zhao/openwrt_helloworld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

luci-app-passwall2: sync upstream

Browse Source 
last commit: 5867ddde3b
This commit is contained in:
gitea-action 2024-12-12 01:30:24 +08:00
parent 5f03651765
commit d34ba69307
2 changed files with 48 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
luci-app-passwall2/Makefile
View File

@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-passwall2 PKG_NAME:=luci-app-passwall2
PKG_VERSION:=24.12.11 PKG_VERSION:=24.12.11
PKG_RELEASE:=1 PKG_RELEASE:=2
PKG_CONFIG_DEPENDS:= \ PKG_CONFIG_DEPENDS:= \
CONFIG_PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy \ CONFIG_PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy \
@ -47,6 +47,7 @@ if PACKAGE_$(PKG_NAME)
config PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy config PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy
bool "Iptables Transparent Proxy" bool "Iptables Transparent Proxy"
select PACKAGE_chinadns-ng
select PACKAGE_dnsmasq-full select PACKAGE_dnsmasq-full
select PACKAGE_dnsmasq_full_ipset select PACKAGE_dnsmasq_full_ipset
select PACKAGE_ipset select PACKAGE_ipset
@ -62,6 +63,7 @@ config PACKAGE_$(PKG_NAME)_Iptables_Transparent_Proxy
config PACKAGE_$(PKG_NAME)_Nftables_Transparent_Proxy config PACKAGE_$(PKG_NAME)_Nftables_Transparent_Proxy
bool "Nftables Transparent Proxy" bool "Nftables Transparent Proxy"
select PACKAGE_chinadns-ng
select PACKAGE_dnsmasq-full select PACKAGE_dnsmasq-full
select PACKAGE_dnsmasq_full_nftset select PACKAGE_dnsmasq_full_nftset
select PACKAGE_nftables select PACKAGE_nftables

