From 2b18407aea6d36380718a1aeee6447e1bc05bb0e Mon Sep 17 00:00:00 2001
From: xiaorouji <60100640+xiaorouji@users.noreply.github.com>
Date: Sun, 10 Mar 2024 02:38:27 +0800
Subject: [PATCH] luci: optimise

---
 .../model/cbi/passwall/client/acl_config.lua  | 54 ++++++++++---------
 .../model/cbi/passwall/client/global.lua      |  2 +-
 .../luasrc/view/passwall/global/proxy.htm     |  2 +-
 .../root/usr/share/passwall/app.sh            | 16 +++---
 .../root/usr/share/passwall/iptables.sh       | 16 ++++--
 .../root/usr/share/passwall/nftables.sh       | 18 ++++---
 6 files changed, 63 insertions(+), 45 deletions(-)

diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
index f0e536619..eb310ebf7 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
@@ -151,25 +151,30 @@ o.validate = port_validate
 
 ---- UDP No Redir Ports
 local UDP_NO_REDIR_PORTS = uci:get(appname, "@global_forwarding[0]", "udp_no_redir_ports")
-o = s:option(Value, "udp_no_redir_ports", translate("UDP No Redir Ports"))
+o = s:option(Value, "udp_no_redir_ports", translate("UDP No Redir Ports"),
+			 "<font color='red'>" .. translate(
+				 "Fill in the ports you don't want to be forwarded by the agent, with the highest priority.") ..
+				 "</font>")
 o.default = "default"
 o:value("disable", translate("No patterns are used"))
 o:value("default", translate("Use global config") .. "(" .. UDP_NO_REDIR_PORTS .. ")")
 o:value("1:65535", translate("All"))
 o.validate = port_validate
 
---local TCP_NODE = uci:get(appname, "@global[0]", "tcp_node")
-tcp_node = s:option(ListValue, "tcp_node", "<a style='color: red'>" .. translate("TCP Node") .. "</a>")
-tcp_node.default = "nil"
-tcp_node:value("nil", translate("Close"))
---tcp_node:value("default", translate("Use global config") .. "(" .. TCP_NODE .. ")")
+o = s:option(Flag, "use_global_config", translatef("Use global config"))
+o.default = "0"
+o.rmempty = false
+
+tcp_node = s:option(ListValue, "tcp_node", "<a style='color: red'>" .. translate("TCP Node") .. "</a>")
+tcp_node.default = ""
+tcp_node:value("", translate("Close"))
+tcp_node:depends("use_global_config", false)
 
---local UDP_NODE = uci:get(appname, "@global[0]", "udp_node")
 udp_node = s:option(ListValue, "udp_node", "<a style='color: red'>" .. translate("UDP Node") .. "</a>")
-udp_node.default = "nil"
-udp_node:value("nil", translate("Close"))
---udp_node:value("default", translate("Use global config") .. "(" .. UDP_NODE .. ")")
+udp_node.default = ""
+udp_node:value("", translate("Close"))
 udp_node:value("tcp", translate("Same as the tcp node"))
+udp_node:depends({ tcp_node = "",  ['!reverse'] = true })
 
 for k, v in pairs(nodes_table) do
 	tcp_node:value(v.id, v["remark"])
@@ -184,7 +189,7 @@ o:value("disable", translate("No patterns are used"))
 o:value("default", translate("Default"))
 o.validate = port_validate
 o:value("default", translate("Use global config") .. "(" .. TCP_PROXY_DROP_PORTS .. ")")
-o:depends({ tcp_node = "nil",  ['!reverse'] = true })
+o:depends({ tcp_node = "",  ['!reverse'] = true })
 
 ---- UDP Proxy Drop Ports
 local UDP_PROXY_DROP_PORTS = uci:get(appname, "@global_forwarding[0]", "udp_proxy_drop_ports")
@@ -194,7 +199,7 @@ o:value("disable", translate("No patterns are used"))
 o:value("default", translate("Use global config") .. "(" .. UDP_PROXY_DROP_PORTS .. ")")
 o:value("80,443", translate("QUIC"))
 o.validate = port_validate
-o:depends({ udp_node = "nil",  ['!reverse'] = true })
+o:depends({ udp_node = "",  ['!reverse'] = true })
 
