luci-app-passwall: sync upstream

last commit: 019e8e5db7

luci-app-homeproxy/htdocs/luci-static/resources/view/homeproxy/client.js

@@ -367,6 +367,7 @@ return view.extend({
 
 			this.value('nil', _('Disable'));
 			this.value('direct-out', _('Direct'));
+			this.value('block-out', _('Block'));
 			uci.sections(data[0], 'routing_node', (res) => {
 				if (res.enabled === '1')
 					this.value(res['.name'], res.label);
@@ -739,6 +740,7 @@ return view.extend({
 
 			this.value('default-dns', _('Default DNS (issued by WAN)'));
 			this.value('system-dns', _('System DNS'));
+			this.value('block-dns', _('Block DNS queries'));
 			uci.sections(data[0], 'dns_server', (res) => {
 				if (res.enabled === '1')
 					this.value(res['.name'], res.label);

luci-app-homeproxy/root/etc/homeproxy/resources/china_ip4.ver

@@ -1 +1 @@
-20250403032551
+20250513033637

luci-app-homeproxy/root/etc/homeproxy/resources/china_ip6.txt

@@ -32,7 +32,6 @@
 2400:6460:300::/40
 2400:6600::/32
 2400:6e60:1301::/48
-2400:7100::/32
 2400:75aa::/32
 2400:7bc0:20::/43
 2400:7fc0::/40
@@ -47,7 +46,7 @@
 2400:8200::/32
 2400:87c0::/32
 2400:89c0:1010::/44
-2400:89c0:1020::/43
+2400:89c0:1020::/44
 2400:89c0:1050::/46
 2400:89c0:1130::/44
 2400:89c0:1150::/48
@@ -109,24 +108,21 @@
 2400:da00::/32
 2400:dd00::/28
 2400:ebc0::/32
-2400:ee00::/32
+2400:ee00:ffec::/46
+2400:ee00:fff0::/44
 2400:f6e0::/32
 2400:f720::/32
-2400:fb40::/32
 2400:fe00::/32
 2401:20::/40
 2401:800::/32
-2401:ba0::/32
 2401:1160::/32
 2401:11a0:10::/44
 2401:11a0:1500::/40
 2401:11a0:d150::/48
 2401:11a0:d152::/48
 2401:11a0:d158::/48
-2401:1200::/48
 2401:1320::/32
 2401:1d40::/32
-2401:2780::/32
 2401:2e00::/32
 2401:33c0::/32
 2401:3480::/36
@@ -134,28 +130,10 @@
 2401:3480:3000::/36
 2401:34a0::/31
 2401:3800::/32
-2401:3880::/32
-2401:3980::/32
-2401:3a80::/32
-2401:3b80::/32
-2401:3c80::/32
-2401:3d80::/32
-2401:3e80::/32
-2401:3f80::/32
-2401:4180::/32
-2401:4280::/32
-2401:4380::/32
-2401:4480::/32
-2401:4580::/32
-2401:4680::/32
-2401:4780::/32
-2401:4880::/32
-2401:4a80::/32
 2401:5c20:10::/48
 2401:70e0::/32
 2401:71c0::/48
 2401:7700::/32
-2401:7d40::/32
 2401:7e00::/32
 2401:8be0::/48
 2401:8d00::/46
@@ -165,8 +143,6 @@
 2401:8d00:b::/48
 2401:8d00:c::/48
 2401:8d00:f::/48
-2401:8d00:10::/48
-2401:8d00:12::/48
 2401:8d00:14::/48
 2401:8da0::/48
 2401:9a00::/44
@@ -180,7 +156,6 @@
 2401:b400:20::/47
 2401:b680::/32
 2401:be00::/32
-2401:ca00::/32
 2401:cb80::/32
 2401:cc00::/32
 2401:ce00::/32
@@ -190,6 +165,11 @@
 2401:d920::/48
 2401:de00::/32
 2401:ec00::/32
+2401:f860:86::/47
+2401:f860:88::/47
+2401:f860:90::/46
+2401:f860:100::/40
+2401:f860:f100::/40
 2401:fa00:40::/43
 2402:840:d000::/46
 2402:840:e000::/46
@@ -208,8 +188,6 @@
 2402:6e80::/32
 2402:6f40::/48
 2402:6f40:2::/48
-2402:6fc0::/48
-2402:7040::/32
 2402:7d80::/32
 2402:8bc0::/32
 2402:8cc0::/40
@@ -257,8 +235,8 @@
 2403:4c80::/48
 2403:5c80::/48
 2403:6380:14::/47
-2403:6380:40::/46
+2403:6380:40::/48
-2403:6380:60::/44
+2403:6380:42::/47
 2403:6a00::/32
 2403:7580::/32
 2403:8080:101::/48
@@ -285,11 +263,10 @@
 2404:bc0:4400::/43
 2404:bc0:4f00::/43
 2404:1c80::/32
-2404:2280:103::/48
 2404:2280:105::/48
-2404:2280:106::/47
+2404:2280:107::/48
 2404:2280:109::/48
-2404:2280:10b::/48
+2404:2280:10a::/47
 2404:2280:10d::/48
 2404:2280:10f::/48
 2404:2280:112::/47
@@ -324,6 +301,7 @@
 2404:2280:183::/48
 2404:2280:187::/48
 2404:2280:18a::/47
+2404:2280:18c::/46
 2404:2280:193::/48
 2404:2280:196::/48
 2404:2280:198::/45
@@ -353,6 +331,10 @@
 2404:2280:1ee::/48
 2404:2280:1f0::/45
 2404:2280:1f8::/46
+2404:2280:202::/47
+2404:2280:204::/47
+2404:2280:209::/48
+2404:2280:20a::/48
 2404:3700::/48
 2404:4dc0::/32
 2404:6380::/48
@@ -401,9 +383,9 @@
 2405:1480:3000::/47
 2405:1640:6::/48
 2405:3140:11::/48
+2405:3140:21::/48
 2405:3140:31::/48
 2405:3140:3a::/48
-2405:3bc0::/48
 2405:57c0::/47
 2405:57c0:100::/48
 2405:66c0::/32
@@ -415,7 +397,6 @@
 2405:6f00:c602::/48
 2405:7040:6000::/47
 2405:78c0:6e00::/43
-2405:8280::/32
 2405:8a40::/32
 2405:a900:ffee::/48
 2405:a900:fffe::/48
@@ -430,18 +411,17 @@
 2406:840:9961::/48
 2406:840:9962::/47
 2406:840:996c::/48
-2406:840:e031::/48
-2406:840:e033::/48
-2406:840:e03f::/48
 2406:840:e080::/44
 2406:840:e0cf::/48
-2406:840:e0e2::/48
+2406:840:e0e0::/46
-2406:840:e0e5::/48
+2406:840:e0e4::/47
 2406:840:e0e8::/48
 2406:840:e10f::/48
 2406:840:e14f::/48
 2406:840:e201::/48
 2406:840:e230::/44
+2406:840:e260::/48
+2406:840:e266::/48
 2406:840:e500::/47
 2406:840:e621::/48
 2406:840:e666::/47
@@ -457,10 +437,11 @@
 2406:840:eb08::/48
 2406:840:eb0b::/48
 2406:840:eb0f::/48
-2406:840:ee40::/46
+2406:840:ee40::/47
 2406:840:ee44::/48
 2406:840:ee4b::/48
 2406:840:ee4d::/48
+2406:840:eee5::/48
 2406:840:f200::/47
 2406:840:f203::/48
 2406:840:f380::/44
@@ -485,7 +466,6 @@
 2406:840:feca::/48
 2406:840:fecc::/47
 2406:840:fecf::/48
-2406:840:fed2::/48
 2406:840:fed8::/48
 2406:840:fedf::/48
 2406:840:fef3::/48
@@ -494,17 +474,14 @@
 2406:840:fefc::/48
 2406:840:feff::/48
 2406:1080::/48
-2406:1e40:f012::/47
 2406:2700::/32
 2406:3340::/32
-2406:3640:1::/48
 2406:3d80::/32
 2406:4d00::/48
 2406:52c0::/32
 2406:5340:6666::/48
 2406:5340:8888::/48
 2406:5ac0::/32
-2406:8880::/48
 2406:b640:100::/48
 2406:b640:4100::/48
 2406:cac0::/40
@@ -514,13 +491,11 @@
 2406:d440:200::/44
 2406:d440:300::/44
 2406:d440:ff00::/48
-2406:d440:ffff::/48
 2406:e3c0::/32
 2406:e500::/33
 2407:2840::/48
 2407:3740::/48
 2407:37c0::/32
-2407:4980::/32
 2407:5380::/32
 2407:6c40:1100::/48
 2407:6c40:1210::/48
@@ -540,7 +515,6 @@
 2407:c080:5000::/37
 2407:c080:6000::/36
 2407:c080:8000::/36
-2407:d9c0::/32
 2408:4000::/22
 2408:8000::/48
 2408:8000:2::/47
@@ -596,8 +570,8 @@
 2408:8181:6000::/40
 2408:8181:8000::/40
 2408:8181:a000::/40
+2408:8181:a220::/44
 2408:8181:e000::/40
-2408:8182:6000::/40
 2408:8182:c000::/40
 2408:8183:4000::/40
 2408:8183:8000::/40
@@ -705,6 +679,7 @@
 2408:8406:b400::/40
 2408:8406:b500::/41
 2408:8406:b580::/42
+2408:8407:510::/44
 2408:8409::/40
 2408:8409:120::/43
 2408:8409:140::/42
@@ -1064,17 +1039,13 @@
 2409:27fe::/33
 2409:6100::/44
 2409:8000::/20
-240a:2000::/29
+240a:2000::/40
-240a:4002:1b00::/40
+240a:2001:100::/40
-240a:4010:8000::/33
+240a:2001:1000::/36
 240a:4020:83a::/48
 240a:4020:883a::/48
 240a:4021:83a::/48
 240a:4021:883a::/48
-240a:4083::/35
-240a:4084:2000::/35
-240a:4088:a000::/35
-240a:408c:2000::/35
 240a:4090:50::/48
 240a:4090:120::/48
 240a:4090:250::/48
@@ -1089,18 +1060,11 @@
 240a:4090:5200::/40
 240a:4090:7000::/39
 240a:4090:7200::/40
-240a:4090:a000::/35
-240a:4094:2000::/35
-240a:409c:2000::/35
-240a:40a4:2000::/35
-240a:40ac:2000::/35
 240a:40b0:83a::/48
 240a:40b0:283a::/48
 240a:40b0:483a::/48
 240a:40b0:683a::/48
 240a:40c0:8000::/43
-240a:40c0:8200::/48
-240a:40c0:8240::/48
 240a:40c0:a000::/43
 240a:40c0:c000::/43
 240a:40c0:e000::/43
@@ -1126,20 +1090,10 @@
 240a:40c3:6000::/43
 240a:40c3:8000::/43
 240a:40c3:c000::/43
-240a:40c3:c200::/48
-240a:40c3:c240::/48
 240a:40c3:e000::/43
 240a:40c4::/43
 240a:40c4:2000::/43
 240a:40c4:4000::/43
-240a:4172::/31
-240a:41b0::/34
-240a:41b8::/31
-240a:41d6::/31
-240a:41f2::/31
-240a:420a::/31
-240a:4230::/31
-240a:4242::/31
 240a:4280::/26
 240a:42c0::/27
 240a:42e0::/28
@@ -1162,19 +1116,16 @@
 240e::/20
 2602:2e0:ff::/48
 2602:f7ee:ee::/48
+2602:f93b:400::/38
 2602:f9ba:a8::/48
 2602:f9ba:10c::/48
-2602:fd92:801::/48
 2602:fd92:cc0::/44
-2602:fed2:731d::/48
 2602:feda:182::/47
 2602:feda:1bf::/48
 2602:feda:1d1::/48
 2602:feda:1df::/48
 2602:feda:2d0::/44
 2602:feda:2f0::/44
-2602:feda:bd0::/48
-2602:feda:d80::/48
 2605:9d80:8001::/48
 2605:9d80:8011::/48
 2605:9d80:8021::/48
@@ -1188,8 +1139,8 @@
 2605:9d80:9042::/48
 2605:9d80:9071::/48
 2605:9d80:9092::/48
-2620:57:4004::/48
+2804:1e48:9001::/48
-2804:1e48::/32
+2804:1e48:9002::/48
 2a03:5840:11b::/48
 2a04:3e00:1002::/48
 2a04:f580:8010::/47
@@ -1238,7 +1189,7 @@
 2a06:a005:a13::/48
 2a06:a005:e80::/43
 2a06:a005:1c40::/44
-2a09:54c6:c000::/36
+2a09:54c6:c800::/37
 2a09:b280:ff83::/48
 2a09:b280:ff84::/47
 2a0a:2840::/30
@@ -1252,9 +1203,8 @@
 2a0b:4340:a6::/48
 2a0b:4e07:b8::/47
 2a0c:9a40:84e0::/48
-2a0c:9a46:800::/43
+2a0c:9a46:800::/44
 2a0c:b641:571::/48
-2a0e:8f02:2182::/47
 2a0e:8f02:f067::/48
 2a0e:97c0:550::/44
 2a0e:97c0:83f::/48
@@ -1273,6 +1223,7 @@
 2a0e:aa07:e039::/48
 2a0e:aa07:e044::/48
 2a0e:aa07:e151::/48
+2a0e:aa07:e160::/48
 2a0e:aa07:e16a::/48
 2a0e:aa07:e1a0::/43
 2a0e:aa07:e1e2::/48
@@ -1281,8 +1232,8 @@
 2a0e:aa07:e210::/48
 2a0e:aa07:e21c::/47
 2a0e:aa07:e220::/44
-2a0e:aa07:f0d2::/48
+2a0e:aa07:f0d0::/46
-2a0e:aa07:f0d5::/48
+2a0e:aa07:f0d4::/47
 2a0e:aa07:f0d8::/48
 2a0e:aa07:f0de::/48
 2a0e:b107:12b::/48
@@ -1291,7 +1242,7 @@
 2a0e:b107:c10::/48
 2a0e:b107:dce::/48
 2a0e:b107:16b0::/44
-2a0e:b107:178c::/47
+2a0e:b107:178d::/48
 2a0f:5707:ac00::/47
 2a0f:7803:dd00::/42
 2a0f:7803:f5d0::/44
@@ -1307,7 +1258,6 @@
 2a0f:7803:fa22::/47
 2a0f:7803:fa24::/46
 2a0f:7803:faf3::/48
-2a0f:7803:faf7::/48
 2a0f:7803:fe81::/48
 2a0f:7803:fe82::/48
 2a0f:7804:da00::/40
@@ -1315,13 +1265,14 @@
 2a0f:7d07::/32
 2a0f:85c1:816::/48
 2a0f:85c1:b3a::/48
-2a0f:85c1:bba::/48
+2a0f:85c1:ba5::/48
+2a0f:85c1:bfe::/48
 2a0f:9400:6110::/48
 2a0f:9400:7700::/48
 2a0f:ac00::/29
 2a10:2f00:15a::/48
 2a10:cc40:190::/48
-2a12:f8c0:1000::/40
+2a10:ccc0:d01::/48
 2a12:f8c3::/36
 2a13:1800::/48
 2a13:1800:10::/48
@@ -1334,30 +1285,45 @@
 2a13:a5c7:2100::/48
 2a13:a5c7:2102::/48
 2a13:a5c7:2110::/48
-2a13:a5c7:2117::/48
-2a13:a5c7:2118::/48
 2a13:a5c7:2121::/48
+2a13:a5c7:2600::/40
 2a13:a5c7:2801::/48
 2a13:a5c7:2803::/48
+2a13:a5c7:3100::/44
 2a13:aac4:f000::/44
 2a14:7c0:4a01::/48
 2a14:4c41::/32
 2a14:67c1:20::/44
-2a14:67c1:70::/46
+2a14:67c1:70::/47
-2a14:67c1:701::/48
+2a14:67c1:73::/48
-2a14:67c1:703::/48
+2a14:67c1:702::/47
 2a14:67c1:704::/48
 2a14:67c1:800::/48
 2a14:67c1:a010::/44
 2a14:67c1:a020::/48
+2a14:67c1:a023::/48
 2a14:67c1:a024::/48
 2a14:67c1:a02a::/48
 2a14:67c1:a02f::/48
+2a14:67c1:a061::/48
+2a14:67c1:a064::/48
+2a14:67c1:a090::/47
+2a14:67c1:a092::/48
+2a14:67c1:a100::/44
+2a14:67c1:b000::/48
+2a14:67c1:b065::/48
 2a14:67c1:b066::/47
+2a14:67c1:b068::/47
 2a14:67c1:b100::/46
-2a14:67c5:1000::/36
+2a14:67c1:b104::/47
+2a14:67c1:b106::/48
+2a14:67c1:b120::/48
+2a14:67c1:b400::/43
+2a14:67c1:b4f0::/48
+2a14:67c5:1000::/39
 2a14:7580:9202::/47
-2a14:7580:9204::/46
+2a14:7580:9205::/48
+2a14:7580:9207::/48
 2a14:7580:9400::/39
 2a14:7580:d000::/37
 2a14:7580:d800::/39

