zhao/openwrt_helloworld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mihomo: sync upstream

Browse Source 
last commit: 1cca1d841c
This commit is contained in:
gitea-action 2024-12-29 11:00:18 +08:00
parent 5ade3adcad
commit df59bfeef6
7 changed files with 297 additions and 219 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
mihomo/Makefile
View File

@ -1,13 +1,13 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=mihomo PKG_NAME:=mihomo
PKG_RELEASE:=1 PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/MetaCubeX/mihomo.git PKG_SOURCE_URL:=https://github.com/MetaCubeX/mihomo.git
PKG_SOURCE_DATE:=2024-12-19 PKG_SOURCE_DATE:=2024-12-28
PKG_SOURCE_VERSION:=89dfabe9b36b22df896dcd1ab03c67c667ec20f3 PKG_SOURCE_VERSION:=a9ce5da09d38f6057bd248cd146cbd8c05dc9fd6
PKG_MIRROR_HASH:=5d2e9fe03dffa573af6bc300e39e21d95e7cde964f54d531e040e104780abd08 PKG_MIRROR_HASH:=b893642d6bb24d64d6c36c722d44f821340027c5aa0a56e2f62d3c70bf2ea059
PKG_LICENSE:=MIT PKG_LICENSE:=MIT
PKG_MAINTAINER:=Joseph Mory <morytyann@gmail.com> PKG_MAINTAINER:=Joseph Mory <morytyann@gmail.com>
@ -16,7 +16,7 @@ PKG_BUILD_DEPENDS:=golang/host
PKG_BUILD_PARALLEL:=1 PKG_BUILD_PARALLEL:=1
PKG_BUILD_FLAGS:=no-mips16 PKG_BUILD_FLAGS:=no-mips16
PKG_BUILD_VERSION:=alpha-89dfabe PKG_BUILD_VERSION:=alpha-a9ce5da
PKG_BUILD_TIME:=$(shell date -u -Iseconds) PKG_BUILD_TIME:=$(shell date -u -Iseconds)
GO_PKG:=github.com/metacubex/mihomo GO_PKG:=github.com/metacubex/mihomo

1
mihomo/files/mihomo.conf
View File

@ -68,6 +68,7 @@ config mixin 'mixin'
option 'redir_port' '7891' option 'redir_port' '7891'
option 'tproxy_port' '7892' option 'tproxy_port' '7892'
option 'authentication' '1' option 'authentication' '1'
option 'tun_device' 'mihomo'
option 'tun_stack' 'system' option 'tun_stack' 'system'
option 'tun_mtu' '9000' option 'tun_mtu' '9000'
option 'tun_gso' '1' option 'tun_gso' '1'

188
mihomo/files/mihomo.init
View File

@ -10,8 +10,8 @@ USE_PROCD=1
extra_command 'update_subscription' 'Update subscription by section id' extra_command 'update_subscription' 'Update subscription by section id'
boot() { boot() {
# prepare log # prepare files
prepare_log prepare_files
# load config # load config
config_load mihomo config_load mihomo
# start delay # start delay
@ -27,8 +27,8 @@ boot() {
} }
start_service() { start_service() {
# prepare log # prepare files
prepare_log prepare_files
# load config # load config
config_load mihomo config_load mihomo
# check if enabled # check if enabled
@ -53,22 +53,10 @@ start_service() {
config_get_bool fast_reload "config" "fast_reload" 0 config_get_bool fast_reload "config" "fast_reload" 0
## proxy config ## proxy config
### transparent proxy ### transparent proxy
local transparent_proxy tcp_transparent_proxy_mode udp_transparent_proxy_mode ipv4_dns_hijack ipv6_dns_hijack ipv4_proxy ipv6_proxy router_proxy lan_proxy local tcp_transparent_proxy_mode udp_transparent_proxy_mode
config_get_bool transparent_proxy "proxy" "transparent_proxy" 0 config_get_bool transparent_proxy "proxy" "transparent_proxy" 0
config_get tcp_transparent_proxy_mode "proxy" "tcp_transparent_proxy_mode" "tproxy" config_get tcp_transparent_proxy_mode "proxy" "tcp_transparent_proxy_mode" "tproxy"
