From 174fc1ed8d6316ad7c1ce014251bc759d847d5ce Mon Sep 17 00:00:00 2001 From: actions Date: Fri, 12 Apr 2024 00:00:07 +0800 Subject: [PATCH] luci-app-passwall2: sync upstream --- luci-app-passwall2/Makefile | 2 +- .../model/cbi/passwall2/client/global.lua | 2 +- .../cbi/passwall2/client/shunt_rules.lua | 7 +- .../model/cbi/passwall2/client/type/ray.lua | 39 ++- .../luasrc/passwall2/util_sing-box.lua | 2 + .../luasrc/passwall2/util_xray.lua | 245 +++++++++--------- luci-app-passwall2/po/zh-cn/passwall2.po | 10 +- .../root/etc/hotplug.d/iface/98-passwall2 | 2 +- .../root/etc/uci-defaults/luci-passwall2 | 38 +-- .../root/usr/share/passwall2/app.sh | 3 +- .../usr/share/passwall2/helper_dnsmasq.sh | 2 +- .../root/usr/share/passwall2/iptables.sh | 12 +- .../root/usr/share/passwall2/nftables.sh | 12 +- .../root/usr/share/passwall2/rule_update.lua | 4 +- 14 files changed, 194 insertions(+), 186 deletions(-) diff --git a/luci-app-passwall2/Makefile b/luci-app-passwall2/Makefile index 346f60212..837428424 100644 --- a/luci-app-passwall2/Makefile +++ b/luci-app-passwall2/Makefile @@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=luci-app-passwall2 -PKG_VERSION:=1.28-5 +PKG_VERSION:=1.28-6 PKG_RELEASE:= PKG_CONFIG_DEPENDS:= \ diff --git a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/global.lua b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/global.lua index c34ab9714..e80474d43 100644 --- a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/global.lua +++ b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/global.lua @@ -316,7 +316,7 @@ o.rmempty = false o = s:taboption("DNS", Button, "clear_ipset", translate("Clear IPSet"), translate("Try this feature if the rule modification does not take effect.")) o.inputstyle = "remove" function o.write(e, e) - luci.sys.call("[ -n \"$(nft list sets 2>/dev/null | grep \"passwall2_\")\" ] && sh /usr/share/" .. appname .. "/nftables.sh flush_nftset || sh /usr/share/" .. appname .. "/iptables.sh flush_ipset > /dev/null 2>&1 &") + luci.sys.call('[ -n "$(nft list sets 2>/dev/null | grep \"passwall2_\")" ] && sh /usr/share/passwall2/nftables.sh flush_nftset_reload || sh /usr/share/passwall2/iptables.sh flush_ipset_reload > /dev/null 2>&1 &') luci.http.redirect(api.url("log")) end diff --git a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/shunt_rules.lua b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/shunt_rules.lua index 3c2546603..9676ffc11 100644 --- a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/shunt_rules.lua +++ b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/shunt_rules.lua @@ -121,6 +121,8 @@ domain_list.validate = function(self, value) flag = 0 elseif host:find("ext:") and host:find("ext:") == 1 then flag = 0 + elseif host:find("#") and host:find("#") == 1 then + flag = 0 end if flag == 1 then if not datatypes.hostname(tmp_host) then @@ -135,7 +137,7 @@ domain_list.description = "
" ip_list = s:option(TextValue, "ip_list", "IP") ip_list.rows = 10 @@ -146,6 +148,7 @@ ip_list.validate = function(self, value) for index, ipmask in ipairs(ipmasks) do if ipmask:find("geoip:") and ipmask:find("geoip:") == 1 then elseif ipmask:find("ext:") and ipmask:find("ext:") == 1 then + elseif ipmask:find("#") and ipmask:find("#") == 1 then else if not (datatypes.ipmask4(ipmask) or datatypes.ipmask6(ipmask)) then return nil, ipmask .. " " .. translate("Not valid IP format, please re-enter!") @@ -157,7 +160,7 @@ end ip_list.description = "