luci-app-homeproxy/root/etc/homeproxy/resources/china_ip6.ver

@@ -1 +1 @@
-20250403032551
+20250513033637

luci-app-homeproxy/root/etc/homeproxy/resources/china_list.ver

@@ -1 +1 @@
-202504022212
+202505122213

luci-app-homeproxy/root/etc/homeproxy/resources/gfw_list.txt

@@ -37,6 +37,7 @@
 1dumb.com
 1e100.net
 1eew.com
+1lib.sk
 1mobile.com
 1mobile.tw
 1point3acres.com
@@ -1004,7 +1005,6 @@ chaos.social
 chapm25.com
 character.ai
 chat.lmsys.org
-chat.openai.com
 chatgpt.com
 chatnook.com
 chaturbate.com
@@ -1212,7 +1212,6 @@ cofacts.tw
 coin2co.in
 coinbase.com
 coinbene.com
-coincarp.com
 coinegg.com
 coinex.com
 coingecko.com
@@ -1450,6 +1449,7 @@ discuss4u.com
 dish.com
 disk.yandex.com
 disk.yandex.ru
+disneyplus.com
 disp.cc
 disqus.com
 dit-inc.us
@@ -1484,6 +1484,7 @@ dnssec.net
 dnvod.tv
 doc.new
 docker.com
+docker.io
 docs.new
 doctorvoice.org
 documentingreality.com
@@ -1545,7 +1546,6 @@ dtwang.org
 duanzhihu.com
 dubox.com
 duck.com
-duckdns.org
 duckduckgo-owned-server.yahoo.net
 duckduckgo.com
 duckload.com
@@ -1650,6 +1650,7 @@ empfil.com
 emule-ed2k.com
 emulefans.com
 emuparadise.me
+en.favotter.net
 en.hao123.com
 enanyang.my
 encrypt.me
@@ -1805,7 +1806,6 @@ fan-qiang.com
 fanbox.cc
 fangbinxing.com
 fangeming.com
-fangeming.comffvpn.com
 fangeqiang.com
 fanglizhi.info
 fangmincn.org
@@ -1828,11 +1828,14 @@ faproxy.com
 faqserv.com
 fartit.com
 farwestchina.com
+fast.com
+fast.wistia.com
 fastestvpn.com
 fastpic.ru
 fastssh.com
 faststone.org
 fatbtc.com
+favstar.fm
 fawanghuihui.org
 faydao.com
 faz.net
@@ -1843,10 +1846,14 @@ fbaddins.com
 fbcdn.net
 fbsbx.com
 fbworkmail.com
+fc2.com
+fc2blog.net
+fc2china.com
 fc2cn.com
 fda.gov.tw
 fdc64.de
 fdc64.org
+fdc89.jp
 feedburner.com
 feeder.co
 feeds.fileforum.com
@@ -1862,6 +1869,8 @@ fengzhenghu.com
 fengzhenghu.net
 fevernet.com
 ff.im
+fffff.at
+fflick.com
 ffvpn.com
 fgmtv.net
 fgmtv.org
@@ -2129,7 +2138,6 @@ geekerhome.com
 geekheart.info
 gekikame.com
 gelbooru.com
-gemini.com
 generated.photos
 genius.com
 geocities.co.jp
@@ -2210,6 +2218,7 @@ gmhz.org
 gmll.org
 gmodules.com
 gmozomg.izihost.org
+gmp4.com
 gnci.org.hk
 gnews.org
 go-pki.com
@@ -2489,6 +2498,7 @@ gospelherald.com
 got-game.org
 gotdns.ch
 gotgeeks.com
+gotquestions.org
 gotrusted.com
 gotw.ca
 gov.taipei
@@ -2578,6 +2588,7 @@ hakkatv.org.tw
 halktv.com.tr
 handcraftedsoftware.org
 hanime.tv
+hanime1.me
 hanunyi.com
 hao.news
 happy-vpn.com
@@ -2848,6 +2859,7 @@ hypothes.is
 i-cable.com
 i-part.com.tw
 i-scmp.com
+i.111666.best
 i.lithium.com
 i1.hk
 i2p2.de
@@ -2878,6 +2890,7 @@ id.heroku.com
 idemocracy.asia
 identi.ca
 idiomconnection.com
+idope.se
 idouga.com
 idreamx.com
 idv.tw
@@ -3613,6 +3626,7 @@ mirror.xyz
 mirrorbooks.com
 mirrormedia.mg
 missav.com
+missav.ws
 mist.vip
 mitao.com.tw
 mitbbs.com
@@ -3850,6 +3864,7 @@ newnews.ca
 news.cnyes.com
 news.ebc.net.tw
 news.msn.com.tw
+news.mt.co.kr
 news.nationalgeographic.com
 news.omy.sg
 news.seehua.com
@@ -3904,6 +3919,10 @@ nic.gov
 nicovideo.jp
 nighost.org
 nightswatch.top
+nikke-en.com
+nikke-jp.com
+nikke-kr.com
+nikke.hotcool.tw
 nikkei.com
 ninecommentaries.com
 ninjacloak.com
@@ -3925,6 +3944,7 @@ no-ip.org
 nobel.se
 nobelprize.org
 nobodycanstop.us
+nodeloc.com
 nodeseek.com
 nofile.io
 nokogiri.org
@@ -3936,6 +3956,7 @@ nordstromimage.com
 nordstromrack.com
 nordvpn.com
 nos.nl
+notebooklm.google
 notepad-plus-plus.org
 nottinghampost.com
 novelasia.com
@@ -4084,7 +4105,7 @@ ontrac.com
 oopsforum.com
 open.com.hk
 open.firstory.me
-open.spotify.com
+openai.com
 openallweb.com
 opendemocracy.net
 opendn.xyz
@@ -4269,6 +4290,7 @@ pkqjiasu.com
 pkuanvil.com
 placemix.com
 play-asia.com
+play.google
 playboy.com
 playboyplus.com
 player.fm
@@ -4405,6 +4427,7 @@ pullfolio.com
 punyu.com
 pure18.com
 pureconcepts.net
+puredns.org
 pureinsight.org
 purepdf.com
 purevpn.com
@@ -4438,6 +4461,7 @@ qienkuen.org
 qiwen.lu
 qixianglu.cn
 qkshare.com
+qmp4.com
 qoos.com
 qpoe.com
 qq.co.za
@@ -4597,16 +4621,19 @@ rthk.org.hk
 rthklive2-lh.akamaihd.net
 rti.org.tw
 rti.tw
+rtm.tnt-ea.com
 rtycminnesota.org
 ruanyifeng.com
 rukor.org
 rule34.xxx
+rule34video.com
 rumble.com
 runbtx.com
 rushbee.com
 rusvpn.com
 ruten.com.tw
 rutracker.net
+rutracker.org
 rutube.ru
 ruyiseek.com
 rxhj.net
@@ -4797,6 +4824,7 @@ simplecd.me
 simplecd.org
 simpleproductivityblog.com
 simpleswap.io
+simplex.chat
 sinchew.com.my
 singaporepools.com.sg
 singfortibet.com
@@ -4946,6 +4974,7 @@ spiderpool.com
 spike.com
 sports.williamhill.com
 spotflux.com
+spotify.com
 spreadsheet.new
 spreadshirt.es
 spreaker.com
@@ -5036,6 +5065,7 @@ studentsforafreetibet.org
 stumbleupon.com
 stupidvideos.com
 subacme.rerouted.org
+subhd.tv
 substack.com
 successfn.com
 suche.gmx.net
@@ -5186,6 +5216,7 @@ teeniefuck.net
 teensinasia.com
 tehrantimes.com
 telecomspace.com
+telega.one
 telegra.ph
 telegram-cdn.org
 telegram.dog
@@ -5195,6 +5226,7 @@ telegram.space
 telegramdownload.com
 telegraph.co.uk
 telesco.pe
+tellapart.com
 tellme.pw
 tenacy.com
 tenor.com
@@ -5208,6 +5240,7 @@ tfc-taiwan.org.tw
 tfhub.dev
 tfiflve.com
 tg-me.com
+tg.dev
 th.hao123.com
 thaicn.com
 thb.gov.tw
@@ -5265,6 +5298,7 @@ thlib.org
 thomasbernhard.org
 thongdreams.com
 threadreaderapp.com
+threads.com
 threads.net
 threatchaos.com
 throughnightsfire.com
@@ -5369,6 +5403,7 @@ ticket.com.tw
 tigervpn.com
 tiktok.com
 tiktokcdn-us.com
+tiktokcdn.com
 tiktokv.com
 tiktokv.us
 tiltbrush.com
@@ -5638,6 +5673,7 @@ twtrland.com
 twttr.com
 twurl.nl
 twyac.org
+tx.me
 txxx.com
 tycool.com
 typepad.com
@@ -5803,6 +5839,7 @@ video.aol.ca
 video.aol.co.uk
 video.aol.com
 video.ap.org
+video.fdbox.com
 video.foxbusiness.com
 videobam.com
 videodetective.com
@@ -6381,8 +6418,13 @@ yyii.org
 yyjlymb.xyz
 yysub.net
 yzzk.com
+z-lib.fm
+z-lib.fo
+z-lib.gd
+z-lib.gl
 z-lib.io
 z-lib.org
+z-library.sk
 zacebook.com
 zalmos.com
 zamimg.com
@@ -6445,6 +6487,7 @@ zkaip.com
 zmedia.com.tw
 zmw.cn
 zodgame.us
+zodgame.xyz
 zomobo.net
 zonaeuropa.com
 zonghexinwen.com

luci-app-homeproxy/root/etc/homeproxy/resources/gfw_list.ver

@@ -1 +1 @@
-202504022212
+202505122213

luci-app-homeproxy/root/etc/homeproxy/scripts/generate_client.uc

@@ -327,7 +327,6 @@ function get_outbound(cfg) {
 	} else {
 		switch (cfg) {
 		case 'block-out':
-			return null;
 		case 'direct-out':
 			return cfg;
 		default:
@@ -348,7 +347,6 @@ function get_resolver(cfg) {
 
 	switch (cfg) {
 	case 'block-dns':
-		return null;
 	case 'default-dns':
 	case 'system-dns':
 		return cfg;
@@ -391,6 +389,10 @@ config.dns = {
 			tag: 'system-dns',
 			address: 'local',
 			detour: 'direct-out'
+		},
+		{
+			tag: 'block-dns',
+			address: 'rcode://name_error'
 		}
 	],
 	rules: [],
@@ -605,6 +607,10 @@ config.outbounds = [
 		type: 'direct',
 		tag: 'direct-out',
 		routing_mark: strToInt(self_mark)
+	},
+	{
+		type: 'block',
+		tag: 'block-out'
 	}
 ];
 

luci-app-homeproxy/root/etc/homeproxy/scripts/migrate_config.uc

@@ -53,15 +53,6 @@ if (uci.get(uciconfig, ucimain, 'routing_port') === 'all')
 if (uci.get(uciconfig, 'experimental'))
 	uci.delete(uciconfig, 'experimental');
 
