luci-app-passwall2: sync upstream

last commit: 394f384296
2025-05-16 22:28:11 +08:00 · 2025-05-16 22:28:11 +08:00 · 0f201e67eb
commit 0f201e67eb
parent 6d76f5324e
9 changed files with 268 additions and 256 deletions
--- a/luci-app-passwall2/Makefile
+++ b/luci-app-passwall2/Makefile
@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=luci-app-passwall2
-PKG_VERSION:=25.5.7
+PKG_VERSION:=25.5.15
 PKG_RELEASE:=1
 PKG_CONFIG_DEPENDS:= \
--- a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/sing-box.lua
+++ b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/sing-box.lua
@ -335,6 +335,10 @@ o:value("xtls-rprx-vision")
 o:depends({ [_n("protocol")] = "vless", [_n("tls")] = true })
 if singbox_tags:find("with_quic") then
 	o = s:option(Value, _n("hysteria_hop"), translate("Port hopping range"))
 	o.description = translate("Format as 1000:2000 or 1000-2000 Multiple groups are separated by commas (,).")
 	o:depends({ [_n("protocol")] = "hysteria" })
 	o = s:option(Value, _n("hysteria_obfs"), translate("Obfs Password"))
 	o:depends({ [_n("protocol")] = "hysteria" })
--- a/luci-app-passwall2/luasrc/passwall2/util_sing-box.lua
+++ b/luci-app-passwall2/luasrc/passwall2/util_sing-box.lua
@ -292,7 +292,18 @@ function gen_outbound(flag, node, tag, proxy_table)
 		end
 		if node.protocol == "hysteria" then
 			local server_ports = {}
 			if node.hysteria_hop then
 				node.hysteria_hop = string.gsub(node.hysteria_hop, "-", ":")
 				for range in node.hysteria_hop:gmatch("([^,]+)") do
 					if range:match("^%d+:%d+$") then
 						table.insert(server_ports, range)
 					end
 				end
 			end
 			protocol_table = {
 				server_ports = next(server_ports) and server_ports or nil,
 				hop_interval = next(server_ports) and "30s" or nil,
 				up_mbps = tonumber(node.hysteria_up_mbps),
 				down_mbps = tonumber(node.hysteria_down_mbps),
 				obfs = node.hysteria_obfs,
--- a/luci-app-passwall2/luasrc/passwall2/util_xray.lua
+++ b/luci-app-passwall2/luasrc/passwall2/util_xray.lua
@ -163,9 +163,9 @@ function gen_outbound(flag, node, tag, proxy_table)
 					spiderX = node.reality_spiderX or "/",
 					fingerprint = (node.type == "Xray" and node.fingerprint and node.fingerprint ~= "") and node.fingerprint or "chrome"
 				} or nil,
-				rawSettings = ((node.transport == "raw" or node.transport == "tcp") and node.protocol ~= "socks") and {
+				rawSettings = ((node.transport == "raw" or node.transport == "tcp") and node.protocol ~= "socks" and (node.tcp_guise and node.tcp_guise ~= "none")) and {
 					header = {
-						type = node.tcp_guise or "none",
+						type = node.tcp_guise,
 						request = (node.tcp_guise == "http") and {
 							path = node.tcp_guise_http_path or {"/"},
 							headers = {
@ -729,7 +729,7 @@ function gen_config(var)
 			end
 			if is_new_blc_node then
 				local blc_node = uci:get_all(appname, blc_node_id)
-				local outbound = gen_outbound(flag, blc_node, blc_node_tag, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.noise == "1" or nil })
+				local outbound = gen_outbound(flag, blc_node, blc_node_tag, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.noise == "1" or nil, run_socks_instance = not no_run })
