zhao/openwrt_helloworld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

luci-app-passwall2: sync upstream

Browse Source 
last commit: 00bcc2ef5c
This commit is contained in:
gitea-action 2025-01-02 22:30:17 +08:00
parent 11c866739c
commit 41429adb78
11 changed files with 211 additions and 180 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
luci-app-passwall2/Makefile
View File

@ -1,4 +1,4 @@
# Copyright (C) 2022-2023 xiaorouji # Copyright (C) 2022-2025 xiaorouji
# #
# This is free software, licensed under the GNU General Public License v3. # This is free software, licensed under the GNU General Public License v3.

39
luci-app-passwall2/luasrc/controller/passwall2.lua
View File

@ -1,9 +1,9 @@
-- Copyright (C) 2022-2023 xiaorouji -- Copyright (C) 2022-2025 xiaorouji
module("luci.controller.passwall2", package.seeall) module("luci.controller.passwall2", package.seeall)
local api = require "luci.passwall2.api" local api = require "luci.passwall2.api"
local appname = api.appname -- not available local appname = api.appname -- not available
local uci = api.libuci -- in funtion index() local uci = api.uci -- in funtion index()
local http = require "luci.http" local http = require "luci.http"
local util = require "luci.util" local util = require "luci.util"
local i18n = require "luci.i18n" local i18n = require "luci.i18n"
@ -15,8 +15,8 @@ function index()
else return end else return end
end end
local api = require "luci.passwall2.api" local api = require "luci.passwall2.api"
local appname = "passwall2" -- global definitions not available local appname = api.appname -- global definitions not available
local uci = api.libuci -- in function index() local uci = api.uci -- in function index()
entry({"admin", "services", appname}).dependent = true entry({"admin", "services", appname}).dependent = true
entry({"admin", "services", appname, "reset_config"}, call("reset_config")).leaf = true entry({"admin", "services", appname, "reset_config"}, call("reset_config")).leaf = true
entry({"admin", "services", appname, "show"}, call("show_menu")).leaf = true entry({"admin", "services", appname, "show"}, call("show_menu")).leaf = true
@ -99,7 +99,7 @@ end
function show_menu() function show_menu()
uci:delete(appname, "@global[0]", "hide_from_luci") uci:delete(appname, "@global[0]", "hide_from_luci")
uci:commit(appname) api.uci_save(uci, appname, true)
luci.sys.call("rm -rf /tmp/luci-*") luci.sys.call("rm -rf /tmp/luci-*")
luci.sys.call("/etc/init.d/rpcd restart >/dev/null") luci.sys.call("/etc/init.d/rpcd restart >/dev/null")
luci.http.redirect(api.url()) luci.http.redirect(api.url())
@ -107,7 +107,7 @@ end
function hide_menu() function hide_menu()
uci:set(appname, "@global[0]", "hide_from_luci","1") uci:set(appname, "@global[0]", "hide_from_luci","1")
uci:commit(appname) api.uci_save(uci, appname, true)
luci.sys.call("rm -rf /tmp/luci-*") luci.sys.call("rm -rf /tmp/luci-*")
luci.sys.call("/etc/init.d/rpcd restart >/dev/null") luci.sys.call("/etc/init.d/rpcd restart >/dev/null")
luci.http.redirect(luci.dispatcher.build_url("admin", "status", "overview")) luci.http.redirect(luci.dispatcher.build_url("admin", "status", "overview"))
@ -124,6 +124,7 @@ function socks_autoswitch_add_node()
local id = luci.http.formvalue("id") local id = luci.http.formvalue("id")
local key = luci.http.formvalue("key") local key = luci.http.formvalue("key")
if id and id ~= "" and key and key ~= "" then if id and id ~= "" and key and key ~= "" then
uci:set(appname, id, "enable_autoswitch", "1")
local new_list = uci:get(appname, id, "autoswitch_backup_node") or {} local new_list = uci:get(appname, id, "autoswitch_backup_node") or {}
for i = #new_list, 1, -1 do for i = #new_list, 1, -1 do
if (uci:get(appname, new_list[i], "remarks") or ""):find(key) then if (uci:get(appname, new_list[i], "remarks") or ""):find(key) then
@ -135,8 +136,8 @@ function socks_autoswitch_add_node()
table.insert(new_list, e.id) table.insert(new_list, e.id)
end end
end end
api.uci_set_list(uci, appname, id, "autoswitch_backup_node", new_list) uci:set_list(appname, id, "autoswitch_backup_node", new_list)
uci:commit(appname) api.uci_save(uci, appname)
end end
luci.http.redirect(api.url("socks_config", id)) luci.http.redirect(api.url("socks_config", id))
end end
@ -145,14 +146,15 @@ function socks_autoswitch_remove_node()
local id = luci.http.formvalue("id") local id = luci.http.formvalue("id")
local key = luci.http.formvalue("key") local key = luci.http.formvalue("key")
if id and id ~= "" and key and key ~= "" then if id and id ~= "" and key and key ~= "" then
uci:set(appname, id, "enable_autoswitch", "1")
local new_list = uci:get(appname, id, "autoswitch_backup_node") or {} local new_list = uci:get(appname, id, "autoswitch_backup_node") or {}
for i = #new_list, 1, -1 do for i = #new_list, 1, -1 do
if (uci:get(appname, new_list[i], "remarks") or ""):find(key) then if (uci:get(appname, new_list[i], "remarks") or ""):find(key) then
table.remove(new_list, i) table.remove(new_list, i)
end end
end end
api.uci_set_list(uci, appname, id, "autoswitch_backup_node", new_list) uci:set_list(appname, id, "autoswitch_backup_node", new_list)
uci:commit(appname) api.uci_save(uci, appname)
end end
luci.http.redirect(api.url("socks_config", id)) luci.http.redirect(api.url("socks_config", id))
end end
@ -292,7 +294,7 @@ function set_node()
local config = luci.http.formvalue("config") local config = luci.http.formvalue("config")
local section = luci.http.formvalue("section") local section = luci.http.formvalue("section")
uci:set(appname, type, config, section) uci:set(appname, type, config, section)
uci:commit(appname) api.uci_save(uci, appname, true)
luci.sys.call("/etc/init.d/passwall2 restart > /dev/null 2>&1 &") luci.sys.call("/etc/init.d/passwall2 restart > /dev/null 2>&1 &")
luci.http.redirect(api.url("log")) luci.http.redirect(api.url("log"))
end end
@ -300,7 +302,7 @@ end
function copy_node() function copy_node()
local section = luci.http.formvalue("section") local section = luci.http.formvalue("section")
local uuid = api.gen_short_uuid() local uuid = api.gen_short_uuid()
api.uci_section(uci, appname, "nodes", uuid) uci:section(appname, "nodes", uuid)
for k, v in pairs(uci:get_all(appname, section)) do for k, v in pairs(uci:get_all(appname, section)) do
local filter = k:find("%.") local filter = k:find("%.")
if filter and filter == 1 then if filter and filter == 1 then
@ -314,7 +316,7 @@ function copy_node()
end end
uci:delete(appname, uuid, "add_from") uci:delete(appname, uuid, "add_from")
uci:set(appname, uuid, "add_mode", 1) uci:set(appname, uuid, "add_mode", 1)
uci:commit(appname) api.uci_save(uci, appname)
luci.http.redirect(api.url("node_config", uuid)) luci.http.redirect(api.url("node_config", uuid))
end end
@ -323,7 +325,7 @@ function clear_all_nodes()
uci:delete(appname, '@global[0]', "node") uci:delete(appname, '@global[0]', "node")
uci:foreach(appname, "socks", function(t) uci:foreach(appname, "socks", function(t)
uci:delete(appname, t[".name"]) uci:delete(appname, t[".name"])
api.uci_set_list(uci, appname, t[".name"], "autoswitch_backup_node", {}) uci:set_list(appname, t[".name"], "autoswitch_backup_node", {})
end) end)
uci:foreach(appname, "haproxy_config", function(t) uci:foreach(appname, "haproxy_config", function(t)
uci:delete(appname, t[".name"]) uci:delete(appname, t[".name"])
@ -334,8 +336,7 @@ function clear_all_nodes()
uci:foreach(appname, "nodes", function(node) uci:foreach(appname, "nodes", function(node)
uci:delete(appname, node['.name']) uci:delete(appname, node['.name'])
end) end)
api.uci_save(uci, appname, true)
uci:commit(appname)
luci.sys.call("/etc/init.d/" .. appname .. " stop") luci.sys.call("/etc/init.d/" .. appname .. " stop")
end end
@ -355,7 +356,7 @@ function delete_select_nodes()
table.remove(auto_switch_node_list, i) table.remove(auto_switch_node_list, i)
end end
end end
api.uci_set_list(uci, appname, t[".name"], "autoswitch_backup_node", auto_switch_node_list) uci:set_list(appname, t[".name"], "autoswitch_backup_node", auto_switch_node_list)
end) end)
uci:foreach(appname, "haproxy_config", function(t) uci:foreach(appname, "haproxy_config", function(t)
if t["lbss"] == w then if t["lbss"] == w then
@ -379,7 +380,7 @@ function delete_select_nodes()
end) end)
uci:delete(appname, w) uci:delete(appname, w)
end) end)
uci:commit(appname) api.uci_save(uci, appname, true)
luci.sys.call("/etc/init.d/" .. appname .. " restart > /dev/null 2>&1 &") luci.sys.call("/etc/init.d/" .. appname .. " restart > /dev/null 2>&1 &")
end end