51
luci-app-passwall2/root/usr/share/passwall2/app.sh
View File

@ -353,9 +353,9 @@ run_xray() {
[ "${write_ipset_direct}" = "1" ] && { [ "${write_ipset_direct}" = "1" ] && {
direct_dnsmasq_listen_port=$(get_new_port $(expr $dns_listen_port + 1) udp) direct_dnsmasq_listen_port=$(get_new_port $(expr $dns_listen_port + 1) udp)
local set_flag="${flag}" local set_flag="${flag}"
local direct_ipset_conf=$TMP_PATH/dnsmasq_${flag}_direct.conf local direct_ipset_conf=${TMP_ACL_PATH}/default/dns_${flag}_direct.conf
[ -n "$(echo ${flag} | grep '^acl')" ] && { [ -n "$(echo ${flag} | grep '^acl')" ] && {
direct_ipset_conf=${TMP_ACL_PATH}/${sid}/dnsmasq_${flag}_direct.conf direct_ipset_conf=${TMP_ACL_PATH}/${sid}/dns_${flag}_direct.conf
set_flag=$(echo ${flag} | awk -F '_' '{print $2}') set_flag=$(echo ${flag} | awk -F '_' '{print $2}')
} }
if [ "${nftflag}" = "1" ]; then if [ "${nftflag}" = "1" ]; then
@ -363,7 +363,7 @@ run_xray() {
else else
local direct_ipset="passwall2_${set_flag}_whitelist,passwall2_${set_flag}_whitelist6" local direct_ipset="passwall2_${set_flag}_whitelist,passwall2_${set_flag}_whitelist6"
fi fi
run_ipset_dnsmasq listen_port=${direct_dnsmasq_listen_port} server_dns=${AUTO_DNS} ipset="${direct_ipset}" nftset="${direct_nftset}" config_file=${direct_ipset_conf} run_ipset_dns_server listen_port=${direct_dnsmasq_listen_port} server_dns=${AUTO_DNS} ipset="${direct_ipset}" nftset="${direct_nftset}" config_file=${direct_ipset_conf}
DIRECT_DNS_UDP_PORT=${direct_dnsmasq_listen_port} DIRECT_DNS_UDP_PORT=${direct_dnsmasq_listen_port}
DIRECT_DNS_UDP_SERVER="127.0.0.1" DIRECT_DNS_UDP_SERVER="127.0.0.1"
[ -n "${direct_ipset}" ] && _extra_param="${_extra_param} -direct_ipset ${direct_ipset}" [ -n "${direct_ipset}" ] && _extra_param="${_extra_param} -direct_ipset ${direct_ipset}"
@ -465,9 +465,9 @@ run_singbox() {
[ "${write_ipset_direct}" = "1" ] && { [ "${write_ipset_direct}" = "1" ] && {
direct_dnsmasq_listen_port=$(get_new_port $(expr $dns_listen_port + 1) udp) direct_dnsmasq_listen_port=$(get_new_port $(expr $dns_listen_port + 1) udp)
local set_flag="${flag}" local set_flag="${flag}"
local direct_ipset_conf=$TMP_PATH/dnsmasq_${flag}_direct.conf local direct_ipset_conf=${TMP_ACL_PATH}/default/dns_${flag}_direct.conf
[ -n "$(echo ${flag} | grep '^acl')" ] && { [ -n "$(echo ${flag} | grep '^acl')" ] && {
direct_ipset_conf=${TMP_ACL_PATH}/${sid}/dnsmasq_${flag}_direct.conf direct_ipset_conf=${TMP_ACL_PATH}/${sid}/dns_${flag}_direct.conf
set_flag=$(echo ${flag} | awk -F '_' '{print $2}') set_flag=$(echo ${flag} | awk -F '_' '{print $2}')
} }
if [ "${nftflag}" = "1" ]; then if [ "${nftflag}" = "1" ]; then
@ -475,7 +475,7 @@ run_singbox() {
else else
local direct_ipset="passwall2_${set_flag}_whitelist,passwall2_${set_flag}_whitelist6" local direct_ipset="passwall2_${set_flag}_whitelist,passwall2_${set_flag}_whitelist6"
fi fi
run_ipset_dnsmasq listen_port=${direct_dnsmasq_listen_port} server_dns=${AUTO_DNS} ipset="${direct_ipset}" nftset="${direct_nftset}" config_file=${direct_ipset_conf} run_ipset_dns_server listen_port=${direct_dnsmasq_listen_port} server_dns=${AUTO_DNS} ipset="${direct_ipset}" nftset="${direct_nftset}" config_file=${direct_ipset_conf}
DIRECT_DNS_UDP_PORT=${direct_dnsmasq_listen_port} DIRECT_DNS_UDP_PORT=${direct_dnsmasq_listen_port}
DIRECT_DNS_UDP_SERVER="127.0.0.1" DIRECT_DNS_UDP_SERVER="127.0.0.1"
[ -n "${direct_ipset}" ] && _extra_param="${_extra_param} -direct_ipset ${direct_ipset}" [ -n "${direct_ipset}" ] && _extra_param="${_extra_param} -direct_ipset ${direct_ipset}"
@ -944,6 +944,14 @@ start_haproxy() {
ln_run "$(first_type haproxy)" haproxy "/dev/null" -f "${haproxy_path}/${haproxy_conf}" ln_run "$(first_type haproxy)" haproxy "/dev/null" -f "${haproxy_path}/${haproxy_conf}"
} }
run_ipset_dns_server() {
if [ -n "$(first_type chinadns-ng)" ]; then
run_ipset_chinadns_ng $@
else
run_ipset_dnsmasq $@
fi
}
run_ipset_dnsmasq() { run_ipset_dnsmasq() {
local listen_port server_dns ipset nftset cache_size dns_forward_max config_file local listen_port server_dns ipset nftset cache_size dns_forward_max config_file
eval_set_val $@ eval_set_val $@
@ -962,6 +970,33 @@ run_ipset_dnsmasq() {
ln_run "$(first_type dnsmasq)" "dnsmasq" "/dev/null" -C $config_file ln_run "$(first_type dnsmasq)" "dnsmasq" "/dev/null" -C $config_file
} }
run_ipset_chinadns_ng() {
local listen_port server_dns ipset nftset config_file
eval_set_val $@
[ -n "${ipset}" ] && {
set_names=$ipset
vps_set_names="passwall2_vpslist,passwall2_vpslist6"
}
[ -n "${nftset}" ] && {
set_names=$(echo ${nftset} | awk -F, '{printf "%s,%s", substr($1,3), substr($2,3)}' | sed 's/#/@/g')
vps_set_names="inet@passwall2@passwall2_vpslist,inet@passwall2@passwall2_vpslist6"
}
cat <<-EOF > $config_file
bind-addr 127.0.0.1
bind-port ${listen_port}
china-dns ${server_dns}
trust-dns ${server_dns}
filter-qtype 65
add-tagchn-ip ${set_names}
default-tag chn
group vpslist
group-dnl $TMP_ACL_PATH/vpslist
group-upstream ${server_dns}
group-ipset ${vps_set_names}
EOF
ln_run "$(first_type chinadns-ng)" "chinadns-ng" "/dev/null" -C $config_file -v
}
kill_all() { kill_all() {
kill -9 $(pidof "$@") >/dev/null 2>&1 kill -9 $(pidof "$@") >/dev/null 2>&1
} }
@ -1129,6 +1164,10 @@ start() {
[ -n "$USE_TABLES" ] && source $APP_PATH/${USE_TABLES}.sh start [ -n "$USE_TABLES" ] && source $APP_PATH/${USE_TABLES}.sh start
[ "$ENABLED_DEFAULT_ACL" == 1 ] && source $APP_PATH/helper_dnsmasq.sh logic_restart [ "$ENABLED_DEFAULT_ACL" == 1 ] && source $APP_PATH/helper_dnsmasq.sh logic_restart
if [ "$ENABLED_DEFAULT_ACL" == 1 ] || [ "$ENABLED_ACLS" == 1 ]; then if [ "$ENABLED_DEFAULT_ACL" == 1 ] || [ "$ENABLED_ACLS" == 1 ]; then
[ -n "$(first_type chinadns-ng)" ] && {
node_servers=$(uci show "${CONFIG}" | grep -E "(.address=|.download_address=)" | cut -d "'" -f 2)
hosts_foreach "node_servers" host_from_url | grep '[a-zA-Z]$' | sort -u | grep -v "engage.cloudflareclient.com" > $TMP_ACL_PATH/vpslist
}
bridge_nf_ipt=$(sysctl -e -n net.bridge.bridge-nf-call-iptables) bridge_nf_ipt=$(sysctl -e -n net.bridge.bridge-nf-call-iptables)
echo -n $bridge_nf_ipt > $TMP_PATH/bridge_nf_ipt echo -n $bridge_nf_ipt > $TMP_PATH/bridge_nf_ipt
sysctl -w net.bridge.bridge-nf-call-iptables=0 >/dev/null 2>&1 sysctl -w net.bridge.bridge-nf-call-iptables=0 >/dev/null 2>&1