') === '0' && (queryParam.insecure ?? '0') === '0') { opt.set(dom_prefix + 'tls_allowInsecure', false); } @@ -1347,11 +1343,11 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin if (queryParam.security == "tls") { opt.set(dom_prefix + 'tls', true); opt.set(dom_prefix + 'reality', false); - opt.set(dom_prefix + 'flow', queryParam.flow || ''); + opt.set(dom_prefix + 'flow', (queryParam.flow || '').replace('-udp443', '')); opt.set(dom_prefix + 'alpn', queryParam.alpn || 'default'); opt.set(dom_prefix + 'tls_serverName', queryParam.sni || ''); opt.set(dom_prefix + 'tls_allowInsecure', true); - if (queryParam.allowinsecure === '0' || queryParam.insecure === '0') { + if ((queryParam.allowinsecure ?? '0') === '0' && (queryParam.insecure ?? '0') === '0') { opt.set(dom_prefix + 'tls_allowInsecure', false); } if (queryParam.fp && queryParam.fp.trim() != "") { @@ -1365,7 +1361,7 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin if (queryParam.security == "reality") { opt.set(dom_prefix + 'tls', true); opt.set(dom_prefix + 'reality', true); - opt.set(dom_prefix + 'flow', queryParam.flow || ''); + opt.set(dom_prefix + 'flow', (queryParam.flow || '').replace('-udp443', '')); opt.set(dom_prefix + 'alpn', queryParam.alpn || 'default'); opt.set(dom_prefix + 'tls_serverName', queryParam.sni || ''); if (queryParam.fp && queryParam.fp.trim() != "") { @@ -1547,7 +1543,7 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin opt.set(dom_prefix + 'tuic_alpn', queryParam.alpn || 'default'); opt.set(dom_prefix + 'tls_serverName', queryParam.sni || ''); opt.set(dom_prefix + 'tls_allowInsecure', true); - if (queryParam.allowinsecure === '0' || queryParam.insecure === '0') { + if ((queryParam.allowinsecure ?? '0') === '0' && (queryParam.insecure ?? '0') === '0') { opt.set(dom_prefix + 'tls_allowInsecure', false); } if (hash) { @@ -1587,11 +1583,10 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin if (queryParam.security == "tls") { opt.set(dom_prefix + 'tls', true); opt.set(dom_prefix + 'reality', false); - opt.set(dom_prefix + 'flow', queryParam.flow || ''); opt.set(dom_prefix + 'alpn', queryParam.alpn || 'default'); opt.set(dom_prefix + 'tls_serverName', queryParam.sni || ''); opt.set(dom_prefix + 'tls_allowInsecure', true); - if (queryParam.allowinsecure === '0' || queryParam.insecure === '0') { + if ((queryParam.allowinsecure ?? '0') === '0' && (queryParam.insecure ?? '0') === '0') { opt.set(dom_prefix + 'tls_allowInsecure', false); } if (queryParam.fp && queryParam.fp.trim() != "") { @@ -1602,7 +1597,6 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin if (queryParam.security == "reality") { opt.set(dom_prefix + 'tls', true); opt.set(dom_prefix + 'reality', true); - opt.set(dom_prefix + 'flow', queryParam.flow || ''); opt.set(dom_prefix + 'alpn', queryParam.alpn || 