Nanako/immortalwrt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

luci-app-passwall: sync with upstream source

Browse Source 
Signed-off-by: CN_SZTL <cnsztl@project-openwrt.eu.org>
This commit is contained in:
xiaorouji 2021-02-18 19:59:17 +08:00 committed by CN_SZTL
parent 75d3358592
commit ce10c8d633
No known key found for this signature in database
GPG Key ID: 6850B6345C862176
5 changed files with 91 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

149
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_xray.lua
View File

@ -260,77 +260,12 @@ if node_section then
if node.protocol == "_shunt" then
local rules = {}
ucursor:foreach(appname, "shunt_rules", function(e)
local name = e[".name"]
local _node_id = node[name] or "nil"
local is_proxy = node[name .. "_proxy"] or "0"
local outboundTag
if _node_id == "_direct" then
outboundTag = "direct"
elseif _node_id == "_blackhole" then
outboundTag = "blackhole"
else
if _node_id ~= "nil" then
local has_outbound
for index, value in ipairs(outbounds) do
if value["_flag_tag"] == _node_id and value["_flag_is_proxy"] == is_proxy then
has_outbound = api.clone(value)
break
end
end
if has_outbound then
has_outbound["tag"] = name
table.insert(outbounds, has_outbound)
outboundTag = name
else
local _node = ucursor:get_all(appname, _node_id)
local _outbound = gen_outbound(_node, name, is_proxy)
if _outbound then
if is_proxy == "1" then
table.insert(rules, 1, {
type = "field",
inboundTag = {"proxy_" .. name},
outboundTag = "default"
})
end
table.insert(outbounds, _outbound)
outboundTag = name
end
end
end
end
if outboundTag then
if e.domain_list then
local _domain = {}
string.gsub(e.domain_list, '[^' .. "\r\n" .. ']+', function(w)
table.insert(_domain, w)
end)
table.insert(rules, {
type = "field",
outboundTag = outboundTag,
domain = _domain
})
end
if e.ip_list then
local _ip = {}
string.gsub(e.ip_list, '[^' .. "\r\n" .. ']+', function(w)
table.insert(_ip, w)
end)
table.insert(rules, {
type = "field",
outboundTag = outboundTag,
ip = _ip
})
end
end
end)
local default_node_id = node.default_node or "_direct"
local outboundTag
local default_outboundTag
if default_node_id == "_direct" then
outboundTag = "direct"
default_outboundTag = "direct"
elseif default_node_id == "_blackhole" then
outboundTag = "blackhole"
default_outboundTag = "blackhole"
else
local default_node = ucursor:get_all(appname, default_node_id)
local main_node_id = node.main_node or "nil"
@ -365,13 +300,85 @@ if node_section then
local default_outbound = gen_outbound(default_node, "default")
if default_outbound then
table.insert(outbounds, default_outbound)
outboundTag = "default"
default_outboundTag = "default"
end
end
if outboundTag then
ucursor:foreach(appname, "shunt_rules", function(e)
local name = e[".name"]
local _node_id = node[name] or "nil"
local is_proxy = node[name .. "_proxy"] or "0"
local outboundTag
if _node_id == "_direct" then
outboundTag = "direct"
elseif _node_id == "_blackhole" then
outboundTag = "blackhole"
elseif _node_id == "_default" then
outboundTag = "default"
else
if _node_id ~= "nil" then
local has_outbound
for index, value in ipairs(outbounds) do
if value["_flag_tag"] == _node_id and value["_flag_is_proxy"] == is_proxy then
has_outbound = api.clone(value)
break
end
end
if has_outbound then
has_outbound["tag"] = name
table.insert(outbounds, has_outbound)
outboundTag = name
else
local _node = ucursor:get_all(appname, _node_id)
local _outbound = gen_outbound(_node, name, is_proxy)
if _outbound then
if is_proxy == "1" then
table.insert(rules, 1, {
type = "field",
inboundTag = {"proxy_" .. name},
outboundTag = "default"
})
end
table.insert(outbounds, _outbound)
outboundTag = name
end
end
end
end
if outboundTag then
if outboundTag == "default" then
outboundTag = default_outboundTag
end
if e.domain_list then
local _domain = {}
string.gsub(e.domain_list, '[^' .. "\r\n" .. ']+', function(w)
table.insert(_domain, w)
end)
table.insert(rules, {
type = "field",
outboundTag = outboundTag,
domain = _domain
})
end
if e.ip_list then
local _ip = {}
string.gsub(e.ip_list, '[^' .. "\r\n" .. ']+', function(w)
table.insert(_ip, w)
end)
table.insert(rules, {
type = "field",
outboundTag = outboundTag,
ip = _ip
})
end
end
end)
if default_outboundTag then
table.insert(rules, {
type = "field",
outboundTag = outboundTag,
outboundTag = default_outboundTag,
network = network
})
end

