luci-app-homeproxy/htdocs/luci-static/resources/view/homeproxy/client.js

@@ -367,7 +367,6 @@ return view.extend({
 
 			this.value('nil', _('Disable'));
 			this.value('direct-out', _('Direct'));
-			this.value('block-out', _('Block'));
 			uci.sections(data[0], 'routing_node', (res) => {
 				if (res.enabled === '1')
 					this.value(res['.name'], res.label);
@@ -740,7 +739,6 @@ return view.extend({
 
 			this.value('default-dns', _('Default DNS (issued by WAN)'));
 			this.value('system-dns', _('System DNS'));
-			this.value('block-dns', _('Block DNS queries'));
 			uci.sections(data[0], 'dns_server', (res) => {
 				if (res.enabled === '1')
 					this.value(res['.name'], res.label);

luci-app-homeproxy/root/etc/homeproxy/resources/china_ip4.ver

@@ -1 +1 @@
-20250513033637
+20250403032551

luci-app-homeproxy/root/etc/homeproxy/resources/china_ip6.txt

@@ -32,6 +32,7 @@
 2400:6460:300::/40
 2400:6600::/32
 2400:6e60:1301::/48
+2400:7100::/32
 2400:75aa::/32
 2400:7bc0:20::/43
 2400:7fc0::/40
@@ -46,7 +47,7 @@
 2400:8200::/32
 2400:87c0::/32
 2400:89c0:1010::/44
-2400:89c0:1020::/44
+2400:89c0:1020::/43
 2400:89c0:1050::/46
 2400:89c0:1130::/44
 2400:89c0:1150::/48
@@ -108,21 +109,24 @@
 2400:da00::/32
 2400:dd00::/28
 2400:ebc0::/32
-2400:ee00:ffec::/46
+2400:ee00::/32
-2400:ee00:fff0::/44
 2400:f6e0::/32
 2400:f720::/32
+2400:fb40::/32
 2400:fe00::/32
 2401:20::/40
 2401:800::/32
+2401:ba0::/32
 2401:1160::/32
 2401:11a0:10::/44
 2401:11a0:1500::/40
 2401:11a0:d150::/48
 2401:11a0:d152::/48
 2401:11a0:d158::/48
+2401:1200::/48
 2401:1320::/32
 2401:1d40::/32
+2401:2780::/32
 2401:2e00::/32
 2401:33c0::/32
 2401:3480::/36
@@ -130,10 +134,28 @@
 2401:3480:3000::/36
 2401:34a0::/31
 2401:3800::/32
+2401:3880::/32
+2401:3980::/32
+2401:3a80::/32
+2401:3b80::/32
+2401:3c80::/32
+2401:3d80::/32
+2401:3e80::/32
+2401:3f80::/32
+2401:4180::/32
+2401:4280::/32
+2401:4380::/32
+2401:4480::/32
+2401:4580::/32
+2401:4680::/32
+2401:4780::/32
+2401:4880::/32
+2401:4a80::/32
 2401:5c20:10::/48
 2401:70e0::/32
 2401:71c0::/48
 2401:7700::/32
+2401:7d40::/32
 2401:7e00::/32
 2401:8be0::/48
 2401:8d00::/46
@@ -143,6 +165,8 @@
 2401:8d00:b::/48
 2401:8d00:c::/48
 2401:8d00:f::/48
+2401:8d00:10::/48
+2401:8d00:12::/48
 2401:8d00:14::/48
 2401:8da0::/48
 2401:9a00::/44
@@ -156,6 +180,7 @@
 2401:b400:20::/47
 2401:b680::/32
 2401:be00::/32
+2401:ca00::/32
 2401:cb80::/32
 2401:cc00::/32
 2401:ce00::/32
@@ -165,11 +190,6 @@
 2401:d920::/48
 2401:de00::/32
 2401:ec00::/32
-2401:f860:86::/47
-2401:f860:88::/47
-2401:f860:90::/46
-2401:f860:100::/40
-2401:f860:f100::/40
 2401:fa00:40::/43
 2402:840:d000::/46
 2402:840:e000::/46
@@ -188,6 +208,8 @@
 2402:6e80::/32
 2402:6f40::/48
 2402:6f40:2::/48
+2402:6fc0::/48
+2402:7040::/32
 2402:7d80::/32
 2402:8bc0::/32
 2402:8cc0::/40
@@ -235,8 +257,8 @@
 2403:4c80::/48
 2403:5c80::/48
 2403:6380:14::/47
-2403:6380:40::/48
+2403:6380:40::/46
-2403:6380:42::/47
+2403:6380:60::/44
 2403:6a00::/32
 2403:7580::/32
 2403:8080:101::/48
@@ -263,10 +285,11 @@
 2404:bc0:4400::/43
 2404:bc0:4f00::/43
 2404:1c80::/32
+2404:2280:103::/48
 2404:2280:105::/48
-2404:2280:107::/48
+2404:2280:106::/47
 2404:2280:109::/48
-2404:2280:10a::/47
+2404:2280:10b::/48
 2404:2280:10d::/48
 2404:2280:10f::/48
 2404:2280:112::/47
@@ -301,7 +324,6 @@
 2404:2280:183::/48
 2404:2280:187::/48
 2404:2280:18a::/47
-2404:2280:18c::/46
 2404:2280:193::/48
 2404:2280:196::/48
 2404:2280:198::/45
@@ -331,10 +353,6 @@
 2404:2280:1ee::/48
 2404:2280:1f0::/45
 2404:2280:1f8::/46
-2404:2280:202::/47
-2404:2280:204::/47
-2404:2280:209::/48
-2404:2280:20a::/48
 2404:3700::/48
 2404:4dc0::/32
 2404:6380::/48
@@ -383,9 +401,9 @@
 2405:1480:3000::/47
 2405:1640:6::/48
 2405:3140:11::/48
-2405:3140:21::/48
 2405:3140:31::/48
 2405:3140:3a::/48
+2405:3bc0::/48
 2405:57c0::/47
 2405:57c0:100::/48
 2405:66c0::/32
@@ -397,6 +415,7 @@
 2405:6f00:c602::/48
 2405:7040:6000::/47
 2405:78c0:6e00::/43
+2405:8280::/32
 2405:8a40::/32
 2405:a900:ffee::/48
 2405:a900:fffe::/48
@@ -411,17 +430,18 @@
 2406:840:9961::/48
 2406:840:9962::/47
 2406:840:996c::/48
+2406:840:e031::/48
+2406:840:e033::/48
+2406:840:e03f::/48
 2406:840:e080::/44
 2406:840:e0cf::/48
-2406:840:e0e0::/46
+2406:840:e0e2::/48
-2406:840:e0e4::/47
+2406:840:e0e5::/48
 2406:840:e0e8::/48
 2406:840:e10f::/48
 2406:840:e14f::/48
 2406:840:e201::/48
 2406:840:e230::/44
-2406:840:e260::/48
-2406:840:e266::/48
 2406:840:e500::/47
 2406:840:e621::/48
 2406:840:e666::/47
@@ -437,11 +457,10 @@
 2406:840:eb08::/48
 2406:840:eb0b::/48
 2406:840:eb0f::/48
-2406:840:ee40::/47
+2406:840:ee40::/46
 2406:840:ee44::/48
 2406:840:ee4b::/48
 2406:840:ee4d::/48
-2406:840:eee5::/48
 2406:840:f200::/47
 2406:840:f203::/48
 2406:840:f380::/44
@@ -466,6 +485,7 @@
 2406:840:feca::/48
 2406:840:fecc::/47
 2406:840:fecf::/48
+2406:840:fed2::/48
 2406:840:fed8::/48
 2406:840:fedf::/48
 2406:840:fef3::/48
@@ -474,14 +494,17 @@
 2406:840:fefc::/48
 2406:840:feff::/48
 2406:1080::/48
+2406:1e40:f012::/47
 2406:2700::/32
 2406:3340::/32
+2406:3640:1::/48
 2406:3d80::/32
 2406:4d00::/48
 2406:52c0::/32
 2406:5340:6666::/48
 2406:5340:8888::/48
 2406:5ac0::/32
+2406:8880::/48
 2406:b640:100::/48
 2406:b640:4100::/48
 2406:cac0::/40
@@ -491,11 +514,13 @@
 2406:d440:200::/44
 2406:d440:300::/44
 2406:d440:ff00::/48
+2406:d440:ffff::/48
 2406:e3c0::/32
 2406:e500::/33
 2407:2840::/48
 2407:3740::/48
 2407:37c0::/32
+2407:4980::/32
 2407:5380::/32
 2407:6c40:1100::/48
 2407:6c40:1210::/48
@@ -515,6 +540,7 @@
 2407:c080:5000::/37
 2407:c080:6000::/36
 2407:c080:8000::/36
+2407:d9c0::/32
 2408:4000::/22
 2408:8000::/48
 2408:8000:2::/47
@@ -570,8 +596,8 @@
 2408:8181:6000::/40
 2408:8181:8000::/40
 2408:8181:a000::/40
-2408:8181:a220::/44
 2408:8181:e000::/40
+2408:8182:6000::/40
 2408:8182:c000::/40
 2408:8183:4000::/40
 2408:8183:8000::/40
@@ -679,7 +705,6 @@
 2408:8406:b400::/40
 2408:8406:b500::/41
 2408:8406:b580::/42
-2408:8407:510::/44
 2408:8409::/40
 2408:8409:120::/43
 2408:8409:140::/42
@@ -1039,13 +1064,17 @@
 2409:27fe::/33
 2409:6100::/44
 2409:8000::/20
-240a:2000::/40
+240a:2000::/29
-240a:2001:100::/40
+240a:4002:1b00::/40
-240a:2001:1000::/36
+240a:4010:8000::/33
 240a:4020:83a::/48
 240a:4020:883a::/48
 240a:4021:83a::/48
 240a:4021:883a::/48
+240a:4083::/35
+240a:4084:2000::/35
+240a:4088:a000::/35
+240a:408c:2000::/35
 240a:4090:50::/48
 240a:4090:120::/48
 240a:4090:250::/48
@@ -1060,11 +1089,18 @@
 240a:4090:5200::/40
 240a:4090:7000::/39
 240a:4090:7200::/40
+240a:4090:a000::/35
+240a:4094:2000::/35
+240a:409c:2000::/35
+240a:40a4:2000::/35
+240a:40ac:2000::/35
 240a:40b0:83a::/48
 240a:40b0:283a::/48
 240a:40b0:483a::/48
 240a:40b0:683a::/48
 240a:40c0:8000::/43
+240a:40c0:8200::/48
+240a:40c0:8240::/48
 240a:40c0:a000::/43
 240a:40c0:c000::/43
 240a:40c0:e000::/43
@@ -1090,10 +1126,20 @@
 240a:40c3:6000::/43
 240a:40c3:8000::/43
 240a:40c3:c000::/43
+240a:40c3:c200::/48
+240a:40c3:c240::/48
 240a:40c3:e000::/43
 240a:40c4::/43
 240a:40c4:2000::/43
 240a:40c4:4000::/43
+240a:4172::/31
+240a:41b0::/34
+240a:41b8::/31
+240a:41d6::/31
+240a:41f2::/31
+240a:420a::/31
+240a:4230::/31
+240a:4242::/31
 240a:4280::/26
 240a:42c0::/27
 240a:42e0::/28
@@ -1116,16 +1162,19 @@
 240e::/20
 2602:2e0:ff::/48
 2602:f7ee:ee::/48
-2602:f93b:400::/38
 2602:f9ba:a8::/48
 2602:f9ba:10c::/48
+2602:fd92:801::/48
 2602:fd92:cc0::/44
+2602:fed2:731d::/48
 2602:feda:182::/47
 2602:feda:1bf::/48
 2602:feda:1d1::/48
 2602:feda:1df::/48
 2602:feda:2d0::/44
 2602:feda:2f0::/44
+2602:feda:bd0::/48
+2602:feda:d80::/48
 2605:9d80:8001::/48
 2605:9d80:8011::/48
 2605:9d80:8021::/48
@@ -1139,8 +1188,8 @@
 2605:9d80:9042::/48
 2605:9d80:9071::/48
 2605:9d80:9092::/48
-2804:1e48:9001::/48
+2620:57:4004::/48
-2804:1e48:9002::/48
+2804:1e48::/32
 2a03:5840:11b::/48
 2a04:3e00:1002::/48
 2a04:f580:8010::/47
@@ -1189,7 +1238,7 @@
 2a06:a005:a13::/48
 2a06:a005:e80::/43
 2a06:a005:1c40::/44
-2a09:54c6:c800::/37
+2a09:54c6:c000::/36
 2a09:b280:ff83::/48
 2a09:b280:ff84::/47
 2a0a:2840::/30
@@ -1203,8 +1252,9 @@
 2a0b:4340:a6::/48
 2a0b:4e07:b8::/47
 2a0c:9a40:84e0::/48
-2a0c:9a46:800::/44
+2a0c:9a46:800::/43
 2a0c:b641:571::/48
+2a0e:8f02:2182::/47
 2a0e:8f02:f067::/48
 2a0e:97c0:550::/44
 2a0e:97c0:83f::/48
@@ -1223,7 +1273,6 @@
 2a0e:aa07:e039::/48
 2a0e:aa07:e044::/48
 2a0e:aa07:e151::/48
-2a0e:aa07:e160::/48
 2a0e:aa07:e16a::/48
 2a0e:aa07:e1a0::/43
 2a0e:aa07:e1e2::/48
@@ -1232,8 +1281,8 @@
 2a0e:aa07:e210::/48
 2a0e:aa07:e21c::/47
 2a0e:aa07:e220::/44
-2a0e:aa07:f0d0::/46
+2a0e:aa07:f0d2::/48
-2a0e:aa07:f0d4::/47
+2a0e:aa07:f0d5::/48
 2a0e:aa07:f0d8::/48
 2a0e:aa07:f0de::/48
 2a0e:b107:12b::/48
@@ -1242,7 +1291,7 @@
 2a0e:b107:c10::/48
 2a0e:b107:dce::/48
 2a0e:b107:16b0::/44
-2a0e:b107:178d::/48
+2a0e:b107:178c::/47
 2a0f:5707:ac00::/47
 2a0f:7803:dd00::/42
 2a0f:7803:f5d0::/44
@@ -1258,6 +1307,7 @@
 2a0f:7803:fa22::/47
 2a0f:7803:fa24::/46
 2a0f:7803:faf3::/48
+2a0f:7803:faf7::/48
 2a0f:7803:fe81::/48
 2a0f:7803:fe82::/48
 2a0f:7804:da00::/40
@@ -1265,14 +1315,13 @@
 2a0f:7d07::/32
 2a0f:85c1:816::/48
 2a0f:85c1:b3a::/48
-2a0f:85c1:ba5::/48
+2a0f:85c1:bba::/48
-2a0f:85c1:bfe::/48
 2a0f:9400:6110::/48
 2a0f:9400:7700::/48
 2a0f:ac00::/29
 2a10:2f00:15a::/48
 2a10:cc40:190::/48
-2a10:ccc0:d01::/48
+2a12:f8c0:1000::/40
 2a12:f8c3::/36
 2a13:1800::/48
 2a13:1800:10::/48
@@ -1285,45 +1334,30 @@
 2a13:a5c7:2100::/48
 2a13:a5c7:2102::/48
 2a13:a5c7:2110::/48
+2a13:a5c7:2117::/48
+2a13:a5c7:2118::/48
 2a13:a5c7:2121::/48
-2a13:a5c7:2600::/40
 2a13:a5c7:2801::/48
 2a13:a5c7:2803::/48
-2a13:a5c7:3100::/44
 2a13:aac4:f000::/44
 2a14:7c0:4a01::/48
 2a14:4c41::/32
 2a14:67c1:20::/44
-2a14:67c1:70::/47
+2a14:67c1:70::/46
-2a14:67c1:73::/48
+2a14:67c1:701::/48
-2a14:67c1:702::/47
+2a14:67c1:703::/48
 2a14:67c1:704::/48
 2a14:67c1:800::/48
 2a14:67c1:a010::/44
 2a14:67c1:a020::/48
-2a14:67c1:a023::/48
 2a14:67c1:a024::/48
 2a14:67c1:a02a::/48
 2a14:67c1:a02f::/48
-2a14:67c1:a061::/48
-2a14:67c1:a064::/48
-2a14:67c1:a090::/47
-2a14:67c1:a092::/48
-2a14:67c1:a100::/44
-2a14:67c1:b000::/48
-2a14:67c1:b065::/48
 2a14:67c1:b066::/47
-2a14:67c1:b068::/47
 2a14:67c1:b100::/46
-2a14:67c1:b104::/47
+2a14:67c5:1000::/36
-2a14:67c1:b106::/48
-2a14:67c1:b120::/48
-2a14:67c1:b400::/43
-2a14:67c1:b4f0::/48
-2a14:67c5:1000::/39
 2a14:7580:9202::/47
-2a14:7580:9205::/48
+2a14:7580:9204::/46
-2a14:7580:9207::/48
 2a14:7580:9400::/39
 2a14:7580:d000::/37
 2a14:7580:d800::/39