 ---- TCP Redir Ports
 local TCP_REDIR_PORTS = uci:get(appname, "@global_forwarding[0]", "tcp_redir_ports")
@@ -206,7 +211,7 @@ o:value("80,443", "80,443")
 o:value("80:65535", "80 " .. translate("or more"))
 o:value("1:443", "443 " .. translate("or less"))
 o.validate = port_validate
-o:depends({ tcp_node = "nil",  ['!reverse'] = true })
+o:depends({ tcp_node = "",  ['!reverse'] = true })
 
 ---- UDP Redir Ports
 local UDP_REDIR_PORTS = uci:get(appname, "@global_forwarding[0]", "udp_redir_ports")
@@ -216,24 +221,24 @@ o:value("default", translate("Use global config") .. "(" .. UDP_REDIR_PORTS .. "
 o:value("1:65535", translate("All"))
 o:value("53", "53")
 o.validate = port_validate
-o:depends({ udp_node = "nil",  ['!reverse'] = true })
+o:depends({ udp_node = "",  ['!reverse'] = true })
 
 o = s:option(Flag, "use_direct_list", translatef("Use %s", translate("Direct List")))
 o.default = "1"
-o:depends({ tcp_node = "nil",  ['!reverse'] = true })
+o:depends({ tcp_node = "",  ['!reverse'] = true })
 
 o = s:option(Flag, "use_proxy_list", translatef("Use %s", translate("Proxy List")))
 o.default = "1"
-o:depends({ tcp_node = "nil",  ['!reverse'] = true })
+o:depends({ tcp_node = "",  ['!reverse'] = true })
 
 o = s:option(Flag, "use_block_list", translatef("Use %s", translate("Block List")))
 o.default = "1"
-o:depends({ tcp_node = "nil",  ['!reverse'] = true })
+o:depends({ tcp_node = "",  ['!reverse'] = true })
 
 if has_gfwlist then
 	o = s:option(Flag, "use_gfw_list", translatef("Use %s", translate("GFW List")))
 	o.default = "1"
-	o:depends({ tcp_node = "nil",  ['!reverse'] = true })
+	o:depends({ tcp_node = "",  ['!reverse'] = true })
 end
 
 if has_chnlist or has_chnroute then
@@ -242,29 +247,30 @@ if has_chnlist or has_chnroute then
 	o:value("direct", translate("Direct Connection"))
 	o:value("proxy", translate("Proxy"))
 	o.default = "direct"
-	o:depends({ tcp_node = "nil",  ['!reverse'] = true })
+	o:depends({ tcp_node = "",  ['!reverse'] = true })
 end
 
 o = s:option(ListValue, "tcp_proxy_mode", "TCP " .. translate("Proxy Mode"))
 o:value("disable", translate("No Proxy"))
 o:value("proxy", translate("Proxy"))
-o:depends({ tcp_node = "nil",  ['!reverse'] = true })
+o:depends({ tcp_node = "",  ['!reverse'] = true })
 
 o = s:option(ListValue, "udp_proxy_mode", "UDP " .. translate("Proxy Mode"))
 o:value("disable", translate("No Proxy"))
 o:value("proxy", translate("Proxy"))
-o:depends({ udp_node = "nil",  ['!reverse'] = true })
+o:depends({ udp_node = "",  ['!reverse'] = true })
 
-o = s:option(DummyValue, "", " ")
+o = s:option(DummyValue, "switch_mode", " ")
 o.template = appname .. "/global/proxy"
+o:depends({ tcp_node = "",  ['!reverse'] = true })
 
 o = s:option(Flag, "filter_proxy_ipv6", translate("Filter Proxy Host IPv6"), translate("Experimental feature."))
 o.default = "0"
-o:depends({ tcp_node = "nil",  ['!reverse'] = true })
+o:depends({ tcp_node = "",  ['!reverse'] = true })
 
 ---- DNS Forward Mode
 o = s:option(ListValue, "dns_mode", translate("Filter Mode"))
-o:depends({ tcp_node = "nil",  ['!reverse'] = true })
+o:depends({ tcp_node = "",  ['!reverse'] = true })
 if api.is_finded("dns2socks") then
 	o:value("dns2socks", "dns2socks")
 end
diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
index b39e66c3c..0584117b2 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
@@ -449,7 +449,7 @@ udp_proxy_mode:value("disable", translate("No Proxy"))
 udp_proxy_mode:value("proxy", translate("Proxy"))
 udp_proxy_mode.default = "proxy"
 
