mirror of
https://github.com/hanwckf/immortalwrt-mt798x.git
synced 2025-01-10 03:09:08 +08:00
luci-app-passwall: bump to 4-14
Co-authored-by: tritu <tri_tu@163.com> Co-authored-by: ShanStone <31815718+ShanStone@users.noreply.github.com> Signed-off-by: CN_SZTL <cnsztl@project-openwrt.eu.org>
This commit is contained in:
xiaorouji
CN_SZTL
parent
181392e4a6
commit
c858201705
@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=luci-app-passwall
|
||||
PKG_VERSION:=4
|
||||
PKG_RELEASE:=13
|
||||
PKG_DATE:=20210207
|
||||
PKG_RELEASE:=14
|
||||
PKG_DATE:=20210209
|
||||
|
||||
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
|
||||
|
||||
|
||||
@ -226,61 +226,71 @@ if node_section then
|
||||
local rules = {}
|
||||
ucursor:foreach(appname, "shunt_rules", function(e)
|
||||
local name = e[".name"]
|
||||
local _node_id = node[name] or nil
|
||||
if _node_id and _node_id ~= "nil" then
|
||||
local _node = ucursor:get_all(appname, _node_id)
|
||||
local is_proxy = node[name .. "_proxy"]
|
||||
local relay_port
|
||||
if is_proxy and is_proxy == "1" then
|
||||
new_port = get_new_port()
|
||||
relay_port = new_port
|
||||
table.insert(inbounds, {
|
||||
tag = "proxy_" .. name,
|
||||
listen = "127.0.0.1",
|
||||
port = new_port,
|
||||
protocol = "dokodemo-door",
|
||||
settings = {network = "tcp,udp", address = _node.address, port = tonumber(_node.port)}
|
||||
})
|
||||
if _node.tls_serverName == nil then
|
||||
_node.tls_serverName = _node.address
|
||||
end
|
||||
_node.address = "127.0.0.1"
|
||||
_node.port = new_port
|
||||
end
|
||||
local _outbound = gen_outbound(_node, name, relay_port)
|
||||
if _outbound then
|
||||
table.insert(outbounds, _outbound)
|
||||
local _node_id = node[name] or "nil"
|
||||
local outboundTag
|
||||
if _node_id == "_direct" then
|
||||
outboundTag = "direct"
|
||||
elseif _node_id == "_blackhole" then
|
||||
outboundTag = "blackhole"
|
||||
else
|
||||
if _node_id ~= "nil" then
|
||||
local _node = ucursor:get_all(appname, _node_id)
|
||||
local is_proxy = node[name .. "_proxy"]
|
||||
local relay_port
|
||||
if is_proxy and is_proxy == "1" then
|
||||
table.insert(rules, {
|
||||
type = "field",
|
||||
inboundTag = {"proxy_" .. name},
|
||||
outboundTag = "default"
|
||||
new_port = get_new_port()
|
||||
relay_port = new_port
|
||||
table.insert(inbounds, {
|
||||
tag = "proxy_" .. name,
|
||||
listen = "127.0.0.1",
|
||||
port = new_port,
|
||||
protocol = "dokodemo-door",
|
||||
settings = {network = "tcp,udp", address = _node.address, port = tonumber(_node.port)}
|
||||
})
|
||||
if _node.tls_serverName == nil then
|
||||
_node.tls_serverName = _node.address
|
||||
end
|
||||
_node.address = "127.0.0.1"
|
||||
_node.port = new_port
|
||||
end
|
||||
if e.domain_list then
|
||||
local _domain = {}
|
||||
string.gsub(e.domain_list, '[^' .. "\r\n" .. ']+', function(w)
|
||||
table.insert(_domain, w)
|
||||
end)
|
||||
table.insert(rules, {
|
||||
type = "field",
|
||||
outboundTag = name,
|
||||
domain = _domain
|
||||
})
|
||||
end
|
||||
if e.ip_list then
|
||||
local _ip = {}
|
||||
string.gsub(e.ip_list, '[^' .. "\r\n" .. ']+', function(w)
|
||||
table.insert(_ip, w)
|
||||
end)
|
||||
table.insert(rules, {
|
||||
type = "field",
|
||||
outboundTag = name,
|
||||
ip = _ip
|
||||
})
|
||||
local _outbound = gen_outbound(_node, name, relay_port)
|
||||
if _outbound then
|
||||
table.insert(outbounds, _outbound)
|
||||
if is_proxy and is_proxy == "1" then
|
||||
table.insert(rules, {
|
||||
type = "field",
|
||||
inboundTag = {"proxy_" .. name},
|
||||
outboundTag = "default"
|
||||
})
|
||||
end
|
||||
outboundTag = name
|
||||
end
|
||||
end
|
||||
end
|
||||
if outboundTag then
|
||||
if e.domain_list then
|
||||
local _domain = {}
|
||||
string.gsub(e.domain_list, '[^' .. "\r\n" .. ']+', function(w)
|
||||
table.insert(_domain, w)
|
||||
end)
|
||||
table.insert(rules, {
|
||||
type = "field",
|
||||
outboundTag = outboundTag,
|
||||
domain = _domain
|
||||
})
|
||||
end
|
||||
if e.ip_list then
|
||||
local _ip = {}
|
||||
string.gsub(e.ip_list, '[^' .. "\r\n" .. ']+', function(w)
|
||||
table.insert(_ip, w)
|
||||
end)
|
||||
table.insert(rules, {
|
||||
type = "field",
|
||||
outboundTag = outboundTag,
|
||||
ip = _ip
|
||||
})
|
||||
end
|
||||
end
|
||||
end)
|
||||
|
||||
local default_node_id = node.default_node or nil
|
||||
@ -448,6 +458,10 @@ if inbounds or outbounds then
|
||||
tag = "direct",
|
||||
settings = {domainStrategy = "UseIPv4"}
|
||||
})
|
||||
table.insert(outbounds, {
|
||||
protocol = "blackhole",
|
||||
tag = "blackhole"
|
||||
})
|
||||
|
||||
local xray = {
|
||||
log = {
|
||||
|
||||
@ -115,56 +115,52 @@ if has_xray and #nodes_table > 0 then
|
||||
shunt_list[#shunt_list + 1] = v
|
||||
end
|
||||
end
|
||||
if #normal_list > 0 and #shunt_list > 0 then
|
||||
for k, v in pairs(shunt_list) do
|
||||
uci:foreach(appname, "shunt_rules", function(e)
|
||||
local id = e[".name"]
|
||||
o = s:taboption("Main", ListValue, id .. "_node", string.format('* <a href="%s">%s</a>', api.url("shunt_rules", id), translate(e.remarks)))
|
||||
for k, v in pairs(shunt_list) do
|
||||
o:depends("tcp_node", v.id)
|
||||
o.cfgvalue = function(self, section)
|
||||
return m:get(v.id, id) or "nil"
|
||||
end
|
||||
o.write = function(self, section, value)
|
||||
m:set(v.id, id, value)
|
||||
end
|
||||
end
|
||||
o = s:taboption("Main", ListValue, v.id .. "." .. id .. "_node", string.format('* <a href="%s" target="_blank">%s</a>', api.url("shunt_rules", id), translate(e.remarks)))
|
||||
o:depends("tcp_node", v.id)
|
||||
o:value("nil", translate("Close"))
|
||||
o:value("_direct", translate("Direct Connection"))
|
||||
o:value("_blackhole", translate("Blackhole"))
|
||||
for k, v in pairs(normal_list) do
|
||||
o:value(v.id, v.remarks_name)
|
||||
end
|
||||
o.cfgvalue = function(self, section)
|
||||
return m:get(v.id, id) or "nil"
|
||||
end
|
||||
o.write = function(self, section, value)
|
||||
m:set(v.id, id, value)
|
||||
end
|
||||
end)
|
||||
|
||||
local id = "default_node"
|
||||
o = s:taboption("Main", ListValue, id, "* " .. translate("Default"))
|
||||
for k, v in pairs(shunt_list) do
|
||||
o:depends("tcp_node", v.id)
|
||||
o.cfgvalue = function(self, section)
|
||||
return m:get(v.id, id) or "nil"
|
||||
end
|
||||
o.write = function(self, section, value)
|
||||
m:set(v.id, id, value)
|
||||
end
|
||||
end
|
||||
o = s:taboption("Main", ListValue, v.id .. "." .. id, "* " .. translate("Default"))
|
||||
o:depends("tcp_node", v.id)
|
||||
o:value("nil", translate("Close"))
|
||||
for k, v in pairs(normal_list) do
|
||||
o:value(v.id, v.remarks_name)
|
||||
end
|
||||
o.cfgvalue = function(self, section)
|
||||
return m:get(v.id, id) or "nil"
|
||||
end
|
||||
o.write = function(self, section, value)
|
||||
m:set(v.id, id, value)
|
||||
end
|
||||
|
||||
local id = "main_node"
|
||||
o = s:taboption("Main", ListValue, id, "* " .. translate("Default") .. translate("Preproxy"))
|
||||
for k, v in pairs(shunt_list) do
|
||||
o:depends("tcp_node", v.id)
|
||||
o.cfgvalue = function(self, section)
|
||||
return m:get(v.id, id) or "nil"
|
||||
end
|
||||
o.write = function(self, section, value)
|
||||
m:set(v.id, id, value)
|
||||
end
|
||||
end
|
||||
o = s:taboption("Main", ListValue, v.id .. "." .. id, "* " .. translate("Default") .. translate("Preproxy"))
|
||||
o:depends("tcp_node", v.id)
|
||||
o:value("nil", translate("Close"))
|
||||
for k, v in pairs(normal_list) do
|
||||
o:value(v.id, v.remarks_name)
|
||||
end
|
||||
o.cfgvalue = function(self, section)
|
||||
return m:get(v.id, id) or "nil"
|
||||
end
|
||||
o.write = function(self, section, value)
|
||||
m:set(v.id, id, value)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
@ -82,7 +82,6 @@ o.default = "5"
|
||||
o.rmempty = false
|
||||
|
||||
---- Export
|
||||
--[[
|
||||
o = s:option(ListValue, "export", translate("Export Of Multi WAN"))
|
||||
o:value(0, translate("Auto"))
|
||||
local ifaces = e.net:devices()
|
||||
@ -97,7 +96,6 @@ for _, iface in ipairs(ifaces) do
|
||||
end
|
||||
o.default = 0
|
||||
o.rmempty = false
|
||||
]]--
|
||||
|
||||
---- Mode
|
||||
o = s:option(ListValue, "backup", translate("Mode"))
|
||||
|
||||
@ -128,14 +128,21 @@ balancing_node:depends("protocol", "_balancing")
|
||||
|
||||
-- 分流
|
||||
uci:foreach(appname, "shunt_rules", function(e)
|
||||
o = s:option(ListValue, e[".name"], '<a href="../shunt_rules/' .. e[".name"] .. '">' .. translate(e.remarks) .. "</a>")
|
||||
o = s:option(ListValue, e[".name"], string.format('* <a href="%s" target="_blank">%s</a>', api.url("shunt_rules", e[".name"]), translate(e.remarks)))
|
||||
o:value("nil", translate("Close"))
|
||||
for k, v in pairs(nodes_table) do o:value(v.id, v.remarks) end
|
||||
o:value("_direct", translate("Direct Connection"))
|
||||
o:value("_blackhole", translate("Blackhole"))
|
||||
o:depends("protocol", "_shunt")
|
||||
|
||||
o = s:option(Flag, e[".name"] .. "_proxy", translate(e.remarks) .. translate("Preproxy"), translate("Use the default node for the transit."))
|
||||
o.default = 0
|
||||
o:depends("protocol", "_shunt")
|
||||
if #nodes_table > 0 then
|
||||
_proxy = s:option(Flag, e[".name"] .. "_proxy", translate(e.remarks) .. translate("Preproxy"), translate("Use the default node for the transit."))