config_get udp_transparent_proxy_mode "proxy" "udp_transparent_proxy_mode" "tproxy" config_get udp_transparent_proxy_mode "proxy" "udp_transparent_proxy_mode" "tproxy"
config_get_bool ipv4_dns_hijack "proxy" "ipv4_dns_hijack" 0
config_get_bool ipv6_dns_hijack "proxy" "ipv6_dns_hijack" 0
config_get_bool ipv4_proxy "proxy" "ipv4_proxy" 0
config_get_bool ipv6_proxy "proxy" "ipv6_proxy" 0
config_get_bool router_proxy "proxy" "router_proxy" 0
config_get_bool lan_proxy "proxy" "lan_proxy" 0
### access control
local access_control_mode bypass_china_mainland_ip proxy_tcp_dport proxy_udp_dport
config_get access_control_mode "proxy" "access_control_mode"
config_get_bool bypass_china_mainland_ip "proxy" "bypass_china_mainland_ip" 0
config_get proxy_tcp_dport "proxy" "proxy_tcp_dport" "0-65535"
config_get proxy_udp_dport "proxy" "proxy_udp_dport" "0-65535"
## mixin config ## mixin config
### general ### general
local mode match_process outbound_interface ipv6 tcp_keep_alive_idle tcp_keep_alive_interval log_level local mode match_process outbound_interface ipv6 tcp_keep_alive_idle tcp_keep_alive_interval log_level
@ -96,7 +84,8 @@ start_service() {
config_get tproxy_port "mixin" "tproxy_port" "7892" config_get tproxy_port "mixin" "tproxy_port" "7892"
config_get_bool authentication "mixin" "authentication" 0 config_get_bool authentication "mixin" "authentication" 0
### tun ### tun
local tun_stack tun_mtu tun_gso tun_gso_max_size tun_endpoint_independent_nat local tun_device tun_stack tun_mtu tun_gso tun_gso_max_size tun_endpoint_independent_nat
config_get tun_device "mixin" "tun_device" "mihomo"
config_get tun_stack "mixin" "tun_stack" "system" config_get tun_stack "mixin" "tun_stack" "system"
config_get tun_mtu "mixin" "tun_mtu" "9000" config_get tun_mtu "mixin" "tun_mtu" "9000"
config_get_bool tun_gso "mixin" "tun_gso" 0 config_get_bool tun_gso "mixin" "tun_gso" 0
@ -186,7 +175,7 @@ start_service() {
log_level="$log_level" ipv6="$ipv6" \ log_level="$log_level" ipv6="$ipv6" \
ui_path="ui" ui_name="$ui_name" ui_url="$ui_url" api_listen="0.0.0.0:$api_port" api_secret="$api_secret" \ ui_path="ui" ui_name="$ui_name" ui_url="$ui_url" api_listen="0.0.0.0:$api_port" api_secret="$api_secret" \
allow_lan="$allow_lan" http_port="$http_port" socks_port="$socks_port" mixed_port="$mixed_port" redir_port="$redir_port" tproxy_port="$tproxy_port" \ allow_lan="$allow_lan" http_port="$http_port" socks_port="$socks_port" mixed_port="$mixed_port" redir_port="$redir_port" tproxy_port="$tproxy_port" \
tun_enable="$tun_enable" tun_stack="$tun_stack" tun_device="$TUN_DEVICE" tun_mtu="$tun_mtu" tun_gso="$tun_gso" tun_gso_max_size="$tun_gso_max_size" tun_endpoint_independent_nat="$tun_endpoint_independent_nat" \ tun_enable="$tun_enable" tun_stack="$tun_stack" tun_device="$tun_device" tun_mtu="$tun_mtu" tun_gso="$tun_gso" tun_gso_max_size="$tun_gso_max_size" tun_endpoint_independent_nat="$tun_endpoint_independent_nat" \
dns_enable="true" dns_listen="0.0.0.0:$dns_port" dns_mode="$dns_mode" fake_ip_range="$fake_ip_range" \ dns_enable="true" dns_listen="0.0.0.0:$dns_port" dns_mode="$dns_mode" fake_ip_range="$fake_ip_range" \
yq -M -i ' yq -M -i '
