diff --git a/package/lienol/luci-app-passwall/Makefile b/package/lienol/luci-app-passwall/Makefile
index 1fe1ef0107..03aa64822f 100644
--- a/package/lienol/luci-app-passwall/Makefile
+++ b/package/lienol/luci-app-passwall/Makefile
@@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=luci-app-passwall
PKG_VERSION:=3.5
-PKG_RELEASE:=15
-PKG_DATA:=20200218
+PKG_RELEASE:=16
+PKG_DATA:=20200220
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
diff --git a/package/lienol/luci-app-passwall/luasrc/controller/passwall.lua b/package/lienol/luci-app-passwall/luasrc/controller/passwall.lua
index e92ba8e3ef..b3ac247333 100644
--- a/package/lienol/luci-app-passwall/luasrc/controller/passwall.lua
+++ b/package/lienol/luci-app-passwall/luasrc/controller/passwall.lua
@@ -198,11 +198,12 @@ function ping_node()
e.index = index
if luci.sys.exec("echo -n `uci -q get %s.@global_other[0].use_tcping`" %
appname) == "1" and
- luci.sys.exec("echo -n `command -v tcping`") ~= "" then
- e.ping = luci.sys.exec(
- "echo -n `tcping -q -c 1 -i 1 -p " .. port .. " " ..
- address ..
- " 2>&1 | grep -o 'time=[0-9]*' | awk -F '=' '{print$2}'`")
+ luci.sys.exec("echo -n $(command -v tcping)") ~= "" then
+ local interface = luci.sys.exec(
+ "echo -n $(route | grep default | awk '{print $NF}')")
+ e.ping = luci.sys.exec(string.format(
+ "echo -n $(tcping -c 1 -i 1 -I %s -p %s %s 2>&1 | grep 'SYN/ACK' | grep -o 'time=[0-9]*' | awk -F '=' '{print$2}')",
+ interface, port, address))
else
e.ping = luci.sys.exec(
"echo -n `ping -c 1 -W 1 %q 2>&1 | grep -o 'time=[0-9]*' | awk -F '=' '{print$2}'`" %
@@ -243,6 +244,8 @@ function check_port()
luci.sys.exec("echo -n `command -v tcping`") ~= "" then
retstring = retstring ..
"使用tcping检测端口延迟
"
+ local interface = luci.sys.exec(
+ "echo -n $(route | grep default | awk '{print $NF}')")
uci:foreach("passwall", "nodes", function(s)
local ret = ""
local tcp_socket
@@ -254,9 +257,9 @@ function check_port()
s.remarks then
node_name = "[%s] [%s:%s]" % {s.remarks, s.address, s.port}
result = luci.sys.exec(
- "echo -n `tcping -q -c 1 -i 1 -p " .. s.port ..
- " " .. s.address ..
- " 2>&1 | grep -o 'time=[0-9]*' | awk -F '=' '{print$2}'`")
+ string.format(
+ "echo -n $(tcping -c 1 -i 1 -I %s -p %s %s 2>&1 | grep 'SYN/ACK' | grep -o 'time=[0-9]*' | awk -F '=' '{print$2}')",
+ interface, s.port, s.address))
if result and result ~= "" then
retstring = retstring .. "" ..
node_name .. " " .. result ..
diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/balancing.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/balancing.lua
index 7b33cc84ad..ae245ce1e6 100644
--- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/balancing.lua
+++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/balancing.lua
@@ -2,7 +2,6 @@ local e = require "nixio.fs"
local e = require "luci.sys"
local net = require"luci.model.network".init()
local uci = require"luci.model.uci".cursor()
-local ifaces = e.net:devices()
local appname = "passwall"
local n = {}
@@ -32,13 +31,13 @@ o.default = false
---- Console Username
o = s:option(Value, "console_user", translate("Console Username"))
-o.default = "admin"
+o.default = ""
o:depends("balancing_enable", 1)
---- Console Password
o = s:option(Value, "console_password", translate("Console Password"))
o.password = true
-o.default = "admin"
+o.default = ""
o:depends("balancing_enable", 1)
---- Console Port
@@ -72,6 +71,7 @@ o.rmempty = false
---- Node Port
o = s:option(Value, "lbort", translate("Node Port"))
o:value("default", translate("Default"))
+o.default = "default"
o.rmempty = false
---- Node Weight
@@ -82,8 +82,9 @@ o.rmempty = false
---- Export
o = s:option(ListValue, "export", translate("Export Of Multi WAN"))
o:value(0, translate("Auto"))
+local ifaces = e.net:devices()
for _, iface in ipairs(ifaces) do
- if (iface:match("^pppoe*")) then
+ if (iface:match("^br") or iface:match("^eth*") or iface:match("^pppoe*")) then
local nets = net:get_interface(iface)
nets = nets and nets:get_networks() or {}
for k, v in pairs(nets) do nets[k] = nets[k].sid end
diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/rule_list.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/rule_list.lua
index 96a8c77b5d..2972b142de 100644
--- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/rule_list.lua
+++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/rule_list.lua
@@ -6,78 +6,58 @@ s = m:section(TypedSection, "global", translate("Set Blacklist And Whitelist"))
s.anonymous = true
---- Whitelist Hosts
-local t = "/etc/config/passwall_rule/whitelist_host"
+local w_host_file = "/etc/config/passwall_rule/whitelist_host"
o = s:option(TextValue, "whitelist_host", translate("Whitelist Hosts"))
o.description = translate(
"Join the white list of domain names will not go agent.")