|
||||
_proxy.default = 0
|
||||
|
||||
for k, v in pairs(nodes_table) do
|
||||
o:value(v.id, v.remarks)
|
||||
_proxy:depends(e[".name"], v.id)
|
||||
end
|
||||
end
|
||||
end)
|
||||
|
||||
shunt_tips = s:option(DummyValue, "shunt_tips", " ")
|
||||
|
||||
@ -8,6 +8,12 @@ s = m:section(TypedSection, "global_delay", translate("Delay Settings"))
|
||||
s.anonymous = true
|
||||
s.addremove = false
|
||||
|
||||
---- Delay Start
|
||||
o = s:option(Value, "start_delay", translate("Delay Start"),
|
||||
translate("Units:seconds"))
|
||||
o.default = "1"
|
||||
o.rmempty = true
|
||||
|
||||
---- Open and close Daemon
|
||||
o = s:option(Flag, "start_daemon", translate("Open and close Daemon"))
|
||||
o.default = 1
|
||||
@ -109,6 +115,14 @@ s = m:section(TypedSection, "global_other", translate("Other Settings"))
|
||||
s.anonymous = true
|
||||
s.addremove = false
|
||||
|
||||
---- IPv6 TProxy
|
||||
o = s:option(Flag, "ipv6_tproxy", translate("IPv6 TProxy"),
|
||||
"<font color='red'>" .. translate(
|
||||
"Experimental feature.Make sure that your node supports IPv6.") ..
|
||||
"</font>")
|
||||
o.default = 0
|
||||
o.rmempty = false
|
||||
|
||||
o = s:option(MultiValue, "status", translate("Status info"))
|
||||
o:value("big_icon", translate("Big icon")) -- 大图标
|
||||
o:value("show_check_port", translate("Show node check")) -- 显示节点检测
|
||||
|
||||
@ -49,6 +49,10 @@ for e = 0, 23 do o:value(e, e .. translate("oclock")) end
|
||||
o.default = 0
|
||||
o:depends("auto_update", 1)
|
||||
|
||||
o = s:option(Value, "xray_location_asset", translate("Location of Xray asset"), translate("This variable specifies a directory where geoip.dat and geosite.dat files are."))
|
||||
o.default = "/usr/share/xray/"
|
||||
o.rmempty = false
|
||||
|
||||
s = m:section(TypedSection, "shunt_rules", "Xray" .. translate("Shunt") .. translate("Rule"))
|
||||
s.template = "cbi/tblsection"
|
||||
s.anonymous = false
|
||||
|
||||
@ -45,7 +45,7 @@ o.validate = function(self, value)
|
||||
local ipmasks= {}
|
||||
string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(ipmasks, w) end)
|
||||
for index, ipmask in ipairs(ipmasks) do
|
||||
if not datatypes.ipmask4(ipmask) then
|
||||
if not ( datatypes.ipmask4(ipmask) or datatypes.ipmask6(ipmask) ) then
|
||||
return nil, ipmask .. " " .. translate("Not valid IP format, please re-enter!")
|
||||
end
|
||||
end
|
||||
@ -83,7 +83,7 @@ o.validate = function(self, value)
|
||||
local ipmasks= {}
|
||||
string.gsub(value, '[^' .. "\r\n" .. ']+', function(w) table.insert(ipmasks, w) end)
|
||||
for index, ipmask in ipairs(ipmasks) do
|
||||
if not datatypes.ipmask4(ipmask) then
|
||||
if not ( datatypes.ipmask4(ipmask) or datatypes.ipmask6(ipmask) ) then
|
||||
return nil, ipmask .. " " .. translate("Not valid IP format, please re-enter!")
|
||||
end
|
||||
end
|
||||
|
||||
@ -155,7 +155,7 @@ local function start()
|
||||
end
|
||||
|
||||
local function stop()
|
||||
cmd(string.format("ps -w | grep -v 'grep' | grep '%s/' | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &", CONFIG_PATH))
|
||||
cmd(string.format("top -bn1 | grep -v 'grep' | grep '%s/' | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1", CONFIG_PATH))
|
||||
cmd("iptables -D INPUT -j PSW-SERVER 2>/dev/null")
|
||||
cmd("iptables -F PSW-SERVER 2>/dev/null")
|
||||
cmd("iptables -X PSW-SERVER 2>/dev/null")
|
||||
|
||||
@ -4,111 +4,144 @@ local auto_switch = api.uci_get_type("auto_switch", "enable", 0)
|
||||
-%>
|
||||
<script type="text/javascript">
|
||||
//<![CDATA[
|
||||
var _status = document.getElementsByClassName('_status');
|
||||
for (var i = 0; i < _status.length; i++) {
|
||||
var id = _status[i].getAttribute("socks_id");
|
||||
XHR.get('<%=api.url("socks_status")%>', {
|
||||
index: i,
|
||||
id: id
|
||||
},
|
||||
function(x, result) {
|
||||
var index = result.index;
|
||||
var div = '';
|
||||
var div1 = '<font style="font-weight:bold;" color="green">✓</font> ';
|
||||
var div2 = '<font style="font-weight:bold;" color="red">X</font> ';
|
||||
|
||||
if (result.socks_status) {
|
||||
div += div1;
|
||||
} else {
|
||||
div += div2;
|
||||
}
|
||||
if (result.use_http) {
|
||||
if (result.http_status) {
|
||||
function go() {
|
||||
var _status = document.getElementsByClassName('_status');
|
||||
for (var i = 0; i < _status.length; i++) {
|
||||
var id = _status[i].getAttribute("socks_id");
|
||||
XHR.get('<%=api.url("socks_status")%>', {
|
||||
index: i,
|
||||
id: id
|
||||
},
|
||||
function(x, result) {
|
||||
var index = result.index;
|
||||
var div = '';
|
||||
var div1 = '<font style="font-weight:bold;" color="green">✓</font> ';
|
||||
var div2 = '<font style="font-weight:bold;" color="red">X</font> ';
|
||||
|
||||
if (result.socks_status) {
|
||||
div += div1;
|
||||
} else {
|
||||
div += div2;
|
||||
}
|
||||
if (result.use_http) {
|
||||
if (result.http_status) {
|
||||
div += div1;
|
||||
} else {
|
||||
div += div2;
|
||||
}
|
||||
}
|
||||
_status[index].innerHTML = div;
|
||||
}
|
||||
_status[index].innerHTML = div;
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
var global_id = null;
|
||||
var global = document.getElementById("cbi-passwall-global");
|
||||
if (global) {
|
||||
var node = global.getElementsByClassName("cbi-section-node")[0];
|
||||
var node_id = node.getAttribute("id");
|
||||
global_id = node_id;
|
||||
|
||||
for (var i = 0; i <= 1; i++) {
|
||||
var proto = "udp";
|
||||
if (i == 0) {
|
||||
proto = "tcp";
|
||||
}
|
||||
var dom_id = node_id + "-" + proto + "_node";
|
||||
dom_id = dom_id.replace("cbi-", "cbid-").replace(new RegExp("-", 'g'), ".");
|
||||
var node_select = document.getElementById(dom_id);
|
||||
var node_select_value = node_select.value;
|
||||
if (node_select_value && node_select_value != "nil") {
|
||||
var v = document.getElementById(dom_id + "-" + node_select_value);
|
||||
node_select.title = v.text;
|
||||
|
||||
var new_a = document.createElement("a");
|
||||
new_a.innerHTML = "<%:Edit%>";
|
||||
new_a.href = "#";
|
||||
new_a.setAttribute("onclick", "location.href='" + '<%=api.url("node_config")%>' + "/" + node_select_value + "'");
|
||||
|
||||
var log_a = document.createElement("a");
|
||||
log_a.innerHTML = "<%:Log%>";
|
||||
log_a.href = "#";
|
||||
log_a.setAttribute("onclick", "window.open('" + '<%=api.url("get_redir_log")%>' + "?proto=" + proto + "', '_blank')");
|
||||
|
||||
node_select.outerHTML = node_select.outerHTML + "  " + new_a.outerHTML + "  " + log_a.outerHTML;
|
||||
//node_select.parentNode.insertBefore(new_a, node_select.nextSibling);
|
||||
}
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
var socks = document.getElementById("cbi-passwall-socks");
|
||||
if (socks) {
|
||||
var socks_enabled_dom = document.getElementById(global_id + "-socks_enabled");
|
||||
socks_enabled_dom.parentNode.removeChild(socks_enabled_dom);
|
||||
var descr = socks.getElementsByClassName("cbi-section-descr")[0];
|
||||
descr.outerHTML = socks_enabled_dom.outerHTML;
|
||||
rows = socks.getElementsByClassName("cbi-section-table-row");
|
||||
for (var i = 0; i < rows.length; i++) {
|
||||
var row = rows[i];
|
||||
var id = row.id;
|
||||
var dom_id = id + "-node";
|
||||
var node = document.getElementById(dom_id);
|
||||
var dom_id = dom_id.replace("cbi-", "cbid-").replace(new RegExp("-", 'g'), ".");
|
||||
var node_select = document.getElementById(dom_id);
|
||||
var node_select_value = node_select.value;
|
||||
if (node_select_value && node_select_value != "nil") {
|
||||
if (global_id != null && node_select_value.indexOf("tcp") == 0) {
|
||||
var num = node_select_value.replace("tcp", "");
|
||||
var d = global_id + "-tcp_node";
|
||||
d = d.replace("cbi-", "cbid-").replace(new RegExp("-", 'g'), ".");
|
||||
var dom = document.getElementById(d);
|
||||
var _node_select_value = dom.value;
|
||||
if (_node_select_value && _node_select_value != "nil") {
|
||||
node_select_value = _node_select_value;
|
||||
|
||||
var global_id = null;
|
||||
var global = document.getElementById("cbi-passwall-global");
|
||||
if (global) {
|
||||
var node = global.getElementsByClassName("cbi-section-node")[0];
|
||||
var node_id = node.getAttribute("id");
|
||||
global_id = node_id;
|
||||
var reg1 = new RegExp("(?<=" + node_id + "-).*?(?=(_node))")
|
||||
for (var i = 0; i < node.childNodes.length; i++) {
|
||||
if (node.childNodes[i].childNodes && node.childNodes[i].childNodes.length > 0) {
|
||||
for (var k = 0; k < node.childNodes[i].childNodes.length; k++) {
|
||||
var dom = node.childNodes[i].childNodes[k];
|
||||
if (dom.id) {
|
||||
var s = dom.id.match(reg1);
|
||||
if (s) {
|
||||
dom_id = dom.id.split("cbi-").join("cbid-").split("-").join(".");
|
||||
var node_select = document.getElementsByName(dom_id)[0];
|
||||
var node_select_value = node_select.value;
|
||||
if (node_select_value && node_select_value != "nil" && node_select_value.indexOf("_direct") != 0 && node_select_value.indexOf("_blackhole") != 0) {
|
||||
var v = document.getElementById(dom_id + "-" + node_select_value);
|
||||
if (v) {
|
||||
node_select.title = v.text;
|
||||
} else {
|
||||
node_select.title = node_select.options[node_select.options.selectedIndex].text;
|
||||
}
|
||||
|
||||
var new_html = "";
|
||||
|
||||
var new_a = document.createElement("a");
|
||||
new_a.innerHTML = "<%:Edit%>";
|
||||
new_a.href = "#";
|
||||
new_a.setAttribute("onclick", "location.href='" + '<%=api.url("node_config")%>' + "/" + node_select_value + "'");
|
||||
new_html = new_a.outerHTML;
|
||||
|
||||
if (s[0] == "tcp" || s[0] == "udp") {
|
||||
var log_a = document.createElement("a");
|
||||
log_a.innerHTML = "<%:Log%>";
|
||||
log_a.href = "#";
|
||||
log_a.setAttribute("onclick", "window.open('" + '<%=api.url("get_redir_log")%>' + "?proto=" + s[0] + "', '_blank')");
|
||||
new_html += "  " + log_a.outerHTML;
|
||||
}
|
||||
|
||||
node_select.insertAdjacentHTML("afterend", "  " + new_html);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
var v = document.getElementById(dom_id + "-" + node_select_value);
|
||||
node_select.title = v.text;
|
||||
|
||||
var new_a = document.createElement("a");
|
||||
new_a.innerHTML = "<%:Edit%>";
|
||||
new_a.href = "#";
|
||||
new_a.setAttribute("onclick","location.href='" + '<%=api.url("node_config")%>' + "/" + node_select_value + "'");
|
||||
|
||||
node_select.outerHTML = node_select.outerHTML + "  " + new_a.outerHTML;
|
||||
//node_select.parentNode.insertBefore(new_a, node_select.nextSibling);
|
||||
}
|
||||
}
|
||||
|
||||