4
luci-app-passwall2/luasrc/model/cbi/passwall2/client/socks_config.lua
View File

@ -118,6 +118,8 @@ for k, v in pairs(nodes_table) do
socks_node:value(v.id, v["remark"]) socks_node:value(v.id, v["remark"])
end end
m:append(Template(appname .. "/socks_auto_switch/footer")) o = s:option(DummyValue, "btn", " ")
o.template = appname .. "/socks_auto_switch/btn"
o:depends("enable_autoswitch", true)
return m return m

36
luci-app-passwall2/luasrc/passwall2/api.lua
View File

@ -55,24 +55,48 @@ function uci_section(cursor, config, type, name, values)
return stat and name return stat and name
end end
function uci_save(cursor, config, commit, apply)
if is_js_luci() then
commit = true
if commit then
if apply then
cursor:commit(config)
else
sh_uci_commit(config)
end
end
else
cursor:save(config)
if commit then
cursor:commit(config)
if apply then
sys.call("/etc/init.d/" .. config .. " reload > /dev/null 2>&1 &")
end
end
end
end
function sh_uci_get(config, section, option) function sh_uci_get(config, section, option)
exec_call(string.format("uci -q get %s.%s.%s", config, section, option)) exec_call(string.format("uci -q get %s.%s.%s", config, section, option))
exec_call(string.format("uci -q commit %s", config))
end end
function sh_uci_set(config, section, option, val) function sh_uci_set(config, section, option, val, commit)
exec_call(string.format("uci -q set %s.%s.%s=\"%s\"", config, section, option, val)) exec_call(string.format("uci -q set %s.%s.%s=\"%s\"", config, section, option, val))
exec_call(string.format("uci -q commit %s", config)) if commit then sh_uci_commit(config) end
end end
function sh_uci_del(config, section, option) function sh_uci_del(config, section, option, commit)
exec_call(string.format("uci -q delete %s.%s.%s", config, section, option)) exec_call(string.format("uci -q delete %s.%s.%s", config, section, option))
exec_call(string.format("uci -q commit %s", config)) if commit then sh_uci_commit(config) end
end end
function sh_uci_add_list(config, section, option, val) function sh_uci_add_list(config, section, option, val, commit)
exec_call(string.format("uci -q del_list %s.%s.%s=\"%s\"", config, section, option, val)) exec_call(string.format("uci -q del_list %s.%s.%s=\"%s\"", config, section, option, val))
exec_call(string.format("uci -q add_list %s.%s.%s=\"%s\"", config, section, option, val)) exec_call(string.format("uci -q add_list %s.%s.%s=\"%s\"", config, section, option, val))
if commit then sh_uci_commit(config) end
end
function sh_uci_commit(config)
exec_call(string.format("uci -q commit %s", config)) exec_call(string.format("uci -q commit %s", config))
end end

6
luci-app-passwall2/luasrc/view/passwall2/socks_auto_switch/footer.htm → luci-app-passwall2/luasrc/view/passwall2/socks_auto_switch/btn.htm
View File

@ -19,5 +19,7 @@ local api = require "luci.passwall2.api"
} }
//]]> //]]>
</script> </script>
<input class="btn cbi-button cbi-button-add" type="button" onclick="add_node_by_key()" value="<%:Add nodes to the standby node list by keywords%>" /> <div id="cbi-<%=self.config.."-"..section.."-"..self.option%>" data-index="<%=self.index%>" data-depends="<%=pcdata(self:deplist2json(section))%>">
<input class="btn cbi-button cbi-button-remove" type="button" onclick="remove_node_by_key()" value="<%:Delete nodes in the standby node list by keywords%>" /> <input class="btn cbi-button cbi-button-add" type="button" onclick="add_node_by_key()" value="<%:Add nodes to the standby node list by keywords%>" />
<input class="btn cbi-button cbi-button-remove" type="button" onclick="remove_node_by_key()" value="<%:Delete nodes in the standby node list by keywords%>" />
</div>

