Backups/immortalwrt-mt798x
1
0
Fork 0
mirror of https://github.com/hanwckf/immortalwrt-mt798x.git synced 2025-01-10 03:09:08 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

luci-app-passwall: bump to 4-15

Browse Source 
Co-authored-by: ShanStone <31815718+ShanStone@users.noreply.github.com>
Co-authored-by: Jingye-Xia <70971515+Jingye-Xia@users.noreply.github.com>
Signed-off-by: CN_SZTL <cnsztl@project-openwrt.eu.org>
This commit is contained in:
xiaorouji 2021-02-10 00:52:25 +08:00 committed by CN_SZTL
parent 7aae422b7b
commit 0c504a0bd4
No known key found for this signature in database
GPG Key ID: 6850B6345C862176
18 changed files with 2926 additions and 2809 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
package/lienol/luci-app-passwall/Makefile
View File

@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-passwall
PKG_VERSION:=4
PKG_RELEASE:=14
PKG_DATE:=20210209
PKG_RELEASE:=15
PKG_DATE:=20210213
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
@ -101,6 +101,7 @@ define Package/$(PKG_NAME)
+PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR:shadowsocksr-libev-ssr-local \
+PACKAGE_$(PKG_NAME)_INCLUDE_ShadowsocksR_Server:shadowsocksr-libev-ssr-server \
+PACKAGE_$(PKG_NAME)_INCLUDE_Xray:xray-core \
+PACKAGE_$(PKG_NAME)_INCLUDE_Xray:xray-geodata \
+PACKAGE_$(PKG_NAME)_INCLUDE_Trojan_Plus:trojan-plus \
+PACKAGE_$(PKG_NAME)_INCLUDE_Trojan_GO:trojan-go \
+PACKAGE_$(PKG_NAME)_INCLUDE_NaiveProxy:naiveproxy \

18
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/api.lua
View File

@ -162,6 +162,24 @@ function is_finded(e)
return luci.sys.exec('type -t -p "/bin/%s" -p "%s" "%s"' % {e, get_customed_path(e), e}) ~= "" and true or false
end
function clone(org)
local function copy(org, res)
for k,v in pairs(org) do
if type(v) ~= "table" then
res[k] = v;
else
res[k] = {};
copy(v, res[k])
end
end
end
local res = {}
copy(org, res)
return res
end
function get_xray_path()
local path = uci_get_type("global_app", "xray_file")
return path

223
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/api/gen_xray.lua
View File

@ -25,7 +25,7 @@ local new_port
local ucursor = require"luci.model.uci".cursor()
local sys = require "luci.sys"
local json = require "luci.jsonc"
local appname = "passwall"
local appname = api.appname
local dns = nil
local inbounds = {}
local outbounds = {}
@ -40,31 +40,48 @@ local function get_new_port()
return new_port
end
function gen_outbound(node, tag, relay_port)
function gen_outbound(node, tag, is_proxy)
local result = nil
if node then
if node and node ~= "nil" then
local node_id = node[".name"]
if tag == nil then
tag = node_id
end
if is_proxy and is_proxy == "1" then
new_port = get_new_port()
table.insert(inbounds, {
tag = "proxy_" .. tag,
listen = "127.0.0.1",
port = new_port,
protocol = "dokodemo-door",
settings = {network = "tcp,udp", address = node.address, port = tonumber(node.port)}
})
if node.tls_serverName == nil then
node.tls_serverName = node.address
end
node.address = "127.0.0.1"
node.port = new_port
end
if node.type ~= "Xray" and node.type ~= "V2ray" then
if node.type == "Socks" then
node.protocol = "socks"
node.transport = "tcp"
else
local node_type = proto or "socks"
local relay_port = node.port
new_port = get_new_port()
node.port = new_port
sys.call(string.format('/usr/share/%s/app.sh run_socks "%s" "%s" "%s" "%s" "%s" "%s" "%s" "%s"> /dev/null',
appname,
new_port,
node_id,
"127.0.0.1",
new_port,
string.format("/var/etc/%s/v2_%s_%s.json", appname, node_type, node_id),
"0",
"nil",
relay_port and tostring(relay_port) or ""
sys.call(string.format('/usr/share/%s/app.sh run_socks "%s" "%s" "%s" "%s" "%s" "%s" "%s" "%s"> /dev/null', appname,
new_port, --flag
node_id, --node
"127.0.0.1", --bind
new_port, --socks port
string.format("/var/etc/%s/v2_%s_%s_%s.json", appname, node_type, node_id, new_port), --config file
"0", --http port
"nil", -- http config file
(is_proxy and is_proxy == "1" and relay_port) and tostring(relay_port) or "" --relay port
)
)
node.protocol = "socks"
@ -86,6 +103,8 @@ function gen_outbound(node, tag, relay_port)
end
result = {
_flag_tag = node_id,
_flag_is_proxy = (is_proxy and is_proxy == "1") and "1" or "0",
tag = tag,
protocol = node.protocol,
mux = (node.stream_security ~= "xtls") and {
@ -222,11 +241,80 @@ if node_section then
end
end
local up_trust_doh = ucursor:get(appname, "@global[0]", "up_trust_doh")
if up_trust_doh then
local t = {}
string.gsub(up_trust_doh, '[^' .. "," .. ']+', function (w)
table.insert(t, w)
end)
if #t > 1 then
local host = sys.exec("echo -n $(echo " .. t[1] .. " | sed 's/https:\\/\\///g' | awk -F ':' '{print $1}' | awk -F '/' '{print $1}')")
dns = {
hosts = {
[host] = t[2]
}
}
end
end
if node.protocol == "_shunt" then
local rules = {}
local default_node_id = node.default_node or "_direct"
local outboundTag
if default_node_id == "_direct" then
outboundTag = "direct"
elseif default_node_id == "_blackhole" then
outboundTag = "blackhole"
else
local default_node = ucursor:get_all(appname, default_node_id)
local main_node_id = node.main_node or "nil"
if main_node_id ~= "nil" then
if main_node_id == default_node_id then
else
new_port = get_new_port()
table.insert(inbounds, {
tag = "proxy_default",
listen = "127.0.0.1",
port = new_port,
protocol = "dokodemo-door",
settings = {network = "tcp,udp", address = default_node.address, port = tonumber(default_node.port)}
})
if default_node.tls_serverName == nil then
default_node.tls_serverName = default_node.address
end
default_node.address = "127.0.0.1"
default_node.port = new_port
local node = ucursor:get_all(appname, main_node_id)
local outbound = gen_outbound(node, "main")
if outbound then
table.insert(outbounds, outbound)
table.insert(rules, 1, {
type = "field",
inboundTag = {"proxy_default"},
outboundTag = "main"
})
end
end
end
local default_outbound = gen_outbound(default_node, "default")
if default_outbound then
table.insert(outbounds, default_outbound)
outboundTag = "default"
end
end
if outboundTag then
table.insert(rules, {
type = "field",
outboundTag = outboundTag,
network = network
})
end
ucursor:foreach(appname, "shunt_rules", function(e)
local name = e[".name"]
local _node_id = node[name] or "nil"
local is_proxy = node[name .. "_proxy"] or "0"
local outboundTag
if _node_id == "_direct" then
outboundTag = "direct"
@ -234,36 +322,31 @@ if node_section then
outboundTag = "blackhole"
else
if _node_id ~= "nil" then
local _node = ucursor:get_all(appname, _node_id)
local is_proxy = node[name .. "_proxy"]
local relay_port
if is_proxy and is_proxy == "1" then
new_port = get_new_port()
relay_port = new_port
table.insert(inbounds, {
tag = "proxy_" .. name,
listen = "127.0.0.1",
port = new_port,
protocol = "dokodemo-door",
settings = {network = "tcp,udp", address = _node.address, port = tonumber(_node.port)}
})
if _node.tls_serverName == nil then
_node.tls_serverName = _node.address
local has_outbound
for index, value in ipairs(outbounds) do
if value["_flag_tag"] == _node_id and value["_flag_is_proxy"] == is_proxy then
has_outbound = api.clone(value)
break
end
_node.address = "127.0.0.1"
_node.port = new_port
end
local _outbound = gen_outbound(_node, name, relay_port)
if _outbound then
table.insert(outbounds, _outbound)
if is_proxy and is_proxy == "1" then
table.insert(rules, {
type = "field",
inboundTag = {"proxy_" .. name},
outboundTag = "default"
})
end
if has_outbound then
has_outbound["tag"] = name
table.insert(outbounds, has_outbound)
outboundTag = name
else
local _node = ucursor:get_all(appname, _node_id)
local _outbound = gen_outbound(_node, name, is_proxy)
if _outbound then
if is_proxy == "1" then
table.insert(rules, 1, {
type = "field",
inboundTag = {"proxy_" .. name},
outboundTag = "default"
})
end
table.insert(outbounds, _outbound)
outboundTag = name
end
end
end
end
@ -292,59 +375,10 @@ if node_section then
end
end
end)
local default_node_id = node.default_node or nil
if default_node_id and default_node_id ~= "nil" then
local default_node = ucursor:get_all(appname, default_node_id)
if "1" == node.default_proxy then
local node_id = node.main_node or nil
if node_id and node_id ~= "nil" then
if node_id == default_node_id then
else
new_port = get_new_port()
table.insert(inbounds, {
tag = "proxy_default",
listen = "127.0.0.1",
port = new_port,
protocol = "dokodemo-door",
settings = {network = "tcp,udp", address = default_node.address, port = tonumber(default_node.port)}
})
if default_node.tls_serverName == nil then
default_node.tls_serverName = default_node.address
end
default_node.address = "127.0.0.1"
default_node.port = new_port
local node = ucursor:get_all(appname, node_id)
local outbound = gen_outbound(node, "main")
if outbound then
table.insert(outbounds, outbound)
local rule = {
type = "field",
inboundTag = {"proxy_default"},
outboundTag = "main"
}
table.insert(rules, rule)
end
end
end
end
local default_outbound = gen_outbound(default_node, "default")
if default_outbound then
table.insert(outbounds, default_outbound)
local rule = {
type = "field",
outboundTag = "default",
network = network
}
table.insert(rules, rule)
end
end
routing = {
domainStrategy = node.domainStrategy or "AsIs",
rules = rules
}
elseif node.protocol == "_balancing" then
if node.balancing_node then
local nodes = node.balancing_node
@ -456,7 +490,14 @@ if inbounds or outbounds then
table.insert(outbounds, {
protocol = "freedom",
tag = "direct",
settings = {domainStrategy = "UseIPv4"}
settings = {
domainStrategy = "UseIPv4"
},
streamSettings = {
sockopt = {
mark = 255
}
}
})
table.insert(outbounds, {
protocol = "blackhole",
@ -465,7 +506,7 @@ if inbounds or outbounds then
local xray = {
log = {
-- error = string.format("/var/etc/passwall/%s.log", node[".name"]),
-- error = string.format("/var/etc/%s/%s.log", appname, node[".name"]),
loglevel = loglevel
},
-- DNS