-o = s:taboption("Proxy", DummyValue, "", " ")
+o = s:taboption("Proxy", DummyValue, "switch_mode", " ")
 o.template = appname .. "/global/proxy"
 
 o = s:taboption("Proxy", Flag, "localhost_proxy", translate("Localhost Proxy"), translate("When selected, localhost can transparent proxy."))
diff --git a/luci-app-passwall/luasrc/view/passwall/global/proxy.htm b/luci-app-passwall/luasrc/view/passwall/global/proxy.htm
index ccdcc3dd0..7271331de 100644
--- a/luci-app-passwall/luasrc/view/passwall/global/proxy.htm
+++ b/luci-app-passwall/luasrc/view/passwall/global/proxy.htm
@@ -1,4 +1,4 @@
-<div class="cbi-value">
+<div class="cbi-value" id="cbi-<%=self.config.."-"..section.."-"..self.option%>" data-index="<%=self.index%>" data-depends="<%=pcdata(self:deplist2json(section))%>">
 	<label class="cbi-value-title">
 		<%:Switch Mode%>
 	</label>
diff --git a/luci-app-passwall/root/usr/share/passwall/app.sh b/luci-app-passwall/root/usr/share/passwall/app.sh
index 452c8c309..57c538831 100755
--- a/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/luci-app-passwall/root/usr/share/passwall/app.sh
@@ -1344,8 +1344,6 @@ acl_app() {
 		dnsmasq_port=11400
 		chinadns_port=11500
 		for item in $items; do
-			local enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_node udp_node filter_proxy_ipv6 dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip
-			local _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port config_file _extra_param
 			sid=$(uci -q show "${CONFIG}.${item}" | grep "=acl_rule" | awk -F '=' '{print $1}' | awk -F '.' '{print $2}')
 			eval $(uci -q show "${CONFIG}.${item}" | cut -d'.' -sf 3-)
 			[ "$enabled" = "1" ] || continue
@@ -1370,8 +1368,9 @@ acl_app() {
 			mkdir -p $TMP_ACL_PATH/$sid
 			echo -e "${rule_list}" | sed '/^$/d' > $TMP_ACL_PATH/$sid/rule_list
 
-			tcp_node=${tcp_node:-default}
-			udp_node=${udp_node:-default}
+			use_global_config=${use_global_config}
+			tcp_node=${tcp_node:-nil}
+			udp_node=${udp_node:-nil}
 			use_direct_list=${use_direct_list:-1}
 			use_proxy_list=${use_proxy_list:-1}
 			use_block_list=${use_block_list:-1}
@@ -1387,8 +1386,11 @@ acl_app() {
 			[ "$dns_mode" = "sing-box" ] && {
 				[ "$v2ray_dns_mode" = "doh" ] && remote_dns=${remote_dns_doh:-https://1.1.1.1/dns-query}
 			}
-			[ "$tcp_proxy_mode" = "default" ] && tcp_proxy_mode=$TCP_PROXY_MODE
-			[ "$udp_proxy_mode" = "default" ] && udp_proxy_mode=$UDP_PROXY_MODE
+			
+			[ "${use_global_config}" = "1" ] & {
+				tcp_node="default"
+				udp_node="default"
+			}
 
 			[ "$tcp_node" != "nil" ] && {
 				if [ "$tcp_node" = "default" ]; then
@@ -1569,7 +1571,7 @@ acl_app() {
 				udp_flag=1
 			}
 			[ -n "$redirect_dns_port" ] && echo "${redirect_dns_port}" > $TMP_ACL_PATH/$sid/var_redirect_dns_port
-			unset enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_node udp_node filter_proxy_ipv6 dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip
+			unset enabled sid remarks sources use_global_config tcp_node udp_node use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode filter_proxy_ipv6 dns_mode remote_dns v2ray_dns_mode remote_dns_doh dns_client_ip
 			unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port config_file _extra_param
 			unset _china_ng_listen _china_ng_chn _china_ng_gfw _gfwlist_file _chnlist_file _china_ng_log_file _no_ipv6_rules _china_ng_extra_param
 			unset redirect_dns_port
diff --git a/luci-app-passwall/root/usr/share/passwall/iptables.sh b/luci-app-passwall/root/usr/share/passwall/iptables.sh
index bcc1e4b9c..08a62150c 100755
--- a/luci-app-passwall/root/usr/share/passwall/iptables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/iptables.sh
@@ -186,12 +186,13 @@ load_acl() {
 