" return m diff --git a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/ray.lua b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/ray.lua index ab2edf0b4..803a38bc2 100644 --- a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/ray.lua +++ b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/ray.lua @@ -49,7 +49,9 @@ o:depends({ [option_name("protocol")] = "_iface" }) local nodes_table = {} local balancers_table = {} +local fallback_table = {} local iface_table = {} +local is_balancer = nil for k, e in ipairs(api.get_valid_nodes()) do if e.node_type == "normal" then nodes_table[#nodes_table + 1] = { @@ -63,6 +65,15 @@ for k, e in ipairs(api.get_valid_nodes()) do id = e[".name"], remark = e["remark"] } + if e[".name"] ~= arg[1] then + fallback_table[#fallback_table + 1] = { + id = e[".name"], + remark = e["remark"], + fallback = e["fallback_node"] + } + else + is_balancer = true + end end if e.protocol == "_iface" then iface_table[#iface_table + 1] = { @@ -90,14 +101,35 @@ for k, v in pairs(nodes_table) do o:value(v.id, v.remark) end local o = s:option(ListValue, option_name("balancingStrategy"), translate("Balancing Strategy")) o:depends({ [option_name("protocol")] = "_balancing" }) o:value("random") +o:value("roundRobin") o:value("leastPing") -o:value("leastLoad") -o.default = "leastLoad" +o.default = "leastPing" + +-- Fallback Node +if api.compare_versions(api.get_app_version("xray"), ">=", "1.8.10") then + local o = s:option(ListValue, option_name("fallback_node"), translate("Fallback Node")) + o:depends({ [option_name("balancingStrategy")] = "leastPing" }) + o:value("",translate("Null")) + o.default = "" + local function check_fallback_chain(fb) + for k, v in pairs(fallback_table) do + if v.fallback == fb then + fallback_table[k] = nil + check_fallback_chain(v.id) + end + end + end + -- 检查fallback链,去掉会形成闭环的balancer节点 + if is_balancer then + check_fallback_chain(arg[1]) + end + for k, v in pairs(fallback_table) do o:value(v.id, v.remark) end + for k, v in pairs(nodes_table) do o:value(v.id, v.remark) end +end -- 探测地址 local o = s:option(Flag, option_name("useCustomProbeUrl"), translate("Use Custome Probe URL"), translate("By default the built-in probe URL will be used, enable this option to use a custom probe URL.")) o:depends({ [option_name("balancingStrategy")] = "leastPing" }) -o:depends({ [option_name("balancingStrategy")] = "leastLoad" }) local o = s:option(Value, option_name("probeUrl"), translate("Probe URL")) o:depends({ [option_name("useCustomProbeUrl")] = true }) @@ -107,7 +139,6 @@ o.description = translate("The URL used to detect the connection status.") -- 探测间隔 local o = s:option(Value, option_name("probeInterval"), translate("Probe Interval")) o:depends({ [option_name("balancingStrategy")] = "leastPing" }) -o:depends({ [option_name("balancingStrategy")] = "leastLoad" }) o.default = "1m" o.description = translate("The interval between initiating probes. Every time this time elapses, a server status check is performed on a server. The time format is numbers + units, such as '10s', '2h45m', and the supported time units are ns, us, ms, s, m, h, which correspond to nanoseconds, microseconds, milliseconds, seconds, minutes, and hours, respectively.") diff --git a/luci-app-passwall2/luasrc/passwall2/util_sing-box.lua b/luci-app-passwall2/luasrc/passwall2/util_sing-box.lua index ff9e57757..05f9f8657 100644 --- a/luci-app-passwall2/luasrc/passwall2/util_sing-box.lua +++ b/luci-app-passwall2/luasrc/passwall2/util_sing-box.lua @@ -1155,6 +1155,7 @@ function gen_config(var) geosite = {}, } string.gsub(e.domain_list, '[^' .. "\r\n" .. ']+', function(w) + if w:find("#") == 1 then return end if w:find("geosite:") == 1 then table.insert(domain_table.geosite, w:sub(1 + #"geosite:")) elseif w:find("regexp:") == 1 then @@ -1183,6 +1184,7 @@ function