zhao/openwrt_helloworld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

luci-app-passwall2: sync upstream

Browse Source 
last commit: a1fb65f3a0
This commit is contained in:
gitea-action 2024-09-23 23:30:24 +08:00
parent 7f57749263
commit ccacf586b6
7 changed files with 108 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
luci-app-passwall2/luasrc/model/cbi/passwall2/client/acl.lua
View File

@ -46,7 +46,7 @@ o = s:option(DummyValue, "sources", translate("Source"))
o.rawhtml = true o.rawhtml = true
o.cfgvalue = function(t, n) o.cfgvalue = function(t, n)
local e = '' local e = ''
local v = Value.cfgvalue(t, n) or '' local v = Value.cfgvalue(t, n) or '-'
string.gsub(v, '[^' .. " " .. ']+', function(w) string.gsub(v, '[^' .. " " .. ']+', function(w)
local a = w local a = w
if mac_t[w] then if mac_t[w] then
@ -60,4 +60,10 @@ o.cfgvalue = function(t, n)
return e return e
end end
i = s:option(DummyValue, "interface", translate("Source Interface"))
i.cfgvalue = function(t, n)
local v = Value.cfgvalue(t, n) or '-'
return v
end
return m return m

18
luci-app-passwall2/luasrc/model/cbi/passwall2/client/acl_config.lua
View File

@ -70,6 +70,11 @@ o = s:option(Value, "remarks", translate("Remarks"))
o.default = arg[1] o.default = arg[1]
o.rmempty = true o.rmempty = true
use_if = s:option(Flag, "use_interface", translate("Use Interface With ACLs"))
use_if.default = 0
use_if.rmempty = false
local mac_t = {} local mac_t = {}
sys.net.mac_hints(function(e, t) sys.net.mac_hints(function(e, t)
mac_t[#mac_t + 1] = { mac_t[#mac_t + 1] = {
@ -90,6 +95,17 @@ table.sort(mac_t, function(a,b)
return false return false
end) end)
local device_list = {}
device_list = sys.net.devices()
table.sort(device_list)
interface = s:option(ListValue, "interface", translate("Source Interface"))
for k, name in ipairs(device_list) do
interface:value(name)
end
interface:depends({ use_interface = 1 })
---- Source ---- Source
sources = s:option(DynamicList, "sources", translate("Source")) sources = s:option(DynamicList, "sources", translate("Source"))
sources.description = "<ul><li>" .. translate("Example:") sources.description = "<ul><li>" .. translate("Example:")
@ -103,6 +119,8 @@ sources.cast = "string"
for _, key in pairs(mac_t) do for _, key in pairs(mac_t) do
sources:value(key.mac, "%s (%s)" % {key.mac, key.ip}) sources:value(key.mac, "%s (%s)" % {key.mac, key.ip})
end end
sources:depends({ use_interface = 0 })
sources.cfgvalue = function(self, section) sources.cfgvalue = function(self, section)
local value local value
if self.tag_error[section] then if self.tag_error[section] then

5
luci-app-passwall2/luasrc/passwall2/util_xray.lua
View File

@ -1238,7 +1238,10 @@ function gen_config(var)
address = direct_dns_udp_server, address = direct_dns_udp_server,
port = tonumber(direct_dns_udp_port) or 53, port = tonumber(direct_dns_udp_port) or 53,
network = "udp", network = "udp",
nonIPQuery = "skip" nonIPQuery = "skip",
blockTypes = {
65
}
}, },
proxySettings = { proxySettings = {
tag = "direct" tag = "direct"

6
luci-app-passwall2/po/zh-cn/passwall2.po
View File

@ -946,6 +946,12 @@ msgstr "例:"
msgid "IP range" msgid "IP range"
msgstr "IP 范围" msgstr "IP 范围"
msgid "Source Interface"
msgstr "源接口"
msgid "Use Interface With ACLs"
msgstr "使用接口控制"
msgid "Remarks" msgid "Remarks"
msgstr "备注" msgstr "备注"

