diff --git a/luci-app-passwall2/Makefile b/luci-app-passwall2/Makefile
index 346f60212..837428424 100644
--- a/luci-app-passwall2/Makefile
+++ b/luci-app-passwall2/Makefile
@@ -5,7 +5,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-passwall2
-PKG_VERSION:=1.28-5
+PKG_VERSION:=1.28-6
PKG_RELEASE:=
PKG_CONFIG_DEPENDS:= \
diff --git a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/global.lua b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/global.lua
index c34ab9714..e80474d43 100644
--- a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/global.lua
+++ b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/global.lua
@@ -316,7 +316,7 @@ o.rmempty = false
o = s:taboption("DNS", Button, "clear_ipset", translate("Clear IPSet"), translate("Try this feature if the rule modification does not take effect."))
o.inputstyle = "remove"
function o.write(e, e)
- luci.sys.call("[ -n \"$(nft list sets 2>/dev/null | grep \"passwall2_\")\" ] && sh /usr/share/" .. appname .. "/nftables.sh flush_nftset || sh /usr/share/" .. appname .. "/iptables.sh flush_ipset > /dev/null 2>&1 &")
+ luci.sys.call('[ -n "$(nft list sets 2>/dev/null | grep \"passwall2_\")" ] && sh /usr/share/passwall2/nftables.sh flush_nftset_reload || sh /usr/share/passwall2/iptables.sh flush_ipset_reload > /dev/null 2>&1 &')
luci.http.redirect(api.url("log"))
end
diff --git a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/shunt_rules.lua b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/shunt_rules.lua
index 3c2546603..9676ffc11 100644
--- a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/shunt_rules.lua
+++ b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/shunt_rules.lua
@@ -121,6 +121,8 @@ domain_list.validate = function(self, value)
flag = 0
elseif host:find("ext:") and host:find("ext:") == 1 then
flag = 0
+ elseif host:find("#") and host:find("#") == 1 then
+ flag = 0
end
if flag == 1 then
if not datatypes.hostname(tmp_host) then
@@ -135,7 +137,7 @@ domain_list.description = "
- " .. translate("Plaintext: If this stri
.. "
- " .. translate("Subdomain (recommended): Begining with 'domain:' and the rest is a domain. When the targeting domain is exactly the value, or is a subdomain of the value, this rule takes effect. Example: rule 'domain:v2ray.com' matches 'www.v2ray.com', 'v2ray.com', but not 'xv2ray.com'.")
.. "
- " .. translate("Full domain: Begining with 'full:' and the rest is a domain. When the targeting domain is exactly the value, the rule takes effect. Example: rule 'domain:v2ray.com' matches 'v2ray.com', but not 'www.v2ray.com'.")
.. "
- " .. translate("Pre-defined domain list: Begining with 'geosite:' and the rest is a name, such as geosite:google or geosite:cn.")
-.. "
- " .. translate("Domains from file: Such as 'ext:file:tag'. The value must begin with ext: (lowercase), and followed by filename and tag. The file is placed in resource directory, and has the same format of geosite.dat. The tag must exist in the file.")
+.. "
- " .. translate("Annotation: Begining with #")
.. "
"
ip_list = s:option(TextValue, "ip_list", "IP")
ip_list.rows = 10
@@ -146,6 +148,7 @@ ip_list.validate = function(self, value)
for index, ipmask in ipairs(ipmasks) do
if ipmask:find("geoip:") and ipmask:find("geoip:") == 1 then
elseif ipmask:find("ext:") and ipmask:find("ext:") == 1 then
+ elseif ipmask:find("#") and ipmask:find("#") == 1 then
else
if not (datatypes.ipmask4(ipmask) or datatypes.ipmask6(ipmask)) then
return nil, ipmask .. " " .. translate("Not valid IP format, please re-enter!")
@@ -157,7 +160,7 @@ end
ip_list.description = "
- " .. translate("IP: such as '127.0.0.1'.")
.. "
- " .. translate("CIDR: such as '127.0.0.0/8'.")
.. "
- " .. translate("GeoIP: such as 'geoip:cn'. It begins with geoip: (lower case) and followed by two letter of country code.")
-.. "
- " .. translate("IPs from file: Such as 'ext:file:tag'. The value must begin with ext: (lowercase), and followed by filename and tag. The file is placed in resource directory, and has the same format of geoip.dat. The tag must exist in the file.")