luci-app-homeproxy/root/etc/homeproxy/resources/china_ip6.ver

@@ -1 +1 @@
-20250513033637
+20250403032551

luci-app-homeproxy/root/etc/homeproxy/resources/china_list.ver

@@ -1 +1 @@
-202505122213
+202504022212

luci-app-homeproxy/root/etc/homeproxy/resources/gfw_list.txt

@@ -37,7 +37,6 @@
 1dumb.com
 1e100.net
 1eew.com
-1lib.sk
 1mobile.com
 1mobile.tw
 1point3acres.com
@@ -1005,6 +1004,7 @@ chaos.social
 chapm25.com
 character.ai
 chat.lmsys.org
+chat.openai.com
 chatgpt.com
 chatnook.com
 chaturbate.com
@@ -1212,6 +1212,7 @@ cofacts.tw
 coin2co.in
 coinbase.com
 coinbene.com
+coincarp.com
 coinegg.com
 coinex.com
 coingecko.com
@@ -1449,7 +1450,6 @@ discuss4u.com
 dish.com
 disk.yandex.com
 disk.yandex.ru
-disneyplus.com
 disp.cc
 disqus.com
 dit-inc.us
@@ -1484,7 +1484,6 @@ dnssec.net
 dnvod.tv
 doc.new
 docker.com
-docker.io
 docs.new
 doctorvoice.org
 documentingreality.com
@@ -1546,6 +1545,7 @@ dtwang.org
 duanzhihu.com
 dubox.com
 duck.com
+duckdns.org
 duckduckgo-owned-server.yahoo.net
 duckduckgo.com
 duckload.com
@@ -1650,7 +1650,6 @@ empfil.com
 emule-ed2k.com
 emulefans.com
 emuparadise.me
-en.favotter.net
 en.hao123.com
 enanyang.my
 encrypt.me
@@ -1806,6 +1805,7 @@ fan-qiang.com
 fanbox.cc
 fangbinxing.com
 fangeming.com
+fangeming.comffvpn.com
 fangeqiang.com
 fanglizhi.info
 fangmincn.org
@@ -1828,14 +1828,11 @@ faproxy.com
 faqserv.com
 fartit.com
 farwestchina.com
-fast.com
-fast.wistia.com
 fastestvpn.com
 fastpic.ru
 fastssh.com
 faststone.org
 fatbtc.com
-favstar.fm
 fawanghuihui.org
 faydao.com
 faz.net
@@ -1846,14 +1843,10 @@ fbaddins.com
 fbcdn.net
 fbsbx.com
 fbworkmail.com
-fc2.com
-fc2blog.net
-fc2china.com
 fc2cn.com
 fda.gov.tw
 fdc64.de
 fdc64.org
-fdc89.jp
 feedburner.com
 feeder.co
 feeds.fileforum.com
@@ -1869,8 +1862,6 @@ fengzhenghu.com
 fengzhenghu.net
 fevernet.com
 ff.im
-fffff.at
-fflick.com
 ffvpn.com
 fgmtv.net
 fgmtv.org
@@ -2138,6 +2129,7 @@ geekerhome.com
 geekheart.info
 gekikame.com
 gelbooru.com
+gemini.com
 generated.photos
 genius.com
 geocities.co.jp
@@ -2218,7 +2210,6 @@ gmhz.org
 gmll.org
 gmodules.com
 gmozomg.izihost.org
-gmp4.com
 gnci.org.hk
 gnews.org
 go-pki.com
@@ -2498,7 +2489,6 @@ gospelherald.com
 got-game.org
 gotdns.ch
 gotgeeks.com
-gotquestions.org
 gotrusted.com
 gotw.ca
 gov.taipei
@@ -2588,7 +2578,6 @@ hakkatv.org.tw
 halktv.com.tr
 handcraftedsoftware.org
 hanime.tv
-hanime1.me
 hanunyi.com
 hao.news
 happy-vpn.com
@@ -2859,7 +2848,6 @@ hypothes.is
 i-cable.com
 i-part.com.tw
 i-scmp.com
-i.111666.best
 i.lithium.com
 i1.hk
 i2p2.de
@@ -2890,7 +2878,6 @@ id.heroku.com
 idemocracy.asia
 identi.ca
 idiomconnection.com
-idope.se
 idouga.com
 idreamx.com
 idv.tw
@@ -3626,7 +3613,6 @@ mirror.xyz
 mirrorbooks.com
 mirrormedia.mg
 missav.com
-missav.ws
 mist.vip
 mitao.com.tw
 mitbbs.com
@@ -3864,7 +3850,6 @@ newnews.ca
 news.cnyes.com
 news.ebc.net.tw
 news.msn.com.tw
-news.mt.co.kr
 news.nationalgeographic.com
 news.omy.sg
 news.seehua.com
@@ -3919,10 +3904,6 @@ nic.gov
 nicovideo.jp
 nighost.org
 nightswatch.top
-nikke-en.com
-nikke-jp.com
-nikke-kr.com
-nikke.hotcool.tw
 nikkei.com
 ninecommentaries.com
 ninjacloak.com
@@ -3944,7 +3925,6 @@ no-ip.org
 nobel.se
 nobelprize.org
 nobodycanstop.us
-nodeloc.com
 nodeseek.com
 nofile.io
 nokogiri.org
@@ -3956,7 +3936,6 @@ nordstromimage.com
 nordstromrack.com
 nordvpn.com
 nos.nl
-notebooklm.google
 notepad-plus-plus.org
 nottinghampost.com
 novelasia.com
@@ -4105,7 +4084,7 @@ ontrac.com
 oopsforum.com
 open.com.hk
 open.firstory.me
-openai.com
+open.spotify.com
 openallweb.com
 opendemocracy.net
 opendn.xyz
@@ -4290,7 +4269,6 @@ pkqjiasu.com
 pkuanvil.com
 placemix.com
 play-asia.com
-play.google
 playboy.com
 playboyplus.com
 player.fm
@@ -4427,7 +4405,6 @@ pullfolio.com
 punyu.com
 pure18.com
 pureconcepts.net
-puredns.org
 pureinsight.org
 purepdf.com
 purevpn.com
@@ -4461,7 +4438,6 @@ qienkuen.org
 qiwen.lu
 qixianglu.cn
 qkshare.com
-qmp4.com
 qoos.com
 qpoe.com
 qq.co.za
@@ -4621,19 +4597,16 @@ rthk.org.hk
 rthklive2-lh.akamaihd.net
 rti.org.tw
 rti.tw
-rtm.tnt-ea.com
 rtycminnesota.org
 ruanyifeng.com
 rukor.org
 rule34.xxx
-rule34video.com
 rumble.com
 runbtx.com
 rushbee.com
 rusvpn.com
 ruten.com.tw
 rutracker.net
-rutracker.org
 rutube.ru
 ruyiseek.com
 rxhj.net
@@ -4824,7 +4797,6 @@ simplecd.me
 simplecd.org
 simpleproductivityblog.com
 simpleswap.io
-simplex.chat
 sinchew.com.my
 singaporepools.com.sg
 singfortibet.com
@@ -4974,7 +4946,6 @@ spiderpool.com
 spike.com
 sports.williamhill.com
 spotflux.com
-spotify.com
 spreadsheet.new
 spreadshirt.es
 spreaker.com
@@ -5065,7 +5036,6 @@ studentsforafreetibet.org
 stumbleupon.com
 stupidvideos.com
 subacme.rerouted.org
-subhd.tv
 substack.com
 successfn.com
 suche.gmx.net
@@ -5216,7 +5186,6 @@ teeniefuck.net
 teensinasia.com
 tehrantimes.com
 telecomspace.com
-telega.one
 telegra.ph
 telegram-cdn.org
 telegram.dog
@@ -5226,7 +5195,6 @@ telegram.space
 telegramdownload.com
 telegraph.co.uk
 telesco.pe
-tellapart.com
 tellme.pw
 tenacy.com
 tenor.com
@@ -5240,7 +5208,6 @@ tfc-taiwan.org.tw
 tfhub.dev
 tfiflve.com
 tg-me.com
-tg.dev
 th.hao123.com
 thaicn.com
 thb.gov.tw
@@ -5298,7 +5265,6 @@ thlib.org
 thomasbernhard.org
 thongdreams.com
 threadreaderapp.com
-threads.com
 threads.net
 threatchaos.com
 throughnightsfire.com
@@ -5403,7 +5369,6 @@ ticket.com.tw
 tigervpn.com
 tiktok.com
 tiktokcdn-us.com
-tiktokcdn.com
 tiktokv.com
 tiktokv.us
 tiltbrush.com
@@ -5673,7 +5638,6 @@ twtrland.com
 twttr.com
 twurl.nl
 twyac.org
-tx.me
 txxx.com
 tycool.com
 typepad.com
@@ -5839,7 +5803,6 @@ video.aol.ca
 video.aol.co.uk
 video.aol.com
 video.ap.org
-video.fdbox.com
 video.foxbusiness.com
 videobam.com
 videodetective.com
@@ -6418,13 +6381,8 @@ yyii.org
 yyjlymb.xyz
 yysub.net
 yzzk.com
-z-lib.fm
-z-lib.fo
-z-lib.gd
-z-lib.gl
 z-lib.io
 z-lib.org
-z-library.sk
 zacebook.com
 zalmos.com
 zamimg.com
@@ -6487,7 +6445,6 @@ zkaip.com
 zmedia.com.tw
 zmw.cn
 zodgame.us
-zodgame.xyz
 zomobo.net
 zonaeuropa.com
 zonghexinwen.com

luci-app-homeproxy/root/etc/homeproxy/resources/gfw_list.ver

@@ -1 +1 @@
-202505122213
+202504022212

luci-app-homeproxy/root/etc/homeproxy/scripts/generate_client.uc

@@ -327,6 +327,7 @@ function get_outbound(cfg) {
 	} else {
 		switch (cfg) {
 		case 'block-out':
+			return null;
 		case 'direct-out':
 			return cfg;
 		default:
@@ -347,6 +348,7 @@ function get_resolver(cfg) {
 
 	switch (cfg) {
 	case 'block-dns':
+		return null;
 	case 'default-dns':
 	case 'system-dns':
 		return cfg;
@@ -389,10 +391,6 @@ config.dns = {
 			tag: 'system-dns',
 			address: 'local',
 			detour: 'direct-out'
-		},
-		{
-			tag: 'block-dns',
-			address: 'rcode://name_error'
 		}
 	],
 	rules: [],
@@ -607,10 +605,6 @@ config.outbounds = [
 		type: 'direct',
 		tag: 'direct-out',
 		routing_mark: strToInt(self_mark)
-	},
-	{
-		type: 'block',
-		tag: 'block-out'
 	}
 ];
 

luci-app-homeproxy/root/etc/homeproxy/scripts/migrate_config.uc

@@ -53,6 +53,15 @@ if (uci.get(uciconfig, ucimain, 'routing_port') === 'all')
 if (uci.get(uciconfig, 'experimental'))
 	uci.delete(uciconfig, 'experimental');
 