gen_config(var) local ip_cidr = {} local geoip = {} string.gsub(e.ip_list, '[^' .. "\r\n" .. ']+', function(w) + if w:find("#") == 1 then return end if w:find("geoip:") == 1 then table.insert(geoip, w:sub(1 + #"geoip:")) else diff --git a/luci-app-passwall2/luasrc/passwall2/util_xray.lua b/luci-app-passwall2/luasrc/passwall2/util_xray.lua index 3fd36e507..0508b5ef6 100644 --- a/luci-app-passwall2/luasrc/passwall2/util_xray.lua +++ b/luci-app-passwall2/luasrc/passwall2/util_xray.lua @@ -574,6 +574,8 @@ function gen_config(var) nodes[node_id] = node end end + local balancers = {} + local rules = {} if local_socks_port then local inbound = { @@ -644,8 +646,20 @@ function gen_config(var) return "balancer-" .. _node_id end + local function gen_loopback(outboundTag, dst_node_id) + if not outboundTag then return nil end + local inboundTag = dst_node_id and "loop-in-" .. dst_node_id or outboundTag .. "-lo" + table.insert(outbounds, { + protocol = "loopback", + tag = outboundTag, + settings = { inboundTag = inboundTag } + }) + return inboundTag + end + local function gen_balancer(_node, loopbackTag) local blc_nodes = _node.balancing_node + local fallback_node_id = _node.fallback_node local length = #blc_nodes local valid_nodes = {} for i = 1, length do @@ -668,40 +682,60 @@ function gen_config(var) end end end + if fallback_node_id == "" then + fallback_node_id = nil + end + if fallback_node_id then + local is_new_node = true + for _, outbound in ipairs(outbounds) do + if outbound.tag == fallback_node_id then + is_new_node = false + break + end + end + if is_new_node then + local fallback_node = uci:get_all(appname, fallback_node_id) + if fallback_node.protocol ~= "_balancing" then + local outbound = gen_outbound(flag, fallback_node, fallback_node_id, { fragment = xray_settings.fragment == "1" or nil }) + if outbound then + table.insert(outbounds, outbound) + else + fallback_node_id = nil + end + else + local valid = gen_balancer(fallback_node) + if not valid then + fallback_node_id = nil + end + end + end + end - local balancer, rule + local valid = nil if #valid_nodes > 0 then local balancerTag = get_balancer_tag(_node[".name"]) - balancer = { + table.insert(balancers, { tag = balancerTag, selector = valid_nodes, + fallbackTag = fallback_node_id, strategy = { type = _node.balancingStrategy or "random" } - } - if _node.balancingStrategy == "leastPing" or _node.balancingStrategy == "leastLoad" then + }) + if _node.balancingStrategy == "leastPing" then if not observatory then observatory = { subjectSelector = { "blc-" }, probeUrl = _node.useCustomProbeUrl and _node.probeUrl or nil, probeInterval = _node.probeInterval or "1m", - enableConcurrency = (nodes[node_id] and nodes[node_id].type == "Xray") and true or nil --这里只判断顶层节点(分流总节点/单独的负载均衡节点)类型为Xray,就可以启用并发 + enableConcurrency = true } end end - if loopbackTag and loopbackTag ~= "" then - local inboundTag = loopbackTag .. "-in" - table.insert(outbounds, { - protocol = "loopback", - tag = loopbackTag, - settings = { inboundTag = inboundTag } - }) - rule = { - type = "field", - inboundTag = { inboundTag }, - balancerTag = balancerTag - } - end + if loopbackTag == nil or loopbackTag =="" then loopbackTag = _node[".name"] end + local inboundTag = gen_loopback(loopbackTag, _node[".name"]) + table.insert(rules, { type = "field", inboundTag = { inboundTag }, balancerTag = balancerTag }) + valid = true end - return balancer, rule + return valid end local function set_outbound_detour(node, outbound, outbounds_table, shunt_rule_name) @@ -739,52 +773,10 @@ function gen_config(var) end local node = v if node.protocol == "_shunt" then - local rules = {} - local balancers = {} - - local preproxy_enabled = node.preproxy_enabled == "1" - local preproxy_tag = "main" - local preproxy_node_id = node["main_node"] - local preproxy_node = preproxy_enabled and preproxy_node_id and uci:get_all(appname, preproxy_node_id) or nil - local preproxy_is_balancer - - if preproxy_node_id and preproxy_node_id:find("Socks_") then - local socks_id = preproxy_node_id:sub(1 + #"Socks_") - local socks_node = uci:get_all(appname, socks_id) or nil - if socks_node then - local _node = { - type = "Xray", - protocol = "socks", - address = "127.0.0.1", - port = socks_node.port, - transport = "tcp", - stream_security = "none" - } - local preproxy_outbound = gen_outbound(flag, _node, preproxy_tag) - if preproxy_outbound then - table.insert(outbounds, preproxy_outbound) - else - preproxy_enabled = false - end - end - elseif preproxy_node and api.is_normal_node(preproxy_node) then - local preproxy_outbound = gen_outbound(flag, preproxy_node, preproxy_tag, { fragment = xray_settings.fragment == "1" or nil }) - if preproxy_outbound then - set_outbound_detour(preproxy_node, preproxy_outbound, outbounds, preproxy_tag) - table.insert(outbounds, preproxy_outbound) - else - preproxy_enabled = false - end - elseif preproxy_node and preproxy_node.protocol == "_balancing" then - preproxy_is_balancer = true - local preproxy_balancer, preproxy_rule = gen_balancer(preproxy_node, preproxy_tag) - if preproxy_balancer and preproxy_rule then - table.insert(balancers, preproxy_balancer) - table.insert(rules, preproxy_rule) - else - preproxy_enabled = false - end - end + local proxy_tag = "main" + local proxy_node_id = node["main_node"] + local proxy_node = node.preproxy_enabled == "1" and proxy_node_id or nil + local proxy_outboundTag, proxy_balancerTag local function gen_shunt_node(rule_name, _node_id) if not rule_name then return nil, nil end @@ -795,7 +787,7 @@ function gen_config(var) rule_outboundTag = "direct" elseif _node_id == "_blackhole" then rule_outboundTag = "blackhole" - elseif _node_id == "_default" and rule_name ~= "default" then + elseif _node_id == "_default" then rule_outboundTag = "default" elseif _node_id:find("Socks_") then local socks_id = _node_id:sub(1 + #"Socks_") @@ -809,9 +801,9 @@ function gen_config(var) transport = "tcp", stream_security = "none" } - local _outbound = gen_outbound(flag, _node, rule_name) - if _outbound then - table.insert(outbounds, _outbound) + local outbound = gen_outbound(flag, _node, rule_name) + if outbound then + table.insert(outbounds, outbound) rule_outboundTag = rule_name end end @@ -820,19 +812,19 @@ function gen_config(var) if not _node then return nil, nil end if api.is_normal_node(_node) then - local proxy = preproxy_enabled and node[rule_name .. "_proxy_tag"] == preproxy_tag and _node_id ~= preproxy_node_id - if proxy and preproxy_is_balancer then - local blc_nodes = preproxy_node.balancing_node - for _, blc_node_id in ipairs(blc_nodes) do + local _proxy_node = uci:get_all(appname, proxy_node_id) or nil + local use_proxy = _proxy_node and node[rule_name .. "_proxy_tag"] == proxy_tag and _node_id ~= proxy_node_id + if use_proxy and proxy_balancerTag then + for _, blc_node_id in ipairs(_proxy_node.balancing_node) do if _node_id == blc_node_id then - proxy = false + use_proxy = false break end end end local copied_outbound for index, value in ipairs(outbounds) do - if value["_flag_tag"] == _node_id and value["_flag_proxy_tag"] == preproxy_tag then + if value["_flag_tag"] == _node_id and value["_flag_proxy_tag"] == proxy_tag then copied_outbound = api.clone(value) break end @@ -842,70 +834,60 @@ function gen_config(var) table.insert(outbounds, copied_outbound) rule_outboundTag = rule_name else - if proxy then - local pre_proxy = nil - if _node.type ~= "Xray" then - pre_proxy = true - end - if _node.type == "Xray" and _node.flow == "xtls-rprx-vision" then - pre_proxy = true - end - if pre_proxy then - new_port = get_new_port() - table.insert(inbounds, { - tag = "proxy_" .. rule_name, - listen = "127.0.0.1", - port = new_port, - protocol = "dokodemo-door", - settings = {network = "tcp,udp", address = _node.address, port = tonumber(_node.port)} - }) - if _node.tls_serverName == nil then - _node.tls_serverName = _node.address - end - _node.address = "127.0.0.1" - _node.port = new_port - table.insert(rules, 1, { - type = "field", - inboundTag = {"proxy_" .. rule_name}, - outboundTag = is_balancing_proxy and nil or preproxy_tag, - balancerTag = is_balancing_proxy and get_balancer_tag(proxy_node_id) or nil - }) + if use_proxy and (_node.type ~= "Xray" or _node.flow == "xtls-rprx-vision") then + new_port = get_new_port() + table.insert(inbounds, { + tag = "proxy_" .. rule_name, + listen = "127.0.0.1", + port = new_port, + protocol = "dokodemo-door", + settings = {network = "tcp,udp", address = _node.address, port = tonumber(_node.port)} + }) + if _node.tls_serverName == nil then + _node.tls_serverName = _node.address end + _node.address = "127.0.0.1" + _node.port = new_port + table.insert(rules, 1, { + type = "field", + inboundTag = {"proxy_" .. rule_name}, + outboundTag = proxy_outboundTag, + balancerTag = proxy_balancerTag + }) end local proxy_table = { - proxy = proxy and 1 or 0, - tag = proxy and preproxy_tag or nil + proxy = use_proxy and 1 or 0, + tag = use_proxy and proxy_tag or nil } if xray_settings.fragment == "1" and not proxy_table.tag then proxy_table.fragment = true end - local _outbound = gen_outbound(flag, _node, rule_name, proxy_table) - if _outbound then - set_outbound_detour(_node, _outbound, outbounds, rule_name) - table.insert(outbounds, _outbound) - if proxy then preproxy_used = true end + local outbound = gen_outbound(flag, _node, rule_name, proxy_table) + if outbound then + set_outbound_detour(_node, outbound, outbounds, rule_name) + table.insert(outbounds, outbound) rule_outboundTag = rule_name end end elseif _node.protocol == "_balancing" then local is_new_balancer = true + rule_balancerTag = get_balancer_tag(_node_id) for _, v in ipairs(balancers) do - if v["_flag_tag"] == _node_id then + if v.tag == rule_balancerTag then is_new_balancer = false - rule_balancerTag = v.tag + gen_loopback(rule_name, _node_id) break end end if is_new_balancer then - local balancer = gen_balancer(_node) - if balancer then - table.insert(balancers, balancer) - rule_balancerTag = balancer.tag + local valid = gen_balancer(_node, rule_name) + if not valid then + rule_balancerTag = nil end end elseif _node.protocol == "_iface" then if _node.iface then - local _outbound = { + local outbound = { protocol = "freedom", tag = rule_name, streamSettings = { @@ -915,7 +897,7 @@ function gen_config(var) } } } - table.insert(outbounds, _outbound) + table.insert(outbounds, outbound) rule_outboundTag = rule_name sys.call("touch /tmp/etc/passwall2/iface/" .. _node.iface) end @@ -923,6 +905,14 @@ function gen_config(var) end return rule_outboundTag, rule_balancerTag end + + --proxy_node + if proxy_node then + proxy_outboundTag, proxy_balancerTag = gen_shunt_node(proxy_tag, proxy_node_id) + if not proxy_outboundTag and not proxy_balancerTag then + proxy_node = nil + end + end --default_node local default_node_id = node.default_node or "_direct" local default_outboundTag, default_balancerTag = gen_shunt_node("default", default_node_id) @@ -965,6 +955,7 @@ function gen_config(var) } domains = {} string.gsub(e.domain_list, '[^' .. "\r\n" .. ']+', function(w) + if w:find("#") == 1 then return end table.insert(domains, w) table.insert(domain_table.domain, w) end) @@ -976,6 +967,7 @@ function gen_config(var) if e.ip_list then ip = {} string.gsub(e.ip_list, '[^' .. "\r\n" .. ']+', function(w) + if w:find("#") == 1 then return end table.insert(ip, w) end) end @@ -1034,12 +1026,13 @@ function gen_config(var) } elseif node.protocol == "_balancing" then if node.balancing_node then - local balancer = gen_balancer(node) + local valid = gen_balancer(node) + if valid then + table.insert(rules, { type = "field", network = "tcp,udp", balancerTag = get_balancer_tag(node_id) }) + end routing = { - balancers = { balancer }, - rules = { - { type = "field", network = "tcp,udp", balancerTag = balancer.tag } - } + balancers = balancers, + rules = rules } end elseif node.protocol == "_iface" then @@ -1416,7 +1409,7 @@ function gen_config(var) -- } } } - + if xray_settings.fragment == "1" then table.insert(outbounds, { protocol = "freedom", @@ -1435,9 +1428,9 @@ function gen_config(var) tcpNoDelay = true } } - }) + }) end - + table.insert(outbounds, { protocol = "freedom", tag = "direct", diff --git a/luci-app-passwall2/po/zh-cn/passwall2.po b/luci-app-passwall2/po/zh-cn/passwall2.po index 129acfc19..261539e98 100644 --- a/luci-app-passwall2/po/zh-cn/passwall2.po +++ b/luci-app-passwall2/po/zh-cn/passwall2.po @@ -343,6 +343,9 @@ msgstr "负载均衡" msgid "Balancing Strategy" msgstr "负载均衡策略" +msgid "Fallback Node" +msgstr "后备节点" + msgid "Use Custome Probe URL" msgstr "使用自定义探测网址" @@ -1003,8 +1006,8 @@ msgstr "完整匹配: 由'full:'开始,余下部分是一个域名。当此域 msgid "Pre-defined domain list: Begining with 'geosite:' and the rest is a name, such as geosite:google or geosite:cn." msgstr "预定义域名列表:由'geosite:'开头,余下部分是一个名称,如geosite:google或者geosite:cn。" -msgid "Domains from file: Such as 'ext:file:tag'. The value must begin with ext: (lowercase), and followed by filename and tag. The file is placed in resource directory, and has the same format of geosite.dat. The tag must exist in the file." -msgstr "从文件中加载域名: 形如'ext:file:tag',必须以ext:(小写)开头,后面跟文件名和标签,文件存放在资源目录中,文件格式与geosite.dat相同,标签必须在文件中存在。" +msgid "Annotation: Begining with #" +msgstr "注释: 由 # 开头" msgid "IP: such as '127.0.0.1'." msgstr "IP: 形如'127.0.0.1'。" @@ -1015,9 +1018,6 @@ msgstr "CIDR: 形如'10.0.0.0/8'." msgid "GeoIP: such as 'geoip:cn'. It begins with geoip: (lower case) and followed by two letter of country code." msgstr "GeoIP: 形如'geoip:cn',必须以geoip:(小写)开头,后面跟双字符国家代码,支持几乎所有可以上网的国家。" -msgid "IPs from file: Such as 'ext:file:tag'. The value must begin with ext: (lowercase), and followed by filename and tag. The file is placed in resource directory, and has the same format of geoip.dat. The tag must exist in the file." -msgstr "从文件中加载 IP: 形如'ext:file:tag',必须以ext:(小写)开头,后面跟文件名和标签,文件存放在资源目录中,文件格式与geoip.dat相同标签必须在文件中存在。" - msgid "Clear logs" msgstr "清空日志" diff --git a/luci-app-passwall2/root/etc/hotplug.d/iface/98-passwall2 b/luci-app-passwall2/root/etc/hotplug.d/iface/98-passwall2 index 73c746353..b47c6adb8 100644 --- a/luci-app-passwall2/root/etc/hotplug.d/iface/98-passwall2 +++ b/luci-app-passwall2/root/etc/hotplug.d/iface/98-passwall2 @@ -16,7 +16,7 @@ echo $$ > ${LOCK_FILE} /etc/init.d/passwall2 restart >/dev/null 2>&1 & - echo "passwall2: restart when $INTERFACE ifup" > /dev/kmsg + logger -p notice -t network -s "passwall2: restart when $INTERFACE ifup" rm -rf ${LOCK_FILE} } diff --git a/luci-app-passwall2/root/etc/uci-defaults/luci-passwall2 b/luci-app-passwall2/root/etc/uci-defaults/luci-passwall2 index f7bf289e8..f49a4eca5 100755 --- a/luci-app-passwall2/root/etc/uci-defaults/luci-passwall2 +++ b/luci-app-passwall2/root/etc/uci-defaults/luci-passwall2 @@ -30,46 +30,10 @@ EOF touch /etc/config/passwall2_show >/dev/null 2>&1 [ ! -s "/etc/config/passwall2" ] && cp -f /usr/share/passwall2/0_default_config /etc/config/passwall2 -use_nft=$(uci -q get passwall2.