+.. "
- " .. translate("Annotation: Begining with #")
.. "
"
return m
diff --git a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/ray.lua b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/ray.lua
index ab2edf0b4..803a38bc2 100644
--- a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/ray.lua
+++ b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/ray.lua
@@ -49,7 +49,9 @@ o:depends({ [option_name("protocol")] = "_iface" })
local nodes_table = {}
local balancers_table = {}
+local fallback_table = {}
local iface_table = {}
+local is_balancer = nil
for k, e in ipairs(api.get_valid_nodes()) do
if e.node_type == "normal" then
nodes_table[#nodes_table + 1] = {
@@ -63,6 +65,15 @@ for k, e in ipairs(api.get_valid_nodes()) do
id = e[".name"],
remark = e["remark"]
}
+ if e[".name"] ~= arg[1] then
+ fallback_table[#fallback_table + 1] = {
+ id = e[".name"],
+ remark = e["remark"],
+ fallback = e["fallback_node"]
+ }
+ else
+ is_balancer = true
+ end
end
if e.protocol == "_iface" then
iface_table[#iface_table + 1] = {
@@ -90,14 +101,35 @@ for k, v in pairs(nodes_table) do o:value(v.id, v.remark) end
local o = s:option(ListValue, option_name("balancingStrategy"), translate("Balancing Strategy"))
o:depends({ [option_name("protocol")] = "_balancing" })
o:value("random")
+o:value("roundRobin")
o:value("leastPing")
-o:value("leastLoad")
-o.default = "leastLoad"
+o.default = "leastPing"
+
+-- Fallback Node
+if api.compare_versions(api.get_app_version("xray"), ">=", "1.8.10") then
+ local o = s:option(ListValue, option_name("fallback_node"), translate("Fallback Node"))
+ o:depends({ [option_name("balancingStrategy")] = "leastPing" })
+ o:value("",translate("Null"))
+ o.default = ""
+ local function check_fallback_chain(fb)
+ for k, v in pairs(fallback_table) do
+ if v.fallback == fb then
+ fallback_table[k] = nil
+ check_fallback_chain(v.id)
+ end
+ end
+ end
+ -- 检查fallback链,去掉会形成闭环的balancer节点
+ if is_balancer then
+ check_fallback_chain(arg[1])
+ end
+ for k, v in pairs(fallback_table) do o:value(v.id, v.remark) end
+ for k, v in pairs(nodes_table) do o:value(v.id, v.remark) end
+end
-- 探测地址
local o = s:option(Flag, option_name("useCustomProbeUrl"), translate("Use Custome Probe URL"), translate("By default the built-in probe URL will be used, enable this option to use a custom probe URL."))
o:depends({ [option_name("balancingStrategy")] = "leastPing" })
-o:depends({ [option_name("balancingStrategy")] = "leastLoad" })
local o = s:option(Value, option_name("probeUrl"), translate("Probe URL"))
o:depends({ [option_name("useCustomProbeUrl")] = true })
@@ -107,7 +139,6 @@ o.description = translate("The URL used to detect the connection status.")
-- 探测间隔
local o = s:option(Value, option_name("probeInterval"), translate("Probe Interval"))
o:depends({ [option_name("balancingStrategy")] = "leastPing" })
-o:depends({ [option_name("balancingStrategy")] = "leastLoad" })
o.default = "1m"
o.description = translate("The interval between initiating probes. Every time this time elapses, a server status check is performed on a server. The time format is numbers + units, such as '10s', '2h45m', and the supported time units are ns, us, ms, s, m, h, which correspond to nanoseconds, microseconds, milliseconds, seconds, minutes, and hours, respectively.")
