luci-app-passwall: sync with upstream source

2025-01-10 11:09:57 +08:00 · 2020-02-20 06:04:49 +08:00 · 2020-02-20 06:04:49 +08:00 · 9d03acb595
commit 9d03acb595
parent b8d9cb72bd
7 changed files with 63 additions and 70 deletions
--- a/package/lienol/luci-app-passwall/Makefile
+++ b/package/lienol/luci-app-passwall/Makefile
@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=luci-app-passwall
 PKG_VERSION:=3.5
-PKG_RELEASE:=15
-PKG_DATA:=20200218
+PKG_RELEASE:=16
+PKG_DATA:=20200220

 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)

--- a/package/lienol/luci-app-passwall/luasrc/controller/passwall.lua
+++ b/package/lienol/luci-app-passwall/luasrc/controller/passwall.lua
@ -198,11 +198,12 @@ function ping_node()
    e.index = index
    if luci.sys.exec("echo -n `uci -q get %s.@global_other[0].use_tcping`" %
                         appname) == "1" and
-        luci.sys.exec("echo -n `command -v tcping`") ~= "" then
-        e.ping = luci.sys.exec(
-                     "echo -n `tcping -q -c 1 -i 1 -p " .. port .. " " ..
-                         address ..
-                         " 2>&1 | grep -o 'time=[0-9]*' | awk -F '=' '{print$2}'`")
+        luci.sys.exec("echo -n $(command -v tcping)") ~= "" then
+        local interface = luci.sys.exec(
+                              "echo -n $(route | grep default | awk '{print $NF}')")
+        e.ping = luci.sys.exec(string.format(
+                                   "echo -n $(tcping -c 1 -i 1 -I %s -p %s %s 2>&1 | grep 'SYN/ACK' | grep -o 'time=[0-9]*' | awk -F '=' '{print$2}')",
+                                   interface, port, address))
    else
        e.ping = luci.sys.exec(
                     "echo -n `ping -c 1 -W 1 %q 2>&1 | grep -o 'time=[0-9]*' | awk -F '=' '{print$2}'`" %
@ -243,6 +244,8 @@ function check_port()
        luci.sys.exec("echo -n `command -v tcping`") ~= "" then
        retstring = retstring ..
                        "<font color='green'>使用tcping检测端口延迟</font><br />"
+        local interface = luci.sys.exec(
+                              "echo -n $(route | grep default | awk '{print $NF}')")
        uci:foreach("passwall", "nodes", function(s)
            local ret = ""
            local tcp_socket
@ -254,9 +257,9 @@ function check_port()
                    s.remarks then
                    node_name = "[%s] [%s:%s]" % {s.remarks, s.address, s.port}
                    result = luci.sys.exec(
-                                 "echo -n `tcping -q -c 1 -i 1 -p " .. s.port ..
-                                     " " .. s.address ..
-                                     " 2>&1 | grep -o 'time=[0-9]*' | awk -F '=' '{print$2}'`")
+                                 string.format(
+                                     "echo -n $(tcping -c 1 -i 1 -I %s -p %s %s 2>&1 | grep 'SYN/ACK' | grep -o 'time=[0-9]*' | awk -F '=' '{print$2}')",
+                                     interface, s.port, s.address))
                    if result and result ~= "" then
                        retstring = retstring .. "<font color='green'>" ..
                                        node_name .. "   " .. result ..
--- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/balancing.lua
+++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/balancing.lua
@ -2,7 +2,6 @@ local e = require "nixio.fs"
 local e = require "luci.sys"
 local net = require"luci.model.network".init()
 local uci = require"luci.model.uci".cursor()
-local ifaces = e.net:devices()
 local appname = "passwall"

 local n = {}
@ -32,13 +31,13 @@ o.default = false

 ---- Console Username
 o = s:option(Value, "console_user", translate("Console Username"))
-o.default = "admin"
+o.default = ""
 o:depends("balancing_enable", 1)

 ---- Console Password
 o = s:option(Value, "console_password", translate("Console Password"))
 o.password = true
-o.default = "admin"
+o.default = ""
 o:depends("balancing_enable", 1)

 ---- Console Port
@ -72,6 +71,7 @@ o.rmempty = false
 ---- Node Port
 o = s:option(Value, "lbort", translate("Node Port"))
 o:value("default", translate("Default"))
+o.default = "default"
 o.rmempty = false

