Package Lienol: sync with upstream source

package/lienol/luci-app-brook-server/Makefile

@@ -1,6 +1,6 @@
-# Copyright (C) 2019 Lienol
+# Copyright (C) 2019-2020 Lienol <lawlienol@gmail.com>
 #
-# This is free software, licensed under the Apache License, Version 2.0 .
+# This is free software, licensed under the GNU General Public License v3.
 #
 
 include $(TOPDIR)/rules.mk
@@ -9,10 +9,10 @@ PKG_NAME:=luci-app-brook-server
 LUCI_TITLE:=LuCI support for Brook Server
 LUCI_DEPENDS:=+brook 
 LUCI_PKGARCH:=all
-PKG_VERSION:=1.1
-PKG_RELEASE:=1-20200101
+PKG_VERSION:=1
+PKG_RELEASE:=2-20200326
 
-include $(TOPDIR)/feeds/luci/luci.mk 
+include $(TOPDIR)/feeds/luci/luci.mk
 
 # call BuildPackage - OpenWrt buildroot signature
 

package/lienol/luci-app-brook-server/luasrc/view/brook_server/brook.htm

@@ -160,7 +160,6 @@ local dsp = require "luci.dispatcher"
 	</label>
 	<div class="cbi-value-field">
 		<div class="cbi-value-description">
-			<img src="/luci-static/resources/cbi/help.gif">
 			<span>【 <%=brook_version%>】</span>
 			<input class="cbi-button cbi-input-apply" type="submit" id="_brook-check_btn" onclick="onBtnClick_brook(this);" value="<%:Manually update%>">
 			<span id="_brook-check_btn-detail"></span>

package/lienol/luci-app-brook-server/root/etc/init.d/brook_server

@@ -1,5 +1,5 @@
 #!/bin/sh /etc/rc.common
-# Copyright (C) 2019 Lienol <lawlienol@gmail.com>
+# Copyright (C) 2019-2020 Lienol <lawlienol@gmail.com>
 
 START=99
 
@@ -21,7 +21,7 @@ gen_brook_config_file() {
 	
 	/usr/bin/brook $protocol -l :$port -p $password >/dev/null 2>&1 &
 	
-	is_run=`ps -w| grep -v grep | grep "brook $protocol -l :$port -p $password"`
+	is_run=$(ps -w| grep -v grep | grep "brook $protocol -l :$port -p $password")
 	if [ -z "$is_run" ];then
 		echolog "$remarks $port Brook 运行失败" 
 	else
@@ -37,7 +37,7 @@ start_brook_server() {
 }
 
 stop_brook_server() {
-	fw3 reload >/dev/null 2>&1 &
+	fw3 reload >/dev/null 2>&1
 	ps -w | grep "brook server" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &
 	ps -w | grep "brook ssserver" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &
 	rm -rf $LOG_PATH
@@ -45,7 +45,7 @@ stop_brook_server() {
 
 start() {
 	config_load $CONFIG
-	enable=$(uci get $CONFIG.@global[0].enable)
+	enable=$(uci -q get $CONFIG.@global[0].enable)
 	if [ "$enable" = "0" ];then
 		stop_brook_server
 	else
@@ -59,6 +59,5 @@ stop() {
 
 restart() {
 	stop
-	sleep 1
 	start
 }

package/lienol/luci-app-brook-server/root/usr/share/brook_server/firewall.include

@@ -1,25 +1,39 @@
 #!/bin/sh
 
-. $IPKG_INSTROOT/lib/functions.sh
-. $IPKG_INSTROOT/lib/functions/service.sh
+count=$(iptables -n -L INPUT 2>/dev/null | grep -c "BROOK-SERVER")
+if [ -n "$count" ]; then
+	until [ "$count" = 0 ]
+	do
+		rules=$(iptables -n -L INPUT --line-num 2>/dev/null | grep "BROOK-SERVER" | awk '{print $1}')
+		for rule in $rules
+		do
+			iptables -D INPUT $rule 2>/dev/null
+			break
+		done
+		count=$(expr $count - 1)
+	done
+fi
 
-gen_user_iptables() {
-	config_get enable $1 enable
-	[ "$enable" = "0" ] && return 0
-	config_get remarks $1 remarks
-	config_get port $1 port
-	iptables -A BROOK-SERVER -p tcp --dport $port -m comment --comment "$remarks" -j ACCEPT
-	iptables -A BROOK-SERVER -p udp --dport $port -m comment --comment "$remarks" -j ACCEPT
-}
+iptables -F BROOK-SERVER 2>/dev/null && iptables -X BROOK-SERVER 2>/dev/null
 
-iptables -F BROOK-SERVER 2>/dev/null
-iptables -D INPUT -j BROOK-SERVER 2>/dev/null
-iptables -X BROOK-SERVER 2>/dev/null
-
-enable=$(uci get brook_server.@global[0].enable)
+enable=$(uci -q get brook_server.@global[0].enable)
 if [ $enable -eq 1 ]; then
 	iptables -N BROOK-SERVER
 	iptables -I INPUT -j BROOK-SERVER
-	config_load brook_server
-	config_foreach gen_user_iptables "user"
-fi
+	
+	count=$(uci show brook_server | grep "@user" | sed -n '$p' | cut -d '[' -f 2 | cut -d ']' -f 1)
+	[ -n "$count" ] && [ "$count" -ge 0 ] && {
+		u_get() {
+			local ret=$(uci -q get brook_server.@user[$1].$2)
+			echo ${ret:=$3}
+		}
+		for i in $(seq 0 $count); do
+			enable=$(u_get $i enable 0)
+			[ $enable -eq 0 ] && continue
+			remarks=$(u_get $i remarks)
+			port=$(u_get $i port)
+			iptables -A BROOK-SERVER -p tcp --dport $port -m comment --comment "$remarks" -j ACCEPT
+			iptables -A BROOK-SERVER -p udp --dport $port -m comment --comment "$remarks" -j ACCEPT
+		done
+	}
+fi

package/lienol/luci-app-ipsec-vpnserver-manyusers/Makefile

@@ -8,11 +8,9 @@ include $(TOPDIR)/rules.mk
 LUCI_TITLE:=LuCI support for IPSec VPN Server
 LUCI_DEPENDS:=+strongswan +strongswan-minimal +strongswan-mod-xauth-generic
 LUCI_PKGARCH:=all
-PKG_VERSION:=1.1
-PKG_RELEASE:=2
+PKG_VERSION:=1
+PKG_RELEASE:=6-20200402
 
 include $(TOPDIR)/feeds/luci/luci.mk
 
 # call BuildPackage - OpenWrt buildroot signature
-
-

package/lienol/luci-app-ipsec-vpnserver-manyusers/root/etc/config/ipsec

@@ -3,7 +3,7 @@ config service 'ipsec'
 	option enabled '0'
 	option secret 'ipsec'
 	option clientip '192.168.100.10/24'
-	option clientdns '192.168.1.1'
+	option clientdns '223.5.5.5'
 
 config users
 	option enabled '1'

package/lienol/luci-app-ipsec-vpnserver-manyusers/root/etc/init.d/ipsecvpn

@@ -1,381 +1,30 @@
 #!/bin/sh /etc/rc.common
 
-START=90
-STOP=10
-
-USE_PROCD=1
-PROG=/usr/lib/ipsec/starter
-
-. $IPKG_INSTROOT/lib/functions.sh
-. $IPKG_INSTROOT/lib/functions/network.sh
+START=99
 
 IPSEC_SECRETS_FILE=/etc/ipsec.secrets
 IPSEC_CONN_FILE=/etc/ipsec.conf
-STRONGSWAN_CONF_FILE=/etc/strongswan.conf
 
-IPSEC_VAR_SECRETS_FILE=/var/ipsec/ipsec.secrets
-IPSEC_VAR_CONN_FILE=/var/ipsec/ipsec.conf
-STRONGSWAN_VAR_CONF_FILE=/var/ipsec/strongswan.conf
-
-WAIT_FOR_INTF=0
-
-file_reset() {
-	: > "$1"
+setup_login() {
+	config_get enabled $1 enabled
+	[ "$enabled" -eq 0 ] && return 0
+	config_get username $1 username
+	config_get password $1 password
+	[ -n "$username" ] || return 0
+	[ -n "$password" ] || return 0
+	echo "$username : XAUTH '$password'" >> $IPSEC_SECRETS_FILE
 }
 