9
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/auto_switch.lua
View File

@ -3,10 +3,7 @@ local appname = api.appname
local nodes_table = {}
for k, e in ipairs(api.get_valid_nodes()) do
nodes_table[#nodes_table + 1] = {
id = e[".name"],
remarks = e.remarks_name
}
nodes_table[#nodes_table + 1] = e
end
m = Map(appname)
@ -26,7 +23,9 @@ o.default = "1"
o = s:option(DynamicList, "tcp_node", "TCP " .. translate("List of backup nodes"))
for k, v in pairs(nodes_table) do
o:value(v.id, v.remarks)
if v.node_type == "normal" then
o:value(v.id, v.remarks_name)
end
end
o = s:option(Flag, "restore_switch", "TCP " .. translate("Restore Switch"), translate("When detects main node is available, switch back to the main node."))

21
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
View File

@ -120,11 +120,11 @@ if has_xray and #nodes_table > 0 then
local id = e[".name"]
o = s:taboption("Main", ListValue, v.id .. "." .. id .. "_node", string.format('* <a href="%s" target="_blank">%s</a>', api.url("shunt_rules", id), translate(e.remarks)))
o:depends("tcp_node", v.id)
o:value("nil", translate("Close"))
o:value("nil", translate("Default"))
o:value("_direct", translate("Direct Connection"))
o:value("_blackhole", translate("Blackhole"))
for k, v in pairs(normal_list) do
o:value(v.id, v.remarks_name)
for k1, v1 in pairs(normal_list) do
o:value(v1.id, v1.remarks_name)
end
o.cfgvalue = function(self, section)
return m:get(v.id, id) or "nil"
@ -137,9 +137,10 @@ if has_xray and #nodes_table > 0 then
local id = "default_node"
o = s:taboption("Main", ListValue, v.id .. "." .. id, "* " .. translate("Default"))
o:depends("tcp_node", v.id)
o:value("nil", translate("Close"))
for k, v in pairs(normal_list) do
o:value(v.id, v.remarks_name)
o:value("_direct", translate("Direct Connection"))
o:value("_blackhole", translate("Blackhole"))
for k1, v1 in pairs(normal_list) do
o:value(v1.id, v1.remarks_name)
end
o.cfgvalue = function(self, section)
return m:get(v.id, id) or "nil"
@ -152,8 +153,8 @@ if has_xray and #nodes_table > 0 then
o = s:taboption("Main", ListValue, v.id .. "." .. id, "* " .. translate("Default") .. translate("Preproxy"))
o:depends("tcp_node", v.id)
o:value("nil", translate("Close"))
for k, v in pairs(normal_list) do
o:value(v.id, v.remarks_name)
for k1, v1 in pairs(normal_list) do
o:value(v1.id, v1.remarks_name)
end
o.cfgvalue = function(self, section)
return m:get(v.id, id) or "nil"
@ -274,7 +275,9 @@ o:depends({dns_mode = "pdnsd"})
o = s:taboption("DNS", Button, "clear_ipset", translate("Clear IPSET"), translate("Try this feature if the rule modification does not take effect."))
o.inputstyle = "remove"
function o.write(e, e)
luci.sys.call("/etc/init.d/" .. appname .. " stop && /usr/share/" .. appname .. "/iptables.sh flush_ipset && /etc/init.d/" .. appname .. " restart")
luci.sys.call("/etc/init.d/" .. appname .. " stop")
luci.sys.call("/usr/share/" .. appname .. "/iptables.sh flush_ipset")
luci.sys.call("/etc/init.d/" .. appname .. " restart")
end
s:tab("Proxy", translate("Mode"))