diff --git a/luci-app-passwall2/luasrc/passwall2/util_sing-box.lua b/luci-app-passwall2/luasrc/passwall2/util_sing-box.lua
index ff9e57757..05f9f8657 100644
--- a/luci-app-passwall2/luasrc/passwall2/util_sing-box.lua
+++ b/luci-app-passwall2/luasrc/passwall2/util_sing-box.lua
@@ -1155,6 +1155,7 @@ function gen_config(var)
geosite = {},
}
string.gsub(e.domain_list, '[^' .. "\r\n" .. ']+', function(w)
+ if w:find("#") == 1 then return end
if w:find("geosite:") == 1 then
table.insert(domain_table.geosite, w:sub(1 + #"geosite:"))
elseif w:find("regexp:") == 1 then
@@ -1183,6 +1184,7 @@ function gen_config(var)
local ip_cidr = {}
local geoip = {}
string.gsub(e.ip_list, '[^' .. "\r\n" .. ']+', function(w)
+ if w:find("#") == 1 then return end
if w:find("geoip:") == 1 then
table.insert(geoip, w:sub(1 + #"geoip:"))
else
diff --git a/luci-app-passwall2/luasrc/passwall2/util_xray.lua b/luci-app-passwall2/luasrc/passwall2/util_xray.lua
index 3fd36e507..0508b5ef6 100644
--- a/luci-app-passwall2/luasrc/passwall2/util_xray.lua
+++ b/luci-app-passwall2/luasrc/passwall2/util_xray.lua
@@ -574,6 +574,8 @@ function gen_config(var)
nodes[node_id] = node
end
end
+ local balancers = {}
+ local rules = {}
if local_socks_port then
local inbound = {
@@ -644,8 +646,20 @@ function gen_config(var)
return "balancer-" .. _node_id
end
+ local function gen_loopback(outboundTag, dst_node_id)
+ if not outboundTag then return nil end
+ local inboundTag = dst_node_id and "loop-in-" .. dst_node_id or outboundTag .. "-lo"
+ table.insert(outbounds, {
+ protocol = "loopback",
+ tag = outboundTag,
+ settings = { inboundTag = inboundTag }
+ })
+ return inboundTag
+ end
+
local function gen_balancer(_node, loopbackTag)
local blc_nodes = _node.balancing_node
+ local fallback_node_id = _node.fallback_node
local length = #blc_nodes
local valid_nodes = {}
for i = 1, length do
@@ -668,40 +682,60 @@ function gen_config(var)
end
end
end
+ if fallback_node_id == "" then
+ fallback_node_id = nil
+ end
+ if fallback_node_id then
+ local is_new_node = true
+ for _, outbound in ipairs(outbounds) do
+ if outbound.tag == fallback_node_id then
+ is_new_node = false
+ break
+ end
+ end
+ if is_new_node then
+ local fallback_node = uci:get_all(appname, fallback_node_id)
+ if fallback_node.protocol ~= "_balancing" then
+ local outbound = gen_outbound(flag, fallback_node, fallback_node_id, { fragment = xray_settings.fragment == "1" or nil })
+ if outbound then
+ table.insert(outbounds, outbound)
+ else
+ fallback_node_id = nil
+ end
+ else
+ local valid = gen_balancer(fallback_node)
+ if not valid then
+ fallback_node_id = nil
+ end
+ end
+ end
+ end
- local balancer, rule
+ local valid = nil
if #valid_nodes > 0 then
local balancerTag = get_balancer_tag(_node[".name"])
- balancer = {
+ table.insert(balancers, {
tag = balancerTag,
selector = valid_nodes,
+ fallbackTag = fallback_node_id,
strategy = { type = _node.balancingStrategy or "random" }
- }
- if _node.balancingStrategy == "leastPing" or _node.balancingStrategy == "leastLoad" then
+ })
+ if _node.balancingStrategy == "leastPing" then
if not observatory then
observatory = {
subjectSelector = { "blc-" },
probeUrl = _node.useCustomProbeUrl and _node.probeUrl or nil,
probeInterval = _node.probeInterval or "1m",
- enableConcurrency = (nodes[node_id] and nodes[node_id].type == "Xray") and true or nil --这里只判断顶层节点(分流总节点/单独的负载均衡节点)类型为Xray,就可以启用并发
+ enableConcurrency = true
}
end
end
- if loopbackTag and loopbackTag ~= "" then
- local inboundTag = loopbackTag .. "-in"
- table.insert(outbounds, {
- protocol = "loopback",
- tag = loopbackTag,
- settings = { inboundTag = inboundTag }
- })
- rule = {
- type = "field",
- inboundTag = { inboundTag },
- balancerTag = balancerTag
- }
- end
+ if loopbackTag == nil or loopbackTag =="" then loopbackTag = _node[".name"] end
+ local inboundTag = gen_loopback(loopbackTag, _node[".name"])
+ table.insert(rules, { type = "field", inboundTag = { inboundTag }, balancerTag = balancerTag })
+ valid = true
end
- return balancer, rule
+ return valid
end
local function set_outbound_detour(node, outbound, outbounds_table, shunt_rule_name)
@@ -739,52 +773,10 @@ function gen_config(var)
end
local node = v
if node.protocol == "_shunt" then
- local rules = {}
- local balancers = {}
-
- local preproxy_enabled = node.preproxy_enabled == "1"
- local preproxy_tag = "main"
- local preproxy_node_id = node["main_node"]
- local preproxy_node = preproxy_enabled and preproxy_node_id and uci:get_all(appname, preproxy_node_id) or nil