19
luci-app-passwall2/root/usr/share/passwall2/app.sh
View File

@ -946,13 +946,13 @@ acl_app() {
dnsmasq_port=11400 dnsmasq_port=11400
for item in $items; do for item in $items; do
index=$(expr $index + 1) index=$(expr $index + 1)
local enabled sid remarks sources node direct_dns_query_strategy remote_dns_protocol remote_dns remote_dns_doh remote_dns_client_ip remote_dns_detour remote_fakedns remote_dns_query_strategy local enabled sid remarks sources node direct_dns_query_strategy remote_dns_protocol remote_dns remote_dns_doh remote_dns_client_ip remote_dns_detour remote_fakedns remote_dns_query_strategy interface use_interface
local _ip _mac _iprange _ipset _ip_or_mac rule_list config_file local _ip _mac _iprange _ipset _ip_or_mac rule_list interface_list config_file
sid=$(uci -q show "${CONFIG}.${item}" | grep "=acl_rule" | awk -F '=' '{print $1}' | awk -F '.' '{print $2}') sid=$(uci -q show "${CONFIG}.${item}" | grep "=acl_rule" | awk -F '=' '{print $1}' | awk -F '.' '{print $2}')
eval $(uci -q show "${CONFIG}.${item}" | cut -d'.' -sf 3-) eval $(uci -q show "${CONFIG}.${item}" | cut -d'.' -sf 3-)
[ "$enabled" = "1" ] || continue [ "$enabled" = "1" ] || continue
[ -z "${sources}" ] && continue [ -z "${sources}" ] && [ -z "${interface}" ] && continue
for s in $sources; do for s in $sources; do
is_iprange=$(lua_api "iprange(\"${s}\")") is_iprange=$(lua_api "iprange(\"${s}\")")
if [ "${is_iprange}" = "true" ]; then if [ "${is_iprange}" = "true" ]; then
@ -968,9 +968,14 @@ acl_app() {
fi fi
fi fi
done done
[ -z "${rule_list}" ] && continue for i in $interface; do
interface_list="${interface_list}\n$i"
done
[ -z "${rule_list}" ] && [ -z "${interface_list}" ] && continue
mkdir -p $TMP_ACL_PATH/$sid mkdir -p $TMP_ACL_PATH/$sid
echo -e "${rule_list}" | sed '/^$/d' > $TMP_ACL_PATH/$sid/rule_list
[ ! -z "${rule_list}" ] && echo -e "${rule_list}" | sed '/^$/d' > $TMP_ACL_PATH/$sid/rule_list
[ ! -z "${interface_list}" ] && echo -e "${interface_list}" | sed '/^$/d' > $TMP_ACL_PATH/$sid/interface_list
tcp_proxy_mode="global" tcp_proxy_mode="global"
udp_proxy_mode="global" udp_proxy_mode="global"
@ -1041,8 +1046,8 @@ acl_app() {
echo "${redir_port}" > $TMP_ACL_PATH/$sid/var_port echo "${redir_port}" > $TMP_ACL_PATH/$sid/var_port
} }
[ -n "$redirect_dns_port" ] && echo "${redirect_dns_port}" > $TMP_ACL_PATH/$sid/var_redirect_dns_port [ -n "$redirect_dns_port" ] && echo "${redirect_dns_port}" > $TMP_ACL_PATH/$sid/var_redirect_dns_port
unset enabled sid remarks sources node direct_dns_query_strategy remote_dns_protocol remote_dns remote_dns_doh remote_dns_client_ip remote_dns_detour remote_fakedns remote_dns_query_strategy unset enabled sid remarks sources interface node direct_dns_query_strategy remote_dns_protocol remote_dns remote_dns_doh remote_dns_client_ip remote_dns_detour remote_fakedns remote_dns_query_strategy
unset _ip _mac _iprange _ipset _ip_or_mac rule_list config_file unset _ip _mac _iprange _ipset _ip_or_mac rule_list config_file interface_list
unset redirect_dns_port unset redirect_dns_port
done done
unset redir_port dns_port dnsmasq_port unset redir_port dns_port dnsmasq_port