20
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/node_config.lua
View File

@ -129,7 +129,7 @@ balancing_node:depends("protocol", "_balancing")
-- 分流
uci:foreach(appname, "shunt_rules", function(e)
o = s:option(ListValue, e[".name"], string.format('* <a href="%s" target="_blank">%s</a>', api.url("shunt_rules", e[".name"]), translate(e.remarks)))
o:value("nil", translate("Close"))
o:value("nil", translate("Default"))
o:value("_direct", translate("Direct Connection"))
o:value("_blackhole", translate("Blackhole"))
o:depends("protocol", "_shunt")
@ -153,17 +153,19 @@ end
shunt_tips:depends("protocol", "_shunt")
default_node = s:option(ListValue, "default_node", translate("Default") .. " " .. translate("Node"))
default_node:value("nil", translate("Close"))
default_node:value("_direct", translate("Direct Connection"))
default_node:value("_blackhole", translate("Blackhole"))
for k, v in pairs(nodes_table) do default_node:value(v.id, v.remarks) end
default_node:depends("protocol", "_shunt")
default_proxy = s:option(Flag, "default_proxy", translate("Default") .. translate("Node") .. translate("Preproxy"), translate("Use the under node for the transit."))
default_proxy.default = 0
default_proxy:depends("protocol", "_shunt")
o = s:option(ListValue, "main_node", " ")
for k, v in pairs(nodes_table) do o:value(v.id, v.remarks) end
o:depends("default_proxy", "1")
if #nodes_table > 0 then
o = s:option(ListValue, "main_node", translate("Default") .. " " .. translate("Node") .. translate("Preproxy"), translate("Use this node proxy to forward the default node."))
o:value("nil", translate("Close"))
for k, v in pairs(nodes_table) do
o:value(v.id, v.remarks)
o:depends("default_node", v.id)
end
end
domainStrategy = s:option(ListValue, "domainStrategy", translate("Domain Strategy"))
domainStrategy:value("AsIs")

4
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/rule.lua
View File

@ -28,6 +28,9 @@ o = s:option(Value, "chnroute6_url", translate("China IPv6s(chnroute6) Update UR
o:value("https://ispip.clang.cn/all_cn_ipv6.txt", translate("Clang.CN.IPv6"))
o.default = "https://ispip.clang.cn/all_cn_ipv6.txt"
----chnlist URL
o = s:option(DynamicList, "chnlist_url", translate("China List(Chnlist) Update URL"))
s:append(Template(appname .. "/rule/rule_version"))
---- Auto Update
@ -57,6 +60,7 @@ s = m:section(TypedSection, "shunt_rules", "Xray" .. translate("Shunt") .. trans
s.template = "cbi/tblsection"
s.anonymous = false
s.addremove = true
s.sortable = true
s.extedit = api.url("shunt_rules", "%s")
function s.create(e, t)
TypedSection.create(e, t)

2
package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/client/shunt_rules.lua
View File

@ -57,7 +57,7 @@ ip_list.validate = function(self, value)
if ipmask:find("geoip:") and ipmask:find("geoip:") == 1 then
elseif ipmask:find("ext:") and ipmask:find("ext:") == 1 then
else
if not datatypes.ipmask4(ipmask) then
if not (datatypes.ipmask4(ipmask) or datatypes.ipmask6(ipmask)) then
return nil, ipmask .. " " .. translate("Not valid IP format, please re-enter!")
end
end

10
package/lienol/luci-app-passwall/luasrc/view/passwall/rule/rule_version.htm
View File

@ -5,6 +5,8 @@ local gfwlist_update = api.uci_get_type("global_rules", "gfwlist_update", "1") =
local chnroute_update = api.uci_get_type("global_rules", "chnroute_update", "1") == "1" and "checked='checked'" or ""
local chnroute6_update = api.uci_get_type("global_rules", "chnroute6_update", "1") == "1" and "checked='checked'" or ""
local chnlist_update = api.uci_get_type("global_rules", "chnlist_update", "1") == "1" and "checked='checked'" or ""
local geoip_update = api.uci_get_type("global_rules", "geoip_update", "1") == "1" and "checked='checked'" or ""
local geosite_update = api.uci_get_type("global_rules", "geosite_update", "1") == "1" and "checked='checked'" or ""
-%>
<script type="text/javascript">
@ -62,6 +64,14 @@ local chnlist_update = api.uci_get_type("global_rules", "chnlist_update", "1") =
<input class="cbi-input-checkbox" type="checkbox" name="chnlist" value="1" <%=chnlist_update%> />
chnlist
</label>
<label>
<input class="cbi-input-checkbox" type="checkbox" name="geoip" value="1" <%=geoip_update%> />
geoip
</label>
<label>
<input class="cbi-input-checkbox" type="checkbox" name="geosite" value="1" <%=geosite_update%> />
geosite
</label>
<input class="cbi-button cbi-input-apply" type="button" id="update_rules_btn" onclick="update_rules(this)" value="<%:Manually update%>" />
</div>
</div>

3
package/lienol/luci-app-passwall/po/zh_Hans/passwall.po
View File

@ -724,6 +724,9 @@ msgstr "中国IP段(chnroute)更新URL"
msgid "China IPv6s(chnroute6) Update URL"
msgstr "中国IPv6段(chnroute6)更新URL"
msgid "China List(Chnlist) Update URL"
msgstr "中国域名列表(Chnlist)更新URL"
msgid "Rule status"
msgstr "规则版本"

15
package/lienol/luci-app-passwall/root/etc/config/passwall
View File

@ -47,6 +47,12 @@ config global_rules
option gfwlist_url 'https://cdn.jsdelivr.net/gh/Loukky/gfwlist-by-loukky/gfwlist.txt'
option chnroute_url 'https://ispip.clang.cn/all_cn.txt'
option chnroute6_url 'https://ispip.clang.cn/all_cn_ipv6.txt'
list chnlist_url 'https://cdn.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/accelerated-domains.china.conf'
list chnlist_url 'https://cdn.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/apple.china.conf'
list chnlist_url 'https://cdn.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/google.china.conf'
option xray_location_asset '/usr/share/xray/'
option geosite_update '1'
option geoip_update '1'
config global_app
option xray_file '/usr/bin/xray'
@ -80,6 +86,15 @@ config nodes '696cd32c1d5149ee95fd1b3accbad6df'
option default_proxy '0'
option domainStrategy 'IPIfNonMatch'
config shunt_rules 'ads'
option remarks '广告'
option domain_list 'geosite:category-ads'
config shunt_rules 'China'
option remarks 'China'
option domain_list 'geosite:cn'
option ip_list 'geoip:cn'
config shunt_rules 'Telegram'
option remarks 'Telegram'
option ip_list '149.154.160.0/20