- local preproxy_is_balancer
-
- if preproxy_node_id and preproxy_node_id:find("Socks_") then
- local socks_id = preproxy_node_id:sub(1 + #"Socks_")
- local socks_node = uci:get_all(appname, socks_id) or nil
- if socks_node then
- local _node = {
- type = "Xray",
- protocol = "socks",
- address = "127.0.0.1",
- port = socks_node.port,
- transport = "tcp",
- stream_security = "none"
- }
- local preproxy_outbound = gen_outbound(flag, _node, preproxy_tag)
- if preproxy_outbound then
- table.insert(outbounds, preproxy_outbound)
- else
- preproxy_enabled = false
- end
- end
- elseif preproxy_node and api.is_normal_node(preproxy_node) then
- local preproxy_outbound = gen_outbound(flag, preproxy_node, preproxy_tag, { fragment = xray_settings.fragment == "1" or nil })
- if preproxy_outbound then
- set_outbound_detour(preproxy_node, preproxy_outbound, outbounds, preproxy_tag)
- table.insert(outbounds, preproxy_outbound)
- else
- preproxy_enabled = false
- end
- elseif preproxy_node and preproxy_node.protocol == "_balancing" then
- preproxy_is_balancer = true
- local preproxy_balancer, preproxy_rule = gen_balancer(preproxy_node, preproxy_tag)
- if preproxy_balancer and preproxy_rule then
- table.insert(balancers, preproxy_balancer)
- table.insert(rules, preproxy_rule)
- else
- preproxy_enabled = false
- end
- end
+ local proxy_tag = "main"
+ local proxy_node_id = node["main_node"]
+ local proxy_node = node.preproxy_enabled == "1" and proxy_node_id or nil
+ local proxy_outboundTag, proxy_balancerTag
local function gen_shunt_node(rule_name, _node_id)
if not rule_name then return nil, nil end
@@ -795,7 +787,7 @@ function gen_config(var)
rule_outboundTag = "direct"
elseif _node_id == "_blackhole" then
rule_outboundTag = "blackhole"
- elseif _node_id == "_default" and rule_name ~= "default" then
+ elseif _node_id == "_default" then
rule_outboundTag = "default"
elseif _node_id:find("Socks_") then
local socks_id = _node_id:sub(1 + #"Socks_")
@@ -809,9 +801,9 @@ function gen_config(var)
transport = "tcp",
stream_security = "none"
}
- local _outbound = gen_outbound(flag, _node, rule_name)
- if _outbound then
- table.insert(outbounds, _outbound)
+ local outbound = gen_outbound(flag, _node, rule_name)
+ if outbound then
+ table.insert(outbounds, outbound)
rule_outboundTag = rule_name
end
end
@@ -820,19 +812,19 @@ function gen_config(var)
if not _node then return nil, nil end
if api.is_normal_node(_node) then
- local proxy = preproxy_enabled and node[rule_name .. "_proxy_tag"] == preproxy_tag and _node_id ~= preproxy_node_id
- if proxy and preproxy_is_balancer then
- local blc_nodes = preproxy_node.balancing_node
- for _, blc_node_id in ipairs(blc_nodes) do
+ local _proxy_node = uci:get_all(appname, proxy_node_id) or nil
+ local use_proxy = _proxy_node and node[rule_name .. "_proxy_tag"] == proxy_tag and _node_id ~= proxy_node_id
+ if use_proxy and proxy_balancerTag then
+ for _, blc_node_id in ipairs(_proxy_node.balancing_node) do
if _node_id == blc_node_id then
- proxy = false
+ use_proxy = false
break
end
end
end
local copied_outbound
for index, value in ipairs(outbounds) do
- if value["_flag_tag"] == _node_id and value["_flag_proxy_tag"] == preproxy_tag then
+ if value["_flag_tag"] == _node_id and value["_flag_proxy_tag"] == proxy_tag then
copied_outbound = api.clone(value)
break
end
@@ -842,70 +834,60 @@ function gen_config(var)
table.insert(outbounds, copied_outbound)
rule_outboundTag = rule_name
else
- if proxy then
- local pre_proxy = nil
- if _node.type ~= "Xray" then
- pre_proxy = true
- end
- if _node.type == "Xray" and _node.flow == "xtls-rprx-vision" then
- pre_proxy = true
- end
- if pre_proxy then
- new_port = get_new_port()
- table.insert(inbounds, {
- tag = "proxy_" .. rule_name,
- listen = "127.0.0.1",
- port = new_port,
- protocol = "dokodemo-door",
- settings = {network = "tcp,udp", address = _node.address, port = tonumber(_node.port)}
- })
- if _node.tls_serverName == nil then
- _node.tls_serverName = _node.address
- end
- _node.address = "127.0.0.1"
- _node.port = new_port
- table.insert(rules, 1, {
- type = "field",
- inboundTag = {"proxy_" .. rule_name},
- outboundTag = is_balancing_proxy and nil or preproxy_tag,
- balancerTag = is_balancing_proxy and get_balancer_tag(proxy_node_id) or nil
- })
+ if use_proxy and (_node.type ~= "Xray" or _node.flow == "xtls-rprx-vision") then
+ new_port = get_new_port()
+ table.insert(inbounds, {