186
luci-app-passwall2/root/usr/share/passwall2/app.sh
View File

@ -1,5 +1,5 @@
#!/bin/sh #!/bin/sh
# Copyright (C) 2022-2023 xiaorouji # Copyright (C) 2022-2025 xiaorouji
. $IPKG_INSTROOT/lib/functions.sh . $IPKG_INSTROOT/lib/functions.sh
. $IPKG_INSTROOT/lib/functions/service.sh . $IPKG_INSTROOT/lib/functions/service.sh
@ -16,13 +16,6 @@ GLOBAL_ACL_PATH=${TMP_ACL_PATH}/default
LOG_FILE=/tmp/log/$CONFIG.log LOG_FILE=/tmp/log/$CONFIG.log
APP_PATH=/usr/share/$CONFIG APP_PATH=/usr/share/$CONFIG
RULES_PATH=/usr/share/${CONFIG}/rules RULES_PATH=/usr/share/${CONFIG}/rules
TUN_DNS_PORT=15353
TUN_DNS="127.0.0.1#${TUN_DNS_PORT}"
DEFAULT_DNS=
ENABLED_DEFAULT_ACL=0
ENABLED_ACLS=0
PROXY_IPV6=0
PROXY_IPV6_UDP=0
LUA_UTIL_PATH=/usr/lib/lua/luci/passwall2 LUA_UTIL_PATH=/usr/lib/lua/luci/passwall2
UTIL_SINGBOX=$LUA_UTIL_PATH/util_sing-box.lua UTIL_SINGBOX=$LUA_UTIL_PATH/util_sing-box.lua
UTIL_SS=$LUA_UTIL_PATH/util_shadowsocks.lua UTIL_SS=$LUA_UTIL_PATH/util_shadowsocks.lua
@ -30,8 +23,6 @@ UTIL_XRAY=$LUA_UTIL_PATH/util_xray.lua
UTIL_NAIVE=$LUA_UTIL_PATH/util_naiveproxy.lua UTIL_NAIVE=$LUA_UTIL_PATH/util_naiveproxy.lua
UTIL_HYSTERIA2=$LUA_UTIL_PATH/util_hysteria2.lua UTIL_HYSTERIA2=$LUA_UTIL_PATH/util_hysteria2.lua
UTIL_TUIC=$LUA_UTIL_PATH/util_tuic.lua UTIL_TUIC=$LUA_UTIL_PATH/util_tuic.lua
V2RAY_ARGS=""
V2RAY_CONFIG=""
echolog() { echolog() {
local d="$(date "+%Y-%m-%d %H:%M:%S")" local d="$(date "+%Y-%m-%d %H:%M:%S")"
@ -218,7 +209,11 @@ check_depends() {
get_new_port() { get_new_port() {
port=$1 port=$1
[ "$port" == "auto" ] && port=2082 [ "$port" == "auto" ] && {
port=2082
local GET_NEW_PORT=$(get_cache_var "get_new_port")
[ -n "${GET_NEW_PORT}" ] && port=${GET_NEW_PORT}
}
protocol=$(echo $2 | tr 'A-Z' 'a-z') protocol=$(echo $2 | tr 'A-Z' 'a-z')
result=$(check_port_exists $port $protocol) result=$(check_port_exists $port $protocol)
if [ "$result" != 0 ]; then if [ "$result" != 0 ]; then
@ -230,6 +225,7 @@ get_new_port() {
fi fi
get_new_port $temp $protocol get_new_port $temp $protocol
else else
set_cache_var "get_new_port" "$port"
echo $port echo $port
fi fi
} }
@ -328,7 +324,11 @@ set_cache_var() {
local key="${1}" local key="${1}"
shift 1 shift 1
local val="$@" local val="$@"
[ -n "${key}" ] && [ -n "${val}" ] && echo "${key}=\"${val}\"" >> $TMP_PATH/var [ -n "${key}" ] && [ -n "${val}" ] && {
sed -i "/${key}=/d" $TMP_PATH/var >/dev/null 2>&1
echo "${key}=\"${val}\"" >> $TMP_PATH/var
eval ${key}=\"${val}\"
}
} }
get_cache_var() { get_cache_var() {
local key="${1}" local key="${1}"
@ -337,6 +337,10 @@ get_cache_var() {
} }
} }
eval_cache_var() {
[ -s "$TMP_PATH/var" ] && eval $(cat "$TMP_PATH/var")
}
run_xray() { run_xray() {
local flag node redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password local flag node redir_port socks_address socks_port socks_username socks_password http_address http_port http_username http_password
local dns_listen_port direct_dns_query_strategy remote_dns_protocol remote_dns_udp_server remote_dns_tcp_server remote_dns_doh remote_dns_client_ip remote_dns_detour remote_fakedns remote_dns_query_strategy dns_cache write_ipset_direct local dns_listen_port direct_dns_query_strategy remote_dns_protocol remote_dns_udp_server remote_dns_tcp_server remote_dns_doh remote_dns_client_ip remote_dns_detour remote_fakedns remote_dns_query_strategy dns_cache write_ipset_direct
@ -441,7 +445,7 @@ run_xray() {
fi fi
} }
lua $UTIL_XRAY gen_config -node $node -redir_port $redir_port -tcp_proxy_way $tcp_proxy_way -loglevel $loglevel ${_extra_param} > $config_file lua $UTIL_XRAY gen_config -node $node -redir_port $redir_port -tcp_proxy_way ${TCP_PROXY_WAY} -loglevel $loglevel ${_extra_param} > $config_file
ln_run "$(first_type $(config_t_get global_app ${type}_file) ${type})" ${type} $log_file run -c "$config_file" ln_run "$(first_type $(config_t_get global_app ${type}_file) ${type})" ${type} $log_file run -c "$config_file"
[ -n "${redir_port}" ] && set_cache_var "node_${node}_redir_port" "${redir_port}" [ -n "${redir_port}" ] && set_cache_var "node_${node}_redir_port" "${redir_port}"
@ -543,7 +547,7 @@ run_singbox() {
[ "$remote_fakedns" = "1" ] && _extra_param="${_extra_param} -remote_dns_fake 1" [ "$remote_fakedns" = "1" ] && _extra_param="${_extra_param} -remote_dns_fake 1"
} }
lua $UTIL_SINGBOX gen_config -node $node -redir_port $redir_port -tcp_proxy_way $tcp_proxy_way ${_extra_param} > $config_file lua $UTIL_SINGBOX gen_config -node $node -redir_port $redir_port -tcp_proxy_way ${TCP_PROXY_WAY} ${_extra_param} > $config_file
ln_run "$(first_type $(config_t_get global_app singbox_file) sing-box)" "sing-box" "${log_file}" run -c "$config_file" ln_run "$(first_type $(config_t_get global_app singbox_file) sing-box)" "sing-box" "${log_file}" run -c "$config_file"
[ -n "${redir_port}" ] && set_cache_var "node_${node}_redir_port" "${redir_port}" [ -n "${redir_port}" ] && set_cache_var "node_${node}_redir_port" "${redir_port}"
@ -714,8 +718,11 @@ run_global() {
if [ $PROXY_IPV6 == "1" ]; then if [ $PROXY_IPV6 == "1" ]; then
echolog "开启实验性IPv6透明代理(TProxy)请确认您的节点及类型支持IPv6" echolog "开启实验性IPv6透明代理(TProxy)请确认您的节点及类型支持IPv6"
PROXY_IPV6_UDP=1
fi fi
TUN_DNS_PORT=15353
TUN_DNS="127.0.0.1#${TUN_DNS_PORT}"
V2RAY_ARGS="flag=global node=$NODE redir_port=$REDIR_PORT" V2RAY_ARGS="flag=global node=$NODE redir_port=$REDIR_PORT"
V2RAY_ARGS="${V2RAY_ARGS} dns_listen_port=${TUN_DNS_PORT} direct_dns_query_strategy=${DIRECT_DNS_QUERY_STRATEGY} remote_dns_query_strategy=${REMOTE_DNS_QUERY_STRATEGY} dns_cache=${DNS_CACHE}" V2RAY_ARGS="${V2RAY_ARGS} dns_listen_port=${TUN_DNS_PORT} direct_dns_query_strategy=${DIRECT_DNS_QUERY_STRATEGY} remote_dns_query_strategy=${REMOTE_DNS_QUERY_STRATEGY} dns_cache=${DNS_CACHE}"
local msg="${TUN_DNS} 直连DNS${AUTO_DNS}" local msg="${TUN_DNS} 直连DNS${AUTO_DNS}"
@ -774,7 +781,7 @@ run_global() {
run_func="run_singbox" run_func="run_singbox"
fi fi
${run_func} $V2RAY_ARGS ${run_func} ${V2RAY_ARGS}
local RUN_NEW_DNSMASQ=1 local RUN_NEW_DNSMASQ=1
RUN_NEW_DNSMASQ=${DNS_REDIRECT} RUN_NEW_DNSMASQ=${DNS_REDIRECT}
@ -1222,10 +1229,13 @@ acl_app() {
start() { start() {
pgrep -f /tmp/etc/passwall2/bin > /dev/null 2>&1 && { pgrep -f /tmp/etc/passwall2/bin > /dev/null 2>&1 && {
echolog "程序已启动,先停止再重新启动!" #echolog "程序已启动,先停止再重新启动!"
stop stop
} }
mkdir -p /tmp/etc $TMP_PATH $TMP_BIN_PATH $TMP_SCRIPT_FUNC_PATH $TMP_ROUTE_PATH $TMP_ACL_PATH $TMP_PATH2
get_config
export V2RAY_LOCATION_ASSET=$(config_t_get global_rules v2ray_location_asset "/usr/share/v2ray/")
export XRAY_LOCATION_ASSET=$V2RAY_LOCATION_ASSET
ulimit -n 65535 ulimit -n 65535
start_haproxy start_haproxy
start_socks start_socks
@ -1289,8 +1299,8 @@ start() {
stop() { stop() {
clean_log clean_log
[ -n "$($(source $APP_PATH/iptables.sh get_ipt_bin) -t mangle -t nat -L -nv 2>/dev/null | grep "PSW2")" ] && source $APP_PATH/iptables.sh stop eval_cache_var
[ -n "$(nft list sets 2>/dev/null | grep "${CONFIG}_")" ] && source $APP_PATH/nftables.sh stop [ -n "$USE_TABLES" ] && source $APP_PATH/${USE_TABLES}.sh stop
delete_ip2route delete_ip2route
kill_all v2ray-plugin obfs-local kill_all v2ray-plugin obfs-local
pgrep -f "sleep.*(6s|9s|58s)" | xargs kill -9 >/dev/null 2>&1 pgrep -f "sleep.*(6s|9s|58s)" | xargs kill -9 >/dev/null 2>&1
@ -1309,14 +1319,12 @@ stop() {
uci -q delete ${CONFIG}.@global[0].dnsmasq_dns_redirect uci -q delete ${CONFIG}.@global[0].dnsmasq_dns_redirect
uci -q commit ${CONFIG} uci -q commit ${CONFIG}
} }
if [ -z "$(get_cache_var "ACL_default_dns_port")" ] || [ -n "${bak_dnsmasq_dns_redirect}" ]; then if [ -z "${ACL_default_dns_port}" ] || [ -n "${bak_dnsmasq_dns_redirect}" ]; then
uci -q del_list dhcp.@dnsmasq[0].addnmount="${GLOBAL_DNSMASQ_CONF_PATH}" uci -q del_list dhcp.@dnsmasq[0].addnmount="${GLOBAL_DNSMASQ_CONF_PATH}"
uci -q commit dhcp uci -q commit dhcp
lua $APP_PATH/helper_dnsmasq.lua restart -LOG 0 lua $APP_PATH/helper_dnsmasq.lua restart -LOG 0
fi fi
bak_bridge_nf_ipt=$(get_cache_var "bak_bridge_nf_ipt")