@global_forwarding[0].use_nft || echo "0") -[ "${use_nft}" = "0" ] && { - if [ -z "$(command -v iptables-legacy || command -v iptables)" ] || [ -z "$(command -v ipset)" ] || [ -z "$(dnsmasq --version | grep 'Compile time options:.* ipset')" ]; then - [ "$(opkg list-installed | grep "firewall4")" ] && [ "$(opkg list-installed | grep "nftables")" ] && { - [ "$(opkg list-installed | grep "kmod\-nft\-socket")" ] && [ "$(opkg list-installed | grep "kmod\-nft\-tproxy")" ] && [ "$(opkg list-installed | grep "kmod\-nft\-nat")" ] && { - uci -q set passwall2.@global_forwarding[0].use_nft=1 - uci -q commit passwall2 - sed -i "s#use_nft '0'#use_nft '1'#g" /usr/share/passwall2/0_default_config - } - } - fi -} - -global_xray=$(uci -q get passwall2.@global_xray[0]) -[ -z "${global_xray}" ] && { - cfgid=$(uci add passwall2 global_xray) - uci -q set passwall2.${cfgid}.sniffing=$(uci -q get passwall2.@global_forwarding[0].sniffing || echo "1") - uci -q set passwall2.${cfgid}.route_only=$(uci -q get passwall2.@global_forwarding[0].route_only || echo "0") - uci -q set passwall2.${cfgid}.buffer_size=$(uci -q get passwall2.@global_forwarding[0].buffer_size || echo "") - - uci -q delete passwall2.@global_forwarding[0].sniffing - uci -q delete passwall2.@global_forwarding[0].route_only - uci -q delete passwall2.@global_forwarding[0].buffer_size - uci -q commit passwall2 -} - -global_singbox=$(uci -q get passwall2.@global_singbox[0]) -[ -z "${global_singbox}" ] && { - cfgid=$(uci add passwall2 global_singbox) - uci -q set passwall2.${cfgid}.sniff_override_destination=0 - uci -q set passwall2.${cfgid}.geoip_path="/tmp/singbox/geoip.db" - uci -q set passwall2.${cfgid}.geoip_url="https://github.com/SagerNet/sing-geoip/releases/latest/download/geoip.db" - uci -q set passwall2.${cfgid}.geosite_path="/tmp/singbox/geosite.db" - uci -q set passwall2.${cfgid}.geosite_url="https://github.com/SagerNet/sing-geosite/releases/latest/download/geosite.db" - uci -q commit passwall2 -} - chmod +x /usr/share/passwall2/*.sh rm -f /tmp/luci-indexcache rm -rf /tmp/luci-modulecache/ killall -HUP rpcd 2>/dev/null + exit 0 diff --git a/luci-app-passwall2/root/usr/share/passwall2/app.sh b/luci-app-passwall2/root/usr/share/passwall2/app.sh index 6d00dd2ca..3d653b675 100644 --- a/luci-app-passwall2/root/usr/share/passwall2/app.sh +++ b/luci-app-passwall2/root/usr/share/passwall2/app.sh @@ -1026,14 +1026,13 @@ start() { if [ -n "$(command -v iptables-legacy || command -v iptables)" ] && [ -n "$(command -v ipset)" ] && [ -n "$(dnsmasq --version | grep 'Compile time options:.* ipset')" ]; then USE_TABLES="iptables" else + echolog "系统未安装iptables或ipset或Dnsmasq没有开启ipset支持,无法使用iptables+ipset透明代理!" if [ -n "$(command -v fw4)" ] && [ -n "$(command -v nft)" ] && [ -n "$(dnsmasq --version | grep 'Compile time options:.* nftset')" ]; then echolog "检测到fw4,使用nftables进行透明代理。" USE_TABLES="nftables" nftflag=1 config_t_set global_forwarding use_nft 1 uci commit ${CONFIG} - else - echolog "系统未安装iptables或ipset或Dnsmasq没有开启ipset支持,无法透明代理!" fi fi else diff --git a/luci-app-passwall2/root/usr/share/passwall2/helper_dnsmasq.sh b/luci-app-passwall2/root/usr/share/passwall2/helper_dnsmasq.sh index ec67a2f8c..6a4e6be1b 100755 --- a/luci-app-passwall2/root/usr/share/passwall2/helper_dnsmasq.sh +++ b/luci-app-passwall2/root/usr/share/passwall2/helper_dnsmasq.sh @@ -101,7 +101,7 @@ add() { #始终用国内DNS解析节点域名 servers=$(uci show "${CONFIG}" | grep ".address=" | cut -d "'" -f 2) - hosts_foreach "servers" host_from_url | grep '[a-zA-Z]$' | sort -u | gen_items settype="${set_type}" setnames="${setflag_4}passwall2_vpslist,${setflag_6}passwall2_vpslist6" dnss="${LOCAL_DNS:-${DEFAULT_DNS}}" outf="${TMP_DNSMASQ_PATH}/10-vpslist_host.