From 3d517a1bd0da0296c080a5ecd62f1a47454875f1 Mon Sep 17 00:00:00 2001 From: Dest Date: Sun, 9 Oct 2022 21:30:26 +0800 Subject: [PATCH 1/6] Update README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 645991f..be801c7 100755 --- a/README.md +++ b/README.md @@ -18,6 +18,9 @@ luci-app-oaf依赖appfilter、kmod-oaf两个模块,选择luci-app-oaf后会自 - 主路由模式 - 旁路由模式(AP桥模式也可以使用该模式,旁路由模式仅用来过滤,如果需要完整审计功能,请部署为主路由) +### 如何安装应用过滤插件 +[如何安装应用过滤插件](https://github.com/destan19/OpenAppFilter/wiki/%E5%A6%82%E4%BD%95%E5%AE%89%E8%A3%85%E5%BA%94%E7%94%A8%E8%BF%87%E6%BB%A4%E6%8F%92%E4%BB%B6) + ### 使用前必读 1. 关闭网络加速 进入网络-->网络加速(ACC)菜单,将所有的勾取消并保存生效,如果是高通AX系列产品,还需要手动通过命令调整ecm慢速转发包个数, From e6cf045deef10c3f308fb004cb40f42f0efadd97 Mon Sep 17 00:00:00 2001 From: derry Date: Sat, 29 Oct 2022 23:56:10 +0800 Subject: [PATCH 2/6] remove mul-feature support,fix feature file upload error --- luci-app-oaf/luasrc/model/cbi/appfilter/feature.lua | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/luci-app-oaf/luasrc/model/cbi/appfilter/feature.lua b/luci-app-oaf/luasrc/model/cbi/appfilter/feature.lua index 11e744f..44b4111 100755 --- a/luci-app-oaf/luasrc/model/cbi/appfilter/feature.lua +++ b/luci-app-oaf/luasrc/model/cbi/appfilter/feature.lua @@ -58,13 +58,7 @@ http.setfilehandler(function(meta, chunk, eof) local line = fd2:read("*l"); fd2:close() local ret = string.match(line, "#version") - local lang = m.uci:get_all("luci.main.lang") - local feature_file = "" - if "" == lang or "auto" == lang then - feature_file = "/etc/appfilter/feature.cfg" - else - feature_file = "/etc/appfilter/feature_" .. lang .. ".cfg" - end + local feature_file = "/etc/appfilter/feature.cfg" if ret ~= nil then local cmd = "cp /tmp/upload/" .. meta.file .. " " .. feature_file; os.execute(cmd); From 0b7f452a6a9c6f1acbd9ee41a76ded2d88fe346f Mon Sep 17 00:00:00 2001 From: derry Date: Mon, 31 Oct 2022 19:43:53 +0800 Subject: [PATCH 3/6] Filter bcast ip in bypass mode --- oaf/src/af_log.c | 8 ++++++++ oaf/src/af_log.h | 1 + oaf/src/app_filter.c | 7 ++++--- open-app-filter/src/appfilter_config.c | 12 ++++++++++++ open-app-filter/src/appfilter_config.h | 1 + open-app-filter/src/main.c | 17 ++++++++++++++++- 6 files changed, 42 insertions(+), 4 deletions(-) diff --git a/oaf/src/af_log.c b/oaf/src/af_log.c index dba9c10..7c6b8b4 100755 --- a/oaf/src/af_log.c +++ b/oaf/src/af_log.c @@ -11,6 +11,7 @@ int af_test_mode = 0; // todo: rename af_log.c int g_oaf_enable __read_mostly = 0; int af_work_mode = AF_MODE_GATEWAY; +int af_lan_ip = 0; /* cat /proc/sys/oaf/debug */ @@ -43,6 +44,13 @@ static struct ctl_table oaf_table[] = { .mode = 0666, .proc_handler = proc_dointvec, }, + { + .procname = "lan_ip", + .data = &af_lan_ip, + .maxlen = sizeof(int), + .mode = 0666, + .proc_handler = proc_dointvec, + }, { } }; diff --git a/oaf/src/af_log.h b/oaf/src/af_log.h index f37b8d6..f05c7bd 100755 --- a/oaf/src/af_log.h +++ b/oaf/src/af_log.h @@ -3,6 +3,7 @@ extern int af_log_lvl; extern int af_test_mode; extern int af_work_mode; +extern int af_lan_ip; #define LOG(level, fmt, ...) do { \ if ((level) <= af_log_lvl) { \ printk(fmt, ##__VA_ARGS__); \ diff --git a/oaf/src/app_filter.c b/oaf/src/app_filter.c index e9ca013..7a7ad6f 100755 --- a/oaf/src/app_filter.c +++ b/oaf/src/app_filter.c @@ -261,7 +261,6 @@ int add_app_feature(int appid, char *name, char *feature) } if (AF_DICT_PARAM_INDEX != param_num && strlen(feature) > MIN_FEATURE_STR_LEN) { - AF_ERROR("invalid feature:%s\n", feature); return -1; } strncpy(dict, begin, p - begin); @@ -348,7 +347,6 @@ void load_feature_buf_from_file(char **config_buf) if (IS_ERR(fp)) { - printk("open feature file failed\n"); return; } @@ -393,7 +391,6 @@ int load_feature_config(void) load_feature_buf_from_file(&feature_buf); if (!feature_buf) { - AF_ERROR("error, feature buf is null\n"); return -1; } p = begin = feature_buf; @@ -908,6 +905,10 @@ u_int32_t app_filter_hook_bypass_handle(struct sk_buff *skb, struct net_device * if (af_match_bcast_packet(&flow) || af_match_local_packet(&flow)) return NF_ACCEPT; + if (af_lan_ip == flow.src || af_lan_ip == flow.dst){ + return NF_ACCEPT; + } + af_get_smac(skb, smac); AF_CLIENT_LOCK_W(); diff --git a/open-app-filter/src/appfilter_config.c b/open-app-filter/src/appfilter_config.c index 1fcb959..0536902 100755 --- a/open-app-filter/src/appfilter_config.c +++ b/open-app-filter/src/appfilter_config.c @@ -299,6 +299,18 @@ int config_get_appfilter_enable(void) return enable; } +int config_get_lan_ip(char *lan_ip, int len) +{ + int ret = 0; + struct uci_context *ctx = uci_alloc_context(); + if (!ctx) + return -1; + ret = uci_get_value(ctx, "network.lan.ipaddr", lan_ip, len); + uci_free_context(ctx); + return ret; +} + + int appfilter_config_alloc(void) { char *err; diff --git a/open-app-filter/src/appfilter_config.h b/open-app-filter/src/appfilter_config.h index 1d29e10..e2770c3 100755 --- a/open-app-filter/src/appfilter_config.h +++ b/open-app-filter/src/appfilter_config.h @@ -56,5 +56,6 @@ int appfilter_config_alloc(void); int appfilter_config_free(void); af_ctl_time_t *load_appfilter_ctl_time_config(void); int config_get_appfilter_enable(void); +int config_get_lan_ip(char *lan_ip, int len); #endif diff --git a/open-app-filter/src/main.c b/open-app-filter/src/main.c index 586db2f..a506b0f 100755 --- a/open-app-filter/src/main.c +++ b/open-app-filter/src/main.c @@ -30,6 +30,8 @@ THE SOFTWARE. #include "appfilter_ubus.h" #include "appfilter_config.h" #include +#include +#include void check_appfilter_enable(void) { int enable = 1; @@ -88,14 +90,27 @@ EXIT: free(af_t); } +void update_lan_ip(void){ + char ip_str[32] = {0}; + struct in_addr addr; + char cmd_buf[128] = {0}; + u_int32_t lan_ip = 0; + + config_get_lan_ip(ip_str, sizeof(ip_str)); + inet_aton(ip_str, &addr); + lan_ip =addr.s_addr; + sprintf(cmd_buf, "echo %d >/proc/sys/oaf/lan_ip", lan_ip); + system(cmd_buf); +} + void dev_list_timeout_handler(struct uloop_timeout *t) { dump_dev_list(); check_dev_visit_info_expire(); flush_expire_visit_info(); //dump_dev_visit_list(); + update_lan_ip(); check_appfilter_enable(); - //todo: dev list expire if (check_dev_expire()){ flush_expire_visit_info(); flush_dev_expire_node(); From def61d3238c1c2573ba7e6eefac4696393cc038d Mon Sep 17 00:00:00 2001 From: Dest Date: Tue, 1 Nov 2022 11:19:18 +0800 Subject: [PATCH 4/6] Update README.md --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index be801c7..c6604ed 100755 --- a/README.md +++ b/README.md @@ -1,8 +1,9 @@ 应用过滤是一款基于OpenWrt的家长管理插件,支持游戏、视频、聊天、下载等app过滤,比如抖音、斗鱼、王者荣耀等 - - +### 固件下载 +固件基于openwrt源码加入应用过滤插件,包含热门路由器固件,固件都是精简版,默认关闭加速等冲突模块,开启应用过滤即可生效。 +[下载固件](http://175.178.71.82:88/oaf) ### 如何编译应用过滤固件 1. 准备OpenWrt源码,并编译成功 推荐源码仓库: From d58ceac597e60ea8f0b863ad458327d3c6cf1163 Mon Sep 17 00:00:00 2001 From: Dest Date: Tue, 1 Nov 2022 11:19:49 +0800 Subject: [PATCH 5/6] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c6604ed..d74fda3 100755 --- a/README.md +++ b/README.md @@ -2,9 +2,9 @@ 应用过滤是一款基于OpenWrt的家长管理插件,支持游戏、视频、聊天、下载等app过滤,比如抖音、斗鱼、王者荣耀等 ### 固件下载 -固件基于openwrt源码加入应用过滤插件,包含热门路由器固件,固件都是精简版,默认关闭加速等冲突模块,开启应用过滤即可生效。 +固件基于openwrt源码加入应用过滤插件,包含热门路由器固件,固件都是精简版,默认关闭加速等冲突模块,开启应用过滤即可生效。 [下载固件](http://175.178.71.82:88/oaf) -### 如何编译应用过滤固件 +### 如何自己编译应用过滤固件 1. 准备OpenWrt源码,并编译成功 推荐源码仓库: https://github.com/coolsnowwolf/lede.git From 2aa1065e8971b6a26bb0897bd0b7c85083fab539 Mon Sep 17 00:00:00 2001 From: derry Date: Wed, 2 Nov 2022 16:51:25 +0800 Subject: [PATCH 6/6] Remove data len limit --- oaf/src/app_filter.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/oaf/src/app_filter.c b/oaf/src/app_filter.c index 7a7ad6f..e71abb6 100755 --- a/oaf/src/app_filter.c +++ b/oaf/src/app_filter.c @@ -896,9 +896,6 @@ u_int32_t app_filter_hook_bypass_handle(struct sk_buff *skb, struct net_device * if (!skb || !dev) return NF_ACCEPT; - if (skb->len > MAX_BYPASS_DPI_PKT_LEN) - return NF_ACCEPT; - memset((char *)&flow, 0x0, sizeof(flow_info_t)); if (parse_flow_proto(skb, &flow) < 0) return NF_ACCEPT;