+/* block-dns was removed from built-in dns servers */
+if (uci.get(uciconfig, ucidns, 'default_server') === 'block-dns')
+	uci.set(uciconfig, ucidns, 'default_server', 'default-dns');
+
+/* block-out was removed from built-in outbounds */
+if (uci.get(uciconfig, ucirouting, 'default_outbound') === 'block-out')
+	uci.set(uciconfig, ucirouting, 'default_outbound', 'nil');
+
+
 /* DNS rules options */
 uci.foreach(uciconfig, ucidnsrule, (cfg) => {
 	/* rule_set_ipcidr_match_source was renamed in sb 1.10 */

luci-app-nikki/Makefile

@@ -1,6 +1,6 @@
 include $(TOPDIR)/rules.mk
 
-PKG_VERSION:=1.22.3
+PKG_VERSION:=1.22.2
 
 LUCI_TITLE:=LuCI Support for nikki
 LUCI_DEPENDS:=+luci-base +nikki

luci-app-passwall/Makefile

@@ -6,7 +6,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-passwall
-PKG_VERSION:=25.5.16
+PKG_VERSION:=25.5.8
 PKG_RELEASE:=1
 
 PKG_CONFIG_DEPENDS:= \

luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua

@@ -312,10 +312,7 @@ o.default = "0"
 o:depends({ _tcp_node_bool = "1" })
 
 ---- DNS Forward Mode
-o = s:option(ListValue, "dns_mode", translate("Filter Mode"),
+o = s:option(ListValue, "dns_mode", translate("Filter Mode"))
-			 "<font color='red'>" .. translate(
-				 "If the node uses Xray/Sing-Box shunt, select the matching filter mode (Xray/Sing-Box).") ..
-				 "</font>")
 o:depends({ _tcp_node_bool = "1" })
 if api.is_finded("dns2socks") then
 	o:value("dns2socks", "dns2socks")

luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua

@@ -381,10 +381,7 @@ o = s:taboption("DNS", Flag, "filter_proxy_ipv6", translate("Filter Proxy Host I
 o.default = "0"
 
 ---- DNS Forward Mode
-o = s:taboption("DNS", ListValue, "dns_mode", translate("Filter Mode"),
+o = s:taboption("DNS", ListValue, "dns_mode", translate("Filter Mode"))
-			 "<font color='red'>" .. translate(
-				 "If the node uses Xray/Sing-Box shunt, select the matching filter mode (Xray/Sing-Box).") ..
-				 "</font>")
 o:value("udp", translatef("Requery DNS By %s", "UDP"))
 o:value("tcp", translatef("Requery DNS By %s", "TCP"))
 if chinadns_tls == 0 then
@@ -405,10 +402,7 @@ end
 
 ---- SmartDNS Forward Mode
 if api.is_finded("smartdns") then
-	o = s:taboption("DNS", ListValue, "smartdns_dns_mode", translate("Filter Mode"),
+	o = s:taboption("DNS", ListValue, "smartdns_dns_mode", translate("Filter Mode"))
-				 "<font color='red'>" .. translate(
-					 "If the node uses Xray/Sing-Box shunt, select the matching filter mode (Xray/Sing-Box).") ..
-					 "</font>")
 	o:value("socks", "Socks")
 	if has_singbox then
 		o:value("sing-box", "Sing-Box")
@@ -459,21 +453,6 @@ if api.is_finded("smartdns") then
 		end
 		return DynamicList.write(self, section, t)
 	end
-	function o.validate(self, value) --禁止私有IP
-		if type(value) == "table" then
-			for _, v in ipairs(value) do
-				if v:match("127%.0%.0%.") or
-				   v:match("192%.168%.") or
-				   v:match("10%.") or
-				   v:match("172%.1[6-9]%.") or
-				   v:match("172%.2[0-9]%.") or
-				   v:match("172%.3[0-1]%.") then
-					return nil, translatef("Private IPs are not allowed: %s", v)
-				end
-			end
-		end
-		return value
-	end
 end
 
 o = s:taboption("DNS", ListValue, "xray_dns_mode", translate("Request protocol"))

luci-app-passwall/luasrc/model/cbi/passwall/client/type/sing-box.lua

@@ -329,10 +329,6 @@ o:value("xtls-rprx-vision")
 o:depends({ [_n("protocol")] = "vless", [_n("tls")] = true })
 
 if singbox_tags:find("with_quic") then
-	o = s:option(Value, _n("hysteria_hop"), translate("Port hopping range"))
-	o.description = translate("Format as 1000:2000 or 1000-2000 Multiple groups are separated by commas (,).")
-	o:depends({ [_n("protocol")] = "hysteria" })
-
 	o = s:option(Value, _n("hysteria_obfs"), translate("Obfs Password"))
 	o:depends({ [_n("protocol")] = "hysteria" })
 

luci-app-passwall/luasrc/passwall/util_sing-box.lua

@@ -84,7 +84,6 @@ function gen_outbound(flag, node, tag, proxy_table)
 		local run_socks_instance = true
 		if proxy_table ~= nil and type(proxy_table) == "table" then
 			proxy_tag = proxy_table.tag or nil
-			run_socks_instance = proxy_table.run_socks_instance
 		end
 
 		if node.type ~= "sing-box" then
@@ -351,18 +350,7 @@ function gen_outbound(flag, node, tag, proxy_table)
 		end
 
 		if node.protocol == "hysteria" then
-			local server_ports = {}
-			if node.hysteria_hop then
-				node.hysteria_hop = string.gsub(node.hysteria_hop, "-", ":")
-				for range in node.hysteria_hop:gmatch("([^,]+)") do
-					if range:match("^%d+:%d+$") then
-						table.insert(server_ports, range)
-					end
-				end
-			end
 			protocol_table = {
-				server_ports = next(server_ports) and server_ports or nil,
-				hop_interval = next(server_ports) and "30s" or nil,
 				up_mbps = tonumber(node.hysteria_up_mbps),
 				down_mbps = tonumber(node.hysteria_down_mbps),
 				obfs = node.hysteria_obfs,
@@ -459,9 +447,6 @@ function gen_outbound(flag, node, tag, proxy_table)
 		if node.protocol == "anytls" then
 			protocol_table = {
 				password = (node.password and node.password ~= "") and node.password or "",
-				idle_session_check_interval = "30s",
-				idle_session_timeout = "30s",
-				min_idle_session = 5,
 				tls = tls
 			}
 		end
@@ -1026,7 +1011,7 @@ function gen_config(var)
 				end
 				if is_new_ut_node then
 					local ut_node = uci:get_all(appname, ut_node_id)
-					local outbound = gen_outbound(flag, ut_node, ut_node_tag, { run_socks_instance = not no_run })
+					local outbound = gen_outbound(flag, ut_node, ut_node_tag)
 					if outbound then
 						outbound.tag = outbound.tag .. ":" .. ut_node.remarks
 						table.insert(outbounds, outbound)
@@ -1442,7 +1427,7 @@ function gen_config(var)
 				sys.call(string.format("mkdir -p %s && touch %s/%s", api.TMP_IFACE_PATH, api.TMP_IFACE_PATH, node.iface))
 			end
 		else
-			local outbound = gen_outbound(flag, node, nil, { run_socks_instance = not no_run })
+			local outbound = gen_outbound(flag, node)
 			if outbound then
 				outbound.tag = outbound.tag .. ":" .. node.remarks
 				COMMON.default_outbound_tag, last_insert_outbound = set_outbound_detour(node, outbound, outbounds)

luci-app-passwall/luasrc/passwall/util_xray.lua

@@ -62,7 +62,6 @@ function gen_outbound(flag, node, tag, proxy_table)
 			proxy_tag = proxy_table.tag or nil
 			fragment = proxy_table.fragment or nil
 			noise = proxy_table.noise or nil
-			run_socks_instance = proxy_table.run_socks_instance
 		end
 
 		if node.type ~= "Xray" then
@@ -166,9 +165,9 @@ function gen_outbound(flag, node, tag, proxy_table)
 					spiderX = node.reality_spiderX or "/",
 					fingerprint = (node.type == "Xray" and node.fingerprint and node.fingerprint ~= "") and node.fingerprint or "chrome"
 				} or nil,
-				rawSettings = ((node.transport == "raw" or node.transport == "tcp") and node.protocol ~= "socks" and (node.tcp_guise and node.tcp_guise ~= "none")) and {
+				rawSettings = ((node.transport == "raw" or node.transport == "tcp") and node.protocol ~= "socks") and {
 					header = {
-						type = node.tcp_guise,
+						type = node.tcp_guise or "none",
 						request = (node.tcp_guise == "http") and {
 							path = node.tcp_guise_http_path or {"/"},
 							headers = {
@@ -736,7 +735,7 @@ function gen_config(var)
 				end
 				if is_new_blc_node then
 					local blc_node = uci:get_all(appname, blc_node_id)
-					local outbound = gen_outbound(flag, blc_node, blc_node_tag, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.noise == "1" or nil, run_socks_instance = not no_run })
+					local outbound = gen_outbound(flag, blc_node, blc_node_tag, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.noise == "1" or nil })
 					if outbound then
 						outbound.tag = outbound.tag .. ":" .. blc_node.remarks
 						table.insert(outbounds, outbound)
@@ -762,7 +761,7 @@ function gen_config(var)
 				if is_new_node then
 					local fallback_node = uci:get_all(appname, fallback_node_id)
 					if fallback_node.protocol ~= "_balancing" then
-						local outbound = gen_outbound(flag, fallback_node, fallback_node_id, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.noise == "1" or nil, run_socks_instance = not no_run })
+						local outbound = gen_outbound(flag, fallback_node, fallback_node_id, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.noise == "1" or nil })
 						if outbound then
 							outbound.tag = outbound.tag .. ":" .. fallback_node.remarks
 							table.insert(outbounds, outbound)
@@ -1141,7 +1140,7 @@ function gen_config(var)
 				sys.call(string.format("mkdir -p %s && touch %s/%s", api.TMP_IFACE_PATH, api.TMP_IFACE_PATH, node.iface))
 			end
 		else
-			local outbound = gen_outbound(flag, node, nil, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.fragment == "1" or nil, run_socks_instance = not no_run })
+			local outbound = gen_outbound(flag, node, nil, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.fragment == "1" or nil })
 			if outbound then
 				outbound.tag = outbound.tag .. ":" .. node.remarks
 				COMMON.default_outbound_tag, last_insert_outbound = set_outbound_detour(node, outbound, outbounds)

luci-app-passwall/luasrc/view/passwall/node_list/link_share_man.htm

@@ -253,6 +253,10 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
 					}
 					if (opt.get(dom_prefix + "reality") && opt.get(dom_prefix + "reality").checked) {
 						v_security = "reality";
+						if (opt.get(dom_prefix + "fingerprint") && opt.get(dom_prefix + "fingerprint").value != "") {
+							let v_fp = opt.get(dom_prefix + "fingerprint").value;
+							params += "&fp=" + v_fp;
+						}
 						params += opt.query("pbk", dom_prefix + "reality_publicKey");
 						params += opt.query("sid", dom_prefix + "reality_shortId");
 						params += opt.query("spx", dom_prefix + "reality_spiderX");
@@ -399,6 +403,10 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
 				}
 				if (opt.get(dom_prefix + "reality") && opt.get(dom_prefix + "reality").checked) {
 					v_security = "reality";
+					if (opt.get(dom_prefix + "fingerprint") && opt.get(dom_prefix + "fingerprint").value != "") {
+						let v_fp = opt.get(dom_prefix + "fingerprint").value;
+						params += "&fp=" + v_fp;
+					}
 					params += opt.query("pbk", dom_prefix + "reality_publicKey");
 					params += opt.query("sid", dom_prefix + "reality_shortId");
 					params += opt.query("spx", dom_prefix + "reality_spiderX");
@@ -465,6 +473,10 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
 				}
 				if (opt.get(dom_prefix + "reality") && opt.get(dom_prefix + "reality").checked) {
 					v_security = "reality";
+					if (opt.get(dom_prefix + "fingerprint") && opt.get(dom_prefix + "fingerprint").value != "") {
+						let v_fp = opt.get(dom_prefix + "fingerprint").value;
+						params += "&fp=" + v_fp;
+					}
 					params += opt.query("pbk", dom_prefix + "reality_publicKey");
 					params += opt.query("sid", dom_prefix + "reality_shortId");
 					params += opt.query("spx", dom_prefix + "reality_spiderX");
@@ -532,7 +544,6 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
 			params += opt.query("sni", dom_prefix + "tls_serverName");
 			params += opt.query("alpn", dom_prefix + "tuic_alpn");
 			params += opt.query("congestion_control", dom_prefix + "tuic_congestion_control");
-			params += opt.query("udp_relay_mode", dom_prefix + "tuic_udp_relay_mode");
 			params += opt.query("allowinsecure", dom_prefix + "tls_allowInsecure");
 
 			params += "#" + encodeURI(v_alias.value);
@@ -557,6 +568,10 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
 				}
 				if (opt.get(dom_prefix + "reality") && opt.get(dom_prefix + "reality").checked) {
 					v_security = "reality";
+					if (opt.get(dom_prefix + "fingerprint") && opt.get(dom_prefix + "fingerprint").value != "") {
+						let v_fp = opt.get(dom_prefix + "fingerprint").value;
+						params += "&fp=" + v_fp;
+					}
 					params += opt.query("pbk", dom_prefix + "reality_publicKey");
 					params += opt.query("sid", dom_prefix + "reality_shortId");
 				}
@@ -1422,7 +1437,6 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
 				}
 			}
 			opt.set(dom_prefix + 'tuic_congestion_control', queryParam.congestion_control || 'cubic');
-			opt.set(dom_prefix + 'tuic_udp_relay_mode', queryParam.udp_relay_mode || 'native');
 			opt.set(dom_prefix + 'tuic_alpn', queryParam.alpn || 'default');
 			opt.set(dom_prefix + 'tls_serverName', queryParam.sni || '');
 			opt.set(dom_prefix + 'tls_allowInsecure', true);

luci-app-passwall/po/zh-cn/passwall.po

@@ -118,15 +118,9 @@ msgstr "国内分组名"
 msgid "You only need to configure domestic DNS packets in SmartDNS and set it redirect or as Dnsmasq upstream, and fill in the domestic DNS group name here."
 msgstr "您只需要在SmartDNS配置好国内DNS分组，并设置重定向或作为Dnsmasq上游，此处填入国内DNS分组名。"
 
