zhao/openwrt_helloworld
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nikki: sync upstream

Browse Source 
last commit: 7c06175f46
This commit is contained in:
gitea-action 2025-03-15 14:00:26 +08:00
parent 6bd93f7518
commit f218468935
3 changed files with 26 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
nikki/files/nikki.conf
View File

@ -25,20 +25,25 @@ config proxy 'proxy'
option 'acl_ip6' '' option 'acl_ip6' ''
option 'acl_mac' '' option 'acl_mac' ''
option 'acl_interface' '' option 'acl_interface' ''
list 'bypass_user' 'aria2'
list 'bypass_user' 'dnsmasq' list 'bypass_user' 'dnsmasq'
list 'bypass_user' 'ftp' list 'bypass_user' 'ftp'
list 'bypass_user' 'logd' list 'bypass_user' 'logd'
list 'bypass_user' 'nobody' list 'bypass_user' 'nobody'
list 'bypass_user' 'ntp' list 'bypass_user' 'ntp'
list 'bypass_user' 'ubus' list 'bypass_user' 'ubus'
list 'bypass_group' 'aria2'
list 'bypass_group' 'dnsmasq' list 'bypass_group' 'dnsmasq'
list 'bypass_group' 'ftp' list 'bypass_group' 'ftp'
list 'bypass_group' 'logd' list 'bypass_group' 'logd'
list 'bypass_group' 'nogroup' list 'bypass_group' 'nogroup'
list 'bypass_group' 'ntp' list 'bypass_group' 'ntp'
list 'bypass_group' 'ubus' list 'bypass_group' 'ubus'
list 'bypass_cgroup' 'adguardhome'
list 'bypass_cgroup' 'aria2'
list 'bypass_cgroup' 'dnsmasq'
list 'bypass_cgroup' 'nginx'
list 'bypass_cgroup' 'qbittorrent'
list 'bypass_cgroup' 'tailscale'
list 'bypass_cgroup' 'uhttpd'
list 'bypass_dscp' '4' list 'bypass_dscp' '4'
option 'bypass_china_mainland_ip' '0' option 'bypass_china_mainland_ip' '0'
option 'proxy_tcp_dport' '0-65535' option 'proxy_tcp_dport' '0-65535'
@ -56,7 +61,7 @@ config mixin 'mixin'
option 'match_process' 'off' option 'match_process' 'off'
option 'ipv6' '1' option 'ipv6' '1'
option 'ui_path' 'ui' option 'ui_path' 'ui'
option 'ui_url' 'https://github.com/Zephyruso/zashboard/archive/refs/heads/gh-pages.zip' option 'ui_url' 'https://github.com/Zephyruso/zashboard/releases/latest/download/dist-cdn-fonts.zip'
option 'api_listen' '[::]:9090' option 'api_listen' '[::]:9090'
option 'selection_cache' '1' option 'selection_cache' '1'
option 'allow_lan' '1' option 'allow_lan' '1'
@ -67,7 +72,7 @@ config mixin 'mixin'
option 'tproxy_port' '7892' option 'tproxy_port' '7892'
option 'authentication' '1' option 'authentication' '1'
option 'tun_device' 'nikki' option 'tun_device' 'nikki'
option 'tun_stack' 'system' option 'tun_stack' 'mixed'
option 'tun_dns_hijack' '0' option 'tun_dns_hijack' '0'
list 'tun_dns_hijacks' 'tcp://any:53' list 'tun_dns_hijacks' 'tcp://any:53'
list 'tun_dns_hijacks' 'udp://any:53' list 'tun_dns_hijacks' 'udp://any:53'
@ -110,43 +115,37 @@ config nameserver
option 'enabled' '1' option 'enabled' '1'
option 'type' 'default-nameserver' option 'type' 'default-nameserver'
list 'nameserver' '223.5.5.5' list 'nameserver' '223.5.5.5'
list 'nameserver' '119.29.29.29' list 'nameserver' '223.6.6.6'
config nameserver config nameserver
option 'enabled' '1' option 'enabled' '0'
option 'type' 'proxy-server-nameserver' option 'type' 'proxy-server-nameserver'
list 'nameserver' 'https://dns.alidns.com/dns-query' list 'nameserver' 'https://223.5.5.5/dns-query'
list 'nameserver' 'https://doh.pub/dns-query' list 'nameserver' 'https://223.6.6.6/dns-query'
config nameserver config nameserver
option 'enabled' '1' option 'enabled' '0'
option 'type' 'direct-nameserver' option 'type' 'direct-nameserver'
list 'nameserver' 'https://dns.alidns.com/dns-query' list 'nameserver' 'https://223.5.5.5/dns-query'
list 'nameserver' 'https://doh.pub/dns-query' list 'nameserver' 'https://223.6.6.6/dns-query'
config nameserver config nameserver
option 'enabled' '1' option 'enabled' '1'
option 'type' 'nameserver' option 'type' 'nameserver'
list 'nameserver' 'https://dns.alidns.com/dns-query' list 'nameserver' 'https://223.5.5.5/dns-query'
list 'nameserver' 'https://doh.pub/dns-query' list 'nameserver' 'https://223.6.6.6/dns-query'
config nameserver
option 'enabled' '0'
option 'type' 'fallback'
list 'nameserver' 'https://dns.cloudflare.com/dns-query'
list 'nameserver' 'https://dns.google/dns-query'
config nameserver_policy config nameserver_policy
option 'enabled' '1' option 'enabled' '1'
option 'matcher' 'geosite:cn,private' option 'matcher' 'geosite:private,cn'
list 'nameserver' 'https://dns.alidns.com/dns-query' list 'nameserver' 'https://223.5.5.5/dns-query'
list 'nameserver' 'https://doh.pub/dns-query' list 'nameserver' 'https://223.6.6.6/dns-query'
config nameserver_policy config nameserver_policy
option 'enabled' '1' option 'enabled' '1'
option 'matcher' 'geosite:geolocation-!cn' option 'matcher' 'geosite:geolocation-!cn'
list 'nameserver' 'https://dns.cloudflare.com/dns-query' list 'nameserver' 'https://1.1.1.1/dns-query'
list 'nameserver' 'https://dns.google/dns-query' list 'nameserver' 'https://8.8.8.8/dns-query'
config sniff config sniff
option 'enabled' '1' option 'enabled' '1'