 ---- Node Weight
@ -82,8 +82,9 @@ o.rmempty = false
 ---- Export
 o = s:option(ListValue, "export", translate("Export Of Multi WAN"))
 o:value(0, translate("Auto"))
+local ifaces = e.net:devices()
 for _, iface in ipairs(ifaces) do
-    if (iface:match("^pppoe*")) then
+    if (iface:match("^br") or iface:match("^eth*") or iface:match("^pppoe*")) then
        local nets = net:get_interface(iface)
        nets = nets and nets:get_networks() or {}
        for k, v in pairs(nets) do nets[k] = nets[k].sid end
--- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/rule_list.lua
+++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/rule_list.lua
@ -6,78 +6,58 @@ s = m:section(TypedSection, "global", translate("Set Blacklist And Whitelist"))
 s.anonymous = true

 ---- Whitelist Hosts
-local t = "/etc/config/passwall_rule/whitelist_host"
+local w_host_file = "/etc/config/passwall_rule/whitelist_host"
 o = s:option(TextValue, "whitelist_host", translate("Whitelist Hosts"))
 o.description = translate(
                    "Join the white list of domain names will not go agent.")
 o.rows = 5
 o.wrap = "off"
-o.cfgvalue = function(a, a) return fs.readfile(t) or "" end
-o.write = function(o, o, a)
-    fs.writefile("/tmp/whitelist_host", a:gsub("\r\n", "\n"))
-    if (luci.sys.call(
-        "cmp -s /tmp/whitelist_host /etc/config/passwall_rule/whitelist_host") ==
-        1) then
-        fs.writefile(t, a:gsub("\r\n", "\n"))
-        luci.sys.call("rm -f /tmp/dnsmasq.d/whitelist_host.conf >/dev/null")
-    end
-    fs.remove("/tmp/whitelist_host")
-end
+o.cfgvalue = function(self, section) return fs.readfile(w_host_file) or "" end
+o.write = function(self, section, value) fs.writefile(w_host_file, value:gsub("\r\n", "\n")) end
+o.remove = function(self, section, value) fs.writefile(w_host_file, "") end

 ---- Whitelist IP
-local t = "/etc/config/passwall_rule/whitelist_ip"
+local w_ip_file = "/etc/config/passwall_rule/whitelist_ip"
 o = s:option(TextValue, "whitelist_ip", translate("Whitelist IP"))
 o.description = translate(
                    "These had been joined ip addresses will not use proxy.Please input the ip address or ip address segment,every line can input only one ip address.For example,112.123.134.145/24 or 112.123.134.145.")
 o.rows = 5
 o.wrap = "off"
-o.cfgvalue = function(a, a) return fs.readfile(t) or "" end
-o.write = function(o, o, a) fs.writefile(t, a:gsub("\r\n", "\n")) end
+o.cfgvalue = function(self, section) return fs.readfile(w_ip_file) or "" end
+o.write = function(self, section, value) fs.writefile(w_ip_file, value:gsub("\r\n", "\n")) end
+o.remove = function(self, section, value) fs.writefile(w_ip_file, "") end

 ---- Blacklist Hosts
-local t = "/etc/config/passwall_rule/blacklist_host"
+local b_host_file = "/etc/config/passwall_rule/blacklist_host"
 o = s:option(TextValue, "blacklist_host", translate("Blacklist Hosts"))
 o.description = translate(
                    "These had been joined websites will use proxy.Please input the domain names of websites,every line can input only one website domain.For example,google.com.")
 o.rows = 5
 o.wrap = "off"
-o.cfgvalue = function(a, a) return fs.readfile(t) or "" end
-o.write = function(o, o, a)
-    fs.writefile("/tmp/blacklist_host", a:gsub("\r\n", "\n"))
-    if (luci.sys.call(
-        "cmp -s /tmp/blacklist_host /etc/config/passwall_rule/blacklist_host") ==
-        1) then
-        fs.writefile(t, a:gsub("\r\n", "\n"))
-        luci.sys.call("rm -f /tmp/dnsmasq.d/blacklist_host.conf >/dev/null")
-    end
-    fs.remove("/tmp/blacklist_host")
-end
+o.cfgvalue = function(self, section) return fs.readfile(b_host_file) or "" end
+o.write = function(self, section, value) fs.writefile(b_host_file, value:gsub("\r\n", "\n")) end
+o.remove = function(self, section, value) fs.writefile(b_host_file, "") end