var socks = document.getElementById("cbi-passwall-socks");
|
||||
if (socks) {
|
||||
var socks_enabled_dom = document.getElementById(global_id + "-socks_enabled");
|
||||
socks_enabled_dom.parentNode.removeChild(socks_enabled_dom);
|
||||
var descr = socks.getElementsByClassName("cbi-section-descr")[0];
|
||||
descr.outerHTML = socks_enabled_dom.outerHTML;
|
||||
rows = socks.getElementsByClassName("cbi-section-table-row");
|
||||
for (var i = 0; i < rows.length; i++) {
|
||||
var row = rows[i];
|
||||
var id = row.id;
|
||||
if (!id) continue;
|
||||
var dom_id = id + "-node";
|
||||
var node = document.getElementById(dom_id);
|
||||
var dom_id = dom_id.replace("cbi-", "cbid-").replace(new RegExp("-", 'g'), ".");
|
||||
var node_select = document.getElementsByName(dom_id)[0];
|
||||
var node_select_value = node_select.value;
|
||||
if (node_select_value && node_select_value != "nil") {
|
||||
if (global_id != null && node_select_value.indexOf("tcp") == 0) {
|
||||
var num = node_select_value.replace("tcp", "");
|
||||
var d = global_id + "-tcp_node";
|
||||
d = d.replace("cbi-", "cbid-").replace(new RegExp("-", 'g'), ".");
|
||||
var dom = document.getElementsByName(d)[0];
|
||||
var _node_select_value = dom.value;
|
||||
if (_node_select_value && _node_select_value != "nil") {
|
||||
node_select_value = _node_select_value;
|
||||
}
|
||||
}
|
||||
var v = document.getElementById(dom_id + "-" + node_select_value);
|
||||
if (v) {
|
||||
node_select.title = v.text;
|
||||
} else {
|
||||
node_select.title = node_select.options[node_select.options.selectedIndex].text;
|
||||
}
|
||||
|
||||
var new_a = document.createElement("a");
|
||||
new_a.innerHTML = "<%:Edit%>";
|
||||
new_a.href = "#";
|
||||
new_a.setAttribute("onclick","location.href='" + '<%=api.url("node_config")%>' + "/" + node_select_value + "'");
|
||||
|
||||
node_select.insertAdjacentHTML("afterend", "  " + new_a.outerHTML);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
function addLoadEvent(func) {
|
||||
var oldonload = window.onload;
|
||||
if (typeof window.onload != 'function') {
|
||||
window.onload = func;
|
||||
} else {
|
||||
window.onload = function () {
|
||||
oldonload();
|
||||
func();
|
||||
}
|
||||
}
|
||||
}
|
||||
addLoadEvent(go);
|
||||
|
||||
//]]>
|
||||
</script>
|
||||
@ -412,6 +412,12 @@ msgstr "V2ray 分流"
|
||||
msgid "Preproxy"
|
||||
msgstr "前置代理"
|
||||
|
||||
msgid "Direct Connection"
|
||||
msgstr "直连"
|
||||
|
||||
msgid "Blackhole"
|
||||
msgstr "黑洞"
|
||||
|
||||
msgid "Use the default node for the transit."
|
||||
msgstr "使用默认节点代理转发。"
|
||||
|
||||
@ -742,6 +748,12 @@ msgstr "周"
|
||||
msgid "oclock"
|
||||
msgstr "点"
|
||||
|
||||
msgid "Location of Xray asset"
|
||||
msgstr "Xray 资源文件目录"
|
||||
|
||||
msgid "This variable specifies a directory where geoip.dat and geosite.dat files are."
|
||||
msgstr "此变量指定geoip.dat和geosite.dat文件所在的目录。"
|
||||
|
||||
msgid "Update..."
|
||||
msgstr "更新中"
|
||||
|
||||
@ -1054,6 +1066,12 @@ msgstr "节点数量"
|
||||
msgid "You can only set up a maximum of %s nodes for the time being, Used for access control."
|
||||
msgstr "目前最多只能设置%s个节点,用于给访问控制使用。"
|
||||
|
||||
msgid "IPv6 TProxy"
|
||||
msgstr "IPv6透明代理(TProxy)"
|
||||
|
||||
msgid "Experimental feature.Make sure that your node supports IPv6."
|
||||
msgstr "实验特性,请确保你的节点支持IPv6"
|
||||
|
||||
msgid "Status info"
|
||||
msgstr "状态信息"
|
||||
|
||||
|
||||
@ -36,6 +36,7 @@ config global_forwarding
|
||||
config global_other
|
||||
option status 'big_icon show_check_port show_ip111'
|
||||
option nodes_ping 'auto_ping tcping'
|
||||
option ipv6_tproxy '0'
|
||||
|
||||
config global_rules
|
||||
option auto_update '0'
|
||||
@ -66,6 +67,26 @@ config global_subscribe
|
||||
config auto_switch
|
||||
option testing_time '1'
|
||||
option enable '0'
|
||||
|
||||
config nodes '696cd32c1d5149ee95fd1b3accbad6df'
|
||||
option remarks '分流总节点'
|
||||
option type 'Xray'
|
||||
option protocol '_shunt'
|
||||
option youtube 'nil'
|
||||
option netflix 'nil'
|
||||
option TVB 'nil'
|
||||
option Telegram 'nil'
|
||||
option default_node 'nil'
|
||||
option default_proxy '0'
|
||||
option domainStrategy 'IPIfNonMatch'
|
||||
|
||||
config shunt_rules 'Telegram'
|
||||
option remarks 'Telegram'
|
||||
option ip_list '149.154.160.0/20
|
||||
91.108.4.0/22
|
||||
91.108.56.0/24
|
||||
109.239.140.0/24
|
||||
67.198.55.0/24'
|
||||
|
||||
config shunt_rules 'youtube'
|
||||
option remarks 'youtube'
|
||||
|
||||
@ -10,6 +10,7 @@ TMP_PATH=/var/etc/$CONFIG
|
||||
TMP_BIN_PATH=$TMP_PATH/bin
|
||||
TMP_ID_PATH=$TMP_PATH/id
|
||||
TMP_PORT_PATH=$TMP_PATH/port
|
||||
TMP_ROUTE_PATH=$TMP_PATH/route
|
||||
LOCK_FILE=/var/lock/$CONFIG.lock
|
||||
LOG_FILE=/var/log/$CONFIG.log
|
||||
APP_PATH=/usr/share/$CONFIG
|
||||
@ -305,7 +306,7 @@ load_config() {
|
||||
DNS_CACHE=$(config_t_get global dns_cache 0)
|
||||
LOCAL_DNS=$(config_t_get global up_china_dns default | sed 's/:/#/g')
|
||||
if [ "${LOCAL_DNS}" = "default" ]; then
|
||||
DEFAULT_DNS=$(uci show dhcp | grep "@dnsmasq" | grep ".server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' ',')
|
||||
DEFAULT_DNS=$(uci show dhcp | grep "@dnsmasq" | grep "\.server=" | awk -F '=' '{print $2}' | sed "s/'//g" | tr ' ' ',')
|
||||
if [ -z "${DEFAULT_DNS}" ]; then
|
||||
DEFAULT_DNS=$(echo -n $(sed -n 's/^nameserver[ \t]*\([^ ]*\)$/\1/p' "${RESOLVFILE}" | grep -v "0.0.0.0" | grep -v "127.0.0.1" | grep -v "^::$" | head -2) | tr ' ' ',')
|
||||
fi
|
||||
@ -313,7 +314,8 @@ load_config() {
|
||||
IS_DEFAULT_DNS=1
|
||||
fi
|
||||
PROXY_IPV6=$(config_t_get global_forwarding proxy_ipv6 0)
|
||||
mkdir -p /var/etc $TMP_PATH $TMP_BIN_PATH $TMP_ID_PATH $TMP_PORT_PATH
|
||||
export XRAY_LOCATION_ASSET=$(config_t_get global_rules xray_location_asset "/usr/share/xray/")
|
||||
mkdir -p /var/etc $TMP_PATH $TMP_BIN_PATH $TMP_ID_PATH $TMP_PORT_PATH $TMP_ROUTE_PATH
|
||||
return 0
|
||||
}
|
||||
|
||||
@ -595,8 +597,36 @@ node_switch() {
|
||||
local log_file=$TMP_PATH/${1}.log
|
||||
eval current_port=\$${1}_REDIR_PORT
|
||||
local port=$(cat $TMP_PORT_PATH/${1})
|
||||
|
||||
local ids=$(uci show $CONFIG | grep "=socks" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
|
||||
for id in $ids; do
|
||||
[ "$(config_n_get $id enabled 0)" == "0" ] && continue
|
||||
[ "$(config_n_get $id node nil)" != "tcp" ] && continue
|
||||
local socks_port=$(config_n_get $id port)
|
||||
local http_port=$(config_n_get $id http_port 0)
|
||||
top -bn1 | grep -E "$TMP_PATH" | grep -i "SOCKS" | grep "$id" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1
|
||||
tcp_node_socks=1
|
||||
tcp_node_socks_port=$socks_port
|
||||
tcp_node_socks_id=$id
|
||||
[ "$http_port" != "0" ] && {
|
||||
tcp_node_http=1
|
||||
tcp_node_http_port=$http_port
|
||||
tcp_node_http_id=$id
|
||||
}
|
||||
break
|
||||
done
|
||||
|
||||
run_redir $node "0.0.0.0" $port $config_file $1 $log_file
|
||||
echo $node > $TMP_ID_PATH/${1}
|
||||
|
||||
[ "$1" = "TCP" ] && {
|
||||
[ "$(config_t_get global udp_node nil)" = "tcp_" ] && {
|
||||
top -bn1 | grep -E "$TMP_PATH" | grep -i "UDP" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1
|
||||
UDP_NODE=$node
|
||||
start_redir UDP
|
||||
}
|
||||
}
|
||||
|
||||
#local node_net=$(echo $1 | tr 'A-Z' 'a-z')
|
||||
#uci set $CONFIG.@global[0].${node_net}_node=$node
|
||||
#uci commit $CONFIG
|
||||
@ -658,10 +688,10 @@ clean_log() {
|
||||
|
||||
clean_crontab() {
|
||||
touch /etc/crontabs/root
|
||||
#sed -i "/${CONFIG}/d" /etc/crontabs/root >/dev/null 2>&1 &
|
||||
sed -i "/$(echo "/etc/init.d/${CONFIG}" | sed 's#\/#\\\/#g')/d" /etc/crontabs/root >/dev/null 2>&1 &
|
||||
sed -i "/$(echo "lua ${APP_PATH}/rule_update.lua log" | sed 's#\/#\\\/#g')/d" /etc/crontabs/root >/dev/null 2>&1 &
|
||||
sed -i "/$(echo "lua ${APP_PATH}/subscribe.lua start log" | sed 's#\/#\\\/#g')/d" /etc/crontabs/root >/dev/null 2>&1 &
|
||||
#sed -i "/${CONFIG}/d" /etc/crontabs/root >/dev/null 2>&1
|
||||
sed -i "/$(echo "/etc/init.d/${CONFIG}" | sed 's#\/#\\\/#g')/d" /etc/crontabs/root >/dev/null 2>&1
|
||||
sed -i "/$(echo "lua ${APP_PATH}/rule_update.lua log" | sed 's#\/#\\\/#g')/d" /etc/crontabs/root >/dev/null 2>&1
|
||||
sed -i "/$(echo "lua ${APP_PATH}/subscribe.lua start log" | sed 's#\/#\\\/#g')/d" /etc/crontabs/root >/dev/null 2>&1
|
||||
}
|
||||
|
||||
start_crontab() {
|
||||
@ -721,7 +751,6 @@ start_crontab() {
|
||||
|
||||
stop_crontab() {
|
||||
clean_crontab
|
||||
ps | grep "$APP_PATH/test.sh" | grep -v "grep" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &
|
||||
/etc/init.d/cron restart
|
||||
#echolog "清除定时执行命令。"
|
||||
}
|
||||
@ -914,7 +943,9 @@ add_dnsmasq() {
|
||||
local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
|
||||
for shunt_id in $shunt_ids; do
|
||||
local shunt_node_id=$(config_n_get $TCP_NODE ${shunt_id} nil)
|
||||
[ "$shunt_node_id" = "nil" ] && continue
|
||||
if [ "$shunt_node_id" = "nil" ] || [ "$shunt_node_id" = "_direct" ] || [ "$shunt_node_id" = "_blackhole" ]; then
|
||||
continue
|
||||
fi
|
||||
local shunt_node=$(config_n_get $shunt_node_id address nil)
|
||||
[ "$shunt_node" = "nil" ] && continue
|
||||
config_n_get $shunt_id domain_list | grep -v 'regexp:\|geosite:\|ext:' | sed 's/domain:\|full:\|//g' | tr -s "\r\n" "\n" | sort -u | gen_dnsmasq_items "shuntlist" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/998-shunt_host.conf"
|
||||
@ -928,8 +959,8 @@ add_dnsmasq() {
|
||||
[ -n "$CHINADNS_NG" ] && fwd_dns="${china_ng_gfw}"
|
||||
[ -n "$CHINADNS_NG" ] && unset fwd_dns
|
||||
[ ! -f "${TMP_PATH}/gfwlist.txt" ] && sed -n 's/^ipset=\/\.\?\([^/]*\).*$/\1/p' "${RULES_PATH}/gfwlist.conf" | sort -u > "${TMP_PATH}/gfwlist.txt"
|
||||
sort -u "${TMP_PATH}/gfwlist.txt" | gen_dnsmasq_items "gfwlist" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/999-gfwlist.conf"
|
||||
#sort -u "${TMP_PATH}/gfwlist.txt" | gen_dnsmasq_items "gfwlist,gfwlist6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/999-gfwlist.conf"
|
||||
#sort -u "${TMP_PATH}/gfwlist.txt" | gen_dnsmasq_items "gfwlist" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/999-gfwlist.conf"
|
||||
sort -u "${TMP_PATH}/gfwlist.txt" | gen_dnsmasq_items "gfwlist,gfwlist6" "${fwd_dns}" "${TMP_DNSMASQ_PATH}/999-gfwlist.conf"
|
||||
echolog " - [$?]防火墙域名表(gfwlist):${fwd_dns:-默认}"
|
||||
else
|
||||
#回国模式
|
||||
@ -1035,6 +1066,44 @@ del_dnsmasq() {
|
||||
rm -rf $TMP_DNSMASQ_PATH
|
||||
}
|
||||
|
||||
add_ip2route() {
|
||||
local ip=$(get_host_ip "ipv4" $1)
|
||||
[ -z "$ip" ] && {
|
||||
echolog " - 无法解析${1},路由表添加失败!"