 				if outbound then
 					outbound.tag = outbound.tag .. ":" .. blc_node.remarks
 					table.insert(outbounds, outbound)
@ -755,7 +755,7 @@ function gen_config(var)
 			if is_new_node then
 				local fallback_node = uci:get_all(appname, fallback_node_id)
 				if fallback_node.protocol ~= "_balancing" then
-					local outbound = gen_outbound(flag, fallback_node, fallback_node_id, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.noise == "1" or nil })
+					local outbound = gen_outbound(flag, fallback_node, fallback_node_id, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.noise == "1" or nil, run_socks_instance = not no_run })
 					if outbound then
 						outbound.tag = outbound.tag .. ":" .. fallback_node.remarks
 						table.insert(outbounds, outbound)
@ -1146,7 +1146,7 @@ function gen_config(var)
 				sys.call(string.format("mkdir -p %s && touch %s/%s", api.TMP_IFACE_PATH, api.TMP_IFACE_PATH, node.iface))
 			end
 		else
-			local outbound = gen_outbound(flag, node, nil, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.fragment == "1" or nil })
+			local outbound = gen_outbound(flag, node, nil, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.fragment == "1" or nil, run_socks_instance = not no_run })
 			if outbound then
 				outbound.tag = outbound.tag .. ":" .. node.remarks
 				COMMON.default_outbound_tag, last_insert_outbound = set_outbound_detour(node, outbound, outbounds)
--- a/luci-app-passwall2/luasrc/view/passwall2/node_list/link_share_man.htm
+++ b/luci-app-passwall2/luasrc/view/passwall2/node_list/link_share_man.htm
@ -536,6 +536,7 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
 			params += opt.query("sni", dom_prefix + "tls_serverName");
 			params += opt.query("alpn", dom_prefix + "tuic_alpn");
 			params += opt.query("congestion_control", dom_prefix + "tuic_congestion_control");
 			params += opt.query("udp_relay_mode", dom_prefix + "tuic_udp_relay_mode");
 			params += opt.query("allowinsecure", dom_prefix + "tls_allowInsecure");
 			params += "#" + encodeURI(v_alias.value);
@ -1428,6 +1429,7 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
 				}
 			}
 			opt.set(dom_prefix + 'tuic_congestion_control', queryParam.congestion_control || 'cubic');
 			opt.set(dom_prefix + 'tuic_udp_relay_mode', queryParam.udp_relay_mode || 'native');
 			opt.set(dom_prefix + 'tuic_alpn', queryParam.alpn || 'default');
 			opt.set(dom_prefix + 'tls_serverName', queryParam.sni || '');
 			opt.set(dom_prefix + 'tls_allowInsecure', true);
--- a/luci-app-passwall2/root/usr/share/passwall2/haproxy.lua
+++ b/luci-app-passwall2/root/usr/share/passwall2/haproxy.lua
@ -1,230 +1,239 @@
-#!/usr/bin/lua
+#!/usr/bin/lua
-
+
-local api = require ("luci.passwall2.api")
+local api = require ("luci.passwall2.api")
-local appname = api.appname
+local appname = "passwall2"
-local fs = api.fs
+local fs = api.fs
-local jsonc = api.jsonc
+local jsonc = api.jsonc
-local uci = api.uci
+local uci = api.uci
-local sys = api.sys
+local sys = api.sys
-
+
-local log = function(...)
+local log = function(...)
-	api.log(...)
+	api.log(...)