.log-level = strenv(log_level) | .ipv6 = env(ipv6) == 1 | .log-level = strenv(log_level) | .ipv6 = env(ipv6) == 1 |
@ -202,7 +191,7 @@ start_service() {
log_level="$log_level" mode="$mode" match_process="$match_process" tcp_keep_alive_idle="$tcp_keep_alive_idle" tcp_keep_alive_interval="$tcp_keep_alive_interval" ipv6="$ipv6" \ log_level="$log_level" mode="$mode" match_process="$match_process" tcp_keep_alive_idle="$tcp_keep_alive_idle" tcp_keep_alive_interval="$tcp_keep_alive_interval" ipv6="$ipv6" \
ui_path="ui" ui_name="$ui_name" ui_url="$ui_url" api_listen="0.0.0.0:$api_port" api_secret="$api_secret" selection_cache="$selection_cache" \ ui_path="ui" ui_name="$ui_name" ui_url="$ui_url" api_listen="0.0.0.0:$api_port" api_secret="$api_secret" selection_cache="$selection_cache" \
allow_lan="$allow_lan" http_port="$http_port" socks_port="$socks_port" mixed_port="$mixed_port" redir_port="$redir_port" tproxy_port="$tproxy_port" \ allow_lan="$allow_lan" http_port="$http_port" socks_port="$socks_port" mixed_port="$mixed_port" redir_port="$redir_port" tproxy_port="$tproxy_port" \
tun_enable="$tun_enable" tun_stack="$tun_stack" tun_device="$TUN_DEVICE" tun_mtu="$tun_mtu" tun_gso="$tun_gso" tun_gso_max_size="$tun_gso_max_size" tun_endpoint_independent_nat="$tun_endpoint_independent_nat" \ tun_enable="$tun_enable" tun_stack="$tun_stack" tun_device="$tun_device" tun_mtu="$tun_mtu" tun_gso="$tun_gso" tun_gso_max_size="$tun_gso_max_size" tun_endpoint_independent_nat="$tun_endpoint_independent_nat" \
dns_enable="true" dns_listen="0.0.0.0:$dns_port" dns_mode="$dns_mode" fake_ip_range="$fake_ip_range" fake_ip_cache="$fake_ip_cache" \ dns_enable="true" dns_listen="0.0.0.0:$dns_port" dns_mode="$dns_mode" fake_ip_range="$fake_ip_range" fake_ip_cache="$fake_ip_cache" \
dns_respect_rules="$dns_respect_rules" dns_doh_prefer_http3="$dns_doh_prefer_http3" dns_ipv6="$dns_ipv6" dns_system_hosts="$dns_system_hosts" dns_hosts="$dns_hosts" \ dns_respect_rules="$dns_respect_rules" dns_doh_prefer_http3="$dns_doh_prefer_http3" dns_ipv6="$dns_ipv6" dns_system_hosts="$dns_system_hosts" dns_hosts="$dns_hosts" \
geoip_format="$geoip_format" geodata_loader="$geodata_loader" geosite_url="$geosite_url" geoip_mmdb_url="$geoip_mmdb_url" geoip_dat_url="$geoip_dat_url" geoip_asn_url="$geoip_asn_url" \ geoip_format="$geoip_format" geodata_loader="$geodata_loader" geosite_url="$geosite_url" geoip_mmdb_url="$geoip_mmdb_url" geoip_dat_url="$geoip_dat_url" geoip_asn_url="$geoip_asn_url" \
@ -285,28 +274,111 @@ start_service() {
procd_set_param limits nofile="1048576 1048576" procd_set_param limits nofile="1048576 1048576"
procd_close_instance procd_close_instance
# cron
if [[ "$scheduled_restart" == 1 && -n "$cron_expression" ]]; then
log "App" "Set scheduled restart."
echo "$cron_expression /etc/init.d/mihomo restart #mihomo" >> "/etc/crontabs/root"
/etc/init.d/cron restart
fi
# set started flag
touch "$STARTED_FLAG"
}
service_started() {
# check if started
if [ ! -f "$STARTED_FLAG" ]; then
return
fi
# load config
config_load mihomo
# check if transparent proxy enabled
local transparent_proxy
config_get_bool transparent_proxy "proxy" "transparent_proxy" 0
if [ "$transparent_proxy" == 0 ]; then
log "Transparent Proxy" "Disabled."