4
package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh
View File

@ -347,7 +347,7 @@ run_socks() {
msg="某种原因,此 Socks 服务的相关配置已失联,启动中止!"
fi
if [ "$type" == "xray" ] && ([ -n "$(config_n_get $node balancing_node)" ] || [ "$(config_n_get $node default_node)" != "nil" ]); then
if [ "$type" == "xray" ] && ([ -n "$(config_n_get $node balancing_node)" ] || [ "$(config_n_get $node default_node)" != "_direct" -a "$(config_n_get $node default_node)" != "_blackhole" ]); then
unset msg
fi
@ -939,7 +939,7 @@ add_dnsmasq() {
#分流规则
[ "$(config_n_get $TCP_NODE protocol)" = "_shunt" ] && {
fwd_dns="${TUN_DNS}"
local default_node_id=$(config_n_get $TCP_NODE default_node nil)
local default_node_id=$(config_n_get $TCP_NODE default_node _direct)
local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
for shunt_id in $shunt_ids; do
local shunt_node_id=$(config_n_get $TCP_NODE ${shunt_id} nil)

53
package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh
View File

@ -294,7 +294,11 @@ load_acl() {
# 加载UDP默认代理模式
if [ "$UDP_PROXY_MODE" != "disable" ]; then
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && $ipt_m -A PSW $(comment "默认") -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && {
$ipt_m -A PSW $(comment "默认") -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
$ip6t_m -A PSW $(comment "默认") -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
}
[ "$UDP_NODE" != "nil" ] && {
msg="UDP默认代理使用UDP节点 [$(get_action_chain_name $UDP_PROXY_MODE)](TPROXY:${UDP_REDIR_PORT})代理"
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && msg="${msg}${UDP_NO_REDIR_PORTS}外的"
@ -306,7 +310,7 @@ load_acl() {
if [ "$PROXY_IPV6" == "1" ]; then
$ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST_6) $(REDIRECT $UDP_REDIR_PORT TPROXY)
$ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST_6) $(REDIRECT $UDP_REDIR_PORT TPROXY)
$ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ip6t $UDP_PROXY_MODE/6 $UDP_REDIR_PORT TPROXY)
$ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ip6t $UDP_PROXY_MODE $UDP_REDIR_PORT TPROXY)
fi
echolog "${msg}"
@ -348,7 +352,7 @@ filter_node() {
local address=$(config_n_get $node address)
local port=$(config_n_get $node port)
ipt_tmp=$ipt_n
ip6t_tmp=$ip6t_n
ip6t_tmp=$ip6t_m
[ "$stream" == "udp" ] && is_tproxy=1
[ "$type" == "brook" ] && [ "$(config_n_get $node protocol client)" == "client" ] && is_tproxy=1
#[ "$type" == "trojan-go" ] && is_tproxy=1
@ -402,13 +406,14 @@ filter_node() {
done
elif [ "$proxy_protocol" == "_shunt" ]; then
#echolog " - 按请求目的地址分流(${proxy_type}..."
local default_node=$(config_n_get $proxy_node default_node nil)
local default_proxy=$(config_n_get $proxy_node default_proxy 0)
if [ "$default_proxy" == 1 ]; then
local main_node=$(config_n_get $proxy_node main_node nil)
local default_node=$(config_n_get $proxy_node default_node _direct)
local main_node=$(config_n_get $proxy_node main_node nil)
if [ "$main_node" != "nil" ]; then
filter_rules $main_node $stream
else
filter_rules $default_node $stream
if [ "$default_node" != "_direct" ] && [ "$default_node" != "_blackhole" ]; then
filter_rules $default_node $stream
fi
fi
:<<!
local default_node_address=$(get_host_ip ipv4 $(config_n_get $default_node address) 1)
@ -465,9 +470,15 @@ add_firewall_rule() {
ipset -! create $IPSET_WHITELIST_6 nethash family inet6
local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
for shunt_id in $shunt_ids; do
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4]\d))|[0-1]?\d{1,2})){3}" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
done
for shunt_id in $shunt_ids; do
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | grep -E "([A-Fa-f0-9]{0,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $IPSET_SHUNTLIST_6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
done
cat $RULES_PATH/chnroute | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
cat $RULES_PATH/proxy_ip | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4]\d))|[0-1]?\d{1,2})){3}" | sed -e "s/^/add $IPSET_BLACKLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
[ -f "$RULES_PATH/proxy_ip2" ] && cat $RULES_PATH/proxy_ip2 | grep -E "(\.((2(5[0-5]|[0-4]\d))|[0-1]?\d{1,2})){3}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST2 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
@ -540,21 +551,25 @@ add_firewall_rule() {
$ipt_n -A PSW $(dst $IPSET_LANIPLIST) -j RETURN
$ipt_n -A PSW $(dst $IPSET_VPSIPLIST) -j RETURN
$ipt_n -A PSW $(dst $IPSET_WHITELIST) -j RETURN
$ipt_n -A PSW -m mark --mark 0xff -j RETURN
$ipt_n -N PSW_OUTPUT
$ipt_n -A PSW_OUTPUT $(dst $IPSET_LANIPLIST) -j RETURN
$ipt_n -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST) -j RETURN
$ipt_n -A PSW_OUTPUT $(dst $IPSET_WHITELIST) -j RETURN
$ipt_n -A PSW_OUTPUT -m mark --mark 0xff -j RETURN
$ipt_m -N PSW
$ipt_m -A PSW $(dst $IPSET_LANIPLIST) -j RETURN
$ipt_m -A PSW $(dst $IPSET_VPSIPLIST) -j RETURN
$ipt_m -A PSW $(dst $IPSET_WHITELIST) -j RETURN
$ipt_m -A PSW -m mark --mark 0xff -j RETURN
$ipt_m -N PSW_OUTPUT
$ipt_m -A PSW_OUTPUT $(dst $IPSET_LANIPLIST) -j RETURN
$ipt_m -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST) -j RETURN
$ipt_m -A PSW_OUTPUT $(dst $IPSET_WHITELIST) -j RETURN
$ipt_m -A PSW_OUTPUT -m mark --mark 0xff -j RETURN
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
@ -579,27 +594,19 @@ add_firewall_rule() {
$ip6t_m -A PSW $(dst $IPSET_LANIPLIST_6) -j RETURN
$ip6t_m -A PSW $(dst $IPSET_VPSIPLIST_6) -j RETURN
$ip6t_m -A PSW $(dst $IPSET_WHITELIST_6) -j RETURN
$ip6t_m -A PSW -m mark --mark 0xff -j RETURN
$ip6t_m -A PREROUTING -j PSW
$ip6t_m -N PSW_OUTPUT
$ip6t_m -A PSW_OUTPUT $(dst $IPSET_LANIPLIST_6) -j RETURN
$ip6t_m -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST_6) -j RETURN
$ip6t_m -A PSW_OUTPUT $(dst $IPSET_WHITELIST_6) -j RETURN
$ip6t_m -A OUTPUT -p tcp -j PSW_OUTPUT
$ip6t_m -A PSW_OUTPUT -m mark --mark 0xff -j RETURN
$ip6t_m -A OUTPUT -j PSW_OUTPUT
ip -6 rule add fwmark 1 table 100
ip -6 route add local ::/0 dev lo table 100
[ -n "$lan_ifname" ] && {
lan_ipv6=$(ip address show $lan_ifname | grep -w "inet6" | awk '{print $2}') #当前LAN IPv6段
[ -n "$lan_ipv6" ] && {
for ip in $lan_ipv6; do
$ip6t_m -A PSW -d $ip -j RETURN
$ip6t_m -A PSW_OUTPUT -d $ip -j RETURN
done
}
}
# 加载路由器自身代理 TCP
if [ "$TCP_NODE" != "nil" ]; then
local ipt_tmp=$ipt_n
@ -679,8 +686,9 @@ add_firewall_rule() {
if [ "$node" == "nil" ] || [ "$port" == "0" ]; then
msg="${msg} 未配置完全,略过"
elif [ "$(echo $node | grep ^tcp)" ]; then
eval "node=\${TCP_NODE}"
msg="${msg} 使用与 TCP 代理自动切换${num} 相同的节点,延后处理"
#eval "node=\${TCP_NODE}"
#msg="${msg} 使用与 TCP 代理自动切换${num} 相同的节点,延后处理"
continue
else
filter_node $node TCP > /dev/null 2>&1 &
filter_node $node UDP > /dev/null 2>&1 &
@ -724,6 +732,7 @@ add_firewall_rule() {
$ipt_m -A OUTPUT -p udp -j PSW_OUTPUT
[ "$UDP_NO_REDIR_PORTS" != "disable" ] && {
$ipt_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
$ip6t_m -A PSW_OUTPUT -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
echolog " - [$?]不代理 UDP 端口:$UDP_NO_REDIR_PORTS"
}
$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT 1 MARK)

