nikki: sync upstream

last commit: a73c3678e8
2025-03-15 01:00:27 +08:00 · 2025-03-15 01:00:27 +08:00 · 2d2c13e1ee
commit 2d2c13e1ee
parent e31f33a586
5 changed files with 41 additions and 18 deletions
--- a/nikki/Makefile
+++ b/nikki/Makefile
@ -5,9 +5,9 @@ PKG_RELEASE:=1
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/MetaCubeX/mihomo.git
-PKG_SOURCE_DATE:=2025-03-10
+PKG_SOURCE_DATE:=2025-03-14
-PKG_SOURCE_VERSION:=c0de3c0e42dcbd7f6176143b00741f7774b70a08
+PKG_SOURCE_VERSION:=1e22f4daa964c54abea4c8b0f09f8171398a2821
-PKG_MIRROR_HASH:=1131cc9abde1cfbc0c5f5c228e835e2d5ce630565db661b7297f286c019da950
+PKG_MIRROR_HASH:=0b65cd12cb6927b118d3802303b97dbc3299db1b3e6d8a849dedb32a276c30ff
 PKG_LICENSE:=GPL3.0+
 PKG_MAINTAINER:=Joseph Mory <morytyann@gmail.com>
@ -16,7 +16,7 @@ PKG_BUILD_DEPENDS:=golang/host
 PKG_BUILD_PARALLEL:=1
 PKG_BUILD_FLAGS:=no-mips16
-PKG_BUILD_VERSION:=alpha-c0de3c0
+PKG_BUILD_VERSION:=alpha-1e22f4d
 PKG_BUILD_TIME:=$(shell date -u -Iseconds)
 GO_PKG:=github.com/metacubex/mihomo
@ -33,7 +33,6 @@ define Package/nikki
  URL:=https://wiki.metacubex.one
  DEPENDS:=$(GO_ARCH_DEPENDS) +ca-bundle +curl +yq firewall4 +ip-full +kmod-inet-diag +kmod-nft-tproxy +kmod-tun
  PROVIDES:=nikki mihomo
  USERID:=root:nikki=1206
 endef
 define Package/nikki/description
--- a/nikki/files/nikki.init
+++ b/nikki/files/nikki.init
@ -122,8 +122,6 @@ start_service() {
 		procd_set_param reload_signal HUP
 	fi
 	procd_set_param respawn
 	procd_set_param user "$NIKKI_USER"
 	procd_set_param group "$NIKKI_GROUP"
 	procd_set_param limits core="unlimited" nofile="1048576 1048576"
--- a/nikki/files/scripts/include.sh
+++ b/nikki/files/scripts/include.sh
@ -1,9 +1,5 @@
 #!/bin/sh
 # permission
 NIKKI_USER="root"
 NIKKI_GROUP="nikki"
 # routing
 TPROXY_FW_MARK="0x80"
 TUN_FW_MARK="0x81"
--- a/nikki/files/ucode/hijack.ut
+++ b/nikki/files/ucode/hijack.ut
@ -3,13 +3,13 @@
 {%-
 	'use strict';
 	import { readfile } from 'fs';
 	import { cursor } from 'uci';
 	import { connect } from 'ubus';
-	import { uci_bool, uci_array } from '/etc/nikki/ucode/include.uc';
+	import { uci_bool, uci_array, get_users, get_groups, get_cgroups } from '/etc/nikki/ucode/include.uc';
-	const users = map(split(readfile('/etc/passwd'), '\n'), (x) => split(x, ':')[0]);
+	const users = get_users();
-	const groups = map(split(readfile('/etc/group'), '\n'), (x) => split(x, ':')[0]);
+	const groups = get_groups();
 	const cgroups = get_cgroups();
 	const uci = cursor();
 	const ubus = connect();
@ -41,8 +41,9 @@
 	const acl_mac = uci_array(uci.get('nikki', 'proxy', 'acl_mac'));
 	const acl_interface = uci_array(uci.get('nikki', 'proxy', 'acl_interface'));
-	const bypass_user = filter(uci_array(uci.get('nikki', 'proxy', 'bypass_user')), (x) => x != "root" && index(users, x) >= 0);
+	const bypass_user = filter(uci_array(uci.get('nikki', 'proxy', 'bypass_user')), (x) => x != 'root' && index(users, x) >= 0);
-	const bypass_group = filter(uci_array(uci.get('nikki', 'proxy', 'bypass_group')), (x) => x != "root" && index(groups, x) >= 0);
+	const bypass_group = filter(uci_array(uci.get('nikki', 'proxy', 'bypass_group')), (x) => x != 'root' && index(groups, x) >= 0);
 	const bypass_cgroup = filter(uci_array(uci.get('nikki', 'proxy', 'bypass_cgroup')), (x) => x != 'nikki' && index(cgroups, x) >= 0);
 	const bypass_dscp = uci_array(uci.get('nikki', 'proxy', 'bypass_dscp'));
 	const bypass_china_mainland_ip = uci_bool(uci.get('nikki', 'proxy', 'bypass_china_mainland_ip'));
 	const proxy_tcp_dport = split((uci.get('nikki', 'proxy', 'proxy_tcp_dport') ?? '0-65535'), ' ');
@ -80,7 +81,7 @@
 		push(proxy_dport, `udp . ${port}`);
 	}
-	push(bypass_group, nikki_group);
+	push(bypass_cgroup, 'nikki');
 -%}
 table inet nikki {
@ -134,6 +135,19 @@ table inet nikki {
 		{% endif %}
 	}
 	set bypass_cgroup {
 		type cgroupsv2
 		flags interval
 		auto-merge
 		{% if (length(bypass_cgroup) > 0): %}
 		elements = {
 			{% for (let x in bypass_cgroup): %}
 			services/{{ x }},
 			{% endfor %}
 		}
 		{% endif %}
 	}
 	set reserved_ip {
 		type ipv4_addr
 		flags interval
@ -305,6 +319,7 @@ table inet nikki {
 	{% if (router_proxy): %}
 	chain nat_output {
 		type nat hook output priority filter; policy accept;
 		socket cgroupv2 level 2 @bypass_cgroup counter return
 		meta skuid @bypass_user counter return
 		meta skgid @bypass_group counter return
 		meta nfproto @dns_hijack_nfproto meta l4proto { tcp, udp } th dport 53 counter redirect to :{{ dns_port }}
@ -328,6 +343,7 @@ table inet nikki {
 	chain mangle_output {
 		type route hook output priority mangle; policy accept;
 		socket cgroupv2 level 2 @bypass_cgroup counter return
 		meta skuid @bypass_user counter return
 		meta skgid @bypass_group counter return
 		fib daddr type { local, multicast, broadcast, anycast } counter return
--- a/nikki/files/ucode/include.uc
+++ b/nikki/files/ucode/include.uc
@ -1,3 +1,5 @@
 import { readfile, lsdir, lstat } from 'fs';
 export function uci_bool(obj) {
 	return obj == null ? null : obj == '1';
 };
@ -47,3 +49,15 @@ export function trim_all(obj) {
 	}
 	return obj;
 };
 export function get_users() {
 	return map(split(readfile('/etc/passwd'), '\n'), (x) => split(x, ':')[0]);
 };
 export function get_groups() {
 	return map(split(readfile('/etc/group'), '\n'), (x) => split(x, ':')[0]);
 };
 export function get_cgroups() {
 	return filter(lsdir('/sys/fs/cgroup/services'), (x) => lstat(`/sys/fs/cgroup/services/${x}`).type == 'directory');
 };