 ---- Blacklist IP
-local t = "/etc/config/passwall_rule/blacklist_ip"
+local b_ip_file = "/etc/config/passwall_rule/blacklist_ip"
 o = s:option(TextValue, "blacklist_ip", translate("Blacklist IP"))
 o.description = translate(
                    "These had been joined ip addresses will use proxy.Please input the ip address or ip address segment,every line can input only one ip address.For example,112.123.134.145/24 or 112.123.134.145.")
 o.rows = 5
 o.wrap = "off"
-o.cfgvalue = function(a, a) return fs.readfile(t) or "" end
-o.write = function(o, o, a) fs.writefile(t, a:gsub("\r\n", "\n")) end
+o.cfgvalue = function(self, section) return fs.readfile(b_ip_file) or "" end
+o.write = function(self, section, value) fs.writefile(b_ip_file, value:gsub("\r\n", "\n")) end
+o.remove = function(self, section, value) fs.writefile(b_ip_file, "") end

 ---- Router Hosts
-local t = "/etc/config/passwall_rule/router"
+local router_file = "/etc/config/passwall_rule/router"
 o = s:option(TextValue, "routerlist", translate("Router Hosts"))
 o.description = translate(
                    "These had been joined websites will use proxy,but only Router model.Please input the domain names of websites,every line can input only one website domain.For example,google.com.")
 o.rows = 5
 o.wrap = "off"
-o.cfgvalue = function(a, a) return fs.readfile(t) or "" end
-o.write = function(o, o, a)
-    fs.writefile("/tmp/router", a:gsub("\r\n", "\n"))
-    if (luci.sys.call("cmp -s /tmp/router /etc/config/passwall_rule/router") == 1) then
-        fs.writefile(t, a:gsub("\r\n", "\n"))
-        luci.sys.call("rm -f /tmp/dnsmasq.d/router.conf >/dev/null")
-    end
-    fs.remove("/tmp/router")
-end
+o.cfgvalue = function(self, section) return fs.readfile(router_file) or "" end
+o.write = function(self, section, value) fs.writefile(router_file, value:gsub("\r\n", "\n")) end
+o.remove = function(self, section, value) fs.writefile(router_file, "") end

 return m
--- a/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh
@ -803,11 +803,11 @@ start_dns() {

 add_dnsmasq() {
 	mkdir -p $TMP_DNSMASQ_PATH $DNSMASQ_PATH /var/dnsmasq.d
-	cat $RULE_PATH/whitelist_host | sed "s/^/ipset=&\/./g" | sed "s/$/\/&whitelist/g" | sort | awk '{if ($0!=line) print;line=$0}' > $TMP_DNSMASQ_PATH/whitelist_host.conf
+	cat $RULE_PATH/whitelist_host | sed -e "/^$/d" | sed "s/^/ipset=&\/./g" | sed "s/$/\/&whitelist/g" | sort | awk '{if ($0!=line) print;line=$0}' > $TMP_DNSMASQ_PATH/whitelist_host.conf

 	[ "$DNS_MODE" != "nonuse" ] && {
-		[ -f "$RULE_PATH/blacklist_host" -a -s "$RULE_PATH/blacklist_host" ] && cat $RULE_PATH/blacklist_host | awk '{print "server=/."$1"/127.0.0.1#'$DNS_PORT'\nipset=/."$1"/blacklist"}' > $TMP_DNSMASQ_PATH/blacklist_host.conf
-		[ -f "$RULE_PATH/router" -a -s "$RULE_PATH/router" ] && cat $RULE_PATH/router | awk '{print "server=/."$1"/127.0.0.1#'$DNS_PORT'\nipset=/."$1"/router"}' > $TMP_DNSMASQ_PATH/router.conf
+		[ -f "$RULE_PATH/blacklist_host" -a -s "$RULE_PATH/blacklist_host" ] && cat $RULE_PATH/blacklist_host | sed -e "/^$/d" | awk '{print "server=/."$1"/127.0.0.1#'$DNS_PORT'\nipset=/."$1"/blacklist"}' > $TMP_DNSMASQ_PATH/blacklist_host.conf
+		[ -f "$RULE_PATH/router" -a -s "$RULE_PATH/router" ] && cat $RULE_PATH/router | sed -e "/^$/d" | awk '{print "server=/."$1"/127.0.0.1#'$DNS_PORT'\nipset=/."$1"/router"}' > $TMP_DNSMASQ_PATH/router.conf
 		[ -f "$RULE_PATH/gfwlist.conf" -a -s "$RULE_PATH/gfwlist.conf" ] && ln -s $RULE_PATH/gfwlist.conf $TMP_DNSMASQ_PATH/gfwlist.conf
 		
 		subscribe_proxy=$(config_t_get global_subscribe subscribe_proxy 0)
@ -942,9 +942,6 @@ gen_pdnsd_config() {
 				interval = 60;
 				uptest = none;
 				purge_cache = off;
-				reject=::/0;
-				reject_policy=negate;
-				reject_recursively=on;
 			}
 			