-msgid "Private IPs are not allowed: %s"
-msgstr "不允许使用私有 IP 地址：%s"
-
 msgid "Filter Mode"
 msgstr "过滤模式"
 
-msgid "If the node uses Xray/Sing-Box shunt, select the matching filter mode (Xray/Sing-Box)."
-msgstr "当节点使用 Xray/Sing-Box 分流时，过滤模式需对应选择 Xray/Sing-Box 。"
-
 msgid "A/AAAA type"
 msgstr "A/AAAA 类型"
 

luci-app-passwall/root/usr/share/passwall/haproxy.lua

@@ -1,239 +1,239 @@
-#!/usr/bin/lua
+#!/usr/bin/lua
-
+
-local api = require ("luci.passwall.api")
+local api = require ("luci.passwall.api")
-local appname = "passwall"
+local appname = "passwall"
-local fs = api.fs
+local fs = api.fs
-local jsonc = api.jsonc
+local jsonc = api.jsonc
-local uci = api.uci
+local uci = api.uci
-local sys = api.sys
+local sys = api.sys
-
+
-local log = function(...)
+local log = function(...)
-	api.log(...)
+	api.log(...)
-end
+end
-
+
-function get_ip_port_from(str)
+function get_ip_port_from(str)
-	local result_port = sys.exec("echo -n " .. str .. " | sed -n 's/^.*[:#]\\([0-9]*\\)$/\\1/p'")
+	local result_port = sys.exec("echo -n " .. str .. " | sed -n 's/^.*[:#]\\([0-9]*\\)$/\\1/p'")
-	local result_ip = sys.exec(string.format("__host=%s;__varport=%s;", str, result_port) .. "echo -n ${__host%%${__varport:+[:#]${__varport}*}}")
+	local result_ip = sys.exec(string.format("__host=%s;__varport=%s;", str, result_port) .. "echo -n ${__host%%${__varport:+[:#]${__varport}*}}")
-	return result_ip, result_port
+	return result_ip, result_port
-end
+end
-
+
-local new_port
+local new_port
-local function get_new_port()
+local function get_new_port()
-	if new_port then
+	if new_port then
-		new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port %s tcp)", appname, new_port + 1)))
+		new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port %s tcp)", appname, new_port + 1)))
-	else
+	else
-		new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port auto tcp)", appname)))
+		new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port auto tcp)", appname)))
-	end
+	end
-	return new_port
+	return new_port
-end
+end
-
+
-local var = api.get_args(arg)
+local var = api.get_args(arg)
-local haproxy_path = var["-path"]
+local haproxy_path = var["-path"]
-local haproxy_conf = var["-conf"]
+local haproxy_conf = var["-conf"]
-local haproxy_dns = var["-dns"] or "119.29.29.29:53,223.5.5.5:53"
+local haproxy_dns = var["-dns"] or "119.29.29.29:53,223.5.5.5:53"
-
+
-local cpu_thread = sys.exec('echo -n $(cat /proc/cpuinfo | grep "processor" | wc -l)') or "1"
+local cpu_thread = sys.exec('echo -n $(cat /proc/cpuinfo | grep "processor" | wc -l)') or "1"
-local health_check_type = uci:get(appname, "@global_haproxy[0]", "health_check_type") or "tcp"
+local health_check_type = uci:get(appname, "@global_haproxy[0]", "health_check_type") or "tcp"
-local health_check_inter = uci:get(appname, "@global_haproxy[0]", "health_check_inter") or "10"
+local health_check_inter = uci:get(appname, "@global_haproxy[0]", "health_check_inter") or "10"
-local console_port = uci:get(appname, "@global_haproxy[0]", "console_port")
+local console_port = uci:get(appname, "@global_haproxy[0]", "console_port")
-local bind_local = uci:get(appname, "@global_haproxy[0]", "bind_local") or "0"
+local bind_local = uci:get(appname, "@global_haproxy[0]", "bind_local") or "0"
-local bind_address = "0.0.0.0"
+local bind_address = "0.0.0.0"
-if bind_local == "1" then bind_address = "127.0.0.1" end
+if bind_local == "1" then bind_address = "127.0.0.1" end
-
+
-log("HAPROXY 负载均衡：")
+log("HAPROXY 负载均衡：")
-log(string.format("  * 控制台端口：%s", console_port))
+log(string.format("  * 控制台端口：%s", console_port))
-fs.mkdir(haproxy_path)
+fs.mkdir(haproxy_path)
-local haproxy_file = haproxy_path .. "/" .. haproxy_conf
+local haproxy_file = haproxy_path .. "/" .. haproxy_conf
-
+
-local f_out = io.open(haproxy_file, "a")
+local f_out = io.open(haproxy_file, "a")
-
+
-local haproxy_config = [[
+local haproxy_config = [[
-global
+global
-	daemon
+	daemon
-	log         127.0.0.1 local2
+	log         127.0.0.1 local2
-	maxconn     60000
+	maxconn     60000
-	stats socket  {{path}}/haproxy.sock
+	stats socket  {{path}}/haproxy.sock
-	nbthread {{nbthread}}
+	nbthread {{nbthread}}
-	external-check
+	external-check
-	insecure-fork-wanted
+	insecure-fork-wanted
-
+
-defaults
+defaults
-	mode                    tcp
+	mode                    tcp
-	log                     global
+	log                     global
-	option                  tcplog
+	option                  tcplog
-	option                  dontlognull
+	option                  dontlognull
-	option http-server-close
+	option http-server-close
-	#option forwardfor       except 127.0.0.0/8
+	#option forwardfor       except 127.0.0.0/8
-	option                  redispatch
+	option                  redispatch
-	retries                 2
+	retries                 2
-	timeout http-request    10s
+	timeout http-request    10s
-	timeout queue           1m
+	timeout queue           1m
-	timeout connect         10s
+	timeout connect         10s
-	timeout client          1m
+	timeout client          1m
-	timeout server          1m
+	timeout server          1m
-	timeout http-keep-alive 10s
+	timeout http-keep-alive 10s
-	timeout check           10s
+	timeout check           10s
-	maxconn                 3000
+	maxconn                 3000
-	
+	
-resolvers mydns
+resolvers mydns
-	resolve_retries       1
+	resolve_retries       1
-	timeout resolve       5s
+	timeout resolve       5s
-	hold valid           600s
+	hold valid           600s
-{{dns}}
+{{dns}}
-]]
+]]
-
+
-haproxy_config = haproxy_config:gsub("{{path}}",  haproxy_path)
+haproxy_config = haproxy_config:gsub("{{path}}",  haproxy_path)
-haproxy_config = haproxy_config:gsub("{{nbthread}}",  cpu_thread)
+haproxy_config = haproxy_config:gsub("{{nbthread}}",  cpu_thread)
-
+
-local mydns = ""
+local mydns = ""
-local index = 0
+local index = 0
-string.gsub(haproxy_dns, '[^' .. "," .. ']+', function(w)
+string.gsub(haproxy_dns, '[^' .. "," .. ']+', function(w)
-	index = index + 1
+	index = index + 1
-	local s = w:gsub("#", ":")
+	local s = w:gsub("#", ":")
-	if not s:find(":") then
+	if not s:find(":") then
-		s = s .. ":53"
+		s = s .. ":53"
-	end
+	end
-	mydns = mydns .. (index > 1 and "\n" or "") .. "	" .. string.format("nameserver dns%s %s", index, s)
+	mydns = mydns .. (index > 1 and "\n" or "") .. "	" .. string.format("nameserver dns%s %s", index, s)
-end)
+end)
-haproxy_config = haproxy_config:gsub("{{dns}}",  mydns)
+haproxy_config = haproxy_config:gsub("{{dns}}",  mydns)
-
+
-f_out:write(haproxy_config)
+f_out:write(haproxy_config)
-
+
-local listens = {}
+local listens = {}
-
+
-uci:foreach(appname, "haproxy_config", function(t)
+uci:foreach(appname, "haproxy_config", function(t)
-	if t.enabled == "1" then
+	if t.enabled == "1" then
-		local server_remark
+		local server_remark
-		local server_address
+		local server_address
-		local server_port
+		local server_port
-		local lbss = t.lbss
+		local lbss = t.lbss
-		local listen_port = tonumber(t.haproxy_port) or 0
+		local listen_port = tonumber(t.haproxy_port) or 0
-		local server_node = uci:get_all(appname, lbss)
+		local server_node = uci:get_all(appname, lbss)
-		if server_node and server_node.address and server_node.port then
+		if server_node and server_node.address and server_node.port then
-			server_remark = server_node.address .. ":" .. server_node.port
+			server_remark = server_node.address .. ":" .. server_node.port
-			server_address = server_node.address
+			server_address = server_node.address
-			server_port = server_node.port
+			server_port = server_node.port
-			t.origin_address = server_address
+			t.origin_address = server_address
-			t.origin_port = server_port
+			t.origin_port = server_port
-			if health_check_type == "passwall_logic" then
+			if health_check_type == "passwall_logic" then
-				if server_node.type ~= "Socks" then
+				if server_node.type ~= "Socks" then
-					local relay_port = server_node.port
+					local relay_port = server_node.port
-					new_port = get_new_port()
+					new_port = get_new_port()
-					local config_file = string.format("haproxy_%s_%s.json", t[".name"], new_port)
+					local config_file = string.format("haproxy_%s_%s.json", t[".name"], new_port)
-					sys.call(string.format('/usr/share/%s/app.sh run_socks "%s"> /dev/null',
+					sys.call(string.format('/usr/share/%s/app.sh run_socks "%s"> /dev/null',
-						appname,
+						appname,
-						string.format("flag=%s node=%s bind=%s socks_port=%s config_file=%s",
+						string.format("flag=%s node=%s bind=%s socks_port=%s config_file=%s",
-							new_port, --flag
+							new_port, --flag
-							server_node[".name"], --node
+							server_node[".name"], --node
-							"127.0.0.1", --bind
+							"127.0.0.1", --bind
-							new_port, --socks port
+							new_port, --socks port
-							config_file --config file
+							config_file --config file
-							)
+							)
-						)
+						)
-					)
+					)
-					server_address = "127.0.0.1"
+					server_address = "127.0.0.1"
-					server_port = new_port
+					server_port = new_port
-				end
+				end
-			end
+			end
-		else
+		else
-			server_address, server_port = get_ip_port_from(lbss)
+			server_address, server_port = get_ip_port_from(lbss)
-			server_remark = server_address .. ":" .. server_port
+			server_remark = server_address .. ":" .. server_port
-			t.origin_address = server_address
+			t.origin_address = server_address
-			t.origin_port = server_port
+			t.origin_port = server_port
-		end
+		end
-		if server_address and server_port and listen_port > 0 then
+		if server_address and server_port and listen_port > 0 then
-			if not listens[listen_port] then
+			if not listens[listen_port] then
-				listens[listen_port] = {}
+				listens[listen_port] = {}
-			end
+			end
-			t.server_remark = server_remark
+			t.server_remark = server_remark
-			t.server_address = server_address
+			t.server_address = server_address
-			t.server_port = server_port
+			t.server_port = server_port
-			table.insert(listens[listen_port], t)
+			table.insert(listens[listen_port], t)
-		else
+		else
-			log("  - 丢弃1个明显无效的节点")
+			log("  - 丢弃1个明显无效的节点")
-		end
+		end
-	end
+	end
-end)
+end)
-
+
-local sortTable = {}
+local sortTable = {}
-for i in pairs(listens) do
+for i in pairs(listens) do
-	if i ~= nil then
+	if i ~= nil then
-		table.insert(sortTable, i)
+		table.insert(sortTable, i)
-	end
+	end
-end
+end
-table.sort(sortTable, function(a,b) return (a < b) end)
+table.sort(sortTable, function(a,b) return (a < b) end)
-
+
-for i, port in pairs(sortTable) do
+for i, port in pairs(sortTable) do
-	log("  +  入口 %s:%s" % {bind_address, port})
+	log("  +  入口 %s:%s" % {bind_address, port})
-
+
-	f_out:write("\n" .. string.format([[
+	f_out:write("\n" .. string.format([[
-listen %s
+listen %s
-	bind %s:%s
+	bind %s:%s
-	mode tcp
+	mode tcp
-	balance roundrobin
+	balance roundrobin
-]], port, bind_address, port))
+]], port, bind_address, port))
-
+
-	if health_check_type == "passwall_logic" then
+	if health_check_type == "passwall_logic" then
-		f_out:write(string.format([[
+		f_out:write(string.format([[
-	option external-check
+	option external-check
-	external-check command "/usr/share/passwall/haproxy_check.sh"
+	external-check command "/usr/share/passwall/haproxy_check.sh"
-]], port, port))
+]], port, port))
-	end
+	end
-
+
-	local count_M, count_B = 1, 1
+	local count_M, count_B = 1, 1
-	for i, o in ipairs(listens[port]) do
+	for i, o in ipairs(listens[port]) do
-		local remark = o.server_remark or ""
+		local remark = o.server_remark or ""
-		-- 防止重名导致无法运行
+		-- 防止重名导致无法运行
-		if tostring(o.backup) ~= "1" then
+		if tostring(o.backup) ~= "1" then
-			remark = "M" .. count_M .. "-" .. remark
+			remark = "M" .. count_M .. "-" .. remark
-			count_M = count_M + 1
+			count_M = count_M + 1
-		else
+		else
-			remark = "B" .. count_B .. "-" .. remark
+			remark = "B" .. count_B .. "-" .. remark
-			count_B = count_B + 1
+			count_B = count_B + 1
-		end
+		end
-		local server = o.server_address .. ":" .. o.server_port
+		local server = o.server_address .. ":" .. o.server_port
-		local server_conf = "server {{remark}} {{server}} weight {{weight}} {{resolvers}} check inter {{inter}} rise 1 fall 3 {{backup}}"
+		local server_conf = "server {{remark}} {{server}} weight {{weight}} {{resolvers}} check inter {{inter}} rise 1 fall 3 {{backup}}"
-		server_conf = server_conf:gsub("{{remark}}", remark)
+		server_conf = server_conf:gsub("{{remark}}", remark)
-		server_conf = server_conf:gsub("{{server}}", server)
+		server_conf = server_conf:gsub("{{server}}", server)
-		server_conf = server_conf:gsub("{{weight}}", o.lbweight)
+		server_conf = server_conf:gsub("{{weight}}", o.lbweight)
-		local resolvers = "resolvers mydns"
+		local resolvers = "resolvers mydns"
-		if api.is_ip(o.server_address) then
+		if api.is_ip(o.server_address) then
-			resolvers = ""
+			resolvers = ""
-		end
+		end
-		server_conf = server_conf:gsub("{{resolvers}}", resolvers)
+		server_conf = server_conf:gsub("{{resolvers}}", resolvers)
-		server_conf = server_conf:gsub("{{inter}}", tonumber(health_check_inter) .. "s")
+		server_conf = server_conf:gsub("{{inter}}", tonumber(health_check_inter) .. "s")
-		server_conf = server_conf:gsub("{{backup}}", tostring(o.backup) == "1" and "backup" or "")
+		server_conf = server_conf:gsub("{{backup}}", tostring(o.backup) == "1" and "backup" or "")
-
+
-		f_out:write("	" .. server_conf .. "\n")
+		f_out:write("	" .. server_conf .. "\n")
-
+
-		if o.export ~= "0" then
+		if o.export ~= "0" then
-			sys.call(string.format("/usr/share/passwall/app.sh add_ip2route %s %s", o.origin_address, o.export))
+			sys.call(string.format("/usr/share/passwall/app.sh add_ip2route %s %s", o.origin_address, o.export))
-		end
+		end
-
+
-		log(string.format("  | - 出口节点：%s:%s，权重：%s", o.origin_address, o.origin_port, o.lbweight))
+		log(string.format("  | - 出口节点：%s:%s，权重：%s", o.origin_address, o.origin_port, o.lbweight))
-	end
+	end
-end
+end
-
+
---控制台配置
+--控制台配置
-local console_user = uci:get(appname, "@global_haproxy[0]", "console_user")
+local console_user = uci:get(appname, "@global_haproxy[0]", "console_user")
-local console_password = uci:get(appname, "@global_haproxy[0]", "console_password")
+local console_password = uci:get(appname, "@global_haproxy[0]", "console_password")
-local str = [[
+local str = [[
-listen console
+listen console
-	bind 0.0.0.0:%s
+	bind 0.0.0.0:%s
-	mode http
+	mode http
-	stats refresh 30s
+	stats refresh 30s
-	stats uri /
+	stats uri /
-	stats admin if TRUE
+	stats admin if TRUE
-	%s
+	%s
-]]
+]]
-f_out:write("\n" .. string.format(str, console_port, (console_user and console_user ~= "" and console_password and console_password ~= "") and "stats auth " .. console_user .. ":" .. console_password or ""))
+f_out:write("\n" .. string.format(str, console_port, (console_user and console_user ~= "" and console_password and console_password ~= "") and "stats auth " .. console_user .. ":" .. console_password or ""))
-
+
-f_out:close()
+f_out:close()
-
+
---passwall内置健康检查URL
+--passwall内置健康检查URL
-if health_check_type == "passwall_logic" then
+if health_check_type == "passwall_logic" then
-	local probeUrl = uci:get(appname, "@global_haproxy[0]", "health_probe_url") or "https://www.google.com/generate_204"
+	local probeUrl = uci:get(appname, "@global_haproxy[0]", "health_probe_url") or "https://www.google.com/generate_204"
-	local f_url = io.open(haproxy_path .. "/Probe_URL", "w")
+	local f_url = io.open(haproxy_path .. "/Probe_URL", "w")
-	f_url:write(probeUrl)
+	f_url:write(probeUrl)
-	f_url:close()
+	f_url:close()
-end
+end