-/* block-dns was removed from built-in dns servers */
-if (uci.get(uciconfig, ucidns, 'default_server') === 'block-dns')
-	uci.set(uciconfig, ucidns, 'default_server', 'default-dns');
-
-/* block-out was removed from built-in outbounds */
-if (uci.get(uciconfig, ucirouting, 'default_outbound') === 'block-out')
-	uci.set(uciconfig, ucirouting, 'default_outbound', 'nil');
-
-
 /* DNS rules options */
 uci.foreach(uciconfig, ucidnsrule, (cfg) => {
 	/* rule_set_ipcidr_match_source was renamed in sb 1.10 */

luci-app-nikki/Makefile

@@ -1,6 +1,6 @@
 include $(TOPDIR)/rules.mk
 
-PKG_VERSION:=1.22.2
+PKG_VERSION:=1.22.3
 
 LUCI_TITLE:=LuCI Support for nikki
 LUCI_DEPENDS:=+luci-base +nikki

luci-app-passwall/Makefile

@@ -6,7 +6,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-passwall
-PKG_VERSION:=25.5.8
+PKG_VERSION:=25.5.16
 PKG_RELEASE:=1
 
 PKG_CONFIG_DEPENDS:= \

luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua

@@ -312,7 +312,10 @@ o.default = "0"
 o:depends({ _tcp_node_bool = "1" })
 
 ---- DNS Forward Mode
-o = s:option(ListValue, "dns_mode", translate("Filter Mode"))
+o = s:option(ListValue, "dns_mode", translate("Filter Mode"),
+			 "<font color='red'>" .. translate(
+				 "If the node uses Xray/Sing-Box shunt, select the matching filter mode (Xray/Sing-Box).") ..
+				 "</font>")
 o:depends({ _tcp_node_bool = "1" })
 if api.is_finded("dns2socks") then
 	o:value("dns2socks", "dns2socks")

luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua

@@ -381,7 +381,10 @@ o = s:taboption("DNS", Flag, "filter_proxy_ipv6", translate("Filter Proxy Host I
 o.default = "0"
 
 ---- DNS Forward Mode
-o = s:taboption("DNS", ListValue, "dns_mode", translate("Filter Mode"))
+o = s:taboption("DNS", ListValue, "dns_mode", translate("Filter Mode"),
+			 "<font color='red'>" .. translate(
+				 "If the node uses Xray/Sing-Box shunt, select the matching filter mode (Xray/Sing-Box).") ..
+				 "</font>")
 o:value("udp", translatef("Requery DNS By %s", "UDP"))
 o:value("tcp", translatef("Requery DNS By %s", "TCP"))
 if chinadns_tls == 0 then
@@ -402,7 +405,10 @@ end
 
 ---- SmartDNS Forward Mode
 if api.is_finded("smartdns") then
-	o = s:taboption("DNS", ListValue, "smartdns_dns_mode", translate("Filter Mode"))
+	o = s:taboption("DNS", ListValue, "smartdns_dns_mode", translate("Filter Mode"),
+				 "<font color='red'>" .. translate(
+					 "If the node uses Xray/Sing-Box shunt, select the matching filter mode (Xray/Sing-Box).") ..
+					 "</font>")
 	o:value("socks", "Socks")
 	if has_singbox then
 		o:value("sing-box", "Sing-Box")
@@ -453,6 +459,21 @@ if api.is_finded("smartdns") then
 		end
 		return DynamicList.write(self, section, t)
 	end
+	function o.validate(self, value) --禁止私有IP
+		if type(value) == "table" then
+			for _, v in ipairs(value) do
+				if v:match("127%.0%.0%.") or
+				   v:match("192%.168%.") or
+				   v:match("10%.") or
+				   v:match("172%.1[6-9]%.") or
+				   v:match("172%.2[0-9]%.") or
+				   v:match("172%.3[0-1]%.") then
+					return nil, translatef("Private IPs are not allowed: %s", v)
+				end
+			end
+		end
+		return value
+	end
 end
 
 o = s:taboption("DNS", ListValue, "xray_dns_mode", translate("Request protocol"))

luci-app-passwall/luasrc/model/cbi/passwall/client/type/sing-box.lua

@@ -329,6 +329,10 @@ o:value("xtls-rprx-vision")
 o:depends({ [_n("protocol")] = "vless", [_n("tls")] = true })
 
 if singbox_tags:find("with_quic") then
+	o = s:option(Value, _n("hysteria_hop"), translate("Port hopping range"))
+	o.description = translate("Format as 1000:2000 or 1000-2000 Multiple groups are separated by commas (,).")
+	o:depends({ [_n("protocol")] = "hysteria" })
+
 	o = s:option(Value, _n("hysteria_obfs"), translate("Obfs Password"))
 	o:depends({ [_n("protocol")] = "hysteria" })
 

luci-app-passwall/luasrc/passwall/util_sing-box.lua

@@ -84,6 +84,7 @@ function gen_outbound(flag, node, tag, proxy_table)
 		local run_socks_instance = true
 		if proxy_table ~= nil and type(proxy_table) == "table" then
 			proxy_tag = proxy_table.tag or nil
+			run_socks_instance = proxy_table.run_socks_instance
 		end
 
 		if node.type ~= "sing-box" then
@@ -350,7 +351,18 @@ function gen_outbound(flag, node, tag, proxy_table)
 		end
 
 		if node.protocol == "hysteria" then
+			local server_ports = {}
+			if node.hysteria_hop then
+				node.hysteria_hop = string.gsub(node.hysteria_hop, "-", ":")
+				for range in node.hysteria_hop:gmatch("([^,]+)") do
+					if range:match("^%d+:%d+$") then
+						table.insert(server_ports, range)
+					end
+				end
+			end
 			protocol_table = {
+				server_ports = next(server_ports) and server_ports or nil,
+				hop_interval = next(server_ports) and "30s" or nil,
 				up_mbps = tonumber(node.hysteria_up_mbps),
 				down_mbps = tonumber(node.hysteria_down_mbps),
 				obfs = node.hysteria_obfs,
@@ -447,6 +459,9 @@ function gen_outbound(flag, node, tag, proxy_table)
 		if node.protocol == "anytls" then
 			protocol_table = {
 				password = (node.password and node.password ~= "") and node.password or "",
+				idle_session_check_interval = "30s",
+				idle_session_timeout = "30s",
+				min_idle_session = 5,
 				tls = tls
 			}
 		end
@@ -1011,7 +1026,7 @@ function gen_config(var)
 				end
 				if is_new_ut_node then
 					local ut_node = uci:get_all(appname, ut_node_id)
-					local outbound = gen_outbound(flag, ut_node, ut_node_tag)
+					local outbound = gen_outbound(flag, ut_node, ut_node_tag, { run_socks_instance = not no_run })
 					if outbound then
 						outbound.tag = outbound.tag .. ":" .. ut_node.remarks
 						table.insert(outbounds, outbound)
@@ -1427,7 +1442,7 @@ function gen_config(var)
 				sys.call(string.format("mkdir -p %s && touch %s/%s", api.TMP_IFACE_PATH, api.TMP_IFACE_PATH, node.iface))
 			end
 		else
-			local outbound = gen_outbound(flag, node)
+			local outbound = gen_outbound(flag, node, nil, { run_socks_instance = not no_run })
 			if outbound then
 				outbound.tag = outbound.tag .. ":" .. node.remarks
 				COMMON.default_outbound_tag, last_insert_outbound = set_outbound_detour(node, outbound, outbounds)

luci-app-passwall/luasrc/passwall/util_xray.lua

@@ -62,6 +62,7 @@ function gen_outbound(flag, node, tag, proxy_table)
 			proxy_tag = proxy_table.tag or nil
 			fragment = proxy_table.fragment or nil
 			noise = proxy_table.noise or nil
+			run_socks_instance = proxy_table.run_socks_instance
 		end
 
 		if node.type ~= "Xray" then
@@ -165,9 +166,9 @@ function gen_outbound(flag, node, tag, proxy_table)
 					spiderX = node.reality_spiderX or "/",
 					fingerprint = (node.type == "Xray" and node.fingerprint and node.fingerprint ~= "") and node.fingerprint or "chrome"
 				} or nil,
-				rawSettings = ((node.transport == "raw" or node.transport == "tcp") and node.protocol ~= "socks") and {
+				rawSettings = ((node.transport == "raw" or node.transport == "tcp") and node.protocol ~= "socks" and (node.tcp_guise and node.tcp_guise ~= "none")) and {
 					header = {
-						type = node.tcp_guise or "none",
+						type = node.tcp_guise,
 						request = (node.tcp_guise == "http") and {
 							path = node.tcp_guise_http_path or {"/"},
 							headers = {
@@ -735,7 +736,7 @@ function gen_config(var)
 				end
 				if is_new_blc_node then
 					local blc_node = uci:get_all(appname, blc_node_id)
-					local outbound = gen_outbound(flag, blc_node, blc_node_tag, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.noise == "1" or nil })
+					local outbound = gen_outbound(flag, blc_node, blc_node_tag, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.noise == "1" or nil, run_socks_instance = not no_run })
 					if outbound then
 						outbound.tag = outbound.tag .. ":" .. blc_node.remarks
 						table.insert(outbounds, outbound)
@@ -761,7 +762,7 @@ function gen_config(var)
 				if is_new_node then
 					local fallback_node = uci:get_all(appname, fallback_node_id)
 					if fallback_node.protocol ~= "_balancing" then
-						local outbound = gen_outbound(flag, fallback_node, fallback_node_id, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.noise == "1" or nil })
+						local outbound = gen_outbound(flag, fallback_node, fallback_node_id, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.noise == "1" or nil, run_socks_instance = not no_run })
 						if outbound then
 							outbound.tag = outbound.tag .. ":" .. fallback_node.remarks
 							table.insert(outbounds, outbound)
@@ -1140,7 +1141,7 @@ function gen_config(var)
 				sys.call(string.format("mkdir -p %s && touch %s/%s", api.TMP_IFACE_PATH, api.TMP_IFACE_PATH, node.iface))
 			end
 		else
-			local outbound = gen_outbound(flag, node, nil, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.fragment == "1" or nil })
+			local outbound = gen_outbound(flag, node, nil, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.fragment == "1" or nil, run_socks_instance = not no_run })
 			if outbound then
 				outbound.tag = outbound.tag .. ":" .. node.remarks
 				COMMON.default_outbound_tag, last_insert_outbound = set_outbound_detour(node, outbound, outbounds)

luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm

@@ -253,10 +253,6 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
 					}
 					if (opt.get(dom_prefix + "reality") && opt.get(dom_prefix + "reality").checked) {
 						v_security = "reality";
-						if (opt.get(dom_prefix + "fingerprint") && opt.get(dom_prefix + "fingerprint").value != "") {
-							let v_fp = opt.get(dom_prefix + "fingerprint").value;
-							params += "&fp=" + v_fp;
-						}
 						params += opt.query("pbk", dom_prefix + "reality_publicKey");
 						params += opt.query("sid", dom_prefix + "reality_shortId");
 						params += opt.query("spx", dom_prefix + "reality_spiderX");
@@ -403,10 +399,6 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
 				}
 				if (opt.get(dom_prefix + "reality") && opt.get(dom_prefix + "reality").checked) {
 					v_security = "reality";
-					if (opt.get(dom_prefix + "fingerprint") && opt.get(dom_prefix + "fingerprint").value != "") {
-						let v_fp = opt.get(dom_prefix + "fingerprint").value;
-						params += "&fp=" + v_fp;
-					}
 					params += opt.query("pbk", dom_prefix + "reality_publicKey");
 					params += opt.query("sid", dom_prefix + "reality_shortId");
 					params += opt.query("spx", dom_prefix + "reality_spiderX");
@@ -473,10 +465,6 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
 				}
 				if (opt.get(dom_prefix + "reality") && opt.get(dom_prefix + "reality").checked) {
 					v_security = "reality";
-					if (opt.get(dom_prefix + "fingerprint") && opt.get(dom_prefix + "fingerprint").value != "") {
-						let v_fp = opt.get(dom_prefix + "fingerprint").value;
-						params += "&fp=" + v_fp;
-					}
 					params += opt.query("pbk", dom_prefix + "reality_publicKey");
 					params += opt.query("sid", dom_prefix + "reality_shortId");
 					params += opt.query("spx", dom_prefix + "reality_spiderX");
@@ -544,6 +532,7 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
 			params += opt.query("sni", dom_prefix + "tls_serverName");
 			params += opt.query("alpn", dom_prefix + "tuic_alpn");
 			params += opt.query("congestion_control", dom_prefix + "tuic_congestion_control");
+			params += opt.query("udp_relay_mode", dom_prefix + "tuic_udp_relay_mode");
 			params += opt.query("allowinsecure", dom_prefix + "tls_allowInsecure");
 
 			params += "#" + encodeURI(v_alias.value);
@@ -568,10 +557,6 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
 				}
 				if (opt.get(dom_prefix + "reality") && opt.get(dom_prefix + "reality").checked) {
 					v_security = "reality";
-					if (opt.get(dom_prefix + "fingerprint") && opt.get(dom_prefix + "fingerprint").value != "") {
-						let v_fp = opt.get(dom_prefix + "fingerprint").value;
-						params += "&fp=" + v_fp;
-					}
 					params += opt.query("pbk", dom_prefix + "reality_publicKey");
 					params += opt.query("sid", dom_prefix + "reality_shortId");
 				}
@@ -1437,6 +1422,7 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
 				}
 			}
 			opt.set(dom_prefix + 'tuic_congestion_control', queryParam.congestion_control || 'cubic');
+			opt.set(dom_prefix + 'tuic_udp_relay_mode', queryParam.udp_relay_mode || 'native');
 			opt.set(dom_prefix + 'tuic_alpn', queryParam.alpn || 'default');
 			opt.set(dom_prefix + 'tls_serverName', queryParam.sni || '');
 			opt.set(dom_prefix + 'tls_allowInsecure', true);

luci-app-passwall/po/zh-cn/passwall.po

@@ -118,9 +118,15 @@ msgstr "国内分组名"
 msgid "You only need to configure domestic DNS packets in SmartDNS and set it redirect or as Dnsmasq upstream, and fill in the domestic DNS group name here."
 msgstr "您只需要在SmartDNS配置好国内DNS分组，并设置重定向或作为Dnsmasq上游，此处填入国内DNS分组名。"
 
