luci-app-passwall: sync upstream

2024-04-01 17:30:04 +08:00 · 2024-04-01 17:30:04 +08:00 · 11a44f7946
commit 11a44f7946
parent e4cbc7d7c4
7 changed files with 38 additions and 8 deletions
--- a/luci-app-passwall/Makefile
+++ b/luci-app-passwall/Makefile
@ -6,7 +6,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=luci-app-passwall
-PKG_VERSION:=4.76-2
+PKG_VERSION:=4.76-3
 PKG_RELEASE:=
 PKG_CONFIG_DEPENDS:= \
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
@ -424,7 +424,7 @@ o:depends(_depends)
 o = s:taboption("DNS", Button, "clear_ipset", translate("Clear IPSET"), translate("Try this feature if the rule modification does not take effect."))
 o.inputstyle = "remove"
 function o.write(e, e)
-	luci.sys.call("[ -n \"$(nft list sets 2>/dev/null | grep \"passwall_\")\" ] && sh /usr/share/" .. appname .. "/nftables.sh flush_nftset || sh /usr/share/" .. appname .. "/iptables.sh flush_ipset > /dev/null 2>&1 &")
+	luci.sys.call('[ -n "$(nft list sets 2>/dev/null | grep \"passwall_\")" ] && sh /usr/share/passwall/nftables.sh flush_nftset_reload || sh /usr/share/passwall/iptables.sh flush_ipset_reload > /dev/null 2>&1 &')
 	luci.http.redirect(api.url("log"))
 end
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/rule_list.lua
@ -268,4 +268,8 @@ if sys.call('[ -f "/www/luci-static/resources/uci.js" ]') == 0 then
 	end
 end
 function m.on_commit(self)
 	luci.sys.call('[ -n "$(nft list sets 2>/dev/null | grep \"passwall_\")" ] && sh /usr/share/passwall/nftables.sh flush_nftset || sh /usr/share/passwall/iptables.sh flush_ipset > /dev/null 2>&1 &')
 end
 return m
--- a/luci-app-passwall/luasrc/view/passwall/global/proxy.htm
+++ b/luci-app-passwall/luasrc/view/passwall/global/proxy.htm
@ -7,6 +7,7 @@
 			<input class="btn cbi-button cbi-button-apply" type="button" onclick="switch_gfw_mode()" value="<%:GFW List%>" />
 			<input class="btn cbi-button cbi-button-apply" type="button" onclick="switch_chnroute_mode()" value="<%:Not China List%>" />
 			<input class="btn cbi-button cbi-button-apply" type="button" onclick="switch_returnhome_mode()" value="<%:China List%>" />
 			<input class="btn cbi-button cbi-button-apply" type="button" onclick="switch_global_mode()" value="<%:Global Proxy%>" />
 		</div>
 	</div>
 </div>
@ -99,4 +100,11 @@
 		opt.set("tcp_proxy_mode", "disable");
 		opt.set("udp_proxy_mode", "disable");
 	}
 	function switch_global_mode() {
 		opt.set("use_gfw_list", false);
 		opt.set("chn_list", "0");
 		opt.set("tcp_proxy_mode", "proxy");
 		opt.set("udp_proxy_mode", "proxy");
 	}
 </script>
--- a/luci-app-passwall/root/usr/share/passwall/iptables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/iptables.sh
@ -135,7 +135,9 @@ REDIRECT() {
 get_jump_ipt() {
 	case "$1" in
 	direct)
-		echo "-j RETURN"
+		local mark="-m mark ! --mark 1"
 		s="${mark} -j RETURN"
 		echo $s
 		;;
 	proxy)
 		if [ -n "$2" ] && [ -n "$(echo $2 | grep "^-")" ]; then
@ -1174,10 +1176,15 @@ del_firewall_rule() {
 }
 flush_ipset() {
-	del_firewall_rule
+	$DIR/app.sh echolog "清空 IPSET。"
 	for _name in $(ipset list | grep "Name: " | grep "passwall_" | awk '{print $2}'); do
 		destroy_ipset ${_name}
 	done
 }
 flush_ipset_reload() {
 	del_firewall_rule
 	flush_ipset
 	rm -rf /tmp/singbox_passwall*
 	rm -rf /tmp/etc/passwall_tmp/dnsmasq*
 	/etc/init.d/passwall reload
@ -1301,6 +1308,9 @@ insert_rule_after)
 flush_ipset)
 	flush_ipset
 	;;
 flush_ipset_reload)
 	flush_ipset_reload
 	;;
 get_ipt_bin)
 	get_ipt_bin
 	;;
--- a/luci-app-passwall/root/usr/share/passwall/nftables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/nftables.sh
@ -170,7 +170,7 @@ gen_nftset() {
 get_jump_ipt() {
 	case "$1" in
 	direct)
-		echo "counter return"
+		echo "mark != 1 counter return"
 		;;
 	proxy)
 		if [ -n "$2" ] && [ -n "$(echo $2 | grep "^counter")" ]; then
@ -1218,10 +1218,15 @@ del_firewall_rule() {
 }
 flush_nftset() {
-	del_firewall_rule
+	$DIR/app.sh echolog "清空 NFTSET。"
 	for _name in $(nft -a list sets | grep -E "passwall" | awk -F 'set ' '{print $2}' | awk '{print $1}'); do
 		destroy_nftset ${_name}
 	done
 }
 flush_nftset_reload() {
 	del_firewall_rule
 	flush_nftset
 	rm -rf /tmp/singbox_passwall*
 	rm -rf /tmp/etc/passwall_tmp/dnsmasq*
 	/etc/init.d/passwall reload
@ -1328,6 +1333,9 @@ insert_rule_after)
 flush_nftset)
 	flush_nftset
 	;;
 flush_nftset_reload)
 	flush_nftset_reload
 	;;
 get_wan_ip)
 	get_wan_ip
 	;;
--- a/luci-app-passwall/root/usr/share/passwall/rule_update.lua
+++ b/luci-app-passwall/root/usr/share/passwall/rule_update.lua
@ -461,9 +461,9 @@ luci.sys.call("uci commit " .. name)
 if reboot == 1 then
 	log("重启服务，应用新的规则。")
 	if use_nft == "1" then
-		luci.sys.call("sh /usr/share/" .. name .. "/nftables.sh flush_nftset > /dev/null 2>&1 &")
+		luci.sys.call("sh /usr/share/" .. name .. "/nftables.sh flush_nftset_reload > /dev/null 2>&1 &")
 	else
-		luci.sys.call("sh /usr/share/" .. name .. "/iptables.sh flush_ipset > /dev/null 2>&1 &")
+		luci.sys.call("sh /usr/share/" .. name .. "/iptables.sh flush_ipset_reload > /dev/null 2>&1 &")
 	end
 end
 log("规则更新完毕...")