|
||||
return 1
|
||||
}
|
||||
local remarks="${1}"
|
||||
[ "$remarks" != "$ip" ] && remarks="${1}(${ip})"
|
||||
local interface=$2
|
||||
local retries=5
|
||||
local failcount=0
|
||||
while [ "$failcount" -lt $retries ]; do
|
||||
unset msg
|
||||
ip route show dev ${interface} >/dev/null 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
let "failcount++"
|
||||
echolog " - 找不到出口接口:$interface,1分钟后再重试(${failcount}/${retries}),${ip}"
|
||||
[ "$failcount" -ge $retries ] && return 1
|
||||
sleep 1m
|
||||
else
|
||||
route add -host ${ip} dev ${interface} >/dev/null 2>&1
|
||||
echolog " - ${remarks}添加路由表${interface}接口成功!"
|
||||
echo "$ip" >> $TMP_ROUTE_PATH/${interface}
|
||||
break
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
delete_ip2route() {
|
||||
[ -d "${TMP_ROUTE_PATH}" ] && {
|
||||
for interface in $(ls ${TMP_ROUTE_PATH}); do
|
||||
for ip in $(cat ${TMP_ROUTE_PATH}/${interface}); do
|
||||
route del -host ${ip} dev ${interface} >/dev/null 2>&1
|
||||
done
|
||||
done
|
||||
}
|
||||
}
|
||||
|
||||
start_haproxy() {
|
||||
local haproxy_path haproxy_file item items lport sort_items
|
||||
|
||||
@ -1109,28 +1178,10 @@ start_haproxy() {
|
||||
server $bip:$bport $bip:$bport weight $lbweight check inter 1500 rise 1 fall 3 $bbackup
|
||||
EOF
|
||||
|
||||
#暂时不开启此功能,以后抽时间改成后台执行,防止卡luci。
|
||||
:<<!
|
||||
if [ "$export" != "0" ]; then
|
||||
unset msg
|
||||
failcount=0
|
||||
while [ "$failcount" -lt "3" ]; do
|
||||
ip route show dev ${export} >/dev/null 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
let "failcount++"
|
||||
echolog " - 找不到出口接口:$export,1分钟后再重试(${failcount}/3),${bip}"
|
||||
[ "$failcount" -ge 3 ] && exit 0
|
||||
sleep 1m
|
||||
else
|
||||
route add -host ${bip} dev ${export}
|
||||
msg="[$?] 从 ${export} 接口路由,"
|
||||
echo "$bip" >>/tmp/balancing_ip
|
||||
break
|
||||
fi
|
||||
done
|
||||
add_ip2route ${bip} ${export} > /dev/null 2>&1 &
|
||||
fi
|
||||
echolog " | - ${msg}出口节点:${bip}:${bport},权重:${lbweight}"
|
||||
!
|
||||
echolog " | - 出口节点:${bip}:${bport},权重:${lbweight}"
|
||||
done
|
||||
|
||||
# 控制台配置
|
||||
@ -1156,7 +1207,7 @@ start_haproxy() {
|
||||
}
|
||||
|
||||
kill_all() {
|
||||
kill -9 $(pidof "$@") >/dev/null 2>&1 &
|
||||
kill -9 $(pidof "$@") >/dev/null 2>&1
|
||||
}
|
||||
|
||||
force_stop() {
|
||||
@ -1195,7 +1246,15 @@ restart_dnsmasq() {
|
||||
}
|
||||
|
||||
boot() {
|
||||
[ "$ENABLED" == 1 ] && start
|
||||
[ "$ENABLED" == 1 ] && {
|
||||
local delay=$(config_t_get global_delay start_delay 1)
|
||||
if [ "$delay" -gt 0 ]; then
|
||||
echolog "执行启动延时 $delay 秒后再启动!"
|
||||
sleep $delay && start >/dev/null 2>&1 &
|
||||
else
|
||||
start
|
||||
fi
|
||||
}
|
||||
return 0
|
||||
}
|
||||
|
||||
@ -1226,12 +1285,12 @@ stop() {
|
||||
set_lock
|
||||
clean_log
|
||||
source $APP_PATH/iptables.sh stop
|
||||
delete_ip2route
|
||||
kill_all v2ray-plugin obfs-local
|
||||
top -bn1 | grep -v "grep" | grep $CONFIG/test.sh | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &
|
||||
top -bn1 | grep -v "grep" | grep $CONFIG/monitor.sh | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &
|
||||
top -bn1 | grep -v -E "grep|${TMP_PATH}_server" | grep -E "$TMP_PATH" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &
|
||||
top -bn1 | grep -v "grep" | grep "sleep 1m" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1 &
|
||||
top -bn1 | grep -v "grep" | grep "sleep" | grep -E "9s|58s" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1
|
||||
top -bn1 | grep -v "grep" | grep -v "app.sh" | grep "${CONFIG}/" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1
|
||||
rm -rf $TMP_DNSMASQ_PATH $TMP_PATH
|
||||
unset XRAY_LOCATION_ASSET
|
||||
stop_crontab
|
||||
del_dnsmasq
|
||||
/etc/init.d/dnsmasq restart >/dev/null 2>&1
|
||||
|
||||
@ -4,14 +4,24 @@ IPSET_LANIPLIST="laniplist"
|
||||
IPSET_VPSIPLIST="vpsiplist"
|
||||
IPSET_SHUNTLIST="shuntlist"
|
||||
IPSET_GFW="gfwlist"
|
||||
#IPSET_GFW6="gfwlist6"
|
||||
IPSET_CHN="chnroute"
|
||||
IPSET_CHN6="chnroute6"
|
||||
IPSET_BLACKLIST="blacklist"
|
||||
IPSET_BLACKLIST2="blacklist2"
|
||||
IPSET_BLACKLIST3="blacklist3"
|
||||
IPSET_WHITELIST="whitelist"
|
||||
|
||||
IPSET_LANIPLIST_6="laniplist6"
|
||||
IPSET_VPSIPLIST_6="vpsiplist6"
|
||||
IPSET_SHUNTLIST_6="shuntlist6"
|
||||
IPSET_GFW6="gfwlist6"
|
||||
IPSET_CHN6="chnroute6"
|
||||
IPSET_BLACKLIST_6="blacklist_6"
|
||||
IPSET_BLACKLIST2_6="blacklist2_6"
|
||||
IPSET_BLACKLIST3_6="blacklist3_6"
|
||||
IPSET_WHITELIST_6="whitelist_6"
|
||||
|
||||
PROXY_IPV6=0
|
||||
|
||||
FORCE_INDEX=2
|
||||
|
||||
ipt_n="iptables -t nat"
|
||||
@ -79,6 +89,26 @@ get_redirect_ipt() {
|
||||
esac
|
||||
}
|
||||
|
||||
get_redirect_ip6t() {
|
||||
case "$1" in
|
||||
disable)
|
||||
echo "-j RETURN"
|
||||
;;
|
||||
global)
|
||||
echo "$(REDIRECT $2 $3)"
|
||||
;;
|
||||
gfwlist)
|
||||
echo "$(dst $IPSET_GFW6) $(REDIRECT $2 $3)"
|
||||
;;
|
||||
chnroute)
|
||||
echo "$(dst $IPSET_CHN6 !) $(REDIRECT $2 $3)"
|
||||
;;
|
||||
returnhome)
|
||||
echo "$(dst $IPSET_CHN6) $(REDIRECT $2 $3)"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
get_action_chain_name() {
|
||||
case "$1" in
|
||||
disable)
|
||||
@ -113,6 +143,24 @@ gen_laniplist() {
|
||||
EOF
|
||||
}
|
||||
|
||||
gen_laniplist_6() {
|
||||
cat <<-EOF
|
||||
::/128
|
||||
::1/128
|
||||
::ffff:0:0/96
|
||||
::ffff:0:0:0/96
|
||||
64:ff9b::/96
|
||||
100::/64
|
||||
2001::/32
|
||||
2001:20::/28
|
||||
2001:db8::/32
|
||||
2002::/16
|
||||
fc00::/7
|
||||
fe80::/10
|
||||
ff00::/8
|
||||
EOF
|
||||
}
|
||||
|
||||
load_acl() {
|
||||
local items=$(get_enabled_anonymous_secs "@acl_rule")
|
||||
[ -n "$items" ] && {
|
||||
@ -156,16 +204,24 @@ load_acl() {
|
||||
fi
|
||||
[ "$tcp_no_redir_ports" != "disable" ] && {
|
||||
$ipt_tmp -A PSW $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp -m multiport --dport $tcp_no_redir_ports -j RETURN
|
||||
$ip6t_m -A PSW $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp -m multiport --dport $tcp_no_redir_ports -j RETURN
|
||||
msg2="${msg2}[$?]除${tcp_no_redir_ports}外的"
|
||||
}
|
||||
msg2="${msg2}所有端口"
|
||||
$ipt_tmp -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $tcp_port $is_tproxy)
|
||||
$ipt_tmp -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $tcp_port $is_tproxy)
|
||||
$ipt_tmp -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(get_redirect_ipt $tcp_proxy_mode $tcp_port $is_tproxy)
|
||||
|
||||
if [ "$PROXY_IPV6" == "1" ]; then
|
||||
$ip6t_m -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST_6) $(REDIRECT $tcp_port TPROXY)
|
||||
$ip6t_m -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST_6) $(REDIRECT $tcp_port TPROXY)
|
||||
$ip6t_m -A PSW $(comment "$remarks") -p tcp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $tcp_redir_ports "-m multiport --dport") $(get_redirect_ip6t $tcp_proxy_mode $tcp_port TPROXY)
|
||||
fi
|
||||
}
|
||||
echolog " - ${msg2}"
|
||||
}
|
||||
$ipt_tmp -A PSW $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp -j RETURN
|
||||
$ip6t_m -A PSW $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p tcp -j RETURN
|
||||
|
||||
[ "$udp_proxy_mode" != "disable" ] && {
|
||||
msg2="${msg}使用UDP节点 [$(get_action_chain_name $udp_proxy_mode)]"
|
||||
@ -174,16 +230,24 @@ load_acl() {
|
||||
msg2="${msg2}(TPROXY:${udp_port})代理"
|
||||
[ "$udp_no_redir_ports" != "disable" ] && {
|
||||
$ipt_m -A PSW $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp -m multiport --dport $udp_no_redir_ports -j RETURN
|
||||
$ip6t_m -A PSW $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp -m multiport --dport $udp_no_redir_ports -j RETURN
|
||||
msg2="${msg2}[$?]除${udp_no_redir_ports}外的"
|
||||
}
|
||||
msg2="${msg2}所有端口"
|
||||
$ipt_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $udp_port TPROXY)
|
||||
$ipt_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $udp_port TPROXY)
|
||||
$ipt_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") $(get_redirect_ipt $udp_proxy_mode $udp_port TPROXY)
|
||||
|
||||
if [ "$PROXY_IPV6" == "1" ]; then
|
||||
