zhao/openwrt_helloworld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nikki: sync upstream

Browse Source 
last commit: e91acf2dd8
This commit is contained in:
gitea-action 2025-02-23 21:30:58 +08:00
parent 4da19477bc
commit a8d24e1b33
4 changed files with 22 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nikki/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=nikki PKG_NAME:=nikki
PKG_RELEASE:=2 PKG_RELEASE:=3
PKG_SOURCE_PROTO:=git PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/MetaCubeX/mihomo.git PKG_SOURCE_URL:=https://github.com/MetaCubeX/mihomo.git

1
nikki/files/nikki.conf
View File

@ -18,6 +18,7 @@ config proxy 'proxy'
option 'ipv6_dns_hijack' '1' option 'ipv6_dns_hijack' '1'
option 'ipv4_proxy' '1' option 'ipv4_proxy' '1'
option 'ipv6_proxy' '0' option 'ipv6_proxy' '0'
option 'fake_ip_ping_hijack' '0'
option 'router_proxy' '1' option 'router_proxy' '1'
option 'lan_proxy' '1' option 'lan_proxy' '1'
option 'access_control_mode' 'all' option 'access_control_mode' 'all'

6
nikki/files/uci-defaults/migrate.sh
View File

@ -12,7 +12,11 @@ mixin_rule_provider=$(uci -q get nikki.mixin.rule_provider); [ -z "$mixin_rule_p
mixin_ui_path=$(uci -q get nikki.mixin.ui_path); [ -z "$mixin_ui_path" ] && uci set nikki.mixin.ui_path=ui mixin_ui_path=$(uci -q get nikki.mixin.ui_path); [ -z "$mixin_ui_path" ] && uci set nikki.mixin.ui_path=ui
uci show nikki | grep -E 'nikki.@rule\[[[:digit:]]+\]=rule' | sed 's/nikki.@rule\[\([[:digit:]]\+\)\]=rule/rename nikki.@rule[\1].match=matcher/' | uci batch uci show nikki | grep -E 'nikki.@rule\[[[:digit:]]+\].match=' | sed 's/nikki.@rule\[\([[:digit:]]\+\)\].match=.*/rename nikki.@rule[\1].match=matcher/' | uci batch
# since v1.19.1
fake_ip_ping_hijack=$(uci -q get nikki.proxy.fake_ip_ping_hijack); [ -z "$fake_ip_ping_hijack" ] && uci set nikki.proxy.fake_ip_ping_hijack=0
# commit # commit
uci commit nikki uci commit nikki