-xappend() {
-	local file="$1"
-	shift
-
-	echo "${@}" >> "${file}"
-}
-
-remove_include() {
-	local file="$1"
-	local include="$2"
-
-	sed -i "\_${include}_d" "${file}"
-}
-
-remove_includes() {
-	remove_include "${IPSEC_CONN_FILE}" "${IPSEC_VAR_CONN_FILE}"
-	remove_include "${IPSEC_SECRETS_FILE}" "${IPSEC_VAR_SECRETS_FILE}"
-	remove_include "${STRONGSWAN_CONF_FILE}" "${STRONGSWAN_VAR_CONF_FILE}"
-}
-
-do_include() {
-	local conf="$1"
-	local uciconf="$2"
-	local backup=$(mktemp -t -p /tmp/ ipsec-init-XXXXXX)
-
-	[ ! -f "${conf}" ] && rm -rf "${conf}"
-	touch "${conf}"
-
-	cat "${conf}" | grep -v "${uciconf}" > "${backup}"
-	mv "${backup}" "${conf}"
-	xappend "${conf}" "include ${uciconf}"
-	file_reset "${uciconf}"
-}
-
-ipsec_reset() {
-	do_include "${IPSEC_CONN_FILE}" "${IPSEC_VAR_CONN_FILE}"
-}
-
-ipsec_xappend() {
-	xappend "${IPSEC_VAR_CONN_FILE}" "$@"
-}
-
-swan_reset() {
-	do_include "${STRONGSWAN_CONF_FILE}" "${STRONGSWAN_VAR_CONF_FILE}"
-}
-
-swan_xappend() {
-	xappend "${STRONGSWAN_VAR_CONF_FILE}" "$@"
-}
-
-secret_reset() {
-	do_include "${IPSEC_SECRETS_FILE}" "${IPSEC_VAR_SECRETS_FILE}"
-}
-
-secret_xappend() {
-	xappend "${IPSEC_VAR_SECRETS_FILE}" "$@"
-}
-
-warning() {
-	echo "WARNING: $@" >&2
-}
-
-add_crypto_proposal() {
-	local encryption_algorithm
-	local hash_algorithm
-	local dh_group
-
-	config_get encryption_algorithm  "$1" encryption_algorithm
-	config_get hash_algorithm        "$1" hash_algorithm
-	config_get dh_group              "$1" dh_group
-
-	[ -n "${encryption_algorithm}" ] && \
-		crypto="${crypto:+${crypto},}${encryption_algorithm}${hash_algorithm:+-${hash_algorithm}}${dh_group:+-${dh_group}}"
-}
-
-set_crypto_proposal() {
-	local conf="$1"
-	local proposal
-
-	crypto=""
-
-	config_get crypto_proposal "$conf" crypto_proposal ""
-	for proposal in $crypto_proposal; do
-		add_crypto_proposal "$proposal"
-	done
-
-	[ -n "${crypto}" ] && {
-		local force_crypto_proposal
-
-		config_get_bool force_crypto_proposal "$conf" force_crypto_proposal
-
-		[ "${force_crypto_proposal}" = "1" ] && crypto="${crypto}!"
-	}
-
-	crypto_proposal="${crypto}"
-}
-
-config_conn() {
-	# Generic ipsec conn section shared by tunnel and transport
-	local mode
-	local local_subnet
-	local local_nat
-	local local_sourceip
-	local local_updown
-	local local_firewall
-	local remote_subnet
-	local remote_sourceip
-	local remote_updown
-	local remote_firewall
-	local ikelifetime
-	local lifetime
-	local margintime
-	local keyingtries
-	local dpdaction
-	local dpddelay
-	local inactivity
-	local keyexchange
-
-	config_get mode                     "$1"           mode "route"
-	config_get local_subnet             "$1"           local_subnet ""
-	config_get local_nat                "$1"           local_nat ""
-	config_get local_sourceip           "$1"           local_sourceip ""
-	config_get local_updown             "$1"           local_updown ""
-	config_get local_firewall           "$1"           local_firewall ""
-	config_get remote_subnet            "$1"           remote_subnet ""
-	config_get remote_sourceip          "$1"           remote_sourceip ""
-	config_get remote_updown            "$1"           remote_updown ""
-	config_get remote_firewall          "$1"           remote_firewall ""
-	config_get ikelifetime              "$1"           ikelifetime "3h"
-	config_get lifetime                 "$1"           lifetime "1h"
-	config_get margintime               "$1"           margintime "9m"
-	config_get keyingtries              "$1"           keyingtries "3"
-	config_get dpdaction                "$1"           dpdaction "none"
-	config_get dpddelay                 "$1"           dpddelay "30s"
-	config_get inactivity               "$1"           inactivity
-	config_get keyexchange              "$1"           keyexchange "ikev2"
-
-	[ -n "$local_nat" ] && local_subnet=$local_nat
-
-	ipsec_xappend "conn $config_name-$1"
-	ipsec_xappend "  left=%any"
-	ipsec_xappend "  right=$remote_gateway"
-
-	[ -n "$local_sourceip" ] && ipsec_xappend "  leftsourceip=$local_sourceip"
-	[ -n "$local_subnet" ] && ipsec_xappend "  leftsubnet=$local_subnet"
-
-	[ -n "$local_firewall" ] && ipsec_xappend "  leftfirewall=$local_firewall"
-	[ -n "$remote_firewall" ] && ipsec_xappend "  rightfirewall=$remote_firewall"
-
-	ipsec_xappend "  ikelifetime=$ikelifetime"
-	ipsec_xappend "  lifetime=$lifetime"
-	ipsec_xappend "  margintime=$margintime"
-	ipsec_xappend "  keyingtries=$keyingtries"
-	ipsec_xappend "  dpdaction=$dpdaction"
-	ipsec_xappend "  dpddelay=$dpddelay"
-
-	[ -n "$inactivity" ] && ipsec_xappend "  inactivity=$inactivity"
-
-	if [ "$auth_method" = "psk" ]; then
-		ipsec_xappend "  leftauth=psk"
-		ipsec_xappend "  rightauth=psk"
-
-		[ "$remote_sourceip" != "" ] && ipsec_xappend "  rightsourceip=$remote_sourceip"
-		[ "$remote_subnet" != "" ] && ipsec_xappend "  rightsubnet=$remote_subnet"
-
-		ipsec_xappend "  auto=$mode"
-	else
-		warning "AuthenticationMethod $auth_method not supported"
-	fi
-
-	[ -n "$local_identifier" ] && ipsec_xappend "  leftid=$local_identifier"
-	[ -n "$remote_identifier" ] && ipsec_xappend "  rightid=$remote_identifier"
-	[ -n "$local_updown" ] && ipsec_xappend "  leftupdown=$local_updown"
-	[ -n "$remote_updown" ] && ipsec_xappend "  rightupdown=$remote_updown"
-	ipsec_xappend "  keyexchange=$keyexchange"
-
-	set_crypto_proposal "$1"
-	[ -n "${crypto_proposal}" ] && ipsec_xappend "  esp=$crypto_proposal"
-	[ -n "${ike_proposal}" ] && ipsec_xappend "  ike=$ike_proposal"
-}
-
-config_tunnel() {
-	config_conn "$1"
-
-	# Specific for the tunnel part
-	ipsec_xappend "  type=tunnel"
-}
-
-config_transport() {
-	config_conn "$1"
-
-	# Specific for the transport part
-	ipsec_xappend "  type=transport"
-}
-
-config_remote() {
-	local enabled
-	local gateway
-	local pre_shared_key
-	local auth_method
-
-	config_name=$1
-
-	config_get_bool enabled "$1" enabled 0
-	[ $enabled -eq 0 ] && return
-
-	config_get gateway           "$1" gateway
-	config_get pre_shared_key    "$1" pre_shared_key
-	config_get auth_method       "$1" authentication_method
-	config_get local_identifier  "$1" local_identifier ""
-	config_get remote_identifier "$1" remote_identifier ""
-
-	[ "$gateway" = "any" ] && remote_gateway="%any" || remote_gateway="$gateway"
-
-	[ -z "$local_identifier" ] && {
-		local ipdest
-
-		[ "$remote_gateway" = "%any" ] && ipdest="1.1.1.1" || ipdest="$remote_gateway"
-		local_gateway=$(ip route get $ipdest | awk -F"src" '/src/{gsub(/ /,"");print $2}')
-	}
-
-	[ -n "$local_identifier" ] && secret_xappend -n "$local_identifier " || secret_xappend -n "$local_gateway "
-	[ -n "$remote_identifier" ] && secret_xappend -n "$remote_identifier " || secret_xappend -n "$remote_gateway "
-
-	secret_xappend ": PSK \"$pre_shared_key\""
-
-	set_crypto_proposal "$1"
-	ike_proposal="$crypto_proposal"
-
-	config_list_foreach "$1" tunnel config_tunnel
-
-	config_list_foreach "$1" transport config_transport
-
-	ipsec_xappend ""
-}
-
-config_ipsec() {
-	local debug
-	local rtinstall_enabled
-	local routing_tables_ignored
-	local routing_table
-	local routing_table_id
-	local interface
-	local device_list
-
-	ipsec_reset
-	secret_reset
-	swan_reset
-
-	ipsec_xappend "# generated by /etc/init.d/ipsecvpn"
-	ipsec_xappend "version 2"
-	ipsec_xappend ""
-
-	secret_xappend "# generated by /etc/init.d/ipsecvpn"
-
-	config_get debug "$1" debug 0
-	config_get_bool rtinstall_enabled "$1" rtinstall_enabled 1
-	[ $rtinstall_enabled -eq 1 ] && install_routes=yes || install_routes=no
-
-	# prepare extra charon config option ignore_routing_tables
-	for routing_table in $(config_get "$1" "ignore_routing_tables"); do
-		if [ "$routing_table" -ge 0 ] 2>/dev/null; then
-			routing_table_id=$routing_table
-		else
-			routing_table_id=$(sed -n '/[ \t]*[0-9]\+[ \t]\+'$routing_table'[ \t]*$/s/[ \t]*\([0-9]\+\).*/\1/p' /etc/iproute2/rt_tables)
-		fi
-
-		[ -n "$routing_table_id" ] && append routing_tables_ignored "$routing_table_id"
-	done
-
-	local interface_list=$(config_get "$1" "interface")
-	if [ -z "$interface_list" ]; then
-		WAIT_FOR_INTF=0
-	else
-		for interface in $interface_list; do
-			network_get_device device $interface
-			[ -n "$device" ] && append device_list "$device" ","
-		done
-		[ -n "$device_list" ] && WAIT_FOR_INTF=0 || WAIT_FOR_INTF=1
-	fi
-
-	swan_xappend "# generated by /etc/init.d/ipsecvpn"
-	swan_xappend "charon {"
-	swan_xappend "  load_modular = yes"
-	swan_xappend "  install_routes = $install_routes"
-	[ -n "$routing_tables_ignored" ] && swan_xappend "  ignore_routing_tables = $routing_tables_ignored"
-	[ -n "$device_list" ] && swan_xappend "  interfaces_use = $device_list"
-	swan_xappend "    plugins {"
-	swan_xappend "      include /etc/strongswan.d/charon/*.conf"
-	swan_xappend "    }"
-	swan_xappend "  syslog {"
-	swan_xappend "    identifier = ipsec"
-	swan_xappend "    daemon {"
-	swan_xappend "      default = $debug"
-	swan_xappend "    }"
-	swan_xappend "    auth {"
-	swan_xappend "      default = $debug"
-	swan_xappend "    }"
-	swan_xappend "  }"
-	swan_xappend "}"
-}
-
-prepare_env() {
-	mkdir -p /var/ipsec
-	remove_includes
-	config_load ipsec
-	config_foreach config_ipsec ipsec
-	config_foreach config_remote remote
-}
-
-service_running() {
-	ipsec status > /dev/null 2>&1
-}
-
-reload_service() {
-  local bool vt_enabled=$(uci get ipsec.@service[0].enabled 2>/dev/null)
-  [ "$vt_enabled" = 0 ] && /etc/init.d/ipsecvpn stop > /dev/null 2>&1 && return
-	running && {
-		prepare_env
-		[ $WAIT_FOR_INTF -eq 0 ] && {
-			ipsec rereadall
-			ipsec reload
-			return
-		}
-	}
-	[ "$vt_enabled" = 1 ] && start
-}
-
-check_ipsec_interface() {
-	local intf
-
-	for intf in $(config_get "$1" interface); do
-		procd_add_interface_trigger "interface.*" "$intf" /etc/init.d/ipsecvpn reload
-	done
-}
-
-service_triggers() {
-	procd_add_reload_trigger "ipsec"
-	config load "ipsec"
-	config_foreach check_ipsec_interface ipsec
-}
-
-start_service() {
-	fw3 reload
+start() {
 	local vt_enabled=$(uci -q get ipsec.@service[0].enabled)
+	[ "$vt_enabled" = 0 ] && return 1
+	
 	local vt_clientip=$(uci -q get ipsec.@service[0].clientip)
 	local vt_clientdns=$(uci -q get ipsec.@service[0].clientdns)
 	[ -z "$vt_clientdns" ] && local vt_clientdns="8.8.4.4"
 	local vt_secret=$(uci -q get ipsec.@service[0].secret)
 	