-end
+end
-
+
-function get_ip_port_from(str)
+function get_ip_port_from(str)
-	local result_port = sys.exec("echo -n " .. str .. " | sed -n 's/^.*[:#]\\([0-9]*\\)$/\\1/p'")
+	local result_port = sys.exec("echo -n " .. str .. " | sed -n 's/^.*[:#]\\([0-9]*\\)$/\\1/p'")
-	local result_ip = sys.exec(string.format("__host=%s;__varport=%s;", str, result_port) .. "echo -n ${__host%%${__varport:+[:#]${__varport}*}}")
+	local result_ip = sys.exec(string.format("__host=%s;__varport=%s;", str, result_port) .. "echo -n ${__host%%${__varport:+[:#]${__varport}*}}")
-	return result_ip, result_port
+	return result_ip, result_port
-end
+end
-
+
-local new_port
+local new_port
-local function get_new_port()
+local function get_new_port()
-	if new_port then
+	if new_port then
-		new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port %s tcp)", appname, new_port + 1)))
+		new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port %s tcp)", appname, new_port + 1)))
-	else
+	else
-		new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port auto tcp)", appname)))
+		new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port auto tcp)", appname)))
-	end
+	end
-	return new_port
+	return new_port
-end
+end
-
+
-local var = api.get_args(arg)
+local var = api.get_args(arg)
-local haproxy_path = var["-path"]
+local haproxy_path = var["-path"]
-local haproxy_conf = var["-conf"]
+local haproxy_conf = var["-conf"]
-local haproxy_dns = var["-dns"] or "119.29.29.29:53,223.5.5.5:53"
+local haproxy_dns = var["-dns"] or "119.29.29.29:53,223.5.5.5:53"
-
+
-local cpu_thread = sys.exec('echo -n $(cat /proc/cpuinfo | grep "processor" | wc -l)') or "1"
+local cpu_thread = sys.exec('echo -n $(cat /proc/cpuinfo | grep "processor" | wc -l)') or "1"
-local health_check_type = uci:get(appname, "@global_haproxy[0]", "health_check_type") or "tcp"
+local health_check_type = uci:get(appname, "@global_haproxy[0]", "health_check_type") or "tcp"
-local health_check_inter = uci:get(appname, "@global_haproxy[0]", "health_check_inter") or "10"
+local health_check_inter = uci:get(appname, "@global_haproxy[0]", "health_check_inter") or "10"
-local bind_local = uci:get(appname, "@global_haproxy[0]", "bind_local") or "0"
+local console_port = uci:get(appname, "@global_haproxy[0]", "console_port")
-local bind_address = "0.0.0.0"
+local bind_local = uci:get(appname, "@global_haproxy[0]", "bind_local") or "0"
-if bind_local == "1" then bind_address = "127.0.0.1" end
+local bind_address = "0.0.0.0"
-
+if bind_local == "1" then bind_address = "127.0.0.1" end
-log("HAPROXY 负载均衡...")
+
-fs.mkdir(haproxy_path)
+log("HAPROXY 负载均衡：")
-local haproxy_file = haproxy_path .. "/" .. haproxy_conf
+log(string.format("  * 控制台端口：%s", console_port))
-
+fs.mkdir(haproxy_path)
-local f_out = io.open(haproxy_file, "a")
+local haproxy_file = haproxy_path .. "/" .. haproxy_conf
-
+
-local haproxy_config = [[
+local f_out = io.open(haproxy_file, "a")
-global
+
-	daemon
+local haproxy_config = [[
-	log         127.0.0.1 local2
+global
-	maxconn     60000
+	daemon
-	stats socket  {{path}}/haproxy.sock
+	log         127.0.0.1 local2
-	nbthread {{nbthread}}
+	maxconn     60000
-	external-check
+	stats socket  {{path}}/haproxy.sock
-	insecure-fork-wanted
+	nbthread {{nbthread}}
-
+	external-check
-defaults
+	insecure-fork-wanted
-	mode                    tcp
+
-	log                     global
+defaults
-	option                  tcplog
+	mode                    tcp
-	option                  dontlognull