[ -n "${bak_bridge_nf_ipt}" ] && sysctl -w net.bridge.bridge-nf-call-iptables=${bak_bridge_nf_ipt} >/dev/null 2>&1 [ -n "${bak_bridge_nf_ipt}" ] && sysctl -w net.bridge.bridge-nf-call-iptables=${bak_bridge_nf_ipt} >/dev/null 2>&1
bak_bridge_nf_ip6t=$(get_cache_var "bak_bridge_nf_ip6t")
[ -n "${bak_bridge_nf_ip6t}" ] && sysctl -w net.bridge.bridge-nf-call-ip6tables=${bak_bridge_nf_ip6t} >/dev/null 2>&1 [ -n "${bak_bridge_nf_ip6t}" ] && sysctl -w net.bridge.bridge-nf-call-ip6tables=${bak_bridge_nf_ip6t} >/dev/null 2>&1
} }
rm -rf $TMP_PATH rm -rf $TMP_PATH
@ -1325,68 +1333,66 @@ stop() {
exit 0 exit 0
} }
ENABLED=$(config_t_get global enabled 0) get_config() {
NODE=$(config_t_get global node) ENABLED_DEFAULT_ACL=0
[ "$ENABLED" == 1 ] && { ENABLED=$(config_t_get global enabled 0)
[ -n "$NODE" ] && [ "$(config_get_type $NODE)" == "nodes" ] && ENABLED_DEFAULT_ACL=1 NODE=$(config_t_get global node)
} [ "$ENABLED" == 1 ] && {
ENABLED_ACLS=$(config_t_get global acl_enable 0) [ -n "$NODE" ] && [ "$(config_get_type $NODE)" == "nodes" ] && ENABLED_DEFAULT_ACL=1
[ "$ENABLED_ACLS" == 1 ] && { }
[ "$(uci show ${CONFIG} | grep "@acl_rule" | grep "enabled='1'" | wc -l)" == 0 ] && ENABLED_ACLS=0 ENABLED_ACLS=$(config_t_get global acl_enable 0)
} [ "$ENABLED_ACLS" == 1 ] && {
SOCKS_ENABLED=$(config_t_get global socks_enabled 0) [ "$(uci show ${CONFIG} | grep "@acl_rule" | grep "enabled='1'" | wc -l)" == 0 ] && ENABLED_ACLS=0
REDIR_PORT=$(echo $(get_new_port 1041 tcp,udp)) }
tcp_proxy_way=$(config_t_get global_forwarding tcp_proxy_way redirect) SOCKS_ENABLED=$(config_t_get global socks_enabled 0)
TCP_NO_REDIR_PORTS=$(config_t_get global_forwarding tcp_no_redir_ports 'disable') REDIR_PORT=$(echo $(get_new_port 1041 tcp,udp))
UDP_NO_REDIR_PORTS=$(config_t_get global_forwarding udp_no_redir_ports 'disable') TCP_PROXY_WAY=$(config_t_get global_forwarding tcp_proxy_way redirect)
TCP_REDIR_PORTS=$(config_t_get global_forwarding tcp_redir_ports '22,25,53,143,465,587,853,993,995,80,443') TCP_NO_REDIR_PORTS=$(config_t_get global_forwarding tcp_no_redir_ports 'disable')
UDP_REDIR_PORTS=$(config_t_get global_forwarding udp_redir_ports '1:65535') UDP_NO_REDIR_PORTS=$(config_t_get global_forwarding udp_no_redir_ports 'disable')
TCP_PROXY_MODE="global" TCP_REDIR_PORTS=$(config_t_get global_forwarding tcp_redir_ports '22,25,53,143,465,587,853,993,995,80,443')
UDP_PROXY_MODE="global" UDP_REDIR_PORTS=$(config_t_get global_forwarding udp_redir_ports '1:65535')
LOCALHOST_PROXY=$(config_t_get global localhost_proxy '1') PROXY_IPV6=$(config_t_get global_forwarding ipv6_tproxy 0)
CLIENT_PROXY=$(config_t_get global client_proxy '1') TCP_PROXY_MODE="global"
DIRECT_DNS_QUERY_STRATEGY=$(config_t_get global direct_dns_query_strategy UseIP) UDP_PROXY_MODE="global"
REMOTE_DNS_PROTOCOL=$(config_t_get global remote_dns_protocol tcp) LOCALHOST_PROXY=$(config_t_get global localhost_proxy '1')
REMOTE_DNS_DETOUR=$(config_t_get global remote_dns_detour remote) CLIENT_PROXY=$(config_t_get global client_proxy '1')
REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g') DIRECT_DNS_QUERY_STRATEGY=$(config_t_get global direct_dns_query_strategy UseIP)
REMOTE_FAKEDNS=$(config_t_get global remote_fakedns '0') REMOTE_DNS_PROTOCOL=$(config_t_get global remote_dns_protocol tcp)
REMOTE_DNS_QUERY_STRATEGY=$(config_t_get global remote_dns_query_strategy UseIPv4) REMOTE_DNS_DETOUR=$(config_t_get global remote_dns_detour remote)
WRITE_IPSET_DIRECT=$(config_t_get global write_ipset_direct 1) REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
DNS_CACHE=$(config_t_get global dns_cache 1) REMOTE_FAKEDNS=$(config_t_get global remote_fakedns '0')
DNS_REDIRECT=$(config_t_get global dns_redirect 1) REMOTE_DNS_QUERY_STRATEGY=$(config_t_get global remote_dns_query_strategy UseIPv4)
WRITE_IPSET_DIRECT=$(config_t_get global write_ipset_direct 1)
DNS_CACHE=$(config_t_get global dns_cache 1)
DNS_REDIRECT=$(config_t_get global dns_redirect 1)
RESOLVFILE=/tmp/resolv.conf.d/resolv.conf.auto RESOLVFILE=/tmp/resolv.conf.d/resolv.conf.auto
[ -f "${RESOLVFILE}" ] && [ -s "${RESOLVFILE}" ] || RESOLVFILE=/tmp/resolv.conf.auto [ -f "${RESOLVFILE}" ] && [ -s "${RESOLVFILE}" ] || RESOLVFILE=/tmp/resolv.conf.auto
ISP_DNS=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort -u | grep -v 0.0.0.0 | grep -v 127.0.0.1) ISP_DNS=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort -u | grep -v 0.0.0.0 | grep -v 127.0.0.1)
ISP_DNS6=$(cat $RESOLVFILE 2>/dev/null | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | awk -F % '{print $1}' | awk -F " " '{print $2}'| sort -u | grep -v -Fx ::1 | grep -v -Fx ::) ISP_DNS6=$(cat $RESOLVFILE 2>/dev/null | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | awk -F % '{print $1}' | awk -F " " '{print $2}'| sort -u | grep -v -Fx ::1 | grep -v -Fx ::)
DEFAULT_DNSMASQ_CFGID=$(uci show dhcp.@dnsmasq[0] | awk -F '.' '{print $2}' | awk -F '=' '{print $1}'| head -1) DEFAULT_DNSMASQ_CFGID=$(uci show dhcp.@dnsmasq[0] | awk -F '.' '{print $2}' | awk -F '=' '{print $1}'| head -1)
DEFAULT_DNS=$(uci show dhcp.@dnsmasq[0] | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' '\n' | grep -v "\/" | head -2 | sed ':label;N;s/\n/,/;b label') DEFAULT_DNS=$(uci show dhcp.@dnsmasq[0] | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' '\n' | grep -v "\/" | head -2 | sed ':label;N;s/\n/,/;b label')
[ -z "${DEFAULT_DNS}" ] && DEFAULT_DNS=$(echo -n $ISP_DNS | tr ' ' '\n' | head -2 | tr '\n' ',' | sed 's/,$//') [ -z "${DEFAULT_DNS}" ] && DEFAULT_DNS=$(echo -n $ISP_DNS | tr ' ' '\n' | head -2 | tr '\n' ',' | sed 's/,$//')
AUTO_DNS=${DEFAULT_DNS:-119.29.29.29} AUTO_DNS=${DEFAULT_DNS:-119.29.29.29}
DNSMASQ_CONF_DIR=/tmp/dnsmasq.d DNSMASQ_CONF_DIR=/tmp/dnsmasq.d
DEFAULT_DNSMASQ_CFGID="$(uci -q show "dhcp.@dnsmasq[0]" | awk 'NR==1 {split($0, conf, /[.=]/); print conf[2]}')" DEFAULT_DNSMASQ_CFGID="$(uci -q show "dhcp.@dnsmasq[0]" | awk 'NR==1 {split($0, conf, /[.=]/); print conf[2]}')"
if [ -f "/tmp/etc/dnsmasq.conf.$DEFAULT_DNSMASQ_CFGID" ]; then if [ -f "/tmp/etc/dnsmasq.conf.$DEFAULT_DNSMASQ_CFGID" ]; then
DNSMASQ_CONF_DIR="$(awk -F '=' '/^conf-dir=/ {print $2}' "/tmp/etc/dnsmasq.conf.$DEFAULT_DNSMASQ_CFGID")" DNSMASQ_CONF_DIR="$(awk -F '=' '/^conf-dir=/ {print $2}' "/tmp/etc/dnsmasq.conf.$DEFAULT_DNSMASQ_CFGID")"
if [ -n "$DNSMASQ_CONF_DIR" ]; then if [ -n "$DNSMASQ_CONF_DIR" ]; then
DNSMASQ_CONF_DIR=${DNSMASQ_CONF_DIR%*/} DNSMASQ_CONF_DIR=${DNSMASQ_CONF_DIR%*/}
else else
DNSMASQ_CONF_DIR="/tmp/dnsmasq.d" DNSMASQ_CONF_DIR="/tmp/dnsmasq.d"
fi
fi fi
fi set_cache_var GLOBAL_DNSMASQ_CONF ${DNSMASQ_CONF_DIR}/dnsmasq-${CONFIG}.conf
GLOBAL_DNSMASQ_CONF=${DNSMASQ_CONF_DIR}/dnsmasq-${CONFIG}.conf set_cache_var GLOBAL_DNSMASQ_CONF_PATH ${GLOBAL_ACL_PATH}/dnsmasq.d
GLOBAL_DNSMASQ_CONF_PATH=${GLOBAL_ACL_PATH}/dnsmasq.d
PROXY_IPV6=$(config_t_get global_forwarding ipv6_tproxy 0) XRAY_BIN=$(first_type $(config_t_get global_app xray_file) xray)
SINGBOX_BIN=$(first_type $(config_t_get global_app singbox_file) sing-box)
XRAY_BIN=$(first_type $(config_t_get global_app xray_file) xray) }
SINGBOX_BIN=$(first_type $(config_t_get global_app singbox_file) sing-box)
export V2RAY_LOCATION_ASSET=$(config_t_get global_rules v2ray_location_asset "/usr/share/v2ray/")
export XRAY_LOCATION_ASSET=$V2RAY_LOCATION_ASSET
mkdir -p /tmp/etc $TMP_PATH $TMP_BIN_PATH $TMP_SCRIPT_FUNC_PATH $TMP_ROUTE_PATH $TMP_ACL_PATH $TMP_PATH2
arg1=$1 arg1=$1
shift shift
@ -1394,28 +1400,28 @@ case $arg1 in
add_ip2route) add_ip2route)
add_ip2route $@ add_ip2route $@
;; ;;
get_new_port)
get_new_port $@
;;
run_socks)
run_socks $@
;;
socks_node_switch)
socks_node_switch $@
;;
echolog) echolog)
echolog $@ echolog $@
;; ;;
get_new_port)
get_new_port $@
;;
get_cache_var) get_cache_var)
get_cache_var $@ get_cache_var $@
;; ;;
set_cache_var) set_cache_var)
set_cache_var $@ set_cache_var $@
;; ;;
stop) run_socks)
stop run_socks $@
;;
socks_node_switch)
socks_node_switch $@
;; ;;
start) start)
start start
;; ;;
stop)
stop
;;
esac esac