luci-app-passwall/root/usr/share/passwall/haproxy_check.sh

@@ -1,7 +1,5 @@
 #!/bin/sh
 
-export PATH=/usr/sbin:/usr/bin:/sbin:/bin:/root/bin
-
 listen_address=$1
 listen_port=$2
 server_address=$3
@@ -19,7 +17,7 @@ if /usr/bin/curl --help all | grep -q "\-\-retry-all-errors"; then
 	extra_params="${extra_params} --retry-all-errors"
 fi
 
-status=$(/usr/bin/curl -I -o /dev/null -skL ${extra_params} --connect-timeout 3 --retry 1 --max-time 10 -w "%{http_code}" "${probeUrl}")
+status=$(/usr/bin/curl -I -o /dev/null -skL ${extra_params} --connect-timeout 3 --retry 1 -w "%{http_code}" "${probeUrl}")
 
 case "$status" in
 	200|204)

luci-app-passwall/root/usr/share/passwall/helper_smartdns_add.lua

@@ -168,23 +168,6 @@ config_lines = {
 	DNS_MODE == "socks" and string.format("proxy-server socks5://%s -name %s", REMOTE_PROXY_SERVER, proxy_server_name) or nil
 }
 if DNS_MODE == "socks" then
-	local found_private = false
-	for dns in string.gmatch(REMOTE_DNS, "([^|]+)") do
-		-- 判断是否为私有地址
-		if dns:match("127%.0%.0%.") or
-		   dns:match("192%.168%.") or
-		   dns:match("10%.") or
-		   dns:match("172%.1[6-9]%.") or
-		   dns:match("172%.2[0-9]%.") or
-		   dns:match("172%.3[0-1]%.") then
-			found_private = true
-			break
-		end
-	end
-	if found_private then
-		REMOTE_DNS = "tcp://1.1.1.1"
-		log("  * 错误！SmartDNS 远程 DNS 不允许使用私有地址，将默认使用：tcp://1.1.1.1")
-	end
 	string.gsub(REMOTE_DNS, '[^' .. "|" .. ']+', function(w)
 		local server_dns = w
 		local server_param = string.format("server %s -group %s -proxy %s", "%s", REMOTE_GROUP, proxy_server_name)

luci-app-passwall/root/usr/share/passwall/lease2hosts.sh

@@ -30,21 +30,15 @@ reload_dnsmasq_pids() {
 
 while true; do
 
-	if [ -f "$LEASE_FILE" ]; then
+	if [ -s "$LEASE_FILE" ]; then
-		awk 'NF >= 4 && $4 != "*" {print $3" "$4}' "$LEASE_FILE" | sort > "$TMP_FILE"
+		awk 'NF >= 4 {print $3" "$4}' "$LEASE_FILE" | sort > "$TMP_FILE"
-		if [ -s "$TMP_FILE" ]; then
+		if [ -f "$TMP_FILE" ]; then
-			if [ ! -f "$HOSTS_FILE" ] || ! cmp -s "$TMP_FILE" "$HOSTS_FILE"; then
+			if [ ! -f "$HOSTS_FILE" ] || [ "$(md5sum "$TMP_FILE" | awk '{print $1}')" != "$(md5sum "$HOSTS_FILE" | awk '{print $1}')" ]; then
 				mv "$TMP_FILE" "$HOSTS_FILE"
 				reload_dnsmasq_pids
 			else
-				rm -f "$TMP_FILE"
+				rm -rf "$TMP_FILE"
 			fi
-		else
-			if [ -s "$HOSTS_FILE" ]; then
-				: > "$HOSTS_FILE"
-				reload_dnsmasq_pids
-			fi
-			rm -f "$TMP_FILE"
 		fi
 	fi
 

luci-app-passwall/root/usr/share/passwall/subscribe.lua

@@ -1216,7 +1216,6 @@ local function processData(szType, content, add_mode, add_from)
 		result.hysteria_alpn = params.alpn
 		result.hysteria_up_mbps = params.upmbps
 		result.hysteria_down_mbps = params.downmbps
-		result.hysteria_hop = params.mport
 
 		if has_singbox then
 			result.type = 'sing-box'
@@ -1323,7 +1322,6 @@ local function processData(szType, content, add_mode, add_from)
 		result.tls_serverName = params.sni
 		result.tuic_alpn = params.alpn or "default"
 		result.tuic_congestion_control = params.congestion_control or "cubic"
-		result.tuic_udp_relay_mode = params.udp_relay_mode or "native"
 		params.allowinsecure = params.allowinsecure or params.insecure
 		if params.allowinsecure then
 			if params.allowinsecure == "1" or params.allowinsecure == "0" then

luci-app-passwall/root/usr/share/passwall/test.sh

@@ -95,11 +95,40 @@ url_test_node() {
 		[ "${chn_list}" = "proxy" ] && probeUrl="www.baidu.com"
 		result=$(${_curl} --max-time 5 -o /dev/null -I -skL -x ${curlx} ${curl_arg}${probeUrl})
 		pgrep -af "url_test_${node_id}" | awk '! /test\.sh/{print $1}' | xargs kill -9 >/dev/null 2>&1
-		rm -rf /tmp/etc/${CONFIG}/*url_test_${node_id}*.json
+		rm -rf "/tmp/etc/${CONFIG}/url_test_${node_id}"*.json
 	}
 	echo $result
 }
 
+test_node() {
+	local node_id=$1
+	local _type=$(echo $(config_n_get ${node_id} type) | tr 'A-Z' 'a-z')
+	[ -n "${_type}" ] && {
+		if [ "${_type}" == "socks" ]; then
+			local _address=$(config_n_get ${node_id} address)
+			local _port=$(config_n_get ${node_id} port)
+			[ -n "${_address}" ] && [ -n "${_port}" ] && {
+				local curlx="socks5h://${_address}:${_port}"
+				local _username=$(config_n_get ${node_id} username)
+				local _password=$(config_n_get ${node_id} password)
+				[ -n "${_username}" ] && [ -n "${_password}" ] && curlx="socks5h://${_username}:${_password}@${_address}:${_port}"
+			}
+		else
+			local _tmp_port=$(/usr/share/${CONFIG}/app.sh get_new_port 61080 tcp)
+			/usr/share/${CONFIG}/app.sh run_socks flag="test_node_${node_id}" node=${node_id} bind=127.0.0.1 socks_port=${_tmp_port} config_file=test_node_${node_id}.json
+			local curlx="socks5h://127.0.0.1:${_tmp_port}"
+		fi
+		sleep 1s
+		_proxy_status=$(test_url "https://www.google.com/generate_204" ${retry_num} ${connect_timeout} "-x $curlx")
+		pgrep -af "test_node_${node_id}" | awk '! /test\.sh/{print $1}' | xargs kill -9 >/dev/null 2>&1
+		rm -rf "/tmp/etc/${CONFIG}/test_node_${node_id}.json"
+		if [ "${_proxy_status}" -eq 200 ]; then
+			return 0
+		fi
+	}
+	return 1
+}
+
 arg1=$1
 shift
 case $arg1 in

luci-app-passwall2/Makefile

@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-passwall2
-PKG_VERSION:=25.5.15
+PKG_VERSION:=25.5.7
 PKG_RELEASE:=1
 
