From 11a44f7946a98396950a6ecf24b27316cecd1c96 Mon Sep 17 00:00:00 2001 From: actions Date: Mon, 1 Apr 2024 17:30:04 +0800 Subject: [PATCH] luci-app-passwall: sync upstream --- luci-app-passwall/Makefile | 2 +- .../luasrc/model/cbi/passwall/client/global.lua | 2 +- .../luasrc/model/cbi/passwall/client/rule_list.lua | 4 ++++ .../luasrc/view/passwall/global/proxy.htm | 8 ++++++++ .../root/usr/share/passwall/iptables.sh | 14 ++++++++++++-- .../root/usr/share/passwall/nftables.sh | 12 ++++++++++-- .../root/usr/share/passwall/rule_update.lua | 4 ++-- 7 files changed, 38 insertions(+), 8 deletions(-) diff --git a/luci-app-passwall/Makefile b/luci-app-passwall/Makefile index 50231c67e..f643c161c 100644 --- a/luci-app-passwall/Makefile +++ b/luci-app-passwall/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-passwall -PKG_VERSION:=4.76-2 +PKG_VERSION:=4.76-3 PKG_RELEASE:= PKG_CONFIG_DEPENDS:= \ diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua index ca4616759..3c99e2e9d 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua @@ -424,7 +424,7 @@ o:depends(_depends) o = s:taboption("DNS", Button, "clear_ipset", translate("Clear IPSET"), translate("Try this feature if the rule modification does not take effect.")) o.inputstyle = "remove" function o.write(e, e) - luci.sys.call("[ -n \"$(nft list sets 2>/dev/null | grep \"passwall_\")\" ] && sh /usr/share/" .. appname .. "/nftables.sh flush_nftset || sh /usr/share/" .. appname .. "/iptables.sh flush_ipset > /dev/null 2>&1 &") + luci.sys.call('[ -n "$(nft list sets 2>/dev/null | grep \"passwall_\")" ] && sh /usr/share/passwall/nftables.sh flush_nftset_reload || sh /usr/share/passwall/iptables.sh flush_ipset_reload > /dev/null 2>&1 &') luci.http.redirect(api.url("log")) end diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua index 8c76bbede..2497d32e0 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua @@ -268,4 +268,8 @@ if sys.call('[ -f "/www/luci-static/resources/uci.js" ]') == 0 then end end +function m.on_commit(self) + luci.sys.call('[ -n "$(nft list sets 2>/dev/null | grep \"passwall_\")" ] && sh /usr/share/passwall/nftables.sh flush_nftset || sh /usr/share/passwall/iptables.sh flush_ipset > /dev/null 2>&1 &') +end + return m diff --git a/luci-app-passwall/luasrc/view/passwall/global/proxy.htm b/luci-app-passwall/luasrc/view/passwall/global/proxy.htm index 7271331de..33ce38f08 100644 --- a/luci-app-passwall/luasrc/view/passwall/global/proxy.htm +++ b/luci-app-passwall/luasrc/view/passwall/global/proxy.htm @@ -7,6 +7,7 @@ + @@ -99,4 +100,11 @@ opt.set("tcp_proxy_mode", "disable"); opt.set("udp_proxy_mode", "disable"); } + + function switch_global_mode() { + opt.set("use_gfw_list", false); + opt.set("chn_list", "0"); + opt.set("tcp_proxy_mode", "proxy"); + opt.set("udp_proxy_mode", "proxy"); + } diff --git a/luci-app-passwall/root/usr/share/passwall/iptables.sh b/luci-app-passwall/root/usr/share/passwall/iptables.sh index 397927adf..719aef575 100755 --- a/luci-app-passwall/root/usr/share/passwall/iptables.sh +++ b/luci-app-passwall/root/usr/share/passwall/iptables.sh @@ -135,7 +135,9 @@ REDIRECT() { get_jump_ipt() { case "$1" in direct) - echo "-j RETURN" + local mark="-m mark ! --mark 1" + s="${mark} -j RETURN" + echo $s ;; proxy) if [ -n "$2" ] && [ -n "$(echo $2 | grep "^-")" ]; then @@ -1174,10 +1176,15 @@ del_firewall_rule() { } flush_ipset() { - del_firewall_rule + $DIR/app.sh echolog "清空 IPSET。" for _name in $(ipset list | grep "Name: " | grep "passwall_" | awk '{print $2}'); do destroy_ipset ${_name} done +} + +flush_ipset_reload() { + del_firewall_rule + flush_ipset rm -rf /tmp/singbox_passwall* rm -rf /tmp/etc/passwall_tmp/dnsmasq* /etc/init.d/passwall reload @@ -1301,6 +1308,9 @@ insert_rule_after) flush_ipset) flush_ipset ;; +flush_ipset_reload) + flush_ipset_reload + ;; get_ipt_bin) get_ipt_bin ;; diff --git a/luci-app-passwall/root/usr/share/passwall/nftables.sh b/luci-app-passwall/root/usr/share/passwall/nftables.sh index 68a4d1c1c..e4ba3f5f1 100755 --- a/luci-app-passwall/root/usr/share/passwall/nftables.sh +++ b/luci-app-passwall/root/usr/share/passwall/nftables.sh @@ -170,7 +170,7 @@ gen_nftset() { get_jump_ipt() { case "$1" in direct) - echo "counter return" + echo "mark != 1 counter return" ;; proxy) if [ -n "$2" ] && [ -n "$(echo $2 | grep "^counter")" ]; then @@ -1218,10 +1218,15 @@ del_firewall_rule() { } flush_nftset() { - del_firewall_rule + $DIR/app.sh echolog "清空 NFTSET。" for _name in $(nft -a list sets | grep -E "passwall" | awk -F 'set ' '{print $2}' | awk '{print $1}'); do destroy_nftset ${_name} done +} + +flush_nftset_reload() { + del_firewall_rule + flush_nftset rm -rf /tmp/singbox_passwall* rm -rf /tmp/etc/passwall_tmp/dnsmasq* /etc/init.d/passwall reload @@ -1328,6 +1333,9 @@ insert_rule_after) flush_nftset) flush_nftset ;; +flush_nftset_reload) + flush_nftset_reload + ;; get_wan_ip) get_wan_ip ;; diff --git a/luci-app-passwall/root/usr/share/passwall/rule_update.lua b/luci-app-passwall/root/usr/share/passwall/rule_update.lua index 36375c4db..75505ddc8 100755 --- a/luci-app-passwall/root/usr/share/passwall/rule_update.lua +++ b/luci-app-passwall/root/usr/share/passwall/rule_update.lua @@ -461,9 +461,9 @@ luci.sys.call("uci commit " .. name) if reboot == 1 then log("重启服务,应用新的规则。") if use_nft == "1" then - luci.sys.call("sh /usr/share/" .. name .. "/nftables.sh flush_nftset > /dev/null 2>&1 &") + luci.sys.call("sh /usr/share/" .. name .. "/nftables.sh flush_nftset_reload > /dev/null 2>&1 &") else - luci.sys.call("sh /usr/share/" .. name .. "/iptables.sh flush_ipset > /dev/null 2>&1 &") + luci.sys.call("sh /usr/share/" .. name .. "/iptables.sh flush_ipset_reload > /dev/null 2>&1 &") end end log("规则更新完毕...")