return
fi
# get config
### inbound
local http_port socks_port mixed_port redir_port tproxy_port
config_get http_port "mixin" "http_port" "8080"
config_get socks_port "mixin" "socks_port" "1080"
config_get mixed_port "mixin" "mixed_port" "7890"
config_get redir_port "mixin" "redir_port" "7891"
config_get tproxy_port "mixin" "tproxy_port" "7892"
### dns
local dns_port fake_ip_range
config_get dns_port "mixin" "dns_port" "1053"
config_get fake_ip_range "mixin" "fake_ip_range" "198.18.0.1/16"
### tun
local tun_device
config_get tun_device "mixin" "tun_device" "mihomo"
## proxy config
### transparent proxy
local tcp_transparent_proxy_mode udp_transparent_proxy_mode ipv4_dns_hijack ipv6_dns_hijack ipv4_proxy ipv6_proxy router_proxy lan_proxy
config_get tcp_transparent_proxy_mode "proxy" "tcp_transparent_proxy_mode" "redirect"
config_get udp_transparent_proxy_mode "proxy" "udp_transparent_proxy_mode" "tun"
config_get_bool ipv4_dns_hijack "proxy" "ipv4_dns_hijack" 0
config_get_bool ipv6_dns_hijack "proxy" "ipv6_dns_hijack" 0
config_get_bool ipv4_proxy "proxy" "ipv4_proxy" 0
config_get_bool ipv6_proxy "proxy" "ipv6_proxy" 0
config_get_bool router_proxy "proxy" "router_proxy" 0
config_get_bool lan_proxy "proxy" "lan_proxy" 0
### access control
local access_control_mode bypass_china_mainland_ip proxy_tcp_dport proxy_udp_dport
config_get access_control_mode "proxy" "access_control_mode"
config_get_bool bypass_china_mainland_ip "proxy" "bypass_china_mainland_ip" 0
config_get proxy_tcp_dport "proxy" "proxy_tcp_dport" "0-65535"
config_get proxy_udp_dport "proxy" "proxy_udp_dport" "0-65535"
# prepare
local tproxy_enable; tproxy_enable=0
if [[ "$tcp_transparent_proxy_mode" == "tproxy" || "$udp_transparent_proxy_mode" == "tproxy" ]]; then
tproxy_enable=1
fi
local tun_enable; tun_enable=0
if [[ "$tcp_transparent_proxy_mode" == "tun" || "$udp_transparent_proxy_mode" == "tun" ]]; then
tun_enable=1
fi
# transparent proxy # transparent proxy
if [ "$transparent_proxy" == 1 ]; then
log "Transparent Proxy" "Enabled." log "Transparent Proxy" "Enabled."
log "Transparent Proxy" "TCP Mode: $tcp_transparent_proxy_mode." log "Transparent Proxy" "TCP Mode: $tcp_transparent_proxy_mode."
log "Transparent Proxy" "UDP Mode: $udp_transparent_proxy_mode." log "Transparent Proxy" "UDP Mode: $udp_transparent_proxy_mode."
# wait for tun device online
if [ "$tun_enable" == 1 ]; then
log "Transparent Proxy" "Waiting for tun device online..."
local tun_timeout; tun_timeout=60
local tun_interval; tun_interval=1
while [ "$tun_timeout" -gt 0 ]; do
if (ip link show dev "$tun_device" > /dev/null 2>&1); then
if [ $(ip -json addr show dev mihomo | yq '.[] | select(.ifname = "mihomo") | .addr_info | length') -gt 0 ]; then
log "Transparent Proxy" "Tun device is online."
break
fi
fi
tun_timeout=$((tun_timeout - tun_interval))
sleep "$tun_interval"
done
if [ "$tun_timeout" -le 0 ]; then
log "Transparent Proxy" "Waiting timeout, tun device is not online."
log "App" "Exit."
return
fi
fi
# prepare # prepare
if [ "$tproxy_enable" == 1 ]; then if [ "$tproxy_enable" == 1 ]; then
if [ "$ipv4_proxy" == 1 ]; then if [ "$ipv4_proxy" == 1 ]; then
ip route add local default dev lo table "$TPROXY_ROUTE_TABLE" ip -4 route add local default dev lo table "$TPROXY_ROUTE_TABLE"
fi fi
if [ "$ipv6_proxy" == 1 ]; then if [ "$ipv6_proxy" == 1 ]; then
ip -6 route add local default dev lo table "$TPROXY_ROUTE_TABLE" ip -6 route add local default dev lo table "$TPROXY_ROUTE_TABLE"
fi fi
fi fi
if [ "$tun_enable" == 1 ]; then if [ "$tun_enable" == 1 ]; then
ip tuntap add dev "$TUN_DEVICE" mode tun vnet_hdr
ip link set "$TUN_DEVICE" up
if [ "$ipv4_proxy" == 1 ]; then if [ "$ipv4_proxy" == 1 ]; then