 		EOF
@ -1123,8 +1120,8 @@ start() {
 	start_redir TCP REDIR tcp
 	start_redir UDP REDIR udp
 	start_dns
-	source $APP_PATH/iptables.sh start
 	add_dnsmasq
+	source $APP_PATH/iptables.sh start
 	start_crontab
 	rm -f "$LOCK_FILE"
 	echolog "运行完成！\n"
--- a/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh
+++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh
@ -187,13 +187,20 @@ load_acl() {
 }

 filter_vpsip() {
-	local server_ip use_ipv6 network_type
+	local use_ipv6 network_type server
 	use_ipv6=$(config_get $1 use_ipv6)
 	network_type="ipv4"
 	[ "$use_ipv6" == "1" ] && network_type="ipv6"
-	server_ip=$(get_node_host_ip $1)
-	[ -n "$server_ip" ] && {
-		[ "$network_type" == "ipv4" ] && ipset -! add $IPSET_VPSIPLIST $server_ip >/dev/null 2>&1 &
+	server=$(config_get $1 address)
+	[ -n "$server" ] && {
+		[ "$network_type" == "ipv4" ] && {
+			isip=$(echo $server | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}")
+			if [ -n "$isip" ]; then
+				ipset -! add $IPSET_VPSIPLIST $isip >/dev/null 2>&1 &
+			else
+				echo "$server" | sed -e "/^$/d" | sed "s/^/ipset=&\//g" | sed "s/$/\/&vpsiplist/g" | sort | awk '{if ($0!=line) print;line=$0}' >> $TMP_DNSMASQ_PATH/vpsiplist_host.conf
+			fi
+		}
 	}
 }

@ -217,9 +224,9 @@ add_firewall_rule() {
 	ipset -! create $IPSET_BLACKLIST nethash && ipset flush $IPSET_BLACKLIST
 	ipset -! create $IPSET_WHITELIST nethash && ipset flush $IPSET_WHITELIST

-	sed -e "s/^/add $IPSET_CHN &/g" $RULE_PATH/chnroute | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
-	sed -e "s/^/add $IPSET_BLACKLIST &/g" $RULE_PATH/blacklist_ip | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
-	sed -e "s/^/add $IPSET_WHITELIST &/g" $RULE_PATH/whitelist_ip | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
+	cat $RULE_PATH/chnroute | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
+	cat $RULE_PATH/blacklist_ip | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
+	cat $RULE_PATH/whitelist_ip | sed -e "/^$/d" | sed -e "s/^/add $IPSET_WHITELIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R

 	ipset -! -R <<-EOF || return 1
 		$(gen_laniplist | sed -e "s/^/add $IPSET_LANIPLIST /")
@ -242,6 +249,7 @@ add_firewall_rule() {
 	$ipt_n -A PSW $(dst $IPSET_VPSIPLIST) -j RETURN
 	$ipt_n -A PSW $(dst $IPSET_WHITELIST) -j RETURN
 	$ipt_n -N PSW_ACL
+	
 	$ipt_n -N PSW_OUTPUT
 	$ipt_n -A PSW_OUTPUT $(dst $IPSET_LANIPLIST) -j RETURN
 	$ipt_n -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST) -j RETURN
@ -252,6 +260,7 @@ add_firewall_rule() {
 	$ipt_m -A PSW $(dst $IPSET_VPSIPLIST) -j RETURN
 	$ipt_m -A PSW $(dst $IPSET_WHITELIST) -j RETURN
 	$ipt_m -N PSW_ACL
+	
 	$ipt_m -N PSW_OUTPUT
 	$ipt_m -A PSW_OUTPUT $(dst $IPSET_LANIPLIST) -j RETURN
 	$ipt_m -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST) -j RETURN
@ -540,8 +549,8 @@ add_firewall_rule() {
 		}
 	fi
 	
-	#  过滤所有节点IP，暂时关闭，节点一多会解析很久导致启动超慢。。。
-	# config_foreach filter_vpsip "nodes"
+	#  过滤所有节点IP
+	config_foreach filter_vpsip "nodes"
 }

 del_firewall_rule() {
--- a/package/lienol/luci-app-passwall/root/usr/share/passwall/subscribe.lua
+++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/subscribe.lua
@ -271,6 +271,9 @@ local function processData(szType, content, add_mode)
 		result.ss_plugin_opts = content.plugin_options
 		result.group = content.airport
 		result.remarks = content.remarks
+	else
+		log('暂时不支持' .. szType .. "类型的节点订阅，跳过此节点。")
+		return nil
 	end
 	if not result.remarks then
 		result.remarks = result.address .. ':' .. result.port