 			tcp_no_redir_ports=${tcp_no_redir_ports:-default}
 			udp_no_redir_ports=${udp_no_redir_ports:-default}
+			use_global_config=${use_global_config:-0}
 			tcp_proxy_drop_ports=${tcp_proxy_drop_ports:-default}
 			udp_proxy_drop_ports=${udp_proxy_drop_ports:-default}
 			tcp_redir_ports=${tcp_redir_ports:-default}
 			udp_redir_ports=${udp_redir_ports:-default}
-			tcp_node=${tcp_node:-default}
-			udp_node=${udp_node:-default}
+			tcp_node=${tcp_node:-nil}
+			udp_node=${udp_node:-nil}
 			use_direct_list=${use_direct_list:-1}
 			use_proxy_list=${use_proxy_list:-1}
 			use_block_list=${use_block_list:-1}
@@ -206,6 +207,11 @@ load_acl() {
 			[ "$tcp_redir_ports" = "default" ] && tcp_redir_ports=$TCP_REDIR_PORTS
 			[ "$udp_redir_ports" = "default" ] && udp_redir_ports=$UDP_REDIR_PORTS
 			
+			[ "${use_global_config}" = "1" ] & {
+				tcp_node="default"
+				udp_node="default"
+			}
+			
 			tcp_node_remark=$(config_n_get $TCP_NODE remarks)
 			udp_node_remark=$(config_n_get $UDP_NODE remarks)
 			[ -s "${TMP_ACL_PATH}/${sid}/var_tcp_node" ] && tcp_node=$(cat ${TMP_ACL_PATH}/${sid}/var_tcp_node)
@@ -243,11 +249,11 @@ load_acl() {
 
 				[ "$tcp_no_redir_ports" != "disable" ] && {
 					if [ "$tcp_no_redir_ports" != "1:65535" ]; then
-						#结束时return，无需多余的规则。
 						$ip6t_m -A PSW $(comment "$remarks") ${_ipt_source} -p tcp -m multiport --dport $tcp_no_redir_ports -j RETURN 2>/dev/null
 						$ipt_tmp -A PSW $(comment "$remarks") ${_ipt_source} -p tcp -m multiport --dport $tcp_no_redir_ports -j RETURN
 						echolog "  - ${msg}不代理TCP端口[${tcp_no_redir_ports}]"
 					else
+						#结束时会return，无需加多余的规则。
 						unset tcp_port
 						echolog "  - ${msg}不代理所有TCP端口"
 					fi
@@ -255,11 +261,11 @@ load_acl() {
 				
 				[ "$udp_no_redir_ports" != "disable" ] && {
 					if [ "$udp_no_redir_ports" != "1:65535" ]; then
-						#结束时return，无需多余的规则。
 						$ip6t_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -m multiport --dport $udp_no_redir_ports -j RETURN 2>/dev/null
 						$ipt_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -m multiport --dport $udp_no_redir_ports -j RETURN
 						echolog "  - ${msg}不代理UDP端口[${udp_no_redir_ports}]"
 					else
+						#结束时会return，无需加多余的规则。
 						unset udp_port
 						echolog "  - ${msg}不代理所有UDP端口"
 					fi
@@ -399,7 +405,7 @@ load_acl() {
 				$ip6t_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN 2>/dev/null
 				$ipt_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN
 			done
-			unset enabled sid remarks sources use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node
+			unset enabled sid remarks sources use_global_config use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node
 			unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark
 			unset ipt_tmp msg msg2
 		done
diff --git a/luci-app-passwall/root/usr/share/passwall/nftables.sh b/luci-app-passwall/root/usr/share/passwall/nftables.sh
index 125d4cb9a..375309ba2 100755
--- a/luci-app-passwall/root/usr/share/passwall/nftables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/nftables.sh
@@ -221,12 +221,13 @@ load_acl() {
 