ip route add unicast default dev "$TUN_DEVICE" table "$TUN_ROUTE_TABLE" ip -4 route add unicast default dev "$tun_device" table "$TUN_ROUTE_TABLE"
fi fi
if [ "$ipv6_proxy" == 1 ]; then if [ "$ipv6_proxy" == 1 ]; then
ip -6 route add unicast default dev "$TUN_DEVICE" table "$TUN_ROUTE_TABLE" ip -6 route add unicast default dev "$tun_device" table "$TUN_ROUTE_TABLE"
fi fi
$FIREWALL_INCLUDE_SH $FIREWALL_INCLUDE_SH
fi fi
@ -318,7 +390,7 @@ start_service() {
fi fi
if [ -n "$tcp_route_table" ]; then if [ -n "$tcp_route_table" ]; then
if [ "$ipv4_proxy" == 1 ]; then if [ "$ipv4_proxy" == 1 ]; then
ip rule add pref "$TCP_RULE_PREF" fwmark "$FW_MARK/$FW_MARK_MASK" ipproto tcp table "$tcp_route_table" ip -4 rule add pref "$TCP_RULE_PREF" fwmark "$FW_MARK/$FW_MARK_MASK" ipproto tcp table "$tcp_route_table"
fi fi
if [ "$ipv6_proxy" == 1 ]; then if [ "$ipv6_proxy" == 1 ]; then
ip -6 rule add pref "$TCP_RULE_PREF" fwmark "$FW_MARK/$FW_MARK_MASK" ipproto tcp table "$tcp_route_table" ip -6 rule add pref "$TCP_RULE_PREF" fwmark "$FW_MARK/$FW_MARK_MASK" ipproto tcp table "$tcp_route_table"
@ -332,13 +404,13 @@ start_service() {
fi fi
if [ -n "$udp_route_table" ]; then if [ -n "$udp_route_table" ]; then
if [ "$ipv4_proxy" == 1 ]; then if [ "$ipv4_proxy" == 1 ]; then
ip rule add pref "$UDP_RULE_PREF" fwmark "$FW_MARK/$FW_MARK_MASK" ipproto udp table "$udp_route_table" ip -4 rule add pref "$UDP_RULE_PREF" fwmark "$FW_MARK/$FW_MARK_MASK" ipproto udp table "$udp_route_table"
fi fi
if [ "$ipv6_proxy" == 1 ]; then if [ "$ipv6_proxy" == 1 ]; then
ip -6 rule add pref "$UDP_RULE_PREF" fwmark "$FW_MARK/$FW_MARK_MASK" ipproto udp table "$udp_route_table" ip -6 rule add pref "$UDP_RULE_PREF" fwmark "$FW_MARK/$FW_MARK_MASK" ipproto udp table "$udp_route_table"
fi fi
fi fi
nft -f "$HIJACK_NFT" -D MIHOMO_GROUP="$MIHOMO_GROUP" -D FW_MARK="$FW_MARK" -D FW_MARK_MASK="$FW_MARK_MASK" -D TUN_DEVICE="$TUN_DEVICE" -D FAKE_IP="$fake_ip_range" -D DNS_PORT="$dns_port" -D REDIR_PORT="$redir_port" -D TPROXY_PORT="$tproxy_port" nft -f "$HIJACK_NFT" -D MIHOMO_GROUP="$MIHOMO_GROUP" -D FW_MARK="$FW_MARK" -D FW_MARK_MASK="$FW_MARK_MASK" -D TUN_DEVICE="$tun_device" -D FAKE_IP="$fake_ip_range" -D DNS_PORT="$dns_port" -D REDIR_PORT="$redir_port" -D TPROXY_PORT="$tproxy_port"
nft -f "$RESERVED_IP_NFT" nft -f "$RESERVED_IP_NFT"
nft -f "$RESERVED_IP6_NFT" nft -f "$RESERVED_IP6_NFT"
# dns hijack # dns hijack
@ -423,26 +495,18 @@ start_service() {
if [ "$ipv4_proxy" == 1 ]; then if [ "$ipv4_proxy" == 1 ]; then
local bridge_nf_call_iptables; bridge_nf_call_iptables=$(sysctl -e -n net.bridge.bridge-nf-call-iptables) local bridge_nf_call_iptables; bridge_nf_call_iptables=$(sysctl -e -n net.bridge.bridge-nf-call-iptables)
if [ "$bridge_nf_call_iptables" == 1 ]; then if [ "$bridge_nf_call_iptables" == 1 ]; then
touch /tmp/bridge_nf_call_iptables.flag touch "$BRIDGE_NF_CALL_IPTABLES_FLAG"
sysctl -q -w net.bridge.bridge-nf-call-iptables=0 sysctl -q -w net.bridge.bridge-nf-call-iptables=0
fi fi
fi fi
if [ "$ipv6_proxy" == 1 ]; then if [ "$ipv6_proxy" == 1 ]; then
local bridge_nf_call_ip6tables; bridge_nf_call_ip6tables=$(sysctl -e -n net.bridge.bridge-nf-call-ip6tables) local bridge_nf_call_ip6tables; bridge_nf_call_ip6tables=$(sysctl -e -n net.bridge.bridge-nf-call-ip6tables)
if [ "$bridge_nf_call_ip6tables" == 1 ]; then if [ "$bridge_nf_call_ip6tables" == 1 ]; then
touch /tmp/bridge_nf_call_ip6tables.flag touch "$BRIDGE_NF_CALL_IP6TABLES_FLAG"
sysctl -q -w net.bridge.bridge-nf-call-ip6tables=0 sysctl -q -w net.bridge.bridge-nf-call-ip6tables=0
fi fi
fi fi
fi fi
fi
# cron
if [[ "$scheduled_restart" == 1 && -n "$cron_expression" ]]; then
log "App" "Set scheduled restart."
echo "$cron_expression /etc/init.d/mihomo restart #mihomo" >> "/etc/crontabs/root"
/etc/init.d/cron restart
fi
log "App" "Start Successful."