 PKG_CONFIG_DEPENDS:= \

luci-app-passwall2/luasrc/model/cbi/passwall2/client/type/sing-box.lua

@@ -335,10 +335,6 @@ o:value("xtls-rprx-vision")
 o:depends({ [_n("protocol")] = "vless", [_n("tls")] = true })
 
 if singbox_tags:find("with_quic") then
-	o = s:option(Value, _n("hysteria_hop"), translate("Port hopping range"))
-	o.description = translate("Format as 1000:2000 or 1000-2000 Multiple groups are separated by commas (,).")
-	o:depends({ [_n("protocol")] = "hysteria" })
-
 	o = s:option(Value, _n("hysteria_obfs"), translate("Obfs Password"))
 	o:depends({ [_n("protocol")] = "hysteria" })
 

luci-app-passwall2/luasrc/passwall2/util_sing-box.lua

@@ -292,18 +292,7 @@ function gen_outbound(flag, node, tag, proxy_table)
 		end
 
 		if node.protocol == "hysteria" then
-			local server_ports = {}
-			if node.hysteria_hop then
-				node.hysteria_hop = string.gsub(node.hysteria_hop, "-", ":")
-				for range in node.hysteria_hop:gmatch("([^,]+)") do
-					if range:match("^%d+:%d+$") then
-						table.insert(server_ports, range)
-					end
-				end
-			end
 			protocol_table = {
-				server_ports = next(server_ports) and server_ports or nil,
-				hop_interval = next(server_ports) and "30s" or nil,
 				up_mbps = tonumber(node.hysteria_up_mbps),
 				down_mbps = tonumber(node.hysteria_down_mbps),
 				obfs = node.hysteria_obfs,

luci-app-passwall2/luasrc/passwall2/util_xray.lua

@@ -163,9 +163,9 @@ function gen_outbound(flag, node, tag, proxy_table)
 					spiderX = node.reality_spiderX or "/",
 					fingerprint = (node.type == "Xray" and node.fingerprint and node.fingerprint ~= "") and node.fingerprint or "chrome"
 				} or nil,
-				rawSettings = ((node.transport == "raw" or node.transport == "tcp") and node.protocol ~= "socks" and (node.tcp_guise and node.tcp_guise ~= "none")) and {
+				rawSettings = ((node.transport == "raw" or node.transport == "tcp") and node.protocol ~= "socks") and {
 					header = {
-						type = node.tcp_guise,
+						type = node.tcp_guise or "none",
 						request = (node.tcp_guise == "http") and {
 							path = node.tcp_guise_http_path or {"/"},
 							headers = {
@@ -729,7 +729,7 @@ function gen_config(var)
 			end
 			if is_new_blc_node then
 				local blc_node = uci:get_all(appname, blc_node_id)
-				local outbound = gen_outbound(flag, blc_node, blc_node_tag, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.noise == "1" or nil, run_socks_instance = not no_run })
+				local outbound = gen_outbound(flag, blc_node, blc_node_tag, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.noise == "1" or nil })
 				if outbound then
 					outbound.tag = outbound.tag .. ":" .. blc_node.remarks
 					table.insert(outbounds, outbound)
@@ -755,7 +755,7 @@ function gen_config(var)
 			if is_new_node then
 				local fallback_node = uci:get_all(appname, fallback_node_id)
 				if fallback_node.protocol ~= "_balancing" then
-					local outbound = gen_outbound(flag, fallback_node, fallback_node_id, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.noise == "1" or nil, run_socks_instance = not no_run })
+					local outbound = gen_outbound(flag, fallback_node, fallback_node_id, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.noise == "1" or nil })
 					if outbound then
 						outbound.tag = outbound.tag .. ":" .. fallback_node.remarks
 						table.insert(outbounds, outbound)
@@ -1146,7 +1146,7 @@ function gen_config(var)
 				sys.call(string.format("mkdir -p %s && touch %s/%s", api.TMP_IFACE_PATH, api.TMP_IFACE_PATH, node.iface))
 			end
 		else
-			local outbound = gen_outbound(flag, node, nil, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.fragment == "1" or nil, run_socks_instance = not no_run })
+			local outbound = gen_outbound(flag, node, nil, { fragment = xray_settings.fragment == "1" or nil, noise = xray_settings.fragment == "1" or nil })
 			if outbound then
 				outbound.tag = outbound.tag .. ":" .. node.remarks
 				COMMON.default_outbound_tag, last_insert_outbound = set_outbound_detour(node, outbound, outbounds)

luci-app-passwall2/luasrc/view/passwall2/node_list/link_share_man.htm

@@ -536,7 +536,6 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
 			params += opt.query("sni", dom_prefix + "tls_serverName");
 			params += opt.query("alpn", dom_prefix + "tuic_alpn");
 			params += opt.query("congestion_control", dom_prefix + "tuic_congestion_control");
-			params += opt.query("udp_relay_mode", dom_prefix + "tuic_udp_relay_mode");
 			params += opt.query("allowinsecure", dom_prefix + "tls_allowInsecure");
 
 			params += "#" + encodeURI(v_alias.value);
@@ -1429,7 +1428,6 @@ local hysteria2_type = map:get("@global_subscribe[0]", "hysteria2_type") or "sin
 				}
 			}
 			opt.set(dom_prefix + 'tuic_congestion_control', queryParam.congestion_control || 'cubic');
-			opt.set(dom_prefix + 'tuic_udp_relay_mode', queryParam.udp_relay_mode || 'native');
 			opt.set(dom_prefix + 'tuic_alpn', queryParam.alpn || 'default');
 			opt.set(dom_prefix + 'tls_serverName', queryParam.sni || '');
 			opt.set(dom_prefix + 'tls_allowInsecure', true);

luci-app-passwall2/root/usr/share/passwall2/haproxy.lua

@@ -1,239 +1,230 @@
-#!/usr/bin/lua
+#!/usr/bin/lua
-
+
-local api = require ("luci.passwall2.api")
+local api = require ("luci.passwall2.api")
-local appname = "passwall2"
+local appname = api.appname
-local fs = api.fs
+local fs = api.fs
-local jsonc = api.jsonc
+local jsonc = api.jsonc
-local uci = api.uci
+local uci = api.uci
-local sys = api.sys
+local sys = api.sys
-
+
-local log = function(...)
+local log = function(...)
-	api.log(...)
+	api.log(...)
-end
+end
-
+
-function get_ip_port_from(str)
+function get_ip_port_from(str)
-	local result_port = sys.exec("echo -n " .. str .. " | sed -n 's/^.*[:#]\\([0-9]*\\)$/\\1/p'")
+	local result_port = sys.exec("echo -n " .. str .. " | sed -n 's/^.*[:#]\\([0-9]*\\)$/\\1/p'")
-	local result_ip = sys.exec(string.format("__host=%s;__varport=%s;", str, result_port) .. "echo -n ${__host%%${__varport:+[:#]${__varport}*}}")
+	local result_ip = sys.exec(string.format("__host=%s;__varport=%s;", str, result_port) .. "echo -n ${__host%%${__varport:+[:#]${__varport}*}}")
-	return result_ip, result_port
+	return result_ip, result_port
-end
+end
-
+
-local new_port
+local new_port
-local function get_new_port()
+local function get_new_port()
-	if new_port then
+	if new_port then
-		new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port %s tcp)", appname, new_port + 1)))
+		new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port %s tcp)", appname, new_port + 1)))
-	else
+	else
-		new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port auto tcp)", appname)))
+		new_port = tonumber(sys.exec(string.format("echo -n $(/usr/share/%s/app.sh get_new_port auto tcp)", appname)))
-	end
+	end
-	return new_port
+	return new_port
-end
+end
-
+
-local var = api.get_args(arg)
+local var = api.get_args(arg)
-local haproxy_path = var["-path"]
+local haproxy_path = var["-path"]
-local haproxy_conf = var["-conf"]
+local haproxy_conf = var["-conf"]
-local haproxy_dns = var["-dns"] or "119.29.29.29:53,223.5.5.5:53"
+local haproxy_dns = var["-dns"] or "119.29.29.29:53,223.5.5.5:53"
-
+
-local cpu_thread = sys.exec('echo -n $(cat /proc/cpuinfo | grep "processor" | wc -l)') or "1"
+local cpu_thread = sys.exec('echo -n $(cat /proc/cpuinfo | grep "processor" | wc -l)') or "1"
-local health_check_type = uci:get(appname, "@global_haproxy[0]", "health_check_type") or "tcp"
+local health_check_type = uci:get(appname, "@global_haproxy[0]", "health_check_type") or "tcp"
-local health_check_inter = uci:get(appname, "@global_haproxy[0]", "health_check_inter") or "10"
+local health_check_inter = uci:get(appname, "@global_haproxy[0]", "health_check_inter") or "10"
-local console_port = uci:get(appname, "@global_haproxy[0]", "console_port")
+local bind_local = uci:get(appname, "@global_haproxy[0]", "bind_local") or "0"
-local bind_local = uci:get(appname, "@global_haproxy[0]", "bind_local") or "0"
+local bind_address = "0.0.0.0"
-local bind_address = "0.0.0.0"
+if bind_local == "1" then bind_address = "127.0.0.1" end
-if bind_local == "1" then bind_address = "127.0.0.1" end
+
-
+log("HAPROXY 负载均衡...")
-log("HAPROXY 负载均衡：")
+fs.mkdir(haproxy_path)
-log(string.format("  * 控制台端口：%s", console_port))
+local haproxy_file = haproxy_path .. "/" .. haproxy_conf
-fs.mkdir(haproxy_path)
+
-local haproxy_file = haproxy_path .. "/" .. haproxy_conf
+local f_out = io.open(haproxy_file, "a")
-
+
-local f_out = io.open(haproxy_file, "a")
+local haproxy_config = [[
-
+global
-local haproxy_config = [[
+	daemon
-global
+	log         127.0.0.1 local2
-	daemon
+	maxconn     60000
-	log         127.0.0.1 local2
+	stats socket  {{path}}/haproxy.sock
-	maxconn     60000
+	nbthread {{nbthread}}
-	stats socket  {{path}}/haproxy.sock
+	external-check
-	nbthread {{nbthread}}
+	insecure-fork-wanted
-	external-check
+
-	insecure-fork-wanted
+defaults
-
+	mode                    tcp
-defaults
+	log                     global
-	mode                    tcp
+	option                  tcplog
-	log                     global
+	option                  dontlognull
-	option                  tcplog
+	option http-server-close
-	option                  dontlognull
+	#option forwardfor       except 127.0.0.0/8
-	option http-server-close
+	option                  redispatch
-	#option forwardfor       except 127.0.0.0/8
+	retries                 2
-	option                  redispatch
+	timeout http-request    10s
-	retries                 2
+	timeout queue           1m
-	timeout http-request    10s
+	timeout connect         10s
-	timeout queue           1m
+	timeout client          1m
-	timeout connect         10s
+	timeout server          1m
-	timeout client          1m
+	timeout http-keep-alive 10s
-	timeout server          1m
+	timeout check           10s
-	timeout http-keep-alive 10s
+	maxconn                 3000
-	timeout check           10s
+	
-	maxconn                 3000
+resolvers mydns
-	
+	resolve_retries       1
-resolvers mydns
+	timeout resolve       5s
-	resolve_retries       1
+	hold valid           600s
-	timeout resolve       5s
+{{dns}}
-	hold valid           600s
+]]
-{{dns}}
+
-]]
+haproxy_config = haproxy_config:gsub("{{path}}",  haproxy_path)
-
+haproxy_config = haproxy_config:gsub("{{nbthread}}",  cpu_thread)
-haproxy_config = haproxy_config:gsub("{{path}}",  haproxy_path)
+
-haproxy_config = haproxy_config:gsub("{{nbthread}}",  cpu_thread)
+local mydns = ""
-
+local index = 0
-local mydns = ""
+string.gsub(haproxy_dns, '[^' .. "," .. ']+', function(w)
-local index = 0
+	index = index + 1
-string.gsub(haproxy_dns, '[^' .. "," .. ']+', function(w)
+	local s = w:gsub("#", ":")
-	index = index + 1
+	if not s:find(":") then
-	local s = w:gsub("#", ":")
+		s = s .. ":53"
-	if not s:find(":") then
+	end
-		s = s .. ":53"
+	mydns = mydns .. (index > 1 and "\n" or "") .. "    " .. string.format("nameserver dns%s %s", index, s)
-	end
+end)
-	mydns = mydns .. (index > 1 and "\n" or "") .. "	" .. string.format("nameserver dns%s %s", index, s)
+haproxy_config = haproxy_config:gsub("{{dns}}",  mydns)
-end)
+
-haproxy_config = haproxy_config:gsub("{{dns}}",  mydns)
+f_out:write(haproxy_config)
-
+
-f_out:write(haproxy_config)
+local listens = {}
-
+
-local listens = {}
+uci:foreach(appname, "haproxy_config", function(t)
-
+	if t.enabled == "1" then
-uci:foreach(appname, "haproxy_config", function(t)
+		local server_remark
-	if t.enabled == "1" then
+		local server_address
-		local server_remark
+		local server_port
-		local server_address
+		local lbss = t.lbss
-		local server_port
+		local listen_port = tonumber(t.haproxy_port) or 0
-		local lbss = t.lbss
+		local server_node = uci:get_all(appname, lbss)
-		local listen_port = tonumber(t.haproxy_port) or 0
+		if server_node and server_node.address and server_node.port then
-		local server_node = uci:get_all(appname, lbss)
+			server_remark = server_node.address .. ":" .. server_node.port
-		if server_node and server_node.address and server_node.port then
+			server_address = server_node.address
-			server_remark = server_node.address .. ":" .. server_node.port
+			server_port = server_node.port
-			server_address = server_node.address
+			t.origin_address = server_address
-			server_port = server_node.port
+			t.origin_port = server_port
-			t.origin_address = server_address
+			if health_check_type == "passwall_logic" then
-			t.origin_port = server_port
+				if server_node.type ~= "Socks" then
-			if health_check_type == "passwall_logic" then
+					local relay_port = server_node.port
-				if server_node.type ~= "Socks" then
+					new_port = get_new_port()
-					local relay_port = server_node.port
+					local config_file = string.format("haproxy_%s_%s.json", t[".name"], new_port)
-					new_port = get_new_port()
+					sys.call(string.format('/usr/share/%s/app.sh run_socks "%s"> /dev/null',
-					local config_file = string.format("haproxy_%s_%s.json", t[".name"], new_port)
+						appname,
-					sys.call(string.format('/usr/share/%s/app.sh run_socks "%s"> /dev/null',
+						string.format("flag=%s node=%s bind=%s socks_port=%s config_file=%s",
-						appname,
+							new_port, --flag
-						string.format("flag=%s node=%s bind=%s socks_port=%s config_file=%s",
+							server_node[".name"], --node
-							new_port, --flag
+							"127.0.0.1", --bind
-							server_node[".name"], --node
+							new_port, --socks port
-							"127.0.0.1", --bind
+							config_file --config file
-							new_port, --socks port
+							)
-							config_file --config file
+						)
-							)
+					)
-						)
+					server_address = "127.0.0.1"
-					)
+					server_port = new_port
-					server_address = "127.0.0.1"
+				end
-					server_port = new_port
+			end
-				end
+		else
-			end
+			server_address, server_port = get_ip_port_from(lbss)
-		else
+			server_remark = server_address .. ":" .. server_port
-			server_address, server_port = get_ip_port_from(lbss)
+			t.origin_address = server_address
-			server_remark = server_address .. ":" .. server_port
+			t.origin_port = server_port
-			t.origin_address = server_address
+		end
-			t.origin_port = server_port
+		if server_address and server_port and listen_port > 0 then
-		end
+			if not listens[listen_port] then
-		if server_address and server_port and listen_port > 0 then
+				listens[listen_port] = {}
-			if not listens[listen_port] then
+			end
-				listens[listen_port] = {}
+			t.server_remark = server_remark
-			end
+			t.server_address = server_address
-			t.server_remark = server_remark
+			t.server_port = server_port
-			t.server_address = server_address
+			table.insert(listens[listen_port], t)
-			t.server_port = server_port
+		else
-			table.insert(listens[listen_port], t)
+			log("  - 丢弃1个明显无效的节点")
-		else
+		end
-			log("  - 丢弃1个明显无效的节点")
+	end
-		end
+end)
-	end
+
-end)
+local sortTable = {}
-
+for i in pairs(listens) do
-local sortTable = {}
+	if i ~= nil then
-for i in pairs(listens) do
+		table.insert(sortTable, i)
-	if i ~= nil then
+	end
-		table.insert(sortTable, i)
+end
-	end
+table.sort(sortTable, function(a,b) return (a < b) end)
-end
+
-table.sort(sortTable, function(a,b) return (a < b) end)
+for i, port in pairs(sortTable) do
-
+	log("  + 入口 %s:%s" % {bind_address, port})
-for i, port in pairs(sortTable) do
+
-	log("  +  入口 %s:%s" % {bind_address, port})
+	f_out:write("\n" .. string.format([[
-
+listen %s
-	f_out:write("\n" .. string.format([[
+	bind %s:%s
-listen %s
+	mode tcp
-	bind %s:%s
+	balance roundrobin
-	mode tcp
+]], port, bind_address, port))
-	balance roundrobin
+
-]], port, bind_address, port))
+	if health_check_type == "passwall_logic" then
-
+		f_out:write(string.format([[
-	if health_check_type == "passwall_logic" then
+	option external-check
-		f_out:write(string.format([[
+	external-check command "/usr/share/passwall2/haproxy_check.sh"
-	option external-check
+]], port, port))
-	external-check command "/usr/share/passwall2/haproxy_check.sh"
+	end
-]], port, port))
+
-	end
+	for i, o in ipairs(listens[port]) do
-
+		local remark = o.server_remark
-	local count_M, count_B = 1, 1
+		local server = o.server_address .. ":" .. o.server_port
-	for i, o in ipairs(listens[port]) do
+		local server_conf = "server {{remark}} {{server}} weight {{weight}} {{resolvers}} check inter {{inter}} rise 1 fall 3 {{backup}}"
-		local remark = o.server_remark or ""
+		server_conf = server_conf:gsub("{{remark}}", remark)
-		-- 防止重名导致无法运行
+		server_conf = server_conf:gsub("{{server}}", server)
-		if tostring(o.backup) ~= "1" then
+		server_conf = server_conf:gsub("{{weight}}",  o.lbweight)
-			remark = "M" .. count_M .. "-" .. remark
+		local resolvers = "resolvers mydns"
-			count_M = count_M + 1
+		if api.is_ip(o.server_address) then
-		else
+			resolvers = ""
-			remark = "B" .. count_B .. "-" .. remark
+		end
-			count_B = count_B + 1
+		server_conf = server_conf:gsub("{{resolvers}}",  resolvers)
-		end
+		server_conf = server_conf:gsub("{{inter}}",  tonumber(health_check_inter) .. "s")
-		local server = o.server_address .. ":" .. o.server_port
+		server_conf = server_conf:gsub("{{backup}}",  o.backup == "1" and "backup" or "")
-		local server_conf = "server {{remark}} {{server}} weight {{weight}} {{resolvers}} check inter {{inter}} rise 1 fall 3 {{backup}}"
+
-		server_conf = server_conf:gsub("{{remark}}", remark)
+		f_out:write("    " .. server_conf .. "\n")
-		server_conf = server_conf:gsub("{{server}}", server)
+
-		server_conf = server_conf:gsub("{{weight}}", o.lbweight)
+		if o.export ~= "0" then
-		local resolvers = "resolvers mydns"
+			sys.call(string.format("/usr/share/passwall2/app.sh add_ip2route %s %s", o.origin_address, o.export))
-		if api.is_ip(o.server_address) then
+		end
-			resolvers = ""
+
-		end
+		log(string.format("  | - 出口节点：%s:%s，权重：%s", o.origin_address, o.origin_port, o.lbweight))
-		server_conf = server_conf:gsub("{{resolvers}}", resolvers)
+	end
-		server_conf = server_conf:gsub("{{inter}}", tonumber(health_check_inter) .. "s")
+end
-		server_conf = server_conf:gsub("{{backup}}", tostring(o.backup) == "1" and "backup" or "")
+
-
+--控制台配置
-		f_out:write("	" .. server_conf .. "\n")
+local console_port = uci:get(appname, "@global_haproxy[0]", "console_port")
-
+local console_user = uci:get(appname, "@global_haproxy[0]", "console_user")
-		if o.export ~= "0" then
+local console_password = uci:get(appname, "@global_haproxy[0]", "console_password")
-			sys.call(string.format("/usr/share/passwall2/app.sh add_ip2route %s %s", o.origin_address, o.export))
+local str = [[
-		end
+listen console
-
+	bind 0.0.0.0:%s
-		log(string.format("  | - 出口节点：%s:%s，权重：%s", o.origin_address, o.origin_port, o.lbweight))
+	mode http
-	end
+	stats refresh 30s
-end
+	stats uri /
-
+	stats admin if TRUE
---控制台配置
+	%s
-local console_user = uci:get(appname, "@global_haproxy[0]", "console_user")
+]]
-local console_password = uci:get(appname, "@global_haproxy[0]", "console_password")
+f_out:write("\n" .. string.format(str, console_port, (console_user and console_user ~= "" and console_password and console_password ~= "") and "stats auth " .. console_user .. ":" .. console_password or ""))
-local str = [[
+log(string.format("  * 控制台端口：%s", console_port))
-listen console
+
-	bind 0.0.0.0:%s
+f_out:close()
-	mode http
+
-	stats refresh 30s
+--内置健康检查URL
-	stats uri /
+if health_check_type == "passwall_logic" then
-	stats admin if TRUE
+	local probeUrl = uci:get(appname, "@global_haproxy[0]", "health_probe_url") or "https://www.google.com/generate_204"
-	%s
+	local f_url = io.open(haproxy_path .. "/Probe_URL", "w")
-]]
+	f_url:write(probeUrl)
-f_out:write("\n" .. string.format(str, console_port, (console_user and console_user ~= "" and console_password and console_password ~= "") and "stats auth " .. console_user .. ":" .. console_password or ""))
+	f_url:close()
-
+end
-f_out:close()
-
---内置健康检查URL
-if health_check_type == "passwall_logic" then
-	local probeUrl = uci:get(appname, "@global_haproxy[0]", "health_probe_url") or "https://www.google.com/generate_204"
-	local f_url = io.open(haproxy_path .. "/Probe_URL", "w")
-	f_url:write(probeUrl)
-	f_url:close()
-end