+	log                     global
-	option http-server-close
+	option                  tcplog
-	#option forwardfor       except 127.0.0.0/8
+	option                  dontlognull
-	option                  redispatch
+	option http-server-close
-	retries                 2
+	#option forwardfor       except 127.0.0.0/8
-	timeout http-request    10s
+	option                  redispatch
-	timeout queue           1m
+	retries                 2
-	timeout connect         10s
+	timeout http-request    10s
-	timeout client          1m
+	timeout queue           1m
-	timeout server          1m
+	timeout connect         10s
-	timeout http-keep-alive 10s
+	timeout client          1m
-	timeout check           10s
+	timeout server          1m
-	maxconn                 3000
+	timeout http-keep-alive 10s
-	
+	timeout check           10s
-resolvers mydns
+	maxconn                 3000
-	resolve_retries       1
+	
-	timeout resolve       5s
+resolvers mydns
-	hold valid           600s
+	resolve_retries       1
-{{dns}}
+	timeout resolve       5s
-]]
+	hold valid           600s
-
+{{dns}}
-haproxy_config = haproxy_config:gsub("{{path}}",  haproxy_path)
+]]
-haproxy_config = haproxy_config:gsub("{{nbthread}}",  cpu_thread)
+
-
+haproxy_config = haproxy_config:gsub("{{path}}",  haproxy_path)
-local mydns = ""
+haproxy_config = haproxy_config:gsub("{{nbthread}}",  cpu_thread)
-local index = 0
+
-string.gsub(haproxy_dns, '[^' .. "," .. ']+', function(w)
+local mydns = ""
-	index = index + 1
+local index = 0
-	local s = w:gsub("#", ":")
+string.gsub(haproxy_dns, '[^' .. "," .. ']+', function(w)
-	if not s:find(":") then
+	index = index + 1
-		s = s .. ":53"
+	local s = w:gsub("#", ":")
-	end
+	if not s:find(":") then
-	mydns = mydns .. (index > 1 and "\n" or "") .. "    " .. string.format("nameserver dns%s %s", index, s)
+		s = s .. ":53"
-end)
+	end
-haproxy_config = haproxy_config:gsub("{{dns}}",  mydns)
+	mydns = mydns .. (index > 1 and "\n" or "") .. "	" .. string.format("nameserver dns%s %s", index, s)
-
+end)
-f_out:write(haproxy_config)
+haproxy_config = haproxy_config:gsub("{{dns}}",  mydns)
-
+
-local listens = {}
+f_out:write(haproxy_config)
-
+
-uci:foreach(appname, "haproxy_config", function(t)
+local listens = {}
-	if t.enabled == "1" then
+
-		local server_remark
+uci:foreach(appname, "haproxy_config", function(t)
-		local server_address
+	if t.enabled == "1" then
-		local server_port
+		local server_remark
-		local lbss = t.lbss
+		local server_address
-		local listen_port = tonumber(t.haproxy_port) or 0
+		local server_port
-		local server_node = uci:get_all(appname, lbss)
+		local lbss = t.lbss
-		if server_node and server_node.address and server_node.port then
+		local listen_port = tonumber(t.haproxy_port) or 0
-			server_remark = server_node.address .. ":" .. server_node.port
+		local server_node = uci:get_all(appname, lbss)
-			server_address = server_node.address
+		if server_node and server_node.address and server_node.port then
-			server_port = server_node.port
+			server_remark = server_node.address .. ":" .. server_node.port
-			t.origin_address = server_address
+			server_address = server_node.address
-			t.origin_port = server_port
+			server_port = server_node.port
-			if health_check_type == "passwall_logic" then
+			t.origin_address = server_address
-				if server_node.type ~= "Socks" then
+			t.origin_port = server_port
-					local relay_port = server_node.port
+			if health_check_type == "passwall_logic" then
-					new_port = get_new_port()
