Merge https://github.com/destan19/OpenAppFilter

2022-11-04 06:32:47 +08:00 · 2022-11-04 06:32:47 +08:00 · c4109f85f0
commit c4109f85f0
parent 2c2b9f5787 dc918b3c61
7 changed files with 49 additions and 10 deletions
--- a/README.md
+++ b/README.md
@ -1,9 +1,10 @@


 应用过滤是一款基于OpenWrt的家长管理插件，支持游戏、视频、聊天、下载等app过滤，比如抖音、斗鱼、王者荣耀等
-
-
-### 如何编译应用过滤固件
+### 固件下载
+固件基于openwrt源码加入应用过滤插件，包含热门路由器固件，固件都是精简版，默认关闭加速等冲突模块，开启应用过滤即可生效。  
+[下载固件](http://175.178.71.82:88/oaf)
+### 如何自己编译应用过滤固件
 1. 准备OpenWrt源码，并编译成功  
   推荐源码仓库：  
   https://github.com/coolsnowwolf/lede.git  
@ -18,6 +19,9 @@ luci-app-oaf依赖appfilter、kmod-oaf两个模块，选择luci-app-oaf后会自
 - 主路由模式
 - 旁路由模式（AP桥模式也可以使用该模式，旁路由模式仅用来过滤，如果需要完整审计功能，请部署为主路由）

+### 如何安装应用过滤插件
+[如何安装应用过滤插件](https://github.com/destan19/OpenAppFilter/wiki/%E5%A6%82%E4%BD%95%E5%AE%89%E8%A3%85%E5%BA%94%E7%94%A8%E8%BF%87%E6%BB%A4%E6%8F%92%E4%BB%B6)   
+
 ### 使用前必读
  1. 关闭网络加速  
  进入网络-->网络加速(ACC)菜单，将所有的勾取消并保存生效，如果是高通AX系列产品，还需要手动通过命令调整ecm慢速转发包个数，  
--- a/oaf/src/af_log.c
+++ b/oaf/src/af_log.c
@ -11,6 +11,7 @@ int af_test_mode = 0;
 // todo: rename af_log.c
 int g_oaf_enable __read_mostly = 0;
 int af_work_mode = AF_MODE_GATEWAY;
+int af_lan_ip = 0;
 /* 
 	cat /proc/sys/oaf/debug
 */
@ -43,6 +44,13 @@ static struct ctl_table oaf_table[] = {
 		.mode		= 0666,
 		.proc_handler	= proc_dointvec,
 	},
+	{
+		.procname	= "lan_ip",
+		.data		= &af_lan_ip,
+		.maxlen 	= sizeof(int),
+		.mode		= 0666,
+		.proc_handler	= proc_dointvec,
+	},
 	{
 	}
 };
--- a/oaf/src/af_log.h
+++ b/oaf/src/af_log.h
@ -3,6 +3,7 @@
 extern int af_log_lvl;
 extern int af_test_mode;
 extern int af_work_mode;
+extern int af_lan_ip;
 #define LOG(level, fmt, ...) do { \
    if ((level) <= af_log_lvl) { \
        printk(fmt, ##__VA_ARGS__); \
--- a/oaf/src/app_filter.c
+++ b/oaf/src/app_filter.c
@ -261,7 +261,6 @@ int add_app_feature(int appid, char *name, char *feature)
 	}
 	if (AF_DICT_PARAM_INDEX != param_num && strlen(feature) > MIN_FEATURE_STR_LEN)
 	{
-		AF_ERROR("invalid feature:%s\n", feature);
 		return -1;
 	}
 	strncpy(dict, begin, p - begin);
@ -348,7 +347,6 @@ void load_feature_buf_from_file(char **config_buf)

 	if (IS_ERR(fp))
 	{
-		printk("open feature file failed\n");
 		return;
 	}

@ -393,7 +391,6 @@ int load_feature_config(void)
 	load_feature_buf_from_file(&feature_buf);
 	if (!feature_buf)
 	{
-		AF_ERROR("error, feature buf is null\n");
 		return -1;
 	}
 	p = begin = feature_buf;
@ -899,15 +896,16 @@ u_int32_t app_filter_hook_bypass_handle(struct sk_buff *skb, struct net_device *
 	if (!skb || !dev)
 		return NF_ACCEPT;

-	if (skb->len > MAX_BYPASS_DPI_PKT_LEN)
-		return NF_ACCEPT;	
-
 	memset((char *)&flow, 0x0, sizeof(flow_info_t));
 	if (parse_flow_proto(skb, &flow) < 0)
 		return NF_ACCEPT;
 	if (af_match_bcast_packet(&flow) || af_match_local_packet(&flow))
 		return NF_ACCEPT;

+	if (af_lan_ip == flow.src || af_lan_ip == flow.dst){
+		return NF_ACCEPT;
+	}
+
 	af_get_smac(skb, smac);

 	AF_CLIENT_LOCK_W();
--- a/open-app-filter/src/appfilter_config.c
+++ b/open-app-filter/src/appfilter_config.c
@ -299,6 +299,18 @@ int config_get_appfilter_enable(void)
    return enable;
 }

+int config_get_lan_ip(char *lan_ip, int len)
+{
+    int ret = 0;
+    struct uci_context *ctx = uci_alloc_context();
+    if (!ctx)
+        return -1;
+    ret = uci_get_value(ctx, "network.lan.ipaddr", lan_ip, len);
+    uci_free_context(ctx);
+    return ret;
+}
+
+
 int appfilter_config_alloc(void)
 {
    char *err;
--- a/open-app-filter/src/appfilter_config.h
+++ b/open-app-filter/src/appfilter_config.h
@ -56,5 +56,6 @@ int appfilter_config_alloc(void);
 int appfilter_config_free(void);
 af_ctl_time_t *load_appfilter_ctl_time_config(void);
 int config_get_appfilter_enable(void);
+int config_get_lan_ip(char *lan_ip, int len);

 #endif
--- a/open-app-filter/src/main.c
+++ b/open-app-filter/src/main.c
@ -30,6 +30,8 @@ THE SOFTWARE.
 #include "appfilter_ubus.h"
 #include "appfilter_config.h"
 #include <time.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
 void check_appfilter_enable(void)
 {
    int enable = 1;
@ -88,14 +90,27 @@ EXIT:
   		free(af_t);
 }

+void update_lan_ip(void){
+    char ip_str[32] = {0};
+    struct in_addr addr;
+    char cmd_buf[128] = {0};
+    u_int32_t lan_ip = 0;
+
+    config_get_lan_ip(ip_str, sizeof(ip_str));
+    inet_aton(ip_str, &addr);
+    lan_ip =addr.s_addr;
+    sprintf(cmd_buf, "echo %d >/proc/sys/oaf/lan_ip", lan_ip);
+    system(cmd_buf);
+}
+
 void dev_list_timeout_handler(struct uloop_timeout *t)
 {
    dump_dev_list();
    check_dev_visit_info_expire();
    flush_expire_visit_info();
    //dump_dev_visit_list();
+    update_lan_ip();
    check_appfilter_enable();
-    //todo: dev list expire
    if (check_dev_expire()){
        flush_expire_visit_info();
        flush_dev_expire_node();