-	[ "$vt_enabled" = 0 ] && /etc/init.d/ipsecvpn stop > /dev/null 2>&1 && return
-	
-	cat > /etc/ipsec.conf <<EOF
+	cat > $IPSEC_CONN_FILE <<EOF
 # ipsec.conf - strongSwan IPsec configuration file
 
 # basic configuration
@@ -408,32 +57,12 @@ EOF
 
 	config_load ipsec
 	config_foreach setup_login users
-  
-	prepare_env
-
-	[ $WAIT_FOR_INTF -eq 1 ] && return
-
-	procd_open_instance
-
-	procd_set_param command $PROG --daemon charon --nofork
-
-	procd_set_param file $IPSEC_CONN_FILE
-	procd_append_param file $IPSEC_SECRETS_FILE
-	procd_append_param file $STRONGSWAN_CONF_FILE
-	procd_append_param file /etc/strongswan.d/*.conf
-	procd_append_param file /etc/strongswan.d/charon/*.conf
-
-	procd_set_param respawn
-
-	procd_close_instance
+	
+	/usr/lib/ipsec/starter --daemon charon --nofork > /dev/null 2>&1 &
+	fw3 -q reload 2>&1 &
 }
 
-setup_login() {
-	config_get enabled $1 enabled
-	[ "$enabled" -eq 0 ] && return 0
-	config_get username $1 username
-	config_get password $1 password
-	[ -n "$username" ] || return 0
-	[ -n "$password" ] || return 0
-	echo "$username : XAUTH '$password'" >> /etc/ipsec.secrets
-}
+stop() {
+	ps -w | grep "/usr/lib/ipsec" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1
+	fw3 -q reload 2>&1
+}

package/lienol/luci-app-ipsec-vpnserver-manyusers/root/etc/uci-defaults/luci-app-ipsec-vpnserver-manyusers

@@ -11,7 +11,7 @@ EOF
 uci -q batch <<-EOF >/dev/null
 	delete ucitrack.@ipsec[-1]
 	add ucitrack ipsec
-	set ucitrack.@ipsec[-1].exec='/etc/init.d/ipsecvpn start'
+	set ucitrack.@ipsec[-1].init=ipsecvpn
 	commit ucitrack
 EOF
 
@@ -19,5 +19,5 @@ EOF
 rm -f /etc/init.d/ipsec
 chmod a+x /usr/share/ipsecvpn/* >/dev/null 2>&1
 
-rm -f /tmp/luci-indexcache
+rm -rf /tmp/luci-*cache
 exit 0

package/lienol/luci-app-ipsec-vpnserver-manyusers/root/usr/share/ipsecvpn/firewall.include

@@ -1,11 +1,11 @@
 #!/bin/sh
 
 iptables -D INPUT -p udp -m multiport --dports 500,4500 -m comment --comment "IPSec VPN Server" -j ACCEPT 2> /dev/null
-ipsec_nums=$(iptables -t nat -L POSTROUTING 2> /dev/null | grep -c "IPSec VPN Server")
+ipsec_nums=$(iptables -t nat -n -L POSTROUTING 2>/dev/null | grep -c "IPSec VPN Server")
 if [ -n "$ipsec_nums" ]; then
 	until [ "$ipsec_nums" = 0 ]
 	do
-		rules=$(iptables -t nat -L POSTROUTING --line-num 2> /dev/null | grep "IPSec VPN Server" |awk '{print $1}')
+		rules=$(iptables -t nat -n -L POSTROUTING --line-num 2>/dev/null | grep "IPSec VPN Server" | awk '{print $1}')
 		for rule in $rules
 		do
 			iptables -t nat -D POSTROUTING $rule 2> /dev/null
@@ -14,17 +14,17 @@ if [ -n "$ipsec_nums" ]; then
 		ipsec_nums=$(expr $ipsec_nums - 1)
 	done
 fi
-nums=$(iptables -L forwarding_rule 2> /dev/null | grep -c "IPSec VPN Server")
+nums=$(iptables -n -L forwarding_rule 2>/dev/null | grep -c "IPSec VPN Server")
 if [ -n "$nums" ]; then
 	until [ "$nums" = 0 ]
 	do
-		rules=$(iptables -L forwarding_rule --line-num 2> /dev/null | grep "IPSec VPN Server" |awk '{print $1}')
+		rules=$(iptables -n -L forwarding_rule --line-num 2>/dev/null | grep "IPSec VPN Server" | awk '{print $1}')
 		for rule in $rules
 		do
 			iptables -D forwarding_rule $rule 2> /dev/null
 			break
 		done
-			nums=$(expr $nums - 1)
+		nums=$(expr $nums - 1)
 	done
 fi
 