+				if server_node.type ~= "Socks" then
-					local config_file = string.format("haproxy_%s_%s.json", t[".name"], new_port)
+					local relay_port = server_node.port
-					sys.call(string.format('/usr/share/%s/app.sh run_socks "%s"> /dev/null',
+					new_port = get_new_port()
-						appname,
+					local config_file = string.format("haproxy_%s_%s.json", t[".name"], new_port)
-						string.format("flag=%s node=%s bind=%s socks_port=%s config_file=%s",
+					sys.call(string.format('/usr/share/%s/app.sh run_socks "%s"> /dev/null',
-							new_port, --flag
+						appname,
-							server_node[".name"], --node
+						string.format("flag=%s node=%s bind=%s socks_port=%s config_file=%s",
-							"127.0.0.1", --bind
+							new_port, --flag
-							new_port, --socks port
+							server_node[".name"], --node
-							config_file --config file
+							"127.0.0.1", --bind
-							)
+							new_port, --socks port
-						)
+							config_file --config file
-					)
+							)
-					server_address = "127.0.0.1"
+						)
-					server_port = new_port
+					)
-				end
+					server_address = "127.0.0.1"
-			end
+					server_port = new_port
-		else
+				end
-			server_address, server_port = get_ip_port_from(lbss)
+			end
-			server_remark = server_address .. ":" .. server_port
+		else
-			t.origin_address = server_address
+			server_address, server_port = get_ip_port_from(lbss)
-			t.origin_port = server_port
+			server_remark = server_address .. ":" .. server_port
-		end
+			t.origin_address = server_address
-		if server_address and server_port and listen_port > 0 then
+			t.origin_port = server_port
-			if not listens[listen_port] then
+		end
-				listens[listen_port] = {}
+		if server_address and server_port and listen_port > 0 then
-			end
+			if not listens[listen_port] then
-			t.server_remark = server_remark
+				listens[listen_port] = {}
-			t.server_address = server_address
+			end
-			t.server_port = server_port
+			t.server_remark = server_remark
-			table.insert(listens[listen_port], t)
+			t.server_address = server_address
-		else
+			t.server_port = server_port
-			log("  - 丢弃1个明显无效的节点")
+			table.insert(listens[listen_port], t)
-		end
+		else
-	end
+			log("  - 丢弃1个明显无效的节点")
-end)
+		end
-
+	end
-local sortTable = {}
+end)
-for i in pairs(listens) do
+
-	if i ~= nil then
+local sortTable = {}
-		table.insert(sortTable, i)
+for i in pairs(listens) do
-	end
+	if i ~= nil then
-end
+		table.insert(sortTable, i)
-table.sort(sortTable, function(a,b) return (a < b) end)
+	end
-
+end
-for i, port in pairs(sortTable) do
+table.sort(sortTable, function(a,b) return (a < b) end)
-	log("  + 入口 %s:%s" % {bind_address, port})
+
-
+for i, port in pairs(sortTable) do
-	f_out:write("\n" .. string.format([[
+	log("  +  入口 %s:%s" % {bind_address, port})
-listen %s
+
-	bind %s:%s
+	f_out:write("\n" .. string.format([[
-	mode tcp
+listen %s
-	balance roundrobin
+	bind %s:%s
-]], port, bind_address, port))
+	mode tcp
-
+	balance roundrobin
-	if health_check_type == "passwall_logic" then
+]], port, bind_address, port))
-		f_out:write(string.format([[
+
-	option external-check
+	if health_check_type == "passwall_logic" then
-	external-check command "/usr/share/passwall2/haproxy_check.sh"
+		f_out:write(string.format([[
-]], port, port))
+	option external-check
-	end
+	external-check command "/usr/share/passwall2/haproxy_check.sh"
-
+]], port, port))
-	for i, o in ipairs(listens[port]) do
+	end
-		local remark = o.server_remark
+
-		local server = o.server_address .. ":" .. o.server_port
