luci-app-passwall: sync upstream

last commit: a0dd95167b
2024-08-18 11:00:10 +08:00 · 2024-08-18 11:00:10 +08:00 · 89c19c8344
commit 89c19c8344
parent a48deafd3f
6 changed files with 410 additions and 409 deletions
--- a/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/luci-app-passwall/root/usr/share/passwall/app.sh
@ -543,8 +543,8 @@ run_chinadns_ng() {
 		local vpslist4_set="passwall_vpslist"
 		local vpslist6_set="passwall_vpslist6"
 		[ "$nftflag" = "1" ] && {
-			vpslist4_set="inet@fw4@${vpslist4_set}"
-			vpslist6_set="inet@fw4@${vpslist6_set}"
+			vpslist4_set="inet@passwall@${vpslist4_set}"
+			vpslist6_set="inet@passwall@${vpslist6_set}"
 		}
 		cat <<-EOF >> ${_CONF_FILE}
 			group vpslist
@ -558,8 +558,8 @@ run_chinadns_ng() {
 		local whitelist4_set="passwall_whitelist"
 		local whitelist6_set="passwall_whitelist6"
 		[ "$nftflag" = "1" ] && {
-			whitelist4_set="inet@fw4@${whitelist4_set}"
-			whitelist6_set="inet@fw4@${whitelist6_set}"
+			whitelist4_set="inet@passwall@${whitelist4_set}"
+			whitelist6_set="inet@passwall@${whitelist6_set}"
 		}
 		cat <<-EOF >> ${_CONF_FILE}
 			group directlist
@ -573,8 +573,8 @@ run_chinadns_ng() {
 		local blacklist4_set="passwall_blacklist"
 		local blacklist6_set="passwall_blacklist6"
 		[ "$nftflag" = "1" ] && {
-			blacklist4_set="inet@fw4@${blacklist4_set}"
-			blacklist6_set="inet@fw4@${blacklist6_set}"
+			blacklist4_set="inet@passwall@${blacklist4_set}"
+			blacklist6_set="inet@passwall@${blacklist6_set}"
 		}
 		cat <<-EOF >> ${_CONF_FILE}
 			group proxylist
@ -589,8 +589,8 @@ run_chinadns_ng() {
 		local gfwlist4_set="passwall_gfwlist"
 		local gfwlist6_set="passwall_gfwlist6"
 		[ "$nftflag" = "1" ] && {
-			gfwlist4_set="inet@fw4@${gfwlist4_set}"
-			gfwlist6_set="inet@fw4@${gfwlist6_set}"
+			gfwlist4_set="inet@passwall@${gfwlist4_set}"
+			gfwlist6_set="inet@passwall@${gfwlist6_set}"
 		}
 		cat <<-EOF >> ${_CONF_FILE}
 			gfwlist-file ${RULES_PATH}/gfwlist
@ -603,8 +603,8 @@ run_chinadns_ng() {
 		local chnroute4_set="passwall_chnroute"
 		local chnroute6_set="passwall_chnroute6"
 		[ "$nftflag" = "1" ] && {
-			chnroute4_set="inet@fw4@${chnroute4_set}"
-			chnroute6_set="inet@fw4@${chnroute6_set}"
+			chnroute4_set="inet@passwall@${chnroute4_set}"
+			chnroute6_set="inet@passwall@${chnroute6_set}"
 		}

 		[ "${_chnlist}" = "direct" ] && {
--- a/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua
+++ b/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua
@ -185,8 +185,8 @@ if USE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then
 	dnsmasq_default_dns = CHINADNS_DNS
 end

-local setflag_4= (NFTFLAG == "1") and "4#inet#fw4#" or ""
-local setflag_6= (NFTFLAG == "1") and "6#inet#fw4#" or ""
+local setflag_4= (NFTFLAG == "1") and "4#inet#passwall#" or ""
+local setflag_6= (NFTFLAG == "1") and "6#inet#passwall#" or ""

 if not fs.access(CACHE_DNS_PATH) then
 	fs.mkdir("/tmp/dnsmasq.d")
--- a/luci-app-passwall/root/usr/share/passwall/nftables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/nftables.sh
--- a/luci-app-passwall/root/usr/share/passwall/rule_update.lua
+++ b/luci-app-passwall/root/usr/share/passwall/rule_update.lua
@ -11,6 +11,7 @@ local arg1 = arg[1]
 local arg2 = arg[2]
 local arg3 = arg[3]