517
package/lienol/luci-app-passwall/root/usr/share/passwall/rule_update.lua
View File

@ -3,6 +3,8 @@
require 'luci.sys'
local luci = luci
local ucic = luci.model.uci.cursor()
local jsonc = require "luci.jsonc"
local i18n = require "luci.i18n"
local name = 'passwall'
local arg1 = arg[1]
@ -12,10 +14,14 @@ local gfwlist_update = 0
local chnroute_update = 0
local chnroute6_update = 0
local chnlist_update = 0
local geoip_update = 0
local geosite_update = 0
-- match comments/title/whitelist/ip address/excluded_domain
local comment_pattern = "^[!\\[@]+"
local ip_pattern = "^%d+%.%d+%.%d+%.%d+"
local ip4_ipset_pattern = "^%d+%.%d+%.%d+%.%d+[%/][%d]+$"
local ip6_ipset_pattern = ":-[%x]+%:+[%x]-[%/][%d]+$"
local domain_pattern = "([%w%-%_]+%.[%w%.%-%_]+)[%/%*]*"
local excluded_domain = {"apple.com","sina.cn","sina.com.cn","baidu.com","byr.cn","jlike.com","weibo.com","zhongsou.com","youdao.com","sogou.com","so.com","soso.com","aliyun.com","taobao.com","jd.com","qq.com"}
@ -24,32 +30,13 @@ local mydnsip = '127.0.0.1'
local mydnsport = '7913'
local ipsetname = 'gfwlist'
-- custom url
local enable_custom_url = 1
local gfwlist_url = ucic:get_first(name, 'global_rules', "gfwlist_url", "https://cdn.jsdelivr.net/gh/Loukky/gfwlist-by-loukky/gfwlist.txt")
local chnroute_url = ucic:get_first(name, 'global_rules', "chnroute_url", "https://ispip.clang.cn/all_cn.txt")
local chnroute6_url = ucic:get_first(name, 'global_rules', "chnroute6_url", "https://ispip.clang.cn/all_cn_ipv6.txt")
local chnlist_url_1 = 'https://cdn.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/accelerated-domains.china.conf'
local chnlist_url_2 = 'https://cdn.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/apple.china.conf'
local chnlist_url_3 = 'https://cdn.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/google.china.conf'
local bc='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
-- base64decoding
local function base64_dec(data)
data = string.gsub(data, '[^'..bc..'=]', '')
return (data:gsub('.', function(x)
if (x == '=') then return '' end
local r,f='',(bc:find(x)-1)
for i=6,1,-1 do r=r..(f%2^i-f%2^(i-1)>0 and '1' or '0') end
return r;
end):gsub('%d%d%d?%d?%d?%d?%d?%d?', function(x)
if (#x ~= 8) then return '' end
local c=0
for i=1,8 do c=c+(x:sub(i,i)=='1' and 2^(8-i) or 0) end
return string.char(c)
end))
end
local chnlist_url = ucic:get(name, "@global_rules[0]", "chnlist_url") or {"https://cdn.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/accelerated-domains.china.conf","https://cdn.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/apple.china.conf","https://cdn.jsdelivr.net/gh/felixonmars/dnsmasq-china-list/google.china.conf"}
local geoip_api = "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases/latest"
local geosite_api = "https://api.github.com/repos/Loyalsoldier/v2ray-rules-dat/releases/latest"
local xray_asset_location = ucic:get_first(name, 'global_rules', "xray_location_asset", "/usr/share/xray/")
local log = function(...)
if arg1 then
@ -66,24 +53,29 @@ local log = function(...)
end
end
-- base64decoding
local function base64_dec(data)
local bc='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
data = string.gsub(data, '[^'..bc..'=]', '')
return (data:gsub('.', function(x)
if (x == '=') then return '' end
local r,f='',(bc:find(x)-1)
for i=6,1,-1 do r=r..(f%2^i-f%2^(i-1)>0 and '1' or '0') end
return r;
end):gsub('%d%d%d?%d?%d?%d?%d?%d?', function(x)
if (#x ~= 8) then return '' end
local c=0
for i=1,8 do c=c+(x:sub(i,i)=='1' and 2^(8-i) or 0) end
return string.char(c)
end))
end
-- trim
local function trim(text)
if not text or text == "" then return "" end
return (string.gsub(text, "^%s*(.-)%s*$", "%1"))
end
-- wget
local function wget(url, file)
local cmd = "/usr/bin/wget --no-check-certificate -t 3 -T 10 -O"
if file then
cmd = cmd .. " " .. file .. " " .. url
else
cmd = cmd .. "- " .. url
end
local stdout = luci.sys.exec(cmd)
return trim(stdout)
end
-- curl
local function curl(url, file)
local cmd = "curl -skL -w %{http_code} --retry 3 --connect-timeout 3 '" .. url .. "'"
@ -99,52 +91,6 @@ local function curl(url, file)
end
end
--获取gfwlist
local function fetch_gfwlist()
--请求gfwlist
local sret = curl(gfwlist_url, "/tmp/gfwlist.txt")
if sret == 200 then
--解码gfwlist
local gfwlist = io.open("/tmp/gfwlist.txt", "r")
local decode = base64_dec(gfwlist:read("*all"))
gfwlist:close()
--写回gfwlist
gfwlist = io.open("/tmp/gfwlist.txt", "w")
gfwlist:write(decode)
gfwlist:close()
end
return sret;
end
--获取chnroute
local function fetch_chnroute()
--请求chnroute
local sret = curl(chnroute_url, "/tmp/chnroute_tmp")
return sret;
end
--获取chnroute6
local function fetch_chnroute6()
--请求chnroute6
local sret = curl(chnroute6_url, "/tmp/chnroute6_tmp")
return sret;
end
--获取chnlist
local function fetch_chnlist()
--请求chnlist
local sret = 0
local sret1 = curl(chnlist_url_1, "/tmp/chnlist_1")