+	local count_M, count_B = 1, 1
-		local server_conf = "server {{remark}} {{server}} weight {{weight}} {{resolvers}} check inter {{inter}} rise 1 fall 3 {{backup}}"
+	for i, o in ipairs(listens[port]) do
-		server_conf = server_conf:gsub("{{remark}}", remark)
+		local remark = o.server_remark or ""
-		server_conf = server_conf:gsub("{{server}}", server)
+		-- 防止重名导致无法运行
-		server_conf = server_conf:gsub("{{weight}}",  o.lbweight)
+		if tostring(o.backup) ~= "1" then
-		local resolvers = "resolvers mydns"
+			remark = "M" .. count_M .. "-" .. remark
-		if api.is_ip(o.server_address) then
+			count_M = count_M + 1
-			resolvers = ""
+		else
-		end
+			remark = "B" .. count_B .. "-" .. remark
-		server_conf = server_conf:gsub("{{resolvers}}",  resolvers)
+			count_B = count_B + 1
-		server_conf = server_conf:gsub("{{inter}}",  tonumber(health_check_inter) .. "s")
+		end
-		server_conf = server_conf:gsub("{{backup}}",  o.backup == "1" and "backup" or "")
+		local server = o.server_address .. ":" .. o.server_port
-
+		local server_conf = "server {{remark}} {{server}} weight {{weight}} {{resolvers}} check inter {{inter}} rise 1 fall 3 {{backup}}"
-		f_out:write("    " .. server_conf .. "\n")
+		server_conf = server_conf:gsub("{{remark}}", remark)
-
+		server_conf = server_conf:gsub("{{server}}", server)
-		if o.export ~= "0" then
+		server_conf = server_conf:gsub("{{weight}}", o.lbweight)
-			sys.call(string.format("/usr/share/passwall2/app.sh add_ip2route %s %s", o.origin_address, o.export))
+		local resolvers = "resolvers mydns"
-		end
+		if api.is_ip(o.server_address) then
-
+			resolvers = ""
-		log(string.format("  | - 出口节点：%s:%s，权重：%s", o.origin_address, o.origin_port, o.lbweight))
+		end
-	end
+		server_conf = server_conf:gsub("{{resolvers}}", resolvers)
-end
+		server_conf = server_conf:gsub("{{inter}}", tonumber(health_check_inter) .. "s")
-
+		server_conf = server_conf:gsub("{{backup}}", tostring(o.backup) == "1" and "backup" or "")
--控制台配置
+
-local console_port = uci:get(appname, "@global_haproxy[0]", "console_port")
+		f_out:write("	" .. server_conf .. "\n")
-local console_user = uci:get(appname, "@global_haproxy[0]", "console_user")
+
-local console_password = uci:get(appname, "@global_haproxy[0]", "console_password")
+		if o.export ~= "0" then
-local str = [[
+			sys.call(string.format("/usr/share/passwall2/app.sh add_ip2route %s %s", o.origin_address, o.export))
-listen console
+		end
-	bind 0.0.0.0:%s
+
-	mode http
+		log(string.format("  | - 出口节点：%s:%s，权重：%s", o.origin_address, o.origin_port, o.lbweight))
-	stats refresh 30s
+	end
-	stats uri /
+end
-	stats admin if TRUE
+
-	%s
+--控制台配置
-]]
+local console_user = uci:get(appname, "@global_haproxy[0]", "console_user")
-f_out:write("\n" .. string.format(str, console_port, (console_user and console_user ~= "" and console_password and console_password ~= "") and "stats auth " .. console_user .. ":" .. console_password or ""))
+local console_password = uci:get(appname, "@global_haproxy[0]", "console_password")
-log(string.format("  * 控制台端口：%s", console_port))
+local str = [[
-
+listen console
-f_out:close()
+	bind 0.0.0.0:%s
-
+	mode http
--内置健康检查URL
+	stats refresh 30s
-if health_check_type == "passwall_logic" then
+	stats uri /
-	local probeUrl = uci:get(appname, "@global_haproxy[0]", "health_probe_url") or "https://www.google.com/generate_204"
+	stats admin if TRUE
-	local f_url = io.open(haproxy_path .. "/Probe_URL", "w")
+	%s
-	f_url:write(probeUrl)