+local nftable_name = "inet passwall"
 local rule_path = "/usr/share/" .. name .. "/rules"
 local reboot = 0
 local gfwlist_update = 0
@ -60,10 +61,10 @@ local function gen_nftset(set_name, ip_type, tmp_file, input_file)
 	nft_file, err = io.open(tmp_file, "w")
 	nft_file:write('#!/usr/sbin/nft -f\n')
 	nft_file:write(string.format('define %s = {%s}\n', set_name, string.gsub(element, "%s*%c+", " timeout 3650d, ")))
-	if luci.sys.call(string.format('nft "list set inet fw4 %s" >/dev/null 2>&1', set_name)) ~= 0 then
-		nft_file:write(string.format('add set inet fw4 %s { type %s; flags interval, timeout; timeout 2d; gc-interval 2d; auto-merge; }\n', set_name, ip_type))
+	if luci.sys.call(string.format('nft "list set %s %s" >/dev/null 2>&1', nftable_name, set_name)) ~= 0 then
+		nft_file:write(string.format('add set %s %s { type %s; flags interval, timeout; timeout 2d; gc-interval 2d; auto-merge; }\n', nftable_name, set_name, ip_type))
 	end
-	nft_file:write(string.format('add element inet fw4 %s $%s\n', set_name, set_name))
+	nft_file:write(string.format('add element %s %s $%s\n', nftable_name, set_name, set_name))
 	nft_file:close()
 	luci.sys.call(string.format('nft -f %s &>/dev/null',tmp_file))
 	os.remove(tmp_file)
@ -75,9 +76,9 @@ local function gen_cache(set_name, ip_type, input_file, output_file)
 	local tmp_file = output_file .. "_tmp"
 	local tmp_set_name = set_name .. "_tmp"
 	gen_nftset(tmp_set_name, ip_type, tmp_file, input_file)
-	luci.sys.call("nft list set inet fw4 " ..tmp_set_name.. " | sed 's/" ..tmp_set_name.. "/" ..set_name.. "/g' | cat > " ..output_file)
-	luci.sys.call("nft flush set inet fw4 " ..tmp_set_name)
-	luci.sys.call("nft delete set inet fw4 " ..tmp_set_name)
+	luci.sys.call(string.format('nft list set %s %s | sed "s/%s/%s/g" | cat > %s', nftable_name, tmp_set_name, tmp_set_name, set_name, output_file))
+	luci.sys.call(string.format('nft flush set %s %s', nftable_name, tmp_set_name))
+	luci.sys.call(string.format('nft delete set %s %s', nftable_name, tmp_set_name))
 end

 -- curl
--- a/luci-app-passwall/root/usr/share/passwall/rules/lanlist_ipv4
+++ b/luci-app-passwall/root/usr/share/passwall/rules/lanlist_ipv4
@ -8,9 +8,10 @@
 192.0.2.0/24
 192.88.99.0/24
 192.168.0.0/16
-198.19.0.0/16
+198.18.0.0/15
 198.51.100.0/24
 203.0.113.0/24
 224.0.0.0/4
+233.252.0.0/24
 240.0.0.0/4
 255.255.255.255/32
--- a/luci-app-passwall/root/usr/share/passwall/rules/lanlist_ipv6
+++ b/luci-app-passwall/root/usr/share/passwall/rules/lanlist_ipv6
@ -1,12 +1,16 @@
 ::/128
 ::1/128
+::ffff:0:0/96
 ::ffff:0:0:0/96
 64:ff9b::/96
+64:ff9b:1::/48
 100::/64
 2001::/32
 2001:20::/28
 2001:db8::/32
 2002::/16
+3fff::/20
+5f00::/16
 fc00::/7
-fe80::/10
+fe80::/64
 ff00::/8