$ip6t_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_SHUNTLIST_6) $(REDIRECT $udp_port TPROXY)
|
||||
$ip6t_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") $(dst $IPSET_BLACKLIST_6) $(REDIRECT $udp_port TPROXY)
|
||||
$ip6t_m -A PSW $(comment "$remarks") -p udp $(factor $ip "-s") $(factor $mac "-m mac --mac-source") $(factor $udp_redir_ports "-m multiport --dport") $(get_redirect_ip6t $udp_proxy_mode $udp_port TPROXY)
|
||||
fi
|
||||
}
|
||||
echolog " - ${msg2}"
|
||||
}
|
||||
$ipt_m -A PSW $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp -j RETURN
|
||||
$ip6t_m -A PSW $(comment "$remarks") $(factor $ip "-s") $(factor $mac "-m mac --mac-source") -p udp -j RETURN
|
||||
done
|
||||
}
|
||||
|
||||
@ -191,7 +255,11 @@ load_acl() {
|
||||
local ipt_tmp=$ipt_n
|
||||
local is_tproxy msg
|
||||
if [ "$TCP_PROXY_MODE" != "disable" ]; then
|
||||
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && $ipt_tmp -A PSW $(comment "默认") -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
|
||||
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && {
|
||||
$ipt_tmp -A PSW $(comment "默认") -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
|
||||
$ip6t_m -A PSW $(comment "默认") -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
|
||||
}
|
||||
|
||||
ipt_tmp=$ipt_n
|
||||
unset is_tproxy msg
|
||||
[ "$TCP_NODE" != "nil" ] && {
|
||||
@ -210,11 +278,19 @@ load_acl() {
|
||||
$ipt_tmp -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $TCP_REDIR_PORT $is_tproxy)
|
||||
$ipt_tmp -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $TCP_REDIR_PORT $is_tproxy)
|
||||
$ipt_tmp -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $TCP_PROXY_MODE $TCP_REDIR_PORT $is_tproxy)
|
||||
|
||||
if [ "$PROXY_IPV6" == "1" ]; then
|
||||
$ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST_6) $(REDIRECT $TCP_REDIR_PORT TPROXY)
|
||||
$ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST_6) $(REDIRECT $TCP_REDIR_PORT TPROXY)
|
||||
$ip6t_m -A PSW $(comment "默认") -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ip6t $TCP_PROXY_MODE $TCP_REDIR_PORT TPROXY)
|
||||
fi
|
||||
|
||||
echolog "${msg}"
|
||||
}
|
||||
fi
|
||||
$ipt_n -A PSW $(comment "默认") -p tcp -j RETURN
|
||||
$ipt_m -A PSW $(comment "默认") -p tcp -j RETURN
|
||||
$ip6t_m -A PSW $(comment "默认") -p tcp -j RETURN
|
||||
|
||||
# 加载UDP默认代理模式
|
||||
if [ "$UDP_PROXY_MODE" != "disable" ]; then
|
||||
@ -226,10 +302,18 @@ load_acl() {
|
||||
$ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT $UDP_REDIR_PORT TPROXY)
|
||||
$ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT $UDP_REDIR_PORT TPROXY)
|
||||
$ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $UDP_PROXY_MODE $UDP_REDIR_PORT TPROXY)
|
||||
|
||||
if [ "$PROXY_IPV6" == "1" ]; then
|
||||
$ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST_6) $(REDIRECT $UDP_REDIR_PORT TPROXY)
|
||||
$ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST_6) $(REDIRECT $UDP_REDIR_PORT TPROXY)
|
||||
$ip6t_m -A PSW $(comment "默认") -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ip6t $UDP_PROXY_MODE/6 $UDP_REDIR_PORT TPROXY)
|
||||
fi
|
||||
|
||||
echolog "${msg}"
|
||||
}
|
||||
fi
|
||||
$ipt_m -A PSW $(comment "默认") -p udp -j RETURN
|
||||
$ip6t_m -A PSW $(comment "默认") -p udp -j RETURN
|
||||
unset is_tproxy msg
|
||||
}
|
||||
|
||||
@ -243,7 +327,7 @@ filter_haproxy() {
|
||||
|
||||
filter_vpsip() {
|
||||
uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSIPLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
|
||||
#uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){0,7}::[a-f0-9]{0,4}(:[a-f0-9]{1,4}){0,7}])" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSIP6LIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
|
||||
uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([[a-f0-9]{1,4}(:[a-f0-9]{1,4}){7}|[a-f0-9]{1,4}(:[a-f0-9]{1,4}){0,7}::[a-f0-9]{0,4}(:[a-f0-9]{1,4}){0,7}])" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSIPLIST_6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
|
||||
echolog "加入所有节点到ipset[$IPSET_VPSIPLIST]直连完成"
|
||||
}
|
||||
|
||||
@ -364,24 +448,37 @@ add_firewall_rule() {
|
||||
ipset -! create $IPSET_VPSIPLIST nethash
|
||||
ipset -! create $IPSET_SHUNTLIST nethash
|
||||
ipset -! create $IPSET_GFW nethash
|
||||
#ipset -! create $IPSET_GFW6 nethash family inet6
|
||||
ipset -! create $IPSET_CHN nethash
|
||||
ipset -! create $IPSET_CHN6 nethash family inet6
|
||||
ipset -! create $IPSET_BLACKLIST nethash
|
||||
ipset -! create $IPSET_BLACKLIST2 nethash
|
||||
ipset -! create $IPSET_BLACKLIST3 nethash
|
||||
ipset -! create $IPSET_WHITELIST nethash
|
||||
|
||||
ipset -! create $IPSET_LANIPLIST_6 nethash family inet6
|
||||
ipset -! create $IPSET_VPSIPLIST_6 nethash family inet6
|
||||
ipset -! create $IPSET_SHUNTLIST_6 nethash family inet6
|
||||
ipset -! create $IPSET_GFW6 nethash family inet6
|
||||
ipset -! create $IPSET_CHN6 nethash family inet6
|
||||
ipset -! create $IPSET_BLACKLIST_6 nethash family inet6
|
||||
ipset -! create $IPSET_BLACKLIST2_6 nethash family inet6
|
||||
ipset -! create $IPSET_BLACKLIST3_6 nethash family inet6
|
||||
ipset -! create $IPSET_WHITELIST_6 nethash family inet6
|
||||
|
||||
local shunt_ids=$(uci show $CONFIG | grep "=shunt_rules" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
|
||||
for shunt_id in $shunt_ids; do
|
||||
config_n_get $shunt_id ip_list | tr -s "\r\n" "\n" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_SHUNTLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
|
||||
done
|
||||
cat $RULES_PATH/chnroute | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
|
||||
cat $RULES_PATH/proxy_ip | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4]\d))|[0-1]?\d{1,2})){3}" | sed -e "s/^/add $IPSET_BLACKLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
|
||||
[ -f "$RULES_PATH/proxy_ip2" ] && cat $RULES_PATH/proxy_ip2 | grep -E "(\.((2(5[0-5]|[0-4]\d))|[0-1]?\d{1,2})){3}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST2 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
|
||||
[ -f "$RULES_PATH/proxy_ip3" ] && cat $RULES_PATH/proxy_ip3 | grep -E "(\.((2(5[0-5]|[0-4]\d))|[0-1]?\d{1,2})){3}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST3 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
|
||||
cat $RULES_PATH/direct_ip | sed -e "/^$/d" | grep -E "(\.((2(5[0-5]|[0-4]\d))|[0-1]?\d{1,2})){3}" | sed -e "s/^/add $IPSET_WHITELIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
|
||||
|
||||
cat $RULES_PATH/chnroute6 | sed -e "/^$/d" | sed -e "s/^/add $IPSET_CHN6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
|
||||
cat $RULES_PATH/proxy_ip | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
|
||||
[ -f "$RULES_PATH/proxy_ip2" ] && cat $RULES_PATH/proxy_ip2 | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST2 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
|
||||
[ -f "$RULES_PATH/proxy_ip3" ] && cat $RULES_PATH/proxy_ip3 | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST3 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
|
||||
cat $RULES_PATH/direct_ip | sed -e "/^$/d" | sed -e "s/^/add $IPSET_WHITELIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
|
||||
cat $RULES_PATH/proxy_ip | grep -E "([A-Fa-f0-9]{0,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST_6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
|
||||
[ -f "$RULES_PATH/proxy_ip2" ] && cat $RULES_PATH/proxy_ip2 | grep -E "([A-Fa-f0-9]{0,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST2_6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
|
||||
[ -f "$RULES_PATH/proxy_ip3" ] && cat $RULES_PATH/proxy_ip3 | grep -E "([A-Fa-f0-9]{0,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLACKLIST3_6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
|
||||
cat $RULES_PATH/direct_ip | grep -E "([A-Fa-f0-9]{0,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_WHITELIST_6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
|
||||
|
||||
ipset -! -R <<-EOF
|
||||
$(gen_laniplist | sed -e "s/^/add $IPSET_LANIPLIST /")
|
||||
@ -390,14 +487,31 @@ add_firewall_rule() {
|
||||
echolog "系统不兼容,终止执行!"