25
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
View File

@ -120,7 +120,8 @@ if has_xray and #nodes_table > 0 then
local id = e[".name"]
o = s:taboption("Main", ListValue, v.id .. "." .. id .. "_node", string.format('* <a href="%s" target="_blank">%s</a>', api.url("shunt_rules", id), translate(e.remarks)))
o:depends("tcp_node", v.id)
o:value("nil", translate("Default"))
o:value("nil", translate("Close"))
o:value("_default", translate("Default"))
o:value("_direct", translate("Direct Connection"))
o:value("_blackhole", translate("Blackhole"))
for k1, v1 in pairs(normal_list) do
@ -174,26 +175,6 @@ udp_node:value("tcp_", translate("Same as the tcp node"))
s:tab("DNS", translate("DNS"))
o = s:taboption("DNS", Value, "up_china_dns", translate("Local DNS") .. "(UDP)")
o.description = translate("IP:Port mode acceptable, multi value split with english comma.") .. "<br />" .. translate("When the selection is not the default, this DNS is forced to be set to dnsmasq upstream DNS.")
o.default = "default"
o:value("default", translate("Default"))
if has_xray then
o:value("xray_doh", "Xray DNS(DoH)")
end
o:value("223.5.5.5", "223.5.5.5 (" .. translate("Ali") .. "DNS)")
o:value("114.114.114.114", "114.114.114.114 (114DNS)")
o:value("119.29.29.29", "119.29.29.29 (DNSPOD DNS)")
o:value("180.76.76.76", "180.76.76.76 (" .. translate("Baidu") .. "DNS)")
---- DoH
o = s:taboption("DNS", Value, "up_china_dns_doh", translate("DoH request address"))
o:value("https://dns.alidns.com/dns-query,223.5.5.5", "AliDNS")
o:value("https://doh.pub/dns-query,119.29.29.29", "DNSPod")
o.default = "https://dns.alidns.com/dns-query,223.5.5.5"
o.validate = doh_validate
o:depends("up_china_dns", "xray_doh")
---- DNS Forward Mode
o = s:taboption("DNS", ListValue, "dns_mode", translate("Filter Mode"))
o.rmempty = false
@ -209,8 +190,8 @@ if has_xray then
o:value("xray_doh", "Xray DNS(DoH)")
end
o:value("udp", translatef("Requery DNS By %s", translate("UDP Node")))
o:value("custom", translate("Custom DNS") .. "(UDP)")
o:value("nonuse", translate("No Filter"))
o:value("custom", translate("Custom DNS"))
---- Custom DNS
o = s:taboption("DNS", Value, "custom_dns", translate("Custom DNS"))

3
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua
View File

@ -129,7 +129,8 @@ balancing_node:depends("protocol", "_balancing")
-- 分流
uci:foreach(appname, "shunt_rules", function(e)
o = s:option(ListValue, e[".name"], string.format('* <a href="%s" target="_blank">%s</a>', api.url("shunt_rules", e[".name"]), translate(e.remarks)))
o:value("nil", translate("Default"))
o:value("nil", translate("Close"))
o:value("_default", translate("Default"))
o:value("_direct", translate("Direct Connection"))
o:value("_blackhole", translate("Blackhole"))
o:depends("protocol", "_shunt")

17
package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh
View File

@ -324,7 +324,7 @@ load_config() {
DNS_MODE=$(config_t_get global dns_mode pdnsd)
DNS_FORWARD=$(config_t_get global dns_forward 8.8.4.4:53 | sed 's/:/#/g')
DNS_CACHE=$(config_t_get global dns_cache 0)
LOCAL_DNS=$(config_t_get global up_china_dns default | sed 's/:/#/g')
LOCAL_DNS="default"
if [ "${LOCAL_DNS}" = "default" ]; then
DEFAULT_DNS=$(uci show dhcp | grep "@dnsmasq" | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' ',')
if [ -z "${DEFAULT_DNS}" ]; then
@ -776,19 +776,6 @@ stop_crontab() {
}
start_dns() {
if [ "${LOCAL_DNS}" = "xray_doh" ]; then
_doh=$(config_t_get global up_china_dns_doh "https://dns.alidns.com/dns-query,223.5.5.5")
_doh_url=$(echo $_doh | awk -F ',' '{print $1}')
_doh_host_port=$(echo $_doh_url | sed "s/https:\/\///g" | awk -F '/' '{print $1}')
_doh_host=$(echo $_doh_host_port | awk -F ':' '{print $1}')
_doh_port=$(echo $_doh_host_port | awk -F ':' '{print $2}')
_doh_bootstrap=$(echo $_doh | cut -d ',' -sf 2-)
lua $API_GEN_XRAY -dns_listen_port "${LOCAL_DOH_PORT}" -dns_server "${_doh_bootstrap}" -doh_url "${_doh_url}" -doh_host "${_doh_host}" > $TMP_PATH/DNS1.json
ln_start_bin "$(first_type $(config_t_get global_app xray_file) xray)" xray $TMP_PATH/DNS1.log -config="$TMP_PATH/DNS1.json"
LOCAL_DNS="127.0.0.1#${LOCAL_DOH_PORT}"
unset _doh _doh_url _doh_bootstrap
fi
local pdnsd_forward other_port msg
dns_listen_port=${DNS_PORT}
pdnsd_forward=${DNS_FORWARD}
@ -974,7 +961,7 @@ add_dnsmasq() {
local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
for shunt_id in $shunt_ids; do
local shunt_node_id=$(config_n_get $TCP_NODE ${shunt_id} nil)
if [ "$shunt_node_id" = "nil" ] || [ "$shunt_node_id" = "_direct" ] || [ "$shunt_node_id" = "_blackhole" ]; then
if [ "$shunt_node_id" = "nil" ] || [ "$shunt_node_id" = "_default" ] || [ "$shunt_node_id" = "_direct" ] || [ "$shunt_node_id" = "_blackhole" ]; then
continue
fi
local shunt_node=$(config_n_get $shunt_node_id address nil)