16
luci-app-passwall2/root/usr/share/passwall2/helper_dnsmasq.lua
View File

@ -1,6 +1,6 @@
local api = require "luci.passwall2.api" local api = require "luci.passwall2.api"
local appname = "passwall2" local appname = "passwall2"
local uci = api.libuci local uci = api.uci
local sys = api.sys local sys = api.sys
local fs = api.fs local fs = api.fs
local datatypes = api.datatypes local datatypes = api.datatypes
@ -25,7 +25,7 @@ local function backup_servers()
local DNSMASQ_DNS = uci:get("dhcp", "@dnsmasq[0]", "server") local DNSMASQ_DNS = uci:get("dhcp", "@dnsmasq[0]", "server")
if DNSMASQ_DNS and #DNSMASQ_DNS > 0 then if DNSMASQ_DNS and #DNSMASQ_DNS > 0 then
uci:set(appname, "@global[0]", "dnsmasq_servers", DNSMASQ_DNS) uci:set(appname, "@global[0]", "dnsmasq_servers", DNSMASQ_DNS)
uci:commit(appname) api.uci_save(uci, appname, true)
end end
end end
@ -43,11 +43,11 @@ local function restore_servers()
tinsert(dns_table, v) tinsert(dns_table, v)
end end
uci:delete(appname, "@global[0]", "dnsmasq_servers") uci:delete(appname, "@global[0]", "dnsmasq_servers")
uci:commit(appname) api.uci_save(uci, appname, true)
end end
if dns_table and #dns_table > 0 then if dns_table and #dns_table > 0 then
api.uci_set_list(uci, "dhcp", "@dnsmasq[0]", "server", dns_table) uci:set_list("dhcp", "@dnsmasq[0]", "server", dns_table)
uci:commit("dhcp") api.uci_save(uci, "dhcp", true)
end end
end end
@ -76,7 +76,7 @@ function stretch()
end end
end end
uci:set("dhcp", "@dnsmasq[0]", "resolvfile", RESOLVFILE) uci:set("dhcp", "@dnsmasq[0]", "resolvfile", RESOLVFILE)
uci:commit("dhcp") api.uci_save(uci, "dhcp", true)
end end
end end
@ -102,8 +102,8 @@ function logic_restart(var)
tinsert(dns_table, v) tinsert(dns_table, v)
end end
end end
api.uci_set_list(uci, "dhcp", "@dnsmasq[0]", "server", dns_table) uci:set_list("dhcp", "@dnsmasq[0]", "server", dns_table)
uci:commit("dhcp") api.uci_save(uci, "dhcp", true)
end end
sys.call("/etc/init.d/dnsmasq restart >/dev/null 2>&1") sys.call("/etc/init.d/dnsmasq restart >/dev/null 2>&1")
restore_servers() restore_servers()