 			tcp_no_redir_ports=${tcp_no_redir_ports:-default}
 			udp_no_redir_ports=${udp_no_redir_ports:-default}
+			use_global_config=${use_global_config:-0}
 			tcp_proxy_drop_ports=${tcp_proxy_drop_ports:-default}
 			udp_proxy_drop_ports=${udp_proxy_drop_ports:-default}
 			tcp_redir_ports=${tcp_redir_ports:-default}
 			udp_redir_ports=${udp_redir_ports:-default}
-			tcp_node=${tcp_node:-default}
-			udp_node=${udp_node:-default}
+			tcp_node=${tcp_node:-nil}
+			udp_node=${udp_node:-nil}
 			use_direct_list=${use_direct_list:-1}
 			use_proxy_list=${use_proxy_list:-1}
 			use_block_list=${use_block_list:-1}
@@ -240,8 +241,11 @@ load_acl() {
 			[ "$udp_proxy_drop_ports" = "default" ] && udp_proxy_drop_ports=$UDP_PROXY_DROP_PORTS
 			[ "$tcp_redir_ports" = "default" ] && tcp_redir_ports=$TCP_REDIR_PORTS
 			[ "$udp_redir_ports" = "default" ] && udp_redir_ports=$UDP_REDIR_PORTS
-			[ "$tcp_no_redir_ports" = "1:65535" ] && tcp_proxy_mode="disable"
-			[ "$udp_no_redir_ports" = "1:65535" ] && udp_proxy_mode="disable"
+			
+			[ "${use_global_config}" = "1" ] & {
+				tcp_node="default"
+				udp_node="default"
+			}
 
 			tcp_node_remark=$(config_n_get $TCP_NODE remarks)
 			udp_node_remark=$(config_n_get $UDP_NODE remarks)
@@ -277,11 +281,11 @@ load_acl() {
 				
 				[ "$tcp_no_redir_ports" != "disable" ] && {
 					if [ "$tcp_no_redir_ports" != "1:65535" ]; then
-						#结束时return，无需多余的规则。
 						nft "add rule inet fw4 $nft_prerouting_chain ${_ipt_source} ip protocol tcp $(factor $tcp_no_redir_ports "tcp dport") counter return comment \"$remarks\""
 						nft "add rule inet fw4 PSW_MANGLE_V6 ${_ipt_source} meta l4proto tcp $(factor $tcp_no_redir_ports "tcp dport") counter return comment \"$remarks\""
 						echolog "  - ${msg}不代理TCP端口[${tcp_no_redir_ports}]"
 					else
+						#结束时会return，无需加多余的规则。
 						unset tcp_port
 						echolog "  - ${msg}不代理所有TCP端口"
 					fi
@@ -289,11 +293,11 @@ load_acl() {
 				
 				[ "$udp_no_redir_ports" != "disable" ] && {
 					if [ "$udp_no_redir_ports" != "1:65535" ]; then
-						#结束时return，无需多余的规则。
 						nft "add rule inet fw4 PSW_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_no_redir_ports "udp dport") counter return comment \"$remarks\""
 						nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_no_redir_ports "udp dport") counter return comment \"$remarks\"" 2>/dev/null
 						echolog "  - ${msg}不代理UDP端口[${udp_no_redir_ports}]"
 					else
+						#结束时会return，无需加多余的规则。
 						unset udp_port
 						echolog "  - ${msg}不代理所有UDP端口"
 					fi
@@ -438,7 +442,7 @@ load_acl() {
 				nft "add rule inet fw4 PSW_MANGLE ip protocol udp ${_ipt_source} counter return comment \"$remarks\""
 				nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} counter return comment \"$remarks\"" 2>/dev/null
 			done
-			unset enabled sid remarks sources use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node
+			unset enabled sid remarks sources use_global_config use_direct_list use_proxy_list use_block_list use_gfw_list chn_list tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_proxy_drop_ports udp_proxy_drop_ports tcp_redir_ports udp_redir_ports tcp_node udp_node
 			unset _ip _mac _iprange _ipset _ip_or_mac rule_list tcp_port udp_port tcp_node_remark udp_node_remark
 			unset msg msg2
 		done