luci-app-passwall2/root/usr/share/passwall2/haproxy_check.sh

@@ -1,7 +1,5 @@
 #!/bin/sh
 
-export PATH=/usr/sbin:/usr/bin:/sbin:/bin:/root/bin
-
 listen_address=$1
 listen_port=$2
 server_address=$3
@@ -19,7 +17,7 @@ if /usr/bin/curl --help all | grep -q "\-\-retry-all-errors"; then
 	extra_params="${extra_params} --retry-all-errors"
 fi
 
-status=$(/usr/bin/curl -I -o /dev/null -skL ${extra_params} --connect-timeout 3 --retry 1 --max-time 10 -w "%{http_code}" "${probeUrl}")
+status=$(/usr/bin/curl -I -o /dev/null -skL ${extra_params} --connect-timeout 3 --retry 1 -w "%{http_code}" "${probeUrl}")
 
 case "$status" in
 	200|204)

luci-app-passwall2/root/usr/share/passwall2/subscribe.lua

@@ -1219,7 +1219,6 @@ local function processData(szType, content, add_mode, add_from)
 		result.hysteria_alpn = params.alpn
 		result.hysteria_up_mbps = params.upmbps
 		result.hysteria_down_mbps = params.downmbps
-		result.hysteria_hop = params.mport
 
 		if has_singbox then
 			result.type = 'sing-box'
@@ -1326,7 +1325,6 @@ local function processData(szType, content, add_mode, add_from)
 		result.tls_serverName = params.sni
 		result.tuic_alpn = params.alpn or "default"
 		result.tuic_congestion_control = params.congestion_control or "cubic"
-		result.tuic_udp_relay_mode = params.udp_relay_mode or "native"
 		params.allowinsecure = params.allowinsecure or params.insecure
 		if params.allowinsecure then
 			if params.allowinsecure == "1" or params.allowinsecure == "0" then

luci-app-passwall2/root/usr/share/passwall2/test.sh

@@ -71,11 +71,29 @@ url_test_node() {
 		sleep 1s
 		result=$(curl --connect-timeout 3 -o /dev/null -I -skL -w "%{http_code}:%{time_starttransfer}" -x $curlx "https://www.google.com/generate_204")
 		pgrep -af "url_test_${node_id}" | awk '! /test\.sh/{print $1}' | xargs kill -9 >/dev/null 2>&1
-		rm -rf /tmp/etc/${CONFIG}/*url_test_${node_id}*.json
+		rm -rf "/tmp/etc/${CONFIG}/url_test_${node_id}"*.json
 	}
 	echo $result
 }
 
+test_node() {
+	local node_id=$1
+	local _type=$(echo $(config_n_get ${node_id} type) | tr 'A-Z' 'a-z')
+	[ -n "${_type}" ] && {
+		local _tmp_port=$(/usr/share/${CONFIG}/app.sh get_new_port 61080 tcp,udp)
+		/usr/share/${CONFIG}/app.sh run_socks flag="test_node_${node_id}" node=${node_id} bind=127.0.0.1 socks_port=${_tmp_port} config_file=test_node_${node_id}.json
+		local curlx="socks5h://127.0.0.1:${_tmp_port}"
+		sleep 1s
+		_proxy_status=$(test_url "https://www.google.com/generate_204" ${retry_num} ${connect_timeout} "-x $curlx")
+		pgrep -af "test_node_${node_id}" | awk '! /test\.sh/{print $1}' | xargs kill -9 >/dev/null 2>&1
+		rm -rf "/tmp/etc/${CONFIG}/test_node_${node_id}.json"
+		if [ "${_proxy_status}" -eq 200 ]; then
+			return 0
+		fi
+	}
+	return 1
+}
+
 arg1=$1
 shift
 case $arg1 in

nikki/Makefile

@@ -5,9 +5,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/MetaCubeX/mihomo.git
-PKG_SOURCE_DATE:=2025-05-15
+PKG_SOURCE_DATE:=2025-05-04
-PKG_SOURCE_VERSION:=bb8c47d83df74d9873933067c689495944dea314
+PKG_SOURCE_VERSION:=86c127db8b9fd8c8bf6097d2999e4d5c5d99febb
-PKG_MIRROR_HASH:=6fb158a108d96fb3e6a95311812c5ec4a489505bd28b6722baaabc1f794fa99c
+PKG_MIRROR_HASH:=bacb109d544c8ff25f9f69edeb37bab3ed54c4faeb5f1c5da6e9978b5c4ea8b0
 
 PKG_LICENSE:=GPL3.0+
 PKG_MAINTAINER:=Joseph Mory <morytyann@gmail.com>
@@ -16,7 +16,7 @@ PKG_BUILD_DEPENDS:=golang/host
 PKG_BUILD_PARALLEL:=1
 PKG_BUILD_FLAGS:=no-mips16
 
-PKG_BUILD_VERSION:=alpha-bb8c47d
+PKG_BUILD_VERSION:=alpha-86c127d
 PKG_BUILD_TIME:=$(shell date -u -Iseconds)
 