+ tag = "proxy_" .. rule_name,
+ listen = "127.0.0.1",
+ port = new_port,
+ protocol = "dokodemo-door",
+ settings = {network = "tcp,udp", address = _node.address, port = tonumber(_node.port)}
+ })
+ if _node.tls_serverName == nil then
+ _node.tls_serverName = _node.address
end
+ _node.address = "127.0.0.1"
+ _node.port = new_port
+ table.insert(rules, 1, {
+ type = "field",
+ inboundTag = {"proxy_" .. rule_name},
+ outboundTag = proxy_outboundTag,
+ balancerTag = proxy_balancerTag
+ })
end
local proxy_table = {
- proxy = proxy and 1 or 0,
- tag = proxy and preproxy_tag or nil
+ proxy = use_proxy and 1 or 0,
+ tag = use_proxy and proxy_tag or nil
}
if xray_settings.fragment == "1" and not proxy_table.tag then
proxy_table.fragment = true
end
- local _outbound = gen_outbound(flag, _node, rule_name, proxy_table)
- if _outbound then
- set_outbound_detour(_node, _outbound, outbounds, rule_name)
- table.insert(outbounds, _outbound)
- if proxy then preproxy_used = true end
+ local outbound = gen_outbound(flag, _node, rule_name, proxy_table)
+ if outbound then
+ set_outbound_detour(_node, outbound, outbounds, rule_name)
+ table.insert(outbounds, outbound)
rule_outboundTag = rule_name
end
end
elseif _node.protocol == "_balancing" then
local is_new_balancer = true
+ rule_balancerTag = get_balancer_tag(_node_id)
for _, v in ipairs(balancers) do
- if v["_flag_tag"] == _node_id then
+ if v.tag == rule_balancerTag then
is_new_balancer = false
- rule_balancerTag = v.tag
+ gen_loopback(rule_name, _node_id)
break
end
end
if is_new_balancer then
- local balancer = gen_balancer(_node)
- if balancer then
- table.insert(balancers, balancer)
- rule_balancerTag = balancer.tag
+ local valid = gen_balancer(_node, rule_name)
+ if not valid then
+ rule_balancerTag = nil
end
end
elseif _node.protocol == "_iface" then
if _node.iface then
- local _outbound = {
+ local outbound = {
protocol = "freedom",
tag = rule_name,
streamSettings = {
@@ -915,7 +897,7 @@ function gen_config(var)
}
}
}
- table.insert(outbounds, _outbound)
+ table.insert(outbounds, outbound)
rule_outboundTag = rule_name
sys.call("touch /tmp/etc/passwall2/iface/" .. _node.iface)
end
@@ -923,6 +905,14 @@ function gen_config(var)
end
return rule_outboundTag, rule_balancerTag
end
+
+ --proxy_node
+ if proxy_node then
+ proxy_outboundTag, proxy_balancerTag = gen_shunt_node(proxy_tag, proxy_node_id)
+ if not proxy_outboundTag and not proxy_balancerTag then
+ proxy_node = nil
+ end
+ end
--default_node
local default_node_id = node.default_node or "_direct"
local default_outboundTag, default_balancerTag = gen_shunt_node("default", default_node_id)
@@ -965,6 +955,7 @@ function gen_config(var)
}
domains = {}
string.gsub(e.domain_list, '[^' .. "\r\n" .. ']+', function(w)
+ if w:find("#") == 1 then return end
table.insert(domains, w)
table.insert(domain_table.domain, w)
end)
@@ -976,6 +967,7 @@ function gen_config(var)
if e.ip_list then
ip = {}
string.gsub(e.ip_list, '[^' .. "\r\n" .. ']+', function(w)
+ if w:find("#") == 1 then return end
table.insert(ip, w)
end)
end
@@ -1034,12 +1026,13 @@ function gen_config(var)
}
elseif node.protocol == "_balancing" then
if node.balancing_node then
- local balancer = gen_balancer(node)
+ local valid = gen_balancer(node)
+ if valid then
+ table.insert(rules, { type = "field", network = "tcp,udp", balancerTag = get_balancer_tag(node_id) })
+ end
routing = {
- balancers = { balancer },
- rules = {
- { type = "field", network = "tcp,udp", balancerTag = balancer.tag }
- }
+ balancers = balancers,
+ rules = rules
}
end
elseif node.protocol == "_iface" then
@@ -1416,7 +1409,7 @@ function gen_config(var)
-- }
}
}
-
+
if xray_settings.fragment == "1" then
table.insert(outbounds, {
protocol = "freedom",
@@ -1435,9 +1428,9 @@ function gen_config(var)
tcpNoDelay = true
}
}
- })
+ })
end
-
+
table.insert(outbounds, {
protocol = "freedom",
tag = "direct",
diff --git a/luci-app-passwall2/po/zh-cn/passwall2.po b/luci-app-passwall2/po/zh-cn/passwall2.po
index 129acfc19..261539e98 100644
--- a/luci-app-passwall2/po/zh-cn/passwall2.po
+++ b/luci-app-passwall2/po/zh-cn/passwall2.po
@@ -343,6 +343,9 @@ msgstr "负载均衡"
msgid "Balancing Strategy"
msgstr "负载均衡策略"
+msgid "Fallback Node"
+msgstr "后备节点"
+
msgid "Use Custome Probe URL"
msgstr "使用自定义探测网址"
@@ -1003,8 +1006,8 @@ msgstr "完整匹配: 由'full:'开始,余下部分是一个域名。当此域
msgid "Pre-defined domain list: Begining with 'geosite:' and the rest is a name, such as geosite:google or geosite:cn."