+msgid "Private IPs are not allowed: %s"
+msgstr "不允许使用私有 IP 地址：%s"
+
 msgid "Filter Mode"
 msgstr "过滤模式"
 
+msgid "If the node uses Xray/Sing-Box shunt, select the matching filter mode (Xray/Sing-Box)."
+msgstr "当节点使用 Xray/Sing-Box 分流时，过滤模式需对应选择 Xray/Sing-Box 。"
+
 msgid "A/AAAA type"
 msgstr "A/AAAA 类型"
 

luci-app-passwall/root/usr/share/passwall/haproxy.lua

@@ -1,239 +1,239 @@
-#!/usr/bin/lua
+#!/usr/bin/lua
-
+
-local api = require ("luci.passwall.api")
+local api = require ("luci.passwall.api")
-local appname = "passwall"
+local appname = "passwall"
-local fs = api.fs
+local fs = api.fs
-local jsonc = api.jsonc
+local jsonc = api.jsonc
-local uci = api.uci
+local uci = api.uci
-local sys = api.sys
+local sys = api.sys
-
+
-local log = function(...)
+local log = function(...)
-	api.log(...)
+	api.log(...)
-end
+end
-
+
-function get_ip_port_from(str)
+function get_ip_port_from(str)
-	local result_port = sys.exec("echo -n " .. str .. " | sed -n 's/^.*[:#]\\([0-9]*\\)$/\\1/p'")
+	local result_port = sys.exec("echo -n " .. str .. " | sed -n 's/^.*[:#]\\([0-9]*\\)$/\\1/p'")
-	local result_ip = sys.exec(string.format("__host=%s;__varport=%s;", str, result_port) .. "echo -n ${__host%%${__varport:+[:#]${__varport}*}}")
+	local result_ip = sys.exec(string.format("__host=%s;__varport=%s;", str, result_port) .. "echo -n ${__host%%${__varport:+[:#]${__varport}*}}")
-	return result_ip, result_port
+	return result_ip, result_port
-end
+end
-
+
-local new_port
+local new_port
-local function get_new_port()
+local function get_new_port()
-	if new_port then
+	if new_port then
-		new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port %s tcp)", appname, new_port + 1)))
+		new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port %s tcp)", appname, new_port + 1)))
-	else
+	else
-		new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port auto tcp)", appname)))
+		new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port auto tcp)", appname)))
-	end
+	end
-	return new_port
+	return new_port
-end
+end
-
+
-local var = api.get_args(arg)
+local var = api.get_args(arg)
-local haproxy_path = var["-path"]
+local haproxy_path = var["-path"]
-local haproxy_conf = var["-conf"]
+local haproxy_conf = var["-conf"]
-local haproxy_dns = var["-dns"] or "119.29.29.29:53,223.5.5.5:53"
+local haproxy_dns = var["-dns"] or "119.29.29.29:53,223.5.5.5:53"
-
+
-local cpu_thread = sys.exec('echo -n $(cat /proc/cpuinfo | grep "processor" | wc -l)') or "1"
+local cpu_thread = sys.exec('echo -n $(cat /proc/cpuinfo | grep "processor" | wc -l)') or "1"
-local health_check_type = uci:get(appname, "@global_haproxy[0]", "health_check_type") or "tcp"
+local health_check_type = uci:get(appname, "@global_haproxy[0]", "health_check_type") or "tcp"
-local health_check_inter = uci:get(appname, "@global_haproxy[0]", "health_check_inter") or "10"
+local health_check_inter = uci:get(appname, "@global_haproxy[0]", "health_check_inter") or "10"
-local console_port = uci:get(appname, "@global_haproxy[0]", "console_port")
+local console_port = uci:get(appname, "@global_haproxy[0]", "console_port")
-local bind_local = uci:get(appname, "@global_haproxy[0]", "bind_local") or "0"
+local bind_local = uci:get(appname, "@global_haproxy[0]", "bind_local") or "0"
-local bind_address = "0.0.0.0"
+local bind_address = "0.0.0.0"
-if bind_local == "1" then bind_address = "127.0.0.1" end
+if bind_local == "1" then bind_address = "127.0.0.1" end
-
+
-log("HAPROXY 负载均衡：")
+log("HAPROXY 负载均衡：")
-log(string.format("  * 控制台端口：%s", console_port))
+log(string.format("  * 控制台端口：%s", console_port))
-fs.mkdir(haproxy_path)
+fs.mkdir(haproxy_path)
-local haproxy_file = haproxy_path .. "/" .. haproxy_conf
+local haproxy_file = haproxy_path .. "/" .. haproxy_conf
-
+
-local f_out = io.open(haproxy_file, "a")
+local f_out = io.open(haproxy_file, "a")
-
+
-local haproxy_config = [[
+local haproxy_config = [[
-global
+global
-	daemon
+	daemon
-	log         127.0.0.1 local2
+	log         127.0.0.1 local2
-	maxconn     60000
+	maxconn     60000
-	stats socket  {{path}}/haproxy.sock
+	stats socket  {{path}}/haproxy.sock
-	nbthread {{nbthread}}
+	nbthread {{nbthread}}
-	external-check
+	external-check
-	insecure-fork-wanted
+	insecure-fork-wanted
-
+
-defaults
+defaults
-	mode                    tcp
+	mode                    tcp
-	log                     global
+	log                     global
-	option                  tcplog
+	option                  tcplog
-	option                  dontlognull
+	option                  dontlognull
-	option http-server-close
+	option http-server-close
-	#option forwardfor       except 127.0.0.0/8
+	#option forwardfor       except 127.0.0.0/8
-	option                  redispatch
+	option                  redispatch
-	retries                 2
+	retries                 2
-	timeout http-request    10s
+	timeout http-request    10s
-	timeout queue           1m
+	timeout queue           1m
-	timeout connect         10s
+	timeout connect         10s
-	timeout client          1m
+	timeout client          1m
-	timeout server          1m
+	timeout server          1m
-	timeout http-keep-alive 10s
+	timeout http-keep-alive 10s
-	timeout check           10s
+	timeout check           10s
-	maxconn                 3000
+	maxconn                 3000
-	
+	
-resolvers mydns
+resolvers mydns
-	resolve_retries       1
+	resolve_retries       1
-	timeout resolve       5s
+	timeout resolve       5s
-	hold valid           600s
+	hold valid           600s
-{{dns}}
+{{dns}}
-]]
+]]
-
+
-haproxy_config = haproxy_config:gsub("{{path}}",  haproxy_path)
+haproxy_config = haproxy_config:gsub("{{path}}",  haproxy_path)
-haproxy_config = haproxy_config:gsub("{{nbthread}}",  cpu_thread)
+haproxy_config = haproxy_config:gsub("{{nbthread}}",  cpu_thread)
-
+
-local mydns = ""
+local mydns = ""
-local index = 0
+local index = 0
-string.gsub(haproxy_dns, '[^' .. "," .. ']+', function(w)
+string.gsub(haproxy_dns, '[^' .. "," .. ']+', function(w)
-	index = index + 1
+	index = index + 1
-	local s = w:gsub("#", ":")
+	local s = w:gsub("#", ":")
-	if not s:find(":") then
+	if not s:find(":") then
-		s = s .. ":53"
+		s = s .. ":53"
-	end
+	end
-	mydns = mydns .. (index > 1 and "\n" or "") .. "	" .. string.format("nameserver dns%s %s", index, s)
+	mydns = mydns .. (index > 1 and "\n" or "") .. "	" .. string.format("nameserver dns%s %s", index, s)
-end)
+end)
-haproxy_config = haproxy_config:gsub("{{dns}}",  mydns)
+haproxy_config = haproxy_config:gsub("{{dns}}",  mydns)
-
+
-f_out:write(haproxy_config)
+f_out:write(haproxy_config)
-
+
-local listens = {}
+local listens = {}
-
+
-uci:foreach(appname, "haproxy_config", function(t)
+uci:foreach(appname, "haproxy_config", function(t)
-	if t.enabled == "1" then
+	if t.enabled == "1" then
-		local server_remark
+		local server_remark
-		local server_address
+		local server_address
-		local server_port
+		local server_port
-		local lbss = t.lbss
+		local lbss = t.lbss
-		local listen_port = tonumber(t.haproxy_port) or 0
+		local listen_port = tonumber(t.haproxy_port) or 0
-		local server_node = uci:get_all(appname, lbss)
+		local server_node = uci:get_all(appname, lbss)
-		if server_node and server_node.address and server_node.port then
+		if server_node and server_node.address and server_node.port then
-			server_remark = server_node.address .. ":" .. server_node.port
+			server_remark = server_node.address .. ":" .. server_node.port
-			server_address = server_node.address
+			server_address = server_node.address
-			server_port = server_node.port
+			server_port = server_node.port
-			t.origin_address = server_address
+			t.origin_address = server_address
-			t.origin_port = server_port
+			t.origin_port = server_port
-			if health_check_type == "passwall_logic" then
+			if health_check_type == "passwall_logic" then
-				if server_node.type ~= "Socks" then
+				if server_node.type ~= "Socks" then
-					local relay_port = server_node.port
+					local relay_port = server_node.port
-					new_port = get_new_port()
+					new_port = get_new_port()
-					local config_file = string.format("haproxy_%s_%s.json", t[".name"], new_port)
+					local config_file = string.format("haproxy_%s_%s.json", t[".name"], new_port)
-					sys.call(string.format('/usr/share/%s/app.sh run_socks "%s"> /dev/null',
+					sys.call(string.format('/usr/share/%s/app.sh run_socks "%s"> /dev/null',
-						appname,
+						appname,
-						string.format("flag=%s node=%s bind=%s socks_port=%s config_file=%s",
+						string.format("flag=%s node=%s bind=%s socks_port=%s config_file=%s",
-							new_port, --flag
+							new_port, --flag
-							server_node[".name"], --node
+							server_node[".name"], --node
-							"127.0.0.1", --bind
+							"127.0.0.1", --bind
-							new_port, --socks port
+							new_port, --socks port
-							config_file --config file
+							config_file --config file
-							)
+							)
-						)
+						)
-					)
+					)
-					server_address = "127.0.0.1"
+					server_address = "127.0.0.1"
-					server_port = new_port
+					server_port = new_port
-				end
+				end
-			end
+			end
-		else
+		else
-			server_address, server_port = get_ip_port_from(lbss)
+			server_address, server_port = get_ip_port_from(lbss)
-			server_remark = server_address .. ":" .. server_port
+			server_remark = server_address .. ":" .. server_port
-			t.origin_address = server_address
+			t.origin_address = server_address
-			t.origin_port = server_port
+			t.origin_port = server_port
-		end
+		end
-		if server_address and server_port and listen_port > 0 then
+		if server_address and server_port and listen_port > 0 then
-			if not listens[listen_port] then
+			if not listens[listen_port] then
-				listens[listen_port] = {}
+				listens[listen_port] = {}
-			end
+			end
-			t.server_remark = server_remark
+			t.server_remark = server_remark
-			t.server_address = server_address
+			t.server_address = server_address
-			t.server_port = server_port
+			t.server_port = server_port
-			table.insert(listens[listen_port], t)
+			table.insert(listens[listen_port], t)
-		else
+		else
-			log("  - 丢弃1个明显无效的节点")
+			log("  - 丢弃1个明显无效的节点")
-		end
+		end
-	end
+	end
-end)
+end)
-
+
-local sortTable = {}
+local sortTable = {}
-for i in pairs(listens) do
+for i in pairs(listens) do
-	if i ~= nil then
+	if i ~= nil then
-		table.insert(sortTable, i)
+		table.insert(sortTable, i)
-	end
+	end
-end
+end
-table.sort(sortTable, function(a,b) return (a < b) end)
+table.sort(sortTable, function(a,b) return (a < b) end)
-
+
-for i, port in pairs(sortTable) do
+for i, port in pairs(sortTable) do
-	log("  +  入口 %s:%s" % {bind_address, port})
+	log("  +  入口 %s:%s" % {bind_address, port})
-
+
-	f_out:write("\n" .. string.format([[
+	f_out:write("\n" .. string.format([[
-listen %s
+listen %s
-	bind %s:%s
+	bind %s:%s
-	mode tcp
+	mode tcp
-	balance roundrobin
+	balance roundrobin
-]], port, bind_address, port))
+]], port, bind_address, port))
-
+
-	if health_check_type == "passwall_logic" then
+	if health_check_type == "passwall_logic" then
-		f_out:write(string.format([[
+		f_out:write(string.format([[
-	option external-check
+	option external-check
-	external-check command "/usr/share/passwall/haproxy_check.sh"
+	external-check command "/usr/share/passwall/haproxy_check.sh"
-]], port, port))
+]], port, port))
-	end
+	end
-
+
-	local count_M, count_B = 1, 1
+	local count_M, count_B = 1, 1
-	for i, o in ipairs(listens[port]) do
+	for i, o in ipairs(listens[port]) do
-		local remark = o.server_remark or ""
+		local remark = o.server_remark or ""
-		-- 防止重名导致无法运行
+		-- 防止重名导致无法运行
-		if tostring(o.backup) ~= "1" then
+		if tostring(o.backup) ~= "1" then
-			remark = "M" .. count_M .. "-" .. remark
+			remark = "M" .. count_M .. "-" .. remark
-			count_M = count_M + 1
+			count_M = count_M + 1
-		else
+		else
-			remark = "B" .. count_B .. "-" .. remark
+			remark = "B" .. count_B .. "-" .. remark
-			count_B = count_B + 1
+			count_B = count_B + 1
-		end
+		end
-		local server = o.server_address .. ":" .. o.server_port
+		local server = o.server_address .. ":" .. o.server_port
-		local server_conf = "server {{remark}} {{server}} weight {{weight}} {{resolvers}} check inter {{inter}} rise 1 fall 3 {{backup}}"
+		local server_conf = "server {{remark}} {{server}} weight {{weight}} {{resolvers}} check inter {{inter}} rise 1 fall 3 {{backup}}"
-		server_conf = server_conf:gsub("{{remark}}", remark)
+		server_conf = server_conf:gsub("{{remark}}", remark)
-		server_conf = server_conf:gsub("{{server}}", server)
+		server_conf = server_conf:gsub("{{server}}", server)
-		server_conf = server_conf:gsub("{{weight}}", o.lbweight)
+		server_conf = server_conf:gsub("{{weight}}", o.lbweight)
-		local resolvers = "resolvers mydns"
+		local resolvers = "resolvers mydns"
-		if api.is_ip(o.server_address) then
+		if api.is_ip(o.server_address) then
-			resolvers = ""
+			resolvers = ""
-		end
+		end
-		server_conf = server_conf:gsub("{{resolvers}}", resolvers)
+		server_conf = server_conf:gsub("{{resolvers}}", resolvers)
-		server_conf = server_conf:gsub("{{inter}}", tonumber(health_check_inter) .. "s")
+		server_conf = server_conf:gsub("{{inter}}", tonumber(health_check_inter) .. "s")
-		server_conf = server_conf:gsub("{{backup}}", tostring(o.backup) == "1" and "backup" or "")
+		server_conf = server_conf:gsub("{{backup}}", tostring(o.backup) == "1" and "backup" or "")
-
+
-		f_out:write("	" .. server_conf .. "\n")
+		f_out:write("	" .. server_conf .. "\n")
-
+
-		if o.export ~= "0" then
+		if o.export ~= "0" then
-			sys.call(string.format("/usr/share/passwall/app.sh add_ip2route %s %s", o.origin_address, o.export))
+			sys.call(string.format("/usr/share/passwall/app.sh add_ip2route %s %s", o.origin_address, o.export))
-		end
+		end
-
+
-		log(string.format("  | - 出口节点：%s:%s，权重：%s", o.origin_address, o.origin_port, o.lbweight))
+		log(string.format("  | - 出口节点：%s:%s，权重：%s", o.origin_address, o.origin_port, o.lbweight))
-	end
+	end
-end
+end
-
+
---控制台配置
+--控制台配置
-local console_user = uci:get(appname, "@global_haproxy[0]", "console_user")
+local console_user = uci:get(appname, "@global_haproxy[0]", "console_user")
-local console_password = uci:get(appname, "@global_haproxy[0]", "console_password")
+local console_password = uci:get(appname, "@global_haproxy[0]", "console_password")
-local str = [[
+local str = [[
-listen console
+listen console
-	bind 0.0.0.0:%s
+	bind 0.0.0.0:%s
-	mode http
+	mode http
-	stats refresh 30s
+	stats refresh 30s
-	stats uri /
+	stats uri /
-	stats admin if TRUE
+	stats admin if TRUE
-	%s
+	%s
-]]
+]]
-f_out:write("\n" .. string.format(str, console_port, (console_user and console_user ~= "" and console_password and console_password ~= "") and "stats auth " .. console_user .. ":" .. console_password or ""))
+f_out:write("\n" .. string.format(str, console_port, (console_user and console_user ~= "" and console_password and console_password ~= "") and "stats auth " .. console_user .. ":" .. console_password or ""))
-
+
-f_out:close()
+f_out:close()
-
+
---passwall内置健康检查URL
+--passwall内置健康检查URL
-if health_check_type == "passwall_logic" then
+if health_check_type == "passwall_logic" then
-	local probeUrl = uci:get(appname, "@global_haproxy[0]", "health_probe_url") or "https://www.google.com/generate_204"
+	local probeUrl = uci:get(appname, "@global_haproxy[0]", "health_probe_url") or "https://www.google.com/generate_204"
-	local f_url = io.open(haproxy_path .. "/Probe_URL", "w")
+	local f_url = io.open(haproxy_path .. "/Probe_URL", "w")
-	f_url:write(probeUrl)
+	f_url:write(probeUrl)
-	f_url:close()
+	f_url:close()
-end
+end