 GO_PKG:=github.com/metacubex/mihomo

nikki/files/nikki.init

@@ -51,17 +51,6 @@ start_service() {
 	config_get_bool test_profile "config" "test_profile" 0
 	config_get_bool fast_reload "config" "fast_reload" 0
 	## mixin config
-	### overwrite
-	local overwrite_authentication overwrite_tun_dns_hijack overwrite_fake_ip_filter overwrite_hosts overwrite_dns_nameserver overwrite_dns_nameserver_policy overwrite_sniffer_sniff overwrite_sniffer_force_domain_name overwrite_sniffer_ignore_domain_name
-	config_get_bool overwrite_authentication "mixin" "authentication" 0
-	config_get_bool overwrite_tun_dns_hijack "mixin" "tun_dns_hijack" 0
-	config_get_bool overwrite_fake_ip_filter "mixin" "fake_ip_filter" 0
-	config_get_bool overwrite_hosts "mixin" "hosts" 0
-	config_get_bool overwrite_dns_nameserver "mixin" "dns_nameserver" 0
-	config_get_bool overwrite_dns_nameserver_policy "mixin" "dns_nameserver_policy" 0
-	config_get_bool overwrite_sniffer_force_domain_name "mixin" "sniffer_force_domain_name" 0
-	config_get_bool overwrite_sniffer_ignore_domain_name "mixin" "sniffer_ignore_domain_name" 0
-	config_get_bool overwrite_sniffer_sniff "mixin" "sniffer_sniff" 0
 	### mixin file content
 	local mixin_file_content
 	config_get_bool mixin_file_content "mixin" "mixin_file_content" 0
@@ -105,33 +94,6 @@ start_service() {
 	fi
 	# mixin
 	log "Mixin" "Mixin config."
-	if [ "$overwrite_authentication" == 1 ]; then
-		yq -M -i 'del(.authentication)' "$RUN_PROFILE_PATH"
-	fi
-	if [ "$overwrite_tun_dns_hijack" == 1 ]; then
-		yq -M -i 'del(.tun.dns-hijack)' "$RUN_PROFILE_PATH"
-	fi
-	if [ "$overwrite_fake_ip_filter" == 1 ]; then
-		yq -M -i 'del(.dns.fake-ip-filter)' "$RUN_PROFILE_PATH"
-	fi
-	if [ "$overwrite_hosts" == 1 ]; then
-		yq -M -i 'del(.hosts)' "$RUN_PROFILE_PATH"
-	fi
-	if [ "$overwrite_dns_nameserver" == 1 ]; then
-		yq -M -i 'del(.dns.default-nameserver) | del(.dns.proxy-server-nameserver) | del(.dns.direct-nameserver) | del(.dns.nameserver) | del(.dns.fallback) ' "$RUN_PROFILE_PATH"
-	fi
-	if [ "$overwrite_dns_nameserver_policy" == 1 ]; then
-		yq -M -i 'del(.dns.nameserver-policy)' "$RUN_PROFILE_PATH"
-	fi
-	if [ "$overwrite_sniffer_force_domain_name" == 1 ]; then
-		yq -M -i 'del(.sniffer.force-domain)' "$RUN_PROFILE_PATH"
-	fi
-	if [ "$overwrite_sniffer_ignore_domain_name" == 1 ]; then
-		yq -M -i 'del(.sniffer.skip-domain)' "$RUN_PROFILE_PATH"
-	fi
-	if [ "$overwrite_sniffer_sniff" == 1 ]; then
-		yq -M -i 'del(.sniffer.sniff)' "$RUN_PROFILE_PATH"
-	fi
 	if [ "$mixin_file_content" == 0 ]; then
 		ucode -S "$MIXIN_UC" | yq -M -p json -o yaml | yq -M -i ea '... comments="" | . as $item ireduce ({}; . * $item ) | .rules = .nikki-rules + .rules | del(.nikki-rules)' "$RUN_PROFILE_PATH" -
 	elif [ "$mixin_file_content" == 1 ]; then
@@ -356,41 +318,26 @@ update_subscription() {
 	config_get subscription_url "$subscription_section" "url"
 	config_get subscription_user_agent "$subscription_section" "user_agent"
 	# reset subscription info
-	uci_remove "nikki" "$subscription_section" "expire" > /dev/null 2>&1
+	uci_remove "nikki" "$subscription_section" "expire"
-	uci_remove "nikki" "$subscription_section" "upload" > /dev/null 2>&1
+	uci_remove "nikki" "$subscription_section" "upload"
-	uci_remove "nikki" "$subscription_section" "download" > /dev/null 2>&1
+	uci_remove "nikki" "$subscription_section" "download"
-	uci_remove "nikki" "$subscription_section" "total" > /dev/null 2>&1
+	uci_remove "nikki" "$subscription_section" "total"
-	uci_remove "nikki" "$subscription_section" "used" > /dev/null 2>&1
+	uci_remove "nikki" "$subscription_section" "used"
-	uci_remove "nikki" "$subscription_section" "avaliable" > /dev/null 2>&1
+	uci_remove "nikki" "$subscription_section" "avaliable"
-	uci_remove "nikki" "$subscription_section" "update" > /dev/null 2>&1
+	uci_remove "nikki" "$subscription_section" "update"
-	uci_remove "nikki" "$subscription_section" "success" > /dev/null 2>&1
+	uci_remove "nikki" "$subscription_section" "success"
 	# update subscription
 	log "Profile" "Update subscription: $subscription_name."
-	local success
 	local subscription_header_tmpfile; subscription_header_tmpfile="$TEMP_DIR/$subscription_section.header"
 	local subscription_tmpfile; subscription_tmpfile="$TEMP_DIR/$subscription_section.yaml"
 	local subscription_file; subscription_file="$SUBSCRIPTIONS_DIR/$subscription_section.yaml"
 	if (curl -s -f --connect-timeout 15 --retry 3 -L -X GET -A "$subscription_user_agent" -D "$subscription_header_tmpfile" -o "$subscription_tmpfile" "$subscription_url"); then
-		log "Profile" "Subscription download successful."
-		if (yq -p yaml -o yaml "$subscription_tmpfile" > /dev/null 2>&1); then
-			log "Profile" "Subscription is valid."
-			success=1
-		else
-			log "Profile" "Subscription is not valid."
-			success=0
-		fi
-	else
-		log "Profile" "Subscription download failed."
-		success=0
-	fi
-	# check if success
-	if [ "$success" == 1 ]; then
 		log "Profile" "Subscription update successful."
 		local subscription_expire subscription_upload subscription_download subscription_total subscription_used subscription_avaliable
-		subscription_expire=$(grep -i "subscription-userinfo: " "$subscription_header_tmpfile" | grep -i -o -E "expire=[[:digit:]]+" | cut -d '=' -f 2)
+		subscription_expire=$(grep -i "subscription-userinfo: " "$subscription_header_tmpfile" | grep -o -E "expire=[[:digit:]]+" | cut -d '=' -f 2)
-		subscription_upload=$(grep -i "subscription-userinfo: " "$subscription_header_tmpfile" | grep -i -o -E "upload=[[:digit:]]+" | cut -d '=' -f 2)
+		subscription_upload=$(grep -i "subscription-userinfo: " "$subscription_header_tmpfile" | grep -o -E "upload=[[:digit:]]+" | cut -d '=' -f 2)
-		subscription_download=$(grep -i "subscription-userinfo: " "$subscription_header_tmpfile" | grep -i -o -E "download=[[:digit:]]+" | cut -d '=' -f 2)
+		subscription_download=$(grep -i "subscription-userinfo: " "$subscription_header_tmpfile" | grep -o -E "download=[[:digit:]]+" | cut -d '=' -f 2)
-		subscription_total=$(grep -i "subscription-userinfo: " "$subscription_header_tmpfile" | grep -i -o -E "total=[[:digit:]]+" | cut -d '=' -f 2)
+		subscription_total=$(grep -i "subscription-userinfo: " "$subscription_header_tmpfile" | grep -o -E "total=[[:digit:]]+" | cut -d '=' -f 2)
 		if [[ -n "$subscription_upload" && -n "$subscription_download" ]]; then
 			subscription_used=$((subscription_upload + subscription_download))
 			if [ -n "$subscription_total" ]; then
@@ -421,7 +368,7 @@ update_subscription() {
 		# update subscription file
 		rm -f "$subscription_header_tmpfile"
 		mv -f "$subscription_tmpfile" "$subscription_file"
-	elif [ "$success" == 0 ]; then
+	else
 		log "Profile" "Subscription update failed."
 		# update subscription info
 		uci_set "nikki" "$subscription_section" "success" "0"

nikki/files/scripts/debug.sh

@@ -171,11 +171,11 @@ function desensitize_profile() {
 		}
 		if (exists(profile, "proxy-providers")) {
 			for (let x in profile["proxy-providers"]) {
-				if (exists(profile["proxy-providers"][x], "url")) {
+				if (exists(x, "url")) {
-					profile["proxy-providers"][x]["url"] = "*";
+					x["url"] = "*";
 				}
-				if (exists(profile["proxy-providers"][x], "payload")) {
+				if (exists(x, "payload")) {
-					desensitize_proxies(profile["proxy-providers"][x]["payload"]);
+					desensitize_proxies(x["payload"]);
 				}
 			}
 		}

patch-luci-app-passwall.patch

@@ -1,5 +1,5 @@
 diff --git a/luci-app-passwall/Makefile b/luci-app-passwall/Makefile
-index 8ff84e0..dd660dc 100644
+index 184c14a..2185060 100644
 --- a/luci-app-passwall/Makefile
 +++ b/luci-app-passwall/Makefile
 @@ -67,7 +67,7 @@ config PACKAGE_$(PKG_NAME)_Nftables_Transparent_Proxy
@@ -20,10 +20,10 @@ index 8ff84e0..dd660dc 100644
  
  define Package/$(PKG_NAME)/postrm
 diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
-index 2eaa276..2206b05 100644
+index 927a9fd..b5aebe5 100644
 --- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
 +++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
-@@ -527,6 +527,12 @@ o:value("9.9.9.9", "9.9.9.9 (Quad9)")
+@@ -506,6 +506,12 @@ o:value("9.9.9.9", "9.9.9.9 (Quad9)")
  o:value("149.112.112.112", "149.112.112.112 (Quad9)")
  o:value("208.67.220.220", "208.67.220.220 (OpenDNS)")
  o:value("208.67.222.222", "208.67.222.222 (OpenDNS)")
@@ -36,7 +36,7 @@ index 2eaa276..2206b05 100644
  o:depends({dns_mode = "dns2socks"})
  o:depends({dns_mode = "tcp"})
  o:depends({dns_mode = "udp"})
-@@ -639,7 +645,7 @@ o:depends({direct_dns_mode = "dot"})
+@@ -618,7 +624,7 @@ o:depends({direct_dns_mode = "dot"})
  o:depends({dns_mode = "dot"})
  
  o = s:taboption("DNS", Flag, "dns_redirect", translate("DNS Redirect"), translate("Force special DNS server to need proxy devices."))

shadowsocks-rust/Makefile

@@ -6,7 +6,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=shadowsocks-rust
-PKG_VERSION:=1.23.4
+PKG_VERSION:=1.23.2
 PKG_RELEASE:=1
 
 PKG_SOURCE_HEADER:=shadowsocks-v$(PKG_VERSION)
@@ -21,29 +21,29 @@ endif
 
 ifeq ($(ARCH),aarch64)
   PKG_SOURCE:=$(PKG_SOURCE_HEADER).aarch64-$(PKG_SOURCE_BODY).$(PKG_SOURCE_FOOTER)
-  PKG_HASH:=381268d79ac9c0dac443a551c2152a218321bf03c29c562c0211a9341c5fb2ba
+  PKG_HASH:=8462ec05ead8cb6e13dfdc22a813518859da790dbab9a3f716f236a198103aac
 else ifeq ($(ARCH),arm)
   # Referred to golang/golang-values.mk
   ARM_CPU_FEATURES:=$(word 2,$(subst +,$(space),$(call qstrip,$(CONFIG_CPU_TYPE))))
   ifeq ($(ARM_CPU_FEATURES),)
     PKG_SOURCE:=$(PKG_SOURCE_HEADER).arm-$(PKG_SOURCE_BODY)eabi.$(PKG_SOURCE_FOOTER)
-    PKG_HASH:=6754ba3a1dea1f4d8e0511d668a174b1c94c9e4f37cf00dad75e3ad4a47c6472
+    PKG_HASH:=bc07650d508fd4e558bc5aae95edf80e98f5453dc7fac9a2d0a53fb032e8dc3e
   else
     PKG_SOURCE:=$(PKG_SOURCE_HEADER).arm-$(PKG_SOURCE_BODY)eabihf.$(PKG_SOURCE_FOOTER)
-    PKG_HASH:=0bd4a3c9b5ba14837071059237db1f14da47fee1b1e780c13bc4790fa08c0478
+    PKG_HASH:=b1b11b6ee6562075f7948f3386adb5b9dbf49701dda2298c56c1a211be1b9324
   endif
 else ifeq ($(ARCH),i386)
   PKG_SOURCE:=$(PKG_SOURCE_HEADER).i686-$(PKG_SOURCE_BODY).$(PKG_SOURCE_FOOTER)
-  PKG_HASH:=7e48342cb9cf3557aebc4764f7155094b50e71a997478a00b6d98107f8cf6b83
+  PKG_HASH:=9ba74e19d3ad0baf1c28b4cd46cafc8dbce5ce839ff589e16c1be2d64ddc29e4
 else ifeq ($(ARCH),x86_64)
   PKG_SOURCE:=$(PKG_SOURCE_HEADER).x86_64-$(PKG_SOURCE_BODY).$(PKG_SOURCE_FOOTER)
-  PKG_HASH:=91680f08cd51098a0f335025d38afa51116b01983a65a2e27ee82ea3e31f775b
+  PKG_HASH:=c4d528b32639c0da77e93a8ec1cc19f01143af7105ad352f9a6c6257d90a9a17
 else ifeq ($(ARCH),mips)
   PKG_SOURCE:=$(PKG_SOURCE_HEADER).mips-$(PKG_SOURCE_BODY).$(PKG_SOURCE_FOOTER)
-  PKG_HASH:=50bdc40d3e510719680219f42a1633269511654499189af327f3a219247763e8
+  PKG_HASH:=f4baa0d2f20ebd54b9bb2802eb6429d888998b8ac7f524965f1eba1d166ed933
 else ifeq ($(ARCH),mipsel)
   PKG_SOURCE:=$(PKG_SOURCE_HEADER).mipsel-$(PKG_SOURCE_BODY).$(PKG_SOURCE_FOOTER)
-  PKG_HASH:=0a6cec164b17e4dd667e98c66371e2a8d81969afb39ce1e362789c95357068e7
+  PKG_HASH:=4c39e8aa75e2fc017fd57bf664f68c547161f11a45be52592e549daf8a6db1bd
 # Set the default value to make OpenWrt Package Checker happy
 else
   PKG_SOURCE:=dummy

xray-core/Makefile

@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=xray-core
-PKG_VERSION:=25.5.16
+PKG_VERSION:=25.4.30
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/XTLS/Xray-core/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=c856cd9abed7d28d3c7b856c0661cec5c85ba0669affa740c979cf40c2f73ee4
+PKG_HASH:=4caff81848262684934022dca91cd00b3f28287c29c8229654e226a2ff7990c3
 
 PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
 PKG_LICENSE:=MPL-2.0