23
nikki/files/ucode/hijack.ut
View File

@ -28,6 +28,7 @@
const ipv6_dns_hijack = uci.get('nikki', 'proxy', 'ipv6_dns_hijack'); const ipv6_dns_hijack = uci.get('nikki', 'proxy', 'ipv6_dns_hijack');
const ipv4_proxy = uci.get('nikki', 'proxy', 'ipv4_proxy'); const ipv4_proxy = uci.get('nikki', 'proxy', 'ipv4_proxy');
const ipv6_proxy = uci.get('nikki', 'proxy', 'ipv6_proxy'); const ipv6_proxy = uci.get('nikki', 'proxy', 'ipv6_proxy');
const fake_ip_ping_hijack = uci.get('nikki', 'proxy', 'fake_ip_ping_hijack');
const router_proxy = uci.get('nikki', 'proxy', 'router_proxy'); const router_proxy = uci.get('nikki', 'proxy', 'router_proxy');
const lan_proxy = uci.get('nikki', 'proxy', 'lan_proxy'); const lan_proxy = uci.get('nikki', 'proxy', 'lan_proxy');
@ -312,10 +313,13 @@ table inet nikki {
ip6 daddr @china_ip6 counter return ip6 daddr @china_ip6 counter return
meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != {{ fake_ip_range }} counter return meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != {{ fake_ip_range }} counter return
meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return
meta l4proto { tcp, udp } ip dscp == @bypass_dscp ip daddr != {{ fake_ip_range }} counter return meta l4proto { tcp, udp } ip dscp @bypass_dscp ip daddr != {{ fake_ip_range }} counter return
meta l4proto { tcp, udp } ip6 dscp == @bypass_dscp counter return meta l4proto { tcp, udp } ip6 dscp @bypass_dscp counter return
meta nfproto @proxy_nfproto meta l4proto tcp counter redirect to :{{ redir_port }} meta nfproto @proxy_nfproto meta l4proto tcp counter redirect to :{{ redir_port }}
{% endif %} {% endif %}
{% if (fake_ip_ping_hijack == '1'): %}
ip protocol icmp ip daddr {{ fake_ip_range }} counter redirect
{% endif %}
} }
chain mangle_output { chain mangle_output {
@ -330,8 +334,8 @@ table inet nikki {
ip6 daddr @china_ip6 counter return ip6 daddr @china_ip6 counter return
meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != {{ fake_ip_range }} counter return meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != {{ fake_ip_range }} counter return
meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return
meta l4proto { tcp, udp } ip dscp == @bypass_dscp ip daddr != {{ fake_ip_range }} counter return meta l4proto { tcp, udp } ip dscp @bypass_dscp ip daddr != {{ fake_ip_range }} counter return
meta l4proto { tcp, udp } ip6 dscp == @bypass_dscp counter return meta l4proto { tcp, udp } ip6 dscp @bypass_dscp counter return
meta nfproto @dns_hijack_nfproto meta l4proto { tcp, udp } th dport 53 counter return meta nfproto @dns_hijack_nfproto meta l4proto { tcp, udp } th dport 53 counter return
{% if (tcp_transparent_proxy_mode == 'tproxy'): %} {% if (tcp_transparent_proxy_mode == 'tproxy'): %}
meta nfproto @proxy_nfproto meta l4proto tcp meta mark set {{ tproxy_fw_mark }} counter meta nfproto @proxy_nfproto meta l4proto tcp meta mark set {{ tproxy_fw_mark }} counter
@ -369,10 +373,13 @@ table inet nikki {
ip6 daddr @china_ip6 counter return ip6 daddr @china_ip6 counter return
meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != {{ fake_ip_range }} counter return meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != {{ fake_ip_range }} counter return
meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return
meta l4proto { tcp, udp } ip dscp == @bypass_dscp ip daddr != {{ fake_ip_range }} counter return meta l4proto { tcp, udp } ip dscp @bypass_dscp ip daddr != {{ fake_ip_range }} counter return
meta l4proto { tcp, udp } ip6 dscp == @bypass_dscp counter return meta l4proto { tcp, udp } ip6 dscp @bypass_dscp counter return
meta nfproto @proxy_nfproto jump {{ access_control_mode }}_redirect meta nfproto @proxy_nfproto jump {{ access_control_mode }}_redirect
{% endif %} {% endif %}
{% if (fake_ip_ping_hijack == '1'): %}
ip protocol icmp ip daddr {{ fake_ip_range }} counter redirect
{% endif %}
} }
chain mangle_prerouting_lan { chain mangle_prerouting_lan {
@ -385,8 +392,8 @@ table inet nikki {
ip6 daddr @china_ip6 counter return ip6 daddr @china_ip6 counter return
meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != {{ fake_ip_range }} counter return meta nfproto ipv4 meta l4proto . th dport != @proxy_dport ip daddr != {{ fake_ip_range }} counter return
meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return meta nfproto ipv6 meta l4proto . th dport != @proxy_dport counter return
meta l4proto { tcp, udp } ip dscp == @bypass_dscp ip daddr != {{ fake_ip_range }} counter return meta l4proto { tcp, udp } ip dscp @bypass_dscp ip daddr != {{ fake_ip_range }} counter return
meta l4proto { tcp, udp } ip6 dscp == @bypass_dscp counter return meta l4proto { tcp, udp } ip6 dscp @bypass_dscp counter return
meta nfproto @dns_hijack_nfproto meta l4proto { tcp, udp } th dport 53 counter return meta nfproto @dns_hijack_nfproto meta l4proto { tcp, udp } th dport 53 counter return
{% if (tcp_transparent_proxy_mode == 'tproxy'): %} {% if (tcp_transparent_proxy_mode == 'tproxy'): %}
meta nfproto @proxy_nfproto meta l4proto tcp jump {{ access_control_mode }}_tproxy meta nfproto @proxy_nfproto meta l4proto tcp jump {{ access_control_mode }}_tproxy