msgstr "预定义域名列表:由'geosite:'开头,余下部分是一个名称,如geosite:google或者geosite:cn。"
-msgid "Domains from file: Such as 'ext:file:tag'. The value must begin with ext: (lowercase), and followed by filename and tag. The file is placed in resource directory, and has the same format of geosite.dat. The tag must exist in the file."
-msgstr "从文件中加载域名: 形如'ext:file:tag',必须以ext:(小写)开头,后面跟文件名和标签,文件存放在资源目录中,文件格式与geosite.dat相同,标签必须在文件中存在。"
+msgid "Annotation: Begining with #"
+msgstr "注释: 由 # 开头"
msgid "IP: such as '127.0.0.1'."
msgstr "IP: 形如'127.0.0.1'。"
@@ -1015,9 +1018,6 @@ msgstr "CIDR: 形如'10.0.0.0/8'."
msgid "GeoIP: such as 'geoip:cn'. It begins with geoip: (lower case) and followed by two letter of country code."
msgstr "GeoIP: 形如'geoip:cn',必须以geoip:(小写)开头,后面跟双字符国家代码,支持几乎所有可以上网的国家。"
-msgid "IPs from file: Such as 'ext:file:tag'. The value must begin with ext: (lowercase), and followed by filename and tag. The file is placed in resource directory, and has the same format of geoip.dat. The tag must exist in the file."
-msgstr "从文件中加载 IP: 形如'ext:file:tag',必须以ext:(小写)开头,后面跟文件名和标签,文件存放在资源目录中,文件格式与geoip.dat相同标签必须在文件中存在。"
-
msgid "Clear logs"
msgstr "清空日志"
diff --git a/luci-app-passwall2/root/etc/hotplug.d/iface/98-passwall2 b/luci-app-passwall2/root/etc/hotplug.d/iface/98-passwall2
index 73c746353..b47c6adb8 100644
--- a/luci-app-passwall2/root/etc/hotplug.d/iface/98-passwall2
+++ b/luci-app-passwall2/root/etc/hotplug.d/iface/98-passwall2
@@ -16,7 +16,7 @@
echo $$ > ${LOCK_FILE}
/etc/init.d/passwall2 restart >/dev/null 2>&1 &
- echo "passwall2: restart when $INTERFACE ifup" > /dev/kmsg
+ logger -p notice -t network -s "passwall2: restart when $INTERFACE ifup"
rm -rf ${LOCK_FILE}
}
diff --git a/luci-app-passwall2/root/etc/uci-defaults/luci-passwall2 b/luci-app-passwall2/root/etc/uci-defaults/luci-passwall2
index f7bf289e8..f49a4eca5 100755
--- a/luci-app-passwall2/root/etc/uci-defaults/luci-passwall2
+++ b/luci-app-passwall2/root/etc/uci-defaults/luci-passwall2
@@ -30,46 +30,10 @@ EOF
touch /etc/config/passwall2_show >/dev/null 2>&1
[ ! -s "/etc/config/passwall2" ] && cp -f /usr/share/passwall2/0_default_config /etc/config/passwall2
-use_nft=$(uci -q get passwall2.@global_forwarding[0].use_nft || echo "0")
-[ "${use_nft}" = "0" ] && {
- if [ -z "$(command -v iptables-legacy || command -v iptables)" ] || [ -z "$(command -v ipset)" ] || [ -z "$(dnsmasq --version | grep 'Compile time options:.* ipset')" ]; then
- [ "$(opkg list-installed | grep "firewall4")" ] && [ "$(opkg list-installed | grep "nftables")" ] && {