19
luci-app-passwall2/root/usr/share/passwall2/iptables.sh
View File

@ -452,7 +452,7 @@ load_acl() {
$ipt_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") -j PSW2_RULE $ipt_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") -j PSW2_RULE
$ipt_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(REDIRECT $redir_port TPROXY) $ipt_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(REDIRECT $redir_port TPROXY)
[ "$PROXY_IPV6" == "1" ] && [ "$PROXY_IPV6_UDP" == "1" ] && { [ "$PROXY_IPV6" == "1" ] && {
$ip6t_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} -d $FAKE_IP_6 -j PSW2_RULE 2>/dev/null $ip6t_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} -d $FAKE_IP_6 -j PSW2_RULE 2>/dev/null
add_shunt_t_rule "${shunt_list6}" "$ip6t_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport")" "-j PSW2_RULE" 2>/dev/null add_shunt_t_rule "${shunt_list6}" "$ip6t_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport")" "-j PSW2_RULE" 2>/dev/null
$ip6t_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") -j PSW2_RULE 2>/dev/null $ip6t_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_redir_ports "-m multiport --dport") -j PSW2_RULE 2>/dev/null
@ -551,12 +551,12 @@ load_acl() {
$ipt_m -A PSW2 $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE $ipt_m -A PSW2 $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
$ipt_m -A PSW2 $(comment "默认") -p udp $(REDIRECT $REDIR_PORT TPROXY) $ipt_m -A PSW2 $(comment "默认") -p udp $(REDIRECT $REDIR_PORT TPROXY)
if [ "$PROXY_IPV6_UDP" == "1" ]; then [ "$PROXY_IPV6" == "1" ] && {
$ip6t_m -A PSW2 $(comment "默认") -p udp -d $FAKE_IP_6 -j PSW2_RULE $ip6t_m -A PSW2 $(comment "默认") -p udp -d $FAKE_IP_6 -j PSW2_RULE
add_shunt_t_rule "${SHUNT_LIST6}" "$ip6t_m -A PSW2 $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport")" "-j PSW2_RULE" add_shunt_t_rule "${SHUNT_LIST6}" "$ip6t_m -A PSW2 $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport")" "-j PSW2_RULE"
$ip6t_m -A PSW2 $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE $ip6t_m -A PSW2 $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
$ip6t_m -A PSW2 $(comment "默认") -p udp $(REDIRECT $REDIR_PORT TPROXY) $ip6t_m -A PSW2 $(comment "默认") -p udp $(REDIRECT $REDIR_PORT TPROXY)
fi }
echolog "${msg2}" echolog "${msg2}"
fi fi
@ -696,10 +696,9 @@ add_firewall_rule() {
accept_icmp=$(config_t_get global_forwarding accept_icmp 0) accept_icmp=$(config_t_get global_forwarding accept_icmp 0)
accept_icmpv6=$(config_t_get global_forwarding accept_icmpv6 0) accept_icmpv6=$(config_t_get global_forwarding accept_icmpv6 0)
local tcp_proxy_way=$(config_t_get global_forwarding tcp_proxy_way redirect) if [ "${TCP_PROXY_WAY}" = "redirect" ]; then
if [ "$tcp_proxy_way" = "redirect" ]; then
unset is_tproxy unset is_tproxy
elif [ "$tcp_proxy_way" = "tproxy" ]; then elif [ "${TCP_PROXY_WAY}" = "tproxy" ]; then
is_tproxy="TPROXY" is_tproxy="TPROXY"
fi fi
@ -884,14 +883,14 @@ add_firewall_rule() {
insert_rule_before "$ipt_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW2) -p tcp -j PSW2_OUTPUT" insert_rule_before "$ipt_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW2) -p tcp -j PSW2_OUTPUT"
} }
if [ "$PROXY_IPV6" == "1" ]; then [ "$PROXY_IPV6" == "1" ] && {
$ip6t_m -A PSW2_OUTPUT -p tcp -d $FAKE_IP_6 -j PSW2_RULE $ip6t_m -A PSW2_OUTPUT -p tcp -d $FAKE_IP_6 -j PSW2_RULE
add_shunt_t_rule "${SHUNT_LIST6}" "$ip6t_m -A PSW2_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport")" "-j PSW2_RULE" add_shunt_t_rule "${SHUNT_LIST6}" "$ip6t_m -A PSW2_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport")" "-j PSW2_RULE"
$ip6t_m -A PSW2_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE $ip6t_m -A PSW2_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
$ip6t_m -A PSW2 $(comment "本机") -p tcp -i lo $(REDIRECT $REDIR_PORT TPROXY) $ip6t_m -A PSW2 $(comment "本机") -p tcp -i lo $(REDIRECT $REDIR_PORT TPROXY)
$ip6t_m -A PSW2 $(comment "本机") -p tcp -i lo -j RETURN $ip6t_m -A PSW2 $(comment "本机") -p tcp -i lo -j RETURN
insert_rule_before "$ip6t_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW2) -p tcp -j PSW2_OUTPUT" insert_rule_before "$ip6t_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW2) -p tcp -j PSW2_OUTPUT"
fi }
[ -d "${TMP_IFACE_PATH}" ] && { [ -d "${TMP_IFACE_PATH}" ] && {
for iface in $(ls ${TMP_IFACE_PATH}); do for iface in $(ls ${TMP_IFACE_PATH}); do
@ -910,14 +909,14 @@ add_firewall_rule() {
$ipt_m -A PSW2 $(comment "本机") -p udp -i lo -j RETURN $ipt_m -A PSW2 $(comment "本机") -p udp -i lo -j RETURN
insert_rule_before "$ipt_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW2) -p udp -j PSW2_OUTPUT" insert_rule_before "$ipt_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW2) -p udp -j PSW2_OUTPUT"
if [ "$PROXY_IPV6_UDP" == "1" ]; then [ "$PROXY_IPV6" == "1" ] && {
$ip6t_m -A PSW2_OUTPUT -p udp -d $FAKE_IP_6 -j PSW2_RULE $ip6t_m -A PSW2_OUTPUT -p udp -d $FAKE_IP_6 -j PSW2_RULE
add_shunt_t_rule "${SHUNT_LIST6}" "$ip6t_m -A PSW2_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport")" "-j PSW2_RULE" add_shunt_t_rule "${SHUNT_LIST6}" "$ip6t_m -A PSW2_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport")" "-j PSW2_RULE"
$ip6t_m -A PSW2_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE $ip6t_m -A PSW2_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") -j PSW2_RULE
$ip6t_m -A PSW2 $(comment "本机") -p udp -i lo $(REDIRECT $REDIR_PORT TPROXY) $ip6t_m -A PSW2 $(comment "本机") -p udp -i lo $(REDIRECT $REDIR_PORT TPROXY)
$ip6t_m -A PSW2 $(comment "本机") -p udp -i lo -j RETURN $ip6t_m -A PSW2 $(comment "本机") -p udp -i lo -j RETURN
insert_rule_before "$ip6t_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW2) -p udp -j PSW2_OUTPUT" insert_rule_before "$ip6t_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW2) -p udp -j PSW2_OUTPUT"
fi }
[ -d "${TMP_IFACE_PATH}" ] && { [ -d "${TMP_IFACE_PATH}" ] && {
for iface in $(ls ${TMP_IFACE_PATH}); do for iface in $(ls ${TMP_IFACE_PATH}); do