'default'); opt.set(dom_prefix + 'tls_serverName', queryParam.sni || ''); if (queryParam.fp && queryParam.fp.trim() != "") { diff --git a/luci-app-passwall/po/zh-cn/passwall.po b/luci-app-passwall/po/zh-cn/passwall.po index 67ebf43..3c2e153 100644 --- a/luci-app-passwall/po/zh-cn/passwall.po +++ b/luci-app-passwall/po/zh-cn/passwall.po @@ -1726,6 +1726,12 @@ msgstr "ECH 配置" msgid "ECH Key" msgstr "ECH 密钥" +msgid "ECH Query Policy" +msgstr "ECH 查询策略" + +msgid "Controls the policy used when performing DNS queries for ECH configuration." +msgstr "控制使用 DNS 查询 ECH 配置时的策略。" + msgid "Enable Multipath TCP, need to be enabled in both server and client configuration." msgstr "启用 Multipath TCP,需在服务端和客户端配置中同时启用。" diff --git a/luci-app-passwall/root/usr/share/passwall/app.sh b/luci-app-passwall/root/usr/share/passwall/app.sh index 2c32061..110b3e7 100755 --- a/luci-app-passwall/root/usr/share/passwall/app.sh +++ b/luci-app-passwall/root/usr/share/passwall/app.sh @@ -389,6 +389,15 @@ eval_cache_var() { [ -s "$TMP_PATH/var" ] && eval $(cat "$TMP_PATH/var") } +has_1_65535() { + local val="$1" + val=${val//:/-} + case ",$val," in + *,1-65535,*) return 0 ;; + *) return 1 ;; + esac +} + run_ipt2socks() { local flag proto tcp_tproxy local_port socks_address socks_port socks_username socks_password log_file local _extra_param="" @@ -1798,11 +1807,10 @@ acl_app() { dnsmasq_port=${GLOBAL_DNSMASQ_PORT:-11400} chinadns_port=11500 for item in $items; do - sid=$(uci -q show "${CONFIG}.${item}" | grep "=acl_rule" | awk -F '=' '{print $1}' | awk -F '.' '{print $2}') + local sid=$(uci -q show "${CONFIG}.${item}" | grep "=acl_rule" | awk -F '=' '{print $1}' | awk -F '.' '{print $2}') + [ "$(config_n_get $sid enabled)" = "1" ] || continue eval $(uci -q show "${CONFIG}.${item}" | cut -d'.' -sf 3-) - [ "$enabled" = "1" ] || continue - if [ -n "${sources}" ]; then for s in $sources; do local s2 @@ -1837,7 +1845,7 @@ acl_app() { } tcp_no_redir_ports=${tcp_no_redir_ports:-${TCP_NO_REDIR_PORTS}} udp_no_redir_ports=${udp_no_redir_ports:-${UDP_NO_REDIR_PORTS}} - if [ "$tcp_no_redir_ports" == "1:65535" ] && [ "$udp_no_redir_ports" == "1:65535" ]; then + if has_1_65535 "$tcp_no_redir_ports" && has_1_65535 "$udp_no_redir_ports"; then unset use_global_config unset tcp_node unset udp_node @@ -2015,7 +2023,7 @@ acl_app() { run_dns ${_dns_port} fi set_cache_var "ACL_${sid}_tcp_node" "${tcp_node}" - set_cache_var "ACL_${sid}_tcp_redir_port" "${redir_port}" + set_cache_var "ACL_${sid}_tcp_redir_port" "${tcp_port}" fi } fi @@ -2031,9 +2039,9 @@ acl_app() { else echolog " - 全局节点未启用,跳过【${remarks}】" fi - elif [ "$udp_node" = "tcp" ]; then + elif [ "$udp_node" = "tcp" ] || [ "$udp_node" = "$tcp_node" ]; then udp_node=$(get_cache_var "ACL_${sid}_tcp_node") - udp_port=$(get_cache_var "ACL_${sid}_tcp_port") + udp_port=$(get_cache_var "ACL_${sid}_tcp_redir_port") set_cache_var "ACL_${sid}_udp_node" "${udp_node}" set_cache_var "ACL_${sid}_udp_redir_port" "${udp_port}" else @@ -2070,7 +2078,7 @@ acl_app() { fi fi set_cache_var "ACL_${sid}_udp_node" "${udp_node}" - set_cache_var "ACL_${sid}_udp_redir_port" "${redir_port}" + set_cache_var "ACL_${sid}_udp_redir_port" "${udp_port}" fi } fi diff --git a/luci-app-passwall/root/usr/share/passwall/iptables.sh b/luci-app-passwall/root/usr/share/passwall/iptables.sh index 406180b..4208a9b 100755 --- a/luci-app-passwall/root/usr/share/passwall/iptables.sh +++ b/luci-app-passwall/root/usr/share/passwall/iptables.sh @@ -341,7 +341,7 @@ load_acl() { [ -n "${is_tproxy}" ] && ipt_tmp=$ipt_m [ "$tcp_no_redir_ports" != "disable" ] && { - if [ "$tcp_no_redir_ports" != "1:65535" ]; then + if ! has_1_65535 "$tcp_no_redir_ports"; then [ "$_ipv4" != "1" ] && add_port_rules "$ip6t_m -A PSW $(comment "$remarks") ${_ipt_source} -p tcp" $tcp_no_redir_ports "-j RETURN" 2>/dev/null add_port_rules "$ipt_tmp -A PSW $(comment "$remarks") ${_ipt_source} -p tcp" $tcp_no_redir_ports "-j RETURN" echolog " - ${msg}不代理 TCP 端口[${tcp_no_redir_ports}]" @@ -353,7 +353,7 @@ load_acl() { } [ "$udp_no_redir_ports" != "disable" ] && { - if [ "$udp_no_redir_ports" != "1:65535" ]; then + if ! has_1_65535 "$udp_no_redir_ports"; then [ "$_ipv4" != "1" ] && add_port_rules "$ip6t_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp" $udp_no_redir_ports "-j RETURN" 2>/dev/null add_port_rules "$ipt_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp" $udp_no_redir_ports "-j RETURN" echolog " - ${msg}不代理 UDP 端口[${udp_no_redir_ports}]" @@ -552,7 +552,7 @@ load_acl() { [ "$TCP_NO_REDIR_PORTS" != "disable" ] && { add_port_rules "$ip6t_m -A PSW $(comment "默认") -p tcp" $TCP_NO_REDIR_PORTS "-j RETURN" add_port_rules "$ipt_tmp -A PSW $(comment "默认") -p tcp" $TCP_NO_REDIR_PORTS "-j RETURN" - if [ "$TCP_NO_REDIR_PORTS" != "1:65535" ]; then + if ! has_1_65535 "$TCP_NO_REDIR_PORTS"; then echolog " - ${msg}不代理 TCP 端口[${TCP_NO_REDIR_PORTS}]" else unset TCP_PROXY_MODE @@ -563,7 +563,7 @@ load_acl() { [ "$UDP_NO_REDIR_PORTS" != "disable" ] && { add_port_rules "$ip6t_m -A PSW $(comment "默认") -p udp" $UDP_NO_REDIR_PORTS "-j RETURN" add_port_rules "$ipt_m -A PSW $(comment "默认") -p udp" $UDP_NO_REDIR_PORTS "-j RETURN" - if [ "$UDP_NO_REDIR_PORTS" != "1:65535" ]; then + if ! has_1_65535 "$UDP_NO_REDIR_PORTS"; then echolog " - ${msg}不代理 UDP 端口[${UDP_NO_REDIR_PORTS}]" else unset UDP_PROXY_MODE @@ -1100,7 +1100,7 @@ add_firewall_rule() { [ "$TCP_NO_REDIR_PORTS" != "disable" ] && { add_port_rules "$ipt_tmp -A PSW_OUTPUT -p tcp" $TCP_NO_REDIR_PORTS "-j RETURN" add_port_rules "$ip6t_m -A PSW_OUTPUT -p tcp" $TCP_NO_REDIR_PORTS "-j RETURN" - if [ "$TCP_NO_REDIR_PORTS" != "1:65535" ]; then + if ! has_1_65535 "$TCP_NO_REDIR_PORTS"; then echolog " - ${msg}不代理 TCP 端口[${TCP_NO_REDIR_PORTS}]" else unset LOCALHOST_TCP_PROXY_MODE @@ -1111,7 +1111,7 @@ add_firewall_rule() { [ "$UDP_NO_REDIR_PORTS" != "disable" ] && { add_port_rules "$ipt_m -A PSW_OUTPUT -p udp" $UDP_NO_REDIR_PORTS "-j RETURN" add_port_rules "$ip6t_m -A PSW_OUTPUT -p udp" $UDP_NO_REDIR_PORTS "-j RETURN" - if [ "$UDP_NO_REDIR_PORTS" != "1:65535" ]; then + if ! has_1_65535 "$UDP_NO_REDIR_PORTS"; then echolog " - ${msg}不代理 UDP 端口[${UDP_NO_REDIR_PORTS}]" else unset LOCALHOST_UDP_PROXY_MODE diff --git a/luci-app-passwall/root/usr/share/passwall/nftables.sh b/luci-app-passwall/root/usr/share/passwall/nftables.sh index 14ebd20..01c35af 100755 --- a/luci-app-passwall/root/usr/share/passwall/nftables.sh +++ b/luci-app-passwall/root/usr/share/passwall/nftables.sh @@ -356,7 +356,7 @@ load_acl() { msg="【$remarks】,${msg}" [ "$tcp_no_redir_ports" != "disable" ] && { - if [ "$tcp_no_redir_ports" != "1:65535" ]; then + if ! has_1_65535 "$tcp_no_redir_ports"; then nft "add rule $NFTABLE_NAME $nft_prerouting_chain ${_ipt_source} ip protocol tcp $(factor $tcp_no_redir_ports "tcp dport") counter return comment \"$remarks\"" [ "$_ipv4" != "1" ] && nft "add rule $NFTABLE_NAME PSW_MANGLE_V6 ${_ipt_source} meta l4proto tcp $(factor $tcp_no_redir_ports "tcp dport") counter return comment \"$remarks\"" echolog " - ${msg}不代理 TCP 端口[${tcp_no_redir_ports}]" @@ -368,7 +368,7 @@ load_acl() { } [ "$udp_no_redir_ports" != "disable" ] && { - if [ "$udp_no_redir_ports" != "1:65535" ]; then + if ! has_1_65535 "$udp_no_redir_ports"; then nft "add rule $NFTABLE_NAME PSW_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_no_redir_ports "udp dport") counter return comment \"$remarks\"" [ "$_ipv4" != "1" ] && nft "add rule $NFTABLE_NAME PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_no_redir_ports "udp dport") counter return comment \"$remarks\"" 2>/dev/null echolog " - ${msg}不代理 UDP 端口[${udp_no_redir_ports}]" @@ -571,7 +571,7 @@ load_acl() { [ "$TCP_NO_REDIR_PORTS" != "disable" ] && { nft "add rule $NFTABLE_NAME $nft_prerouting_chain ip protocol tcp $(factor $TCP_NO_REDIR_PORTS "tcp dport") counter return comment \"默认\"" nft "add rule $NFTABLE_NAME PSW_MANGLE_V6 meta l4proto tcp $(factor $TCP_NO_REDIR_PORTS "tcp dport") counter return comment \"默认\"" - if [ "$TCP_NO_REDIR_PORTS" != "1:65535" ]; then + if ! has_1_65535 "$TCP_NO_REDIR_PORTS"; then echolog " - ${msg}不代理 TCP 端口[${TCP_NO_REDIR_PORTS}]" else unset TCP_PROXY_MODE @@ -582,7 +582,7 @@ load_acl() { [ "$UDP_NO_REDIR_PORTS" != "disable" ] && { nft "add $NFTABLE_NAME PSW_MANGLE ip protocol udp $(factor $UDP_NO_REDIR_PORTS "udp dport") counter return comment \"默认\"" nft "add $NFTABLE_NAME PSW_MANGLE_V6 counter meta l4proto udp $(factor $UDP_NO_REDIR_PORTS "udp dport") counter return comment \"默认\"" - if [ "$UDP_NO_REDIR_PORTS" != "1:65535" ]; then + if ! has_1_65535 "$UDP_NO_REDIR_PORTS"; then echolog " - ${msg}不代理 UDP 端口[${UDP_NO_REDIR_PORTS}]" else unset UDP_PROXY_MODE @@ -1125,7 +1125,7 @@ add_firewall_rule() { [ "$TCP_NO_REDIR_PORTS" != "disable" ] && { nft "add rule $NFTABLE_NAME $nft_output_chain ip protocol tcp $(factor $TCP_NO_REDIR_PORTS "tcp dport") counter return" nft "add rule $NFTABLE_NAME PSW_OUTPUT_MANGLE_V6 meta l4proto tcp $(factor $TCP_NO_REDIR_PORTS "tcp dport") counter return" - if [ "$TCP_NO_REDIR_PORTS" != "1:65535" ]; then + if ! has_1_65535 "$TCP_NO_REDIR_PORTS"; then echolog " - ${msg}不代理 TCP 端口[${TCP_NO_REDIR_PORTS}]" else unset LOCALHOST_TCP_PROXY_MODE @@ -1136,7 +1136,7 @@ add_firewall_rule() { [ "$UDP_NO_REDIR_PORTS" != "disable" ] && { nft "add rule $NFTABLE_NAME PSW_OUTPUT_MANGLE ip protocol udp $(factor $UDP_NO_REDIR_PORTS "udp dport") counter return" nft "add rule $NFTABLE_NAME PSW_OUTPUT_MANGLE_V6 meta l4proto udp $(factor $UDP_NO_REDIR_PORTS "udp dport") counter return" - if [ "$UDP_NO_REDIR_PORTS" != "1:65535" ]; then + if ! has_1_65535 "$UDP_NO_REDIR_PORTS"; then echolog " - ${msg}不代理 UDP 端口[${UDP_NO_REDIR_PORTS}]" else unset LOCALHOST_UDP_PROXY_MODE diff --git a/luci-app-passwall/root/usr/share/passwall/subscribe.lua b/luci-app-passwall/root/usr/share/passwall/subscribe.lua index d221863..a30608c 100755 --- a/luci-app-passwall/root/usr/share/passwall/subscribe.lua +++ b/luci-app-passwall/root/usr/share/passwall/subscribe.lua @@ -1036,8 +1036,8 @@ local function processData(szType, content, add_mode, add_from) end result.encryption = params.encryption or "none" - - result.flow = params.flow or nil + result.flow = params.flow and params.flow:gsub("-udp443", "") or nil + result.alpn = params.alpn if result.type == "sing-box" and (result.transport == "mkcp" or result.transport == "xhttp" or result.transport == "splithttp") then log("跳过节点:" .. result.remarks ..",因Sing-Box不支持" .. szType .. "协议的" .. result.transport .. "传输方式,需更换Xray。") @@ -1191,7 +1191,7 @@ local function processData(szType, content, add_mode, add_from) result.encryption = params.encryption or "none" - result.flow = params.flow or nil + result.flow = params.flow and params.flow:gsub("-udp443", "") or nil result.tls = "0" if params.security == "tls" or params.security == "reality" then @@ -1269,7 +1269,6 @@ local function processData(szType, content, add_mode, add_from) else result.address = host_port end - result.protocol = params.protocol result.hysteria_obfs = params.obfsParam result.hysteria_auth_type = "string" result.hysteria_auth_password = params.auth diff --git a/naiveproxy/Makefile b/naiveproxy/Makefile index 5ecd509..3ec1d76 100644 --- a/naiveproxy/Makefile +++ b/naiveproxy/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=naiveproxy -PKG_VERSION:=138.0.7204.35 +PKG_VERSION:=139.0.7258.62 PKG_RELEASE:=1 ARCH_PREBUILT:=$(ARCH_PACKAGES) @@ -25,47 +25,47 @@ PKG_SOURCE:=naiveproxy-v$(PKG_VERSION)-$(PKG_RELEASE)-openwrt-$(ARCH_PREBUILT).t PKG_SOURCE_URL:=https://github.com/klzgrad/naiveproxy/releases/download/v$(PKG_VERSION)-$(PKG_RELEASE)/ ifeq ($(ARCH_PREBUILT),aarch64_cortex-a53) - PKG_HASH:=45c8b1f19d53f3e0c30bd591a0ba29e511295f7eb9c5ebeaee9dcb483e477d44 + PKG_HASH:=88b631884518ad25eaee00350445824bb962283cf7665519d4d7b242605a95a4 else ifeq ($(ARCH_PREBUILT),aarch64_cortex-a72) - PKG_HASH:=2eb876e77a067f93e50370a1d7ebef497f948e76a732a698aac17b777c2e02da + PKG_HASH:=c8196e4ac5e60c933cdce968b1e630abf3577de1258a4c330eb99ea8649a177a else ifeq ($(ARCH_PREBUILT),aarch64_generic) - PKG_HASH:=b0303b6c1147d563454605e3e2fda651aa40a8a7189b3c15245389557539b516 + PKG_HASH:=7fa990948c429c36fd0778cd9125e08aed79d5e92be6675951540ddd7069b2fb else ifeq ($(ARCH_PREBUILT),arm_arm1176jzf-s_vfp) - PKG_HASH:=11f3aa85008935a7bce61e69117d0fec66b31ce7a8394d1ccb47f1fb66d00c35 + PKG_HASH:=51db374620c21797a732d11e17b7ddc31e9be681804ea3145938a24320aaa66a else ifeq ($(ARCH_PREBUILT),arm_arm926ej-s) - PKG_HASH:=c5838f4149efbc7b2e01d6f2c94f7585edc3b51ebc072e88f4e8d6e709125b02 + PKG_HASH:=abf5db455d57de10dec4b5e5d37903293bcbbe80a3baeb33aded53fb4d503db1 else ifeq ($(ARCH_PREBUILT),arm_cortex-a15_neon-vfpv4) - PKG_HASH:=a514d92010d2999ddbfe073e61dc9ea7f58414845077114979950ff5078a72ee + PKG_HASH:=4ea19599f0287da886c79b93d3ac7ae03727402587fa3af5fdd3d12ad2e2a58e else ifeq ($(ARCH_PREBUILT),arm_cortex-a5_vfpv4) - PKG_HASH:=1e2677d68d9c81b7505ada6ed146177e53dca708fa878c5105b87812df20c797 + PKG_HASH:=6824c79925f5cc9c3a8fd8a2090c982a0b30c0ce014aa90f99a2f36ed68ada9d else ifeq ($(ARCH_PREBUILT),arm_cortex-a7) - PKG_HASH:=e9047f458ecba7cfc4c722d0180c1a4d823d9edbde41e4abce0f293c52712b0f + PKG_HASH:=456c896ac9a26d41a6bc0aea74262780516203a143cfb530906ac9a580d35ab5 else ifeq ($(ARCH_PREBUILT),arm_cortex-a7_neon-vfpv4) - PKG_HASH:=954cea8e06240e6391d7057765335c6ac20fdbc42dcde9d20c2e4aa55a75a9e1 + PKG_HASH:=0ac6f60ba0b90ef38aa88f1172b7119e07ec775b1776594afb51452f5b4af125 else ifeq ($(ARCH_PREBUILT),arm_cortex-a7_vfpv4) - PKG_HASH:=6d739e11f4df930139744d982ee9e98050cf6778ff0af90bf5e128f789f26b61 + PKG_HASH:=361341cd9300e071f06545d92bf355bd83fe415af7392cffcd503e9207f273e5 else ifeq ($(ARCH_PREBUILT),arm_cortex-a8_vfpv3) - PKG_HASH:=8f3de0015d28c341d8dd303bd770ffaf4cf05767a4af3612218da78a54d01c6e + PKG_HASH:=04eaadc2c6cf300c788d8531cdf04821c91a751bae720c2fc4631ec6445a0cd8 else ifeq ($(ARCH_PREBUILT),arm_cortex-a9) - PKG_HASH:=bf15aaaf307ac86cbd3fc9c9a8a107103d2682ba227f54fd2d2a2def252b8fca + PKG_HASH:=523af9336b72da3a32f38d1975e86f15bdc859234f8e7f0a3c664fc31da2ce3f else ifeq ($(ARCH_PREBUILT),arm_cortex-a9_neon) - PKG_HASH:=c5788e9ce8eef9d526390ef04966668ffd9e9f40af194257fb9600362585032f + PKG_HASH:=b20c2e0c098503d8b57c6ab70d70de401bb642a474521ccf0e700756ad7ed8e1 else ifeq ($(ARCH_PREBUILT),arm_cortex-a9_vfpv3-d16) - PKG_HASH:=5c93593112ad72c75d35fc41b6d6ed3c1115dcf8aa30f9bc61303696f31fa551 + PKG_HASH:=9658d4f6a9a7e753774b1b231808c5267addc7cea94e2e93e7f823ec84e279e3 else ifeq ($(ARCH_PREBUILT),arm_mpcore) - PKG_HASH:=ee481d71ff9735e221f8a58601690f11315613f4e77678bbe3ab25236d5ad36a + PKG_HASH:=cfdcc0bfd70c689b01af8ebcc712f8a1431aeba77a4bc1522444268f9864d12d else ifeq ($(ARCH_PREBUILT),arm_xscale) - PKG_HASH:=3719a7d151c1d80250388cea32f74165772d8cc21b8bfa9c6a8db312ae19a0b8 + PKG_HASH:=5c7706b1cb19e27d4c0135feea6af245e19af684b9e2bb38c3cea80c9adb970c else ifeq ($(ARCH_PREBUILT),mipsel_24kc) - PKG_HASH:=1aa0c1fbe81242cf4c14a6c83fd32f8548a3691233c2078a640619c2b3bfd7c4 + PKG_HASH:=70e248ffa44a067ced6c178f3aef09097e7bbd6030cb7d3776866880ad954eb6 else ifeq ($(ARCH_PREBUILT),mipsel_mips32) - PKG_HASH:=9f909d879602a0feeb2535e0859339a0496cdd948fb2f64c491bc5cf324f93f0 + PKG_HASH:=a49e6088ddb1af6135fa2a46ba5c55db66b4a2ecd46cb6daf3776181a2e62296 else ifeq ($(ARCH_PREBUILT),riscv64) - PKG_HASH:=df183679a499ce65f3ff2e7561a551dd890c4acd6bfdeb97fdf729c97d195bac + PKG_HASH:=4f8163daea361188f8eec3c1794b78416b898aff226e33e82f8ae6f96d403ac3 else ifeq ($(ARCH_PREBUILT),x86) - PKG_HASH:=f9ca7ee068b2317c8a9e1155ed692cb99d3ba35f5ea4e0dcb56d63efa8764839 + PKG_HASH:=02e38a354b26ed8ebe7a753bac2f8a4a4b4210a23dcb430de0ab88b88b689f92 else ifeq ($(ARCH_PREBUILT),x86_64) - PKG_HASH:=c6a6526432d76a2a19412869fd37a99ffa9f832c992791fc26983965ad3f0726 + PKG_HASH:=df910463af15f53b5540dcb23a9858ba73dd2bc336eea9625ba0360bd3b29042 else PKG_HASH:=dummy endif diff --git a/nikki/files/nikki.conf b/nikki/files/nikki.conf index 7e71b12..2ea1c45 100644 --- a/nikki/files/nikki.conf +++ b/nikki/files/nikki.conf @@ -38,11 +38,13 @@ config mixin 'mixin' option 'redir_port' '7891' option 'tproxy_port' '7892' option 'authentication' '1' + option 'tun_enabled' '1' option 'tun_device' 'nikki' option 'tun_stack' 'mixed' option 'tun_dns_hijack' '0' list 'tun_dns_hijacks' 'tcp://any:53' list 'tun_dns_hijacks' 'udp://any:53' + option 'dns_enabled' '1' option 'dns_listen' '[::]:1053' option 'dns_ipv6' '1' option 'dns_mode' 'fake-ip' diff --git a/sing-box/Makefile b/sing-box/Makefile index df2caca..3fef967 100644 --- a/sing-box/Makefile +++ b/sing-box/Makefile @@ -5,12 +5,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=sing-box -PKG_VERSION:=1.12.2 +PKG_VERSION:=1.12.3 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/SagerNet/sing-box/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=95d902c008ed0b414ab29408dc565310fffe435a15753e02d10ca5c8e6837ce5 +PKG_HASH:=3dce8ee383655908451f7f193714f0c8f90b8fd4baecb8e7e3948d263d766359 PKG_LICENSE:=GPL-3.0-or-later PKG_LICENSE_FILES:=LICENSE