o.rows = 5
o.wrap = "off"
-o.cfgvalue = function(a, a) return fs.readfile(t) or "" end
-o.write = function(o, o, a)
- fs.writefile("/tmp/whitelist_host", a:gsub("\r\n", "\n"))
- if (luci.sys.call(
- "cmp -s /tmp/whitelist_host /etc/config/passwall_rule/whitelist_host") ==
- 1) then
- fs.writefile(t, a:gsub("\r\n", "\n"))
- luci.sys.call("rm -f /tmp/dnsmasq.d/whitelist_host.conf >/dev/null")
- end
- fs.remove("/tmp/whitelist_host")
-end
+o.cfgvalue = function(self, section) return fs.readfile(w_host_file) or "" end
+o.write = function(self, section, value) fs.writefile(w_host_file, value:gsub("\r\n", "\n")) end
+o.remove = function(self, section, value) fs.writefile(w_host_file, "") end
---- Whitelist IP
-local t = "/etc/config/passwall_rule/whitelist_ip"
+local w_ip_file = "/etc/config/passwall_rule/whitelist_ip"
o = s:option(TextValue, "whitelist_ip", translate("Whitelist IP"))
o.description = translate(
"These had been joined ip addresses will not use proxy.Please input the ip address or ip address segment,every line can input only one ip address.For example,112.123.134.145/24 or 112.123.134.145.")
o.rows = 5
o.wrap = "off"
-o.cfgvalue = function(a, a) return fs.readfile(t) or "" end
-o.write = function(o, o, a) fs.writefile(t, a:gsub("\r\n", "\n")) end
+o.cfgvalue = function(self, section) return fs.readfile(w_ip_file) or "" end
+o.write = function(self, section, value) fs.writefile(w_ip_file, value:gsub("\r\n", "\n")) end
+o.remove = function(self, section, value) fs.writefile(w_ip_file, "") end
---- Blacklist Hosts
-local t = "/etc/config/passwall_rule/blacklist_host"
+local b_host_file = "/etc/config/passwall_rule/blacklist_host"
o = s:option(TextValue, "blacklist_host", translate("Blacklist Hosts"))
o.description = translate(
"These had been joined websites will use proxy.Please input the domain names of websites,every line can input only one website domain.For example,google.com.")
o.rows = 5
o.wrap = "off"
-o.cfgvalue = function(a, a) return fs.readfile(t) or "" end
-o.write = function(o, o, a)
- fs.writefile("/tmp/blacklist_host", a:gsub("\r\n", "\n"))
- if (luci.sys.call(
- "cmp -s /tmp/blacklist_host /etc/config/passwall_rule/blacklist_host") ==
- 1) then
- fs.writefile(t, a:gsub("\r\n", "\n"))
- luci.sys.call("rm -f /tmp/dnsmasq.d/blacklist_host.conf >/dev/null")
- end
- fs.remove("/tmp/blacklist_host")
-end
+o.cfgvalue = function(self, section) return fs.readfile(b_host_file) or "" end
+o.write = function(self, section, value) fs.writefile(b_host_file, value:gsub("\r\n", "\n")) end
+o.remove = function(self, section, value) fs.writefile(b_host_file, "") end
---- Blacklist IP
-local t = "/etc/config/passwall_rule/blacklist_ip"
+local b_ip_file = "/etc/config/passwall_rule/blacklist_ip"
o = s:option(TextValue, "blacklist_ip", translate("Blacklist IP"))
o.description = translate(
"These had been joined ip addresses will use proxy.Please input the ip address or ip address segment,every line can input only one ip address.For example,112.123.134.145/24 or 112.123.134.145.")