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf" + hosts_foreach "servers" host_from_url | grep '[a-zA-Z]$' | sort -u | grep -v "engage.cloudflareclient.com" | gen_items settype="${set_type}" setnames="${setflag_4}passwall2_vpslist,${setflag_6}passwall2_vpslist6" dnss="${LOCAL_DNS:-${DEFAULT_DNS}}" outf="${TMP_DNSMASQ_PATH}/10-vpslist_host.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf" echolog " - [$?]节点列表中的域名(vpslist):${DEFAULT_DNS:-默认}" echo "conf-dir=${TMP_DNSMASQ_PATH}" > $DNSMASQ_CONF_FILE diff --git a/luci-app-passwall2/root/usr/share/passwall2/iptables.sh b/luci-app-passwall2/root/usr/share/passwall2/iptables.sh index 38c15f8c4..638d07599 100755 --- a/luci-app-passwall2/root/usr/share/passwall2/iptables.sh +++ b/luci-app-passwall2/root/usr/share/passwall2/iptables.sh @@ -868,14 +868,19 @@ del_firewall_rule() { ip -6 rule del fwmark 1 table 100 2>/dev/null ip -6 route del local ::/0 dev lo table 100 2>/dev/null - $DIR/app.sh echolog "删除相关防火墙规则完成。" + $DIR/app.sh echolog "删除iptables防火墙规则完成。" } flush_ipset() { - del_firewall_rule + $DIR/app.sh echolog "清空 IPSET。" for _name in $(ipset list | grep "Name: " | grep "passwall2_" | awk '{print $2}'); do destroy_ipset ${_name} done +} + +flush_ipset_reload() { + del_firewall_rule + flush_ipset rm -rf /tmp/singbox_passwall2_* /etc/init.d/passwall2 reload } @@ -988,6 +993,9 @@ insert_rule_after) flush_ipset) flush_ipset ;; +flush_ipset_reload) + flush_ipset_reload + ;; get_ipt_bin) get_ipt_bin ;; diff --git a/luci-app-passwall2/root/usr/share/passwall2/nftables.sh b/luci-app-passwall2/root/usr/share/passwall2/nftables.sh index 9455d4a86..a96fae3eb 100755 --- a/luci-app-passwall2/root/usr/share/passwall2/nftables.sh +++ b/luci-app-passwall2/root/usr/share/passwall2/nftables.sh @@ -918,14 +918,19 @@ del_firewall_rule() { destroy_nftset $NFTSET_LANLIST6 destroy_nftset $NFTSET_VPSLIST6 - $DIR/app.sh echolog "删除相关防火墙规则完成。" + $DIR/app.sh echolog "删除nftables防火墙规则完成。" } flush_nftset() { - del_firewall_rule + $DIR/app.sh echolog "清空 NFTSET。" for _name in $(nft -a list sets | grep -E "passwall2" | awk -F 'set ' '{print $2}' | awk '{print $1}'); do destroy_nftset ${_name} done +} + +flush_nftset_reload() { + del_firewall_rule + flush_nftset rm -rf /tmp/singbox_passwall2_* /etc/init.d/passwall2 reload } @@ -1031,6 +1036,9 @@ insert_rule_after) flush_nftset) flush_nftset ;; +flush_nftset_reload) + flush_nftset_reload + ;; get_wan_ip) get_wan_ip ;; diff --git a/luci-app-passwall2/root/usr/share/passwall2/rule_update.lua b/luci-app-passwall2/root/usr/share/passwall2/rule_update.lua index 155f1b2b9..953c18f59 100755 --- a/luci-app-passwall2/root/usr/share/passwall2/rule_update.lua +++ b/luci-app-passwall2/root/usr/share/passwall2/rule_update.lua @@ -186,9 +186,9 @@ luci.sys.call("uci commit " .. name) if reboot == 1 then log("重启服务,应用新的规则。") if use_nft == "1" then - luci.sys.call("sh /usr/share/" .. name .. "/nftables.sh flush_nftset > /dev/null 2>&1 &") + luci.sys.call("sh /usr/share/" .. name .. "/nftables.sh flush_nftset_reload > /dev/null 2>&1 &") else - luci.sys.call("sh /usr/share/" .. name .. "/iptables.sh flush_ipset > /dev/null 2>&1 &") + luci.sys.call("sh /usr/share/" .. name .. "/iptables.sh flush_ipset_reload > /dev/null 2>&1 &") end end log("规则更新完毕...")