local sret2 = curl(chnlist_url_2, "/tmp/chnlist_2")
local sret3 = curl(chnlist_url_3, "/tmp/chnlist_3")
if sret1 == 200 and sret2 ==200 and sret3 == 200 then
sret=200
end
return sret;
end
--check excluded domain
local function check_excluded_domain(value)
for k,v in ipairs(excluded_domain) do
@ -154,63 +100,219 @@ local function check_excluded_domain(value)
end
end
--gfwlist转码至dnsmasq格式
local function generate_gfwlist()
local domains = {}
local out = io.open("/tmp/gfwlist_tmp", "w")
--fetch gfwlist
local function fetch_gfwlist()
local sret = curl(gfwlist_url, "/tmp/gfwlist_dl")
if sret == 200 then
local domains = {}
local gfwlist = io.open("/tmp/gfwlist_dl", "r")
local decode = base64_dec(gfwlist:read("*all"))
gfwlist:close()
for line in io.lines("/tmp/gfwlist.txt") do
if not (string.find(line, comment_pattern) or string.find(line, ip_pattern) or check_excluded_domain(line)) then
local start, finish, match = string.find(line, domain_pattern)
if (start) then
domains[match] = true
gfwlist = io.open("/tmp/gfwlist_dl", "w")
gfwlist:write(decode)
gfwlist:close()
for line in io.lines("/tmp/gfwlist_dl") do
if not (string.find(line, comment_pattern) or string.find(line, ip_pattern) or check_excluded_domain(line)) then
local start, finish, match = string.find(line, domain_pattern)
if (start) then
domains[match] = true
end
end
end
local out = io.open("/tmp/gfwlist_tmp", "w")
for k,v in pairs(domains) do
out:write(string.format("server=/.%s/%s#%s\n", k,mydnsip,mydnsport))
out:write(string.format("ipset=/.%s/%s\n", k,ipsetname))
end
out:close()
end
for k,v in pairs(domains) do
out:write(string.format("server=/.%s/%s#%s\n", k,mydnsip,mydnsport))
out:write(string.format("ipset=/.%s/%s\n", k,ipsetname))
end
os.remove("/tmp/gfwlist_dl")
out:close()
return sret;
end
--处理合并chnlist列表
local function generate_chnlist()
--fetch chnroute
local function fetch_chnroute()
local sret = curl(chnroute_url, "/tmp/chnroute_dl")
if sret == 200 then
local out = io.open("/tmp/chnroute_tmp", "w")
for line in io.lines("/tmp/chnroute_dl") do
local start, finish, match = string.find(line, ip4_ipset_pattern)
if (start) then
out:write(string.format("%s\n", line))
end
end
out:close()
end
os.remove("/tmp/chnroute_dl")
return sret;
end
--fetch chnroute6
local function fetch_chnroute6()
local sret = curl(chnroute6_url, "/tmp/chnroute6_dl")
if sret == 200 then
local out = io.open("/tmp/chnroute6_tmp", "w")
for line in io.lines("/tmp/chnroute6_dl") do
local start, finish, match = string.find(line, ip6_ipset_pattern)
if (start) then
out:write(string.format("%s\n", line))
end
end
out:close()
end
os.remove("/tmp/chnroute6_dl")
return sret;
end
--fetch chnlist
local function fetch_chnlist()
local domains = {}
local out = io.open("/tmp/cdn_tmp", "w")
local sret = 200
local sret_tmp = 0
for line in io.lines("/tmp/chnlist_1") do
local start, finish, match = string.find(line, domain_pattern)
if (start) then
domains[match] = true
for k,v in ipairs(chnlist_url) do
sret_tmp = curl(v, "/tmp/chnlist_dl"..k)
if sret_tmp == 200 then
for line in io.lines("/tmp/chnlist_dl"..k) do
local start, finish, match = string.find(line, domain_pattern)
if (start) then
domains[match] = true
end
end
else
sret = 0
end
os.remove("/tmp/chnlist_dl"..k)
end
for line in io.lines("/tmp/chnlist_2") do
local start, finish, match = string.find(line, domain_pattern)
if (start) then
domains[match] = true
if sret == 200 then
local out = io.open("/tmp/cdn_tmp", "w")
for k,v in pairs(domains) do
out:write(string.format("%s\n", k))
end
out:close()
luci.sys.call("cat /tmp/cdn_tmp | sort -u > /tmp/chnlist_tmp")
os.remove("/tmp/cdn_tmp")
end
for line in io.lines("/tmp/chnlist_3") do
local start, finish, match = string.find(line, domain_pattern)
if (start) then
domains[match] = true
return sret;
end
--获取geoip
local function fetch_geoip()
--请求geoip
xpcall(function()
local json_str = curl(geoip_api)
local json = jsonc.parse(json_str)
if json.tag_name and json.assets then
for _, v in ipairs(json.assets) do
if v.name and v.name == "geoip.dat.sha256sum" then
local sret = curl(v.browser_download_url, "/tmp/geoip.dat.sha256sum")
if sret == 200 then
local f = io.open("/tmp/geoip.dat.sha256sum", "r")
local content = f:read()
f:close()
f = io.open("/tmp/geoip.dat.sha256sum", "w")
f:write(content:gsub("geoip.dat", "/tmp/geoip.dat"), "")
f:close()
if nixio.fs.access(xray_asset_location .. "geoip.dat") then
luci.sys.call(string.format("cp -f %s %s", xray_asset_location .. "geoip.dat", "/tmp/geoip.dat"))
if luci.sys.call('sha256sum -c /tmp/geoip.dat.sha256sum > /dev/null 2>&1') == 0 then
log("geoip 版本一致,无需更新。")
return 1
end
end
for _2, v2 in ipairs(json.assets) do
if v2.name and v2.name == "geoip.dat" then
sret = curl(v2.browser_download_url, "/tmp/geoip.dat")
if luci.sys.call('sha256sum -c /tmp/geoip.dat.sha256sum > /dev/null 2>&1') == 0 then
