diff --git a/luci-app-passwall/Makefile b/luci-app-passwall/Makefile index c45a64015..f2200e385 100644 --- a/luci-app-passwall/Makefile +++ b/luci-app-passwall/Makefile @@ -26,6 +26,7 @@ PKG_CONFIG_DEPENDS:= \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Trojan_Plus \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_tuic_client \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_V2ray_Geodata \ + CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_V2ray_Geoview \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_V2ray_Plugin \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Xray \ CONFIG_PACKAGE_$(PKG_NAME)_INCLUDE_Xray_Plugin @@ -140,6 +141,11 @@ config PACKAGE_$(PKG_NAME)_INCLUDE_V2ray_Geodata select PACKAGE_v2ray-geosite default n +config PACKAGE_$(PKG_NAME)_INCLUDE_V2ray_Geoview + bool "Include V2ray_Geoview" + select PACKAGE_geoview + default y if aarch64||arm||i386||x86_64 + config PACKAGE_$(PKG_NAME)_INCLUDE_V2ray_Plugin bool "Include V2ray-Plugin (Shadowsocks Plugin)" select PACKAGE_v2ray-plugin diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/rule.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/rule.lua index 505f6890b..b5f16699d 100644 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/rule.lua +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/rule.lua @@ -88,6 +88,17 @@ if has_xray or has_singbox then o.default = "/usr/share/v2ray/" o.rmempty = false + if api.is_finded("geoview") then + o = s:option(Flag, "enable_geoview", translate("Enable Geo Data Parsing")) + o.default = 0 + o.rmempty = false + o.description = "" + end + s = m:section(TypedSection, "shunt_rules", "Sing-Box/Xray " .. translate("Shunt Rule"), "" .. translate("Please note attention to the priority, the higher the order, the higher the priority.") .. "") s.template = "cbi/tblsection" s.anonymous = false diff --git a/luci-app-passwall/po/zh-cn/passwall.po b/luci-app-passwall/po/zh-cn/passwall.po index 32bc947ab..5b0c488f2 100644 --- a/luci-app-passwall/po/zh-cn/passwall.po +++ b/luci-app-passwall/po/zh-cn/passwall.po @@ -928,6 +928,15 @@ msgstr "V2ray/Xray 资源文件目录" msgid "This variable specifies a directory where geoip.dat and geosite.dat files are." msgstr "此变量指定 geoip.dat 和 geosite.dat 文件所在的目录。" +msgid "Enable Geo Data Parsing" +msgstr "开启 Geo 数据解析" + +msgid "Analyzes and preloads GeoIP/Geosite data to enhance the shunt performance of Sing-box/Xray." +msgstr "分析和预加载 GeoIP/Geosite 数据,以增强 Sing-box/Xray 的分流效果。" + +msgid "Note: Increases resource usage; Geosite analysis is only supported in ChinaDNS-NG and SmartDNS modes." +msgstr "注:会增加一些系统资源的开销,仅在 ChinaDNS-NG 和 SmartDNS 模式下支持分析 Geosite 。" + msgid "Shunt Rule" msgstr "分流规则" diff --git a/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua index 3e164b22e..dc9cf486f 100644 --- a/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua +++ b/luci-app-passwall/root/usr/share/passwall/helper_chinadns_add.lua @@ -84,6 +84,15 @@ local function insert_array_after(array1, array2, target) --将array2插入到ar merge_array(array1, array2) end +local function get_geosite(list_arg, out_path) + local geosite_path = uci:get(appname, "@global_rules[0]", "v2ray_location_asset") + geosite_path = geosite_path:match("^(.