|
||||
return 1
|
||||
}
|
||||
|
||||
ipset -! -R <<-EOF
|
||||
$(gen_laniplist_6 | sed -e "s/^/add $IPSET_LANIPLIST_6 /")
|
||||
EOF
|
||||
# [ $? -eq 0 ] || {
|
||||
# echolog "系统不兼容IPv6,终止执行!"
|
||||
# return 1
|
||||
# }
|
||||
|
||||
# 忽略特殊IP段
|
||||
local lan_ifname lan_ip
|
||||
lan_ifname=$(uci -q -p /var/state get network.lan.ifname)
|
||||
[ -n "$lan_ifname" ] && {
|
||||
lan_ip=$(ip address show $lan_ifname | grep -w "inet" | awk '{print $2}')
|
||||
#echolog "本机网段互访直连:${lan_ip}"
|
||||
[ -n "$lan_ip" ] && ipset -! add $IPSET_LANIPLIST $lan_ip >/dev/null 2>&1 &
|
||||
lan_ip6=$(ip address show $lan_ifname | grep -w "inet6" | awk '{print $2}')
|
||||
#echolog "本机IPv4网段互访直连:${lan_ip}"
|
||||
#echolog "本机IPv6网段互访直连:${lan_ip6}"
|
||||
|
||||
[ -n "$lan_ip" ] && ipset -! -R <<-EOF
|
||||
$(echo $lan_ip | sed -e "s/ /\n/g" | sed -e "s/^/add $IPSET_LANIPLIST /")
|
||||
EOF
|
||||
|
||||
[ -n "$lan_ip6" ] && ipset -! -R <<-EOF
|
||||
$(echo $lan_ip6 | sed -e "s/ /\n/g" | sed -e "s/^/add $IPSET_LANIPLIST_6 /")
|
||||
EOF
|
||||
}
|
||||
|
||||
local ISP_DNS=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort -u | grep -v 0.0.0.0 | grep -v 127.0.0.1)
|
||||
@ -408,16 +522,25 @@ add_firewall_rule() {
|
||||
#echolog " - 追加到白名单:${ispip}"
|
||||
done
|
||||
}
|
||||
|
||||
|
||||
local ISP_DNS6=$(cat $RESOLVFILE 2>/dev/null | grep -E "([A-Fa-f0-9]{0,4}::?){1,7}[A-Fa-f0-9]{1,4}" | awk -F % '{print $1}' | awk -F " " '{print $2}'| sort -u )
|
||||
[ -n "$ISP_DNS" ] && {
|
||||
#echolog "处理 ISP IPv6 DNS 例外..."
|
||||
for ispip6 in $ISP_DNS; do
|
||||
ipset -! add $IPSET_WHITELIST_6 $ispip6 >/dev/null 2>&1 &
|
||||
#echolog " - 追加到白名单:${ispip6}"
|
||||
done
|
||||
}
|
||||
|
||||
# 过滤所有节点IP
|
||||
filter_vpsip > /dev/null 2>&1 &
|
||||
filter_haproxy > /dev/null 2>&1 &
|
||||
|
||||
|
||||
$ipt_n -N PSW
|
||||
$ipt_n -A PSW $(dst $IPSET_LANIPLIST) -j RETURN
|
||||
$ipt_n -A PSW $(dst $IPSET_VPSIPLIST) -j RETURN
|
||||
$ipt_n -A PSW $(dst $IPSET_WHITELIST) -j RETURN
|
||||
|
||||
|
||||
$ipt_n -N PSW_OUTPUT
|
||||
$ipt_n -A PSW_OUTPUT $(dst $IPSET_LANIPLIST) -j RETURN
|
||||
$ipt_n -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST) -j RETURN
|
||||
@ -427,7 +550,7 @@ add_firewall_rule() {
|
||||
$ipt_m -A PSW $(dst $IPSET_LANIPLIST) -j RETURN
|
||||
$ipt_m -A PSW $(dst $IPSET_VPSIPLIST) -j RETURN
|
||||
$ipt_m -A PSW $(dst $IPSET_WHITELIST) -j RETURN
|
||||
|
||||
|
||||
$ipt_m -N PSW_OUTPUT
|
||||
$ipt_m -A PSW_OUTPUT $(dst $IPSET_LANIPLIST) -j RETURN
|
||||
$ipt_m -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST) -j RETURN
|
||||
@ -435,7 +558,48 @@ add_firewall_rule() {
|
||||
|
||||
ip rule add fwmark 1 lookup 100
|
||||
ip route add local 0.0.0.0/0 dev lo table 100
|
||||
|
||||
|
||||
local NODE_TYPE=$(echo $(config_n_get $TCP_NODE type) | tr 'A-Z' 'a-z')
|
||||
local ipv6_tproxy=$(config_t_get global_other ipv6_tproxy 0)
|
||||
|
||||
if [ $NODE_TYPE == "xray" ] && [ $ipv6_tproxy == "1" ]; then
|
||||
PROXY_IPV6=1
|
||||
echolog "节点类型:$NODE_TYPE,开启实验性IPv6透明代理(TProxy)..."
|
||||
else
|
||||
[ $enble_ipv6=="1" ] && echolog "节点类型:$NODE_TYPE,暂不支持IPv6透明代理(TProxy)..."
|
||||
fi
|
||||
|
||||
#$ip6t_n -N PSW
|
||||
#$ip6t_n -A PREROUTING -j PSW
|
||||
|
||||
#$ip6t_n -N PSW_OUTPUT
|
||||
#$ip6t_n -A OUTPUT -p tcp -j PSW_OUTPUT
|
||||
|
||||
$ip6t_m -N PSW
|
||||
$ip6t_m -A PSW $(dst $IPSET_LANIPLIST_6) -j RETURN
|
||||
$ip6t_m -A PSW $(dst $IPSET_VPSIPLIST_6) -j RETURN
|
||||
$ip6t_m -A PSW $(dst $IPSET_WHITELIST_6) -j RETURN
|
||||
$ip6t_m -A PREROUTING -j PSW
|
||||
|
||||
$ip6t_m -N PSW_OUTPUT
|
||||
$ip6t_m -A PSW_OUTPUT $(dst $IPSET_LANIPLIST_6) -j RETURN
|
||||
$ip6t_m -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST_6) -j RETURN
|
||||
$ip6t_m -A PSW_OUTPUT $(dst $IPSET_WHITELIST_6) -j RETURN
|
||||
$ip6t_m -A OUTPUT -p tcp -j PSW_OUTPUT
|
||||
|
||||
ip -6 rule add fwmark 1 table 100
|
||||
ip -6 route add local ::/0 dev lo table 100
|
||||
|
||||
[ -n "$lan_ifname" ] && {
|
||||
lan_ipv6=$(ip address show $lan_ifname | grep -w "inet6" | awk '{print $2}') #当前LAN IPv6段
|
||||
[ -n "$lan_ipv6" ] && {
|
||||
for ip in $lan_ipv6; do
|
||||
$ip6t_m -A PSW -d $ip -j RETURN
|
||||
$ip6t_m -A PSW_OUTPUT -d $ip -j RETURN
|
||||
done
|
||||
}
|
||||
}
|
||||
|
||||
# 加载路由器自身代理 TCP
|
||||
if [ "$TCP_NODE" != "nil" ]; then
|
||||
local ipt_tmp=$ipt_n
|
||||
@ -469,11 +633,18 @@ add_firewall_rule() {
|
||||
$ipt_tmp -A OUTPUT -p tcp -j PSW_OUTPUT
|
||||
[ "$TCP_NO_REDIR_PORTS" != "disable" ] && {
|
||||
$ipt_tmp -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
|
||||
$ip6t_m -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
|
||||
echolog " - [$?]不代理TCP 端口:$TCP_NO_REDIR_PORTS"
|
||||
}
|
||||
$ipt_tmp -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $blist_r
|
||||
$ipt_tmp -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $blist_r
|
||||
$ipt_tmp -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $p_r
|
||||
|
||||
if [ "$PROXY_IPV6" == "1" ]; then
|
||||
$ip6t_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST_6) $(REDIRECT 1 MARK)
|
||||
$ip6t_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST_6) $(REDIRECT 1 MARK)
|
||||
$ip6t_m -A PSW_OUTPUT -p tcp $(factor $TCP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ip6t $LOCALHOST_TCP_PROXY_MODE 1 MARK)
|
||||
fi
|
||||
fi
|
||||
|
||||
local PR_INDEX=$(RULE_LAST_INDEX "$ipt_n" PREROUTING ADBYBY)
|
||||
@ -485,33 +656,14 @@ add_firewall_rule() {
|
||||
PR_INDEX=$((PR_INDEX + 1))
|
||||
$ipt_n -I PREROUTING $PR_INDEX -p tcp -j PSW
|
||||
echolog "使用链表 PREROUTING 排列索引${PR_INDEX}[$?]"
|
||||
|
||||
$ip6t_n -N PSW
|
||||
$ip6t_n -A PREROUTING -j PSW
|
||||
$ip6t_n -N PSW_OUTPUT
|
||||
$ip6t_n -A OUTPUT -p tcp -j PSW_OUTPUT
|
||||
|
||||
$ip6t_m -N PSW
|
||||
$ip6t_m -A PREROUTING -j PSW
|
||||
$ip6t_m -N PSW_OUTPUT
|
||||
$ip6t_m -A OUTPUT -p tcp -j PSW_OUTPUT
|
||||
[ -n "$lan_ifname" ] && {
|
||||
lan_ipv6=$(ip address show $lan_ifname | grep -w "inet6" | awk '{print $2}') #当前LAN IPv6段
|
||||
[ -n "$lan_ipv6" ] && {
|
||||
for ip in $lan_ipv6; do
|
||||
$ip6t_n -A PSW -d $ip -j RETURN
|
||||
$ip6t_n -A PSW_OUTPUT -d $ip -j RETURN
|
||||
done
|
||||
}
|
||||
}
|
||||
|
||||
if [ "$PROXY_IPV6" == "1" ]; then
|
||||
local msg="IPv6 配置不当,无法代理"
|
||||
$ip6t_n -A PSW -p tcp $(REDIRECT $TCP_REDIR_PORT)
|
||||
$ip6t_n -A PSW_OUTPUT -p tcp $(REDIRECT $TCP_REDIR_PORT)
|
||||
msg="${msg},转发 IPv6 TCP 流量到节点[$?]"
|
||||
echolog "$msg"
|
||||
fi
|
||||
|
||||
# if [ "$PROXY_IPV6" == "1" ]; then
|
||||
# local msg="IPv6 配置不当,无法代理"
|
||||
# $ip6t_n -A PSW -p tcp $(REDIRECT $TCP_REDIR_PORT)
|
||||
# $ip6t_n -A PSW_OUTPUT -p tcp $(REDIRECT $TCP_REDIR_PORT)
|
||||
# msg="${msg},转发 IPv6 TCP 流量到节点[$?]"
|
||||
# echolog "$msg"
|
||||
# fi
|
||||
|
||||
# 过滤Socks节点
|
||||
[ "$SOCKS_ENABLED" = "1" ] && {
|
||||
@ -551,7 +703,7 @@ add_firewall_rule() {
|
||||
filter_node $node $stream $port > /dev/null 2>&1 &
|
||||
fi
|
||||
done
|
||||
|
||||
|
||||
# 加载路由器自身代理 UDP
|
||||
if [ "$UDP_NODE" != "nil" ]; then
|
||||
echolog "加载路由器自身 UDP 代理..."
|
||||
@ -577,15 +729,21 @@ add_firewall_rule() {
|
||||
$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST) $(REDIRECT 1 MARK)
|
||||
$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST) $(REDIRECT 1 MARK)
|
||||
$ipt_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ipt $LOCALHOST_UDP_PROXY_MODE 1 MARK)
|
||||
|
||||
if [ "$PROXY_IPV6" == "1" ]; then
|
||||
$ip6t_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_SHUNTLIST_6) $(REDIRECT 1 MARK)
|
||||
$ip6t_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(dst $IPSET_BLACKLIST_6) $(REDIRECT 1 MARK)
|
||||
$ip6t_m -A PSW_OUTPUT -p udp $(factor $UDP_REDIR_PORTS "-m multiport --dport") $(get_redirect_ip6t $LOCALHOST_UDP_PROXY_MODE 1 MARK)
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
$ipt_m -A PREROUTING -j PSW
|
||||
|
||||
|
||||
# 加载ACLS
|
||||
load_acl
|
||||
|
||||
|
||||
# dns_hijack "force"
|
||||
|
||||
|
||||
echolog "防火墙规则加载完成!"