} }
service_stopped() { service_stopped() {
@ -462,22 +526,19 @@ cleanup() {
# clear log # clear log
clear_log clear_log
# delete routing policy # delete routing policy
ip rule del ipproto tcp table "$TPROXY_ROUTE_TABLE" > /dev/null 2>&1 ip -4 rule del ipproto tcp table "$TPROXY_ROUTE_TABLE" > /dev/null 2>&1
ip rule del ipproto udp table "$TPROXY_ROUTE_TABLE" > /dev/null 2>&1 ip -4 rule del ipproto udp table "$TPROXY_ROUTE_TABLE" > /dev/null 2>&1
ip rule del ipproto tcp table "$TUN_ROUTE_TABLE" > /dev/null 2>&1 ip -4 rule del ipproto tcp table "$TUN_ROUTE_TABLE" > /dev/null 2>&1
ip rule del ipproto udp table "$TUN_ROUTE_TABLE" > /dev/null 2>&1 ip -4 rule del ipproto udp table "$TUN_ROUTE_TABLE" > /dev/null 2>&1
ip -6 rule del ipproto tcp table "$TPROXY_ROUTE_TABLE" > /dev/null 2>&1 ip -6 rule del ipproto tcp table "$TPROXY_ROUTE_TABLE" > /dev/null 2>&1
ip -6 rule del ipproto udp table "$TPROXY_ROUTE_TABLE" > /dev/null 2>&1 ip -6 rule del ipproto udp table "$TPROXY_ROUTE_TABLE" > /dev/null 2>&1
ip -6 rule del ipproto tcp table "$TUN_ROUTE_TABLE" > /dev/null 2>&1 ip -6 rule del ipproto tcp table "$TUN_ROUTE_TABLE" > /dev/null 2>&1
ip -6 rule del ipproto udp table "$TUN_ROUTE_TABLE" > /dev/null 2>&1 ip -6 rule del ipproto udp table "$TUN_ROUTE_TABLE" > /dev/null 2>&1
# delete routing table # delete routing table
ip route flush table "$TPROXY_ROUTE_TABLE" > /dev/null 2>&1 ip -4 route flush table "$TPROXY_ROUTE_TABLE" > /dev/null 2>&1
ip route flush table "$TUN_ROUTE_TABLE" > /dev/null 2>&1 ip -4 route flush table "$TUN_ROUTE_TABLE" > /dev/null 2>&1
ip -6 route flush table "$TPROXY_ROUTE_TABLE" > /dev/null 2>&1 ip -6 route flush table "$TPROXY_ROUTE_TABLE" > /dev/null 2>&1
ip -6 route flush table "$TUN_ROUTE_TABLE" > /dev/null 2>&1 ip -6 route flush table "$TUN_ROUTE_TABLE" > /dev/null 2>&1
# delete tun
ip link set "$TUN_DEVICE" down > /dev/null 2>&1
ip tuntap del dev "$TUN_DEVICE" mode tun > /dev/null 2>&1
# delete hijack # delete hijack
nft delete table inet "$FW_TABLE" > /dev/null 2>&1 nft delete table inet "$FW_TABLE" > /dev/null 2>&1
local handles handle local handles handle
@ -489,13 +550,15 @@ cleanup() {
for handle in $handles; do for handle in $handles; do
nft delete rule inet fw4 forward handle "$handle" nft delete rule inet fw4 forward handle "$handle"
done done
# delete started flag
rm -f "$STARTED_FLAG"
# revert fix compatible between tproxy and dockerd (kmod-br-netfilter) # revert fix compatible between tproxy and dockerd (kmod-br-netfilter)
if [ -f "/tmp/bridge_nf_call_iptables.flag" ]; then if [ -f "$BRIDGE_NF_CALL_IPTABLES_FLAG" ]; then
rm -f /tmp/bridge_nf_call_iptables.flag rm -f "$BRIDGE_NF_CALL_IPTABLES_FLAG"
sysctl -q -w net.bridge.bridge-nf-call-iptables=1 sysctl -q -w net.bridge.bridge-nf-call-iptables=1
fi fi
if [ -f "/tmp/bridge_nf_call_ip6tables.flag" ]; then if [ -f "$BRIDGE_NF_CALL_IP6TABLES_FLAG" ]; then
rm -f /tmp/bridge_nf_call_ip6tables.flag rm -f "$BRIDGE_NF_CALL_IP6TABLES_FLAG"
sysctl -q -w net.bridge.bridge-nf-call-ip6tables=1 sysctl -q -w net.bridge.bridge-nf-call-ip6tables=1
fi fi
# delete cron # delete cron
@ -503,27 +566,6 @@ cleanup() {
/etc/init.d/cron restart /etc/init.d/cron restart
} }
