From 92f3696ec8c6c663f6add972d6770db9909351bf Mon Sep 17 00:00:00 2001 From: gitea-action Date: Sat, 9 Nov 2024 18:03:46 +0800 Subject: [PATCH] mihomo: sync upstream last commit: https://github.com/morytyann/OpenWrt-mihomo/commit/00d17e4ad0b8ff2e7f0cd253c57d80954e6c8556 --- mihomo/Makefile | 3 +- mihomo/files/mihomo.init | 77 ++++++++++++++++++++++--------- mihomo/files/mihomo.upgrade | 1 + mihomo/files/nftables/hijack.nft | 20 ++++---- mihomo/files/scripts/constants.sh | 1 + 5 files changed, 69 insertions(+), 33 deletions(-) diff --git a/mihomo/Makefile b/mihomo/Makefile index 564071814..bbb503e59 100644 --- a/mihomo/Makefile +++ b/mihomo/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=mihomo -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/MetaCubeX/mihomo.git @@ -53,6 +53,7 @@ define Package/mihomo/install $(INSTALL_DIR) $(1)/etc/mihomo/scripts $(INSTALL_DIR) $(1)/etc/mihomo/nftables $(INSTALL_DIR) $(1)/etc/mihomo/profiles + $(INSTALL_DIR) $(1)/etc/mihomo/subscriptions $(INSTALL_DIR) $(1)/etc/mihomo/run $(INSTALL_DIR) $(1)/etc/mihomo/run/ui diff --git a/mihomo/files/mihomo.init b/mihomo/files/mihomo.init index 1d5a75a81..1d0ee102f 100644 --- a/mihomo/files/mihomo.init +++ b/mihomo/files/mihomo.init @@ -7,6 +7,8 @@ USE_PROCD=1 . "$IPKG_INSTROOT/lib/functions/network.sh" . "$IPKG_INSTROOT/etc/mihomo/scripts/constants.sh" +extra_command 'update_subscription' 'Update subscription by section id' + boot() { # prepare log prepare_log @@ -141,21 +143,38 @@ start_service() { # get profile if [[ "$profile" == "file:"* ]]; then local profile_name; profile_name=$(basename "${profile/file:/}") - cp -f "$PROFILES_DIR/$profile_name" "$RUN_PROFILE_PATH" - log "Use Profile: $profile_name" - elif [[ "$profile" == "subscription:"* ]]; then - local subscription_section; subscription_section="${profile/subscription:/}" - local subscription_name subscription_url subscription_user_agent - config_get subscription_name "$subscription_section" "name" - config_get subscription_url "$subscription_section" "url" - config_get subscription_user_agent "$subscription_section" "user_agent" - curl -s --connect-timeout 15 --retry 3 -o "$RUN_PROFILE_PATH" -L -H "User-Agent: $subscription_user_agent" "$subscription_url" - if [ "$?" != 0 ]; then - log "Subscription download failed." + local profile_file; profile_file="$PROFILES_DIR/$profile_name" + log "Use Profile: $profile_name." + if [ ! -f "$profile_file" ]; then + log "File not found." log "Exiting..." return fi - log "Use Subscription: $subscription_name" + cp -f "$profile_file" "$RUN_PROFILE_PATH" + elif [[ "$profile" == "subscription:"* ]]; then + local subscription_section; subscription_section="${profile/subscription:/}" + local subscription_name subscription_url subscription_user_agent subscription_prefer + config_get subscription_name "$subscription_section" "name" + config_get subscription_url "$subscription_section" "url" + config_get subscription_user_agent "$subscription_section" "user_agent" + config_get subscription_prefer "$subscription_section" "prefer" "remote" + log "Use Subscription: $subscription_name." + local subscription_tmpfile; subscription_tmpfile="/tmp/$subscription_section.yaml" + local subscription_file; subscription_file="$SUBSCRIPTIONS_DIR/$subscription_section.yaml" + if [ "$subscription_prefer" == "remote" ] || [[ "$subscription_prefer" == "local" && ! -f "$subscription_file" ]]; then + if (curl -s -f --connect-timeout 15 --retry 3 -o "$subscription_tmpfile" -L -H "User-Agent: $subscription_user_agent" "$subscription_url"); then + log "Subscription download succeed." + cp -f "$subscription_tmpfile" "$subscription_file" + else + log "Subscription download failed, fallback to subscription file." + fi + fi + if [ ! -f "$subscription_file" ]; then + log "Subscription file not found." + log "Exiting..." + return + fi + cp -f "$subscription_file" "$RUN_PROFILE_PATH" else log "No profile/subscription selected." log "Exiting..." @@ -320,10 +339,6 @@ start_service() { nft -f "$HIJACK_NFT" -D FW_MARK="$FW_MARK" -D FW_MARK_MASK="$FW_MARK_MASK" -D TUN_DEVICE="$TUN_DEVICE" -D DNS_PORT="$dns_port" -D REDIR_PORT="$redir_port" -D TPROXY_PORT="$tproxy_port" nft -f "$RESERVED_IP_NFT" nft -f "$RESERVED_IP6_NFT" - if [ "$tcp_transparent_proxy_mode" != "redirect" ]; then - nft flush chain inet "$FW_TABLE" nat_output - nft flush chain inet "$FW_TABLE" dstnat - fi nft add element inet "$FW_TABLE" bypass_group \{ "$MIHOMO_GROUP" \} nft add element inet "$FW_TABLE" fake_ip \{ "$fake_ip_range" \} # dns hijack @@ -367,10 +382,12 @@ start_service() { # router proxy if [ "$router_proxy" == 1 ]; then log "Transparent Proxy: Router Proxy is enabled, set proxy for router." - nft insert rule inet "$FW_TABLE" nat_output jump router_dns_hijack if [ "$tcp_transparent_proxy_mode" == "redirect" ]; then - nft add rule inet "$FW_TABLE" nat_output meta l4proto tcp jump router_redirect + nft insert rule inet "$FW_TABLE" nat_output jump router_dns_hijack + nft add rule inet "$FW_TABLE" nat_output meta l4proto tcp jump router_${tcp_transparent_proxy_mode} else + nft flush chain inet "$FW_TABLE" nat_output + nft add rule inet "$FW_TABLE" nat_output jump router_dns_hijack nft add rule inet "$FW_TABLE" mangle_output meta l4proto tcp jump router_reroute fi nft add rule inet "$FW_TABLE" mangle_output meta l4proto udp jump router_reroute @@ -389,10 +406,12 @@ start_service() { config_list_foreach "proxy" "acl_ip" add_acl_ip config_list_foreach "proxy" "acl_ip6" add_acl_ip6 config_list_foreach "proxy" "acl_mac" add_acl_mac - nft insert rule inet "$FW_TABLE" dstnat jump "${access_control_mode}_dns_hijack" if [ "$tcp_transparent_proxy_mode" == "redirect" ]; then - nft add rule inet "$FW_TABLE" dstnat meta l4proto tcp jump "${access_control_mode}_redirect" + nft insert rule inet "$FW_TABLE" dstnat jump "${access_control_mode}_dns_hijack" + nft add rule inet "$FW_TABLE" dstnat meta l4proto tcp jump "${access_control_mode}_${tcp_transparent_proxy_mode}" else + nft flush chain inet "$FW_TABLE" dstnat + nft add rule inet "$FW_TABLE" dstnat jump "${access_control_mode}_dns_hijack" nft add rule inet "$FW_TABLE" mangle_prerouting meta l4proto tcp jump "${access_control_mode}_${tcp_transparent_proxy_mode}" fi nft add rule inet "$FW_TABLE" mangle_prerouting meta l4proto udp jump "${access_control_mode}_${udp_transparent_proxy_mode}" @@ -476,7 +495,7 @@ cleanup() { sysctl -q -w net.bridge.bridge-nf-call-ip6tables=1 fi # delete cron - sed -i '/#mihomo/d' "/etc/crontabs/root" > /dev/null 2>&1 + sed -i "/#mihomo/d" "/etc/crontabs/root" > /dev/null 2>&1 /etc/init.d/cron restart } @@ -497,7 +516,7 @@ prepare_log() { } log() { - echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" >> "$APP_LOG_PATH" + echo "[$(date "+%Y-%m-%d %H:%M:%S")] $1" >> "$APP_LOG_PATH" } mixin_authentications() { @@ -584,3 +603,17 @@ add_acl_ip6() { add_acl_mac() { nft add element inet "$FW_TABLE" acl_mac \{ "$1" \} } + +update_subscription() { + local subscription_section; subscription_section="$1" + if [ -n "$subscription_section" ]; then + config_load mihomo + local profile subscription_name subscription_url subscription_user_agent + config_get profile "config" "profile" + config_get subscription_name "$subscription_section" "name" + config_get subscription_url "$subscription_section" "url" + config_get subscription_user_agent "$subscription_section" "user_agent" + local subscription_file; subscription_file="$SUBSCRIPTIONS_DIR/$subscription_section.yaml" + curl -s -f --connect-timeout 15 --retry 3 -o "$subscription_file" -L -H "User-Agent: $subscription_user_agent" "$subscription_url" + fi +} diff --git a/mihomo/files/mihomo.upgrade b/mihomo/files/mihomo.upgrade index 11002e1cf..aa5a95298 100644 --- a/mihomo/files/mihomo.upgrade +++ b/mihomo/files/mihomo.upgrade @@ -1,4 +1,5 @@ /etc/mihomo/profiles/ +/etc/mihomo/subscriptions/ /etc/mihomo/mixin.yaml /etc/mihomo/nftables/reserved_ip.nft /etc/mihomo/nftables/reserved_ip6.nft diff --git a/mihomo/files/nftables/hijack.nft b/mihomo/files/nftables/hijack.nft index 4cc55544b..13fdb9979 100644 --- a/mihomo/files/nftables/hijack.nft +++ b/mihomo/files/nftables/hijack.nft @@ -75,24 +75,24 @@ table inet mihomo { chain router_dns_hijack { meta skgid @bypass_group counter return - meta nfproto @dns_hijack_nfproto meta l4proto { tcp, udp } th dport 53 oifname lo counter redirect to :$DNS_PORT + meta nfproto @dns_hijack_nfproto meta l4proto udp th dport 53 counter redirect to :$DNS_PORT } chain all_dns_hijack { - meta nfproto @dns_hijack_nfproto meta l4proto { tcp, udp } th dport 53 counter redirect to :$DNS_PORT + meta nfproto @dns_hijack_nfproto meta l4proto udp th dport 53 counter redirect to :$DNS_PORT } chain allow_dns_hijack { - meta nfproto @dns_hijack_nfproto meta l4proto { tcp, udp } th dport 53 ip saddr @acl_ip counter redirect to :$DNS_PORT - meta nfproto @dns_hijack_nfproto meta l4proto { tcp, udp } th dport 53 ip6 saddr @acl_ip6 counter redirect to :$DNS_PORT - meta nfproto @dns_hijack_nfproto meta l4proto { tcp, udp } th dport 53 ether saddr @acl_mac counter redirect to :$DNS_PORT + meta nfproto @dns_hijack_nfproto meta l4proto udp th dport 53 ip saddr @acl_ip counter redirect to :$DNS_PORT + meta nfproto @dns_hijack_nfproto meta l4proto udp th dport 53 ip6 saddr @acl_ip6 counter redirect to :$DNS_PORT + meta nfproto @dns_hijack_nfproto meta l4proto udp th dport 53 ether saddr @acl_mac counter redirect to :$DNS_PORT } chain block_dns_hijack { - meta nfproto @dns_hijack_nfproto meta l4proto { tcp, udp } th dport 53 ip saddr @acl_ip counter return - meta nfproto @dns_hijack_nfproto meta l4proto { tcp, udp } th dport 53 ip6 saddr @acl_ip6 counter return - meta nfproto @dns_hijack_nfproto meta l4proto { tcp, udp } th dport 53 ether saddr @acl_mac counter return - meta nfproto @dns_hijack_nfproto meta l4proto { tcp, udp } th dport 53 counter redirect to :$DNS_PORT + meta nfproto @dns_hijack_nfproto meta l4proto udp th dport 53 ip saddr @acl_ip counter return + meta nfproto @dns_hijack_nfproto meta l4proto udp th dport 53 ip6 saddr @acl_ip6 counter return + meta nfproto @dns_hijack_nfproto meta l4proto udp th dport 53 ether saddr @acl_mac counter return + meta nfproto @dns_hijack_nfproto meta l4proto udp th dport 53 counter redirect to :$DNS_PORT } chain all_redirect { @@ -182,7 +182,7 @@ table inet mihomo { chain mangle_prerouting { type filter hook prerouting priority mangle; policy accept; meta l4proto { tcp, udp } iifname lo meta mark & $FW_MARK_MASK == $FW_MARK tproxy to :$TPROXY_PORT counter accept - meta l4proto { tcp, udp } iifname $TUN_DEVICE counter return + meta l4proto { tcp, udp } iifname $TUN_DEVICE counter accept fib daddr type local counter return ct direction reply counter return ip daddr @reserved_ip counter return diff --git a/mihomo/files/scripts/constants.sh b/mihomo/files/scripts/constants.sh index 22b43aed3..6788428f5 100644 --- a/mihomo/files/scripts/constants.sh +++ b/mihomo/files/scripts/constants.sh @@ -18,6 +18,7 @@ TUN_DEVICE="mihomo" PROG="/usr/bin/mihomo" HOME_DIR="/etc/mihomo" PROFILES_DIR="$HOME_DIR/profiles" +SUBSCRIPTIONS_DIR="$HOME_DIR/subscriptions" MIXIN_FILE_PATH="$HOME_DIR/mixin.yaml" RUN_DIR="$HOME_DIR/run" RUN_PROFILE_PATH="$RUN_DIR/config.yaml"