+]]
-	f_url:close()
+f_out:write("\n" .. string.format(str, console_port, (console_user and console_user ~= "" and console_password and console_password ~= "") and "stats auth " .. console_user .. ":" .. console_password or ""))
-end
+
 f_out:close()
 --内置健康检查URL
 if health_check_type == "passwall_logic" then
 	local probeUrl = uci:get(appname, "@global_haproxy[0]", "health_probe_url") or "https://www.google.com/generate_204"
 	local f_url = io.open(haproxy_path .. "/Probe_URL", "w")
 	f_url:write(probeUrl)
 	f_url:close()
 end
--- a/luci-app-passwall2/root/usr/share/passwall2/haproxy_check.sh
+++ b/luci-app-passwall2/root/usr/share/passwall2/haproxy_check.sh
@ -1,5 +1,7 @@
 #!/bin/sh
 export PATH=/usr/sbin:/usr/bin:/sbin:/bin:/root/bin
 listen_address=$1
 listen_port=$2
 server_address=$3
@ -17,7 +19,7 @@ if /usr/bin/curl --help all | grep -q "\-\-retry-all-errors"; then
 	extra_params="${extra_params} --retry-all-errors"
 fi
-status=$(/usr/bin/curl -I -o /dev/null -skL ${extra_params} --connect-timeout 3 --retry 1 -w "%{http_code}" "${probeUrl}")
+status=$(/usr/bin/curl -I -o /dev/null -skL ${extra_params} --connect-timeout 3 --retry 1 --max-time 10 -w "%{http_code}" "${probeUrl}")
 case "$status" in
 	200|204)
--- a/luci-app-passwall2/root/usr/share/passwall2/subscribe.lua
+++ b/luci-app-passwall2/root/usr/share/passwall2/subscribe.lua
@ -1219,6 +1219,7 @@ local function processData(szType, content, add_mode, add_from)
 		result.hysteria_alpn = params.alpn
 		result.hysteria_up_mbps = params.upmbps
 		result.hysteria_down_mbps = params.downmbps
 		result.hysteria_hop = params.mport
 		if has_singbox then
 			result.type = 'sing-box'
@ -1325,6 +1326,7 @@ local function processData(szType, content, add_mode, add_from)
 		result.tls_serverName = params.sni
 		result.tuic_alpn = params.alpn or "default"
 		result.tuic_congestion_control = params.congestion_control or "cubic"
 		result.tuic_udp_relay_mode = params.udp_relay_mode or "native"
 		params.allowinsecure = params.allowinsecure or params.insecure
 		if params.allowinsecure then
 			if params.allowinsecure == "1" or params.allowinsecure == "0" then
--- a/luci-app-passwall2/root/usr/share/passwall2/test.sh
+++ b/luci-app-passwall2/root/usr/share/passwall2/test.sh
@ -71,29 +71,11 @@ url_test_node() {
 		sleep 1s
 		result=$(curl --connect-timeout 3 -o /dev/null -I -skL -w "%{http_code}:%{time_starttransfer}" -x $curlx "https://www.google.com/generate_204")
 		pgrep -af "url_test_${node_id}" | awk '! /test\.sh/{print $1}' | xargs kill -9 >/dev/null 2>&1
-		rm -rf "/tmp/etc/${CONFIG}/url_test_${node_id}"*.json
+		rm -rf /tmp/etc/${CONFIG}/*url_test_${node_id}*.json
 	}
 	echo $result
 }
 test_node() {
 	local node_id=$1
 	local _type=$(echo $(config_n_get ${node_id} type) | tr 'A-Z' 'a-z')
 	[ -n "${_type}" ] && {
 		local _tmp_port=$(/usr/share/${CONFIG}/app.sh get_new_port 61080 tcp,udp)
 		/usr/share/${CONFIG}/app.sh run_socks flag="test_node_${node_id}" node=${node_id} bind=127.0.0.1 socks_port=${_tmp_port} config_file=test_node_${node_id}.json
 		local curlx="socks5h://127.0.0.1:${_tmp_port}"
 		sleep 1s
 		_proxy_status=$(test_url "https://www.google.com/generate_204" ${retry_num} ${connect_timeout} "-x $curlx")
 		pgrep -af "test_node_${node_id}" | awk '! /test\.sh/{print $1}' | xargs kill -9 >/dev/null 2>&1
 		rm -rf "/tmp/etc/${CONFIG}/test_node_${node_id}.json"
 		if [ "${_proxy_status}" -eq 200 ]; then
 			return 0
 		fi
 	}
 	return 1
 }
 arg1=$1
 shift
 case $arg1 in