prepare_log() {
if [ ! -d "$LOG_DIR" ]; then
mkdir -p "$LOG_DIR"
fi
if [ ! -f "$APP_LOG_PATH" ]; then
touch "$APP_LOG_PATH"
fi
if [ ! -f "$CORE_LOG_PATH" ]; then
touch "$CORE_LOG_PATH"
fi
}
clear_log() {
echo -n > "$APP_LOG_PATH"
echo -n > "$CORE_LOG_PATH"
}
log() {
echo "[$(date "+%Y-%m-%d %H:%M:%S")] [$1] $2" >> "$APP_LOG_PATH"
}
mixin_authentications() { mixin_authentications() {
local section="$1" local section="$1"

8
mihomo/files/nftables/hijack.nft
View File

@ -170,7 +170,7 @@ table inet mihomo {
chain dstnat { chain dstnat {
type nat hook prerouting priority dstnat + 1; policy accept; type nat hook prerouting priority dstnat + 1; policy accept;
fib daddr type local counter return fib daddr type { local, multicast, broadcast, anycast } counter return
ct direction reply counter return ct direction reply counter return
ip daddr @reserved_ip counter return ip daddr @reserved_ip counter return
ip6 daddr @reserved_ip6 counter return ip6 daddr @reserved_ip6 counter return
@ -184,7 +184,7 @@ table inet mihomo {
type nat hook output priority filter; policy accept; type nat hook output priority filter; policy accept;
meta skuid @bypass_user counter return meta skuid @bypass_user counter return
meta skgid @bypass_group counter return meta skgid @bypass_group counter return
fib daddr type local counter return fib daddr type { local, multicast, broadcast, anycast } counter return
ct direction reply counter return ct direction reply counter return
ip daddr @reserved_ip counter return ip daddr @reserved_ip counter return
ip6 daddr @reserved_ip6 counter return ip6 daddr @reserved_ip6 counter return
@ -198,7 +198,7 @@ table inet mihomo {
type filter hook prerouting priority mangle; policy accept; type filter hook prerouting priority mangle; policy accept;
meta l4proto { tcp, udp } iifname lo meta mark & $FW_MARK_MASK == $FW_MARK tproxy to :$TPROXY_PORT counter accept meta l4proto { tcp, udp } iifname lo meta mark & $FW_MARK_MASK == $FW_MARK tproxy to :$TPROXY_PORT counter accept
meta l4proto { tcp, udp } iifname $TUN_DEVICE counter accept meta l4proto { tcp, udp } iifname $TUN_DEVICE counter accept
fib daddr type local counter return fib daddr type { local, multicast, broadcast, anycast } counter return
ct direction reply counter return ct direction reply counter return
ip daddr @reserved_ip counter return ip daddr @reserved_ip counter return
ip6 daddr @reserved_ip6 counter return ip6 daddr @reserved_ip6 counter return
@ -213,7 +213,7 @@ table inet mihomo {
type route hook output priority mangle; policy accept; type route hook output priority mangle; policy accept;
meta skuid @bypass_user counter return meta skuid @bypass_user counter return
meta skgid @bypass_group counter return meta skgid @bypass_group counter return
fib daddr type local counter return fib daddr type { local, multicast, broadcast, anycast } counter return
ct direction reply counter return ct direction reply counter return
ip daddr @reserved_ip counter return ip daddr @reserved_ip counter return
ip6 daddr @reserved_ip6 counter return ip6 daddr @reserved_ip6 counter return

7
mihomo/files/scripts/firewall_include.sh
View File

@ -7,11 +7,12 @@ config_load mihomo