8
package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh
View File

@ -208,6 +208,7 @@ load_acl() {
msg2="${msg2}[$?]除${tcp_no_redir_ports}外的"
}
msg2="${msg2}所有端口"
$ipt_tmp -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -d 1.2.3.4 $(REDIRECT $tcp_port $is_tproxy)
$ipt_tmp -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $tcp_port $is_tproxy)
$ipt_tmp -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $tcp_port $is_tproxy)
$ipt_tmp -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(get_redirect_ipt $tcp_proxy_mode $tcp_port $is_tproxy)
@ -234,6 +235,7 @@ load_acl() {
msg2="${msg2}[$?]除${udp_no_redir_ports}外的"
}
msg2="${msg2}所有端口"
$ipt_m -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -d 1.2.3.4 $(REDIRECT $udp_port TPROXY)
$ipt_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $udp_port TPROXY)
$ipt_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $udp_port TPROXY)
$ipt_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") $(get_redirect_ipt $udp_proxy_mode $udp_port TPROXY)
@ -275,6 +277,7 @@ load_acl() {
fi
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && msg="${msg}${TCP_NO_REDIR_PORTS}外的"
msg="${msg}所有端口"
$ipt_tmp -A PSW $(comment "默认") -p tcp -d 1.2.3.4 $(REDIRECT $TCP_REDIR_PORT $is_tproxy)
$ipt_tmp -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $TCP_REDIR_PORT $is_tproxy)
$ipt_tmp -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $TCP_REDIR_PORT $is_tproxy)
$ipt_tmp -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $TCP_PROXY_MODE $TCP_REDIR_PORT $is_tproxy)
@ -303,6 +306,7 @@ load_acl() {
msg="UDP默认代理使用UDP节点 [$(get_action_chain_name $UDP_PROXY_MODE)](TPROXY:${UDP_REDIR_PORT})代理"
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && msg="${msg}${UDP_NO_REDIR_PORTS}外的"
msg="${msg}所有端口"
$ipt_m -A PSW $(comment "默认") -p udp -d 1.2.3.4 $(REDIRECT $UDP_REDIR_PORT TPROXY)
$ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $UDP_REDIR_PORT TPROXY)
$ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $UDP_REDIR_PORT TPROXY)
$ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $UDP_PROXY_MODE $UDP_REDIR_PORT TPROXY)
@ -638,12 +642,12 @@ add_firewall_rule() {
}
[ "$use_tcp_node_resolve_dns" == 1 ] && hosts_foreach DNS_FORWARD _proxy_tcp_access 53
$ipt_tmp -A OUTPUT -p tcp -j PSW_OUTPUT
$ipt_tmp -I PSW_OUTPUT -p tcp -d 1.2.3.4 $blist_r
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && {
$ipt_tmp -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
$ip6t_m -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
echolog " - [$?]不代理TCP 端口:$TCP_NO_REDIR_PORTS"
}
$ipt_tmp -A PSW_OUTPUT -p tcp -d 1.2.3.4 $blist_r
$ipt_tmp -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $blist_r
$ipt_tmp -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $blist_r
$ipt_tmp -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $p_r
@ -731,12 +735,12 @@ add_firewall_rule() {
}
[ "$use_udp_node_resolve_dns" == 1 ] && hosts_foreach DNS_FORWARD _proxy_udp_access 53
$ipt_m -A OUTPUT -p udp -j PSW_OUTPUT
$ipt_m -I PSW_OUTPUT -p udp -d 1.2.3.4 $(REDIRECT 1 MARK)
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && {
$ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
$ip6t_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
echolog " - [$?]不代理 UDP 端口:$UDP_NO_REDIR_PORTS"
}
$ipt_m -A PSW_OUTPUT -p udp -d 1.2.3.4 $(REDIRECT 1 MARK)
$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT 1 MARK)
$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT 1 MARK)
$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $LOCALHOST_UDP_PROXY_MODE 1 MARK)