@@ -33,5 +33,7 @@ if [ -n "$enable" -a "$enable" == 1 ]; then
 	clientip=$(uci -q get ipsec.ipsec.clientip)
 	iptables -t nat -I POSTROUTING -s ${clientip%.*}.0/24 -m comment --comment "IPSec VPN Server" -j MASQUERADE
 	iptables -I forwarding_rule -s ${clientip%.*}.0/24 -m comment --comment "IPSec VPN Server" -j ACCEPT
+	iptables -I forwarding_rule -m policy --dir in --pol ipsec --proto esp -m comment --comment "IPSec VPN Server" -j ACCEPT
+	iptables -I forwarding_rule -m policy --dir out --pol ipsec --proto esp -m comment --comment "IPSec VPN Server" -j ACCEPT
 	iptables -I INPUT -p udp -m multiport --dports 500,4500 -m comment --comment "IPSec VPN Server" -j ACCEPT
 fi

package/lienol/luci-app-pppoe-server/Makefile

@@ -0,0 +1,23 @@
+# Copyright (C) 2018-2020 Lienol <lawlienol@gmail.com>
+#
+# This is free software, licensed under the Apache License, Version 2.0 .
+#
+
+include $(TOPDIR)/rules.mk
+
+LUCI_TITLE:=LuCI support for PPPoE Server
+LUCI_DEPENDS:=+rp-pppoe-common +rp-pppoe-server
+LUCI_PKGARCH:=all
+PKG_VERSION:=1
+PKG_RELEASE:=8-20200326
+
+define Package/luci-app-pppoe-server/preinst
+#!/bin/sh
+rm -rf $${IPKG_INSTROOT}/etc/config/pppoe-server >/dev/null 2>&1
+rm -rf $${IPKG_INSTROOT}/etc/init.d/pppoe-server >/dev/null 2>&1
+exit 0
+endef
+
+include $(TOPDIR)/feeds/luci/luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature

package/lienol/luci-app-pppoe-server/luasrc/controller/pppoe-server.lua

@@ -0,0 +1,25 @@
+-- Copyright 2018-2019 Lienol <lawlienol@gmail.com>
+module("luci.controller.pppoe-server", package.seeall)
+
+function index()
+    if not nixio.fs.access("/etc/config/pppoe-server") then return end
+
+    entry({"admin", "services", "pppoe-server"},
+          alias("admin", "services", "pppoe-server", "settings"),
+          _("PPPoE Server"), 3)
+    entry({"admin", "services", "pppoe-server", "settings"},
+          cbi("pppoe-server/settings"), _("General Settings"), 10).leaf = true
+    entry({"admin", "services", "pppoe-server", "users"},
+          cbi("pppoe-server/users"), _("Users Manager"), 20).leaf = true
+    entry({"admin", "services", "pppoe-server", "online"},
+          cbi("pppoe-server/online"), _("Online Users"), 30).leaf = true
+    entry({"admin", "services", "pppoe-server", "status"}, call("status")).leaf =
+        true
+end
+
+function status()
+    local e = {}
+    e.status = luci.sys.call("pidof %s >/dev/null" % "pppoe-server") == 0
+    luci.http.prepare_content("application/json")
+    luci.http.write_json(e)
+end

package/lienol/luci-app-pppoe-server/luasrc/model/cbi/pppoe-server/online.lua

@@ -0,0 +1,36 @@
+local e = {}
+local o = require "luci.dispatcher"
+local a = luci.util.execi(
+              "/bin/busybox top -bn1 | grep 'pppd plugin rp-pppoe.so' | grep -v 'grep'")
+for t in a do
+    local a, n, h, s, o = t:match(
+                              "^ *(%d+) +(%d+) +.+rp_pppoe_sess 1:+([A-Fa-f0-9]+:[A-Fa-f0-9]+:[A-Fa-f0-9]+:[A-Fa-f0-9]+:[A-Fa-f0-9]+:[A-Fa-f0-9]+[A-Fa-f0-9]) +.+options +(%S.-%S)%:(%S.-%S) ")
+    local t = tonumber(a)
+    if t then
+        e["%02i.%s" % {t, "online"}] = {
+            ['PID'] = a,
+            ['PPID'] = n,
+            ['MAC'] = h,
+            ['GATEWAY'] = s,
+            ['CIP'] = o,
+            ['BLACKLIST'] = 0
+        }
+    end
+end
+f = SimpleForm("processes", translate("PPPoE Server"))
+f.reset = false
+f.submit = false
+f.description = translate(
+                    "The PPPoE server is a broadband access authentication server that prevents ARP spoofing.")
+t = f:section(Table, e, translate("Online Users"))
+t:option(DummyValue, "GATEWAY", translate("Server IP"))
+t:option(DummyValue, "CIP", translate("IP address"))
+t:option(DummyValue, "MAC", translate("MAC"))
+
+kill = t:option(Button, "_kill", translate("Forced offline"))
+kill.inputstyle = "reset"
+function kill.write(e, t)
+    null, e.tag_error[t] = luci.sys.process.signal(e.map:get(t, "PID"), 9)
+    luci.http.redirect(o.build_url("admin/services/pppoe-server/online"))
+end
+return f

package/lienol/luci-app-pppoe-server/luasrc/model/cbi/pppoe-server/settings.lua

@@ -0,0 +1,82 @@
+local s = require "luci.sys"
+local net = require"luci.model.network".init()
+local ifaces = s.net:devices()
+local m, s, o
+m = Map("pppoe-server", translate("PPPoE Server"))
+m.description = translate(
+                    "The PPPoE server is a broadband access authentication server that prevents ARP spoofing.")
+m.template = "pppoe-server/index"
+s = m:section(TypedSection, "service")
+s.anonymous = true
+o = s:option(DummyValue, "rp_pppoe_server_status",
+             translate("Current Condition"))
+o.template = "pppoe-server/status"
+o.value = translate("Collecting data...")
+o = s:option(Flag, "enabled", translate("Enable"),
+             translate("Enable or disable the PPPoE server"))
+o.rmempty = false
+o = s:option(ListValue, "client_interface", translate("Client Interface"),
+             translate("Listen in this interface"))
+for _, iface in ipairs(ifaces) do
+    if (iface:match("^br") or iface:match("^eth*") or iface:match("^pppoe*") or iface:match("wlan*")) then
+        local nets = net:get_interface(iface)
+        nets = nets and nets:get_networks() or {}
+        for k, v in pairs(nets) do nets[k] = nets[k].sid end
+        nets = table.concat(nets, ",")
+        o:value(iface, ((#nets > 0) and "%s (%s)" % {iface, nets} or iface))
+    end
+end
+o.rmempty = true
+
+o = s:option(Value, "localip", translate("Server IP"),
+             translate("PPPoE Server IP address.default: 10.0.1.1"))
+o.datatype = "ipaddr"
+o.placeholder = translate("10.0.1.1")
+o.rmempty = true
+o.default = "10.0.1.1"
+o = s:option(Value, "remoteip", translate("Client IP"),
+             translate("PPPoE Client IP address.default: 10.0.1.100-254"))
+o.placeholder = translate("10.0.1.100-254")
+o.rmempty = true
+o.default = "10.0.1.100-254"
+o = s:option(Value, "count", translate("Client upper limit"), translate(
+                 "Specify how many clients can connect to the server simultaneously."))
+o.placeholder = translate("50")
+o.rmempty = true
+o.default = "50"
+o = s:option(Value, "dns1", translate("DNS IP address1"), translate(
+                 "Set the PPPoE server to default DNS server, which is not required."))
+o.placeholder = translate("10.0.1.1")
+o.datatype = "ipaddr"
+o.default = "10.0.1.1"
+o = s:option(Value, "dns2", translate("DNS IP address2"), translate(
+                 "Set the PPPoE server to default DNS server, which is not required."))
+o.placeholder = translate("119.29.29.29")
+o.datatype = "ipaddr"
+o.default = "119.29.29.29"
+o = s:option(Value, "mru", translate("mru"), translate(
+                 "You may not be able to access the Internet if you don't set it up properly.default: 1492"))
+o.default = "1492"
+o = s:option(Value, "mtu", translate("mtu"), translate(
+                 "You may not be able to access the Internet if you don't set it up properly.default: 1492"))
+o.default = "1492"
+o = s:option(Flag, "is_nat", translate("is_nat"))
+o.rmempty = false
+o = s:option(ListValue, "export_interface", translate("Interface"),
+             translate("Specify interface forwarding traffic."))
+o:value("default", translate("default"))
+for _, iface in ipairs(ifaces) do
+    if (iface:match("^br") or iface:match("^eth*") or iface:match("^pppoe*") or iface:match("wlan*")) then
+        local nets = net:get_interface(iface)
+        nets = nets and nets:get_networks() or {}
+        for k, v in pairs(nets) do nets[k] = nets[k].sid end
+        nets = table.concat(nets, ",")
+        o:value(iface, ((#nets > 0) and "%s (%s)" % {iface, nets} or iface))
+    end
+end
+o:depends("is_nat", "1")
+o = s:option(Value, "log", translate("Log"),
+             translate("Log save path, default: /var/log/pppoe-server.log"))
+o.default = "/var/log/pppoe-server.log"
+o.rmempty = false
+return m