luci-app-passwall/root/usr/share/passwall/haproxy_check.sh

@@ -1,5 +1,7 @@
 #!/bin/sh
 
+export PATH=/usr/sbin:/usr/bin:/sbin:/bin:/root/bin
+
 listen_address=$1
 listen_port=$2
 server_address=$3
@@ -17,7 +19,7 @@ if /usr/bin/curl --help all | grep -q "\-\-retry-all-errors"; then
 	extra_params="${extra_params} --retry-all-errors"
 fi
 
-status=$(/usr/bin/curl -I -o /dev/null -skL ${extra_params} --connect-timeout 3 --retry 1 -w "%{http_code}" "${probeUrl}")
+status=$(/usr/bin/curl -I -o /dev/null -skL ${extra_params} --connect-timeout 3 --retry 1 --max-time 10 -w "%{http_code}" "${probeUrl}")
 
 case "$status" in
 	200|204)

luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua

@@ -168,6 +168,23 @@ config_lines = {
 	DNS_MODE == "socks" and string.format("proxy-server socks5://%s -name %s", REMOTE_PROXY_SERVER, proxy_server_name) or nil
 }
 if DNS_MODE == "socks" then
+	local found_private = false
+	for dns in string.gmatch(REMOTE_DNS, "([^|]+)") do
+		-- 判断是否为私有地址
+		if dns:match("127%.0%.0%.") or
+		   dns:match("192%.168%.") or
+		   dns:match("10%.") or
+		   dns:match("172%.1[6-9]%.") or
+		   dns:match("172%.2[0-9]%.") or
+		   dns:match("172%.3[0-1]%.") then
+			found_private = true
+			break
+		end
+	end
+	if found_private then
+		REMOTE_DNS = "tcp://1.1.1.1"
+		log("  * 错误！SmartDNS 远程 DNS 不允许使用私有地址，将默认使用：tcp://1.1.1.1")
+	end
 	string.gsub(REMOTE_DNS, '[^' .. "|" .. ']+', function(w)
 		local server_dns = w
 		local server_param = string.format("server %s -group %s -proxy %s", "%s", REMOTE_GROUP, proxy_server_name)

luci-app-passwall/root/usr/share/passwall/lease2hosts.sh

@@ -30,15 +30,21 @@ reload_dnsmasq_pids() {
 
 while true; do
 
-	if [ -s "$LEASE_FILE" ]; then
+	if [ -f "$LEASE_FILE" ]; then
-		awk 'NF >= 4 {print $3" "$4}' "$LEASE_FILE" | sort > "$TMP_FILE"
+		awk 'NF >= 4 && $4 != "*" {print $3" "$4}' "$LEASE_FILE" | sort > "$TMP_FILE"
-		if [ -f "$TMP_FILE" ]; then
+		if [ -s "$TMP_FILE" ]; then
-			if [ ! -f "$HOSTS_FILE" ] || [ "$(md5sum "$TMP_FILE" | awk '{print $1}')" != "$(md5sum "$HOSTS_FILE" | awk '{print $1}')" ]; then
+			if [ ! -f "$HOSTS_FILE" ] || ! cmp -s "$TMP_FILE" "$HOSTS_FILE"; then
 				mv "$TMP_FILE" "$HOSTS_FILE"
 				reload_dnsmasq_pids
 			else
-				rm -rf "$TMP_FILE"
+				rm -f "$TMP_FILE"
 			fi
+		else
+			if [ -s "$HOSTS_FILE" ]; then
+				: > "$HOSTS_FILE"
+				reload_dnsmasq_pids
+			fi
+			rm -f "$TMP_FILE"
 		fi
 	fi
 

luci-app-passwall/root/usr/share/passwall/subscribe.lua

@@ -1216,6 +1216,7 @@ local function processData(szType, content, add_mode, add_from)
 		result.hysteria_alpn = params.alpn
 		result.hysteria_up_mbps = params.upmbps
 		result.hysteria_down_mbps = params.downmbps
+		result.hysteria_hop = params.mport
 
 		if has_singbox then
 			result.type = 'sing-box'
@@ -1322,6 +1323,7 @@ local function processData(szType, content, add_mode, add_from)
 		result.tls_serverName = params.sni
 		result.tuic_alpn = params.alpn or "default"
 		result.tuic_congestion_control = params.congestion_control or "cubic"
+		result.tuic_udp_relay_mode = params.udp_relay_mode or "native"
 		params.allowinsecure = params.allowinsecure or params.insecure
 		if params.allowinsecure then
 			if params.allowinsecure == "1" or params.allowinsecure == "0" then

luci-app-passwall/root/usr/share/passwall/test.sh

@@ -95,40 +95,11 @@ url_test_node() {
 		[ "${chn_list}" = "proxy" ] && probeUrl="www.baidu.com"
 		result=$(${_curl} --max-time 5 -o /dev/null -I -skL -x ${curlx} ${curl_arg}${probeUrl})
 		pgrep -af "url_test_${node_id}" | awk '! /test\.sh/{print $1}' | xargs kill -9 >/dev/null 2>&1
-		rm -rf "/tmp/etc/${CONFIG}/url_test_${node_id}"*.json
+		rm -rf /tmp/etc/${CONFIG}/*url_test_${node_id}*.json
 	}
 	echo $result
 }
 
-test_node() {
-	local node_id=$1
-	local _type=$(echo $(config_n_get ${node_id} type) | tr 'A-Z' 'a-z')
-	[ -n "${_type}" ] && {
-		if [ "${_type}" == "socks" ]; then
-			local _address=$(config_n_get ${node_id} address)
-			local _port=$(config_n_get ${node_id} port)
-			[ -n "${_address}" ] && [ -n "${_port}" ] && {
-				local curlx="socks5h://${_address}:${_port}"
-				local _username=$(config_n_get ${node_id} username)
-				local _password=$(config_n_get ${node_id} password)
-				[ -n "${_username}" ] && [ -n "${_password}" ] && curlx="socks5h://${_username}:${_password}@${_address}:${_port}"
-			}
-		else
-			local _tmp_port=$(/usr/share/${CONFIG}/app.sh get_new_port 61080 tcp)
-			/usr/share/${CONFIG}/app.sh run_socks flag="test_node_${node_id}" node=${node_id} bind=127.0.0.1 socks_port=${_tmp_port} config_file=test_node_${node_id}.json
-			local curlx="socks5h://127.0.0.1:${_tmp_port}"
-		fi
-		sleep 1s
-		_proxy_status=$(test_url "https://www.google.com/generate_204" ${retry_num} ${connect_timeout} "-x $curlx")
-		pgrep -af "test_node_${node_id}" | awk '! /test\.sh/{print $1}' | xargs kill -9 >/dev/null 2>&1
-		rm -rf "/tmp/etc/${CONFIG}/test_node_${node_id}.json"
-		if [ "${_proxy_status}" -eq 200 ]; then
-			return 0
-		fi
-	}
-	return 1
-}
-
 arg1=$1
 shift
 case $arg1 in

luci-app-passwall2/Makefile

@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-passwall2
-PKG_VERSION:=25.5.7
+PKG_VERSION:=25.5.15
 PKG_RELEASE:=1
 