13
luci-app-passwall2/root/usr/share/passwall2/nftables.sh
View File

@ -503,7 +503,7 @@ load_acl() {
nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") counter jump PSW2_RULE comment \"$remarks\"" nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") counter jump PSW2_RULE comment \"$remarks\""
nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp ${_ipt_source} $(REDIRECT $redir_port TPROXY4) comment \"$remarks\"" nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp ${_ipt_source} $(REDIRECT $redir_port TPROXY4) comment \"$remarks\""
[ "$PROXY_IPV6" == "1" ] && [ "$PROXY_IPV6_UDP" == "1" ] && { [ "$PROXY_IPV6" == "1" ] && {
nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ${_ipt_source} ip6 daddr $FAKE_IP_6 counter jump PSW2_RULE comment \"$remarks\"" nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ${_ipt_source} ip6 daddr $FAKE_IP_6 counter jump PSW2_RULE comment \"$remarks\""
add_shunt_t_rule "${shunt_list6}" "nft add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") ip6 daddr" "counter jump PSW2_RULE" "$remarks" add_shunt_t_rule "${shunt_list6}" "nft add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") ip6 daddr" "counter jump PSW2_RULE" "$remarks"
nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") counter jump PSW2_RULE comment \"$remarks\"" 2>/dev/null nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") counter jump PSW2_RULE comment \"$remarks\"" 2>/dev/null
@ -604,7 +604,7 @@ load_acl() {
nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW2_RULE comment \"默认\"" nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW2_RULE comment \"默认\""
nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp $(REDIRECT $REDIR_PORT TPROXY4) comment \"默认\"" nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp $(REDIRECT $REDIR_PORT TPROXY4) comment \"默认\""
[ "$PROXY_IPV6" == "1" ] && [ "$PROXY_IPV6_UDP" == "1" ] && { [ "$PROXY_IPV6" == "1" ] && {
nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ip6 daddr $FAKE_IP_6 jump PSW2_RULE comment \"默认\"" nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ip6 daddr $FAKE_IP_6 jump PSW2_RULE comment \"默认\""
add_shunt_t_rule "${SHUNT_LIST6}" "nft add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") ip6 daddr" "counter jump PSW2_RULE" "默认" add_shunt_t_rule "${SHUNT_LIST6}" "nft add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") ip6 daddr" "counter jump PSW2_RULE" "默认"
nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW2_RULE comment \"默认\"" nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW2_RULE comment \"默认\""
@ -744,12 +744,11 @@ add_firewall_rule() {
accept_icmp=$(config_t_get global_forwarding accept_icmp 0) accept_icmp=$(config_t_get global_forwarding accept_icmp 0)
accept_icmpv6=$(config_t_get global_forwarding accept_icmpv6 0) accept_icmpv6=$(config_t_get global_forwarding accept_icmpv6 0)
local tcp_proxy_way=$(config_t_get global_forwarding tcp_proxy_way redirect) if [ "${TCP_PROXY_WAY}" = "redirect" ]; then
if [ "$tcp_proxy_way" = "redirect" ]; then
unset is_tproxy unset is_tproxy
nft_prerouting_chain="PSW2_NAT" nft_prerouting_chain="PSW2_NAT"
nft_output_chain="PSW2_OUTPUT_NAT" nft_output_chain="PSW2_OUTPUT_NAT"
elif [ "$tcp_proxy_way" = "tproxy" ]; then elif [ "${TCP_PROXY_WAY}" = "tproxy" ]; then
is_tproxy="TPROXY" is_tproxy="TPROXY"
nft_prerouting_chain="PSW2_MANGLE" nft_prerouting_chain="PSW2_MANGLE"
nft_output_chain="PSW2_OUTPUT_MANGLE" nft_output_chain="PSW2_OUTPUT_MANGLE"
@ -964,13 +963,13 @@ add_firewall_rule() {
nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp iif lo counter return comment \"本机\"" nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp iif lo counter return comment \"本机\""
nft "add rule $NFTABLE_NAME mangle_output ip protocol udp counter jump PSW2_OUTPUT_MANGLE comment \"PSW2_OUTPUT_MANGLE\"" nft "add rule $NFTABLE_NAME mangle_output ip protocol udp counter jump PSW2_OUTPUT_MANGLE comment \"PSW2_OUTPUT_MANGLE\""
if [ "$PROXY_IPV6_UDP" == "1" ]; then [ "$PROXY_IPV6" == "1" ] && {
nft "add rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE_V6 meta l4proto udp ip6 daddr $FAKE_IP_6 jump PSW2_RULE" nft "add rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE_V6 meta l4proto udp ip6 daddr $FAKE_IP_6 jump PSW2_RULE"
add_shunt_t_rule "${SHUNT_LIST6}" "nft add rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") ip6 daddr" "counter jump PSW2_RULE" add_shunt_t_rule "${SHUNT_LIST6}" "nft add rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") ip6 daddr" "counter jump PSW2_RULE"
nft "add rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW2_RULE" nft "add rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW2_RULE"
nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp iif lo $(REDIRECT $REDIR_PORT TPROXY) comment \"本机\"" nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp iif lo $(REDIRECT $REDIR_PORT TPROXY) comment \"本机\""
nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp iif lo counter return comment \"本机\"" nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp iif lo counter return comment \"本机\""
fi }
[ -d "${TMP_IFACE_PATH}" ] && { [ -d "${TMP_IFACE_PATH}" ] && {
for iface in $(ls ${TMP_IFACE_PATH}); do for iface in $(ls ${TMP_IFACE_PATH}); do