package/lienol/luci-app-pppoe-server/luasrc/model/cbi/pppoe-server/users.lua

@@ -0,0 +1,28 @@
+m = Map("pppoe-server", translate("PPPoE Server"))
+m.description = translate(
+                    "The PPPoE server is a broadband access authentication server that prevents ARP spoofing.")
+s = m:section(TypedSection, "user", translate("Users Manager"))
+s.addremove = true
+s.anonymous = true
+s.template = "cbi/tblsection"
+
+o = s:option(Flag, "enabled", translate("Enabled"))
+o.rmempty = false
+
+o = s:option(Value, "username", translate("User name"))
+o.placeholder = translate("User name")
+o.rmempty = true
+
+o = s:option(Value, "password", translate("Password"))
+o.rmempty = true
+
+o = s:option(Value, "ipaddress", translate("IP address"))
+o.placeholder = translate("Automatically")
+o.datatype = "ipaddr"
+o.rmempty = true
+function o.cfgvalue(e, t)
+    value = e.map:get(t, "ipaddress")
+    return value == "*" and "" or value
+end
+function o.remove(e, t) Value.write(e, t, "*") end
+return m

package/lienol/luci-app-pppoe-server/luasrc/view/pppoe-server/index.htm

@@ -0,0 +1,13 @@
+<% include("cbi/map") %>
+<script type="text/javascript">//<![CDATA[
+	XHR.poll(2, '<%=luci.dispatcher.build_url("admin", "services", "pppoe-server", "status")%>', null,
+		function(x, result)
+		{
+			var status = document.getElementsByClassName('pppoe_server_status')[0];
+			status.setAttribute("style","font-weight:bold;");
+			status.setAttribute("color",result.status ? "green":"red");
+			status.innerHTML = result.status?'<%=translate("RUNNING")%>':'<%=translate("NOT RUNNING")%>';
+		}
+	)
+//]]>
+</script>

package/lienol/luci-app-pppoe-server/luasrc/view/pppoe-server/status.htm

@@ -0,0 +1,3 @@
+<%+cbi/valueheader%>
+<font class="pppoe_server_status"><%=pcdata(self:cfgvalue(section) or self.default or "")%></font>
+<%+cbi/valuefooter%>

package/lienol/luci-app-pppoe-server/po/zh_Hans/pppoe-server.po

@@ -0,0 +1,101 @@
+msgid "PPPoE Server"
+msgstr "PPPoE 服务器"
+
+msgid "The PPPoE server is a broadband access authentication server that prevents ARP spoofing."
+msgstr "PPPoE服务器是一个宽带接入认证服务器，可以防止ARP欺骗."
+
+msgid "PPPoE Server status"
+msgstr "PPPoE 服务器运行状态"
+
+msgid "Current Condition"
+msgstr "当前状态"
+
+msgid "General settings"
+msgstr "基本设置"
+
+msgid "Enable or disable the PPPoE server"
+msgstr "启用或禁用PPPoE服务器"
+
+msgid "Client Interface"
+msgstr "客户端接口"
+
+msgid "Listen in this interface"
+msgstr "监听客户端接口"
+
+msgid "Server IP"
+msgstr "服务器 IP 地址"
+
+msgid "PPPoE Server IP address.default: 10.0.1.1"
+msgstr "PPPoE 服务器远程地址。默认：10.0.1.1"
+
+msgid "Client IP"
+msgstr "客户端 IP 地址"
+
+msgid "PPPoE Client IP address.default: 10.0.1.100-254"
+msgstr "分配给客户端的 IP 地址范围。默认：10.0.1.100-254"
+
+msgid "DNS IP address1"
+msgstr "DNS 1"
+
+msgid "DNS IP address2"
+msgstr "DNS 2"
+
+msgid "Set the PPPoE server to default DNS server, which is not required."
+msgstr "设置 PPPoE 服务器第一个 DNS 服务器，该设置非必须。"
+
+msgid "Set the PPPoE server to default DNS server, which is not required."
+msgstr "设置 PPPoE 服务器第二个 DNS 服务器，该设置非必须。"
+
+msgid "Client upper limit"
+msgstr "客户端上限数"
+
+msgid "Specify how many clients can connect to the server simultaneously."
+msgstr "指定有多少客户端可以同时连接到服务器"
+
+msgid "You may not be able to access the Internet if you don't set it up properly.default: 1492"
+msgstr "如果设置不当，你可能无法访问互联网。默认：1492"
+
+msgid "is_nat"
+msgstr "NAT转发"
+
+msgid "Interface"
+msgstr "接口"
+
+msgid "Specify interface forwarding traffic."
+msgstr "指定接口转发流量。"
+
+msgid "Log"
+msgstr "日志"
+
+msgid "Log save path, default: /var/log/pppoe-server.log"
+msgstr "日志保存路径，默认：/var/log/pppoe-server.log"
+
+msgid "Users Manager"
+msgstr "用户管理"
+
+msgid "Enabled"
+msgstr "启用"
+
+msgid "User name"
+msgstr "用户名"
+
+msgid "Password"
+msgstr "密码"
+
+msgid "IP address"
+msgstr "IP 地址"
+
+msgid "Automatically"
+msgstr "自动分配"
+
+msgid "Online Users""
+msgstr "在线用户"
+
+msgid "Forced offline"
+msgstr "强制下线"
+
+msgid "NOT RUNNING"
+msgstr "未运行"
+
+msgid "RUNNING"
+msgstr "运行中"

package/lienol/luci-app-pppoe-server/root/etc/config/pppoe-server

@@ -0,0 +1,21 @@
+
+config service
+	option localip '10.0.1.1'
+	option log '/var/log/pppoe-server.log'
+	option count '50'
+	option mru '1492'
+	option mtu '1492'
+	option remoteip '10.0.1.100-254'
+	option is_nat '1'
+	option export_interface 'default'
+	option client_interface 'eth0'
+	option enabled '0'
+	option dns1 '10.0.1.1'
+	option dns2 '192.168.0.2'
+
+config user
+	option enabled '1'
+	option ipaddress '*'
+	option username 'guest'
+	option password '123456'
+

package/lienol/luci-app-pppoe-server/root/etc/init.d/pppoe-server

@@ -0,0 +1,101 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2018-2020 Lienol <lawlienol@gmail.com>
+
+START=99
+
+CONFIG="pppoe-server"
+CONFIG_FILE=/etc/ppp/$CONFIG-options
+CHAP_SECRETS=/var/etc/chap-secrets
+TEMP=/tmp/$CONFIG.tmp
+
+config_t_get() {
+	local index=0
+	[ -n "$4" ] && index=$4
+	local ret=$(uci -q get $CONFIG.@$1[$index].$2 2>/dev/null)
+	echo ${ret:=$3}
+}
+
+setup_users() {
+	config_get enabled $1 enabled
+	[ "$enabled" -eq 0 ] && return 0
+	config_get username $1 username
+	config_get password $1 password
+	config_get ipaddress $1 ipaddress
+	[ -n "$username" -a -n "$password" ] && echo "$username $CONFIG $password $ipaddress" >> $CHAP_SECRETS
+}
+
+del_user()
+{
+	cat $CHAP_SECRETS | grep -v $CONFIG > $TEMP
+	cat $TEMP > $CHAP_SECRETS
+	rm $TEMP
+}
+
+start() {
+	config_load pppoe-server
+	enabled=$(config_t_get service enabled)
+	[ "$enabled" -eq 0 ]  && exit 0
+	cat <<-EOF >$CONFIG_FILE
+# PPP options for the PPPoE server
+# LIC: GPL
+name $CONFIG
+login
+require-mschap-v2
+refuse-chap
+require-pap
+lcp-echo-interval 10
+lcp-echo-failure 2
+mru $(config_t_get service mru 1492)
+mtu $(config_t_get service mtu 1492)
+ms-dns $(config_t_get service dns1 223.5.5.5)
+ms-dns $(config_t_get service dns2 119.29.29.29)
+logfile $(config_t_get service log /var/log/pppoe-server.log)
+EOF
+	del_user
+	config_foreach setup_users user
+	ln -sfn $CHAP_SECRETS /etc/ppp/chap-secrets
+	local is_nat=$(config_t_get service is_nat)
+	local localip=$(config_t_get service localip)
+	if [ "$is_nat" -eq 1 ];then
+		local export_interface=$(config_t_get service export_interface)
+		if [ "$export_interface" != "default" ];then
+			iptables -t nat -A POSTROUTING -s ${localip%.*}.0/24 -o ${export_interface} -m comment --comment "PPPoE Server" -j MASQUERADE
+		else
+			iptables -t nat -A POSTROUTING -s ${localip%.*}.0/24 -m comment --comment "PPPoE Server" -j MASQUERADE
+		fi
+		iptables -A forwarding_rule -s ${localip%.*}.0/24 -m comment --comment "PPPoE Server" -j ACCEPT
+	fi
+	/usr/sbin/pppoe-server -k -I $(config_t_get service client_interface) -L $(config_t_get service localip) -R $(config_t_get service remoteip) -N $(config_t_get service count)
+}
+
+stop() {
+	del_user
+	nums=$(iptables -t nat -n -L POSTROUTING 2>/dev/null | grep -c "PPPoE Server")
+	if [ -n "$nums" ]; then
+		until [ "$nums" = 0 ]
+		do
+			rules=$(iptables -t nat -n -L POSTROUTING --line-num 2>/dev/null | grep "PPPoE Server" | awk '{print $1}')
+			for rule in $rules
+			do
+				iptables -t nat -D POSTROUTING $rule 2> /dev/null
+				break
+			done
+			nums=$(expr $nums - 1)
+		done
+	fi
+	nums2=$(iptables -L forwarding_rule 2>/dev/null | grep -c "PPPoE Server")
+	if [ -n "$nums2" ]; then
+		until [ "$nums2" = 0 ]
+		do
+			rules=$(iptables -L forwarding_rule --line-num 2>/dev/null | grep "PPPoE Server" | awk '{print $1}')
+			for rule in $rules
+			do
+				iptables -D forwarding_rule $rule 2> /dev/null
+				break
+			done
+			nums2=$(expr $nums2 - 1)
+		done
+	fi
+	ps | grep "pppd plugin rp-pppoe.so" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &
+	killall -q -9 pppoe-server
+}