config_get enabled "config" "enabled" 0 config_get enabled "config" "enabled" 0
config_get tcp_transparent_proxy_mode "proxy" "tcp_transparent_proxy_mode" config_get tcp_transparent_proxy_mode "proxy" "tcp_transparent_proxy_mode"
config_get udp_transparent_proxy_mode "proxy" "udp_transparent_proxy_mode" config_get udp_transparent_proxy_mode "proxy" "udp_transparent_proxy_mode"
config_get tun_device "mixin" "tun_device"
if [ "$enabled" == 1 ] && [[ "$tcp_transparent_proxy_mode" == "tun" || "$udp_transparent_proxy_mode" == "tun" ]]; then if [ "$enabled" == 1 ] && [[ "$tcp_transparent_proxy_mode" == "tun" || "$udp_transparent_proxy_mode" == "tun" ]]; then
nft insert rule inet fw4 input iifname "$TUN_DEVICE" counter accept comment "mihomo" nft insert rule inet fw4 input iifname "$tun_device" counter accept comment "mihomo"
nft insert rule inet fw4 forward oifname "$TUN_DEVICE" counter accept comment "mihomo" nft insert rule inet fw4 forward oifname "$tun_device" counter accept comment "mihomo"
nft insert rule inet fw4 forward iifname "$TUN_DEVICE" counter accept comment "mihomo" nft insert rule inet fw4 forward iifname "$tun_device" counter accept comment "mihomo"
fi fi
exit 0 exit 0

33
mihomo/files/scripts/include.sh
View File

@ -12,7 +12,6 @@ TCP_RULE_PREF="1024"
UDP_RULE_PREF="1025" UDP_RULE_PREF="1025"
TPROXY_ROUTE_TABLE="80" TPROXY_ROUTE_TABLE="80"
TUN_ROUTE_TABLE="81" TUN_ROUTE_TABLE="81"
TUN_DEVICE="mihomo"
# paths # paths
PROG="/usr/bin/mihomo" PROG="/usr/bin/mihomo"
@ -23,10 +22,18 @@ MIXIN_FILE_PATH="$HOME_DIR/mixin.yaml"
RUN_DIR="$HOME_DIR/run" RUN_DIR="$HOME_DIR/run"
RUN_PROFILE_PATH="$RUN_DIR/config.yaml" RUN_PROFILE_PATH="$RUN_DIR/config.yaml"
RUN_UI_DIR="$RUN_DIR/ui" RUN_UI_DIR="$RUN_DIR/ui"
# log
LOG_DIR="/var/log/mihomo" LOG_DIR="/var/log/mihomo"
APP_LOG_PATH="$LOG_DIR/app.log" APP_LOG_PATH="$LOG_DIR/app.log"
CORE_LOG_PATH="$LOG_DIR/core.log" CORE_LOG_PATH="$LOG_DIR/core.log"
# flag
FLAG_DIR="/var/run/mihomo"
STARTED_FLAG="$FLAG_DIR/started.flag"
BRIDGE_NF_CALL_IPTABLES_FLAG="$FLAG_DIR/bridge_nf_call_iptables.flag"
BRIDGE_NF_CALL_IP6TABLES_FLAG="$FLAG_DIR/bridge_nf_call_ip6tables.flag"
# scripts # scripts
SH_DIR="$HOME_DIR/scripts" SH_DIR="$HOME_DIR/scripts"
INCLUDE_SH="$SH_DIR/include.sh" INCLUDE_SH="$SH_DIR/include.sh"
@ -64,3 +71,27 @@ format_filesize() {
echo "$(awk "BEGIN {print $size / $pb}") PB" echo "$(awk "BEGIN {print $size / $pb}") PB"
fi fi
} }
prepare_files() {
if [ ! -d "$LOG_DIR" ]; then
mkdir -p "$LOG_DIR"
fi
if [ ! -f "$APP_LOG_PATH" ]; then
touch "$APP_LOG_PATH"
fi
if [ ! -f "$CORE_LOG_PATH" ]; then
touch "$CORE_LOG_PATH"
fi
if [ ! -d "$FLAG_DIR" ]; then
mkdir -p "$FLAG_DIR"
fi
}
clear_log() {
echo -n > "$APP_LOG_PATH"
echo -n > "$CORE_LOG_PATH"
}
log() {
echo "[$(date "+%Y-%m-%d %H:%M:%S")] [$1] $2" >> "$APP_LOG_PATH"
}

3
mihomo/files/uci-defaults/migrate.sh
View File

@ -50,6 +50,9 @@ env=$(uci -q get mihomo.env); [ -z "$env" ] && {
uci set mihomo.env.disable_quic_go_ecn=0 uci set mihomo.env.disable_quic_go_ecn=0
} }
# since v1.15.0
tun_device=$(uci -q get mihomo.mixin.tun_device); [ -z "$tun_device" ] && uci set mihomo.mixin.tun_device=mihomo
# commit # commit
uci commit mihomo uci commit mihomo