2
nikki/files/nikki.init
View File

@ -217,7 +217,7 @@ service_started() {
$FIREWALL_INCLUDE_SH $FIREWALL_INCLUDE_SH
fi fi
# hijack # hijack
utpl -D nikki_group="$NIKKI_GROUP" -D tproxy_fw_mark="$TPROXY_FW_MARK" -D tun_fw_mark="$TUN_FW_MARK" -S "$HIJACK_UT" | nft -f - utpl -D tproxy_fw_mark="$TPROXY_FW_MARK" -D tun_fw_mark="$TUN_FW_MARK" -S "$HIJACK_UT" | nft -f -
# check hijack # check hijack
if (nft list tables | grep -q nikki); then if (nft list tables | grep -q nikki); then
log "Transparent Proxy" "Hijack successful." log "Transparent Proxy" "Hijack successful."

5
nikki/files/ucode/hijack.ut
View File

@ -5,11 +5,10 @@
import { cursor } from 'uci'; import { cursor } from 'uci';
import { connect } from 'ubus'; import { connect } from 'ubus';
import { uci_bool, uci_array, get_users, get_groups, get_cgroups } from '/etc/nikki/ucode/include.uc'; import { uci_bool, uci_array, get_users, get_groups } from '/etc/nikki/ucode/include.uc';
const users = get_users(); const users = get_users();
const groups = get_groups(); const groups = get_groups();
const cgroups = get_cgroups();
const uci = cursor(); const uci = cursor();
const ubus = connect(); const ubus = connect();
@ -43,7 +42,7 @@
const bypass_user = filter(uci_array(uci.get('nikki', 'proxy', 'bypass_user')), (x) => x != 'root' && index(users, x) >= 0); const bypass_user = filter(uci_array(uci.get('nikki', 'proxy', 'bypass_user')), (x) => x != 'root' && index(users, x) >= 0);
const bypass_group = filter(uci_array(uci.get('nikki', 'proxy', 'bypass_group')), (x) => x != 'root' && index(groups, x) >= 0); const bypass_group = filter(uci_array(uci.get('nikki', 'proxy', 'bypass_group')), (x) => x != 'root' && index(groups, x) >= 0);
const bypass_cgroup = filter(uci_array(uci.get('nikki', 'proxy', 'bypass_cgroup')), (x) => x != 'nikki' && index(cgroups, x) >= 0); const bypass_cgroup = uci_array(uci.get('nikki', 'proxy', 'bypass_cgroup'));
const bypass_dscp = uci_array(uci.get('nikki', 'proxy', 'bypass_dscp')); const bypass_dscp = uci_array(uci.get('nikki', 'proxy', 'bypass_dscp'));
const bypass_china_mainland_ip = uci_bool(uci.get('nikki', 'proxy', 'bypass_china_mainland_ip')); const bypass_china_mainland_ip = uci_bool(uci.get('nikki', 'proxy', 'bypass_china_mainland_ip'));
const proxy_tcp_dport = split((uci.get('nikki', 'proxy', 'proxy_tcp_dport') ?? '0-65535'), ' '); const proxy_tcp_dport = split((uci.get('nikki', 'proxy', 'proxy_tcp_dport') ?? '0-65535'), ' ');