package/lienol/luci-app-pppoe-server/root/etc/uci-defaults/luci-app-pppoe-server

@@ -0,0 +1,11 @@
+#!/bin/sh
+
+uci -q batch <<-EOF >/dev/null
+	delete ucitrack.@pppoe-server[-1]
+	add ucitrack pppoe-server
+	set ucitrack.@pppoe-server[-1].init=pppoe-server
+	commit ucitrack
+EOF
+
+rm -f /tmp/luci-indexcache
+exit 0

package/lienol/luci-app-ssr-libev-server/Makefile

@@ -1,4 +1,4 @@
-# Copyright (C) 2018-2019 Lienol
+# Copyright (C) 2018-2020 Lienol <lawlienol@gmail.com>
 #
 # This is free software, licensed under the Apache License, Version 2.0 .
 #
@@ -8,11 +8,9 @@ include $(TOPDIR)/rules.mk
 LUCI_TITLE:=LuCI support for SSR Libev Server
 LUCI_DEPENDS:=+libsodium +shadowsocksr-libev-server
 LUCI_PKGARCH:=all
-PKG_VERSION:=1.0
-PKG_RELEASE:=6-20190704
+PKG_VERSION:=1
+PKG_RELEASE:=8-20200326
 
 include $(TOPDIR)/feeds/luci/luci.mk
 
 # call BuildPackage - OpenWrt buildroot signature
-
-

package/lienol/luci-app-ssr-libev-server/root/etc/init.d/ssr_libev_server

@@ -1,5 +1,5 @@
 #!/bin/sh /etc/rc.common
-# Copyright (C) 2018-2019 Lienol <lawlienol@gmail.com>
+# Copyright (C) 2018-2020 Lienol <lawlienol@gmail.com>
 
 START=99
 
@@ -43,11 +43,11 @@ gen_ssr_libev_config_file() {
 
 start_ssr_libev_server() {
 	config_foreach gen_ssr_libev_config_file "user"
-	fw3 reload
+	fw3 reload >/dev/null 2>&1 &
 }
 
 stop_ssr_libev_server() {
-	fw3 reload
+	fw3 reload >/dev/null 2>&1
 	ps -w | grep "$CONFIG_PATH/" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &
 }
 
@@ -69,6 +69,5 @@ stop() {
 
 restart() {
 	stop
-	sleep 1
 	start
 }

package/lienol/luci-app-ssr-libev-server/root/usr/share/ssr_libev_server/firewall.include

@@ -1,27 +1,40 @@
 #!/bin/sh
 
-. $IPKG_INSTROOT/lib/functions.sh
-. $IPKG_INSTROOT/lib/functions/service.sh
+count=$(iptables -n -L INPUT 2>/dev/null | grep -c "SSR_LIBEV-SERVER")
+if [ -n "$count" ]; then
+	until [ "$count" = 0 ]
+	do
+		rules=$(iptables -n -L INPUT --line-num 2>/dev/null | grep "SSR_LIBEV-SERVER" | awk '{print $1}')
+		for rule in $rules
+		do
+			iptables -D INPUT $rule 2>/dev/null
+			break
+		done
+		count=$(expr $count - 1)
+	done
+fi
 
-gen_user_iptables() {
-	config_get enable $1 enable
-	[ "$enable" = "0" ] && return 0
-	config_get remarks $1 remarks
-	config_get port $1 port
-	config_get udp_forward $1 udp_forward
-	
-	iptables -A SSR_LIBEV-SERVER -p tcp --dport $port -m comment --comment "$remarks" -j ACCEPT
-	[ "$udp_forward" = "1" ] && iptables -A SSR_LIBEV-SERVER -p udp --dport $port -m comment --comment "$remarks" -j ACCEPT
-}
+iptables -F SSR_LIBEV-SERVER 2>/dev/null && iptables -X SSR_LIBEV-SERVER 2>/dev/null
 
-iptables -F SSR_LIBEV-SERVER 2>/dev/null
-iptables -D INPUT -j SSR_LIBEV-SERVER 2>/dev/null
-iptables -X SSR_LIBEV-SERVER 2>/dev/null
-
-enable=$(uci get ssr_libev_server.@global[0].enable)
+enable=$(uci -q get ssr_libev_server.@global[0].enable)
 if [ $enable -eq 1 ]; then
 	iptables -N SSR_LIBEV-SERVER
 	iptables -I INPUT -j SSR_LIBEV-SERVER
-	config_load ssr_libev_server
-	config_foreach gen_user_iptables "user"
-fi
+	
+	count=$(uci show ssr_libev_server | grep "@user" | sed -n '$p' | cut -d '[' -f 2 | cut -d ']' -f 1)
+	[ -n "$count" ] && [ "$count" -ge 0 ] && {
+		u_get() {
+			local ret=$(uci -q get ssr_libev_server.@user[$1].$2)
+			echo ${ret:=$3}
+		}
+		for i in $(seq 0 $count); do
+			enable=$(u_get $i enable 0)
+			[ $enable -eq 0 ] && continue
+			remarks=$(u_get $i remarks)
+			port=$(u_get $i port)
+			udp_forward=$(u_get $i udp_forward)
+			iptables -A SSR_LIBEV-SERVER -p tcp --dport $port -m comment --comment "$remarks" -j ACCEPT
+			[ "$udp_forward" = "1" ] && iptables -A SSR_LIBEV-SERVER -p udp --dport $port -m comment --comment "$remarks" -j ACCEPT
+		done
+	}
+fi

package/lienol/luci-app-ssr-python-pro-server/Makefile

@@ -8,8 +8,8 @@ include $(TOPDIR)/rules.mk
 LUCI_TITLE:=LuCI support for SSR Python Pro Server
 LUCI_DEPENDS:=+libsodium +luci-lib-jsonc +python3
 LUCI_PKGARCH:=all
-PKG_VERSION:=1.0
-PKG_RELEASE:=7-20200404
+PKG_VERSION:=2
+PKG_RELEASE:=1-20200326
 
 include $(TOPDIR)/feeds/luci/luci.mk
 

package/lienol/luci-app-ssr-python-pro-server/root/etc/init.d/ssr_python_pro_server

@@ -1,5 +1,5 @@
 #!/bin/sh /etc/rc.common
-# Copyright (C) 2018-2019 Lienol <lawlienol@gmail.com>
+# Copyright (C) 2018-2020 Lienol <lawlienol@gmail.com>
 
 START=99
 
@@ -9,7 +9,7 @@ ssr_python_path=/usr/share/$CONFIG
 config_t_get() {
 	local index=0
 	[ -n "$4" ] && index=$4
-	local ret=$(uci get $CONFIG.@$1[$index].$2 2>/dev/null)
+	local ret=$(uci -q get $CONFIG.@$1[$index].$2 2>/dev/null)
 	echo ${ret:=$3}
 }
 
@@ -58,7 +58,7 @@ start_ssr_python_server() {
 	$python $ssr_python_path/server.py >> /var/log/$CONFIG.log 2>&1 &
 	set_ssr_python_crontab "start"
 	