- [ "$(opkg list-installed | grep "kmod\-nft\-socket")" ] && [ "$(opkg list-installed | grep "kmod\-nft\-tproxy")" ] && [ "$(opkg list-installed | grep "kmod\-nft\-nat")" ] && {
- uci -q set passwall2.@global_forwarding[0].use_nft=1
- uci -q commit passwall2
- sed -i "s#use_nft '0'#use_nft '1'#g" /usr/share/passwall2/0_default_config
- }
- }
- fi
-}
-
-global_xray=$(uci -q get passwall2.@global_xray[0])
-[ -z "${global_xray}" ] && {
- cfgid=$(uci add passwall2 global_xray)
- uci -q set passwall2.${cfgid}.sniffing=$(uci -q get passwall2.@global_forwarding[0].sniffing || echo "1")
- uci -q set passwall2.${cfgid}.route_only=$(uci -q get passwall2.@global_forwarding[0].route_only || echo "0")
- uci -q set passwall2.${cfgid}.buffer_size=$(uci -q get passwall2.@global_forwarding[0].buffer_size || echo "")
-
- uci -q delete passwall2.@global_forwarding[0].sniffing
- uci -q delete passwall2.@global_forwarding[0].route_only
- uci -q delete passwall2.@global_forwarding[0].buffer_size
- uci -q commit passwall2
-}
-
-global_singbox=$(uci -q get passwall2.@global_singbox[0])
-[ -z "${global_singbox}" ] && {
- cfgid=$(uci add passwall2 global_singbox)
- uci -q set passwall2.${cfgid}.sniff_override_destination=0
- uci -q set passwall2.${cfgid}.geoip_path="/tmp/singbox/geoip.db"
- uci -q set passwall2.${cfgid}.geoip_url="https://github.com/SagerNet/sing-geoip/releases/latest/download/geoip.db"
- uci -q set passwall2.${cfgid}.geosite_path="/tmp/singbox/geosite.db"
- uci -q set passwall2.${cfgid}.geosite_url="https://github.com/SagerNet/sing-geosite/releases/latest/download/geosite.db"
- uci -q commit passwall2
-}
-
chmod +x /usr/share/passwall2/*.sh
rm -f /tmp/luci-indexcache
rm -rf /tmp/luci-modulecache/
killall -HUP rpcd 2>/dev/null
+
exit 0
diff --git a/luci-app-passwall2/root/usr/share/passwall2/app.sh b/luci-app-passwall2/root/usr/share/passwall2/app.sh
index 6d00dd2ca..3d653b675 100644
--- a/luci-app-passwall2/root/usr/share/passwall2/app.sh
+++ b/luci-app-passwall2/root/usr/share/passwall2/app.sh
@@ -1026,14 +1026,13 @@ start() {
if [ -n "$(command -v iptables-legacy || command -v iptables)" ] && [ -n "$(command -v ipset)" ] && [ -n "$(dnsmasq --version | grep 'Compile time options:.* ipset')" ]; then
USE_TABLES="iptables"
else
+ echolog "系统未安装iptables或ipset或Dnsmasq没有开启ipset支持,无法使用iptables+ipset透明代理!"
if [ -n "$(command -v fw4)" ] && [ -n "$(command -v nft)" ] && [ -n "$(dnsmasq --version | grep 'Compile time options:.* nftset')" ]; then
echolog "检测到fw4,使用nftables进行透明代理。"
USE_TABLES="nftables"
nftflag=1
config_t_set global_forwarding use_nft 1
uci commit ${CONFIG}
- else
- echolog "系统未安装iptables或ipset或Dnsmasq没有开启ipset支持,无法透明代理!"