 PKG_CONFIG_DEPENDS:= \

luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/sing-box.lua

@@ -335,6 +335,10 @@ o:value("xtls-rprx-vision")
 o:depends({ [_n("protocol")] = "vless", [_n("tls")] = true })
 
 if singbox_tags:find("with_quic") then
+	o = s:option(Value, _n("hysteria_hop"), translate("Port hopping range"))
+	o.description = translate("Format as 1000:2000 or 1000-2000 Multiple groups are separated by commas (,).")
+	o:depends({ [_n("protocol")] = "hysteria" })
+
 	o = s:option(Value, _n("hysteria_obfs"), translate("Obfs Password"))
 	o:depends({ [_n("protocol")] = "hysteria" })
 

luci-app-passwall2/luasrc/passwall2/util_sing-box.lua

@@ -292,7 +292,18 @@ function gen_outbound(flag, node, tag, proxy_table)
 		end
 
 		if node.protocol == "hysteria" then
+			local server_ports = {}
+			if node.hysteria_hop then
+				node.hysteria_hop = string.gsub(node.hysteria_hop, "-", ":")
+				for range in node.hysteria_hop:gmatch("([^,]+)") do
+					if range:match("^%d+:%d+$") then
+						table.insert(server_ports, range)
+					end
+				end
+			end
 			protocol_table = {
+				server_ports = next(server_ports) and server_ports or nil,
+				hop_interval = next(server_ports) and "30s" or nil,
 				up_mbps = tonumber(node.hysteria_up_mbps),
 				down_mbps = tonumber(node.hysteria_down_mbps),
 				obfs = node.hysteria_obfs,

luci-app-passwall2/luasrc/passwall2/util_xray.lua

@@ -163,9 +163,9 @@ function gen_outbound(flag, node, tag, proxy_table)
 					spiderX = node.reality_spiderX or "/",
 					fingerprint = (node.type == "Xray" and node.fingerprint and node.fingerprint ~= "") and node.fingerprint or "chrome"
 				} or nil,
-				rawSettings = ((node.transport == "raw" or node.transport == "tcp") and node.protocol ~= "socks") and {
+				rawSettings = ((node.transport == "raw" or node.transport == "tcp") and node.protocol ~= "socks" and (node.tcp_guise and node.tcp_guise ~= "none")) and {
 					header = {
-						type = node.tcp_guise or "none",
+						type = node.tcp_guise,
 						request = (node.tcp_guise == "http") and {
 							path = node.tcp_guise_http_path or {"/"},
 							headers = {
@@ -729,7 +729,7 @@ function gen_config(var)
 			end
 			if is_new_blc_node then
 				local blc_node = uci:get_all(appname, blc_node_id)
-				local outbound = gen_outbound(flag, blc_node, blc_node_tag, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.noise == "1" or nil })
+				local outbound = gen_outbound(flag, blc_node, blc_node_tag, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.noise == "1" or nil, run_socks_instance = not no_run })
 				if outbound then
 					outbound.tag = outbound.tag .. ":" .. blc_node.remarks
 					table.insert(outbounds, outbound)
@@ -755,7 +755,7 @@ function gen_config(var)
 			if is_new_node then
 				local fallback_node = uci:get_all(appname, fallback_node_id)
 				if fallback_node.protocol ~= "_balancing" then
-					local outbound = gen_outbound(flag, fallback_node, fallback_node_id, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.noise == "1" or nil })
+					local outbound = gen_outbound(flag, fallback_node, fallback_node_id, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.noise == "1" or nil, run_socks_instance = not no_run })
 					if outbound then
 						outbound.tag = outbound.tag .. ":" .. fallback_node.remarks
 						table.insert(outbounds, outbound)
@@ -1146,7 +1146,7 @@ function gen_config(var)
 				sys.call(string.format("mkdir -p %s && touch %s/%s", api.TMP_IFACE_PATH, api.TMP_IFACE_PATH, node.iface))
 			end
 		else
-			local outbound = gen_outbound(flag, node, nil, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.fragment == "1" or nil })
+			local outbound = gen_outbound(flag, node, nil, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.fragment == "1" or nil, run_socks_instance = not no_run })
 			if outbound then
 				outbound.tag = outbound.tag .. ":" .. node.remarks
 				COMMON.default_outbound_tag, last_insert_outbound = set_outbound_detour(node, outbound, outbounds)

luci-app-passwall2/luasrc/view/passwall2/node_list/link_share_man.htm

@@ -536,6 +536,7 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
 			params += opt.query("sni", dom_prefix + "tls_serverName");
 			params += opt.query("alpn", dom_prefix + "tuic_alpn");
 			params += opt.query("congestion_control", dom_prefix + "tuic_congestion_control");
+			params += opt.query("udp_relay_mode", dom_prefix + "tuic_udp_relay_mode");
 			params += opt.query("allowinsecure", dom_prefix + "tls_allowInsecure");
 
 			params += "#" + encodeURI(v_alias.value);
@@ -1428,6 +1429,7 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
 				}
 			}
 			opt.set(dom_prefix + 'tuic_congestion_control', queryParam.congestion_control || 'cubic');
+			opt.set(dom_prefix + 'tuic_udp_relay_mode', queryParam.udp_relay_mode || 'native');
 			opt.set(dom_prefix + 'tuic_alpn', queryParam.alpn || 'default');
 			opt.set(dom_prefix + 'tls_serverName', queryParam.sni || '');
 			opt.set(dom_prefix + 'tls_allowInsecure', true);

luci-app-passwall2/root/usr/share/passwall2/haproxy.lua

@@ -1,230 +1,239 @@
-#!/usr/bin/lua
+#!/usr/bin/lua
-
+
-local api = require ("luci.passwall2.api")
+local api = require ("luci.passwall2.api")
-local appname = api.appname
+local appname = "passwall2"
-local fs = api.fs
+local fs = api.fs
-local jsonc = api.jsonc
+local jsonc = api.jsonc
-local uci = api.uci
+local uci = api.uci
-local sys = api.sys
+local sys = api.sys
-
+
-local log = function(...)
+local log = function(...)
-	api.log(...)
+	api.log(...)
-end
+end
-
+
-function get_ip_port_from(str)
+function get_ip_port_from(str)
-	local result_port = sys.exec("echo -n " .. str .. " | sed -n 's/^.*[:#]\\([0-9]*\\)$/\\1/p'")
+	local result_port = sys.exec("echo -n " .. str .. " | sed -n 's/^.*[:#]\\([0-9]*\\)$/\\1/p'")
-	local result_ip = sys.exec(string.format("__host=%s;__varport=%s;", str, result_port) .. "echo -n ${__host%%${__varport:+[:#]${__varport}*}}")
+	local result_ip = sys.exec(string.format("__host=%s;__varport=%s;", str, result_port) .. "echo -n ${__host%%${__varport:+[:#]${__varport}*}}")
-	return result_ip, result_port
+	return result_ip, result_port
-end
+end
-
+
-local new_port
+local new_port
-local function get_new_port()
+local function get_new_port()
-	if new_port then
+	if new_port then
-		new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port %s tcp)", appname, new_port + 1)))
+		new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port %s tcp)", appname, new_port + 1)))
-	else
+	else
-		new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port auto tcp)", appname)))
+		new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port auto tcp)", appname)))
-	end
+	end
-	return new_port
+	return new_port
-end
+end
-
+
-local var = api.get_args(arg)
+local var = api.get_args(arg)
-local haproxy_path = var["-path"]
+local haproxy_path = var["-path"]
-local haproxy_conf = var["-conf"]
+local haproxy_conf = var["-conf"]
-local haproxy_dns = var["-dns"] or "119.29.29.29:53,223.5.5.5:53"
+local haproxy_dns = var["-dns"] or "119.29.29.29:53,223.5.5.5:53"
-
+
-local cpu_thread = sys.exec('echo -n $(cat /proc/cpuinfo | grep "processor" | wc -l)') or "1"
+local cpu_thread = sys.exec('echo -n $(cat /proc/cpuinfo | grep "processor" | wc -l)') or "1"
-local health_check_type = uci:get(appname, "@global_haproxy[0]", "health_check_type") or "tcp"
+local health_check_type = uci:get(appname, "@global_haproxy[0]", "health_check_type") or "tcp"
-local health_check_inter = uci:get(appname, "@global_haproxy[0]", "health_check_inter") or "10"
+local health_check_inter = uci:get(appname, "@global_haproxy[0]", "health_check_inter") or "10"
-local bind_local = uci:get(appname, "@global_haproxy[0]", "bind_local") or "0"
+local console_port = uci:get(appname, "@global_haproxy[0]", "console_port")
-local bind_address = "0.0.0.0"
+local bind_local = uci:get(appname, "@global_haproxy[0]", "bind_local") or "0"
-if bind_local == "1" then bind_address = "127.0.0.1" end
+local bind_address = "0.0.0.0"
-
+if bind_local == "1" then bind_address = "127.0.0.1" end
-log("HAPROXY 负载均衡...")
+
-fs.mkdir(haproxy_path)
+log("HAPROXY 负载均衡：")
-local haproxy_file = haproxy_path .. "/" .. haproxy_conf
+log(string.format("  * 控制台端口：%s", console_port))
-
+fs.mkdir(haproxy_path)
-local f_out = io.open(haproxy_file, "a")
+local haproxy_file = haproxy_path .. "/" .. haproxy_conf
-
+
-local haproxy_config = [[
+local f_out = io.open(haproxy_file, "a")
-global
+
-	daemon
+local haproxy_config = [[
-	log         127.0.0.1 local2
+global
-	maxconn     60000
+	daemon
-	stats socket  {{path}}/haproxy.sock
+	log         127.0.0.1 local2
-	nbthread {{nbthread}}
+	maxconn     60000
-	external-check
+	stats socket  {{path}}/haproxy.sock
-	insecure-fork-wanted
+	nbthread {{nbthread}}
-
+	external-check
-defaults
+	insecure-fork-wanted
-	mode                    tcp
+
-	log                     global
+defaults
-	option                  tcplog
+	mode                    tcp
-	option                  dontlognull
+	log                     global
-	option http-server-close
+	option                  tcplog
-	#option forwardfor       except 127.0.0.0/8
+	option                  dontlognull
-	option                  redispatch
+	option http-server-close
-	retries                 2
+	#option forwardfor       except 127.0.0.0/8
-	timeout http-request    10s
+	option                  redispatch
-	timeout queue           1m
+	retries                 2
-	timeout connect         10s
+	timeout http-request    10s
-	timeout client          1m
+	timeout queue           1m
-	timeout server          1m
+	timeout connect         10s
-	timeout http-keep-alive 10s
+	timeout client          1m
-	timeout check           10s
+	timeout server          1m
-	maxconn                 3000
+	timeout http-keep-alive 10s
-	
+	timeout check           10s
-resolvers mydns
+	maxconn                 3000
-	resolve_retries       1
+	
-	timeout resolve       5s
+resolvers mydns
-	hold valid           600s
+	resolve_retries       1
-{{dns}}
+	timeout resolve       5s
-]]
+	hold valid           600s
-
+{{dns}}
-haproxy_config = haproxy_config:gsub("{{path}}",  haproxy_path)
+]]
-haproxy_config = haproxy_config:gsub("{{nbthread}}",  cpu_thread)
+
-
+haproxy_config = haproxy_config:gsub("{{path}}",  haproxy_path)
-local mydns = ""
+haproxy_config = haproxy_config:gsub("{{nbthread}}",  cpu_thread)
-local index = 0
+
-string.gsub(haproxy_dns, '[^' .. "," .. ']+', function(w)
+local mydns = ""
-	index = index + 1
+local index = 0
-	local s = w:gsub("#", ":")
+string.gsub(haproxy_dns, '[^' .. "," .. ']+', function(w)
-	if not s:find(":") then
+	index = index + 1
-		s = s .. ":53"
+	local s = w:gsub("#", ":")
-	end
+	if not s:find(":") then
-	mydns = mydns .. (index > 1 and "\n" or "") .. "    " .. string.format("nameserver dns%s %s", index, s)
+		s = s .. ":53"
-end)
+	end
-haproxy_config = haproxy_config:gsub("{{dns}}",  mydns)
+	mydns = mydns .. (index > 1 and "\n" or "") .. "	" .. string.format("nameserver dns%s %s", index, s)
-
+end)
-f_out:write(haproxy_config)
+haproxy_config = haproxy_config:gsub("{{dns}}",  mydns)
-
+
-local listens = {}
+f_out:write(haproxy_config)
-
+
-uci:foreach(appname, "haproxy_config", function(t)
+local listens = {}
-	if t.enabled == "1" then
+
-		local server_remark
+uci:foreach(appname, "haproxy_config", function(t)
-		local server_address
+	if t.enabled == "1" then
-		local server_port
+		local server_remark
-		local lbss = t.lbss
+		local server_address
-		local listen_port = tonumber(t.haproxy_port) or 0
+		local server_port
-		local server_node = uci:get_all(appname, lbss)
+		local lbss = t.lbss
-		if server_node and server_node.address and server_node.port then
+		local listen_port = tonumber(t.haproxy_port) or 0
-			server_remark = server_node.address .. ":" .. server_node.port
+		local server_node = uci:get_all(appname, lbss)
-			server_address = server_node.address
+		if server_node and server_node.address and server_node.port then
-			server_port = server_node.port
+			server_remark = server_node.address .. ":" .. server_node.port
-			t.origin_address = server_address
+			server_address = server_node.address
-			t.origin_port = server_port
+			server_port = server_node.port
-			if health_check_type == "passwall_logic" then
+			t.origin_address = server_address
-				if server_node.type ~= "Socks" then
+			t.origin_port = server_port
-					local relay_port = server_node.port
+			if health_check_type == "passwall_logic" then
-					new_port = get_new_port()
+				if server_node.type ~= "Socks" then
-					local config_file = string.format("haproxy_%s_%s.json", t[".name"], new_port)
+					local relay_port = server_node.port
-					sys.call(string.format('/usr/share/%s/app.sh run_socks "%s"> /dev/null',
+					new_port = get_new_port()
-						appname,
+					local config_file = string.format("haproxy_%s_%s.json", t[".name"], new_port)
-						string.format("flag=%s node=%s bind=%s socks_port=%s config_file=%s",
+					sys.call(string.format('/usr/share/%s/app.sh run_socks "%s"> /dev/null',
-							new_port, --flag
+						appname,
-							server_node[".name"], --node
+						string.format("flag=%s node=%s bind=%s socks_port=%s config_file=%s",
-							"127.0.0.1", --bind
+							new_port, --flag
-							new_port, --socks port
+							server_node[".name"], --node
-							config_file --config file
+							"127.0.0.1", --bind
-							)
+							new_port, --socks port
-						)
+							config_file --config file
-					)
+							)
-					server_address = "127.0.0.1"
+						)
-					server_port = new_port
+					)
-				end
+					server_address = "127.0.0.1"
-			end
+					server_port = new_port
-		else
+				end
-			server_address, server_port = get_ip_port_from(lbss)
+			end
-			server_remark = server_address .. ":" .. server_port
+		else
-			t.origin_address = server_address
+			server_address, server_port = get_ip_port_from(lbss)
-			t.origin_port = server_port
+			server_remark = server_address .. ":" .. server_port
-		end
+			t.origin_address = server_address
-		if server_address and server_port and listen_port > 0 then
+			t.origin_port = server_port
-			if not listens[listen_port] then
+		end
-				listens[listen_port] = {}
+		if server_address and server_port and listen_port > 0 then
-			end
+			if not listens[listen_port] then
-			t.server_remark = server_remark
+				listens[listen_port] = {}
-			t.server_address = server_address
+			end
-			t.server_port = server_port
+			t.server_remark = server_remark
-			table.insert(listens[listen_port], t)
+			t.server_address = server_address
-		else
+			t.server_port = server_port
-			log("  - 丢弃1个明显无效的节点")
+			table.insert(listens[listen_port], t)
-		end
+		else
-	end
+			log("  - 丢弃1个明显无效的节点")
-end)
+		end
-
+	end
-local sortTable = {}
+end)
-for i in pairs(listens) do
+
-	if i ~= nil then
+local sortTable = {}
-		table.insert(sortTable, i)
+for i in pairs(listens) do
-	end
+	if i ~= nil then
-end
+		table.insert(sortTable, i)
-table.sort(sortTable, function(a,b) return (a < b) end)
+	end
-
+end
-for i, port in pairs(sortTable) do
+table.sort(sortTable, function(a,b) return (a < b) end)
-	log("  + 入口 %s:%s" % {bind_address, port})
+
-
+for i, port in pairs(sortTable) do
-	f_out:write("\n" .. string.format([[
+	log("  +  入口 %s:%s" % {bind_address, port})
-listen %s
+
-	bind %s:%s
+	f_out:write("\n" .. string.format([[
-	mode tcp
+listen %s
-	balance roundrobin
+	bind %s:%s
-]], port, bind_address, port))
+	mode tcp
-
+	balance roundrobin
-	if health_check_type == "passwall_logic" then
+]], port, bind_address, port))
-		f_out:write(string.format([[
+
-	option external-check
+	if health_check_type == "passwall_logic" then
-	external-check command "/usr/share/passwall2/haproxy_check.sh"
+		f_out:write(string.format([[
-]], port, port))
+	option external-check
-	end
+	external-check command "/usr/share/passwall2/haproxy_check.sh"
-
+]], port, port))
-	for i, o in ipairs(listens[port]) do
+	end
-		local remark = o.server_remark
+
-		local server = o.server_address .. ":" .. o.server_port
+	local count_M, count_B = 1, 1
-		local server_conf = "server {{remark}} {{server}} weight {{weight}} {{resolvers}} check inter {{inter}} rise 1 fall 3 {{backup}}"
+	for i, o in ipairs(listens[port]) do
-		server_conf = server_conf:gsub("{{remark}}", remark)
+		local remark = o.server_remark or ""
-		server_conf = server_conf:gsub("{{server}}", server)
+		-- 防止重名导致无法运行
-		server_conf = server_conf:gsub("{{weight}}",  o.lbweight)
+		if tostring(o.backup) ~= "1" then
-		local resolvers = "resolvers mydns"
+			remark = "M" .. count_M .. "-" .. remark
-		if api.is_ip(o.server_address) then
+			count_M = count_M + 1
-			resolvers = ""
+		else
-		end
+			remark = "B" .. count_B .. "-" .. remark
-		server_conf = server_conf:gsub("{{resolvers}}",  resolvers)
+			count_B = count_B + 1
-		server_conf = server_conf:gsub("{{inter}}",  tonumber(health_check_inter) .. "s")
+		end
-		server_conf = server_conf:gsub("{{backup}}",  o.backup == "1" and "backup" or "")
+		local server = o.server_address .. ":" .. o.server_port
-
+		local server_conf = "server {{remark}} {{server}} weight {{weight}} {{resolvers}} check inter {{inter}} rise 1 fall 3 {{backup}}"
-		f_out:write("    " .. server_conf .. "\n")
+		server_conf = server_conf:gsub("{{remark}}", remark)
-
+		server_conf = server_conf:gsub("{{server}}", server)
-		if o.export ~= "0" then
+		server_conf = server_conf:gsub("{{weight}}", o.lbweight)
-			sys.call(string.format("/usr/share/passwall2/app.sh add_ip2route %s %s", o.origin_address, o.export))
+		local resolvers = "resolvers mydns"
-		end
+		if api.is_ip(o.server_address) then
-
+			resolvers = ""
-		log(string.format("  | - 出口节点：%s:%s，权重：%s", o.origin_address, o.origin_port, o.lbweight))
+		end
-	end
+		server_conf = server_conf:gsub("{{resolvers}}", resolvers)
-end
+		server_conf = server_conf:gsub("{{inter}}", tonumber(health_check_inter) .. "s")
-
+		server_conf = server_conf:gsub("{{backup}}", tostring(o.backup) == "1" and "backup" or "")
---控制台配置
+
-local console_port = uci:get(appname, "@global_haproxy[0]", "console_port")
+		f_out:write("	" .. server_conf .. "\n")
-local console_user = uci:get(appname, "@global_haproxy[0]", "console_user")
+
-local console_password = uci:get(appname, "@global_haproxy[0]", "console_password")
+		if o.export ~= "0" then
-local str = [[
+			sys.call(string.format("/usr/share/passwall2/app.sh add_ip2route %s %s", o.origin_address, o.export))
-listen console
+		end
-	bind 0.0.0.0:%s
+
-	mode http
+		log(string.format("  | - 出口节点：%s:%s，权重：%s", o.origin_address, o.origin_port, o.lbweight))
-	stats refresh 30s
+	end
-	stats uri /
+end
-	stats admin if TRUE
+
-	%s
+--控制台配置
-]]
+local console_user = uci:get(appname, "@global_haproxy[0]", "console_user")
-f_out:write("\n" .. string.format(str, console_port, (console_user and console_user ~= "" and console_password and console_password ~= "") and "stats auth " .. console_user .. ":" .. console_password or ""))
+local console_password = uci:get(appname, "@global_haproxy[0]", "console_password")
-log(string.format("  * 控制台端口：%s", console_port))
+local str = [[
-
+listen console
-f_out:close()
+	bind 0.0.0.0:%s
-
+	mode http
---内置健康检查URL
+	stats refresh 30s
-if health_check_type == "passwall_logic" then
+	stats uri /
-	local probeUrl = uci:get(appname, "@global_haproxy[0]", "health_probe_url") or "https://www.google.com/generate_204"
+	stats admin if TRUE
-	local f_url = io.open(haproxy_path .. "/Probe_URL", "w")
+	%s
-	f_url:write(probeUrl)
+]]
-	f_url:close()
+f_out:write("\n" .. string.format(str, console_port, (console_user and console_user ~= "" and console_password and console_password ~= "") and "stats auth " .. console_user .. ":" .. console_password or ""))
-end
+
+f_out:close()
+
+--内置健康检查URL
+if health_check_type == "passwall_logic" then
+	local probeUrl = uci:get(appname, "@global_haproxy[0]", "health_probe_url") or "https://www.google.com/generate_204"
+	local f_url = io.open(haproxy_path .. "/Probe_URL", "w")
+	f_url:write(probeUrl)
+	f_url:close()
+end