-	fw3 reload
+	fw3 reload > /dev/null 2>&1 &
 	
 :<<EOF
 	cbi_ids=
@@ -72,7 +72,7 @@ EOF
 }
 
 stop_ssr_python_server() {
-	fw3 reload
+	fw3 reload > /dev/null 2>&1
 	ps -w | grep "/usr/bin/python $ssr_python_path/server.py" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &
 	rm -rf /var/log/$CONFIG.log
 	set_ssr_python_crontab "stop"
@@ -95,6 +95,5 @@ stop() {
 
 restart() {
 	stop
-	sleep 1
 	start
 }

package/lienol/luci-app-ssr-python-pro-server/root/usr/share/ssr_python_pro_server/firewall.include

@@ -1,25 +1,39 @@
 #!/bin/sh
 
-. $IPKG_INSTROOT/lib/functions.sh
-. $IPKG_INSTROOT/lib/functions/service.sh
+count=$(iptables -n -L INPUT 2>/dev/null | grep -c "SSR_PYTHON-SERVER")
+if [ -n "$count" ]; then
+	until [ "$count" = 0 ]
+	do
+		rules=$(iptables -n -L INPUT --line-num 2>/dev/null | grep "SSR_PYTHON-SERVER" | awk '{print $1}')
+		for rule in $rules
+		do
+			iptables -D INPUT $rule 2>/dev/null
+			break
+		done
+		count=$(expr $count - 1)
+	done
+fi
 
-gen_user_iptables() {
-	config_get enable $1 enable
-	[ "$enable" = "0" ] && return 0
-	config_get remarks $1 remarks
-	config_get port $1 port
-	iptables -A SSR_PYTHON-SERVER -p tcp --dport $port -m comment --comment "$remarks" -j ACCEPT
-	iptables -A SSR_PYTHON-SERVER -p udp --dport $port -m comment --comment "$remarks" -j ACCEPT
-}
+iptables -F SSR_PYTHON-SERVER 2>/dev/null && iptables -X SSR_PYTHON-SERVER 2>/dev/null
 
-iptables -F SSR_PYTHON-SERVER 2>/dev/null
-iptables -D INPUT -j SSR_PYTHON-SERVER 2>/dev/null
-iptables -X SSR_PYTHON-SERVER 2>/dev/null
-
-enable=$(uci get ssr_python_pro_server.@global[0].enable)
+enable=$(uci -q get ssr_python_pro_server.@global[0].enable)
 if [ $enable -eq 1 ]; then
 	iptables -N SSR_PYTHON-SERVER
 	iptables -I INPUT -j SSR_PYTHON-SERVER
-	config_load ssr_python_pro_server
-	config_foreach gen_user_iptables "user"
-fi
+	
+	count=$(uci show ssr_python_pro_server | grep "@user" | sed -n '$p' | cut -d '[' -f 2 | cut -d ']' -f 1)
+	[ -n "$count" ] && [ "$count" -ge 0 ] && {
+		u_get() {
+			local ret=$(uci -q get ssr_python_pro_server.@user[$1].$2)
+			echo ${ret:=$3}
+		}
+		for i in $(seq 0 $count); do
+			enable=$(u_get $i enable 0)
+			[ $enable -eq 0 ] && continue
+			remarks=$(u_get $i remarks)
+			port=$(u_get $i port)
+			iptables -A SSR_PYTHON-SERVER -p tcp --dport $port -m comment --comment "$remarks" -j ACCEPT
+			iptables -A SSR_PYTHON-SERVER -p udp --dport $port -m comment --comment "$remarks" -j ACCEPT
+		done
+	}
+fi

package/lienol/luci-app-timecontrol/Makefile

@@ -0,0 +1,15 @@
+# Copyright (C) 2020 Lienol <lawlienol@gmail.com>
+#
+# This is free software, licensed under the GNU General Public License v3.
+#
+
+include $(TOPDIR)/rules.mk
+
+LUCI_TITLE:=LuCI support for Time Control
+LUCI_PKGARCH:=all
+PKG_VERSION:=1.0
+PKG_RELEASE:=1-20200402
+
+include $(TOPDIR)/feeds/luci/luci.mk
+
+# call BuildPackage - OpenWrt buildroot signature

package/lienol/luci-app-timecontrol/luasrc/controller/timecontrol.lua

@@ -0,0 +1,17 @@
+module("luci.controller.timecontrol", package.seeall)
+
+function index()
+    if not nixio.fs.access("/etc/config/timecontrol") then return end
+
+    entry({"admin", "control"}, firstchild(), "Control", 44).dependent = false
+    entry({"admin", "control", "timecontrol"}, cbi("timecontrol"), _("Internet Time Control"), 10).dependent =
+        true
+    entry({"admin", "control", "timecontrol", "status"}, call("status")).leaf = true
+end
+
+function status()
+    local e = {}
+    e.status = luci.sys.call("iptables -L FORWARD | grep TIMECONTROL >/dev/null") == 0
+    luci.http.prepare_content("application/json")
+    luci.http.write_json(e)
+end

package/lienol/luci-app-timecontrol/luasrc/model/cbi/timecontrol.lua

@@ -0,0 +1,57 @@
+local o = require "luci.sys"
+local a, t, e
+a = Map("timecontrol", translate("Internet Time Control"))
+a.template = "timecontrol/index"
+
+t = a:section(TypedSection, "basic")
+t.anonymous = true
+
+e = t:option(DummyValue, "timecontrol_status", translate("Status"))
+e.template = "timecontrol/timecontrol"
+e.value = translate("Collecting data...")
+
+e = t:option(Flag, "enable", translate("Enabled"))
+e.rmempty = false
+
+t = a:section(TypedSection, "macbind", translate("Client Settings"))
+t.template = "cbi/tblsection"
+t.anonymous = true
+t.addremove = true
+
+e = t:option(Flag, "enable", translate("Enabled"))
+e.rmempty = false
+
+e = t:option(Value, "macaddr", "MAC")
+e.rmempty = true
+o.net.mac_hints(function(t, a) e:value(t, "%s (%s)" % {t, a}) end)
+
+e = t:option(Value, "timeon", translate("No Internet start time"))
+e.default = "00:00"
+e.optional = false
+
+e = t:option(Value, "timeoff", translate("No Internet end time"))
+e.default = "23:59"
+e.optional = false
+
+e = t:option(Flag, "z1", translate("Monday"))
+e.rmempty = true
+
+e = t:option(Flag, "z2", translate("Tuesday"))
+e.rmempty = true
+
+e = t:option(Flag, "z3", translate("Wednesday"))
+e.rmempty = true
+
+e = t:option(Flag, "z4", translate("Thursday"))
+e.rmempty = true
+
+e = t:option(Flag, "z5", translate("Friday"))
+e.rmempty = true
+
+e = t:option(Flag, "z6", translate("Saturday"))
+e.rmempty = true
+
+e = t:option(Flag, "z7", translate("Sunday"))
+e.rmempty = true
+
+return a

package/lienol/luci-app-timecontrol/luasrc/view/timecontrol/index.htm

@@ -0,0 +1,12 @@
+<% include("cbi/map") %>
+<script type="text/javascript">//<![CDATA[
+	XHR.poll(2, '<%=luci.dispatcher.build_url("admin", "control", "timecontrol", "status")%>', null,
+		function (x, result) {
+			var status = document.getElementsByClassName('timecontrol_status')[0];
+			status.setAttribute("style", "font-weight:bold;");
+			status.setAttribute("color", result.status ? "green" : "red");
+			status.innerHTML = result.status ? '<%=translate("RUNNING")%>' : '<%=translate("NOT RUNNING")%>';
+		}
+	)
+//]]>
+</script>

package/lienol/luci-app-timecontrol/luasrc/view/timecontrol/timecontrol.htm

@@ -0,0 +1,3 @@
+<%+cbi/valueheader%>
+<font class="timecontrol_status"><%=pcdata(self:cfgvalue(section) or self.default or "")%></font>
+<%+cbi/valuefooter%>

package/lienol/luci-app-timecontrol/po/zh_Hans/timecontrol.po

@@ -0,0 +1,41 @@
+msgid "Control"
+msgstr "管控"
+
+msgid "Internet Time Control"
+msgstr "上网时间控制"
+
+msgid "Status"
+msgstr "状态"
+
+msgid "Enabled"
+msgstr "启用"
+
+msgid "Client Settings"
+msgstr "客户端设置"
+
+msgid "No Internet start time"
+msgstr "禁止上网开始时间"
+
+msgid "No Internet end time"
+msgstr "取消禁止上网时间"
+
+msgid "Monday"
+msgstr "周一"
+
+msgid "Tuesday"
+msgstr "周二"
+
+msgid "Wednesday"
+msgstr "周三"
+
+msgid "Thursday"
+msgstr "周四"
+
+msgid "Friday"
+msgstr "周五"
+
+msgid "Saturday"
+msgstr "周六"
+
+msgid "Sunday"
+msgstr "周日"