|
||||
}
|
||||
|
||||
@ -606,9 +764,11 @@ del_firewall_rule() {
|
||||
|
||||
$ip6t_m -D PREROUTING -j PSW 2>/dev/null
|
||||
$ip6t_m -D OUTPUT -p tcp -j PSW_OUTPUT 2>/dev/null
|
||||
$ip6t_m -D OUTPUT -p udp -j PSW_OUTPUT 2>/dev/null
|
||||
|
||||
ib_nat_exist=$(expr $ib_nat_exist - 1)
|
||||
done
|
||||
|
||||
fi
|
||||
$ipt_n -F PSW 2>/dev/null && $ipt_n -X PSW 2>/dev/null
|
||||
$ipt_n -F PSW_OUTPUT 2>/dev/null && $ipt_n -X PSW_OUTPUT 2>/dev/null
|
||||
@ -622,17 +782,29 @@ del_firewall_rule() {
|
||||
ip rule del fwmark 1 lookup 100 2>/dev/null
|
||||
ip route del local 0.0.0.0/0 dev lo table 100 2>/dev/null
|
||||
|
||||
ip -6 rule del fwmark 1 table 100 2>/dev/null
|
||||
ip -6 route del local ::/0 dev lo table 100 2>/dev/null
|
||||
|
||||
ipset -F $IPSET_LANIPLIST >/dev/null 2>&1 && ipset -X $IPSET_LANIPLIST >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_VPSIPLIST >/dev/null 2>&1 && ipset -X $IPSET_VPSIPLIST >/dev/null 2>&1 &
|
||||
#ipset -F $IPSET_SHUNTLIST >/dev/null 2>&1 && ipset -X $IPSET_SHUNTLIST >/dev/null 2>&1 &
|
||||
#ipset -F $IPSET_GFW >/dev/null 2>&1 && ipset -X $IPSET_GFW >/dev/null 2>&1 &
|
||||
#ipset -F $IPSET_GFW6 >/dev/null 2>&1 && ipset -X $IPSET_GFW6 >/dev/null 2>&1 &
|
||||
#ipset -F $IPSET_CHN >/dev/null 2>&1 && ipset -X $IPSET_CHN >/dev/null 2>&1 &
|
||||
#ipset -F $IPSET_CHN6 >/dev/null 2>&1 && ipset -X $IPSET_CHN6 >/dev/null 2>&1 &
|
||||
#ipset -F $IPSET_BLACKLIST >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST >/dev/null 2>&1 &
|
||||
#ipset -F $IPSET_BLACKLIST2 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST2 >/dev/null 2>&1 &
|
||||
#ipset -F $IPSET_BLACKLIST3 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST3 >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_WHITELIST >/dev/null 2>&1 && ipset -X $IPSET_WHITELIST >/dev/null 2>&1 &
|
||||
|
||||
ipset -F $IPSET_LANIPLIST_6 >/dev/null 2>&1 && ipset -X $IPSET_LANIPLIST_6 >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_VPSIPLIST_6 >/dev/null 2>&1 && ipset -X $IPSET_VPSIPLIST_6 >/dev/null 2>&1 &
|
||||
#ipset -F $IPSET_SHUNTLIST_6 >/dev/null 2>&1 && ipset -X $IPSET_SHUNTLIST_6 >/dev/null 2>&1 &
|
||||
#ipset -F $IPSET_GFW6 >/dev/null 2>&1 && ipset -X $IPSET_GFW6 >/dev/null 2>&1 &
|
||||
#ipset -F $IPSET_CHN6 >/dev/null 2>&1 && ipset -X $IPSET_CHN6 >/dev/null 2>&1 &
|
||||
#ipset -F $IPSET_BLACKLIST_6 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST_6 >/dev/null 2>&1 &
|
||||
#ipset -F $IPSET_BLACKLIST2_6 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST2_6 >/dev/null 2>&1 &
|
||||
#ipset -F $IPSET_BLACKLIST3_6 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST3_6 >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_WHITELIST_6 >/dev/null 2>&1 && ipset -X $IPSET_WHITELIST_6 >/dev/null 2>&1 &
|
||||
|
||||
echolog "删除相关防火墙规则完成。"
|
||||
}
|
||||
|
||||
@ -641,13 +813,21 @@ flush_ipset() {
|
||||
ipset -F $IPSET_VPSIPLIST >/dev/null 2>&1 && ipset -X $IPSET_VPSIPLIST >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_SHUNTLIST >/dev/null 2>&1 && ipset -X $IPSET_SHUNTLIST >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_GFW >/dev/null 2>&1 && ipset -X $IPSET_GFW >/dev/null 2>&1 &
|
||||
#ipset -F $IPSET_GFW6 >/dev/null 2>&1 && ipset -X $IPSET_GFW6 >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_CHN >/dev/null 2>&1 && ipset -X $IPSET_CHN >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_CHN6 >/dev/null 2>&1 && ipset -X $IPSET_CHN6 >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_BLACKLIST >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_BLACKLIST2 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST2 >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_BLACKLIST3 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST3 >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_WHITELIST >/dev/null 2>&1 && ipset -X $IPSET_WHITELIST >/dev/null 2>&1 &
|
||||
|
||||
ipset -F $IPSET_LANIPLIST_6 >/dev/null 2>&1 && ipset -X $IPSET_LANIPLIST_6 >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_VPSIPLIST_6 >/dev/null 2>&1 && ipset -X $IPSET_VPSIPLIST_6 >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_SHUNTLIST_6 >/dev/null 2>&1 && ipset -X $IPSET_SHUNTLIST_6 >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_GFW6 >/dev/null 2>&1 && ipset -X $IPSET_GFW6 >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_CHN6 >/dev/null 2>&1 && ipset -X $IPSET_CHN6 >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_BLACKLIST_6 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST_6 >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_BLACKLIST2_6 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST2_6 >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_BLACKLIST3_6 >/dev/null 2>&1 && ipset -X $IPSET_BLACKLIST3_6 >/dev/null 2>&1 &
|
||||
ipset -F $IPSET_WHITELIST_6 >/dev/null 2>&1 && ipset -X $IPSET_WHITELIST_6 >/dev/null 2>&1 &
|
||||
}
|
||||
|
||||
flush_include() {
|
||||
|
||||
@ -1,7 +1,9 @@
|
||||
#!/bin/sh
|
||||
|
||||
CONFIG=passwall
|
||||
RUN_BIN_PATH=/var/etc/${CONFIG}/bin
|
||||
TMP_PATH=/var/etc/$CONFIG
|
||||
TMP_BIN_PATH=$TMP_PATH/bin
|
||||
TMP_ID_PATH=$TMP_PATH/id
|
||||
|
||||
config_n_get() {
|
||||
local ret=$(uci -q get $CONFIG.$1.$2 2>/dev/null)
|
||||
@ -23,59 +25,71 @@ ENABLED=$(config_t_get global enabled 0)
|
||||
[ "$ENABLED" != 1 ] && return 1
|
||||
ENABLED=$(config_t_get global_delay start_daemon 0)
|
||||
[ "$ENABLED" != 1 ] && return 1
|
||||
sleep 1m
|
||||
sleep 58s
|
||||
while [ "$ENABLED" -eq 1 ]
|
||||
do
|
||||
#tcp
|
||||
TCP_NODE=$(config_t_get global tcp_node nil)
|
||||
if [ "$TCP_NODE" != "nil" ]; then
|
||||
#kcptun
|
||||
use_kcp=$(config_n_get $TCP_NODE use_kcp 0)
|
||||
if [ $use_kcp -gt 0 ]; then
|
||||
icount=$(top -bn1 | grep -v grep | grep "$RUN_BIN_PATH/kcptun" | grep -i "tcp" | wc -l)
|
||||
#TCP
|
||||
[ -f "$TMP_ID_PATH/TCP" ] && {
|
||||
TCP_NODE=$(cat $TMP_ID_PATH/TCP)
|
||||
if [ "$TCP_NODE" != "nil" ]; then
|
||||
#kcptun
|
||||
use_kcp=$(config_n_get $TCP_NODE use_kcp 0)
|
||||
if [ $use_kcp -gt 0 ]; then
|
||||
icount=$(top -bn1 | grep -v grep | grep "$TMP_BIN_PATH/kcptun" | grep -i "tcp" | wc -l)
|
||||
if [ $icount = 0 ]; then
|
||||
/etc/init.d/$CONFIG restart
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
icount=$(top -bn1 | grep -v -E 'grep|kcptun' | grep "$TMP_BIN_PATH" | grep -i "TCP" | wc -l)
|
||||
if [ $icount = 0 ]; then
|
||||
/etc/init.d/passwall restart
|
||||
/etc/init.d/$CONFIG restart
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
icount=$(top -bn1 | grep -v -E 'grep|kcptun' | grep "$RUN_BIN_PATH" | grep -i "TCP" | wc -l)
|
||||
if [ $icount = 0 ]; then
|
||||
/etc/init.d/passwall restart
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
#udp
|
||||
UDP_NODE=$(config_t_get global udp_node nil)
|
||||
if [ "$UDP_NODE" != "nil" ]; then
|
||||
[ "$UDP_NODE" == "tcp" ] && continue
|
||||
[ "$UDP_NODE" == "tcp_" ] && UDP_NODE=$TCP_NODE1
|
||||
icount=$(top -bn1 | grep -v grep | grep "$RUN_BIN_PATH" | grep -i "UDP" | wc -l)
|
||||
if [ $icount = 0 ]; then
|
||||
/etc/init.d/passwall restart
|
||||
exit 0
|
||||
[ -f "$TMP_ID_PATH/UDP" ] && {
|
||||
UDP_NODE=$(cat $TMP_ID_PATH/UDP)
|
||||
if [ "$UDP_NODE" != "nil" ]; then
|
||||
[ "$UDP_NODE" == "tcp" ] && continue
|
||||
[ "$UDP_NODE" == "tcp_" ] && UDP_NODE=$TCP_NODE
|
||||
icount=$(top -bn1 | grep -v grep | grep "$TMP_BIN_PATH" | grep -i "UDP" | wc -l)
|
||||
if [ $icount = 0 ]; then
|
||||
/etc/init.d/$CONFIG restart
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
#dns
|
||||
dns_mode=$(config_t_get global dns_mode)
|
||||
if [ "$dns_mode" != "nonuse" ] && [ "$dns_mode" != "custom" ]; then
|
||||
icount=$(netstat -apn | grep 7913 | wc -l)
|
||||
if [ $icount = 0 ]; then
|
||||
/etc/init.d/passwall restart
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
|
||||
#haproxy
|
||||
use_haproxy=$(config_t_get global_haproxy balancing_enable 0)
|
||||
if [ $use_haproxy -gt 0 ]; then
|
||||
icount=$(top -bn1 | grep -v grep | grep "$RUN_BIN_PATH/haproxy" | wc -l)
|
||||
if [ $icount = 0 ]; then
|
||||
/etc/init.d/passwall restart
|
||||
/etc/init.d/$CONFIG restart
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
|
||||
sleep 1m
|
||||
[ -f "$TMP_BIN_PATH/chinadns-ng" ] && {
|
||||
icount=$(top -bn1 | grep -v grep | grep $TMP_BIN_PATH/chinadns-ng | wc -l)
|
||||
if [ $icount = 0 ]; then
|
||||
/etc/init.d/$CONFIG restart
|
||||
exit 0
|
||||
fi
|
||||
}
|
||||
|
||||
#haproxy
|
||||
use_haproxy=$(config_t_get global_haproxy balancing_enable 0)
|
||||
if [ $use_haproxy -gt 0 ]; then
|
||||
icount=$(top -bn1 | grep -v grep | grep "$TMP_BIN_PATH/haproxy" | wc -l)
|
||||
if [ $icount = 0 ]; then
|
||||
/etc/init.d/$CONFIG restart
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
|
||||
sleep 58s
|
||||
done
|
||||
|
||||
@ -11,3 +11,8 @@
|
||||
1.0.0.1
|
||||
9.9.9.9
|
||||
149.112.112.112
|
||||
2001:67c:4e8::/48
|
||||
2001:b28:f23c::/48
|
||||
2001:b28:f23d::/48
|
||||
2001:b28:f23f::/48
|
||||
2001:b28:f242::/48
|
||||
@ -70,6 +70,7 @@ do
|
||||
local node_id = t.node
|
||||
CONFIG[#CONFIG + 1] = {
|
||||
log = true,
|
||||
id = t[".name"],
|
||||