*)/") .. "/geosite.dat" + if not is_file_nonzero(geosite_path) then return end + if api.is_finded("geoview") and list_arg and out_path then + sys.exec("geoview -type geosite -append=true -input " .. geosite_path .. " -list '" .. list_arg .. "' -output " .. out_path) + end +end + if not fs.access(FLAG_PATH) then fs.mkdir(FLAG_PATH) end @@ -262,6 +271,7 @@ if uci:get(appname, TCP_NODE, "protocol") == "_shunt" then local shunt_domain, lookup_shunt_domain = {}, {} local file_white_host = FLAG_PATH .. "/shunt_direct_host" local file_shunt_host = FLAG_PATH .. "/shunt_proxy_host" + local geosite_white_arg, geosite_shunt_arg = "", "" local t = uci:get_all(appname, TCP_NODE) local default_node_id = t["default_node"] or "_direct" @@ -274,19 +284,25 @@ if uci:get(appname, TCP_NODE, "protocol") == "_shunt" then local domain_list = s.domain_list or "" for line in string.gmatch(domain_list, "[^\r\n]+") do - if line ~= "" and not line:find("#") and not line:find("regexp:") and not line:find("geosite:") and not line:find("ext:") then - if line:find("domain:") or line:find("full:") then + if line ~= "" and not line:find("#") and not line:find("regexp:") and not line:find("ext:") then + if line:find("geosite:") then line = string.match(line, ":([^:]+)$") - end - line = api.get_std_domain(line) - - if _node_id == "_direct" then - if line ~= "" and not line:find("#") then - insert_unique(white_domain, line, lookup_white_domain) + if _node_id == "_direct" then + geosite_white_arg = geosite_white_arg .. (geosite_white_arg ~= "" and "," or "") .. line + else + geosite_shunt_arg = geosite_shunt_arg .. (geosite_shunt_arg ~= "" and "," or "") .. line end else + if line:find("domain:") or line:find("full:") then + line = string.match(line, ":([^:]+)$") + end + line = api.get_std_domain(line) if line ~= "" and not line:find("#") then - insert_unique(shunt_domain, line, lookup_shunt_domain) + if _node_id == "_direct" then + insert_unique(white_domain, line, lookup_white_domain) + else + insert_unique(shunt_domain, line, lookup_shunt_domain) + end end end end @@ -318,13 +334,36 @@ if uci:get(appname, TCP_NODE, "protocol") == "_shunt" then end end - if is_file_nonzero(file_white_host) then - for i, v in ipairs(config_lines) do --添加到白名单组一同处理 - if v == "group-dnl " .. file_direct_host then - config_lines[i] = "group-dnl " .. file_direct_host .. "," .. file_white_host - break - end + local use_geoview = uci:get(appname, "@global_rules[0]", "enable_geoview") + if GFWLIST == "1" and CHNLIST == "0" and use_geoview == "1" then --仅GFW模式解析geosite + if geosite_white_arg ~= "" then + get_geosite(geosite_white_arg, file_white_host) end + if geosite_shunt_arg ~= "" then + get_geosite(geosite_shunt_arg, file_shunt_host) + end + end + + if is_file_nonzero(file_white_host) then + if USE_DIRECT_LIST == "1" then + --当白名单启用时,添加到白名单组一同处理 + for i, v in ipairs(config_lines) do + if v == "group-dnl " .. file_direct_host then + config_lines[i] = "group-dnl " .. file_direct_host .. "," .. file_white_host + break + end + end + else + --当白名单不启用时,创建新组,ipset到shuntlist + tmp_lines = { + "group whitelist", + "group-dnl " .. file_white_host, + "group-upstream " .. DNS_LOCAL, + "group-ipset " .. setflag .. "passwall_shuntlist," .. setflag .. "passwall_shuntlist6" + } + insert_array_after(config_lines, tmp_lines, "#--4") + end + end if is_file_nonzero(file_shunt_host) then diff --git a/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua index 7d17f396d..894631ec0 100644 --- a/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua +++ b/luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua @@ -90,6 +90,15 @@ local function insert_array_after(array1, array2, target) --将array2插入到ar merge_array(array1, array2) end +local function get_geosite(list_arg, out_path) + local geosite_path = uci:get(appname, "@global_rules[0]", "v2ray_location_asset") + geosite_path = geosite_path:match("^(.