From a8d24e1b338320840b9819f801df158ffd47f28b Mon Sep 17 00:00:00 2001
From: gitea-action <git@cooluc.com>
Date: Sun, 23 Feb 2025 21:30:58 +0800
Subject: [PATCH] nikki: sync upstream

last commit: https://github.com/nikkinikki-org/OpenWrt-nikki/commit/e91acf2dd8d1a4ebd09161cc3ec879c39b1b4564
---
 nikki/Makefile                      |  2 +-
 nikki/files/nikki.conf              |  1 +
 nikki/files/uci-defaults/migrate.sh |  6 +++++-
 nikki/files/ucode/hijack.ut         | 23 +++++++++++++++--------
 4 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/nikki/Makefile b/nikki/Makefile
index f3b552209..1e6521fb3 100644
--- a/nikki/Makefile
+++ b/nikki/Makefile
@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=nikki
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/MetaCubeX/mihomo.git
diff --git a/nikki/files/nikki.conf b/nikki/files/nikki.conf
index 2cea67272..cc1c4603f 100644
--- a/nikki/files/nikki.conf
+++ b/nikki/files/nikki.conf
@@ -18,6 +18,7 @@ config proxy 'proxy'
 	option 'ipv6_dns_hijack' '1'
 	option 'ipv4_proxy' '1'
 	option 'ipv6_proxy' '0'
+	option 'fake_ip_ping_hijack' '0'
 	option 'router_proxy' '1'
 	option 'lan_proxy' '1'
 	option 'access_control_mode' 'all'
diff --git a/nikki/files/uci-defaults/migrate.sh b/nikki/files/uci-defaults/migrate.sh
index d6f1d192f..9fda9c933 100644
--- a/nikki/files/uci-defaults/migrate.sh
+++ b/nikki/files/uci-defaults/migrate.sh
@@ -12,7 +12,11 @@ mixin_rule_provider=$(uci -q get nikki.mixin.rule_provider); [ -z "$mixin_rule_p
 
 mixin_ui_path=$(uci -q get nikki.mixin.ui_path); [ -z "$mixin_ui_path" ] && uci set nikki.mixin.ui_path=ui
 
-uci show nikki | grep -E 'nikki.@rule\[[[:digit:]]+\]=rule' | sed 's/nikki.@rule\[\([[:digit:]]\+\)\]=rule/rename nikki.@rule[\1].match=matcher/' | uci batch
+uci show nikki | grep -E 'nikki.@rule\[[[:digit:]]+\].match=' | sed 's/nikki.@rule\[\([[:digit:]]\+\)\].match=.*/rename nikki.@rule[\1].match=matcher/' | uci batch
+
+# since v1.19.1
+
+fake_ip_ping_hijack=$(uci -q get nikki.proxy.fake_ip_ping_hijack); [ -z "$fake_ip_ping_hijack" ] && uci set nikki.proxy.fake_ip_ping_hijack=0
 
 # commit
 uci commit nikki
diff --git a/nikki/files/ucode/hijack.ut b/nikki/files/ucode/hijack.ut
index c5b5074ea..a5a975521 100644
--- a/nikki/files/ucode/hijack.ut
+++ b/nikki/files/ucode/hijack.ut
@@ -28,6 +28,7 @@
 	const ipv6_dns_hijack = uci.get('nikki', 'proxy', 'ipv6_dns_hijack');
 	const ipv4_proxy = uci.get('nikki', 'proxy', 'ipv4_proxy');
 	const ipv6_proxy = uci.get('nikki', 'proxy', 'ipv6_proxy');
+	const fake_ip_ping_hijack = uci.get('nikki', 'proxy', 'fake_ip_ping_hijack');
 	const router_proxy = uci.get('nikki', 'proxy', 'router_proxy');
 	const lan_proxy = uci.get('nikki', 'proxy', 'lan_proxy');
 
@@ -312,10 +313,13 @@ table inet nikki {
 		ip6 daddr @china_ip6 counter return
 		meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != {{ fake_ip_range }} counter return
 		meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return
-		meta l4proto { tcp, udp } ip dscp == @bypass_dscp ip daddr != {{ fake_ip_range }} counter return
-		meta l4proto { tcp, udp } ip6 dscp == @bypass_dscp counter return
+		meta l4proto { tcp, udp } ip dscp @bypass_dscp ip daddr != {{ fake_ip_range }} counter return
+		meta l4proto { tcp, udp } ip6 dscp @bypass_dscp counter return
 		meta nfproto @proxy_nfproto meta l4proto tcp counter redirect to :{{ redir_port }}
 		{% endif %}
+		{% if (fake_ip_ping_hijack == '1'): %}
+		ip protocol icmp ip daddr {{ fake_ip_range }} counter redirect
+		{% endif %}
 	}
 
 	chain mangle_output {
@@ -330,8 +334,8 @@ table inet nikki {
 		ip6 daddr @china_ip6 counter return
 		meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != {{ fake_ip_range }} counter return
 		meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return
-		meta l4proto { tcp, udp } ip dscp == @bypass_dscp ip daddr != {{ fake_ip_range }} counter return
-		meta l4proto { tcp, udp } ip6 dscp == @bypass_dscp counter return
+		meta l4proto { tcp, udp } ip dscp @bypass_dscp ip daddr != {{ fake_ip_range }} counter return
+		meta l4proto { tcp, udp } ip6 dscp @bypass_dscp counter return
 		meta nfproto @dns_hijack_nfproto meta l4proto { tcp, udp } th dport 53 counter return
 		{% if (tcp_transparent_proxy_mode == 'tproxy'): %}
 		meta nfproto @proxy_nfproto meta l4proto tcp meta mark set {{ tproxy_fw_mark }} counter
@@ -369,10 +373,13 @@ table inet nikki {
 		ip6 daddr @china_ip6 counter return
 		meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != {{ fake_ip_range }} counter return
 		meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return
-		meta l4proto { tcp, udp } ip dscp == @bypass_dscp ip daddr != {{ fake_ip_range }} counter return
-		meta l4proto { tcp, udp } ip6 dscp == @bypass_dscp counter return
+		meta l4proto { tcp, udp } ip dscp @bypass_dscp ip daddr != {{ fake_ip_range }} counter return
+		meta l4proto { tcp, udp } ip6 dscp @bypass_dscp counter return
 		meta nfproto @proxy_nfproto jump {{ access_control_mode }}_redirect
 		{% endif %}
+		{% if (fake_ip_ping_hijack == '1'): %}
+		ip protocol icmp ip daddr {{ fake_ip_range }} counter redirect
+		{% endif %}
 	}
 
 	chain mangle_prerouting_lan {
@@ -385,8 +392,8 @@ table inet nikki {
 		ip6 daddr @china_ip6 counter return
 		meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != {{ fake_ip_range }} counter return
 		meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return
-		meta l4proto { tcp, udp } ip dscp == @bypass_dscp ip daddr != {{ fake_ip_range }} counter return
-		meta l4proto { tcp, udp } ip6 dscp == @bypass_dscp counter return
+		meta l4proto { tcp, udp } ip dscp @bypass_dscp ip daddr != {{ fake_ip_range }} counter return
+		meta l4proto { tcp, udp } ip6 dscp @bypass_dscp counter return
 		meta nfproto @dns_hijack_nfproto meta l4proto { tcp, udp } th dport 53 counter return
 		{% if (tcp_transparent_proxy_mode == 'tproxy'): %}
 		meta nfproto @proxy_nfproto meta l4proto tcp jump {{ access_control_mode }}_tproxy