o.rows = 5
o.wrap = "off"
-o.cfgvalue = function(a, a) return fs.readfile(t) or "" end
-o.write = function(o, o, a) fs.writefile(t, a:gsub("\r\n", "\n")) end
+o.cfgvalue = function(self, section) return fs.readfile(b_ip_file) or "" end
+o.write = function(self, section, value) fs.writefile(b_ip_file, value:gsub("\r\n", "\n")) end
+o.remove = function(self, section, value) fs.writefile(b_ip_file, "") end
---- Router Hosts
-local t = "/etc/config/passwall_rule/router"
+local router_file = "/etc/config/passwall_rule/router"
o = s:option(TextValue, "routerlist", translate("Router Hosts"))
o.description = translate(
"These had been joined websites will use proxy,but only Router model.Please input the domain names of websites,every line can input only one website domain.For example,google.com.")
o.rows = 5
o.wrap = "off"
-o.cfgvalue = function(a, a) return fs.readfile(t) or "" end
-o.write = function(o, o, a)
- fs.writefile("/tmp/router", a:gsub("\r\n", "\n"))
- if (luci.sys.call("cmp -s /tmp/router /etc/config/passwall_rule/router") == 1) then
- fs.writefile(t, a:gsub("\r\n", "\n"))
- luci.sys.call("rm -f /tmp/dnsmasq.d/router.conf >/dev/null")
- end
- fs.remove("/tmp/router")
-end
+o.cfgvalue = function(self, section) return fs.readfile(router_file) or "" end
+o.write = function(self, section, value) fs.writefile(router_file, value:gsub("\r\n", "\n")) end
+o.remove = function(self, section, value) fs.writefile(router_file, "") end
return m
diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh b/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh
index 79dadf0e1d..df66b16723 100755
--- a/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh
@@ -803,11 +803,11 @@ start_dns() {
add_dnsmasq() {
mkdir -p $TMP_DNSMASQ_PATH $DNSMASQ_PATH /var/dnsmasq.d
- cat $RULE_PATH/whitelist_host | sed "s/^/ipset=&\/./g" | sed "s/$/\/&whitelist/g" | sort | awk '{if ($0!=line) print;line=$0}' > $TMP_DNSMASQ_PATH/whitelist_host.conf
+ cat $RULE_PATH/whitelist_host | sed -e "/^$/d" | sed "s/^/ipset=&\/./g" | sed "s/$/\/&whitelist/g" | sort | awk '{if ($0!=line) print;line=$0}' > $TMP_DNSMASQ_PATH/whitelist_host.conf
[ "$DNS_MODE" != "nonuse" ] && {
- [ -f "$RULE_PATH/blacklist_host" -a -s "$RULE_PATH/blacklist_host" ] && cat $RULE_PATH/blacklist_host | awk '{print "server=/."$1"/127.0.0.1#'$DNS_PORT'\nipset=/."$1"/blacklist"}' > $TMP_DNSMASQ_PATH/blacklist_host.conf
- [ -f "$RULE_PATH/router" -a -s "$RULE_PATH/router" ] && cat $RULE_PATH/router | awk '{print "server=/."$1"/127.0.0.1#'$DNS_PORT'\nipset=/."$1"/router"}' > $TMP_DNSMASQ_PATH/router.conf
+ [ -f "$RULE_PATH/blacklist_host" -a -s "$RULE_PATH/blacklist_host" ] && cat $RULE_PATH/blacklist_host | sed -e "/^$/d" | awk '{print "server=/."$1"/127.0.0.1#'$DNS_PORT'\nipset=/."$1"/blacklist"}' > $TMP_DNSMASQ_PATH/blacklist_host.conf
+ [ -f "$RULE_PATH/router" -a -s "$RULE_PATH/router" ] && cat $RULE_PATH/router | sed -e "/^$/d" | awk '{print "server=/."$1"/127.0.0.1#'$DNS_PORT'\nipset=/."$1"/router"}' > $TMP_DNSMASQ_PATH/router.conf
[ -f "$RULE_PATH/gfwlist.conf" -a -s "$RULE_PATH/gfwlist.conf" ] && ln -s $RULE_PATH/gfwlist.conf $TMP_DNSMASQ_PATH/gfwlist.conf
subscribe_proxy=$(config_t_get global_subscribe subscribe_proxy 0)
@@ -942,9 +942,6 @@ gen_pdnsd_config() {
interval = 60;
uptest = none;
purge_cache = off;
- reject=::/0;
- reject_policy=negate;
- reject_recursively=on;
}
EOF
@@ -1123,8 +1120,8 @@ start() {
start_redir TCP REDIR tcp
start_redir UDP REDIR udp
start_dns
- source $APP_PATH/iptables.sh start
add_dnsmasq
+ source $APP_PATH/iptables.sh start