*)/") .. "/geosite.dat" + if not is_file_nonzero(geosite_path) then return end + if api.is_finded("geoview") and list_arg and out_path then + sys.exec("geoview -type geosite -append=true -input " .. geosite_path .. " -list '" .. list_arg .. "' -output " .. out_path) + end +end + if not fs.access(FLAG_PATH) then fs.mkdir(FLAG_PATH) end @@ -405,6 +414,7 @@ if uci:get(appname, TCP_NODE, "protocol") == "_shunt" then local shunt_domain, lookup_shunt_domain = {}, {} local file_white_host = FLAG_PATH .. "/shunt_direct_host" local file_shunt_host = FLAG_PATH .. "/shunt_proxy_host" + local geosite_white_arg, geosite_shunt_arg = "", "" local t = uci:get_all(appname, TCP_NODE) local default_node_id = t["default_node"] or "_direct" @@ -417,19 +427,25 @@ if uci:get(appname, TCP_NODE, "protocol") == "_shunt" then local domain_list = s.domain_list or "" for line in string.gmatch(domain_list, "[^\r\n]+") do - if line ~= "" and not line:find("#") and not line:find("regexp:") and not line:find("geosite:") and not line:find("ext:") then - if line:find("domain:") or line:find("full:") then + if line ~= "" and not line:find("#") and not line:find("regexp:") and not line:find("ext:") then + if line:find("geosite:") then line = string.match(line, ":([^:]+)$") - end - line = api.get_std_domain(line) - - if _node_id == "_direct" then - if line ~= "" and not line:find("#") then - insert_unique(white_domain, line, lookup_white_domain) + if _node_id == "_direct" then + geosite_white_arg = geosite_white_arg .. (geosite_white_arg ~= "" and "," or "") .. line + else + geosite_shunt_arg = geosite_shunt_arg .. (geosite_shunt_arg ~= "" and "," or "") .. line end else + if line:find("domain:") or line:find("full:") then + line = string.match(line, ":([^:]+)$") + end + line = api.get_std_domain(line) if line ~= "" and not line:find("#") then - insert_unique(shunt_domain, line, lookup_shunt_domain) + if _node_id == "_direct" then + insert_unique(white_domain, line, lookup_white_domain) + else + insert_unique(shunt_domain, line, lookup_shunt_domain) + end end end end @@ -461,16 +477,30 @@ if uci:get(appname, TCP_NODE, "protocol") == "_shunt" then end end + local use_geoview = uci:get(appname, "@global_rules[0]", "enable_geoview") + if USE_GFW_LIST == "1" and CHN_LIST == "0" and use_geoview == "1" then --仅GFW模式解析geosite + if geosite_white_arg ~= "" then + get_geosite(geosite_white_arg, file_white_host) + end + if geosite_shunt_arg ~= "" then + get_geosite(geosite_shunt_arg, file_shunt_host) + end + end + if is_file_nonzero(file_white_host) then local domain_set_name = "passwall-whitehost" tmp_lines = { string.format("domain-set -name %s -file %s", domain_set_name, file_white_host) } local domain_rules_str = string.format('domain-rules /domain-set:%s/ %s', domain_set_name, LOCAL_GROUP and "-nameserver " .. LOCAL_GROUP or "") - domain_rules_str = domain_rules_str .. " " .. set_type .. " #4:" .. setflag .. "passwall_whitelist,#6:" .. setflag .. "passwall_whitelist6" + if USE_DIRECT_LIST == "1" then + domain_rules_str = domain_rules_str .. " " .. set_type .. " #4:" .. setflag .. "passwall_whitelist,#6:" .. setflag .. "passwall_whitelist6" + else + domain_rules_str = domain_rules_str .. " " .. set_type .. " #4:" .. setflag .. "passwall_shuntlist,#6:" .. setflag .. "passwall_shuntlist6" + end domain_rules_str = domain_rules_str .. (LOCAL_EXTEND_ARG ~= "" and " " .. LOCAL_EXTEND_ARG or "") table.insert(tmp_lines, domain_rules_str) - insert_array_after(config_lines, tmp_lines, "#--3") + insert_array_after(config_lines, tmp_lines, "#--4") end if is_file_nonzero(file_shunt_host) then @@ -488,7 +518,7 @@ if uci:get(appname, TCP_NODE, "protocol") == "_shunt" then domain_rules_str = domain_rules_str .. " -d no " .. set_type .. " #4:" .. setflag .. "passwall_shuntlist" .. ",#6:" .. setflag .. "passwall_shuntlist6" end table.insert(tmp_lines, domain_rules_str) - insert_array_after(config_lines, tmp_lines, "#--4") + insert_array_after(config_lines, tmp_lines, "#--3") end end diff --git a/luci-app-passwall/root/usr/share/passwall/iptables.sh b/luci-app-passwall/root/usr/share/passwall/iptables.sh index b5dd3b333..18720e19a 100755 --- a/luci-app-passwall/root/usr/share/passwall/iptables.sh +++ b/luci-app-passwall/root/usr/share/passwall/iptables.sh @@ -179,6 +179,23 @@ get_wan6_ip() { echo $NET_ADDR } +get_geoip() { + local geoip_code="$1" + local geoip_type_flag="" + local geoip_path="$(config_t_get global_rules v2ray_location_asset)" + geoip_path="${geoip_path%*/}/geoip.dat" + [ -e "$geoip_path" ] || { echo ""; return; } + case "$2" in + "ipv4") geoip_type_flag="-ipv6=false" ;; + "ipv6") geoip_type_flag="-ipv4=false" ;; + esac + if type geoview &> /dev/null; then + geoview -input "$geoip_path" -list "$geoip_code" $geoip_type_flag + else + echo "" + fi +} + load_acl() { ([ "$ENABLED_ACLS" == 1 ] || ([ "$ENABLED_DEFAULT_ACL" == 1 ] && [ "$CLIENT_PROXY" == 1 ])) && echolog " - 访问控制:" [ "$ENABLED_ACLS" == 1 ] && { @@ -613,11 +630,9 @@ filter_haproxy() { } filter_vpsip() { - uci show $CONFIG | grep ".download_address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | grep -v "^127\.0\.0\.1$" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | grep -v "^127\.0\.0\.1$" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + uci show $CONFIG | grep -E "(.address=|.download_address=)" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | grep -v "^127\.0\.0\.1$" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R echolog " - [$?]加入所有IPv4节点到ipset[$IPSET_VPSLIST]直连完成" - uci show $CONFIG | grep ".download_address=" | cut -d "'" -f 2 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSLIST6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R - uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSLIST6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + uci show $CONFIG | grep -E "(.address=|.download_address=)" | cut -d "'" -f 2 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSLIST6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R echolog " - [$?]加入所有IPv6节点到ipset[$IPSET_VPSLIST6]直连完成" } @@ -775,12 +790,22 @@ add_firewall_rule() { done } [ "$USE_SHUNT_NODE" = "1" ] && { + local GEOIP_CODE="" local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}') for shunt_id in $shunt_ids; do config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + [ "$(config_t_get global_rules enable_geoview)" = "1" ] && { + local geoip_code=$(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g') + [ -n "$geoip_code" ] && GEOIP_CODE="${GEOIP_CODE:+$GEOIP_CODE,}$geoip_code" + } done } + if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then + get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST6 &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R + echolog " - [$?]