luci-app-passwall2/root/usr/share/passwall2/haproxy_check.sh

@@ -1,5 +1,7 @@
 #!/bin/sh
 
+export PATH=/usr/sbin:/usr/bin:/sbin:/bin:/root/bin
+
 listen_address=$1
 listen_port=$2
 server_address=$3
@@ -17,7 +19,7 @@ if /usr/bin/curl --help all | grep -q "\-\-retry-all-errors"; then
 	extra_params="${extra_params} --retry-all-errors"
 fi
 
-status=$(/usr/bin/curl -I -o /dev/null -skL ${extra_params} --connect-timeout 3 --retry 1 -w "%{http_code}" "${probeUrl}")
+status=$(/usr/bin/curl -I -o /dev/null -skL ${extra_params} --connect-timeout 3 --retry 1 --max-time 10 -w "%{http_code}" "${probeUrl}")
 
 case "$status" in
 	200|204)

luci-app-passwall2/root/usr/share/passwall2/subscribe.lua

@@ -1219,6 +1219,7 @@ local function processData(szType, content, add_mode, add_from)
 		result.hysteria_alpn = params.alpn
 		result.hysteria_up_mbps = params.upmbps
 		result.hysteria_down_mbps = params.downmbps
+		result.hysteria_hop = params.mport
 
 		if has_singbox then
 			result.type = 'sing-box'
@@ -1325,6 +1326,7 @@ local function processData(szType, content, add_mode, add_from)
 		result.tls_serverName = params.sni
 		result.tuic_alpn = params.alpn or "default"
 		result.tuic_congestion_control = params.congestion_control or "cubic"
+		result.tuic_udp_relay_mode = params.udp_relay_mode or "native"
 		params.allowinsecure = params.allowinsecure or params.insecure
 		if params.allowinsecure then
 			if params.allowinsecure == "1" or params.allowinsecure == "0" then

luci-app-passwall2/root/usr/share/passwall2/test.sh

@@ -71,29 +71,11 @@ url_test_node() {
 		sleep 1s
 		result=$(curl --connect-timeout 3 -o /dev/null -I -skL -w "%{http_code}:%{time_starttransfer}" -x $curlx "https://www.google.com/generate_204")
 		pgrep -af "url_test_${node_id}" | awk '! /test\.sh/{print $1}' | xargs kill -9 >/dev/null 2>&1
-		rm -rf "/tmp/etc/${CONFIG}/url_test_${node_id}"*.json
+		rm -rf /tmp/etc/${CONFIG}/*url_test_${node_id}*.json
 	}
 	echo $result
 }
 
-test_node() {
-	local node_id=$1
-	local _type=$(echo $(config_n_get ${node_id} type) | tr 'A-Z' 'a-z')
-	[ -n "${_type}" ] && {
-		local _tmp_port=$(/usr/share/${CONFIG}/app.sh get_new_port 61080 tcp,udp)
-		/usr/share/${CONFIG}/app.sh run_socks flag="test_node_${node_id}" node=${node_id} bind=127.0.0.1 socks_port=${_tmp_port} config_file=test_node_${node_id}.json
-		local curlx="socks5h://127.0.0.1:${_tmp_port}"
-		sleep 1s
-		_proxy_status=$(test_url "https://www.google.com/generate_204" ${retry_num} ${connect_timeout} "-x $curlx")
-		pgrep -af "test_node_${node_id}" | awk '! /test\.sh/{print $1}' | xargs kill -9 >/dev/null 2>&1
-		rm -rf "/tmp/etc/${CONFIG}/test_node_${node_id}.json"
-		if [ "${_proxy_status}" -eq 200 ]; then
-			return 0
-		fi
-	}
-	return 1
-}
-
 arg1=$1
 shift
 case $arg1 in

nikki/Makefile

@@ -5,9 +5,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/MetaCubeX/mihomo.git
-PKG_SOURCE_DATE:=2025-05-04
+PKG_SOURCE_DATE:=2025-05-15
-PKG_SOURCE_VERSION:=86c127db8b9fd8c8bf6097d2999e4d5c5d99febb
+PKG_SOURCE_VERSION:=bb8c47d83df74d9873933067c689495944dea314
-PKG_MIRROR_HASH:=bacb109d544c8ff25f9f69edeb37bab3ed54c4faeb5f1c5da6e9978b5c4ea8b0
+PKG_MIRROR_HASH:=6fb158a108d96fb3e6a95311812c5ec4a489505bd28b6722baaabc1f794fa99c
 
 PKG_LICENSE:=GPL3.0+
 PKG_MAINTAINER:=Joseph Mory <morytyann@gmail.com>
@@ -16,7 +16,7 @@ PKG_BUILD_DEPENDS:=golang/host
 PKG_BUILD_PARALLEL:=1
 PKG_BUILD_FLAGS:=no-mips16
 
-PKG_BUILD_VERSION:=alpha-86c127d
+PKG_BUILD_VERSION:=alpha-bb8c47d
 PKG_BUILD_TIME:=$(shell date -u -Iseconds)
 