start_crontab
rm -f "$LOCK_FILE"
echolog "运行完成!\n"
diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh b/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh
index cba35b4c5b..e7c56ab1bd 100755
--- a/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh
+++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh
@@ -187,13 +187,20 @@ load_acl() {
}
filter_vpsip() {
- local server_ip use_ipv6 network_type
+ local use_ipv6 network_type server
use_ipv6=$(config_get $1 use_ipv6)
network_type="ipv4"
[ "$use_ipv6" == "1" ] && network_type="ipv6"
- server_ip=$(get_node_host_ip $1)
- [ -n "$server_ip" ] && {
- [ "$network_type" == "ipv4" ] && ipset -! add $IPSET_VPSIPLIST $server_ip >/dev/null 2>&1 &
+ server=$(config_get $1 address)
+ [ -n "$server" ] && {
+ [ "$network_type" == "ipv4" ] && {
+ isip=$(echo $server | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}")
+ if [ -n "$isip" ]; then
+ ipset -! add $IPSET_VPSIPLIST $isip >/dev/null 2>&1 &
+ else
+ echo "$server" | sed -e "/^$/d" | sed "s/^/ipset=&\//g" | sed "s/$/\/&vpsiplist/g" | sort | awk '{if ($0!=line) print;line=$0}' >> $TMP_DNSMASQ_PATH/vpsiplist_host.conf
+ fi
+ }
}
}
@@ -217,9 +224,9 @@ add_firewall_rule() {
ipset -! create $IPSET_BLACKLIST nethash && ipset flush $IPSET_BLACKLIST
ipset -! create $IPSET_WHITELIST nethash && ipset flush $IPSET_WHITELIST
- sed -e "s/^/add $IPSET_CHN &/g" $RULE_PATH/chnroute | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
- sed -e "s/^/add $IPSET_BLACKLIST &/g" $RULE_PATH/blacklist_ip | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
- sed -e "s/^/add $IPSET_WHITELIST &/g" $RULE_PATH/whitelist_ip | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
+ cat $RULE_PATH/chnroute | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
+ cat $RULE_PATH/blacklist_ip | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
+ cat $RULE_PATH/whitelist_ip | sed -e "/^$/d" | sed -e "s/^/add $IPSET_WHITELIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
ipset -! -R <<-EOF || return 1
$(gen_laniplist | sed -e "s/^/add $IPSET_LANIPLIST /")
@@ -242,6 +249,7 @@ add_firewall_rule() {
$ipt_n -A PSW $(dst $IPSET_VPSIPLIST) -j RETURN
$ipt_n -A PSW $(dst $IPSET_WHITELIST) -j RETURN
$ipt_n -N PSW_ACL
+
$ipt_n -N PSW_OUTPUT
$ipt_n -A PSW_OUTPUT $(dst $IPSET_LANIPLIST) -j RETURN
$ipt_n -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST) -j RETURN
@@ -252,6 +260,7 @@ add_firewall_rule() {
$ipt_m -A PSW $(dst $IPSET_VPSIPLIST) -j RETURN
$ipt_m -A PSW $(dst $IPSET_WHITELIST) -j RETURN
$ipt_m -N PSW_ACL
+
$ipt_m -N PSW_OUTPUT
$ipt_m -A PSW_OUTPUT $(dst $IPSET_LANIPLIST) -j RETURN
$ipt_m -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST) -j RETURN
@@ -540,8 +549,8 @@ add_firewall_rule() {
}
fi
- # 过滤所有节点IP,暂时关闭,节点一多会解析很久导致启动超慢。。。
- # config_foreach filter_vpsip "nodes"
+ # 过滤所有节点IP
+ config_foreach filter_vpsip "nodes"
}
del_firewall_rule() {
diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/subscribe.lua b/package/lienol/luci-app-passwall/root/usr/share/passwall/subscribe.lua
index 3fb6d729fc..1519b3637d 100644
--- a/package/lienol/luci-app-passwall/root/usr/share/passwall/subscribe.lua
+++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/subscribe.lua
@@ -271,6 +271,9 @@ local function processData(szType, content, add_mode)
result.ss_plugin_opts = content.plugin_options
result.group = content.airport
result.remarks = content.remarks
+ else
+ log('暂时不支持' .. szType .. "类型的节点订阅,跳过此节点。")
+ return nil
end
if not result.remarks then
result.remarks = result.address .. ':' .. result.port