luci.sys.call(string.format("mkdir -p %s && cp -f %s %s", xray_asset_location, "/tmp/geoip.dat", xray_asset_location .. "geoip.dat"))
reboot = 1
log("geoip 更新成功。")
return 1
else
log("geoip 更新失败,请稍后再试。")
end
break
end
end
end
break
end
end
end
end
end,
function(e)
end)
--写入临时文件
for k,v in pairs(domains) do
out:write(string.format("%s\n", k))
end
return 0
end
out:close()
--获取geosite
local function fetch_geosite()
--请求geosite
xpcall(function()
local json_str = curl(geosite_api)
local json = jsonc.parse(json_str)
if json.tag_name and json.assets then
for _, v in ipairs(json.assets) do
if v.name and v.name == "geosite.dat.sha256sum" then
local sret = curl(v.browser_download_url, "/tmp/geosite.dat.sha256sum")
if sret == 200 then
local f = io.open("/tmp/geosite.dat.sha256sum", "r")
local content = f:read()
f:close()
f = io.open("/tmp/geosite.dat.sha256sum", "w")
f:write(content:gsub("geosite.dat", "/tmp/geosite.dat"), "")
f:close()
--删除重复条目并排序
luci.sys.call("cat /tmp/cdn_tmp | sort -u > /tmp/chnlist_tmp")
if nixio.fs.access(xray_asset_location .. "geosite.dat") then
luci.sys.call(string.format("cp -f %s %s", xray_asset_location .. "geosite.dat", "/tmp/geosite.dat"))
if luci.sys.call('sha256sum -c /tmp/geosite.dat.sha256sum > /dev/null 2>&1') == 0 then
log("geosite 版本一致,无需更新。")
return 1
end
end
for _2, v2 in ipairs(json.assets) do
if v2.name and v2.name == "geosite.dat" then
sret = curl(v2.browser_download_url, "/tmp/geosite.dat")
if luci.sys.call('sha256sum -c /tmp/geosite.dat.sha256sum > /dev/null 2>&1') == 0 then
luci.sys.call(string.format("mkdir -p %s && cp -f %s %s", xray_asset_location, "/tmp/geosite.dat", xray_asset_location .. "geosite.dat"))
reboot = 1
log("geosite 更新成功。")
return 1
else
log("geosite 更新失败,请稍后再试。")
end
break
end
end
end
break
end
end
end
end,
function(e)
end)
return 0
end
if arg[2] then
@ -226,117 +328,128 @@ if arg[2] then
if arg[2]:find("chnlist") then
chnlist_update = 1
end
if arg[2]:find("geoip") then
geoip_update = 1
end
if arg[2]:find("geosite") then
geosite_update = 1
end
else
gfwlist_update = ucic:get_first(name, 'global_rules', "gfwlist_update", 1)
chnroute_update = ucic:get_first(name, 'global_rules', "chnroute_update", 1)
chnroute6_update = ucic:get_first(name, 'global_rules', "chnroute6_update", 1)
chnlist_update = ucic:get_first(name, 'global_rules', "chnlist_update", 1)
geoip_update = ucic:get_first(name, 'global_rules', "geoip_update", 1)
geosite_update = ucic:get_first(name, 'global_rules', "geosite_update", 1)
end
if gfwlist_update == 0 and chnroute_update == 0 and chnroute6_update == 0 and chnlist_update == 0 then
if gfwlist_update == 0 and chnroute_update == 0 and chnroute6_update == 0 and chnlist_update == 0 and geoip_update == 0 and geosite_update == 0 then
os.exit(0)
end
log("开始更新规则...")
if tonumber(enable_custom_url) == 1 then
local new_version = os.date("%Y-%m-%d")
log("已启用自定义规则地址...")
if tonumber(gfwlist_update) == 1 then
log("开始更新gfwlist...")
local old_md5 = luci.sys.exec("echo -n $(md5sum " .. rule_path .. "/gfwlist.conf | awk '{print $1}')")
local status = fetch_gfwlist()
if status == 200 then
generate_gfwlist()
local new_md5 = luci.sys.exec("echo -n $([ -f '/tmp/gfwlist_tmp' ] && md5sum /tmp/gfwlist_tmp | awk '{print $1}')")
if old_md5 ~= new_md5 then
luci.sys.exec("mv -f /tmp/gfwlist_tmp " .. rule_path .. "/gfwlist.conf")
ucic:set(name, ucic:get_first(name, 'global_rules'), "gfwlist_version", new_version)
reboot = 1
log("更新gfwlist成功...")
else
log("gfwlist版本一致不用更新。")
end
if tonumber(gfwlist_update) == 1 then
log("gfwlist 开始更新...")
local old_md5 = luci.sys.exec("echo -n $(md5sum " .. rule_path .. "/gfwlist.conf | awk '{print $1}')")
local status = fetch_gfwlist()
if status == 200 then
local new_md5 = luci.sys.exec("echo -n $([ -f '/tmp/gfwlist_tmp' ] && md5sum /tmp/gfwlist_tmp | awk '{print $1}')")
if old_md5 ~= new_md5 then
luci.sys.exec("mv -f /tmp/gfwlist_tmp " .. rule_path .. "/gfwlist.conf")
reboot = 1
log("gfwlist 更新成功...")
else
log("gfwlist文件下载失败!")
log("gfwlist 版本一致,无需更新。")
end
os.remove("/tmp/gfwlist.txt")
os.remove("/tmp/gfwlist_tmp")
else
log("gfwlist 文件下载失败!")
end
if tonumber(chnroute_update) == 1 then
log("开始更新chnroute...")
local old_md5 = luci.sys.exec("echo -n $(md5sum " .. rule_path .. "/chnroute | awk '{print $1}')")
local status = fetch_chnroute()
if status == 200 then
local new_md5 = luci.sys.exec("echo -n $([ -f '/tmp/chnroute_tmp' ] && md5sum /tmp/chnroute_tmp | awk '{print $1}')")
if old_md5 ~= new_md5 then
luci.sys.exec("mv -f /tmp/chnroute_tmp " .. rule_path .. "/chnroute")
ucic:set(name, ucic:get_first(name, 'global_rules'), "chnroute_version", new_version)
reboot = 1
log("更新chnroute成功...")
else
log("chnroute版本一致不用更新。")
end
os.remove("/tmp/gfwlist_tmp")
end
if tonumber(chnroute_update) == 1 then
log("chnroute 开始更新...")
local old_md5 = luci.sys.exec("echo -n $(md5sum " .. rule_path .. "/chnroute | awk '{print $1}')")
local status = fetch_chnroute()
if status == 200 then