remarks = "Socks节点列表[" .. i .. "]",
|
||||
currentNodeId = node_id,
|
||||
currentNode = node_id and ucic2:get_all(application, node_id) or nil,
|
||||
@ -106,7 +107,7 @@ do
|
||||
set = function(o)
|
||||
for kk, vv in pairs(CONFIG) do
|
||||
if (vv.remarks == "TCP备用节点的列表") then
|
||||
log("刷新自动切换的TCP备用节点的列表")
|
||||
--log("刷新自动切换的TCP备用节点的列表")
|
||||
ucic2:set_list(application, "@auto_switch[0]", "tcp_node", vv.new_nodes)
|
||||
end
|
||||
end
|
||||
@ -133,7 +134,7 @@ do
|
||||
|
||||
local default_node_id = node.default_node
|
||||
CONFIG[#CONFIG + 1] = {
|
||||
log = false,
|
||||
log = true,
|
||||
currentNodeId = default_node_id,
|
||||
currentNode = default_node_id and ucic2:get_all(application, default_node_id) or nil,
|
||||
remarks = "分流默认节点",
|
||||
@ -145,7 +146,7 @@ do
|
||||
|
||||
local main_node_id = node.main_node
|
||||
CONFIG[#CONFIG + 1] = {
|
||||
log = false,
|
||||
log = true,
|
||||
currentNodeId = main_node_id,
|
||||
currentNode = main_node_id and ucic2:get_all(application, main_node_id) or nil,
|
||||
remarks = "分流默认前置代理节点",
|
||||
@ -182,7 +183,7 @@ do
|
||||
set = function(o)
|
||||
for kk, vv in pairs(CONFIG) do
|
||||
if (vv.remarks == "负载均衡节点列表" .. node_id) then
|
||||
log("刷新负载均衡节点列表")
|
||||
--log("刷新负载均衡节点列表")
|
||||
ucic2:foreach(application, uciType, function(node2)
|
||||
if node2[".name"] == node[".name"] then
|
||||
local index = node2[".index"]
|
||||
@ -586,31 +587,24 @@ local function curl(url)
|
||||
end
|
||||
|
||||
local function truncate_nodes()
|
||||
local function clear(type)
|
||||
local node_num = ucic2:get(application, "@global_other[0]", type .. "_node_num") or 1
|
||||
for i = 1, node_num, 1 do
|
||||
local node = ucic2:get(application, "@global[0]", type .. "_node" .. i)
|
||||
if node then
|
||||
local is_sub_node = ucic2:get(application, node, "is_sub") or 0
|
||||
if is_sub_node == "1" then
|
||||
ucic2:set(application, '@global[0]', type .. "_node" .. i, "nil")
|
||||
for _, config in pairs(CONFIG) do
|
||||
if config.nodes and type(config.nodes) == "table" then
|
||||
for kk, vv in pairs(config.nodes) do
|
||||
if vv.currentNode.is_sub and vv.currentNode.is_sub == "1" then
|
||||
else
|
||||
vv.set(vv, vv.currentNodeId)
|
||||
end
|
||||
end
|
||||
config.set(config)
|
||||
else
|
||||
if config.currentNode.is_sub and config.currentNode.is_sub == "1" then
|
||||
config.set(config, "nil")
|
||||
if config.id then
|
||||
ucic2:delete(application, config.id)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
clear("tcp")
|
||||
clear("udp")
|
||||
|
||||
ucic2:foreach(application, "socks", function(t)
|
||||
local node = t.node
|
||||
if node then
|
||||
local is_sub_node = ucic2:get(application, node, "is_sub") or 0
|
||||
if is_sub_node == "1" then
|
||||
ucic2:set(application, t[".name"], "node", "nil")
|
||||
end
|
||||
end
|
||||
end)
|
||||
|
||||
ucic2:foreach(application, uciType, function(node)
|
||||
if (node.is_sub or node.hashkey) and node.add_mode ~= '导入' then
|
||||
ucic2:delete(application, node['.name'])
|
||||
@ -624,84 +618,96 @@ end
|
||||
local function select_node(nodes, config)
|
||||
local server
|
||||
if config.currentNode then
|
||||
for id, node in pairs(nodes) do
|
||||
-- 特别优先级 分流 + 备注
|
||||
if config.currentNode.protocol and config.currentNode.protocol == '_shunt' then
|
||||
-- 特别优先级 分流 + 备注
|
||||
if config.currentNode.protocol and config.currentNode.protocol == '_shunt' then
|
||||
for index, node in pairs(nodes) do
|
||||
if node.remarks == config.currentNode.remarks then
|
||||
log('更新【' .. config.remarks .. '】分流匹配节点:' .. node.remarks)
|
||||
server = id
|
||||
server = node[".name"]
|
||||
break
|
||||
end
|
||||
end
|
||||
-- 特别优先级 负载均衡 + 备注
|
||||
if config.currentNode.protocol and config.currentNode.protocol == '_balancing' then
|
||||
end
|
||||
-- 特别优先级 负载均衡 + 备注
|
||||
if config.currentNode.protocol and config.currentNode.protocol == '_balancing' then
|
||||
for index, node in pairs(nodes) do
|
||||
if node.remarks == config.currentNode.remarks then
|
||||
log('更新【' .. config.remarks .. '】负载均衡匹配节点:' .. node.remarks)
|
||||
server = id
|
||||
server = node[".name"]
|
||||
break
|
||||
end
|
||||
end
|
||||
-- 第一优先级 cfgid
|
||||
if not server then
|
||||
if id == config.currentNode['.name'] then
|
||||
end
|
||||
-- 第一优先级 cfgid
|
||||
if not server then
|
||||
for index, node in pairs(nodes) do
|
||||
if node[".name"] == config.currentNode['.name'] then
|
||||
if config.log == nil or config.log == true then
|
||||
log('更新【' .. config.remarks .. '】第一匹配节点:' .. node.remarks)
|
||||
end
|
||||
server = id
|
||||
server = node[".name"]
|
||||
break
|
||||
end
|
||||
end
|
||||
-- 第二优先级 类型 + IP + 端口
|
||||
if not server then
|
||||
end
|
||||
-- 第二优先级 类型 + IP + 端口
|
||||
if not server then
|
||||
for index, node in pairs(nodes) do
|
||||
if config.currentNode.type and config.currentNode.address and config.currentNode.port then
|
||||
if node.type and node.address and node.port then
|
||||
if node.type == config.currentNode.type and (node.address .. ':' .. node.port == config.currentNode.address .. ':' .. config.currentNode.port) then
|
||||
if config.log == nil or config.log == true then
|
||||
log('更新【' .. config.remarks .. '】第二匹配节点:' .. node.remarks)
|
||||
end
|
||||
server = id
|
||||
server = node[".name"]
|
||||
break
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
-- 第三优先级 IP + 端口
|
||||
if not server then
|
||||
end
|
||||
-- 第三优先级 IP + 端口
|
||||
if not server then
|
||||
for index, node in pairs(nodes) do
|
||||
if config.currentNode.address and config.currentNode.port then
|
||||
if node.address and node.port then
|
||||
if node.address .. ':' .. node.port == config.currentNode.address .. ':' .. config.currentNode.port then
|
||||
if config.log == nil or config.log == true then
|
||||
log('更新【' .. config.remarks .. '】第三匹配节点:' .. node.remarks)
|
||||
end
|
||||
server = id
|
||||
server = node[".name"]
|
||||
break
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
-- 第四优先级 IP
|
||||
if not server then
|
||||
end
|
||||
-- 第四优先级 IP
|
||||
if not server then
|
||||
for index, node in pairs(nodes) do
|
||||
if config.currentNode.address then
|
||||
if node.address then
|
||||
if node.address == config.currentNode.address then
|
||||
if config.log == nil or config.log == true then
|
||||
log('更新【' .. config.remarks .. '】第四匹配节点:' .. node.remarks)
|
||||
end
|
||||
server = id
|
||||
server = node[".name"]
|
||||
break
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
-- 第五优先级备注
|
||||
if not server then
|
||||
end
|
||||
-- 第五优先级备注
|
||||
if not server then
|
||||
for index, node in pairs(nodes) do
|
||||
if config.currentNode.remarks then
|
||||
if node.remarks then
|
||||
if node.remarks == config.currentNode.remarks then
|
||||
if config.log == nil or config.log == true then
|
||||
log('更新【' .. config.remarks .. '】第五匹配节点:' .. node.remarks)
|
||||
end
|
||||
server = id
|
||||
server = node[".name"]
|
||||
break
|
||||
end
|
||||
end
|
||||
@ -752,7 +758,7 @@ local function update_node(manual)
|
||||
local nodes = {}
|
||||
local ucic3 = luci.model.uci.cursor()
|
||||
ucic3:foreach(application, uciType, function(node)
|
||||
nodes[node['.name']] = node
|
||||
nodes[#nodes + 1] = node
|
||||
end)
|
||||
|
||||
for _, config in pairs(CONFIG) do
|
||||
|
||||
@ -88,12 +88,13 @@ test_auto_switch() {
|
||||
}
|
||||
else
|
||||
local tmp_port=$(/usr/share/${CONFIG}/app.sh get_new_port 61080 tcp)
|
||||
/usr/share/${CONFIG}/app.sh run_socks "auto_switch" "$main_node" "127.0.0.1" "$tmp_port" "/var/etc/${CONFIG}/auto_switch.json"
|
||||
/usr/share/${CONFIG}/app.sh run_socks "auto_switch" "$main_node" "127.0.0.1" "$tmp_port" "/var/etc/${CONFIG}/test.json"
|
||||
local curlx="socks5h://127.0.0.1:$tmp_port"
|
||||
fi
|
||||
sleep 10s
|
||||
sleep 9s
|
||||
proxy_status=$(test_url "https://www.google.com/generate_204" 3 3 "-x $curlx")
|
||||
top -bn1 | grep -v "grep" | grep "/var/etc/${CONFIG}/auto_switch.json" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1
|
||||
top -bn1 | grep -v "grep" | grep "/var/etc/${CONFIG}/test.json" | awk '{print $1}' | xargs kill -9 >/dev/null 2>&1
|
||||
rm -rf "/var/etc/${CONFIG}/test.json"
|
||||
if [ "$proxy_status" -eq 200 ]; then
|
||||
#主节点正常,切换到主节点
|
||||
echolog "自动切换检测:${TYPE}主节点正常,切换到主节点!"
|
||||
@ -125,7 +126,7 @@ test_auto_switch() {
|
||||
fi
|
||||
fi
|
||||
/usr/share/${CONFIG}/app.sh node_switch ${TYPE} ${new_node}
|
||||
sleep 10s
|
||||
sleep 9s
|
||||
# 切换节点后等待10秒后再检测一次,如果还是不通继续切,直到可用为止
|
||||
status2=$(test_proxy)
|
||||
if [ "$status2" -eq 0 ]; then
|
||||
@ -141,11 +142,12 @@ test_auto_switch() {
|
||||
|
||||
start() {
|
||||
ENABLED=$(config_t_get global enabled 0)
|
||||
[ "$ENABLED" != 1 ] && _return 1
|
||||
[ "$ENABLED" != 1 ] && return 1
|
||||
ENABLED=$(config_t_get auto_switch enable 0)
|
||||
[ "$ENABLED" != 1 ] && _return 1
|
||||
[ "$ENABLED" != 1 ] && return 1
|
||||
delay=$(config_t_get auto_switch testing_time 1)
|
||||
sleep ${delay}m
|
||||
#sleep ${delay}m
|
||||
sleep 9s
|
||||
while [ "$ENABLED" -eq 1 ]
|
||||
do
|
||||
TCP_NODE=$(config_t_get auto_switch tcp_node nil)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user