package/lienol/luci-app-timecontrol/root/etc/config/timecontrol

@@ -0,0 +1,3 @@
+
+config basic
+	option enable '0'

package/lienol/luci-app-timecontrol/root/etc/init.d/timecontrol

@@ -0,0 +1,80 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+CONFIG=timecontrol
+
+uci_get_by_type() {
+	local index=0
+	[ -n $4 ] && index=$4
+	local ret=$(uci -q get $CONFIG.@$1[$index].$2 2>/dev/null)
+	echo ${ret:=$3}
+}
+
+add_rule(){
+	local count=$(uci show $CONFIG | grep "@macbind" | sed -n '$p' | cut -d '[' -f 2 | cut -d ']' -f 1)
+	[ -n "$count" ] && [ "$count" -ge 0 ] && {
+		u_get() {
+			local ret=$(uci -q get $CONFIG.@macbind[$1].$2)
+			echo ${ret:=$3}
+		}
+		for i in $(seq 0 $count); do
+			local enable=$(u_get $i enable 0)
+			local macaddr=$(u_get $i macaddr)
+			local timeoff=$(u_get $i timeoff)
+			local timeon=$(u_get $i timeon)
+			local z1=$(u_get $i z1)
+			local z2=$(u_get $i z2)
+			local z3=$(u_get $i z3)
+			local z4=$(u_get $i z4)
+			local z5=$(u_get $i z5)
+			local z6=$(u_get $i z6)
+			local z7=$(u_get $i z7)
+			[ "$z1" == "1" ] && local Z1="Mon,"
+			[ "$z2" == "1" ] && local Z2="Tue,"
+			[ "$z3" == "1" ] && local Z3="Wed,"
+			[ "$z4" == "1" ] && local Z4="Thu,"
+			[ "$z5" == "1" ] && local Z5="Fri,"
+			[ "$z6" == "1" ] && local Z6="Sat,"
+			[ "$z7" == "1" ] && local Z7="Sun"
+			if [ -z $enable ] || [ -z $macaddr ] || [ -z $timeoff ] || [ -z $timeon ]; then
+				continue
+			fi
+			if [ "$enable" == "1" ]; then
+				iptables -t filter -I TIMECONTROL -m mac --mac-source $macaddr -m time --kerneltz --timestart $timeon --timestop $timeoff --weekdays $Z1$Z2$Z3$Z4$Z5$Z6$Z7 -j DROP
+				iptables -t nat -I PREROUTING 1 -m mac --mac-source $macaddr -m time --kerneltz --timestart $timeon --timestop $timeoff --weekdays $Z1$Z2$Z3$Z4$Z5$Z6$Z7 -m comment --comment "TIMECONTROL" -j RETURN
+			fi
+		done
+	}
+	echo "/etc/init.d/timecontrol restart" > "/var/etc/timecontrol.include"
+}
+
+del_rule(){
+	nums=$(iptables -t nat -n -L PREROUTING 2>/dev/null | grep -c "TIMECONTROL")
+	if [ -n "$nums" ]; then
+		until [ "$nums" = 0 ]
+		do
+			rules=$(iptables -t nat -n -L PREROUTING --line-num 2>/dev/null | grep "TIMECONTROL" | awk '{print $1}')
+			for rule in $rules
+			do
+				iptables -t nat -D PREROUTING $rule 2>/dev/null
+				break
+			done
+			nums=$(expr $nums - 1)
+		done
+	fi
+}
+
+start(){
+	ENABLED=$(uci_get_by_type basic enable 0)
+	[ "$ENABLED" != "1" ] && exit 0
+	iptables -t filter -N TIMECONTROL
+	iptables -t filter -I FORWARD -j TIMECONTROL
+	add_rule
+}
+
+stop(){
+	iptables -t filter -D FORWARD -j TIMECONTROL 2>/dev/null
+	iptables -t filter -F TIMECONTROL 2>/dev/null
+	iptables -t filter -X TIMECONTROL 2>/dev/null
+	del_rule
+}

package/lienol/luci-app-timecontrol/root/etc/uci-defaults/luci-app-timecontrol

@@ -0,0 +1,19 @@
+#!/bin/sh
+
+uci -q batch <<-EOF >/dev/null
+	delete firewall.timecontrol
+	set firewall.timecontrol=include
+	set firewall.timecontrol.type=script
+	set firewall.timecontrol.path=/var/etc/timecontrol.include
+	set firewall.timecontrol.reload=1
+EOF
+
+uci -q batch <<-EOF >/dev/null
+	delete ucitrack.@timecontrol[-1]
+	add ucitrack timecontrol
+	set ucitrack.@timecontrol[-1].init=timecontrol
+	commit ucitrack
+EOF
+
+rm -rf /tmp/luci-*cache
+exit 0

package/lienol/luci-app-trojan-server/Makefile

@@ -9,8 +9,8 @@ PKG_NAME:=luci-app-trojan-server
 LUCI_TITLE:=LuCI support for Trojan Server
 LUCI_DEPENDS:=+luci-lib-jsonc +trojan 
 LUCI_PKGARCH:=all
-PKG_VERSION:=1.1
-PKG_RELEASE:=2-20200112
+PKG_VERSION:=1
+PKG_RELEASE:=3-20200326
 
 include $(TOPDIR)/feeds/luci/luci.mk
 

package/lienol/luci-app-trojan-server/root/etc/init.d/trojan_server

@@ -34,7 +34,7 @@ start_trojan_server() {
 }
 
 stop_trojan_server() {
-	fw3 reload >/dev/null 2>&1 &
+	fw3 reload >/dev/null 2>&1
 	ps -w | grep "$CONFIG_PATH/" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &
 	rm -rf $CONFIG_PATH
 	rm -rf $LOG_PATH
@@ -56,6 +56,5 @@ stop() {
 
 restart() {
 	stop
-	sleep 1
 	start
 }

package/lienol/luci-app-trojan-server/root/usr/share/trojan_server/firewall.include

@@ -1,25 +1,39 @@
 #!/bin/sh
 
-. $IPKG_INSTROOT/lib/functions.sh
-. $IPKG_INSTROOT/lib/functions/service.sh
+count=$(iptables -n -L INPUT 2>/dev/null | grep -c "TROJAN-SERVER")
+if [ -n "$count" ]; then
+	until [ "$count" = 0 ]
+	do
+		rules=$(iptables -n -L INPUT --line-num 2>/dev/null | grep "TROJAN-SERVER" | awk '{print $1}')
+		for rule in $rules
+		do
+			iptables -D INPUT $rule 2>/dev/null
+			break
+		done
+		count=$(expr $count - 1)
+	done
+fi
 
-gen_user_iptables() {
-	config_get enable $1 enable
-	[ "$enable" = "0" ] && return 0
-	config_get remarks $1 remarks
-	config_get port $1 port
-	iptables -A TROJAN-SERVER -p tcp --dport $port -m comment --comment "$remarks" -j ACCEPT
-	iptables -A TROJAN-SERVER -p udp --dport $port -m comment --comment "$remarks" -j ACCEPT
-}
+iptables -F TROJAN-SERVER 2>/dev/null && iptables -X TROJAN-SERVER 2>/dev/null
 
-iptables -F TROJAN-SERVER 2>/dev/null
-iptables -D INPUT -j TROJAN-SERVER 2>/dev/null
-iptables -X TROJAN-SERVER 2>/dev/null
-
-enable=$(uci get trojan_server.@global[0].enable)
+enable=$(uci -q get trojan_server.@global[0].enable)
 if [ $enable -eq 1 ]; then
 	iptables -N TROJAN-SERVER
 	iptables -I INPUT -j TROJAN-SERVER
-	config_load trojan_server
-	config_foreach gen_user_iptables "user"
-fi
+	
+	count=$(uci show trojan_server | grep "@user" | sed -n '$p' | cut -d '[' -f 2 | cut -d ']' -f 1)
+	[ -n "$count" ] && [ "$count" -ge 0 ] && {
+		u_get() {
+			local ret=$(uci -q get trojan_server.@user[$1].$2)
+			echo ${ret:=$3}
+		}
+		for i in $(seq 0 $count); do
+			enable=$(u_get $i enable 0)
+			[ $enable -eq 0 ] && continue
+			remarks=$(u_get $i remarks)
+			port=$(u_get $i port)
+			iptables -A TROJAN-SERVER -p tcp --dport $port -m comment --comment "$remarks" -j ACCEPT
+			iptables -A TROJAN-SERVER -p udp --dport $port -m comment --comment "$remarks" -j ACCEPT
+		done
+	}
+fi