local new_md5 = luci.sys.exec("echo -n $([ -f '/tmp/chnroute_tmp' ] && md5sum /tmp/chnroute_tmp | awk '{print $1}')")
if old_md5 ~= new_md5 then
luci.sys.exec("mv -f /tmp/chnroute_tmp " .. rule_path .. "/chnroute")
reboot = 1
log("chnroute 更新成功...")
else
log("chnroute文件下载失败!")
log("chnroute 版本一致,无需更新。")
end
os.remove("/tmp/chnroute_tmp")
else
log("chnroute 文件下载失败!")
end
os.remove("/tmp/chnroute_tmp")
end
if tonumber(chnroute6_update) == 1 then
log("chnroute6 开始更新...")
local old_md5 = luci.sys.exec("echo -n $(md5sum " .. rule_path .. "/chnroute6 | awk '{print $1}')")
local status = fetch_chnroute6()
if status == 200 then
local new_md5 = luci.sys.exec("echo -n $([ -f '/tmp/chnroute6_tmp' ] && md5sum /tmp/chnroute6_tmp | awk '{print $1}')")
if old_md5 ~= new_md5 then
luci.sys.exec("mv -f /tmp/chnroute6_tmp " .. rule_path .. "/chnroute6")
reboot = 1
log("chnroute6 更新成功...")
else
log("chnroute6 版本一致,无需更新。")
end
else
log("chnroute6 文件下载失败!")
end
os.remove("/tmp/chnroute6_tmp")
end
if tonumber(chnlist_update) == 1 then
log("chnlist 开始更新...")
local old_md5 = luci.sys.exec("echo -n $(md5sum " .. rule_path .. "/chnlist | awk '{print $1}')")
local status = fetch_chnlist()
if status == 200 then
local new_md5 = luci.sys.exec("echo -n $([ -f '/tmp/chnlist_tmp' ] && md5sum /tmp/chnlist_tmp | awk '{print $1}')")
if old_md5 ~= new_md5 then
luci.sys.exec("mv -f /tmp/chnlist_tmp " .. rule_path .. "/chnlist")
reboot = 1
log("chnlist 更新成功...")
else
log("chnlist 版本一致,无需更新。")
end
else
log("chnlist 文件下载失败!")
end
if tonumber(chnroute6_update) == 1 then
log("开始更新chnroute6...")
local old_md5 = luci.sys.exec("echo -n $(md5sum " .. rule_path .. "/chnroute6 | awk '{print $1}')")
local status = fetch_chnroute6()
if status == 200 then
local new_md5 = luci.sys.exec("echo -n $([ -f '/tmp/chnroute6_tmp' ] && md5sum /tmp/chnroute6_tmp | awk '{print $1}')")
if old_md5 ~= new_md5 then
luci.sys.exec("mv -f /tmp/chnroute6_tmp " .. rule_path .. "/chnroute6")
ucic:set(name, ucic:get_first(name, 'global_rules'), "chnroute6_version", new_version)
reboot = 1
log("更新chnroute6成功...")
else
log("chnroute6版本一致不用更新。")
end
else
log("chnroute6文件下载失败")
end
os.remove("/tmp/chnroute6_tmp")
end
if tonumber(chnlist_update) == 1 then
log("开始更新chnlist...")
local old_md5 = luci.sys.exec("echo -n $(md5sum " .. rule_path .. "/chnlist | awk '{print $1}')")
local status = fetch_chnlist()
if status == 200 then
generate_chnlist()
local new_md5 = luci.sys.exec("echo -n $([ -f '/tmp/chnlist_tmp' ] && md5sum /tmp/chnlist_tmp | awk '{print $1}')")
if old_md5 ~= new_md5 then
luci.sys.exec("mv -f /tmp/chnlist_tmp " .. rule_path .. "/chnlist")
ucic:set(name, ucic:get_first(name, 'global_rules'), "chnlist_version", new_version)
reboot = 1
log("更新chnlist成功...")
else
log("chnlist版本一致不用更新。")
end
else
log("chnlist文件下载失败")
end
os.remove("/tmp/chnlist_1")
os.remove("/tmp/chnlist_2")
os.remove("/tmp/chnlist_3")
os.remove("/tmp/cdn_tmp")
os.remove("/tmp/chnlist_tmp")
end
os.remove("/tmp/chnlist_tmp")
end
if tonumber(geoip_update) == 1 then
log("geoip 开始更新...")
local status = fetch_geoip()
os.remove("/tmp/geoip.dat")
os.remove("/tmp/geoip.dat.sha256sum")
end
if tonumber(geosite_update) == 1 then
log("geosite 开始更新...")
local status = fetch_geosite()
os.remove("/tmp/geosite.dat")
os.remove("/tmp/geosite.dat.sha256sum")
end
ucic:set(name, ucic:get_first(name, 'global_rules'), "gfwlist_update", gfwlist_update)
ucic:set(name, ucic:get_first(name, 'global_rules'), "chnroute_update", chnroute_update)
ucic:set(name, ucic:get_first(name, 'global_rules'), "chnroute6_update", chnroute6_update)
ucic:set(name, ucic:get_first(name, 'global_rules'), "chnlist_update", chnlist_update)
ucic:set(name, ucic:get_first(name, 'global_rules'), "geoip_update", geoip_update)
ucic:set(name, ucic:get_first(name, 'global_rules'), "geosite_update", geosite_update)
ucic:save(name)
luci.sys.call("uci commit " .. name)
if reboot == 1 then
log("重启服务,应用新的规则。")
luci.sys.call("/usr/share/" .. name .. "/iptables.sh flush_ipset && /etc/init.d/" .. name .. " restart")
luci.sys.call("/usr/share/" .. name .. "/iptables.sh flush_ipset && /etc/init.d/" .. name .. " restart")
end
log("规则脚本执行完毕...")
log("规则更新完毕...")

375
package/lienol/luci-app-passwall/root/usr/share/passwall/rules/chnlist
View File

File diff suppressed because it is too large Load Diff

1
package/lienol/luci-app-passwall/root/usr/share/passwall/rules/chnroute
View File

@ -4128,6 +4128,7 @@
103.162.10.0/23
103.162.32.0/23
103.162.38.0/23
103.162.116.0/23
103.192.0.0/22
103.192.4.0/22
103.192.8.0/22

1
package/lienol/luci-app-passwall/root/usr/share/passwall/rules/chnroute6
View File

@ -1769,6 +1769,7 @@
2407:cc0::/32
2407:f40::/32
2407:1180::/32
2407:17c0::/32
2407:1900::/32
2407:1d00::/32
2407:1e80::/32

4454
package/lienol/luci-app-passwall/root/usr/share/passwall/rules/gfwlist.conf
View File

File diff suppressed because it is too large Load Diff