解析并加入分流节点 GeoIP 到 IPSET 完成" + fi cat $RULES_PATH/chnroute | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $IPSET_BLACKLIST &/g" -e "s/$/ timeout 0/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R diff --git a/luci-app-passwall/root/usr/share/passwall/nftables.sh b/luci-app-passwall/root/usr/share/passwall/nftables.sh index 2a37109a6..c4a57d178 100755 --- a/luci-app-passwall/root/usr/share/passwall/nftables.sh +++ b/luci-app-passwall/root/usr/share/passwall/nftables.sh @@ -239,6 +239,23 @@ get_wan6_ip() { echo $NET_ADDR } +get_geoip() { + local geoip_code="$1" + local geoip_type_flag="" + local geoip_path="$(config_t_get global_rules v2ray_location_asset)" + geoip_path="${geoip_path%*/}/geoip.dat" + [ -e "$geoip_path" ] || { echo ""; return; } + case "$2" in + "ipv4") geoip_type_flag="-ipv6=false" ;; + "ipv6") geoip_type_flag="-ipv4=false" ;; + esac + if type geoview &> /dev/null; then + geoview -input "$geoip_path" -list "$geoip_code" $geoip_type_flag + else + echo "" + fi +} + load_acl() { ([ "$ENABLED_ACLS" == 1 ] || ([ "$ENABLED_DEFAULT_ACL" == 1 ] && [ "$CLIENT_PROXY" == 1 ])) && echolog " - 访问控制:" [ "$ENABLED_ACLS" == 1 ] && { @@ -680,11 +697,9 @@ filter_vps_addr() { } filter_vpsip() { - insert_nftset $NFTSET_VPSLIST "-1" $(uci show $CONFIG | grep ".download_address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | grep -v "^127\.0\.0\.1$" | sed -e "/^$/d") - insert_nftset $NFTSET_VPSLIST "-1" $(uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | grep -v "^127\.0\.0\.1$" | sed -e "/^$/d") + insert_nftset $NFTSET_VPSLIST "-1" $(uci show $CONFIG | grep -E "(.address=|.download_address=)" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | grep -v "^127\.0\.0\.1$" | sed -e "/^$/d") echolog " - [$?]加入所有IPv4节点到nftset[$NFTSET_VPSLIST]直连完成" - insert_nftset $NFTSET_VPSLIST6 "-1" $(uci show $CONFIG | grep ".download_address=" | cut -d "'" -f 2 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d") - insert_nftset $NFTSET_VPSLIST6 "-1" $(uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d") + insert_nftset $NFTSET_VPSLIST6 "-1" $(uci show $CONFIG | grep -E "(.address=|.download_address=)" | cut -d "'" -f 2 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d") echolog " - [$?]加入所有IPv6节点到nftset[$NFTSET_VPSLIST6]直连完成" } @@ -853,12 +868,22 @@ add_firewall_rule() { done } [ "$USE_SHUNT_NODE" = "1" ] && { + local GEOIP_CODE="" local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}') for shunt_id in $shunt_ids; do insert_nftset $NFTSET_SHUNTLIST "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") insert_nftset $NFTSET_SHUNTLIST6 "0" $(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") + [ "$(config_t_get global_rules enable_geoview)" = "1" ] && { + local geoip_code=$(config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "^geoip:" | grep -v "^geoip:private" | sed -E 's/^geoip:(.*)/\1/' | sed ':a;N;$!ba;s/\n/,/g') + [ -n "$geoip_code" ] && GEOIP_CODE="${GEOIP_CODE:+$GEOIP_CODE,}$geoip_code" + } done } + if [ -n "$GEOIP_CODE" ] && type geoview &> /dev/null; then + insert_nftset $NFTSET_SHUNTLIST "0" $(get_geoip $GEOIP_CODE ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}") + insert_nftset $NFTSET_SHUNTLIST6 "0" $(get_geoip $GEOIP_CODE ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}") + echolog " - [$?]解析并加入分流节点 GeoIP 到 NFTSET 完成" + fi # 忽略特殊IP段 local lan_ifname lan_ip diff --git a/patch-luci-app-passwall.patch b/patch-luci-app-passwall.patch index 6c59cfece..00a0c6559 100644 --- a/patch-luci-app-passwall.patch +++ b/patch-luci-app-passwall.patch @@ -1,8 +1,8 @@ diff --git a/luci-app-passwall/Makefile b/luci-app-passwall/Makefile -index 00e53fc..c45a640 100644 +index c87e4d0..f2200e3 100644 --- a/luci-app-passwall/Makefile +++ b/luci-app-passwall/Makefile -@@ -171,7 +171,6 @@ define Package/$(PKG_NAME)/conffiles +@@ -177,7 +177,6 @@ define Package/$(PKG_NAME)/conffiles /usr/share/passwall/rules/lanlist_ipv4 /usr/share/passwall/rules/lanlist_ipv6 /usr/share/passwall/rules/domains_excluded