zhao/openwrt_helloworld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mihomo: sync upstream

Browse Source 
last commit: c9e95eeff9
This commit is contained in:
gitea-action 2025-01-02 23:00:28 +08:00
parent 7061faa09a
commit 8668cee5dc
3 changed files with 23 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mihomo/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=mihomo PKG_NAME:=mihomo
PKG_RELEASE:=1 PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/MetaCubeX/mihomo.git PKG_SOURCE_URL:=https://github.com/MetaCubeX/mihomo.git

10
mihomo/files/mihomo.init
View File

@ -350,11 +350,12 @@ service_started() {
config_get_bool router_proxy "proxy" "router_proxy" 0 config_get_bool router_proxy "proxy" "router_proxy" 0
config_get_bool lan_proxy "proxy" "lan_proxy" 0 config_get_bool lan_proxy "proxy" "lan_proxy" 0
### access control ### access control
local access_control_mode bypass_china_mainland_ip proxy_tcp_dport proxy_udp_dport local access_control_mode bypass_china_mainland_ip proxy_tcp_dport proxy_udp_dport bypass_dscp
config_get access_control_mode "proxy" "access_control_mode" config_get access_control_mode "proxy" "access_control_mode"
config_get_bool bypass_china_mainland_ip "proxy" "bypass_china_mainland_ip" 0 config_get_bool bypass_china_mainland_ip "proxy" "bypass_china_mainland_ip" 0
config_get proxy_tcp_dport "proxy" "proxy_tcp_dport" "0-65535" config_get proxy_tcp_dport "proxy" "proxy_tcp_dport" "0-65535"
config_get proxy_udp_dport "proxy" "proxy_udp_dport" "0-65535" config_get proxy_udp_dport "proxy" "proxy_udp_dport" "0-65535"
config_get bypass_dscp "proxy" "bypass_dscp"
# prepare # prepare
local tproxy_enable; tproxy_enable=0 local tproxy_enable; tproxy_enable=0
if [[ "$tcp_transparent_proxy_mode" == "tproxy" || "$udp_transparent_proxy_mode" == "tproxy" ]]; then if [[ "$tcp_transparent_proxy_mode" == "tproxy" || "$udp_transparent_proxy_mode" == "tproxy" ]]; then
@ -477,6 +478,13 @@ service_started() {
for proxy_dport in $proxy_udp_dport; do for proxy_dport in $proxy_udp_dport; do
nft add element inet "$FW_TABLE" proxy_dport \{ "udp" . "$proxy_dport" \} nft add element inet "$FW_TABLE" proxy_dport \{ "udp" . "$proxy_dport" \}
done done
if [ -n "$bypass_dscp" ]; then
log "Transparent Proxy" "Bypass DSCP: $bypass_dscp."
local dscp
for dscp in $bypass_dscp; do
nft add element inet "$FW_TABLE" bypass_dscp \{ "$dscp" \}
done
fi
# router proxy # router proxy
if [ "$router_proxy" == 1 ]; then if [ "$router_proxy" == 1 ]; then
log "Transparent Proxy" "Set proxy for router." log "Transparent Proxy" "Set proxy for router."

13
mihomo/files/nftables/hijack.nft
View File

@ -16,6 +16,11 @@ table inet mihomo {
} }
} }
set bypass_dscp {
type dscp
flags interval
}
set dns_hijack_nfproto { set dns_hijack_nfproto {
type nf_proto type nf_proto
flags interval flags interval
@ -178,6 +183,8 @@ table inet mihomo {
ip6 daddr @china_ip6 counter return ip6 daddr @china_ip6 counter return
meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != $FAKE_IP counter return meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != $FAKE_IP counter return
meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return
meta l4proto { tcp, udp } ip dscp == @bypass_dscp counter return
meta l4proto { tcp, udp } ip6 dscp == @bypass_dscp counter return
} }
chain nat_output { chain nat_output {
@ -192,6 +199,8 @@ table inet mihomo {
ip6 daddr @china_ip6 counter return ip6 daddr @china_ip6 counter return
meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != $FAKE_IP counter return meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != $FAKE_IP counter return
meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return
meta l4proto { tcp, udp } ip dscp == @bypass_dscp counter return
meta l4proto { tcp, udp } ip6 dscp == @bypass_dscp counter return
} }
chain mangle_prerouting { chain mangle_prerouting {
@ -206,6 +215,8 @@ table inet mihomo {
ip6 daddr @china_ip6 counter return ip6 daddr @china_ip6 counter return
meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != $FAKE_IP counter return meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != $FAKE_IP counter return
meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return
meta l4proto { tcp, udp } ip dscp == @bypass_dscp counter return
meta l4proto { tcp, udp } ip6 dscp == @bypass_dscp counter return
meta l4proto udp th dport 53 counter return meta l4proto udp th dport 53 counter return
} }
@ -221,6 +232,8 @@ table inet mihomo {
ip6 daddr @china_ip6 counter return ip6 daddr @china_ip6 counter return
meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != $FAKE_IP counter return meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != $FAKE_IP counter return
meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return
meta l4proto { tcp, udp } ip dscp == @bypass_dscp counter return
meta l4proto { tcp, udp } ip6 dscp == @bypass_dscp counter return
meta l4proto udp th dport 53 counter return meta l4proto udp th dport 53 counter return
} }
} }