 GO_PKG:=github.com/metacubex/mihomo

nikki/files/nikki.init

@@ -51,6 +51,17 @@ start_service() {
 	config_get_bool test_profile "config" "test_profile" 0
 	config_get_bool fast_reload "config" "fast_reload" 0
 	## mixin config
+	### overwrite
+	local overwrite_authentication overwrite_tun_dns_hijack overwrite_fake_ip_filter overwrite_hosts overwrite_dns_nameserver overwrite_dns_nameserver_policy overwrite_sniffer_sniff overwrite_sniffer_force_domain_name overwrite_sniffer_ignore_domain_name
+	config_get_bool overwrite_authentication "mixin" "authentication" 0
+	config_get_bool overwrite_tun_dns_hijack "mixin" "tun_dns_hijack" 0
+	config_get_bool overwrite_fake_ip_filter "mixin" "fake_ip_filter" 0
+	config_get_bool overwrite_hosts "mixin" "hosts" 0
+	config_get_bool overwrite_dns_nameserver "mixin" "dns_nameserver" 0
+	config_get_bool overwrite_dns_nameserver_policy "mixin" "dns_nameserver_policy" 0
+	config_get_bool overwrite_sniffer_force_domain_name "mixin" "sniffer_force_domain_name" 0
+	config_get_bool overwrite_sniffer_ignore_domain_name "mixin" "sniffer_ignore_domain_name" 0
+	config_get_bool overwrite_sniffer_sniff "mixin" "sniffer_sniff" 0
 	### mixin file content
 	local mixin_file_content
 	config_get_bool mixin_file_content "mixin" "mixin_file_content" 0
@@ -94,6 +105,33 @@ start_service() {
 	fi
 	# mixin
 	log "Mixin" "Mixin config."
+	if [ "$overwrite_authentication" == 1 ]; then
+		yq -M -i 'del(.authentication)' "$RUN_PROFILE_PATH"
+	fi
+	if [ "$overwrite_tun_dns_hijack" == 1 ]; then
+		yq -M -i 'del(.tun.dns-hijack)' "$RUN_PROFILE_PATH"
+	fi
+	if [ "$overwrite_fake_ip_filter" == 1 ]; then
+		yq -M -i 'del(.dns.fake-ip-filter)' "$RUN_PROFILE_PATH"
+	fi
+	if [ "$overwrite_hosts" == 1 ]; then
+		yq -M -i 'del(.hosts)' "$RUN_PROFILE_PATH"
+	fi
+	if [ "$overwrite_dns_nameserver" == 1 ]; then
+		yq -M -i 'del(.dns.default-nameserver) | del(.dns.proxy-server-nameserver) | del(.dns.direct-nameserver) | del(.dns.nameserver) | del(.dns.fallback) ' "$RUN_PROFILE_PATH"
+	fi
+	if [ "$overwrite_dns_nameserver_policy" == 1 ]; then
+		yq -M -i 'del(.dns.nameserver-policy)' "$RUN_PROFILE_PATH"
+	fi
+	if [ "$overwrite_sniffer_force_domain_name" == 1 ]; then
+		yq -M -i 'del(.sniffer.force-domain)' "$RUN_PROFILE_PATH"
+	fi
+	if [ "$overwrite_sniffer_ignore_domain_name" == 1 ]; then
+		yq -M -i 'del(.sniffer.skip-domain)' "$RUN_PROFILE_PATH"
+	fi
+	if [ "$overwrite_sniffer_sniff" == 1 ]; then
+		yq -M -i 'del(.sniffer.sniff)' "$RUN_PROFILE_PATH"
+	fi
 	if [ "$mixin_file_content" == 0 ]; then
 		ucode -S "$MIXIN_UC" | yq -M -p json -o yaml | yq -M -i ea '... comments="" | . as $item ireduce ({}; . * $item ) | .rules = .nikki-rules + .rules | del(.nikki-rules)' "$RUN_PROFILE_PATH" -
 	elif [ "$mixin_file_content" == 1 ]; then
@@ -318,26 +356,41 @@ update_subscription() {
 	config_get subscription_url "$subscription_section" "url"
 	config_get subscription_user_agent "$subscription_section" "user_agent"
 	# reset subscription info
-	uci_remove "nikki" "$subscription_section" "expire"
+	uci_remove "nikki" "$subscription_section" "expire" > /dev/null 2>&1
-	uci_remove "nikki" "$subscription_section" "upload"
+	uci_remove "nikki" "$subscription_section" "upload" > /dev/null 2>&1
-	uci_remove "nikki" "$subscription_section" "download"
+	uci_remove "nikki" "$subscription_section" "download" > /dev/null 2>&1
-	uci_remove "nikki" "$subscription_section" "total"
+	uci_remove "nikki" "$subscription_section" "total" > /dev/null 2>&1
-	uci_remove "nikki" "$subscription_section" "used"
+	uci_remove "nikki" "$subscription_section" "used" > /dev/null 2>&1
-	uci_remove "nikki" "$subscription_section" "avaliable"
+	uci_remove "nikki" "$subscription_section" "avaliable" > /dev/null 2>&1
-	uci_remove "nikki" "$subscription_section" "update"
+	uci_remove "nikki" "$subscription_section" "update" > /dev/null 2>&1
-	uci_remove "nikki" "$subscription_section" "success"
+	uci_remove "nikki" "$subscription_section" "success" > /dev/null 2>&1
 	# update subscription
 	log "Profile" "Update subscription: $subscription_name."
+	local success
 	local subscription_header_tmpfile; subscription_header_tmpfile="$TEMP_DIR/$subscription_section.header"
 	local subscription_tmpfile; subscription_tmpfile="$TEMP_DIR/$subscription_section.yaml"
 	local subscription_file; subscription_file="$SUBSCRIPTIONS_DIR/$subscription_section.yaml"
 	if (curl -s -f --connect-timeout 15 --retry 3 -L -X GET -A "$subscription_user_agent" -D "$subscription_header_tmpfile" -o "$subscription_tmpfile" "$subscription_url"); then
+		log "Profile" "Subscription download successful."
+		if (yq -p yaml -o yaml "$subscription_tmpfile" > /dev/null 2>&1); then
+			log "Profile" "Subscription is valid."
+			success=1
+		else
+			log "Profile" "Subscription is not valid."
+			success=0
+		fi
+	else
+		log "Profile" "Subscription download failed."
+		success=0
+	fi
+	# check if success
+	if [ "$success" == 1 ]; then
 		log "Profile" "Subscription update successful."
 		local subscription_expire subscription_upload subscription_download subscription_total subscription_used subscription_avaliable
-		subscription_expire=$(grep -i "subscription-userinfo: " "$subscription_header_tmpfile" | grep -o -E "expire=[[:digit:]]+" | cut -d '=' -f 2)
+		subscription_expire=$(grep -i "subscription-userinfo: " "$subscription_header_tmpfile" | grep -i -o -E "expire=[[:digit:]]+" | cut -d '=' -f 2)
-		subscription_upload=$(grep -i "subscription-userinfo: " "$subscription_header_tmpfile" | grep -o -E "upload=[[:digit:]]+" | cut -d '=' -f 2)
+		subscription_upload=$(grep -i "subscription-userinfo: " "$subscription_header_tmpfile" | grep -i -o -E "upload=[[:digit:]]+" | cut -d '=' -f 2)
-		subscription_download=$(grep -i "subscription-userinfo: " "$subscription_header_tmpfile" | grep -o -E "download=[[:digit:]]+" | cut -d '=' -f 2)
+		subscription_download=$(grep -i "subscription-userinfo: " "$subscription_header_tmpfile" | grep -i -o -E "download=[[:digit:]]+" | cut -d '=' -f 2)
-		subscription_total=$(grep -i "subscription-userinfo: " "$subscription_header_tmpfile" | grep -o -E "total=[[:digit:]]+" | cut -d '=' -f 2)
+		subscription_total=$(grep -i "subscription-userinfo: " "$subscription_header_tmpfile" | grep -i -o -E "total=[[:digit:]]+" | cut -d '=' -f 2)
 		if [[ -n "$subscription_upload" && -n "$subscription_download" ]]; then
 			subscription_used=$((subscription_upload + subscription_download))
 			if [ -n "$subscription_total" ]; then
@@ -368,7 +421,7 @@ update_subscription() {
 		# update subscription file
 		rm -f "$subscription_header_tmpfile"
 		mv -f "$subscription_tmpfile" "$subscription_file"
-	else
+	elif [ "$success" == 0 ]; then
 		log "Profile" "Subscription update failed."
 		# update subscription info
 		uci_set "nikki" "$subscription_section" "success" "0"

nikki/files/scripts/debug.sh

@@ -171,11 +171,11 @@ function desensitize_profile() {
 		}
 		if (exists(profile, "proxy-providers")) {
 			for (let x in profile["proxy-providers"]) {
-				if (exists(x, "url")) {
+				if (exists(profile["proxy-providers"][x], "url")) {
-					x["url"] = "*";
+					profile["proxy-providers"][x]["url"] = "*";
 				}
-				if (exists(x, "payload")) {
+				if (exists(profile["proxy-providers"][x], "payload")) {
-					desensitize_proxies(x["payload"]);
+					desensitize_proxies(profile["proxy-providers"][x]["payload"]);
 				}
 			}
 		}

patch-luci-app-passwall.patch

@@ -1,5 +1,5 @@
 diff --git a/luci-app-passwall/Makefile b/luci-app-passwall/Makefile
-index 184c14a..2185060 100644
+index 8ff84e0..dd660dc 100644
 --- a/luci-app-passwall/Makefile
 +++ b/luci-app-passwall/Makefile
 @@ -67,7 +67,7 @@ config PACKAGE_$(PKG_NAME)_Nftables_Transparent_Proxy
@@ -20,10 +20,10 @@ index 184c14a..2185060 100644
  
  define Package/$(PKG_NAME)/postrm
 diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
-index 927a9fd..b5aebe5 100644
+index 2eaa276..2206b05 100644
 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
 +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
-@@ -506,6 +506,12 @@ o:value("9.9.9.9", "9.9.9.9 (Quad9)")
+@@ -527,6 +527,12 @@ o:value("9.9.9.9", "9.9.9.9 (Quad9)")
  o:value("149.112.112.112", "149.112.112.112 (Quad9)")
  o:value("208.67.220.220", "208.67.220.220 (OpenDNS)")
  o:value("208.67.222.222", "208.67.222.222 (OpenDNS)")
@@ -36,7 +36,7 @@ index 927a9fd..b5aebe5 100644
  o:depends({dns_mode = "dns2socks"})
  o:depends({dns_mode = "tcp"})
  o:depends({dns_mode = "udp"})
-@@ -618,7 +624,7 @@ o:depends({direct_dns_mode = "dot"})
+@@ -639,7 +645,7 @@ o:depends({direct_dns_mode = "dot"})
  o:depends({dns_mode = "dot"})
  
  o = s:taboption("DNS", Flag, "dns_redirect", translate("DNS Redirect"), translate("Force special DNS server to need proxy devices."))

shadowsocks-rust/Makefile

@@ -6,7 +6,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=shadowsocks-rust
-PKG_VERSION:=1.23.2
+PKG_VERSION:=1.23.4
 PKG_RELEASE:=1
 
 PKG_SOURCE_HEADER:=shadowsocks-v$(PKG_VERSION)
@@ -21,29 +21,29 @@ endif
 
 ifeq ($(ARCH),aarch64)
   PKG_SOURCE:=$(PKG_SOURCE_HEADER).aarch64-$(PKG_SOURCE_BODY).$(PKG_SOURCE_FOOTER)
-  PKG_HASH:=8462ec05ead8cb6e13dfdc22a813518859da790dbab9a3f716f236a198103aac
+  PKG_HASH:=381268d79ac9c0dac443a551c2152a218321bf03c29c562c0211a9341c5fb2ba
 else ifeq ($(ARCH),arm)
   # Referred to golang/golang-values.mk
   ARM_CPU_FEATURES:=$(word 2,$(subst +,$(space),$(call qstrip,$(CONFIG_CPU_TYPE))))
   ifeq ($(ARM_CPU_FEATURES),)
     PKG_SOURCE:=$(PKG_SOURCE_HEADER).arm-$(PKG_SOURCE_BODY)eabi.$(PKG_SOURCE_FOOTER)
-    PKG_HASH:=bc07650d508fd4e558bc5aae95edf80e98f5453dc7fac9a2d0a53fb032e8dc3e
+    PKG_HASH:=6754ba3a1dea1f4d8e0511d668a174b1c94c9e4f37cf00dad75e3ad4a47c6472
   else
     PKG_SOURCE:=$(PKG_SOURCE_HEADER).arm-$(PKG_SOURCE_BODY)eabihf.$(PKG_SOURCE_FOOTER)
-    PKG_HASH:=b1b11b6ee6562075f7948f3386adb5b9dbf49701dda2298c56c1a211be1b9324
+    PKG_HASH:=0bd4a3c9b5ba14837071059237db1f14da47fee1b1e780c13bc4790fa08c0478
   endif
 else ifeq ($(ARCH),i386)
   PKG_SOURCE:=$(PKG_SOURCE_HEADER).i686-$(PKG_SOURCE_BODY).$(PKG_SOURCE_FOOTER)
-  PKG_HASH:=9ba74e19d3ad0baf1c28b4cd46cafc8dbce5ce839ff589e16c1be2d64ddc29e4
+  PKG_HASH:=7e48342cb9cf3557aebc4764f7155094b50e71a997478a00b6d98107f8cf6b83
 else ifeq ($(ARCH),x86_64)
   PKG_SOURCE:=$(PKG_SOURCE_HEADER).x86_64-$(PKG_SOURCE_BODY).$(PKG_SOURCE_FOOTER)
-  PKG_HASH:=c4d528b32639c0da77e93a8ec1cc19f01143af7105ad352f9a6c6257d90a9a17
+  PKG_HASH:=91680f08cd51098a0f335025d38afa51116b01983a65a2e27ee82ea3e31f775b
 else ifeq ($(ARCH),mips)
   PKG_SOURCE:=$(PKG_SOURCE_HEADER).mips-$(PKG_SOURCE_BODY).$(PKG_SOURCE_FOOTER)
-  PKG_HASH:=f4baa0d2f20ebd54b9bb2802eb6429d888998b8ac7f524965f1eba1d166ed933
+  PKG_HASH:=50bdc40d3e510719680219f42a1633269511654499189af327f3a219247763e8
 else ifeq ($(ARCH),mipsel)
   PKG_SOURCE:=$(PKG_SOURCE_HEADER).mipsel-$(PKG_SOURCE_BODY).$(PKG_SOURCE_FOOTER)
-  PKG_HASH:=4c39e8aa75e2fc017fd57bf664f68c547161f11a45be52592e549daf8a6db1bd
+  PKG_HASH:=0a6cec164b17e4dd667e98c66371e2a8d81969afb39ce1e362789c95357068e7
 # Set the default value to make OpenWrt Package Checker happy
 else
   PKG_SOURCE:=dummy

xray-core/Makefile

@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=xray-core
-PKG_VERSION:=25.4.30
+PKG_VERSION:=25.5.16
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/XTLS/Xray-core/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=4caff81848262684934022dca91cd00b3f28287c29c8229654e226a2ff7990c3
+PKG_HASH:=c856cd9abed7d28d3c7b856c0661cec5c85ba0669affa740c979cf40c2f73ee4
 
 PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
 PKG_LICENSE:=MPL-2.0