fi
fi
else
diff --git a/luci-app-passwall2/root/usr/share/passwall2/helper_dnsmasq.sh b/luci-app-passwall2/root/usr/share/passwall2/helper_dnsmasq.sh
index ec67a2f8c..6a4e6be1b 100755
--- a/luci-app-passwall2/root/usr/share/passwall2/helper_dnsmasq.sh
+++ b/luci-app-passwall2/root/usr/share/passwall2/helper_dnsmasq.sh
@@ -101,7 +101,7 @@ add() {
#始终用国内DNS解析节点域名
servers=$(uci show "${CONFIG}" | grep ".address=" | cut -d "'" -f 2)
- hosts_foreach "servers" host_from_url | grep '[a-zA-Z]$' | sort -u | gen_items settype="${set_type}" setnames="${setflag_4}passwall2_vpslist,${setflag_6}passwall2_vpslist6" dnss="${LOCAL_DNS:-${DEFAULT_DNS}}" outf="${TMP_DNSMASQ_PATH}/10-vpslist_host.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
+ hosts_foreach "servers" host_from_url | grep '[a-zA-Z]$' | sort -u | grep -v "engage.cloudflareclient.com" | gen_items settype="${set_type}" setnames="${setflag_4}passwall2_vpslist,${setflag_6}passwall2_vpslist6" dnss="${LOCAL_DNS:-${DEFAULT_DNS}}" outf="${TMP_DNSMASQ_PATH}/10-vpslist_host.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
echolog " - [$?]节点列表中的域名(vpslist):${DEFAULT_DNS:-默认}"
echo "conf-dir=${TMP_DNSMASQ_PATH}" > $DNSMASQ_CONF_FILE
diff --git a/luci-app-passwall2/root/usr/share/passwall2/iptables.sh b/luci-app-passwall2/root/usr/share/passwall2/iptables.sh
index 38c15f8c4..638d07599 100755
--- a/luci-app-passwall2/root/usr/share/passwall2/iptables.sh
+++ b/luci-app-passwall2/root/usr/share/passwall2/iptables.sh
@@ -868,14 +868,19 @@ del_firewall_rule() {
ip -6 rule del fwmark 1 table 100 2>/dev/null
ip -6 route del local ::/0 dev lo table 100 2>/dev/null
- $DIR/app.sh echolog "删除相关防火墙规则完成。"
+ $DIR/app.sh echolog "删除iptables防火墙规则完成。"
}
flush_ipset() {
- del_firewall_rule
+ $DIR/app.sh echolog "清空 IPSET。"
for _name in $(ipset list | grep "Name: " | grep "passwall2_" | awk '{print $2}'); do
destroy_ipset ${_name}
done
+}
+
+flush_ipset_reload() {
+ del_firewall_rule
+ flush_ipset
rm -rf /tmp/singbox_passwall2_*
/etc/init.d/passwall2 reload
}
@@ -988,6 +993,9 @@ insert_rule_after)
flush_ipset)
flush_ipset
;;
+flush_ipset_reload)
+ flush_ipset_reload
+ ;;
get_ipt_bin)
get_ipt_bin
;;
diff --git a/luci-app-passwall2/root/usr/share/passwall2/nftables.sh b/luci-app-passwall2/root/usr/share/passwall2/nftables.sh
index 9455d4a86..a96fae3eb 100755
--- a/luci-app-passwall2/root/usr/share/passwall2/nftables.sh
+++ b/luci-app-passwall2/root/usr/share/passwall2/nftables.sh
@@ -918,14 +918,19 @@ del_firewall_rule() {
destroy_nftset $NFTSET_LANLIST6
destroy_nftset $NFTSET_VPSLIST6
- $DIR/app.sh echolog "删除相关防火墙规则完成。"
+ $DIR/app.sh echolog "删除nftables防火墙规则完成。"
}
flush_nftset() {
- del_firewall_rule
+ $DIR/app.sh echolog "清空 NFTSET。"
for _name in $(nft -a list sets | grep -E "passwall2" | awk -F 'set ' '{print $2}' | awk '{print $1}'); do
destroy_nftset ${_name}
done
+}
+
+flush_nftset_reload() {
+ del_firewall_rule
+ flush_nftset
rm -rf /tmp/singbox_passwall2_*
/etc/init.d/passwall2 reload
}
@@ -1031,6 +1036,9 @@ insert_rule_after)
flush_nftset)
flush_nftset
;;
+flush_nftset_reload)
+ flush_nftset_reload
+ ;;
get_wan_ip)
get_wan_ip
;;
diff --git a/luci-app-passwall2/root/usr/share/passwall2/rule_update.lua b/luci-app-passwall2/root/usr/share/passwall2/rule_update.lua
index 155f1b2b9..953c18f59 100755
--- a/luci-app-passwall2/root/usr/share/passwall2/rule_update.lua
+++ b/luci-app-passwall2/root/usr/share/passwall2/rule_update.lua
@@ -186,9 +186,9 @@ luci.sys.call("uci commit " .. name)
if reboot == 1 then
log("重启服务,应用新的规则。")
if use_nft == "1" then
- luci.sys.call("sh /usr/share/" .. name .. "/nftables.sh flush_nftset > /dev/null 2>&1 &")
+ luci.sys.call("sh /usr/share/" .. name .. "/nftables.sh flush_nftset_reload > /dev/null 2>&1 &")
else
- luci.sys.call("sh /usr/share/" .. name .. "/iptables.sh flush_ipset > /dev/null 2>&1 &")
+ luci.sys.call("sh /usr/share/" .. name .. "/iptables.sh flush_ipset_reload > /dev/null 2>&1 &")
end
end
log("规则更新完毕...")