16
luci-app-passwall2/root/usr/share/passwall2/iptables.sh
View File

@ -222,7 +222,11 @@ load_acl() {
fi fi
} }
for i in $(cat ${TMP_ACL_PATH}/${sid}/rule_list); do _acl_list=${TMP_ACL_PATH}/${sid}/rule_list
[ $use_interface = "1" ] && _acl_list=${TMP_ACL_PATH}/${sid}/interface_list
for i in $(cat $_acl_list); do
if [ $use_interface = "0" ]; then
if [ -n "$(echo ${i} | grep '^iprange:')" ]; then if [ -n "$(echo ${i} | grep '^iprange:')" ]; then
_iprange=$(echo ${i} | sed 's#iprange:##g') _iprange=$(echo ${i} | sed 's#iprange:##g')
_ipt_source=$(factor ${_iprange} "-m iprange --src-range") _ipt_source=$(factor ${_iprange} "-m iprange --src-range")
@ -242,6 +246,12 @@ load_acl() {
else else
continue continue
fi fi
else
[ -z "${i}" ] && continue
_ifname="${i}"
_ipt_source="-i $_ifname"
msg="$remarksIF【${_ifname}】,"
fi
ipt_tmp=$ipt_n ipt_tmp=$ipt_n
[ -n "${is_tproxy}" ] && ipt_tmp=$ipt_m [ -n "${is_tproxy}" ] && ipt_tmp=$ipt_m
@ -329,8 +339,8 @@ load_acl() {
$ipt_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p udp -j RETURN $ipt_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p udp -j RETURN
$ip6t_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p udp -j RETURN 2>/dev/null $ip6t_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p udp -j RETURN 2>/dev/null
done done
unset enabled sid remarks sources tcp_no_redir_ports udp_no_redir_ports tcp_redir_ports udp_redir_ports node unset enabled sid remarks sources tcp_no_redir_ports udp_no_redir_ports tcp_redir_ports udp_redir_ports node use_interface interface
unset _ip _mac _iprange _ipset _ip_or_mac rule_list node_remark unset _ip _mac _iprange _ipset _ip_or_mac rule_list node_remark _acl_list
unset ipt_tmp msg msg2 unset ipt_tmp msg msg2
done done
} }

16
luci-app-passwall2/root/usr/share/passwall2/nftables.sh
View File

@ -276,7 +276,11 @@ load_acl() {
fi fi
} }
for i in $(cat ${TMP_ACL_PATH}/${sid}/rule_list); do _acl_list=${TMP_ACL_PATH}/${sid}/rule_list
[ $use_interface = "1" ] && _acl_list=${TMP_ACL_PATH}/${sid}/interface_list
for i in $(cat $_acl_list); do
if [ $use_interface = "0" ]; then
if [ -n "$(echo ${i} | grep '^iprange:')" ]; then if [ -n "$(echo ${i} | grep '^iprange:')" ]; then
_iprange=$(echo ${i} | sed 's#iprange:##g') _iprange=$(echo ${i} | sed 's#iprange:##g')
_ipt_source=$(factor ${_iprange} "ip saddr") _ipt_source=$(factor ${_iprange} "ip saddr")
@ -296,6 +300,12 @@ load_acl() {
else else
continue continue
fi fi
else
[ -z "${i}" ] && continue
_ifname="${i}"
_ipt_source="iifname $_ifname"
msg="$remarksIF【${_ifname}】,"
fi
[ "$tcp_no_redir_ports" != "disable" ] && { [ "$tcp_no_redir_ports" != "disable" ] && {
if [ "$tcp_no_redir_ports" != "1:65535" ]; then if [ "$tcp_no_redir_ports" != "1:65535" ]; then
@ -384,8 +394,8 @@ load_acl() {
nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp ${_ipt_source} counter return comment \"$remarks\"" nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp ${_ipt_source} counter return comment \"$remarks\""
nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ${_ipt_source} counter return comment \"$remarks\"" 2>/dev/null nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ${_ipt_source} counter return comment \"$remarks\"" 2>/dev/null
done done
unset enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_redir_ports udp_redir_ports node unset enabled sid remarks sources tcp_proxy_mode udp_proxy_mode tcp_no_redir_ports udp_no_redir_ports tcp_redir_ports udp_redir_ports node use_interface interface
unset _ip _mac _iprange _ipset _ip_or_mac rule_list redir_port node_remark unset _ip _mac _iprange _ipset _ip_or_mac rule_list redir_port node_remark _acl_list _ifname
unset msg msg2 unset msg msg2
done done
} }