59
luci-app-passwall2/root/usr/share/passwall2/rule_update.lua
View File

@ -1,12 +1,12 @@
#!/usr/bin/lua #!/usr/bin/lua
require 'nixio'
require 'luci.sys'
local luci = luci
local ucic = luci.model.uci.cursor()
local jsonc = require "luci.jsonc"
local name = 'passwall2'
local api = require "luci.passwall2.api" local api = require "luci.passwall2.api"
local name = api.appname
local fs = api.fs
local sys = api.sys
local uci = api.uci
local jsonc = api.jsonc
local arg1 = arg[1] local arg1 = arg[1]
local arg2 = arg[2] local arg2 = arg[2]
local arg3 = arg[3] local arg3 = arg[3]
@ -14,13 +14,13 @@ local arg3 = arg[3]
local reboot = 0 local reboot = 0
local geoip_update = 0 local geoip_update = 0
local geosite_update = 0 local geosite_update = 0
local asset_location = ucic:get_first(name, 'global_rules', "v2ray_location_asset", "/usr/share/v2ray/") local asset_location = uci:get_first(name, 'global_rules', "v2ray_location_asset", "/usr/share/v2ray/")
-- Custom geo file -- Custom geo file
local geoip_api = ucic:get_first(name, 'global_rules', "geoip_url", "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases/latest") local geoip_api = uci:get_first(name, 'global_rules', "geoip_url", "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases/latest")
local geosite_api = ucic:get_first(name, 'global_rules', "geosite_url", "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases/latest") local geosite_api = uci:get_first(name, 'global_rules', "geosite_url", "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases/latest")
-- --
local use_nft = ucic:get(name, "@global_forwarding[0]", "use_nft") or "0" local use_nft = uci:get(name, "@global_forwarding[0]", "use_nft") or "0"
if arg3 == "cron" then if arg3 == "cron" then
arg2 = nil arg2 = nil
@ -67,9 +67,9 @@ local function fetch_geoip()
f:write(content:gsub("geoip.dat", "/tmp/geoip.dat"), "") f:write(content:gsub("geoip.dat", "/tmp/geoip.dat"), "")
f:close() f:close()
if nixio.fs.access(asset_location .. "geoip.dat") then if fs.access(asset_location .. "geoip.dat") then
luci.sys.call(string.format("cp -f %s %s", asset_location .. "geoip.dat", "/tmp/geoip.dat")) sys.call(string.format("cp -f %s %s", asset_location .. "geoip.dat", "/tmp/geoip.dat"))
if luci.sys.call('sha256sum -c /tmp/geoip.dat.sha256sum > /dev/null 2>&1') == 0 then if sys.call('sha256sum -c /tmp/geoip.dat.sha256sum > /dev/null 2>&1') == 0 then
log("geoip 版本一致,无需更新。") log("geoip 版本一致,无需更新。")
return 1 return 1
end end
@ -77,8 +77,8 @@ local function fetch_geoip()
for _2, v2 in ipairs(json.assets) do for _2, v2 in ipairs(json.assets) do
if v2.name and v2.name == "geoip.dat" then if v2.name and v2.name == "geoip.dat" then
sret = curl(v2.browser_download_url, "/tmp/geoip.dat") sret = curl(v2.browser_download_url, "/tmp/geoip.dat")
if luci.sys.call('sha256sum -c /tmp/geoip.dat.sha256sum > /dev/null 2>&1') == 0 then if sys.call('sha256sum -c /tmp/geoip.dat.sha256sum > /dev/null 2>&1') == 0 then
luci.sys.call(string.format("mkdir -p %s && cp -f %s %s", asset_location, "/tmp/geoip.dat", asset_location .. "geoip.dat")) sys.call(string.format("mkdir -p %s && cp -f %s %s", asset_location, "/tmp/geoip.dat", asset_location .. "geoip.dat"))
reboot = 1 reboot = 1
log("geoip 更新成功。") log("geoip 更新成功。")
return 1 return 1
@ -118,9 +118,9 @@ local function fetch_geosite()
f:write(content:gsub("[^%s]+.dat", "/tmp/geosite.dat"), "") f:write(content:gsub("[^%s]+.dat", "/tmp/geosite.dat"), "")
f:close() f:close()
if nixio.fs.access(asset_location .. "geosite.dat") then if fs.access(asset_location .. "geosite.dat") then
luci.sys.call(string.format("cp -f %s %s", asset_location .. "geosite.dat", "/tmp/geosite.dat")) sys.call(string.format("cp -f %s %s", asset_location .. "geosite.dat", "/tmp/geosite.dat"))
if luci.sys.call('sha256sum -c /tmp/geosite.dat.sha256sum > /dev/null 2>&1') == 0 then if sys.call('sha256sum -c /tmp/geosite.dat.sha256sum > /dev/null 2>&1') == 0 then
log("geosite 版本一致,无需更新。") log("geosite 版本一致,无需更新。")
return 1 return 1
end end
@ -128,8 +128,8 @@ local function fetch_geosite()
for _2, v2 in ipairs(json.assets) do for _2, v2 in ipairs(json.assets) do
if v2.name and (v2.name == "geosite.dat" or v2.name == "dlc.dat") then if v2.name and (v2.name == "geosite.dat" or v2.name == "dlc.dat") then
sret = curl(v2.browser_download_url, "/tmp/geosite.dat") sret = curl(v2.browser_download_url, "/tmp/geosite.dat")
if luci.sys.call('sha256sum -c /tmp/geosite.dat.sha256sum > /dev/null 2>&1') == 0 then if sys.call('sha256sum -c /tmp/geosite.dat.sha256sum > /dev/null 2>&1') == 0 then
luci.sys.call(string.format("mkdir -p %s && cp -f %s %s", asset_location, "/tmp/geosite.dat", asset_location .. "geosite.dat")) sys.call(string.format("mkdir -p %s && cp -f %s %s", asset_location, "/tmp/geosite.dat", asset_location .. "geosite.dat"))
reboot = 1 reboot = 1
log("geosite 更新成功。") log("geosite 更新成功。")
return 1 return 1
@ -161,8 +161,8 @@ if arg2 then
end end
end) end)
else else
geoip_update = ucic:get_first(name, 'global_rules', "geoip_update", 1) geoip_update = uci:get_first(name, 'global_rules', "geoip_update", 1)
geosite_update = ucic:get_first(name, 'global_rules', "geosite_update", 1) geosite_update = uci:get_first(name, 'global_rules', "geosite_update", 1)
end end
if geoip_update == 0 and geosite_update == 0 then if geoip_update == 0 and geosite_update == 0 then
os.exit(0) os.exit(0)
@ -184,23 +184,22 @@ if tonumber(geosite_update) == 1 then
os.remove("/tmp/geosite.dat.sha256sum") os.remove("/tmp/geosite.dat.sha256sum")
end end
ucic:set(name, ucic:get_first(name, 'global_rules'), "geoip_update", geoip_update) uci:set(name, uci:get_first(name, 'global_rules'), "geoip_update", geoip_update)
ucic:set(name, ucic:get_first(name, 'global_rules'), "geosite_update", geosite_update) uci:set(name, uci:get_first(name, 'global_rules'), "geosite_update", geosite_update)
ucic:save(name) api.uci_save(uci, name, true)
luci.sys.call("uci commit " .. name)
if reboot == 1 then if reboot == 1 then
if arg3 == "cron" then if arg3 == "cron" then
if not nixio.fs.access("/var/lock/" .. name .. ".lock") then if not fs.access("/var/lock/" .. name .. ".lock") then
luci.sys.call("touch /tmp/lock/" .. name .. "_cron.lock") sys.call("touch /tmp/lock/" .. name .. "_cron.lock")
end end
end end
log("重启服务,应用新的规则。") log("重启服务,应用新的规则。")
if use_nft == "1" then if use_nft == "1" then
luci.sys.call("sh /usr/share/" .. name .. "/nftables.sh flush_nftset_reload > /dev/null 2>&1 &") sys.call("sh /usr/share/" .. name .. "/nftables.sh flush_nftset_reload > /dev/null 2>&1 &")
else else
luci.sys.call("sh /usr/share/" .. name .. "/iptables.sh flush_ipset_reload > /dev/null 2>&1 &") sys.call("sh /usr/share/" .. name .. "/iptables.sh flush_ipset_reload > /dev/null 2>&1 &")
end end
end end
log("规则更新完毕...") log("规则更新完毕...")

11
luci-app-passwall2/root/usr/share/passwall2/subscribe.lua
View File

@ -3,8 +3,6 @@
------------------------------------------------ ------------------------------------------------
-- @author William Chan <root@williamchan.me> -- @author William Chan <root@williamchan.me>
------------------------------------------------ ------------------------------------------------
require 'nixio'
require 'luci.model.uci'
require 'luci.util' require 'luci.util'
require 'luci.jsonc' require 'luci.jsonc'
require 'luci.sys' require 'luci.sys'
@ -20,6 +18,7 @@ local split = api.split
local jsonParse, jsonStringify = luci.jsonc.parse, luci.jsonc.stringify local jsonParse, jsonStringify = luci.jsonc.parse, luci.jsonc.stringify
local base64Decode = api.base64Decode local base64Decode = api.base64Decode
local uci = api.libuci local uci = api.libuci
local fs = api.fs
uci:revert(appname) uci:revert(appname)
local has_ss = api.is_finded("ss-redir") local has_ss = api.is_finded("ss-redir")
@ -1282,7 +1281,7 @@ local function truncate_nodes(add_from)
end end
end end
end) end)
uci:commit(appname) api.uci_save(uci, appname, true)
end end
local function select_node(nodes, config) local function select_node(nodes, config)
@ -1434,7 +1433,7 @@ local function update_node(manual)
end end
end end
end end
uci:commit(appname) api.uci_save(uci, appname, true)
if next(CONFIG) then if next(CONFIG) then
local nodes = {} local nodes = {}
@ -1469,11 +1468,11 @@ local function update_node(manual)
end end
]]-- ]]--
uci:commit(appname) api.uci_save(uci, appname, true)
end end
if arg[3] == "cron" then if arg[3] == "cron" then
if not nixio.fs.access("/var/lock/" .. appname .. ".lock") then if not fs.access("/var/lock/" .. appname .. ".lock") then
luci.sys.call("touch /tmp/lock/" .. appname .. "_cron.lock") luci.sys.call("touch /tmp/lock/" .. appname .. "_cron.lock")
end end
end end